@@ -1,3 +1,8 @@

+Mon Aug  4 16:46:46 EEST 2008 (edwin)

+-------------------------------------

+  * clamdscan: add support for file descriptor passing (from

+  contrib/clamd_fdscan) (bb #1117)

+

 Mon Aug  4 02:40:33 CEST 2008 (acab)

 ------------------------------------

   * test: add clam.impl.zip

@@ -31,6 +31,9 @@ clamdscan_SOURCES = \

     $(top_srcdir)/shared/getopt.h \

     $(top_srcdir)/shared/options.c \

     $(top_srcdir)/shared/options.h \

+    $(top_srcdir)/libclamav/regex/strlcpy.c\

+    clamd_fdscan.c \

+    clamd_fdscan.h \

     clamdscan.c \

     client.c \

     client.h \

@@ -71,11 +71,13 @@ am__clamdscan_SOURCES_DIST = $(top_srcdir)/shared/output.c \

 	$(top_srcdir)/shared/cfgparser.h $(top_srcdir)/shared/misc.c \

 	$(top_srcdir)/shared/misc.h $(top_srcdir)/shared/getopt.c \

 	$(top_srcdir)/shared/getopt.h $(top_srcdir)/shared/options.c \

-	$(top_srcdir)/shared/options.h clamdscan.c client.c client.h \

-	defaults.h

+	$(top_srcdir)/shared/options.h \

+	$(top_srcdir)/libclamav/regex/strlcpy.c clamd_fdscan.c \

+	clamd_fdscan.h clamdscan.c client.c client.h defaults.h

 @BUILD_CLAMD_TRUE@am_clamdscan_OBJECTS = output.$(OBJEXT) \

 @BUILD_CLAMD_TRUE@	cfgparser.$(OBJEXT) misc.$(OBJEXT) \

 @BUILD_CLAMD_TRUE@	getopt.$(OBJEXT) options.$(OBJEXT) \

+@BUILD_CLAMD_TRUE@	strlcpy.$(OBJEXT) clamd_fdscan.$(OBJEXT) \

 @BUILD_CLAMD_TRUE@	clamdscan.$(OBJEXT) client.$(OBJEXT)

 clamdscan_OBJECTS = $(am_clamdscan_OBJECTS)

 clamdscan_LDADD = $(LDADD)

@@ -240,6 +242,9 @@ top_srcdir = @top_srcdir@

 @BUILD_CLAMD_TRUE@    $(top_srcdir)/shared/getopt.h \

 @BUILD_CLAMD_TRUE@    $(top_srcdir)/shared/options.c \

 @BUILD_CLAMD_TRUE@    $(top_srcdir)/shared/options.h \

+@BUILD_CLAMD_TRUE@    $(top_srcdir)/libclamav/regex/strlcpy.c\

+@BUILD_CLAMD_TRUE@    clamd_fdscan.c \

+@BUILD_CLAMD_TRUE@    clamd_fdscan.h \

 @BUILD_CLAMD_TRUE@    clamdscan.c \

 @BUILD_CLAMD_TRUE@    client.c \

 @BUILD_CLAMD_TRUE@    client.h \

@@ -336,12 +341,14 @@ distclean-compile:

 	-rm -f *.tab.c

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cfgparser.Po@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/clamd_fdscan.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/clamdscan.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getopt.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/options.Po@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/output.Po@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strlcpy.Po@am__quote@

 .c.o:

 @am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<

@@ -434,6 +441,20 @@ options.obj: $(top_srcdir)/shared/options.c

 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

 @am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o options.obj `if test -f '$(top_srcdir)/shared/options.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/options.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/options.c'; fi`

+strlcpy.o: $(top_srcdir)/libclamav/regex/strlcpy.c

+@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT strlcpy.o -MD -MP -MF $(DEPDIR)/strlcpy.Tpo -c -o strlcpy.o `test -f '$(top_srcdir)/libclamav/regex/strlcpy.c' || echo '$(srcdir)/'`$(top_srcdir)/libclamav/regex/strlcpy.c

+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/strlcpy.Tpo $(DEPDIR)/strlcpy.Po

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$(top_srcdir)/libclamav/regex/strlcpy.c' object='strlcpy.o' libtool=no @AMDEPBACKSLASH@

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

+@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o strlcpy.o `test -f '$(top_srcdir)/libclamav/regex/strlcpy.c' || echo '$(srcdir)/'`$(top_srcdir)/libclamav/regex/strlcpy.c

+

+strlcpy.obj: $(top_srcdir)/libclamav/regex/strlcpy.c

+@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT strlcpy.obj -MD -MP -MF $(DEPDIR)/strlcpy.Tpo -c -o strlcpy.obj `if test -f '$(top_srcdir)/libclamav/regex/strlcpy.c'; then $(CYGPATH_W) '$(top_srcdir)/libclamav/regex/strlcpy.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/libclamav/regex/strlcpy.c'; fi`

+@am__fastdepCC_TRUE@	mv -f $(DEPDIR)/strlcpy.Tpo $(DEPDIR)/strlcpy.Po

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$(top_srcdir)/libclamav/regex/strlcpy.c' object='strlcpy.obj' libtool=no @AMDEPBACKSLASH@

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

+@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o strlcpy.obj `if test -f '$(top_srcdir)/libclamav/regex/strlcpy.c'; then $(CYGPATH_W) '$(top_srcdir)/libclamav/regex/strlcpy.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/libclamav/regex/strlcpy.c'; fi`

+

 mostlyclean-libtool:

 	-rm -f *.lo

new file mode 100644

@@ -0,0 +1,112 @@

+/*	$Id: clamd_fdscan.c,v 1.2 2007/01/18 16:59:50 mbalmer Exp $	*/

+

+/*

+ * Copyright (c) 2007 Marc Balmer <mbalmer@openbsd.org>

+ *

+ * Permission to use, copy, modify, and distribute this software for any

+ * purpose with or without fee is hereby granted, provided that the above

+ * copyright notice and this permission notice appear in all copies.

+ *

+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

+ */

+

+#ifdef HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#ifdef HAVE_FD_PASSING

+#include <sys/types.h>

+#include <sys/socket.h>

+#include <sys/un.h>

+#include <sys/uio.h>

+#include <string.h>

+

+#include <stdio.h>

+#include <err.h>

+#include <unistd.h>

+

+#include "clamd_fdscan.h"

+

+#define CLAMD_BUFSIZ	256

+

+size_t cli_strlcpy(char *dst, const char *src, size_t siz);

+/*

+ * clamd_fdscan lets a running clamd process scan the contents of an open

+ * filedescriptor by passing the filedescriptor to clamd.  The parameters

+ * are as follows:

+ * s            socket connected to clamd

+ * fd		the open filedescriptor to pass for scanning

+ * name		virus name, if a virus is found

+ * len		max len of the virus name

+ *

+ * The functions returns 0 if the file was scanned and contains no virus,

+ * -1 if an error occurs and 1 if a virus is found.

+ */

+int

+clamd_fdscan(int s, int fd, char *name, size_t len)

+{

+	struct sockaddr_un addr;

+	struct msghdr msg;

+	struct cmsghdr *cmsg;

+	unsigned char fdbuf[CMSG_SPACE(sizeof(int))];

+	FILE *sp;

+	char buf[CLAMD_BUFSIZ], *p, *q;

+	off_t pos;

+	struct iovec iov[1];

+

+	iov[0].iov_base = "";

+	iov[0].iov_len = 1;

+

+	pos = lseek(fd, 0, SEEK_CUR);

+

+	memset(&msg, 0, sizeof(msg));

+	msg.msg_control = fdbuf;

+	/* must send/receive at least one byte */

+	msg.msg_iov = iov;

+	msg.msg_iovlen = 1;

+	msg.msg_controllen = CMSG_LEN(sizeof(int));

+

+	cmsg = CMSG_FIRSTHDR(&msg);

+	cmsg->cmsg_len = CMSG_LEN(sizeof(int));

+	cmsg->cmsg_level = SOL_SOCKET;

+	cmsg->cmsg_type = SCM_RIGHTS;

+	*(int *)CMSG_DATA(cmsg) = fd;

+

+	write(s, "FILDES\n", sizeof("FILDES\n")-1);

+	if (sendmsg(s, &msg, 0) == -1) {

+		perror("sendmsg");

+		close(s);

+		return -1;

+	}

+

+	sp = fdopen(s,"r");

+	fgets(buf, sizeof(buf), sp);

+	fclose(sp);

+	close(s);

+

+	if (pos != -1)

+		lseek(fd, pos, SEEK_SET);

+	if ((p = strrchr(buf, ' ')) != NULL) {

+		++p;

+		if (!strncmp(p, "OK", 2))

+			return 0;

+		else if (!strncmp(p, "FOUND", 5)) {

+			if (name != NULL) {

+				*--p = '\0';

+				q = strrchr(buf, ' ') + 1;

+				cli_strlcpy(name, q, len);

+			}

+			return 1;

+		} else {

+			puts(buf);

+		}

+	}

+	return -1;

+}

+#endif

new file mode 100644

@@ -0,0 +1,19 @@

+/*	$Id: clamd_fdscan.h,v 1.1.1.1 2007/01/18 14:01:24 mbalmer Exp $	*/

+

+/*

+ * Copyright (c) 2007 Marc Balmer <mbalmer@openbsd.org>

+ *

+ * Permission to use, copy, modify, and distribute this software for any

+ * purpose with or without fee is hereby granted, provided that the above

+ * copyright notice and this permission notice appear in all copies.

+ *

+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

+ */

+

+extern int clamd_fdscan(int s, int fd, char *name, size_t len);

@@ -60,7 +60,7 @@ int main(int argc, char **argv)

 	struct optstruct *opt;

 	const char *clamdscan_accepted[] = { "help", "version", "verbose", "quiet",

 				  "stdout", "log", "move", "copy", "remove",

-				  "config-file", "no-summary",

+				  "config-file", "no-summary",  "fdpass",

 				  "disable-summary", "multiscan", NULL };

@@ -160,6 +160,7 @@ void help(void)

     mprintf("    --multiscan           -m           Force MULTISCAN mode\n");

     mprintf("    --infected            -i           Only print infected files\n");

     mprintf("    --no-summary                       Disable summary at end of scanning\n");

+    mprintf("    --fdpass                           pass filedescriptor to clamd (useful if clamd is running as a different user)\n");

     mprintf("\n");

     exit(0);

@@ -262,7 +262,7 @@ static char *abpath(const char *filename)

     return fullpath;

 }

-static int dconnect(const struct optstruct *opt)

+static int dconnect(const struct optstruct *opt, int *is_unix)

 {

 	struct sockaddr_un server;

 	struct sockaddr_in server2;

@@ -272,7 +272,8 @@ static int dconnect(const struct optstruct *opt)

 	const char *clamav_conf = opt_arg(opt, "config-file");

 	int sockd;

-

+    if(is_unix)

+	    *is_unix = 0;

     if(!clamav_conf)

 	clamav_conf = DEFAULT_CFG;

@@ -307,7 +308,8 @@ static int dconnect(const struct optstruct *opt)

 	    freecfg(copt);

 	    return -1;

 	}

-

+	if(is_unix)

+		*is_unix = 1;

     } else if((cpt = cfgopt(copt, "TCPSocket"))->enabled) {

 	if((sockd = socket(SOCKET_INET, SOCK_STREAM, 0)) < 0) {

@@ -356,7 +358,7 @@ int get_clamd_version(const struct optstruct *opt)

 	int bread, sockd;

-    if((sockd = dconnect(opt)) < 0)

+    if((sockd = dconnect(opt, NULL)) < 0)

 	return 2;

     if(write(sockd, "VERSION", 7) <= 0) {

@@ -394,7 +396,7 @@ int client(const struct optstruct *opt, int *infected)

 	    return 2;

 	}

-	if((sockd = dconnect(opt)) < 0)

+	if((sockd = dconnect(opt, NULL)) < 0)

 	    return 2;

 	if((ret = dsfile(sockd, scantype, cwd, opt)) >= 0)

@@ -405,10 +407,29 @@ int client(const struct optstruct *opt, int *infected)

 	close(sockd);

     } else if(!strcmp(opt->filename, "-")) { /* scan data from stdin */

-	if((sockd = dconnect(opt)) < 0)

+        int is_unix;

+	if((sockd = dconnect(opt, &is_unix)) < 0)

 	    return 2;

-	if((ret = dsstream(sockd, opt)) >= 0)

+	if(opt_check(opt,"fdpass")) {

+#ifndef HAVE_FD_PASSING

+		logg("^File descriptor pass support not compiled in, falling back to stream scan\n");

+		ret = dsstream(sockd, opt);

+#else

+		if(!is_unix) {

+			logg("^File descriptor passing can only work on local (unix) sockets! Falling back to stream scan\n");

+			/* fall back to stream */

+			ret = dsstream(sockd, opt);

+		} else {

+			char buff[4096];

+			memset(buff, 0, sizeof(buff));

+			ret = clamd_fdscan(sockd, 0, buff, sizeof(buff));

+			logg("fd: %s%s",buff, ret == 1 ? " FOUND" : ret == -1 ? " ERROR" : "OK");

+		}

+#endif

+	} else

+		ret = dsstream(sockd, opt);

+	if(ret >= 0)

 	    *infected += ret;

 	else

 	    errors++;

@@ -439,7 +460,7 @@ int client(const struct optstruct *opt, int *infected)

 		switch(sb.st_mode & S_IFMT) {

 		    case S_IFREG:

 		    case S_IFDIR:

-			if((sockd = dconnect(opt)) < 0)

+			if((sockd = dconnect(opt, NULL)) < 0)

 			    return 2;

 			if((ret = dsfile(sockd, scantype, fullpath, opt)) >= 0)

@@ -86,7 +86,7 @@ static struct option clamscan_longopt[] = {

     /* developers only */

     {"dev-ac-only", 0, 0, 0},

     {"dev-ac-depth", 1, 0, 0},

-

+    {"fdpass", 0, 0, 0},

     {0, 0, 0, 0}

 };

@@ -44,6 +44,10 @@ Move infected files into DIRECTORY.

 .TP 

 \fB\-\-no\-summary\fR

 Do not display summary at the end of scanning.

+.TP

+\fB\-\-fdpass\fR

+Pass the file descriptor permissions clamd. This is useful if clamd is running as a different user as it is faster than streaming the file to clamd.

+Only available if connected to clamd through local(unix) sockets and scanning stdin.

 .SH "EXAMPLES"

 .LP 

 .TP 

@@ -58,6 +62,10 @@ Do not display summary at the end of scanning.

 (2) To scan all files in /home:

 \fBclamdscan /home\fR

+.TP

+(3) To scan a file when clamd is running as a different user:

+

+\fBclamdscan - <file_to_scan\fR

 .SH "RETURN CODES"

 .LP 

 0 : No virus found.

@@ -18,6 +18,19 @@ run_clamd_test() {

 	test /tmp/clamd-test.pid && kill `cat /tmp/clamd-test.pid` 

 }

+run_clamd_fdpass_test() {

+	conf_file=$1

+	shift

+	rm -f clamdscan.log

+	../clamd/clamd -c $conf_file || { echo "Failed to start clamd!" >&2; die 1;}

+	../clamdscan/clamdscan --quiet --fdpass --config-file $conf_file - <$1 --log=clamdscan.log

+	if test $? = 2; then

+		echo "Failed to run clamdscan!" >&2;

+		die 3;

+	fi

+	test /tmp/clamd-test.pid && kill `cat /tmp/clamd-test.pid`

+}

+

 mkdir -p test-db

 cat <<EOF >test-db/test.hdb

 aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File

@@ -65,4 +78,16 @@ if test ! $?; then

 	cat clamdscan.log;

 	die 6;

 fi

+

+if grep "^#define HAVE_FD_PASSING 1" ../clamav-config.h >/dev/null; then

+	run_clamd_fdpass_test $srcdir/test-clamd.conf ../test/clam.exe

+	grep "ClamAV-Test-File" clamdscan.log >/dev/null 2>/dev/null;

+	if test ! $?; then

+		echo "FDpassing test failed!" >&2;

+		cat clamdscan.log;

+		die 7;

+	fi

+else

+	echo "No FD passing support, skipping test"

+fi

 die 0;