... | ... |
@@ -116,6 +116,7 @@ int main(int argc, char **argv) |
116 | 116 |
} |
117 | 117 |
ctx->opts = opts; |
118 | 118 |
|
119 |
+ /* And our config file options */ |
|
119 | 120 |
clamdopts = optparse(optget(opts, "config-file")->strarg, 0, NULL, 1, OPT_CLAMD, 0, NULL); |
120 | 121 |
if (clamdopts == NULL) { |
121 | 122 |
logg("!Clamonacc: can't parse clamd configuration file %s\n", optget(opts, "config-file")->strarg); |
... | ... |
@@ -123,12 +124,14 @@ int main(int argc, char **argv) |
123 | 123 |
} |
124 | 124 |
ctx->clamdopts = clamdopts; |
125 | 125 |
|
126 |
+ /* Make sure we're good to begin spinup */ |
|
126 | 127 |
ret = startup_checks(ctx); |
127 | 128 |
if (ret) { |
128 | 129 |
goto clean_up; |
129 | 130 |
} |
130 | 131 |
|
131 | 132 |
#ifndef _WIN32 |
133 |
+ /* Daemonize if sanity checks are good to go */ |
|
132 | 134 |
if (!optget(ctx->opts, "foreground")->enabled) { |
133 | 135 |
if (-1 == daemonize()) { |
134 | 136 |
logg("!Clamonacc: could not daemonize\n"); |
... | ... |
@@ -156,9 +159,10 @@ int main(int argc, char **argv) |
156 | 156 |
break; |
157 | 157 |
} |
158 | 158 |
|
159 |
- ctx->maxthreads = optget(ctx->clamdopts, "OnAccessMaxThreads")->numarg; |
|
160 | 159 |
|
161 | 160 |
/* Setup our event queue */ |
161 |
+ ctx->maxthreads = optget(ctx->clamdopts, "OnAccessMaxThreads")->numarg; |
|
162 |
+ |
|
162 | 163 |
switch(onas_scan_queue_start(&ctx)) { |
163 | 164 |
case CL_SUCCESS: |
164 | 165 |
break; |
... | ... |
@@ -297,7 +301,7 @@ static int startup_checks(struct onas_context *ctx) { |
297 | 297 |
char faerr[128]; |
298 | 298 |
#endif |
299 | 299 |
int ret = 0; |
300 |
- cl_error_t err = CL_SUCCESS; |
|
300 |
+ cl_error_t err = CL_SUCCESS; |
|
301 | 301 |
|
302 | 302 |
if(optget(ctx->opts, "help")->enabled) { |
303 | 303 |
help(); |
... | ... |
@@ -312,25 +316,33 @@ static int startup_checks(struct onas_context *ctx) { |
312 | 312 |
} |
313 | 313 |
|
314 | 314 |
#if defined(FANOTIFY) |
315 |
- ctx->fan_fd = fanotify_init(FAN_CLASS_CONTENT | FAN_UNLIMITED_QUEUE | FAN_UNLIMITED_MARKS, O_LARGEFILE | O_RDONLY); |
|
316 |
- if (ctx->fan_fd < 0) { |
|
317 |
- logg("!Clamonacc: fanotify_init failed: %s\n", cli_strerror(errno, faerr, sizeof(faerr))); |
|
318 |
- if (errno == EPERM) |
|
319 |
- logg("!Clamonacc: clamonacc must have elevated permissions ... exiting ...\n"); |
|
320 |
- ret = 2; |
|
321 |
- goto done; |
|
322 |
- } |
|
315 |
+ ctx->fan_fd = fanotify_init(FAN_CLASS_CONTENT | FAN_UNLIMITED_QUEUE | FAN_UNLIMITED_MARKS, O_LARGEFILE | O_RDONLY); |
|
316 |
+ if (ctx->fan_fd < 0) { |
|
317 |
+ logg("!Clamonacc: fanotify_init failed: %s\n", cli_strerror(errno, faerr, sizeof(faerr))); |
|
318 |
+ if (errno == EPERM) { |
|
319 |
+ logg("!Clamonacc: clamonacc must have elevated permissions ... exiting ...\n"); |
|
320 |
+ } |
|
321 |
+ ret = 2; |
|
322 |
+ goto done; |
|
323 |
+ } |
|
323 | 324 |
#endif |
324 | 325 |
|
325 |
- if (curl_global_init(CURL_GLOBAL_NOTHING)) { |
|
326 |
- ret = 2; |
|
327 |
- goto done; |
|
328 |
- } |
|
326 |
+ if (curl_global_init(CURL_GLOBAL_NOTHING)) { |
|
327 |
+ ret = 2; |
|
328 |
+ goto done; |
|
329 |
+ } |
|
329 | 330 |
|
330 | 331 |
if (0 == onas_check_remote(&ctx, &err)) { |
332 |
+ |
|
333 |
+ if (CL_SUCCESS != err) { |
|
334 |
+ logg("!Clamonacc: daemon is local, but a connection could not be established\n"); |
|
335 |
+ ret = 2; |
|
336 |
+ goto done; |
|
337 |
+ } |
|
338 |
+ |
|
331 | 339 |
if(!optget(ctx->clamdopts, "OnAccessExcludeUID")->enabled && |
332 |
- !optget(ctx->clamdopts, "OnAccessExcludeUname")->enabled) { |
|
333 |
- logg("!Clamonacc: neither OnAccessExcludeUID or OnAccessExcludeUname is specified ... it is reccomended you exclude the clamd instance UID or uname to prevent infinite event scanning loops\n"); |
|
340 |
+ !optget(ctx->clamdopts, "OnAccessExcludeUname")->enabled && !optget(ctx->clamdopts, "OnAccessExcludeRootUID")->enabled) { |
|
341 |
+ logg("!Clamonacc: at least one of OnAccessExcludeUID, OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ... it is reccomended you exclude the clamd instance UID or uname to prevent infinite event scanning loops\n"); |
|
334 | 342 |
ret = 2; |
335 | 343 |
goto done; |
336 | 344 |
} |
... | ... |
@@ -98,17 +98,20 @@ int onas_check_remote(struct onas_context **ctx, cl_error_t *err) { |
98 | 98 |
|
99 | 99 |
#ifndef _WIN32 |
100 | 100 |
if((opt = optget((*ctx)->clamdopts, "LocalSocket"))->enabled) { |
101 |
- return 0; |
|
101 |
+ opt = optget((*ctx)->clamdopts, "LocalSocket"); |
|
102 |
+ (*ctx)->portnum = 0; |
|
103 |
+ ret = 0; |
|
104 |
+ } else { |
|
105 |
+ opt = optget((*ctx)->clamdopts, "TCPAddr"); |
|
106 |
+ (*ctx)->portnum = optget((*ctx)->clamdopts, "TCPSocket")->numarg; |
|
107 |
+ ret = 1; |
|
102 | 108 |
} |
103 |
-#endif |
|
109 |
+#else |
|
104 | 110 |
if(!(opt = optget((*ctx)->clamdopts, "TCPSocket"))->enabled) { |
105 | 111 |
return 0; |
106 | 112 |
} |
113 |
+#endif |
|
107 | 114 |
|
108 |
- |
|
109 |
- (*ctx)->portnum = optget((*ctx)->clamdopts, "TCPSocket")->numarg; |
|
110 |
- |
|
111 |
- opt = optget((*ctx)->clamdopts, "TCPAddr"); |
|
112 | 115 |
while (opt) { |
113 | 116 |
|
114 | 117 |
if (opt->strarg) { |
... | ... |
@@ -119,21 +122,21 @@ int onas_check_remote(struct onas_context **ctx, cl_error_t *err) { |
119 | 119 |
logg("!ClamClient: Clamonacc does not support binding to INADDR_ANY, \ |
120 | 120 |
please specify an address with TCPAddr in your clamd.conf config file\n"); |
121 | 121 |
*err = CL_EARG; |
122 |
- return 1; |
|
122 |
+ return ret; |
|
123 | 123 |
} |
124 | 124 |
|
125 | 125 |
curlcode = onas_curl_init(&curl, ipaddr, (*ctx)->portnum, timeout); |
126 | 126 |
if (CURLE_OK != curlcode) { |
127 | 127 |
logg("!ClamClient: could not init curl, %s\n", curl_easy_strerror(curlcode)); |
128 | 128 |
*err = CL_EARG; |
129 |
- return 1; |
|
129 |
+ return ret; |
|
130 | 130 |
} |
131 | 131 |
|
132 | 132 |
curlcode = curl_easy_perform(curl); |
133 | 133 |
if (CURLE_OK != curlcode) { |
134 | 134 |
logg("!ClamClient: could not connect to remote clam daemon, %s\n", curl_easy_strerror(curlcode)); |
135 | 135 |
*err = CL_EARG; |
136 |
- return 1; |
|
136 |
+ return ret; |
|
137 | 137 |
} |
138 | 138 |
|
139 | 139 |
#ifndef ONAS_DEBUG |
... | ... |
@@ -141,7 +144,7 @@ int onas_check_remote(struct onas_context **ctx, cl_error_t *err) { |
141 | 141 |
logg("!ClamClient: could not ping clamd, %s\n", curl_easy_strerror(curlcode)); |
142 | 142 |
*err = CL_EARG; |
143 | 143 |
curl_easy_cleanup(curl); |
144 |
- return 1; |
|
144 |
+ return ret; |
|
145 | 145 |
} |
146 | 146 |
#endif |
147 | 147 |
|
... | ... |
@@ -150,11 +153,7 @@ int onas_check_remote(struct onas_context **ctx, cl_error_t *err) { |
150 | 150 |
opt = opt->nextarg; |
151 | 151 |
} |
152 | 152 |
|
153 |
- if (*err == CL_SUCCESS) { |
|
154 |
- return 1; |
|
155 |
- } else { |
|
156 |
- return 0; |
|
157 |
- } |
|
153 |
+ return ret; |
|
158 | 154 |
} |
159 | 155 |
|
160 | 156 |
CURLcode onas_curl_init(CURL **curl, const char *ipaddr, int64_t port, int64_t timeout) { |