[proftpd-mod-clamav] 04/05: Added missing header file

Francesco Lovergine frankie at moszumanska.debian.org
Sun Feb 5 17:50:45 UTC 2017


This is an automated email from the git hooks/post-receive script.

frankie pushed a commit to branch master
in repository proftpd-mod-clamav.

commit 21be8090b462516957c250c568002500debae7ac
Author: Francesco Paolo Lovergine <frankie at debian.org>
Date:   Sun Feb 5 18:35:11 2017 +0100

    Added missing header file
---
 debian/changelog |   5 +-
 mod_clamav.h     | 883 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 886 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 98da4db..abd6725 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-proftpd-mod-clamav (0.10b-1) unstable; urgency=low
+proftpd-mod-clamav (0.14rc2-1) unstable; urgency=low
 
   [ Fabrizio Regalli ]
   * Removing libacl1-dev as BD and increasing proftpd-dev to (>= 1.3.4~rc3-2~)
@@ -18,7 +18,8 @@ proftpd-mod-clamav (0.10b-1) unstable; urgency=low
   * d/control: Remove "DM-Upload-Allowed" field
  
   [ Francesco Paolo Lovergine ]
-  * Updated to new upstream version.
+  * Updated to upstream version that now merged Castaglia changes to avoid
+    patching of proftpd.
 
  -- Francesco Paolo Lovergine <frankie at debian.org>  Sun, 05 Feb 2017 18:03:53 +0100
 
diff --git a/mod_clamav.h b/mod_clamav.h
new file mode 100644
index 0000000..a8c9d70
--- /dev/null
+++ b/mod_clamav.h
@@ -0,0 +1,883 @@
+/*
+ * mod_clamav - ClamAV virus scanning module for ProFTPD
+ * Copyright (c) 2005-2016, Joseph Benden <joe at thrallingpenguin.com>
+ * Copyright (c) 2012-2013, TJ Saunders <tj at castaglia.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA.
+ *
+ * Furthermore, Joseph Benden gives permission to link this program with
+ * ClamAV, and distribute the resulting executable, without including the
+ * source code for ClamAV in the source distribution.
+ *
+ * ClamAV is available at http://www.clamav.net/
+ *
+ * Thanks to TJ Saunders for his helpful comments and suggestions!
+ *
+ * DO NOT EDIT THE LINE BELOW
+ */
+#include "conf.h"
+#include "privs.h"
+#include <libgen.h>
+#include <sys/types.h>
+#include "mod_clamav.h"
+
+/**
+ * Module version and declaration
+ */
+#define MOD_CLAMAV_VERSION "mod_clamav/0.14rc2"
+module clamav_module;
+
+/**
+ * Global variables
+ */
+static int clamd_sockd = 0, is_remote = 0;
+static char *clamd_host = NULL;
+static int clamd_port = 0;
+static unsigned long long clamd_minsize = 0, clamd_maxsize = 0;
+static int clam_errno;
+static int remove_on_failure = 0;
+static const char *trace_channel = "clamav";
+
+/**
+ * Local declarations
+ */
+static unsigned long parse_nbytes(char *nbytes_str, char *units_str);
+static int clamavd_result(int sockd, const char *abs_filename, const char *rel_filename);
+static int clamavd_connect_check(int sockd);
+static int clamavd_scan(int sockd, const char *abs_filename, const char *rel_filename);
+static int clamavd_connect(void);
+
+/**
+ * Read the returned information from Clamavd.
+ */
+static int clamavd_result(int sockd, const char *abs_filename, const char *rel_filename) {
+  int infected = 0, waserror = 0, ret;
+  char buff[4096], *pt, *pt1;
+  FILE *fd = 0;
+
+  (void) pr_trace_msg("clamav", 1, "clamavd_result (sockd %d, abs_filename '%s', rel_filename '%s')", sockd, abs_filename, rel_filename);
+
+  if ((fd=fdopen(dup(sockd), "r")) == NULL) {
+    pr_log_pri(PR_LOG_ERR,
+               MOD_CLAMAV_VERSION ": error: Cant open descriptor for reading: %d",
+               errno);
+    return -1;
+  }
+
+  memset(buff, '\0', sizeof(buff));
+  if (fgets(buff, sizeof(buff) - 1, fd)) {
+    if (strstr(buff, "FOUND\n")) {
+      const char *proto;
+
+      ++infected;
+
+      pt = strrchr(buff, ':');
+      if (pt)
+        *pt = 0;
+
+      /* Delete the infected upload */
+      /* TODO: delete only the hiddenstore file, not
+         the actual file.
+      */
+      if ((ret=pr_fsio_unlink(rel_filename))!=0) {
+        pr_log_pri(PR_LOG_ERR,
+                   MOD_CLAMAV_VERSION ": notice: unlink() failed (%d): %s",
+                   errno, strerror(errno));
+      }
+
+      /* clean up the response */
+      pt += 2;
+      pt1 = strstr(pt, " FOUND");
+      if (pt1) {
+        *pt1 = 0;
+      }
+
+      /* Generate a custom event for any listeners
+       * (e.g. mod_ban) which might be listening. Pass
+       * in the string containing the virus
+       * information.
+       */
+      pr_event_generate("mod_clamav.virus-found", pt);
+
+      /* Inform the client the file contained a
+       * virus (only for FTP/FTPS connections.)
+       */
+      proto = pr_session_get_protocol(0);
+      if (strncmp(proto, "ftp", 3) == 0 ||
+          strncmp(proto, "ftps", 4) == 0) {
+        pr_response_send(R_550, "Virus Detected and Removed: %s", pt);
+      }
+
+      /* Log the fact */
+      pr_log_pri(PR_LOG_ERR,
+                 MOD_CLAMAV_VERSION ": Virus '%s' found in '%s'", pt, abs_filename);
+    } else if (strstr(buff, "ERROR\n") != NULL ||
+               strstr(buff, "UNKNOWN COMMAND") != NULL) {
+      char *err = buff, *errend;
+
+      errend = strstr(err, " ERROR");
+      if (errend) {
+        *errend = 0;
+      }
+      errend = strstr(err, " UNKNOWN COMMAND");
+      if (errend) {
+        *errend = 0;
+      }
+
+      pr_log_pri(PR_LOG_ERR, MOD_CLAMAV_VERSION ": Clamd Error: %s", err);
+      waserror = 1;
+
+      pr_trace_msg("clamav", 1, "Clamd scanner was not able to function; please check that Clamd is functioning before filing a bug report.");
+    }
+  }
+  fclose(fd);
+  return infected ? infected : (waserror ? -1 : 0);
+}
+
+/**
+ * Test the connection with Clamd.
+ */
+static int clamavd_connect_check(int sockd) {
+  FILE *fd = NULL;
+  char buff[32];
+
+  (void) pr_trace_msg("clamav", 6, "clamavd_connect_check (sockd %d)",
+                      sockd);
+
+  if (sockd == -1)
+    return 0;
+
+  if (write(sockd, "PING\n", 5) <= 0) {
+    pr_log_debug(DEBUG4, MOD_CLAMAV_VERSION ": Clamd did not accept PING (%d): %s",
+                 errno, strerror(errno));
+    close(sockd);
+    clamd_sockd = -1;
+    clam_errno = errno;
+    return 0;
+  }
+
+  if ((fd = fdopen(dup(sockd), "r")) == NULL) {
+    pr_log_debug(DEBUG4, MOD_CLAMAV_VERSION ": Clamd can not open descriptor for reading (%d): %s",
+                 errno, strerror(errno));
+    close(sockd);
+    clamd_sockd = -1;
+    clam_errno = errno;
+    return 0;
+  }
+
+  if (fgets(buff, sizeof(buff), fd)) {
+    if (strstr(buff, "PONG")) {
+      fclose(fd);
+      return 1;
+    }
+    pr_log_debug(DEBUG4, MOD_CLAMAV_VERSION ": Clamd return unknown response to PING: '%s'", buff);
+  }
+
+  pr_log_debug(DEBUG4, MOD_CLAMAV_VERSION ": Clamd did not respond to fgets (%d): %s",
+               errno, strerror(errno));
+  fclose(fd);
+  close(sockd);
+  clamd_sockd = -1;
+  clam_errno = errno;
+  return 0;
+}
+
+/**
+ * Request Clamavd to perform a scan of the file contents.
+ */
+static int clamavd_scan_stream(int sockd, const char *abs_filename,
+                               const char *rel_filename) {
+  u_int32_t len = 0;
+  char *buf;
+  size_t bufsz = 4096;
+  long res;
+  FILE *fd;
+
+  if (!clamavd_connect_check(sockd)) {
+    if ((clamd_sockd = clamavd_connect()) < 0) {
+      pr_log_pri(PR_LOG_ERR,
+                 MOD_CLAMAV_VERSION ": error: Cannot re-connect to Clamd (%d): %s",
+                 errno, strerror(errno));
+      clam_errno = errno;
+      return -1;
+    }
+    sockd = clamd_sockd;
+    pr_log_debug(DEBUG4, MOD_CLAMAV_VERSION ": Successfully reconnected to Clamd.");
+    clam_errno = 0;
+  }
+
+  if (write(sockd, "nINSTREAM\n", 10) <= 0) {
+    pr_log_pri(PR_LOG_ERR,
+               MOD_CLAMAV_VERSION ": Cannot write to the Clamd socket: %d", errno);
+    clam_errno = errno;
+    return -1;
+  }
+
+  fd = fopen(rel_filename, "r");
+  if (!fd) {
+    pr_log_pri(PR_LOG_ERR,
+               MOD_CLAMAV_VERSION ": Cannot open file '%s' errno=%d.", rel_filename, errno);
+    clam_errno = errno;
+    return -1;
+  }
+
+  /* rewind file descriptor */
+  fseek(fd, 0, SEEK_SET);
+
+  buf = malloc(bufsz);
+  if (!buf) {
+    pr_log_pri(PR_LOG_CRIT, "Out of memory!");
+    end_login(1);
+  }
+
+  /* send file contents using protocol defined by Clamd */
+  while ((res = fread(buf, 1, bufsz, fd)) > 0) {
+    len = htonl(res);
+    pr_log_debug(DEBUG4, MOD_CLAMAV_VERSION ": Streaming %" PR_LU " bytes (%d, %u) to Clamd.", res, len, sizeof(len));
+    if (write(sockd, (void *) &len, sizeof(len)) <= 0) {
+      pr_log_pri(PR_LOG_ERR,
+                 MOD_CLAMAV_VERSION ": Cannot write byte count to Clamd socket: %d", errno);
+      clam_errno = errno;
+      fclose(fd);
+      free(buf);
+      return -1;
+    }
+    if (write(sockd, buf, res) != res) {
+      pr_log_pri(PR_LOG_ERR,
+                 MOD_CLAMAV_VERSION ": Cannot stream file to Clamd socket: %d", errno);
+      clam_errno = errno;
+      fclose(fd);
+      free(buf);
+      return -1;
+    }
+    if (feof(fd)) break;
+  }
+  fclose(fd);
+  free(buf);
+
+  /* send null length byte, to terminate stream */
+  len = 0;
+  if (write(sockd, (void *) &len, sizeof(len)) <= 0) {
+    pr_log_pri(PR_LOG_ERR,
+               MOD_CLAMAV_VERSION ": Cannot write termination byte to Clamd socket: %d", errno);
+    clam_errno = errno;
+    return -1;
+  }
+  if (write(sockd, "\n", 1) <= 0) {
+    pr_log_pri(PR_LOG_ERR,
+               MOD_CLAMAV_VERSION ": Cannot write terminating return. %d", errno);
+  }
+
+  /* interpret results */
+  return clamavd_result(sockd, abs_filename, rel_filename);
+}
+
+/**
+ * Request Clamavd to perform a scan.
+ */
+static int clamavd_scan(int sockd, const char *abs_filename,
+                        const char *rel_filename) {
+  char *scancmd = NULL;
+
+  scancmd = calloc(strlen(abs_filename) + 20, sizeof(char));
+  if (!scancmd) {
+    pr_log_pri(PR_LOG_ERR, MOD_CLAMAV_VERSION ": error: Cannot allocate memory.");
+    return -1;
+  }
+
+  (void) pr_trace_msg("clamav", 6, "abs_filename '%s' being scanned.",
+                      abs_filename);
+
+  sprintf(scancmd, "SCAN %s\n", abs_filename);
+
+  if (!clamavd_connect_check(sockd)) {
+    if ((clamd_sockd = clamavd_connect()) < 0) {
+      pr_log_pri(PR_LOG_ERR,
+                 MOD_CLAMAV_VERSION ": error: Cannot re-connect to Clamd (%d): %s",
+                 errno, strerror(errno));
+      clam_errno = errno;
+      free(scancmd);
+      scancmd = NULL;
+      return -1;
+    }
+    sockd = clamd_sockd;
+
+    (void) pr_trace_msg("clamav", 4, "Successfully reconnected to the ClamAV scanner.");
+
+    clam_errno = 0;
+  }
+
+  if (write(sockd, scancmd, strlen(scancmd)) <= 0) {
+    pr_log_pri(PR_LOG_ERR,
+               MOD_CLAMAV_VERSION ": error: Cannot write to the Clamd socket: %d", errno);
+    free(scancmd);
+    scancmd = NULL;
+    clam_errno = errno;
+    return -1;
+  }
+
+  free(scancmd);
+  scancmd = NULL;
+  return clamavd_result(sockd, abs_filename, rel_filename);
+}
+
+/**
+ * Connect a socket to ClamAVd.
+ */
+static int clamavd_connect(void) {
+  struct sockaddr_un server;
+  struct sockaddr_in server2;
+  struct hostent *he;
+  int sockd, *port;
+
+  /**
+   * We will set the global socket to non-connected, just in-case.
+   */
+  clamd_sockd = -1;
+
+  memset((char*)&server, 0, sizeof(server));
+  memset((char*)&server2, 0, sizeof(server2));
+
+  clamd_host = (char *) get_param_ptr(CURRENT_CONF, "ClamLocalSocket", TRUE);
+  if (!clamd_host) {
+    clamd_host = (char *) get_param_ptr(CURRENT_CONF, "ClamServer", TRUE);
+    if (!clamd_host) {
+      pr_log_pri(PR_LOG_INFO,
+                 MOD_CLAMAV_VERSION ": warning: No local socket or server was specified.");
+      return -1;
+    }
+    is_remote = 1;
+    if ((port = (int *) get_param_ptr(CURRENT_CONF, "ClamPort", TRUE)) <= 0)
+      clamd_port = 3310;
+    else
+      clamd_port = *port;
+
+    (void) pr_trace_msg("clamav", 4, "Connecting to remote ClamAV scanner on host '%s' and port %d.", clamd_host, clamd_port);
+  } else {
+    (void) pr_trace_msg("clamav", 4, "Connecting to local ClamAV scanner on unix socket '%s'.", clamd_host);
+  }
+
+  PRIVS_ROOT;
+
+  if (is_remote == 0) {
+    /* Local Socket */
+    server.sun_family = AF_UNIX;
+    strncpy(server.sun_path, clamd_host, sizeof(server.sun_path));
+
+    if ((sockd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
+      PRIVS_RELINQUISH;
+      pr_log_pri(PR_LOG_ERR,
+                 MOD_CLAMAV_VERSION ": error: Cannot create socket connection to Clamd (%d): %s",
+                 errno, strerror(errno));
+      clam_errno = errno;
+      return -1;
+    }
+
+    if (connect(sockd, (struct sockaddr *)&server, sizeof(struct sockaddr_un)) < 0) {
+      close(sockd);
+      PRIVS_RELINQUISH;
+      pr_log_pri(PR_LOG_ERR,
+                 MOD_CLAMAV_VERSION ": error: Cannot connect to Clamd (%d): %s", errno, strerror(errno));
+      clam_errno = errno;
+      return -1;
+    }
+  } else {
+    /* Remote Socket */
+    server2.sin_family = AF_INET;
+    server2.sin_port = htons(clamd_port);
+
+    if ((sockd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+      PRIVS_RELINQUISH;
+      pr_log_pri(PR_LOG_ERR,
+                 MOD_CLAMAV_VERSION ": error: Cannot create socket connection Clamd (%d): %s",
+                 errno, strerror(errno));
+      clam_errno = errno;
+      return -1;
+    }
+
+    if ((he = gethostbyname(clamd_host)) == 0) {
+      close(sockd);
+      PRIVS_RELINQUISH;
+      pr_log_pri(PR_LOG_ERR, MOD_CLAMAV_VERSION ": error: Cannot resolve hostname '%s'", clamd_host);
+      clam_errno = errno;
+      return -1;
+    }
+    server2.sin_addr = *(struct in_addr *) he->h_addr_list[0];
+
+    if (connect(sockd, (struct sockaddr *)&server2, sizeof(struct sockaddr_in)) < 0) {
+      close(sockd);
+      PRIVS_RELINQUISH;
+      pr_log_pri(PR_LOG_ERR,
+                 MOD_CLAMAV_VERSION ": error: Cannot connect to Clamd (%d): %s",
+                 errno, strerror(errno));
+      clam_errno = errno;
+      return -1;
+    }
+  }
+
+  PRIVS_RELINQUISH;
+
+  clam_errno = 0;
+
+  return sockd;
+}
+
+/**
+ * Entry point of mod_xfer during an upload
+ */
+static int clamav_fsio_close(pr_fh_t *fh, int fd) {
+  char *abs_path = NULL, *rel_path = NULL;
+  struct stat st;
+  int do_scan = FALSE, res;
+  config_rec *c = NULL;
+  unsigned long *minsize, *maxsize;
+
+  /* We're only interested in STOR, APPE, and maybe STOU commands. */
+  if (session.curr_cmd) {
+    if (strcmp(session.curr_cmd, C_STOR) == 0 ||
+        strcmp(session.curr_cmd, C_APPE) == 0 ||
+        strcmp(session.curr_cmd, C_STOU) == 0) {
+      do_scan = TRUE;
+    }
+  }
+
+  if (!do_scan) {
+    return close(fd);
+  }
+
+  /* Make sure the data is written to disk, so that the fstat(2) picks
+   * up the size properly.
+   */
+  if (fsync(fd) < 0) {
+    int xerrno = errno;
+
+    pr_trace_msg(trace_channel, 9, "fsync(2) error on fd %d (path '%s'): %s",
+                 fd, fh->fh_path, strerror(xerrno));
+
+    errno = xerrno;
+    return -1;
+  }
+
+  pr_fs_clear_cache();
+  if (pr_fsio_fstat(fh, &st) < 0) {
+    int xerrno = errno;
+
+    pr_trace_msg(trace_channel, 9, "pr_fsio_fstat() error on fd %d (path '%s'): %s",
+                 fd, fh->fh_path, strerror(xerrno));
+
+    errno = xerrno;
+    return -1;
+  }
+
+  if (close(fd) < 0) {
+    return -1;
+  }
+
+  c = find_config(CURRENT_CONF, CONF_PARAM, "ClamAV", FALSE);
+  if (!c || !*(int *)(c->argv[0])) {
+    (void) pr_trace_msg("clamav", 8, "skipping ClamAV virus scan.");
+
+    return 0;
+  }
+
+  c = find_config(CURRENT_CONF, CONF_PARAM, "ClamFailsafe", FALSE);
+  if (!c || *(int *)(c->argv[0]))
+    remove_on_failure = 1;
+  else
+    remove_on_failure = 0;
+
+  (void) pr_trace_msg("clamav", 8, "fail-safe mode is %s.",
+                      (remove_on_failure ? "ON" : "OFF"));
+
+  /**
+   * Figure out the absolute path of our directory.
+   */
+  char buf[PR_TUNABLE_PATH_MAX + 1];
+  getcwd(buf, PR_TUNABLE_PATH_MAX);
+  abs_path = fh->fh_path;
+  if (abs_path) {
+    (void) pr_trace_msg("clamav", 8, "vwd=%s fh_path=%s chroot=%s cwd=%s buf=%s",
+                        pr_fs_getvwd(), abs_path, session.chroot_path, pr_fs_getcwd(),
+                        buf);
+    if (strcmp(buf, pr_fs_getcwd()) != 0) {
+      if (strcmp(pr_fs_getcwd(), "/") != 0) {
+        char *pos = strstr(buf, pr_fs_getcwd());
+        if (pos) {
+          *pos = 0;
+        }
+      }
+
+      abs_path = pdircat(fh->fh_pool, buf, abs_path, NULL);
+    } else if (strcmp(buf, pr_fs_getcwd()) == 0 && session.chroot_path)
+      abs_path = pdircat(fh->fh_pool, session.chroot_path, abs_path, NULL);
+  }
+  rel_path = pstrdup(fh->fh_pool, fh->fh_path);
+
+  (void) pr_trace_msg("clamav", 6, "absolute path is '%s' and relative path is '%s'.", abs_path, rel_path);
+
+  /**
+   * Handle min/max settings
+   */
+  if ((minsize = (unsigned long *) get_param_ptr(CURRENT_CONF, "ClamMinSize", TRUE)) == 0UL)
+    clamd_minsize = 0;
+  else
+    clamd_minsize = *minsize;
+
+  if ((maxsize = (unsigned long *) get_param_ptr(CURRENT_CONF, "ClamMaxSize", TRUE)) == 0UL)
+    clamd_maxsize = 0;
+  else
+    clamd_maxsize = *maxsize;
+
+  (void) pr_trace_msg("clamav", 6, "ClamMinSize=%" PR_LU " ClamMaxSize=%" PR_LU " Filesize=%" PR_LU, clamd_minsize, clamd_maxsize, (pr_off_t) st.st_size);
+
+  if (clamd_minsize > 0) {
+    /* test the minimum size */
+    if (st.st_size < clamd_minsize) {
+      pr_log_debug(DEBUG4, MOD_CLAMAV_VERSION ": File is too small, skipping virus scan. min = %" PR_LU " size = %" PR_LU,
+                   clamd_minsize, (pr_off_t) st.st_size);
+      return 0;
+    }
+  }
+
+  if (clamd_maxsize > 0) {
+    /* test the maximum size */
+    if (st.st_size > clamd_maxsize) {
+      pr_log_debug(DEBUG4, MOD_CLAMAV_VERSION ": File is too large, skipping virus scan. max = %" PR_LU " size = %" PR_LU,
+                   clamd_maxsize, (pr_off_t) st.st_size);
+      return 0;
+    }
+  }
+
+  (void) pr_trace_msg("clamav", 1, "Going to virus scan absolute filename of '%s' and a relative filename of '%s'.", abs_path, rel_path);
+
+  clam_errno = 0;
+  c = find_config(CURRENT_CONF, CONF_PARAM, "ClamStream", FALSE);
+  if (c && *(int *)(c->argv[0])) {
+    res = clamavd_scan_stream(clamd_sockd, abs_path, rel_path);
+  } else {
+    res = clamavd_scan(clamd_sockd, abs_path, rel_path);
+  }
+  if (res < 0) {
+    if (remove_on_failure) {
+      pr_log_debug(DEBUG4,
+                   MOD_CLAMAV_VERSION ": removing failed upload of filename = '%s' with relative filename = '%s'.", abs_path, rel_path);
+      if (clam_errno && pr_fsio_unlink(rel_path)!=0) {
+        pr_log_pri(PR_LOG_ERR,
+                   MOD_CLAMAV_VERSION ": notice    : unlink() failed (%d): %s",
+                   errno, strerror(errno));
+      }
+    }
+    errno = EPERM;
+    return -1;
+  }
+
+  if (clam_errno == 0)
+    pr_log_debug(DEBUG4, MOD_CLAMAV_VERSION ": No virus detected in filename = '%s'.", abs_path);
+  else
+    pr_log_debug(DEBUG4, MOD_CLAMAV_VERSION ": Skipped virus scan due to errno = %d", clam_errno);
+
+  return 0;
+}
+
+/**
+ * Parse string size description and return value.
+ */
+static unsigned long parse_nbytes(char *nbytes_str, char *units_str) {
+  long res;
+  unsigned long nbytes;
+  char *endp = NULL;
+  float units_factor = 0.0;
+
+  /* clear any previous local errors */
+  clam_errno = 0;
+
+  /* first, check the given units to determine the correct multiplier
+   */
+  if (!strcasecmp("Gb", units_str)) {
+    units_factor = 1024.0 * 1024.0 * 1024.0;
+
+  } else if (!strcasecmp("Mb", units_str)) {
+    units_factor = 1024.0 * 1024.0;
+
+  } else if (!strcasecmp("Kb", units_str)) {
+    units_factor = 1024.0;
+
+  } else if (!strcasecmp("b", units_str)) {
+    units_factor = 1.0;
+
+  } else {
+    clam_errno = EINVAL;
+    return 0;
+  }
+
+  /* make sure a number was given */
+  if (!isdigit((int) *nbytes_str)) {
+    clam_errno = EINVAL;
+    return 0;
+  }
+
+  /* knowing the factor, now convert the given number string to a real
+   * number
+   */
+  res = strtol(nbytes_str, &endp, 10);
+
+  if (errno == ERANGE) {
+    clam_errno = ERANGE;
+    return 0;
+  }
+
+  if (endp && *endp) {
+    clam_errno = EINVAL;
+    return 0;
+  }
+
+  /* don't bother to apply the factor if that will cause the number to
+   * overflow
+   */
+  if (res > (ULONG_MAX / units_factor)) {
+    clam_errno = ERANGE;
+    return 0;
+  }
+
+  nbytes = (unsigned long) res * units_factor;
+  return nbytes;
+}
+
+/**
+ * Configuration setter: ClamAV
+ */
+MODRET set_clamav(cmd_rec *cmd) {
+  int bool = -1;
+  config_rec *c = NULL;
+
+  CHECK_ARGS(cmd, 1);
+  CHECK_CONF(cmd, CONF_ROOT|CONF_LIMIT|CONF_VIRTUAL|CONF_GLOBAL|CONF_DIR);
+
+  if ((bool = get_boolean(cmd,1)) == -1)
+    CONF_ERROR(cmd, "expected Boolean parameter");
+
+  c = add_config_param(cmd->argv[0], 1, NULL);
+  c->argv[0] = pcalloc(c->pool, sizeof(unsigned char));
+  *((unsigned char *) c->argv[0]) = bool;
+  c->flags |= CF_MERGEDOWN;
+
+  return PR_HANDLED(cmd);
+}
+
+/**
+ * Configuration setter: ClamStream
+ */
+MODRET set_clamstream(cmd_rec *cmd) {
+  int bool = -1;
+  config_rec *c = NULL;
+
+  CHECK_ARGS(cmd, 1);
+  CHECK_CONF(cmd, CONF_ROOT|CONF_LIMIT|CONF_VIRTUAL|CONF_GLOBAL|CONF_DIR);
+
+  if ((bool = get_boolean(cmd,1)) == -1)
+    CONF_ERROR(cmd, "expected Boolean parameter");
+
+  c = add_config_param(cmd->argv[0], 1, NULL);
+  c->argv[0] = pcalloc(c->pool, sizeof(unsigned char));
+  *((unsigned char *) c->argv[0]) = bool;
+  c->flags |= CF_MERGEDOWN;
+
+  return PR_HANDLED(cmd);
+}
+
+/**
+ * Configuration setter: ClamFailsafe
+ */
+MODRET set_clamfailsafe(cmd_rec *cmd) {
+  int bool = -1;
+  config_rec *c = NULL;
+
+  CHECK_ARGS(cmd, 1);
+  CHECK_CONF(cmd, CONF_ROOT|CONF_LIMIT|CONF_VIRTUAL|CONF_GLOBAL|CONF_DIR);
+
+  if ((bool = get_boolean(cmd, 1)) == -1)
+    CONF_ERROR(cmd, "expected Boolean parameter");
+
+  c = add_config_param(cmd->argv[0], 1, NULL);
+  c->argv[0] = pcalloc(c->pool, sizeof(unsigned char));
+  *((unsigned char *) c->argv[0]) = bool;
+  c->flags |= CF_MERGEDOWN;
+
+  return PR_HANDLED(cmd);
+}
+
+/**
+ * Configuration setter: ClamLocalSocket
+ */
+MODRET set_clamavd_local_socket(cmd_rec *cmd) {
+  config_rec *c = NULL;
+
+  CHECK_ARGS(cmd, 1);
+  CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL|CONF_DIR);
+
+  c = add_config_param_str("ClamLocalSocket", 1, (void *) cmd->argv[1]);
+  c->flags |= CF_MERGEDOWN;
+
+  return PR_HANDLED(cmd);
+}
+
+/**
+ * Configuration setter: ClamServer
+ */
+MODRET set_clamavd_server(cmd_rec *cmd) {
+  config_rec *c = NULL;
+
+  CHECK_ARGS(cmd, 1);
+  CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL|CONF_DIR);
+
+  c = add_config_param_str("ClamServer", 1, (void *) cmd->argv[1]);
+  c->flags |= CF_MERGEDOWN;
+
+  return PR_HANDLED(cmd);
+}
+
+/**
+ * Configuration setter: ClamPort
+ */
+MODRET set_clamavd_port(cmd_rec *cmd) {
+  config_rec *c = NULL;
+
+  CHECK_ARGS(cmd, 1);
+  CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL|CONF_DIR);
+
+  c = add_config_param(cmd->argv[0], 1, NULL);
+  c->argv[0] = pcalloc(c->pool, sizeof(int));
+  *((int *) c->argv[0]) = (int) atol(cmd->argv[1]);
+  c->flags |= CF_MERGEDOWN;
+
+  return PR_HANDLED(cmd);
+}
+
+/**
+ * Configuration setter: ClamMinSize
+ */
+MODRET set_clamavd_minsize(cmd_rec *cmd) {
+  config_rec *c = NULL;
+  unsigned long nbytes = 0;
+
+  CHECK_ARGS(cmd, 2);
+  CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL|CONF_DIR);
+
+  if ((nbytes = parse_nbytes(cmd->argv[1], cmd->argv[2])) == 0) {
+    char ulong_max[80] = {'\0'};
+    sprintf(ulong_max, "%lu", (unsigned long) ULONG_MAX);
+
+    if (clam_errno == EINVAL)
+      CONF_ERROR(cmd, "invalid parameters");
+
+    if (clam_errno == ERANGE)
+      CONF_ERROR(cmd, pstrcat(cmd->tmp_pool,
+                              "number of bytes must be between 0 and ",
+                              ulong_max, NULL));
+  }
+
+  c = add_config_param(cmd->argv[0], 1, NULL);
+  c->argv[0] = pcalloc(c->pool, sizeof(unsigned long));
+  *((unsigned long *) c->argv[0]) = nbytes;
+  c->flags |= CF_MERGEDOWN;
+
+  return PR_HANDLED(cmd);
+}
+
+/**
+ * Configuration setter: ClamMaxSize
+ */
+MODRET set_clamavd_maxsize(cmd_rec *cmd) {
+  config_rec *c = NULL;
+  unsigned long nbytes = 0;
+
+  CHECK_ARGS(cmd, 2);
+  CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL|CONF_DIR);
+
+  if ((nbytes = parse_nbytes(cmd->argv[1], cmd->argv[2])) == 0) {
+    char ulong_max[80] = {'\0'};
+    sprintf(ulong_max, "%lu", (unsigned long) ULONG_MAX);
+
+    if (clam_errno == EINVAL)
+      CONF_ERROR(cmd, "invalid parameters");
+
+    if (clam_errno == ERANGE)
+      CONF_ERROR(cmd, pstrcat(cmd->tmp_pool,
+                              "number of bytes must be between 0 and ",
+                              ulong_max, NULL));
+  }
+
+  c = add_config_param(cmd->argv[0], 1, NULL);
+  c->argv[0] = pcalloc(c->pool, sizeof(unsigned long));
+  *((unsigned long *) c->argv[0]) = nbytes;
+  c->flags |= CF_MERGEDOWN;
+
+  return PR_HANDLED(cmd);
+}
+
+/**
+ * End FTP Session
+ */
+static void clamav_shutdown(const void *event_data, void *user_data) {
+  if (clamd_sockd != -1) {
+    close(clamd_sockd);
+    clamd_sockd = -1;
+    pr_log_debug(DEBUG4, MOD_CLAMAV_VERSION ": debug: disconnected from Clamd");
+  }
+}
+
+/**
+ * Start FTP Session
+ */
+static int clamav_sess_init(void) {
+  pr_fs_t *fs;
+
+  is_remote = 0; clamd_sockd = -1;
+
+  pr_event_register(&clamav_module, "core.exit", clamav_shutdown, NULL);
+
+  fs = pr_register_fs(session.pool, "clamav", "/");
+  if (fs) {
+    fs->close = clamav_fsio_close;
+  }
+
+  return 0;
+}
+
+static conftable clamav_conftab[] = {
+  { "ClamAV", set_clamav, NULL },
+  { "ClamFailsafe", set_clamfailsafe, NULL },
+  { "ClamLocalSocket", set_clamavd_local_socket, NULL },
+  { "ClamServer", set_clamavd_server, NULL },
+  { "ClamPort", set_clamavd_port, NULL },
+  { "ClamMinSize", set_clamavd_minsize, NULL },
+  { "ClamMaxSize", set_clamavd_maxsize, NULL },
+  { "ClamStream", set_clamstream, NULL },
+  { NULL }
+};
+
+module clamav_module = {
+  NULL,              /* Always NULL */
+  NULL,              /* Always NULL */
+  0x20,              /* module api version */
+  "clamav",          /* module name */
+  clamav_conftab,    /* module configuration handler table */
+  NULL,              /* module command handler table */
+  NULL,              /* module authentication handler table */
+  NULL,              /* module initialization */
+  clamav_sess_init,  /* session initialization */
+  MOD_CLAMAV_VERSION /* module version */
+};
+

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-proftpd/proftpd-mod-clamav.git



More information about the Pkg-proftpd-maintainers mailing list