@@ -36,14 +36,14 @@ clamonacc_SOURCES = \

     $(top_srcdir)/shared/getopt.h \

     $(top_srcdir)/shared/actions.c \

     $(top_srcdir)/shared/actions.h \

-    $(top_srcdir)/shared/clamdcom.c \

-    $(top_srcdir)/shared/clamdcom.h \

     $(top_srcdir)/shared/priv-fts.h \

     clamonacc.c \

     ./client/onaccess_client.c \

     ./client/onaccess_client.h \

     ./client/onaccess_proto.c \

     ./client/onaccess_proto.h \

+    ./client/onaccess_com.c \

+    ./client/onaccess_com.h \

     ./inotif/onaccess_ddd.c \

     ./inotif/onaccess_ddd.h \

     ./fanotif/onaccess_fan.c \

@@ -64,8 +64,8 @@ AM_CFLAGS=@WERR_CFLAGS@

 endif

 DEFS = @DEFS@ -DCL_NOLIBCLAMAV

-LIBS = $(top_builddir)/libclamav/libclamav_internal_utils.la  @CLAMONACC_LIBS@ @THREAD_LIBS@

-AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/clamd -I$(top_srcdir)/shared -I$(top_srcdir)/libclamav @SSL_CPPFLAGS@ @CLAMONACC_CPPFLAGS@ @JSON_CPPFLAGS@ @PCRE_CPPFLAGS@

+LIBS = $(top_builddir)/libclamav/libclamav_internal_utils.la @CURL_LDFLAGS@ @CURL_LIBS@ @CLAMONACC_LIBS@ @THREAD_LIBS@

+AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/clamd -I$(top_srcdir)/shared -I$(top_srcdir)/libclamav @CURL_CPPFLAGS@ @SSL_CPPFLAGS@ @CLAMONACC_CPPFLAGS@ @JSON_CPPFLAGS@ @PCRE_CPPFLAGS@

 AM_INSTALLCHECK_STD_OPTIONS_EXEMPT=clamonacc$(EXEEXT)

 CLEANFILES=*.gcda *.gcno

@@ -159,11 +159,12 @@ struct onas_context *onas_init_context(void) {

 cl_error_t onas_check_client_connection(struct onas_context **ctx) {

+	cl_error_t err = CL_SUCCESS;

 	errno = 0;

 	/* 0 local, non-zero remote, errno set on error */

-	(*ctx)->isremote = onas_check_remote(ctx);

-	if (errno == 0) {

+	(*ctx)->isremote = onas_check_remote(ctx, &err);

+	if (errno == 0 && CL_SUCCESS == err ) {

 		logg("*Clamonacc: ");

 		(*ctx)->isremote ? logg("*daemon is remote\n") : logg("*daemon is local\n");

 	}

@@ -225,6 +226,9 @@ void* onas_context_cleanup(struct onas_context *ctx) {

 	close(ctx->fan_fd);

 	optfree((struct optstruct *) ctx->opts);

 	optfree((struct optstruct *) ctx->clamdopts);

+        if (ctx->portstr) {

+            free(ctx->portstr);

+        }

 	ctx->opts = NULL;

 	ctx->clamdopts = NULL;

 	free(ctx);

@@ -24,6 +24,16 @@

 #include "libclamav/clamav.h"

+#ifndef HAVE_ATTRIB_PACKED

+#define __attribute__(x)

+#endif

+#ifdef HAVE_PRAGMA_PACK

+#pragma pack(1)

+#endif

+#ifdef HAVE_PRAGMA_PACK_HPPA

+#pragma pack 1

+#endif

+

 struct onas_context {

 	const struct optstruct *opts;

 	const struct optstruct *clamdopts;

@@ -45,8 +55,16 @@ struct onas_context {

         int scantype;

         int isremote;

         int session;

-};

+        char *portstr;

+} __attribute__((packed));

+

+#ifdef HAVE_PRAGMA_PACK

+#pragma pack()

+#endif

+#ifdef HAVE_PRAGMA_PACK_HPPA

+#pragma pack

+#endif

 struct onas_context* onas_init_context(void);

 void* onas_cleanup(struct onas_context *ctx);

@@ -25,6 +25,7 @@

 #include <stdio.h>

 #include <stdlib.h>

+#include <curl/curl.h>

 #ifdef	HAVE_UNISTD_H

 #include <unistd.h>

 #endif

@@ -56,11 +57,12 @@

 #include "shared/output.h"

 #include "shared/misc.h"

 #include "shared/actions.h"

-#include "shared/clamdcom.h"

 #include "libclamav/str.h"

 #include "libclamav/others.h"

+

+#include "onaccess_com.h"

 #include "onaccess_client.h"

 #include "onaccess_proto.h"

@@ -80,97 +82,124 @@ static void print_server_version(struct onas_context **ctx)

 /* Inits the communication layer

  * Returns 0 if clamd is local, non zero if clamd is remote */

-int onas_check_remote(struct onas_context  **ctx) {

-    int s, ret;

-    const struct optstruct *opt;

-    char *ipaddr = NULL;

-    char port[10];

-    struct addrinfo hints, *info, *p;

-    int res;

+int onas_check_remote(struct onas_context  **ctx, cl_error_t *err) {

+	int s, ret;

+	const struct optstruct *opt;

+	CURL *curl;

+	CURLcode curlcode;

+	char *ipaddr = NULL;

+	char port[10];

+	struct addrinfo hints, *info, *p;

+	int res;

+

+	*err = CL_SUCCESS;

 #ifndef _WIN32

-    if((opt = optget((*ctx)->clamdopts, "LocalSocket"))->enabled) {

-        memset((void *)&nixsock, 0, sizeof(nixsock));

-        nixsock.sun_family = AF_UNIX;

-        strncpy(nixsock.sun_path, opt->strarg, sizeof(nixsock.sun_path));

-        nixsock.sun_path[sizeof(nixsock.sun_path)-1]='\0';

-        return 0;

-    }

+	if((opt = optget((*ctx)->clamdopts, "LocalSocket"))->enabled) {

+		return 0;

+	}

 #endif

-    if(!(opt = optget((*ctx)->clamdopts, "TCPSocket"))->enabled)

-        return 0;

+	if(!(opt = optget((*ctx)->clamdopts, "TCPSocket"))->enabled) {

+		return 0;

+	}

-    snprintf(port, sizeof(port), "%lld", optget((*ctx)->clamdopts, "TCPSocket")->numarg);

+	snprintf(port, sizeof(port), "%lld", optget((*ctx)->clamdopts, "TCPSocket")->numarg);

-    opt = optget((*ctx)->clamdopts, "TCPAddr");

-    while (opt) {

+	if ((*ctx)->portstr) {

+		free((*ctx)->portstr);

+	}

-        if (opt->strarg)

-            ipaddr = (!strcmp(opt->strarg, "any") ? NULL : opt->strarg);

+	(*ctx)->portstr = cli_strdup(port);

+	if ( NULL == (*ctx)->portstr ) {

+		*err = CL_EARG;

+		return 0;

+	}

-        memset(&hints, 0x00, sizeof(struct addrinfo));

-        hints.ai_family = AF_UNSPEC;

-        hints.ai_socktype = SOCK_STREAM;

-        hints.ai_flags = AI_PASSIVE;

+	opt = optget((*ctx)->clamdopts, "TCPAddr");

+	while (opt) {

+

+		if (opt->strarg) {

+			ipaddr = (!strcmp(opt->strarg, "any") ? NULL : opt->strarg);

+		}

+

+		if (NULL == ipaddr) {

+			logg("!ClamClient: Clamonacc does not support binding to INADDR_ANY, \

+					please specify an address with TCPAddr in your clamd.conf config file\n");

+			*err = CL_EARG;

+			return 1;

+		}

+

+		curlcode = onas_curl_init(&curl, ipaddr, port);

+		if (CURLE_OK != curlcode) {

+			logg("!ClamClient: could not init curl, %s\n", curl_easy_strerror(curlcode));

+			*err = CL_EARG;

+			return 1;

+		}

+

+		curlcode = curl_easy_perform(curl);

+		if (CURLE_OK != curlcode) {

+			logg("!ClamClient: could not connect to remote clam daemon, %s\n", curl_easy_strerror(curlcode));

+			*err = CL_EARG;

+			return 1;

+		}

+

+		curl_easy_cleanup(curl);

+

+		opt = opt->nextarg;

+	}

-        if ((res = getaddrinfo(ipaddr, port, &hints, &info))) {

-            logg("!Can't lookup clamd hostname: %s\n", gai_strerror(res));

-            opt = opt->nextarg;

-            continue;

-        }

+	if (*err == CL_SUCCESS) {

+		return 1;

+	} else {

+		return 0;

+	}

+}

-        for (p = info; p != NULL; p = p->ai_next) {

-            if((s = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) < 0) {

-                logg("isremote: socket() returning: %s.\n", strerror(errno));

-                continue;

-            }

-

-            switch (p->ai_family) {

-            case AF_INET:

-                ((struct sockaddr_in *)(p->ai_addr))->sin_port = htons(INADDR_ANY);

-                break;

-            case AF_INET6:

-                ((struct sockaddr_in6 *)(p->ai_addr))->sin6_port = htons(INADDR_ANY);

-                break;

-            default:

-                break;

-            }

-

-            ret = bind(s, p->ai_addr, p->ai_addrlen);

-            if (ret) {

-                if (errno == EADDRINUSE) {

-                    /*

-                     * If we can't bind, then either we're attempting to listen on an IP that isn't

-                     * ours or that clamd is already listening on.

-                     */

-                    closesocket(s);

-                    freeaddrinfo(info);

-                    return 0;

-                }

-

-                closesocket(s);

-                freeaddrinfo(info);

-                return 1;

-            }

-

-            closesocket(s);

+CURLcode onas_curl_init(CURL **curl, char *ipaddr, char *port) {

+

+	CURLcode curlcode = CURLE_OK;

+

+	if (!curl || !(*curl) || !ipaddr || !port) {

+		logg("!ClamClient: invalid (NULL) args passed to onas_curl_init\n");

+		return CURLE_FAILED_INIT;

+	}

+

+	*curl = curl_easy_init();

+

+	curlcode = curl_easy_setopt(*curl, CURLOPT_PORT, port);

+        if (CURLE_OK != curlcode) {

+		logg("!ClamClient: could not setup curl with tcp port, %s\n", curl_easy_strerror(curlcode));

+		curl_easy_cleanup(*curl);

+		return curlcode;

         }

-        freeaddrinfo(info);

+	curlcode = curl_easy_setopt(*curl, CURLOPT_URL, ipaddr);

+        if (CURLE_OK != curlcode) {

+		logg("!ClamClient: could not setup curl with tcp address, %s\n", curl_easy_strerror(curlcode));

+		curl_easy_cleanup(*curl);

+		return curlcode;

+        }

-        opt = opt->nextarg;

-    }

+	/* we implement our own transfer protocol via send and recv, so we only need to connect */

+	curlcode = curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L);

+	if (CURLE_OK != curlcode) {

+		logg("!ClamClient: could not setup curl to connect only, %s\n", curl_easy_strerror(curlcode));

+		curl_easy_cleanup(*curl);

+		return curlcode;

+	}

-    return 0;

+	return curlcode;

 }

 cl_error_t onas_setup_client (struct onas_context **ctx) {

     const struct optstruct *opts;

     const struct optstruct *opt;

-    errno = 0;

+    cl_error_t err;

     int remote;

+    errno = 0;

+

     opts = (*ctx)->opts;

     if(optget(opts, "verbose")->enabled) {

@@ -200,16 +229,20 @@ cl_error_t onas_setup_client (struct onas_context **ctx) {

 	    logg("!ClamClient: problem with internal logger\n");

             return CL_EARG;

 	}

-    } else

+    } else {

 	logg_file = NULL;

+    }

     if(actsetup(opts)) {

 	return CL_EARG;

     }

-    if (onas_check_remote(ctx)) {

-        (*ctx)->isremote = 1;

-    } else if (errno == EADDRINUSE) {

+    if (curl_global_init(CURL_GLOBAL_NOTHING)) {

+        return CL_EARG;

+    }

+

+    (*ctx)->isremote = onas_check_remote(ctx, &err);

+    if (err) {

         return CL_EARG;

     }

@@ -275,21 +308,51 @@ static char *onas_make_absolute(const char *basepath) {

 int onas_get_clamd_version(struct onas_context **ctx)

 {

     char *buff;

+    CURL *curl;

+    CURLcode curlcode;

+    cl_error_t err = CL_SUCCESS;

+    int b_remote;

     int len, sockd;

     struct RCVLN rcv;

-    onas_check_remote(ctx);

-    if((sockd = onas_dconnect(ctx)) < 0) {

-        return 2;

+    b_remote = onas_check_remote(ctx, &err);

+    if (CL_SUCCESS != err) {

+	    logg("!ClamClient: could not check to see if daemon was remote\n");

+	    return 2;

+    }

+

+    if (!b_remote) {

+	curl = curl_easy_init();

+        curlcode = curl_easy_setopt(curl, CURLOPT_UNIX_SOCKET_PATH, optget((*ctx)->clamdopts, "LocalSocket")->strarg);

+	if (CURLE_OK != curlcode) {

+		logg("!ClamClient: could not setup curl with local unix socket, %s\n", curl_easy_strerror(curlcode));

+		curl_easy_cleanup(curl);

+		return 2;

+	}

+    } else {

+	curlcode = onas_curl_init(&curl, optget((*ctx)->clamdopts, "TCPAddr")->strarg, (*ctx)->portstr);

+	if (CURLE_OK != curlcode) {

+		logg("!ClamClient: could not setup curl with tcp address and port, %s\n", curl_easy_strerror(curlcode));

+		/* curl cleanup done in ons_curl_init on error */

+		return 2;

+	}

     }

-    recvlninit(&rcv, sockd);

-    if(sendln(sockd, "zVERSION", 9)) {

-        closesocket(sockd);

+    onas_recvlninit(&rcv, curl);

+

+    curlcode = curl_easy_perform(curl);

+    if (CURLE_OK != curlcode) {

+	    logg("!ClamClient: could not connect to clam daemon, %s\n", curl_easy_strerror(curlcode));

+	    return 2;

+    }

+

+

+    if(onas_sendln(curl, "zVERSION", 9)) {

+        curl_easy_close(curl);

         return 2;

     }

-    while((len = recvln(&rcv, &buff, NULL))) {

+    while((len = onas_recvln(&rcv, &buff, NULL))) {

         if(len == -1) {

             logg("*ClamClient: clamd did not respond with version information\n");

             break;

@@ -297,12 +360,14 @@ int onas_get_clamd_version(struct onas_context **ctx)

         printf("%s\n", buff);

     }

-    closesocket(sockd);

+    curl_easy_close(curl);

     return 0;

 }

 int onas_client_scan(struct onas_context **ctx, const char *fname, STATBUF sb, int *infected, int *err, cl_error_t *ret_code)

 {

+	CURL *curl = NULL;

+	CURLcode curlcode = CURLE_OK;

 	int scantype, errors = 0;

 	int sockd, ret;

@@ -314,19 +379,32 @@ int onas_client_scan(struct onas_context **ctx, const char *fname, STATBUF sb, i

 		scantype = (*ctx)->scantype;

         }

+	curlcode = onas_curl_init(&curl, optget((*ctx)->clamdopts, "TCPAddr")->strarg, (*ctx)->portstr);

+	if (CURLE_OK != curlcode) {

+		logg("!ClamClient: could not setup curl with tcp address and port, %s\n", curl_easy_strerror(curlcode));

+		/* curl cleanup done in ons_curl_init on error */

+		return 2;

+	}

+

 	/* logg here is noisy even for debug, enable only for dev work if something has gone very wrong. */

         //logg("*ClamClient: connecting to daemon ...\n");

-	if((sockd = onas_dconnect(ctx)) >= 0 && (ret = onas_dsresult(ctx, sockd, scantype, fname, &ret, err, ret_code)) >= 0) {

+	curlcode = curl_easy_perform(curl);

+	if (CURLE_OK != curlcode) {

+		logg("!ClamClient: could not establish connection, %s\n", curl_easy_strerror(curlcode));

+		return 2;

+	}

+

+

+	if((ret = onas_dsresult(ctx, curl, scantype, fname, &ret, err, ret_code)) >= 0) {

 		*infected = ret;

 	} else {

 		logg("*ClamClient: connection could not be established ... return code %d\n", *ret_code);

 		errors = 1;

 	}

-	if(sockd >= 0) {

-		/* logg here is noisy even for debug, enable only for dev work if something has gone very wrong. */

-		//logg("*ClamClient: done, closing connection ...\n");

-		closesocket(sockd);

-	}

+	/* logg here is noisy even for debug, enable only for dev work if something has gone very wrong. */

+	//logg("*ClamClient: done, closing connection ...\n");

+	curl_easy_cleanup(curl);

 	return *infected ? 1 : (errors ? 2 : 0);

 }

+

@@ -22,6 +22,8 @@

 #ifndef __ONAS_CLIENT_H

 #define __ONAS_CLIENT_H

+#include <curl/curl.h>

+

 #include "shared/optparser.h"

 #include "../clamonacc.h"

@@ -36,8 +38,9 @@ enum {

 int onas_client_scan(struct onas_context **ctx, const char *fname, STATBUF sb, int *infected, int *err, cl_error_t *ret_code);

+CURLcode onas_curl_init(CURL **curl, char *ipaddr, char *port);

 int onas_get_clamd_version(struct onas_context **ctx);

 cl_error_t onas_setup_client(struct onas_context **ctx);

-int onas_check_remote(struct onas_context  **ctx);

+int onas_check_remote(struct onas_context  **ctx, cl_error_t *err);

 #endif

new file mode 100644

@@ -0,0 +1,156 @@

+/*

+ *  Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

+ *  Copyright (C) 2009-2010 Sourcefire, Inc.

+ *

+ *  Author: aCaB

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License version 2 as

+ *  published by the Free Software Foundation.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

+ *  MA 02110-1301, USA.

+ */

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include <stdio.h>

+#include <string.h>

+#include <sys/types.h>

+#include <sys/stat.h>

+#include <curl/curl.h>

+#if HAVE_UNISTD_H

+#include <unistd.h>

+#endif

+#include <fcntl.h>

+#include <errno.h>

+

+#if !defined(_WIN32)

+#include <sys/socket.h>

+#endif

+

+#include "shared/output.h"

+

+#include "onaccess_com.h"

+

+/* Sends bytes over a socket

+ * Returns 0 on success */

+int onas_sendln(CURL *curl, const char *line, unsigned int len) {

+	unsigned int sent = 0;

+	CURLcode curlcode;

+

+	while(len) {

+

+		curlcode = curl_easy_send(curl, line, len, &sent);

+		if(sent <= 0) {

+			if(sent && errno == EINTR) {

+				continue;

+			} else {

+				logg("!Can't send to clamd: %s\n", strerror(errno));

+			}

+

+			return 1;

+		}

+

+		line += sent;

+		len -= sent;

+	}

+

+	return 0;

+}

+

+/* Inits a RECVLN struct before it can be used in recvln() - see below */

+void onas_recvlninit(struct RCVLN *s, CURL *curl) {

+	rcv_data->curl = curl;

+	rcv_data->curl_code = CURLE_OK;

+	rcv_data->lnstart = rcv_data->curr = rcv_data->buf;

+	rcv_data->bytes_recvd = 0;

+}

+

+/* Receives a full (terminated with \0) line from a socket

+ * Sets ret_bol to the begin of the received line, and optionally

+ * ret_eol to the end of line.

+ * Should be called repeatedly until all input is consumed

+ * Returns:

+ * - the length of the line (a positive number) on success

+ * - 0 if the connection is closed

+ * - -1 on error

+ */

+int onas_recvln(struct RCVLN *rcv_data, char **ret_bol, char **ret_eol) {

+	char *eol;

+	int ret = 0;

+

+	while(1) {

+		if (!rcv_data->bytes_recvd) {

+			rcv_data->curl_code = easy_curl_recv(rcv_data->curl, rcv_data->curr,

+					sizeof(rcv_data->buf) - (rcv_data->curr - rcv_data->buf), &(rcv_data->bytes_recvd));

+

+			if (rcv_data->bytes_recvd<=0) {

+				if (rcv_data->bytes_recvd && errno == EINTR) {

+					rcv_data->bytes_recvd = 0;

+					continue;

+				}

+

+				if (rcv_data->bytes_recvd || rcv_data->curr!=rcv_data->buf) {

+					*rcv_data->curr = '\0';

+

+					if (strcmp(rcv_data->buf, "UNKNOWN COMMAND\n")) {

+						logg("!Communication error\n");

+					} else {

+						logg("!Command rejected by clamd (wrong clamd version?)\n");

+					}

+

+					return -1;

+				}

+

+				return 0;

+			}

+		}

+

+		if ((eol = memchr(rcv_data->curr, 0, rcv_data->bytes_recvd))) {

+			eol++;

+			rcv_data->bytes_recvd -= eol - rcv_data->curr;

+

+			*ret_bol = rcv_data->lnstart;

+			if (ret_eol) {

+				*ret_eol = eol;

+			}

+

+			ret = eol - rcv_data->lnstart;

+			if (rcv_data->bytes_recvd) {

+				rcv_data->lnstart = rcv_data->curr = eol;

+			} else {

+				rcv_data->lnstart = rcv_data->curr = rcv_data->buf;

+			}

+

+			return ret;

+		}

+

+		rcv_data->bytes_recvd += rcv_data->curr - rcv_data->lnstart;

+

+		if (!eol && rcv_data->bytes_recvd==sizeof(rcv_data->buf)) {

+			logg("!Overlong reply from clamd\n");

+			return -1;

+		}

+

+		if (!eol) {

+			if(rcv_data->buf != rcv_data->lnstart) { /* old memmove sux */

+				memmove(rcv_data->buf, rcv_data->lnstart, rcv_data->bytes_recvd);

+				rcv_data->lnstart = rcv_data->buf;

+			}

+

+			rcv_data->curr = &rcv_data->lnstart[rcv_data->bytes_recvd];

+			rcv_data->bytes_recvd = 0;

+		}

+	}

+}

+

new file mode 100644

@@ -0,0 +1,48 @@

+/*

+ *  Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

+ *  Copyright (C) 2009-2010 Sourcefire, Inc.

+ *

+ *  Author: aCaB

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License version 2 as

+ *  published by the Free Software Foundation.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

+ *  MA 02110-1301, USA.

+ */

+

+#ifndef ONAS_COM_H

+#define ONAS_COM_H

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#if HAVE_SYS_PARAM_H

+#include <sys/param.h>

+#endif

+

+#include "shared/misc.h"

+

+struct RCVLN {

+    char buf[PATH_MAX+1024]; /* FIXME must match that in clamd - bb1349 */

+    CURL *curl;

+    CURLcode curlcode;

+    int retlen;

+    char *curr;

+    char *lnstart;

+};

+

+int onas_sendln(CURL *curl, const char *line, unsigned int len);

+void onas_recvlninit(struct RCVLN *s, CURL *curl);

+int onas_recvln(struct RCVLN *rcv_data, char **ret_bol, char **ret_eol);

+

+#endif

@@ -32,6 +32,7 @@

 /* must be first because it may define _XOPEN_SOURCE */

 #include "shared/fdpassing.h"

 #include <stdio.h>

+#include <curl/curl.h>

 #ifdef HAVE_UNISTD_H

 #include <unistd.h>

 #endif

@@ -57,8 +58,8 @@

 #include "shared/actions.h"

 #include "shared/output.h"

 #include "shared/misc.h"

-#include "shared/clamdcom.h"

+#include "onaccess_com.h"

 #include "onaccess_proto.h"

 #include "onaccess_client.h"

@@ -72,7 +73,7 @@ static const char *scancmd[] = { "CONTSCAN", "MULTISCAN", "INSTREAM", "FILDES",

 /* Connects to clamd

  * Returns a FD or -1 on error */

-int onas_dconnect(struct onas_context **ctx) {

+/*int onas_dconnect(struct onas_context **ctx) {

 	int sockd, res;

 	const struct optstruct *opt;

 	struct addrinfo hints, *info, *p;

@@ -134,11 +135,11 @@ int onas_dconnect(struct onas_context **ctx) {

 	}

 	return -1;

-}

+}*/

 /* Issues an INSTREAM command to clamd and streams the given file

  * Returns >0 on success, 0 soft fail, -1 hard fail */

-static int onas_send_stream(struct onas_context **ctx, int sockd, const char *filename) {

+static int onas_send_stream(struct onas_context **ctx, CURL *curl, const char *filename) {

 	uint32_t buf[BUFSIZ/sizeof(uint32_t)];

 	int fd, len;

 	unsigned long int todo = (*ctx)->maxstream;

@@ -150,7 +151,7 @@ static int onas_send_stream(struct onas_context **ctx, int sockd, const char *fi

 		}

 	} else fd = 0;

-	if(sendln(sockd, "zINSTREAM", 10)) {

+	if(onas_sendln(curl, "zINSTREAM", 10)) {

 		close(fd);

 		return -1;

 	}

@@ -158,7 +159,7 @@ static int onas_send_stream(struct onas_context **ctx, int sockd, const char *fi

 	while((len = read(fd, &buf[1], sizeof(buf) - sizeof(uint32_t))) > 0) {

 		if((unsigned int)len > todo) len = todo;

 		buf[0] = htonl(len);

-		if(sendln(sockd, (const char *)buf, len+sizeof(uint32_t))) {

+		if (onas_sendln(curl, (const char *)buf, len+sizeof(uint32_t))) {

 			close(fd);

 			return -1;

 		}

@@ -174,14 +175,15 @@ static int onas_send_stream(struct onas_context **ctx, int sockd, const char *fi

 		return 0;

 	}

 	*buf=0;

-	sendln(sockd, (const char *)buf, 4);

+	onas_sendln(curl, (const char *)buf, 4);

 	return 1;

 }

 #ifdef HAVE_FD_PASSING

 /* Issues a FILDES command and pass a FD to clamd

  * Returns >0 on success, 0 soft fail, -1 hard fail */

-static int onas_send_fdpass(int sockd, const char *filename) {

+static int onas_send_fdpass(CURL *curl, const char *filename) {

+	CURLcode result;

 	struct iovec iov[1];

 	struct msghdr msg;

 	struct cmsghdr *cmsg;

@@ -195,7 +197,8 @@ static int onas_send_fdpass(int sockd, const char *filename) {

 			return 0;

 		}

 	} else fd = 0;

-	if(sendln(sockd, "zFILDES", 8)) {

+	if(result = onas_sendln(curl, "zFILDES", 8)) {

+		logg("*ClamProto: error sending w/ curl, %s\n", curl_easy_strerror(result));

 		close(fd);

 		return -1;

 	}

@@ -212,7 +215,7 @@ static int onas_send_fdpass(int sockd, const char *filename) {

 	cmsg->cmsg_level = SOL_SOCKET;

 	cmsg->cmsg_type = SCM_RIGHTS;

 	*(int *)CMSG_DATA(cmsg) = fd;

-	if(sendmsg(sockd, &msg, 0) == -1) {

+	if(onas_sendln(curl, &msg, 0) == -1) {

 		logg("!FD send failed: %s\n", strerror(errno));

 		close(fd);

 		return -1;

@@ -244,7 +247,7 @@ static int chkpath(struct onas_context **ctx, const char *path)

  * This is used only in non IDSESSION mode

  * Returns the number of infected files or -1 on error

  * NOTE: filename may be NULL for STREAM scantype. */

-int onas_dsresult(struct onas_context **ctx, int sockd, int scantype, const char *filename, int *printok, int *errors, cl_error_t *ret_code) {

+int onas_dsresult(struct onas_context **ctx, CURL *curl, int scantype, const char *filename, int *printok, int *errors, cl_error_t *ret_code) {

 	int infected = 0, len = 0, beenthere = 0;

 	char *bol, *eol;

 	struct RCVLN rcv;

@@ -252,7 +255,8 @@ int onas_dsresult(struct onas_context **ctx, int sockd, int scantype, const char

 	if(filename && chkpath(ctx, filename))

 		return 0;

-	recvlninit(&rcv, sockd);

+

+	onas_recvlninit(&rcv, curl);

 	if (ret_code) {

 		*ret_code = CL_SUCCESS;

@@ -278,7 +282,7 @@ int onas_dsresult(struct onas_context **ctx, int sockd, int scantype, const char

 				return -1;

 			}

 			sprintf(bol, "z%s %s", scancmd[scantype], filename);

-			if(sendln(sockd, bol, len)) {

+			if(onas_sendln(curl, bol, len)) {

 				if (ret_code) {

 					*ret_code = CL_EWRITE;

 				}

@@ -290,12 +294,12 @@ int onas_dsresult(struct onas_context **ctx, int sockd, int scantype, const char

 		case STREAM:

 			/* NULL filename safe in send_stream() */

-			len = onas_send_stream(ctx, sockd, filename);

+			len = onas_send_stream(ctx, curl, filename);

 			break;

 #ifdef HAVE_FD_PASSING

 		case FILDES:

 			/* NULL filename safe in send_fdpass() */

-			len = onas_send_fdpass(sockd, filename);

+			len = onas_send_fdpass(curl, filename);

 			break;

 #endif

 	}

@@ -307,7 +311,7 @@ int onas_dsresult(struct onas_context **ctx, int sockd, int scantype, const char

 		return len;

 	}

-	while((len = recvln(&rcv, &bol, &eol))) {

+	while((len = onas_recvln(&rcv, &bol, &eol))) {

 		if(len == -1) {

 			if (ret_code) {

 				*ret_code = CL_EREAD;

@@ -21,9 +21,12 @@

 #ifndef ONAS_PROTO_H

 #define ONAS_PROTO_H

+

+#include <curl/curl.h>

+

 #include "shared/misc.h"

 #include "../clamonacc.h"

-int onas_dconnect(struct onas_context **ctx) ;

-int onas_dsresult(struct onas_context **ctx, int sockd, int scantype, const char *filename, int *printok, int *errors, cl_error_t *ret_code);

+/*int onas_dconnect(struct onas_context **ctx);*/

+int onas_dsresult(struct onas_context **ctx, CURL *curl, int scantype, const char *filename, int *printok, int *errors, cl_error_t *ret_code);

 #endif

@@ -70,10 +70,10 @@ extern pthread_t ddd_pid;

 	logg("ClamFanotif: stopped\n");

 }*/

-static int onas_fan_scanfile(const char *fname, struct fanotify_event_metadata *fmd, STATBUF sb, int scan, struct onas_context **ctx)

+/* TODO: rework this to feed multithreading consumer queue

+ * static int onas_fan_scanfile(const char *fname, struct fanotify_event_metadata *fmd, STATBUF sb, int scan, struct onas_context **ctx)

 {

     struct fanotify_response res;

-    const char *virname = NULL;

         int infected = 0;

         int err = 0;

     int ret             = 0;

@@ -102,7 +102,7 @@ static int onas_fan_scanfile(const char *fname, struct fanotify_event_metadata *

     }

     return ret;

-}

+}*/

 cl_error_t onas_setup_fanotif(struct onas_context **ctx) {

@@ -255,11 +255,12 @@ int onas_fan_eloop(struct onas_context **ctx) {

                 }

             }

+                                /* TODO: rework to feed consumer queue

 				if (onas_fan_scanfile(fname, fmd, sb, scan, ctx) == -1) {

                 close(fmd->fd);

 					logg("!ClamFanotif: error when stating and/or scanning??\n");

 						return 2;

-            }

+				}*/

             if (close(fmd->fd) == -1) {

 					printf("!ClamFanotif: internal error (close(%d) failed)\n", fmd->fd);

@@ -69,7 +69,7 @@ static void onas_ddd_handle_in_moved_to(struct onas_context *ctx, const char *pa

 static void onas_ddd_handle_in_create(struct onas_context *ctx, const char *path, const char *child_path, const struct inotify_event *event, int wd, uint64_t in_mask);

 static void onas_ddd_handle_in_moved_from(struct onas_context *ctx, const char *path, const char *child_path, const struct inotify_event *event, int wd);

 static void onas_ddd_handle_in_delete(struct onas_context *ctx, const char *path, const char *child_path, const struct inotify_event *event, int wd);

-static void onas_ddd_handle_extra_scanning(struct onas_context *ctx, const char *pathname, int extra_options);