git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@308 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/02/19 19:02:11... | ... |
@@ -1,3 +1,9 @@ |
1 |
+Thu Feb 19 10:05:39 GMT 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * clamav-milter: Reworked TCPwrappers code thanks to |
|
4 |
+ "Hector M. Rulot Segovia" <Hector.Rulot@uv.es> |
|
5 |
+ Changed some printf/puts to cli_dbgmsg |
|
6 |
+ |
|
1 | 7 |
Wed Feb 18 13:35:59 GMT 2004 (njh) |
2 | 8 |
---------------------------------- |
3 | 9 |
* libclamav: Handle buffer overflows on files with long suffixes |
... | ... |
@@ -229,6 +229,9 @@ Changes |
229 | 229 |
0.67b 17/2/04 Removed compilation warning - now compiles on FreeBSD5.2 |
230 | 230 |
Don't allow --force to overwride TCPwrappers |
231 | 231 |
0.67c 18/2/04 Added dont-log-clean flag |
232 |
+0.67d 19/2/04 Reworked TCPwrappers code |
|
233 |
+ Thanks to "Hector M. Rulot Segovia" <Hector.Rulot@uv.es> |
|
234 |
+ Changed some printf/puts to cli_dbgmsg |
|
232 | 235 |
|
233 | 236 |
BUG REPORTS |
234 | 237 |
|
... | ... |
@@ -232,9 +232,15 @@ |
232 | 232 |
* 0.67b 17/2/04 Removed compilation warning - now compiles on FreeBSD5.2 |
233 | 233 |
* Don't allow --force to overwride TCPwrappers |
234 | 234 |
* 0.67c 18/2/04 Added dont-log-clean flag |
235 |
+ * 0.67d 19/2/04 Reworked TCPwrappers code |
|
236 |
+ * Thanks to "Hector M. Rulot Segovia" <Hector.Rulot@uv.es> |
|
237 |
+ * Changed some printf/puts to cli_dbgmsg |
|
235 | 238 |
* |
236 | 239 |
* Change History: |
237 | 240 |
* $Log: clamav-milter.c,v $ |
241 |
+ * Revision 1.50 2004/02/19 10:00:26 nigelhorne |
|
242 |
+ * Rework TCPWrappers support |
|
243 |
+ * |
|
238 | 244 |
* Revision 1.49 2004/02/18 13:30:34 nigelhorne |
239 | 245 |
* Added dont-long-clean argument |
240 | 246 |
* |
... | ... |
@@ -367,9 +373,9 @@ |
367 | 367 |
* Revision 1.6 2003/09/28 16:37:23 nigelhorne |
368 | 368 |
* Added -f flag use MaxThreads if --max-children not set |
369 | 369 |
*/ |
370 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.49 2004/02/18 13:30:34 nigelhorne Exp $"; |
|
370 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.50 2004/02/19 10:00:26 nigelhorne Exp $"; |
|
371 | 371 |
|
372 |
-#define CM_VERSION "0.67c" |
|
372 |
+#define CM_VERSION "0.67d" |
|
373 | 373 |
|
374 | 374 |
/*#define CONFDIR "/usr/local/etc"*/ |
375 | 375 |
|
... | ... |
@@ -418,6 +424,10 @@ static char const rcsid[] = "$Id: clamav-milter.c,v 1.49 2004/02/18 13:30:34 nig |
418 | 418 |
|
419 | 419 |
#ifdef WITH_TCPWRAP |
420 | 420 |
#include <tcpd.h> |
421 |
+ |
|
422 |
+int allow_severity = LOG_DEBUG; |
|
423 |
+int deny_severity = LOG_ERR; |
|
424 |
+ |
|
421 | 425 |
#endif |
422 | 426 |
|
423 | 427 |
#if defined(CL_DEBUG) && defined(C_LINUX) |
... | ... |
@@ -1086,7 +1096,7 @@ main(int argc, char **argv) |
1086 | 1086 |
} |
1087 | 1087 |
|
1088 | 1088 |
if(smfi_register(smfilter) == MI_FAILURE) { |
1089 |
- fputs("smfi_register failure\n", stderr); |
|
1089 |
+ cli_errmsg("smfi_register failure\n"); |
|
1090 | 1090 |
return EX_UNAVAILABLE; |
1091 | 1091 |
} |
1092 | 1092 |
|
... | ... |
@@ -1300,9 +1310,14 @@ findServer(void) |
1300 | 1300 |
static sfsistat |
1301 | 1301 |
clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) |
1302 | 1302 |
{ |
1303 |
- char buf[INET_ADDRSTRLEN]; /* IPv4 only */ |
|
1303 |
+ char ip[INET_ADDRSTRLEN]; /* IPv4 only */ |
|
1304 | 1304 |
char *remoteIP; |
1305 | 1305 |
|
1306 |
+#ifdef WITH_TCPWRAP |
|
1307 |
+ const char *hostmail; |
|
1308 |
+ const struct hostent *hp = NULL; |
|
1309 |
+#endif |
|
1310 |
+ |
|
1306 | 1311 |
if(hostname == NULL) { |
1307 | 1312 |
if(use_syslog) |
1308 | 1313 |
syslog(LOG_ERR, "clamfi_connect: hostname is null"); |
... | ... |
@@ -1314,7 +1329,7 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) |
1314 | 1314 |
return cl_error; |
1315 | 1315 |
} |
1316 | 1316 |
|
1317 |
- remoteIP = (char *)inet_ntop(AF_INET, &((struct sockaddr_in *)(hostaddr))->sin_addr, buf, sizeof(buf)); |
|
1317 |
+ remoteIP = (char *)inet_ntop(AF_INET, &((struct sockaddr_in *)(hostaddr))->sin_addr, ip, sizeof(ip)); |
|
1318 | 1318 |
|
1319 | 1319 |
if(remoteIP == NULL) { |
1320 | 1320 |
if(use_syslog) |
... | ... |
@@ -1326,7 +1341,7 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) |
1326 | 1326 |
if(debug_level >= 4) { |
1327 | 1327 |
if(use_syslog) |
1328 | 1328 |
syslog(LOG_NOTICE, "clamfi_connect: connection from %s [%s]", hostname, remoteIP); |
1329 |
- printf("clamfi_connect: connection from %s [%s]\n", hostname, remoteIP); |
|
1329 |
+ cli_dbgmsg("clamfi_connect: connection from %s [%s]\n", hostname, remoteIP); |
|
1330 | 1330 |
} |
1331 | 1331 |
#endif |
1332 | 1332 |
|
... | ... |
@@ -1334,12 +1349,26 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) |
1334 | 1334 |
/* |
1335 | 1335 |
* Support /etc/hosts.allow and /etc/hosts.deny |
1336 | 1336 |
*/ |
1337 |
- if(!hosts_ctl("clamav-milter", hostname, remoteIP, STRING_UNKNOWN)) { |
|
1337 |
+ if((hostmail = smfi_getsymval(ctx, "{if_name}")) == NULL) { |
|
1338 |
+ if(use_syslog) |
|
1339 |
+ syslog(LOG_WARNING, "Can't get sendmail hostname"); |
|
1340 |
+ hostmail = "unknown"; |
|
1341 |
+ } |
|
1342 |
+ |
|
1343 |
+ if((hp = gethostbyname(hostmail)) == NULL) { |
|
1344 |
+ if(use_syslog) |
|
1345 |
+ syslog(LOG_WARNING, "Access Denied: Host Unknown (%s)", hostname); |
|
1346 |
+ return SMFIS_TEMPFAIL; |
|
1347 |
+ } |
|
1348 |
+ |
|
1349 |
+ strcpy(ip, (char *)inet_ntoa(*(struct in_addr *)hp->h_addr)); |
|
1350 |
+ |
|
1351 |
+ /* |
|
1352 |
+ * Ask is this is a allowed name or IP number |
|
1353 |
+ */ |
|
1354 |
+ if(!hosts_ctl("clamav-milter", hp->h_name, ip, STRING_UNKNOWN)) { |
|
1338 | 1355 |
if(use_syslog) |
1339 |
- syslog(LOG_WARNING, |
|
1340 |
- "Access to clamav-milter denied for %s[%s]", |
|
1341 |
- hostname, |
|
1342 |
- remoteIP); |
|
1356 |
+ syslog(LOG_WARNING, "Access Denied for %s[%s]", hp->h_name, ip); |
|
1343 | 1357 |
return SMFIS_TEMPFAIL; |
1344 | 1358 |
} |
1345 | 1359 |
#endif |
... | ... |
@@ -1356,7 +1385,7 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) |
1356 | 1356 |
#ifdef CL_DEBUG |
1357 | 1357 |
if(use_syslog) |
1358 | 1358 |
syslog(LOG_DEBUG, "clamfi_connect: not scanning outgoing messages"); |
1359 |
- puts("clamfi_connect: not scanning outgoing messages"); |
|
1359 |
+ cli_dbgmsg("clamfi_connect: not scanning outgoing messages"); |
|
1360 | 1360 |
#endif |
1361 | 1361 |
return SMFIS_ACCEPT; |
1362 | 1362 |
} |
... | ... |
@@ -1394,7 +1423,7 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) |
1394 | 1394 |
#ifdef CL_DEBUG |
1395 | 1395 |
if(use_syslog) |
1396 | 1396 |
syslog(LOG_DEBUG, "clamfi_connect: not scanning local messages"); |
1397 |
- puts("clamfi_connect: not scanning outgoing messages"); |
|
1397 |
+ cli_dbgmsg("clamfi_connect: not scanning outgoing messages"); |
|
1398 | 1398 |
#endif |
1399 | 1399 |
return SMFIS_ACCEPT; |
1400 | 1400 |
} |
... | ... |
@@ -1468,8 +1497,8 @@ clamfi_envfrom(SMFICTX *ctx, char **argv) |
1468 | 1468 |
#ifdef CL_DEBUG |
1469 | 1469 |
if(use_syslog) |
1470 | 1470 |
syslog(LOG_NOTICE, "Timeout waiting for a child to die"); |
1471 |
- puts("Timeout waiting for a child to die"); |
|
1472 | 1471 |
#endif |
1472 |
+ cli_dbgmsg("Timeout waiting for a child to die"); |
|
1473 | 1473 |
} |
1474 | 1474 |
} |
1475 | 1475 |
|
... | ... |
@@ -1696,7 +1725,7 @@ clamfi_header(SMFICTX *ctx, char *headerf, char *headerv) |
1696 | 1696 |
if(debug_level >= 9) |
1697 | 1697 |
printf("clamfi_header: %s: %s\n", headerf, headerv); |
1698 | 1698 |
else |
1699 |
- puts("clamfi_header"); |
|
1699 |
+ cli_dbgmsg("clamfi_header"); |
|
1700 | 1700 |
#endif |
1701 | 1701 |
|
1702 | 1702 |
if(clamfi_send(privdata, 0, "%s: %s\n", headerf, headerv) < 0) { |
... | ... |
@@ -1719,7 +1748,7 @@ clamfi_eoh(SMFICTX *ctx) |
1719 | 1719 |
if(logVerbose) |
1720 | 1720 |
syslog(LOG_DEBUG, "clamfi_eoh"); |
1721 | 1721 |
#ifdef CL_DEBUG |
1722 |
- puts("clamfi_eoh"); |
|
1722 |
+ cli_dbgmsg("clamfi_eoh"); |
|
1723 | 1723 |
#endif |
1724 | 1724 |
|
1725 | 1725 |
if(clamfi_send(privdata, 1, "\n") < 0) { |
... | ... |
@@ -1764,7 +1793,7 @@ clamfi_eoh(SMFICTX *ctx) |
1764 | 1764 |
if(use_syslog) |
1765 | 1765 |
syslog(LOG_NOTICE, "clamfi_connect: ignoring whitelisted message"); |
1766 | 1766 |
#ifdef CL_DEBUG |
1767 |
- puts("clamfi_connect: not scanning outgoing messages"); |
|
1767 |
+ cli_dbgmsg("clamfi_connect: not scanning outgoing messages"); |
|
1768 | 1768 |
#endif |
1769 | 1769 |
clamfi_cleanup(ctx); |
1770 | 1770 |
|
... | ... |
@@ -1813,7 +1842,7 @@ clamfi_eom(SMFICTX *ctx) |
1813 | 1813 |
if(logVerbose) |
1814 | 1814 |
syslog(LOG_DEBUG, "clamfi_eom"); |
1815 | 1815 |
#ifdef CL_DEBUG |
1816 |
- puts("clamfi_eom"); |
|
1816 |
+ cli_dbgmsg("clamfi_eom"); |
|
1817 | 1817 |
assert(privdata != NULL); |
1818 | 1818 |
assert((privdata->cmdSocket >= 0) || (privdata->filename != NULL)); |
1819 | 1819 |
assert(!((privdata->cmdSocket >= 0) && (privdata->filename != NULL))); |
... | ... |
@@ -1876,7 +1905,7 @@ clamfi_eom(SMFICTX *ctx) |
1876 | 1876 |
clamfi_cleanup(ctx); |
1877 | 1877 |
syslog(LOG_NOTICE, "clamfi_eom: read nothing from clamd"); |
1878 | 1878 |
#ifdef CL_DEBUG |
1879 |
- puts("clamfi_eom: read nothing from clamd"); |
|
1879 |
+ cli_dbgmsg("clamfi_eom: read nothing from clamd"); |
|
1880 | 1880 |
#endif |
1881 | 1881 |
return cl_error; |
1882 | 1882 |
} |
... | ... |
@@ -1957,7 +1986,7 @@ clamfi_eom(SMFICTX *ctx) |
1957 | 1957 |
smfi_getsymval(ctx, "i"), |
1958 | 1958 |
err); |
1959 | 1959 |
#ifdef CL_DEBUG |
1960 |
- puts(err); |
|
1960 |
+ cli_dbgmsg(err); |
|
1961 | 1961 |
#endif |
1962 | 1962 |
free(err); |
1963 | 1963 |
|
... | ... |
@@ -2080,7 +2109,7 @@ clamfi_abort(SMFICTX *ctx) |
2080 | 2080 |
#ifdef CL_DEBUG |
2081 | 2081 |
if(use_syslog) |
2082 | 2082 |
syslog(LOG_DEBUG, "clamfi_abort"); |
2083 |
- puts("clamfi_abort"); |
|
2083 |
+ cli_dbgmsg("clamfi_abort"); |
|
2084 | 2084 |
#endif |
2085 | 2085 |
|
2086 | 2086 |
/* |
... | ... |
@@ -2102,7 +2131,7 @@ clamfi_close(SMFICTX *ctx) |
2102 | 2102 |
#ifdef CL_DEBUG |
2103 | 2103 |
struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx); |
2104 | 2104 |
|
2105 |
- puts("clamfi_close"); |
|
2105 |
+ cli_dbgmsg("clamfi_close"); |
|
2106 | 2106 |
assert(privdata == NULL); |
2107 | 2107 |
#endif |
2108 | 2108 |
|
... | ... |
@@ -2145,7 +2174,7 @@ clamfi_free(struct privdata *privdata) |
2145 | 2145 |
if(privdata->from) { |
2146 | 2146 |
#ifdef CL_DEBUG |
2147 | 2147 |
if(debug_level >= 9) |
2148 |
- puts("Free privdata->from"); |
|
2148 |
+ cli_dbgmsg("Free privdata->from"); |
|
2149 | 2149 |
#endif |
2150 | 2150 |
free(privdata->from); |
2151 | 2151 |
privdata->from = NULL; |
... | ... |
@@ -2157,13 +2186,13 @@ clamfi_free(struct privdata *privdata) |
2157 | 2157 |
for(to = privdata->to; *to; to++) { |
2158 | 2158 |
#ifdef CL_DEBUG |
2159 | 2159 |
if(debug_level >= 9) |
2160 |
- puts("Free *privdata->to"); |
|
2160 |
+ cli_dbgmsg("Free *privdata->to"); |
|
2161 | 2161 |
#endif |
2162 | 2162 |
free(*to); |
2163 | 2163 |
} |
2164 | 2164 |
#ifdef CL_DEBUG |
2165 | 2165 |
if(debug_level >= 9) |
2166 |
- puts("Free privdata->to"); |
|
2166 |
+ cli_dbgmsg("Free privdata->to"); |
|
2167 | 2167 |
#endif |
2168 | 2168 |
free(privdata->to); |
2169 | 2169 |
privdata->to = NULL; |
... | ... |
@@ -2185,7 +2214,7 @@ clamfi_free(struct privdata *privdata) |
2185 | 2185 |
|
2186 | 2186 |
#ifdef CL_DEBUG |
2187 | 2187 |
if(debug_level >= 9) |
2188 |
- puts("Free privdata"); |
|
2188 |
+ cli_dbgmsg("Free privdata"); |
|
2189 | 2189 |
#endif |
2190 | 2190 |
free(privdata); |
2191 | 2191 |
} |
... | ... |
@@ -2198,11 +2227,11 @@ clamfi_free(struct privdata *privdata) |
2198 | 2198 |
if(n_children > 0) |
2199 | 2199 |
--n_children; |
2200 | 2200 |
#ifdef CL_DEBUG |
2201 |
- puts("pthread_cond_broadcast"); |
|
2201 |
+ cli_dbgmsg("pthread_cond_broadcast"); |
|
2202 | 2202 |
#endif |
2203 | 2203 |
pthread_cond_broadcast(&n_children_cond); |
2204 | 2204 |
#ifdef CL_DEBUG |
2205 |
- printf("<n_children = %d\n", n_children); |
|
2205 |
+ cli_dbgmsg("<n_children = %d\n", n_children); |
|
2206 | 2206 |
#endif |
2207 | 2207 |
pthread_mutex_unlock(&n_children_mutex); |
2208 | 2208 |
} |