git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@85 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2003/10/20 09:55:11... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Mon Oct 20 01:57:16 CEST 2003 |
|
2 |
+---------------------------------- |
|
3 |
+ * sigtool: receive digital signature from remote ClamAV Signing Service |
|
4 |
+ * libclamav: small cvd fixes |
|
5 |
+ |
|
1 | 6 |
Fri Oct 17 05:08:22 CEST 2003 (tk) |
2 | 7 |
---------------------------------- |
3 | 8 |
* new Spanish documentation on ClamAV + Sendmail integration by |
... | ... |
@@ -81,7 +81,7 @@ dnl there is now a CREATE_PREFIX_TARGET_H in this file as a shorthand for |
81 | 81 |
dnl PREFIX_CONFIG_H from a target.h file, however w/o the target.h ever created |
82 | 82 |
dnl (the prefix is a bit different, since we add an extra -target- and -host-) |
83 | 83 |
dnl |
84 |
-dnl @version: $Id: aclocal.m4,v 1.7 2003/10/17 03:16:14 kojm Exp $ |
|
84 |
+dnl @version: $Id: aclocal.m4,v 1.8 2003/10/20 00:55:10 kojm Exp $ |
|
85 | 85 |
dnl @author Guido Draheim <guidod@gmx.de> STATUS: used often |
86 | 86 |
|
87 | 87 |
AC_DEFUN([AC_CREATE_TARGET_H], |
... | ... |
@@ -4041,7 +4041,7 @@ dnl AC_COMPILE_CHECK_SIZEOF(ptrdiff_t, $headers) |
4041 | 4041 |
dnl AC_COMPILE_CHECK_SIZEOF(off_t, $headers) |
4042 | 4042 |
dnl |
4043 | 4043 |
dnl @author Kaveh Ghazi <ghazi@caip.rutgers.edu> |
4044 |
-dnl @version $Id: aclocal.m4,v 1.7 2003/10/17 03:16:14 kojm Exp $ |
|
4044 |
+dnl @version $Id: aclocal.m4,v 1.8 2003/10/20 00:55:10 kojm Exp $ |
|
4045 | 4045 |
dnl |
4046 | 4046 |
AC_DEFUN([AC_COMPILE_CHECK_SIZEOF], |
4047 | 4047 |
[changequote(<<, >>)dnl |
... | ... |
@@ -999,6 +999,7 @@ Optional Features: |
999 | 999 |
--disable-libtool-lock avoid locking (might break parallel builds) |
1000 | 1000 |
--disable-bzip2 Disable bzip2 support. |
1001 | 1001 |
--enable-milter Build clamav-milter (if milter library found) |
1002 |
+ --disable-dsig Disable digital signature support. |
|
1002 | 1003 |
--disable-pthreads Disable POSIX threads support |
1003 | 1004 |
--disable-cr Don't link with C reentrant library (BSD) |
1004 | 1005 |
--disable-urandom Disable test for /dev/urandom |
... | ... |
@@ -4534,7 +4535,7 @@ test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes |
4534 | 4534 |
case $host in |
4535 | 4535 |
*-*-irix6*) |
4536 | 4536 |
# Find out which ABI we are using. |
4537 |
- echo '#line 4537 "configure"' > conftest.$ac_ext |
|
4537 |
+ echo '#line 4538 "configure"' > conftest.$ac_ext |
|
4538 | 4538 |
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 |
4539 | 4539 |
(eval $ac_compile) 2>&5 |
4540 | 4540 |
ac_status=$? |
... | ... |
@@ -5070,7 +5071,7 @@ chmod -w . |
5070 | 5070 |
save_CFLAGS="$CFLAGS" |
5071 | 5071 |
CFLAGS="$CFLAGS -o out/conftest2.$ac_objext" |
5072 | 5072 |
compiler_c_o=no |
5073 |
-if { (eval echo configure:5073: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then |
|
5073 |
+if { (eval echo configure:5074: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then |
|
5074 | 5074 |
# The compiler can only warn and ignore the option if not recognized |
5075 | 5075 |
# So say no if there are warnings |
5076 | 5076 |
if test -s out/conftest.err; then |
... | ... |
@@ -6863,7 +6864,7 @@ else |
6863 | 6863 |
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 |
6864 | 6864 |
lt_status=$lt_dlunknown |
6865 | 6865 |
cat > conftest.$ac_ext <<EOF |
6866 |
-#line 6866 "configure" |
|
6866 |
+#line 6867 "configure" |
|
6867 | 6867 |
#include "confdefs.h" |
6868 | 6868 |
|
6869 | 6869 |
#if HAVE_DLFCN_H |
... | ... |
@@ -6961,7 +6962,7 @@ else |
6961 | 6961 |
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 |
6962 | 6962 |
lt_status=$lt_dlunknown |
6963 | 6963 |
cat > conftest.$ac_ext <<EOF |
6964 |
-#line 6964 "configure" |
|
6964 |
+#line 6965 "configure" |
|
6965 | 6965 |
#include "confdefs.h" |
6966 | 6966 |
|
6967 | 6967 |
#if HAVE_DLFCN_H |
... | ... |
@@ -8733,6 +8734,81 @@ else |
8733 | 8733 |
have_milter="no" |
8734 | 8734 |
fi; |
8735 | 8735 |
|
8736 |
+want_dsig="yes" |
|
8737 |
+# Check whether --enable-dsig or --disable-dsig was given. |
|
8738 |
+if test "${enable_dsig+set}" = set; then |
|
8739 |
+ enableval="$enable_dsig" |
|
8740 |
+ want_dsig="no" |
|
8741 |
+fi; |
|
8742 |
+ |
|
8743 |
+if test "$want_dsig" = "yes" |
|
8744 |
+then |
|
8745 |
+ echo "$as_me:$LINENO: checking for __gmpz_init in -lgmp" >&5 |
|
8746 |
+echo $ECHO_N "checking for __gmpz_init in -lgmp... $ECHO_C" >&6 |
|
8747 |
+if test "${ac_cv_lib_gmp___gmpz_init+set}" = set; then |
|
8748 |
+ echo $ECHO_N "(cached) $ECHO_C" >&6 |
|
8749 |
+else |
|
8750 |
+ ac_check_lib_save_LIBS=$LIBS |
|
8751 |
+LIBS="-lgmp $LIBS" |
|
8752 |
+cat >conftest.$ac_ext <<_ACEOF |
|
8753 |
+#line $LINENO "configure" |
|
8754 |
+#include "confdefs.h" |
|
8755 |
+ |
|
8756 |
+/* Override any gcc2 internal prototype to avoid an error. */ |
|
8757 |
+#ifdef __cplusplus |
|
8758 |
+extern "C" |
|
8759 |
+#endif |
|
8760 |
+/* We use char because int might match the return type of a gcc2 |
|
8761 |
+ builtin and then its argument prototype would still apply. */ |
|
8762 |
+char __gmpz_init (); |
|
8763 |
+#ifdef F77_DUMMY_MAIN |
|
8764 |
+# ifdef __cplusplus |
|
8765 |
+ extern "C" |
|
8766 |
+# endif |
|
8767 |
+ int F77_DUMMY_MAIN() { return 1; } |
|
8768 |
+#endif |
|
8769 |
+int |
|
8770 |
+main () |
|
8771 |
+{ |
|
8772 |
+__gmpz_init (); |
|
8773 |
+ ; |
|
8774 |
+ return 0; |
|
8775 |
+} |
|
8776 |
+_ACEOF |
|
8777 |
+rm -f conftest.$ac_objext conftest$ac_exeext |
|
8778 |
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 |
|
8779 |
+ (eval $ac_link) 2>&5 |
|
8780 |
+ ac_status=$? |
|
8781 |
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
|
8782 |
+ (exit $ac_status); } && |
|
8783 |
+ { ac_try='test -s conftest$ac_exeext' |
|
8784 |
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 |
|
8785 |
+ (eval $ac_try) 2>&5 |
|
8786 |
+ ac_status=$? |
|
8787 |
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
|
8788 |
+ (exit $ac_status); }; }; then |
|
8789 |
+ ac_cv_lib_gmp___gmpz_init=yes |
|
8790 |
+else |
|
8791 |
+ echo "$as_me: failed program was:" >&5 |
|
8792 |
+cat conftest.$ac_ext >&5 |
|
8793 |
+ac_cv_lib_gmp___gmpz_init=no |
|
8794 |
+fi |
|
8795 |
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext |
|
8796 |
+LIBS=$ac_check_lib_save_LIBS |
|
8797 |
+fi |
|
8798 |
+echo "$as_me:$LINENO: result: $ac_cv_lib_gmp___gmpz_init" >&5 |
|
8799 |
+echo "${ECHO_T}$ac_cv_lib_gmp___gmpz_init" >&6 |
|
8800 |
+if test $ac_cv_lib_gmp___gmpz_init = yes; then |
|
8801 |
+ LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS -lgmp"; cat >>confdefs.h <<\_ACEOF |
|
8802 |
+#define HAVE_GMP 1 |
|
8803 |
+_ACEOF |
|
8804 |
+ |
|
8805 |
+else |
|
8806 |
+ echo "WARNING: GNU MP 3 or newer NOT FOUND - digital signature support will be disabled !"; want_dsig="no" |
|
8807 |
+fi |
|
8808 |
+ |
|
8809 |
+fi |
|
8810 |
+ |
|
8736 | 8811 |
if test "${ac_cv_header_syslog_h+set}" = set; then |
8737 | 8812 |
echo "$as_me:$LINENO: checking for syslog.h" >&5 |
8738 | 8813 |
echo $ECHO_N "checking for syslog.h... $ECHO_C" >&6 |
... | ... |
@@ -81,6 +81,16 @@ AC_ARG_ENABLE(milter, |
81 | 81 |
[ --enable-milter Build clamav-milter (if milter library found)], |
82 | 82 |
,have_milter="no") |
83 | 83 |
|
84 |
+want_dsig="yes" |
|
85 |
+AC_ARG_ENABLE(dsig, |
|
86 |
+[ --disable-dsig Disable digital signature support.], |
|
87 |
+want_dsig="no",) |
|
88 |
+ |
|
89 |
+if test "$want_dsig" = "yes" |
|
90 |
+then |
|
91 |
+ AC_CHECK_LIB(gmp, __gmpz_init, [LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS -lgmp"; AC_DEFINE(HAVE_GMP)], [echo "WARNING: GNU MP 3 or newer NOT FOUND - digital signature support will be disabled !"; want_dsig="no"]) |
|
92 |
+fi |
|
93 |
+ |
|
84 | 94 |
AC_CHECK_HEADER(syslog.h,AC_DEFINE(CLAMD_USE_SYSLOG),) |
85 | 95 |
|
86 | 96 |
dnl AC_CHECK_LIB(c, strtok_r,, AC_DEFINE(NO_STRTOK_R)) |
... | ... |
@@ -106,7 +106,10 @@ int cli_versig(const char *md5, const char *dsig) |
106 | 106 |
|
107 | 107 |
mpz_init_set_str(n, cli_nstr, 10); |
108 | 108 |
mpz_init_set_str(e, cli_estr, 10); |
109 |
- pt = cli_decodesig(dsig, 16, e, n); |
|
109 |
+ |
|
110 |
+ if(!(pt = cli_decodesig(dsig, 16, e, n))) |
|
111 |
+ return CL_EDSIG; |
|
112 |
+ |
|
110 | 113 |
pt2 = cl_str2hex(pt, 16); |
111 | 114 |
free(pt); |
112 | 115 |
|
... | ... |
@@ -179,8 +179,6 @@ int cl_loaddbdir(const char *dirname, struct cl_node **root, int *virnum) |
179 | 179 |
char *dbfile; |
180 | 180 |
int ret; |
181 | 181 |
|
182 |
- if(virnum != NULL) |
|
183 |
- *virnum = 0; |
|
184 | 182 |
|
185 | 183 |
if((dd = opendir(dirname)) == NULL) { |
186 | 184 |
cli_errmsg("cl_loaddbdir(): Can't open directory %s\n", dirname); |
... | ... |
@@ -38,7 +38,7 @@ int main(int argc, char **argv) |
38 | 38 |
int ret, opt_index, i, len; |
39 | 39 |
struct optstruct *opt; |
40 | 40 |
|
41 |
- const char *getopt_parameters = "hvVc:s:f:b:i:"; |
|
41 |
+ const char *getopt_parameters = "hvVc:s:f:b:i:s:"; |
|
42 | 42 |
|
43 | 43 |
static struct option long_options[] = { |
44 | 44 |
{"help", 0, 0, 'h'}, |
... | ... |
@@ -53,6 +53,7 @@ int main(int argc, char **argv) |
53 | 53 |
{"string", 1, 0, 's'}, |
54 | 54 |
{"file", 1, 0, 'f'}, |
55 | 55 |
{"build", 1, 0, 'b'}, |
56 |
+ {"server", 1, 0, 's'}, |
|
56 | 57 |
{"info", 1, 0, 'i'}, |
57 | 58 |
{0, 0, 0, 0} |
58 | 59 |
}; |
... | ... |
@@ -25,6 +25,11 @@ |
25 | 25 |
#include <zlib.h> |
26 | 26 |
#include <time.h> |
27 | 27 |
#include <locale.h> |
28 |
+#include <sys/types.h> |
|
29 |
+#include <sys/socket.h> |
|
30 |
+#include <sys/un.h> |
|
31 |
+#include <netinet/in.h> |
|
32 |
+#include <arpa/inet.h> |
|
28 | 33 |
#include <clamav.h> |
29 | 34 |
|
30 | 35 |
#include "options.h" |
... | ... |
@@ -38,6 +43,8 @@ |
38 | 38 |
#define MAX_LENGTH 200 |
39 | 39 |
|
40 | 40 |
void help(void); |
41 |
+char *getdsig(const char *host, const char *user, const char *data); |
|
42 |
+void cvdinfo(struct optstruct *opt); |
|
41 | 43 |
|
42 | 44 |
int scanfile(const char *cmd, const char *str, const char *file) |
43 | 45 |
{ |
... | ... |
@@ -183,6 +190,10 @@ void sigtool(struct optstruct *opt) |
183 | 183 |
} |
184 | 184 |
|
185 | 185 |
} else if(optc(opt, 'b')) { |
186 |
+ if(!optc(opt, 's')) { |
|
187 |
+ mprintf("!--server, -s is required in this mode\n"); |
|
188 |
+ exit(10); |
|
189 |
+ } |
|
186 | 190 |
|
187 | 191 |
build(opt); |
188 | 192 |
|
... | ... |
@@ -429,7 +440,7 @@ int build(struct optstruct *opt) |
429 | 429 |
char buffer[BUFFSIZE], *tarfile = NULL, *gzfile = NULL, header[257], |
430 | 430 |
smbuff[25], *pt; |
431 | 431 |
struct cl_node *root = NULL; |
432 |
- FILE *tar, *cvd; |
|
432 |
+ FILE *tar, *cvd, *fd; |
|
433 | 433 |
gzFile *gz; |
434 | 434 |
time_t timet; |
435 | 435 |
struct tm *brokent; |
... | ... |
@@ -534,6 +545,7 @@ int build(struct optstruct *opt) |
534 | 534 |
strcat(header, smbuff); |
535 | 535 |
|
536 | 536 |
/* number of signatures */ |
537 |
+ //FIXME: THIS IS WRONG |
|
537 | 538 |
sprintf(smbuff, "%d:", no); |
538 | 539 |
strcat(header, smbuff); |
539 | 540 |
|
... | ... |
@@ -544,15 +556,28 @@ int build(struct optstruct *opt) |
544 | 544 |
/* MD5 */ |
545 | 545 |
pt = cl_md5file(gzfile); |
546 | 546 |
strcat(header, pt); |
547 |
+ free(pt); |
|
547 | 548 |
strcat(header, ":"); |
548 | 549 |
|
550 |
+ /* builder - question */ |
|
551 |
+ fflush(stdin); |
|
552 |
+ mprintf("Builder id: "); |
|
553 |
+ fscanf(stdin, "%s", &smbuff); |
|
554 |
+ |
|
549 | 555 |
/* digital signature */ |
556 |
+ fd = fopen(gzfile, "rb"); |
|
557 |
+ __md5_stream(fd, &buffer); |
|
558 |
+ fclose(fd); |
|
559 |
+ if(!(pt = getdsig(getargc(opt, 's'), smbuff, buffer))) { |
|
560 |
+ mprintf("No digital signature - no CVD file...\n"); |
|
561 |
+ exit(1); |
|
562 |
+ } |
|
563 |
+ |
|
564 |
+ strcat(header, pt); |
|
565 |
+ free(pt); |
|
550 | 566 |
strcat(header, ":"); |
551 | 567 |
|
552 |
- /* builder */ |
|
553 |
- fflush(stdin); |
|
554 |
- mprintf("Builder name: "); |
|
555 |
- fscanf(stdin, "%s:", &smbuff); |
|
568 |
+ /* builder - add */ |
|
556 | 569 |
strcat(header, smbuff); |
557 | 570 |
|
558 | 571 |
/* fill up with spaces */ |
... | ... |
@@ -645,6 +670,72 @@ void help(void) |
645 | 645 |
mprintf(" --file -f infected file\n"); |
646 | 646 |
mprintf(" --info FILE -i FILE print database information\n"); |
647 | 647 |
mprintf(" --build NAME -b NAME Build database\n"); |
648 |
+ mprintf(" --server ADDR -s ADDR ClamAV Signing Service address\n"); |
|
648 | 649 |
|
649 | 650 |
exit(0); |
650 | 651 |
} |
652 |
+ |
|
653 |
+char *getdsig(const char *host, const char *user, const char *data) |
|
654 |
+{ |
|
655 |
+ char buff[300], cmd[100], *pass, *pt; |
|
656 |
+ struct sockaddr_in server; |
|
657 |
+ struct cfgstruct *copt, *cpt; |
|
658 |
+ int sockd, bread, len; |
|
659 |
+ |
|
660 |
+ |
|
661 |
+#ifdef PF_INET |
|
662 |
+ if((sockd = socket(PF_INET, SOCK_STREAM, 0)) < 0) { |
|
663 |
+#else |
|
664 |
+ if((sockd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { |
|
665 |
+#endif |
|
666 |
+ perror("socket()"); |
|
667 |
+ mprintf("!Can't create the socket.\n"); |
|
668 |
+ return NULL; |
|
669 |
+ } |
|
670 |
+ |
|
671 |
+ server.sin_family = AF_INET; |
|
672 |
+ server.sin_addr.s_addr = inet_addr(host); |
|
673 |
+ server.sin_port = htons(33101); |
|
674 |
+ |
|
675 |
+ if(connect(sockd, (struct sockaddr *) &server, sizeof(struct sockaddr_in)) < 0) { |
|
676 |
+ close(sockd); |
|
677 |
+ perror("connect()"); |
|
678 |
+ mprintf("!Can't connect to ClamAV Signing Service at %s.\n", host); |
|
679 |
+ return NULL; |
|
680 |
+ } |
|
681 |
+ |
|
682 |
+ memset(cmd, 0, sizeof(cmd)); |
|
683 |
+ pass = getpass("Password:"); |
|
684 |
+ sprintf(cmd, "ClamSign:%s:%s:", user, pass); |
|
685 |
+ len = strlen(cmd); |
|
686 |
+ pt = cmd; |
|
687 |
+ pt += len; |
|
688 |
+ memcpy(pt, data, 16); |
|
689 |
+ len += 16; |
|
690 |
+ |
|
691 |
+ if(write(sockd, cmd, len) < 0) { |
|
692 |
+ mprintf("!Can't write to the socket.\n"); |
|
693 |
+ close(sockd); |
|
694 |
+ memset(cmd, 0, len); |
|
695 |
+ memset(pass, 0, strlen(pass)); |
|
696 |
+ return NULL; |
|
697 |
+ } |
|
698 |
+ |
|
699 |
+ memset(cmd, 0, len); |
|
700 |
+ memset(pass, 0, strlen(pass)); |
|
701 |
+ |
|
702 |
+ memset(buff, 0, sizeof(buff)); |
|
703 |
+ if((bread = read(sockd, buff, sizeof(buff))) > 0) |
|
704 |
+ if(!strstr(buff, "Signature:")) { |
|
705 |
+ mprintf("!Signature generation error.\n"); |
|
706 |
+ mprintf("ClamAV SDaemon: %s.\n", buff); |
|
707 |
+ close(sockd); |
|
708 |
+ return NULL; |
|
709 |
+ } else |
|
710 |
+ mprintf("Signature received (length = %d).\n", strlen(buff) - 10); |
|
711 |
+ |
|
712 |
+ close(sockd); |
|
713 |
+ pt = buff; |
|
714 |
+ pt += 10; |
|
715 |
+ return strdup(pt); |
|
716 |
+} |