vscan/vscand/vs_svc.c

	vs_svc.c revision c8dbf746aa55f3a63c8095f8dbae339574156bb8
911106dfb16696472af8c1b7b4c554a829354fa8jm/*
911106dfb16696472af8c1b7b4c554a829354fa8jm * CDDL HEADER START
911106dfb16696472af8c1b7b4c554a829354fa8jm *
911106dfb16696472af8c1b7b4c554a829354fa8jm * The contents of this file are subject to the terms of the
911106dfb16696472af8c1b7b4c554a829354fa8jm * Common Development and Distribution License (the "License").
911106dfb16696472af8c1b7b4c554a829354fa8jm * You may not use this file except in compliance with the License.
911106dfb16696472af8c1b7b4c554a829354fa8jm *
911106dfb16696472af8c1b7b4c554a829354fa8jm * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
911106dfb16696472af8c1b7b4c554a829354fa8jm * or http://www.opensolaris.org/os/licensing.
911106dfb16696472af8c1b7b4c554a829354fa8jm * See the License for the specific language governing permissions
911106dfb16696472af8c1b7b4c554a829354fa8jm * and limitations under the License.
911106dfb16696472af8c1b7b4c554a829354fa8jm *
911106dfb16696472af8c1b7b4c554a829354fa8jm * When distributing Covered Code, include this CDDL HEADER in each
911106dfb16696472af8c1b7b4c554a829354fa8jm * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
911106dfb16696472af8c1b7b4c554a829354fa8jm * If applicable, add the following below this CDDL HEADER, with the
911106dfb16696472af8c1b7b4c554a829354fa8jm * fields enclosed by brackets "[]" replaced with your own identifying
911106dfb16696472af8c1b7b4c554a829354fa8jm * information: Portions Copyright [yyyy] [name of copyright owner]
911106dfb16696472af8c1b7b4c554a829354fa8jm *
911106dfb16696472af8c1b7b4c554a829354fa8jm * CDDL HEADER END
911106dfb16696472af8c1b7b4c554a829354fa8jm */
911106dfb16696472af8c1b7b4c554a829354fa8jm/*
53c110294d8b1410cabc201a52f94b03ae2ef448jm * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
911106dfb16696472af8c1b7b4c554a829354fa8jm * Use is subject to license terms.
911106dfb16696472af8c1b7b4c554a829354fa8jm */
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm#pragma ident   "%Z%%M% %I% %E% SMI"
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm/*
911106dfb16696472af8c1b7b4c554a829354fa8jm * Implementation of the "scan file" interface
911106dfb16696472af8c1b7b4c554a829354fa8jm */
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm#include <stdio.h>
911106dfb16696472af8c1b7b4c554a829354fa8jm#include <stdlib.h>
911106dfb16696472af8c1b7b4c554a829354fa8jm#include <unistd.h>
911106dfb16696472af8c1b7b4c554a829354fa8jm#include <string.h>
911106dfb16696472af8c1b7b4c554a829354fa8jm#include <errno.h>
911106dfb16696472af8c1b7b4c554a829354fa8jm#include <syslog.h>
911106dfb16696472af8c1b7b4c554a829354fa8jm#include <sys/types.h>
911106dfb16696472af8c1b7b4c554a829354fa8jm#include <fcntl.h>
911106dfb16696472af8c1b7b4c554a829354fa8jm#include <bsm/adt.h>
911106dfb16696472af8c1b7b4c554a829354fa8jm#include <bsm/adt_event.h>
bfc848c632c9eacb2a640246d96e198f1b185c03jm#include <pthread.h>
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm#include "vs_incl.h"
911106dfb16696472af8c1b7b4c554a829354fa8jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm/*
bfc848c632c9eacb2a640246d96e198f1b185c03jm * vs_svc_nodes - table of scan requests and their thread id and
bfc848c632c9eacb2a640246d96e198f1b185c03jm * scan engine context.
bfc848c632c9eacb2a640246d96e198f1b185c03jm * The table is sized by the value passed to vs_svc_init. This
bfc848c632c9eacb2a640246d96e198f1b185c03jm * value is obtained from the kernel and represents the maximum
bfc848c632c9eacb2a640246d96e198f1b185c03jm * request idx that the kernel will request vscand to process.
bfc848c632c9eacb2a640246d96e198f1b185c03jm * The table is indexed by the vsr_idx value passed in
bfc848c632c9eacb2a640246d96e198f1b185c03jm * the scan request - always non-zero. This value is also the index
bfc848c632c9eacb2a640246d96e198f1b185c03jm * into the kernel scan request table and identifies the instance of
bfc848c632c9eacb2a640246d96e198f1b185c03jm * the driver being used to access file data for the scan. Although
bfc848c632c9eacb2a640246d96e198f1b185c03jm * this is of no consequence here, it is useful information for debug.
bfc848c632c9eacb2a640246d96e198f1b185c03jm *
bfc848c632c9eacb2a640246d96e198f1b185c03jm * When a scan request is received a response is sent indicating
bfc848c632c9eacb2a640246d96e198f1b185c03jm * one of the following:
bfc848c632c9eacb2a640246d96e198f1b185c03jm * VS_STATUS_ERROR - an error occurred
bfc848c632c9eacb2a640246d96e198f1b185c03jm * VS_STATUS_NO_SCAN - no scan is required
bfc848c632c9eacb2a640246d96e198f1b185c03jm * VS_STATUS_SCANNING - request has been queued for async processing
bfc848c632c9eacb2a640246d96e198f1b185c03jm *
bfc848c632c9eacb2a640246d96e198f1b185c03jm * If the scan is required (VS_STATUS_SCANNING) a thread is created
bfc848c632c9eacb2a640246d96e198f1b185c03jm * to perform the scan. It's tid is saved in vs_svc_nodes.
bfc848c632c9eacb2a640246d96e198f1b185c03jm *
bfc848c632c9eacb2a640246d96e198f1b185c03jm * In the case of SHUTDOWN, vs_terminate requests that all scan
bfc848c632c9eacb2a640246d96e198f1b185c03jm * engine connections be closed, thus termintaing any in-progress
bfc848c632c9eacb2a640246d96e198f1b185c03jm * scans, then awaits completion of all scanning threads as identified
bfc848c632c9eacb2a640246d96e198f1b185c03jm * in vs_svc_nodes.
bfc848c632c9eacb2a640246d96e198f1b185c03jm */
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jmtypedef struct vs_svc_node {
bfc848c632c9eacb2a640246d96e198f1b185c03jm    pthread_t vsn_tid;
bfc848c632c9eacb2a640246d96e198f1b185c03jm    vs_scan_req_t vsn_req;
bfc848c632c9eacb2a640246d96e198f1b185c03jm    vs_eng_ctx_t vsn_eng;
bfc848c632c9eacb2a640246d96e198f1b185c03jm} vs_svc_node_t;
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jmstatic vs_svc_node_t *vs_svc_nodes;
bfc848c632c9eacb2a640246d96e198f1b185c03jmstatic uint32_t vs_svc_max_node; /* max idx into vs_svc_nodes */
bfc848c632c9eacb2a640246d96e198f1b185c03jmstatic pthread_mutex_t vs_svc_mutex = PTHREAD_MUTEX_INITIALIZER;
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm
911106dfb16696472af8c1b7b4c554a829354fa8jm/* local functions */
bfc848c632c9eacb2a640246d96e198f1b185c03jmstatic void *vs_svc_async_scan(void *);
bfc848c632c9eacb2a640246d96e198f1b185c03jmstatic int vs_svc_scan_file(vs_svc_node_t *, vs_scanstamp_t *);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void vs_svc_vlog(char *, vs_result_t *);
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void vs_svc_audit(char *, vs_result_t *);
911106dfb16696472af8c1b7b4c554a829354fa8jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm
911106dfb16696472af8c1b7b4c554a829354fa8jm/*
911106dfb16696472af8c1b7b4c554a829354fa8jm * vs_svc_init, vs_svc_fini
911106dfb16696472af8c1b7b4c554a829354fa8jm *
911106dfb16696472af8c1b7b4c554a829354fa8jm * Invoked on daemon load and unload
911106dfb16696472af8c1b7b4c554a829354fa8jm */
bfc848c632c9eacb2a640246d96e198f1b185c03jmint
bfc848c632c9eacb2a640246d96e198f1b185c03jmvs_svc_init(uint32_t max_req)
911106dfb16696472af8c1b7b4c554a829354fa8jm{
bfc848c632c9eacb2a640246d96e198f1b185c03jm    vs_svc_max_node = max_req;
bfc848c632c9eacb2a640246d96e198f1b185c03jm    vs_svc_nodes = (vs_svc_node_t *)
bfc848c632c9eacb2a640246d96e198f1b185c03jm        calloc(max_req + 1, sizeof (vs_svc_node_t));
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    return (vs_svc_nodes == NULL ? -1 : 0);
911106dfb16696472af8c1b7b4c554a829354fa8jm}
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jmvoid
911106dfb16696472af8c1b7b4c554a829354fa8jmvs_svc_fini()
911106dfb16696472af8c1b7b4c554a829354fa8jm{
bfc848c632c9eacb2a640246d96e198f1b185c03jm    if (vs_svc_nodes)
bfc848c632c9eacb2a640246d96e198f1b185c03jm        free(vs_svc_nodes);
bfc848c632c9eacb2a640246d96e198f1b185c03jm}
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm/*
bfc848c632c9eacb2a640246d96e198f1b185c03jm * vs_svc_terminate
bfc848c632c9eacb2a640246d96e198f1b185c03jm *
bfc848c632c9eacb2a640246d96e198f1b185c03jm * Close all scan engine connections to terminate in-progress scan
bfc848c632c9eacb2a640246d96e198f1b185c03jm * requests, and wait for all threads in vs_svc_nodes to complete
bfc848c632c9eacb2a640246d96e198f1b185c03jm */
bfc848c632c9eacb2a640246d96e198f1b185c03jmvoid
bfc848c632c9eacb2a640246d96e198f1b185c03jmvs_svc_terminate()
bfc848c632c9eacb2a640246d96e198f1b185c03jm{
bfc848c632c9eacb2a640246d96e198f1b185c03jm    int i;
bfc848c632c9eacb2a640246d96e198f1b185c03jm    pthread_t tid;
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    /* close connections to abort requests */
bfc848c632c9eacb2a640246d96e198f1b185c03jm    vs_eng_close_connections();
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    /* wait for threads */
bfc848c632c9eacb2a640246d96e198f1b185c03jm    for (i = 1; i <= vs_svc_max_node; i++) {
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm        (void) pthread_mutex_lock(&vs_svc_mutex);
bfc848c632c9eacb2a640246d96e198f1b185c03jm        tid = vs_svc_nodes[i].vsn_tid;
bfc848c632c9eacb2a640246d96e198f1b185c03jm        (void) pthread_mutex_unlock(&vs_svc_mutex);
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm        if (tid != 0)
bfc848c632c9eacb2a640246d96e198f1b185c03jm            (void) pthread_join(tid, NULL);
bfc848c632c9eacb2a640246d96e198f1b185c03jm    }
bfc848c632c9eacb2a640246d96e198f1b185c03jm}
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm/*
bfc848c632c9eacb2a640246d96e198f1b185c03jm * vs_svc_queue_scan_req
bfc848c632c9eacb2a640246d96e198f1b185c03jm *
bfc848c632c9eacb2a640246d96e198f1b185c03jm * Determine if the file needs to be scanned - either it has
bfc848c632c9eacb2a640246d96e198f1b185c03jm * been modified or its scanstamp is not current.
bfc848c632c9eacb2a640246d96e198f1b185c03jm * Initiate a thread to process the request, saving the tid
bfc848c632c9eacb2a640246d96e198f1b185c03jm * in vs_svc_nodes[idx].vsn_tid, where idx is the vsr_idx passed in
bfc848c632c9eacb2a640246d96e198f1b185c03jm * the scan request.
bfc848c632c9eacb2a640246d96e198f1b185c03jm *
bfc848c632c9eacb2a640246d96e198f1b185c03jm * Returns: VS_STATUS_ERROR - error
bfc848c632c9eacb2a640246d96e198f1b185c03jm *          VS_STATUS_NO_SCAN - no scan required
bfc848c632c9eacb2a640246d96e198f1b185c03jm *          VS_STATUS_SCANNING - async scan initiated
bfc848c632c9eacb2a640246d96e198f1b185c03jm */
bfc848c632c9eacb2a640246d96e198f1b185c03jmint
bfc848c632c9eacb2a640246d96e198f1b185c03jmvs_svc_queue_scan_req(vs_scan_req_t *req)
bfc848c632c9eacb2a640246d96e198f1b185c03jm{
bfc848c632c9eacb2a640246d96e198f1b185c03jm    pthread_t tid;
bfc848c632c9eacb2a640246d96e198f1b185c03jm    vs_svc_node_t *node;
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    /* No scan if file quarantined */
bfc848c632c9eacb2a640246d96e198f1b185c03jm    if (req->vsr_quarantined)
bfc848c632c9eacb2a640246d96e198f1b185c03jm        return (VS_STATUS_NO_SCAN);
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    /* No scan if file not modified AND scanstamp is current */
bfc848c632c9eacb2a640246d96e198f1b185c03jm    if ((req->vsr_modified == 0) &&
bfc848c632c9eacb2a640246d96e198f1b185c03jm        vs_eng_scanstamp_current(req->vsr_scanstamp)) {
bfc848c632c9eacb2a640246d96e198f1b185c03jm        return (VS_STATUS_NO_SCAN);
bfc848c632c9eacb2a640246d96e198f1b185c03jm    }
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    /* scan required */
bfc848c632c9eacb2a640246d96e198f1b185c03jm    node = &(vs_svc_nodes[req->vsr_idx]);
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    (void) pthread_mutex_lock(&vs_svc_mutex);
bfc848c632c9eacb2a640246d96e198f1b185c03jm    if ((node->vsn_tid != 0) || (req->vsr_idx > vs_svc_max_node)) {
bfc848c632c9eacb2a640246d96e198f1b185c03jm        (void) pthread_mutex_unlock(&vs_svc_mutex);
bfc848c632c9eacb2a640246d96e198f1b185c03jm        return (VS_STATUS_ERROR);
bfc848c632c9eacb2a640246d96e198f1b185c03jm    }
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    node->vsn_req = *req;
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    if (pthread_create(&tid, NULL, vs_svc_async_scan, (void *)node) != 0) {
bfc848c632c9eacb2a640246d96e198f1b185c03jm        (void) pthread_mutex_unlock(&vs_svc_mutex);
bfc848c632c9eacb2a640246d96e198f1b185c03jm        return (VS_STATUS_ERROR);
bfc848c632c9eacb2a640246d96e198f1b185c03jm    }
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    node->vsn_tid = tid;
bfc848c632c9eacb2a640246d96e198f1b185c03jm    (void) pthread_mutex_unlock(&vs_svc_mutex);
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    return (VS_STATUS_SCANNING);
bfc848c632c9eacb2a640246d96e198f1b185c03jm}
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm/*
bfc848c632c9eacb2a640246d96e198f1b185c03jm * vs_svc_async_scan
bfc848c632c9eacb2a640246d96e198f1b185c03jm *
bfc848c632c9eacb2a640246d96e198f1b185c03jm * Initialize response structure, invoke vs_svc_scan_file to
bfc848c632c9eacb2a640246d96e198f1b185c03jm * perform the scan, then send the result to the kernel.
bfc848c632c9eacb2a640246d96e198f1b185c03jm */
bfc848c632c9eacb2a640246d96e198f1b185c03jmstatic void *
bfc848c632c9eacb2a640246d96e198f1b185c03jmvs_svc_async_scan(void *arg)
bfc848c632c9eacb2a640246d96e198f1b185c03jm{
bfc848c632c9eacb2a640246d96e198f1b185c03jm    vs_svc_node_t *node = (vs_svc_node_t *)arg;
bfc848c632c9eacb2a640246d96e198f1b185c03jm    vs_scan_req_t *scan_req = &(node->vsn_req);
bfc848c632c9eacb2a640246d96e198f1b185c03jm    vs_scan_rsp_t scan_rsp;
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    scan_rsp.vsr_idx = scan_req->vsr_idx;
bfc848c632c9eacb2a640246d96e198f1b185c03jm    scan_rsp.vsr_seqnum = scan_req->vsr_seqnum;
bfc848c632c9eacb2a640246d96e198f1b185c03jm    scan_rsp.vsr_result = vs_svc_scan_file(node, &scan_rsp.vsr_scanstamp);
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    /* clear node and send async response to kernel */
bfc848c632c9eacb2a640246d96e198f1b185c03jm    (void) pthread_mutex_lock(&vs_svc_mutex);
bfc848c632c9eacb2a640246d96e198f1b185c03jm    (void) memset(node, 0, sizeof (vs_svc_node_t));
bfc848c632c9eacb2a640246d96e198f1b185c03jm    (void) pthread_mutex_unlock(&vs_svc_mutex);
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    (void) vscand_kernel_result(&scan_rsp);
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    return (NULL);
911106dfb16696472af8c1b7b4c554a829354fa8jm}
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm/*
911106dfb16696472af8c1b7b4c554a829354fa8jm * vs_svc_scan_file
911106dfb16696472af8c1b7b4c554a829354fa8jm *
911106dfb16696472af8c1b7b4c554a829354fa8jm * vs_svc_scan_file is responsible for:
911106dfb16696472af8c1b7b4c554a829354fa8jm *  - obtaining & releasing a scan engine connection
911106dfb16696472af8c1b7b4c554a829354fa8jm *  - invoking the scan engine interface code to do the scan
911106dfb16696472af8c1b7b4c554a829354fa8jm *  - retrying a failed scan (up to VS_MAX_RETRY times)
911106dfb16696472af8c1b7b4c554a829354fa8jm *  - updating scan statistics
911106dfb16696472af8c1b7b4c554a829354fa8jm *  - logging virus information
911106dfb16696472af8c1b7b4c554a829354fa8jm *
53c110294d8b1410cabc201a52f94b03ae2ef448jm *
911106dfb16696472af8c1b7b4c554a829354fa8jm * Returns:
bfc848c632c9eacb2a640246d96e198f1b185c03jm *  VS_STATUS_NO_SCAN - scan not reqd; daemon shutting down
53c110294d8b1410cabc201a52f94b03ae2ef448jm *  VS_STATUS_CLEAN - scan success. File clean.
53c110294d8b1410cabc201a52f94b03ae2ef448jm *                    new scanstamp returned in scanstamp param.
53c110294d8b1410cabc201a52f94b03ae2ef448jm *  VS_STATUS_INFECTED - scan success. File infected.
53c110294d8b1410cabc201a52f94b03ae2ef448jm *  VS_STATUS_ERROR - scan failure either in vscand or scan engine.
911106dfb16696472af8c1b7b4c554a829354fa8jm */
bfc848c632c9eacb2a640246d96e198f1b185c03jmstatic int
bfc848c632c9eacb2a640246d96e198f1b185c03jmvs_svc_scan_file(vs_svc_node_t *node, vs_scanstamp_t *scanstamp)
911106dfb16696472af8c1b7b4c554a829354fa8jm{
bfc848c632c9eacb2a640246d96e198f1b185c03jm    char devname[MAXPATHLEN];
bfc848c632c9eacb2a640246d96e198f1b185c03jm    int flags = 0;
53c110294d8b1410cabc201a52f94b03ae2ef448jm    int retries;
911106dfb16696472af8c1b7b4c554a829354fa8jm    vs_result_t result;
bfc848c632c9eacb2a640246d96e198f1b185c03jm    vs_scan_req_t *req = &(node->vsn_req);
bfc848c632c9eacb2a640246d96e198f1b185c03jm    vs_eng_ctx_t *eng = &(node->vsn_eng);
911106dfb16696472af8c1b7b4c554a829354fa8jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    (void) snprintf(devname, MAXPATHLEN, "%s%d", VS_DRV_PATH, req->vsr_idx);
911106dfb16696472af8c1b7b4c554a829354fa8jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    /* initialize response scanstamp to current scanstamp value */
bfc848c632c9eacb2a640246d96e198f1b185c03jm    (void) strlcpy(*scanstamp, req->vsr_scanstamp, sizeof (vs_scanstamp_t));
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm    (void) memset(&result, 0, sizeof (vs_result_t));
911106dfb16696472af8c1b7b4c554a829354fa8jm    result.vsr_rc = VS_RESULT_UNDEFINED;
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm    for (retries = 0; retries <= VS_MAX_RETRY; retries++) {
bfc848c632c9eacb2a640246d96e198f1b185c03jm        /* get engine connection */
bfc848c632c9eacb2a640246d96e198f1b185c03jm        if (vs_eng_get(eng, (retries != 0)) != 0) {
53c110294d8b1410cabc201a52f94b03ae2ef448jm            result.vsr_rc = VS_RESULT_ERROR;
911106dfb16696472af8c1b7b4c554a829354fa8jm            continue;
911106dfb16696472af8c1b7b4c554a829354fa8jm        }
911106dfb16696472af8c1b7b4c554a829354fa8jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm        /* shutdown could occur while waiting for engine connection */
bfc848c632c9eacb2a640246d96e198f1b185c03jm        if (vscand_get_state() == VS_STATE_SHUTDOWN) {
bfc848c632c9eacb2a640246d96e198f1b185c03jm            vs_eng_release(eng);
bfc848c632c9eacb2a640246d96e198f1b185c03jm            return (VS_STATUS_NO_SCAN);
911106dfb16696472af8c1b7b4c554a829354fa8jm        }
911106dfb16696472af8c1b7b4c554a829354fa8jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm        /* scan file */
bfc848c632c9eacb2a640246d96e198f1b185c03jm        (void) vs_icap_scan_file(eng, devname, req->vsr_path,
bfc848c632c9eacb2a640246d96e198f1b185c03jm            req->vsr_size, flags, &result);
bfc848c632c9eacb2a640246d96e198f1b185c03jm
911106dfb16696472af8c1b7b4c554a829354fa8jm        /* if no error, clear error state on engine and break */
53c110294d8b1410cabc201a52f94b03ae2ef448jm        if ((result.vsr_rc != VS_RESULT_SE_ERROR) &&
53c110294d8b1410cabc201a52f94b03ae2ef448jm            (result.vsr_rc != VS_RESULT_ERROR)) {
bfc848c632c9eacb2a640246d96e198f1b185c03jm            vs_eng_set_error(eng, 0);
bfc848c632c9eacb2a640246d96e198f1b185c03jm            vs_eng_release(eng);
911106dfb16696472af8c1b7b4c554a829354fa8jm            break;
911106dfb16696472af8c1b7b4c554a829354fa8jm        }
911106dfb16696472af8c1b7b4c554a829354fa8jm
53c110294d8b1410cabc201a52f94b03ae2ef448jm        /* treat error on shutdown as scan not required */
911106dfb16696472af8c1b7b4c554a829354fa8jm        if (vscand_get_state() == VS_STATE_SHUTDOWN) {
bfc848c632c9eacb2a640246d96e198f1b185c03jm            vs_eng_release(eng);
53c110294d8b1410cabc201a52f94b03ae2ef448jm            return (VS_STATUS_NO_SCAN);
911106dfb16696472af8c1b7b4c554a829354fa8jm        }
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm        /* set engine's error state and update engine stats */
bfc848c632c9eacb2a640246d96e198f1b185c03jm        if (result.vsr_rc == VS_RESULT_SE_ERROR)
bfc848c632c9eacb2a640246d96e198f1b185c03jm            vs_eng_set_error(eng, 1);
bfc848c632c9eacb2a640246d96e198f1b185c03jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm        vs_eng_release(eng);
911106dfb16696472af8c1b7b4c554a829354fa8jm    }
911106dfb16696472af8c1b7b4c554a829354fa8jm
53c110294d8b1410cabc201a52f94b03ae2ef448jm    vs_stats_set(result.vsr_rc);
911106dfb16696472af8c1b7b4c554a829354fa8jm
53c110294d8b1410cabc201a52f94b03ae2ef448jm    /*
53c110294d8b1410cabc201a52f94b03ae2ef448jm     * VS_RESULT_CLEANED - file infected, cleaned data available
53c110294d8b1410cabc201a52f94b03ae2ef448jm     * VS_RESULT_FORBIDDEN - file infected, no cleaned data
53c110294d8b1410cabc201a52f94b03ae2ef448jm     * Log virus, write audit record and return INFECTED status
53c110294d8b1410cabc201a52f94b03ae2ef448jm     */
911106dfb16696472af8c1b7b4c554a829354fa8jm    if (result.vsr_rc == VS_RESULT_CLEANED ||
911106dfb16696472af8c1b7b4c554a829354fa8jm        result.vsr_rc == VS_RESULT_FORBIDDEN) {
bfc848c632c9eacb2a640246d96e198f1b185c03jm        vs_svc_vlog(req->vsr_path, &result);
bfc848c632c9eacb2a640246d96e198f1b185c03jm        vs_svc_audit(req->vsr_path, &result);
53c110294d8b1410cabc201a52f94b03ae2ef448jm        return (VS_STATUS_INFECTED);
911106dfb16696472af8c1b7b4c554a829354fa8jm    }
911106dfb16696472af8c1b7b4c554a829354fa8jm
53c110294d8b1410cabc201a52f94b03ae2ef448jm    /* VS_RESULT_CLEAN - Set the scanstamp and return CLEAN status */
53c110294d8b1410cabc201a52f94b03ae2ef448jm    if (result.vsr_rc == VS_RESULT_CLEAN) {
53c110294d8b1410cabc201a52f94b03ae2ef448jm        (void) strlcpy(*scanstamp, result.vsr_scanstamp,
911106dfb16696472af8c1b7b4c554a829354fa8jm            sizeof (vs_scanstamp_t));
53c110294d8b1410cabc201a52f94b03ae2ef448jm        return (VS_STATUS_CLEAN);
911106dfb16696472af8c1b7b4c554a829354fa8jm    }
911106dfb16696472af8c1b7b4c554a829354fa8jm
53c110294d8b1410cabc201a52f94b03ae2ef448jm    return (VS_STATUS_ERROR);
911106dfb16696472af8c1b7b4c554a829354fa8jm}
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm/*
911106dfb16696472af8c1b7b4c554a829354fa8jm * vs_svc_vlog
911106dfb16696472af8c1b7b4c554a829354fa8jm *
bfc848c632c9eacb2a640246d96e198f1b185c03jm * log details of infections detected in syslig
bfc848c632c9eacb2a640246d96e198f1b185c03jm * If virus log is configured log details there too
911106dfb16696472af8c1b7b4c554a829354fa8jm */
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void
911106dfb16696472af8c1b7b4c554a829354fa8jmvs_svc_vlog(char *filepath, vs_result_t *result)
911106dfb16696472af8c1b7b4c554a829354fa8jm{
911106dfb16696472af8c1b7b4c554a829354fa8jm    FILE *fp = NULL;
911106dfb16696472af8c1b7b4c554a829354fa8jm    time_t sec;
911106dfb16696472af8c1b7b4c554a829354fa8jm    struct tm *timestamp;
911106dfb16696472af8c1b7b4c554a829354fa8jm    char timebuf[18]; /* MM/DD/YY hh:mm:ss */
911106dfb16696472af8c1b7b4c554a829354fa8jm    int i;
911106dfb16696472af8c1b7b4c554a829354fa8jm    char *log;
911106dfb16696472af8c1b7b4c554a829354fa8jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    /* syslog */
bfc848c632c9eacb2a640246d96e198f1b185c03jm    if (result->vsr_nviolations == 0) {
c8dbf746aa55f3a63c8095f8dbae339574156bb8jm        syslog(LOG_NOTICE, "quarantine %s\n", filepath);
bfc848c632c9eacb2a640246d96e198f1b185c03jm    } else {
bfc848c632c9eacb2a640246d96e198f1b185c03jm        for (i = 0; i < result->vsr_nviolations; i++) {
c8dbf746aa55f3a63c8095f8dbae339574156bb8jm            syslog(LOG_NOTICE, "quarantine %s %d - %s\n",
bfc848c632c9eacb2a640246d96e198f1b185c03jm                filepath,
bfc848c632c9eacb2a640246d96e198f1b185c03jm                result->vsr_vrec[i].vr_id,
bfc848c632c9eacb2a640246d96e198f1b185c03jm                result->vsr_vrec[i].vr_desc);
bfc848c632c9eacb2a640246d96e198f1b185c03jm        }
bfc848c632c9eacb2a640246d96e198f1b185c03jm    }
911106dfb16696472af8c1b7b4c554a829354fa8jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    /* log file */
bfc848c632c9eacb2a640246d96e198f1b185c03jm    if (((log = vscand_viruslog()) == NULL) ||
bfc848c632c9eacb2a640246d96e198f1b185c03jm        ((fp = fopen(log, "a")) == NULL)) {
bfc848c632c9eacb2a640246d96e198f1b185c03jm        return;
911106dfb16696472af8c1b7b4c554a829354fa8jm    }
911106dfb16696472af8c1b7b4c554a829354fa8jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    (void) time(&sec);
bfc848c632c9eacb2a640246d96e198f1b185c03jm    timestamp = localtime(&sec);
bfc848c632c9eacb2a640246d96e198f1b185c03jm    (void) strftime(timebuf, sizeof (timebuf), "%D %T", timestamp);
bfc848c632c9eacb2a640246d96e198f1b185c03jm
911106dfb16696472af8c1b7b4c554a829354fa8jm    if (result->vsr_nviolations == 0) {
bfc848c632c9eacb2a640246d96e198f1b185c03jm        (void) fprintf(fp, "%s quarantine %d[%s]\n",
bfc848c632c9eacb2a640246d96e198f1b185c03jm            timebuf, strlen(filepath), filepath);
911106dfb16696472af8c1b7b4c554a829354fa8jm    } else {
911106dfb16696472af8c1b7b4c554a829354fa8jm        for (i = 0; i < result->vsr_nviolations; i++) {
bfc848c632c9eacb2a640246d96e198f1b185c03jm            (void) fprintf(fp, "%s quarantine %d[%s] %d - %d[%s]\n",
bfc848c632c9eacb2a640246d96e198f1b185c03jm                timebuf, strlen(filepath), filepath,
bfc848c632c9eacb2a640246d96e198f1b185c03jm                result->vsr_vrec[i].vr_id,
bfc848c632c9eacb2a640246d96e198f1b185c03jm                strlen(result->vsr_vrec[i].vr_desc),
bfc848c632c9eacb2a640246d96e198f1b185c03jm                result->vsr_vrec[i].vr_desc);
911106dfb16696472af8c1b7b4c554a829354fa8jm        }
911106dfb16696472af8c1b7b4c554a829354fa8jm    }
911106dfb16696472af8c1b7b4c554a829354fa8jm
bfc848c632c9eacb2a640246d96e198f1b185c03jm    (void) fclose(fp);
911106dfb16696472af8c1b7b4c554a829354fa8jm}
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm/*
911106dfb16696472af8c1b7b4c554a829354fa8jm * vs_svc_audit
911106dfb16696472af8c1b7b4c554a829354fa8jm *
911106dfb16696472af8c1b7b4c554a829354fa8jm * Generate AUE_vscan_quarantine audit record containing name
911106dfb16696472af8c1b7b4c554a829354fa8jm * of infected file, and violation details if available.
911106dfb16696472af8c1b7b4c554a829354fa8jm */
911106dfb16696472af8c1b7b4c554a829354fa8jmstatic void
911106dfb16696472af8c1b7b4c554a829354fa8jmvs_svc_audit(char *filepath, vs_result_t *result)
911106dfb16696472af8c1b7b4c554a829354fa8jm{
911106dfb16696472af8c1b7b4c554a829354fa8jm    int i;
911106dfb16696472af8c1b7b4c554a829354fa8jm    char *violations[VS_MAX_VIOLATIONS];
911106dfb16696472af8c1b7b4c554a829354fa8jm    char data[VS_MAX_VIOLATIONS][VS_DESCRIPTION_MAX];
911106dfb16696472af8c1b7b4c554a829354fa8jm    adt_session_data_t *ah;
911106dfb16696472af8c1b7b4c554a829354fa8jm    adt_termid_t *p_tid;
911106dfb16696472af8c1b7b4c554a829354fa8jm    adt_event_data_t *event;
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm    if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) {
911106dfb16696472af8c1b7b4c554a829354fa8jm        syslog(LOG_AUTH | LOG_ALERT, "adt_start_session: %m");
911106dfb16696472af8c1b7b4c554a829354fa8jm        return;
911106dfb16696472af8c1b7b4c554a829354fa8jm    }
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm    if (adt_load_ttyname("/dev/console", &p_tid) != 0) {
911106dfb16696472af8c1b7b4c554a829354fa8jm        syslog(LOG_AUTH | LOG_ALERT,
911106dfb16696472af8c1b7b4c554a829354fa8jm            "adt_load_ttyname(/dev/console): %m");
911106dfb16696472af8c1b7b4c554a829354fa8jm        return;
911106dfb16696472af8c1b7b4c554a829354fa8jm    }
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm    if (adt_set_user(ah, ADT_NO_ATTRIB, ADT_NO_ATTRIB, ADT_NO_ATTRIB,
911106dfb16696472af8c1b7b4c554a829354fa8jm        ADT_NO_ATTRIB, p_tid, ADT_NEW) != 0) {
911106dfb16696472af8c1b7b4c554a829354fa8jm        syslog(LOG_AUTH | LOG_ALERT, "adt_set_user(ADT_NO_ATTRIB): %m");
911106dfb16696472af8c1b7b4c554a829354fa8jm        (void) adt_end_session(ah);
911106dfb16696472af8c1b7b4c554a829354fa8jm        return;
911106dfb16696472af8c1b7b4c554a829354fa8jm    }
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm    if ((event = adt_alloc_event(ah, ADT_vscan_quarantine)) == NULL) {
911106dfb16696472af8c1b7b4c554a829354fa8jm        syslog(LOG_AUTH | LOG_ALERT,
911106dfb16696472af8c1b7b4c554a829354fa8jm            "adt_alloc_event(ADT_vscan_quarantine)): %m");
911106dfb16696472af8c1b7b4c554a829354fa8jm        (void) adt_end_session(ah);
911106dfb16696472af8c1b7b4c554a829354fa8jm        return;
911106dfb16696472af8c1b7b4c554a829354fa8jm    }
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm    /* populate vscan audit event */
911106dfb16696472af8c1b7b4c554a829354fa8jm    event->adt_vscan_quarantine.file = filepath;
911106dfb16696472af8c1b7b4c554a829354fa8jm    for (i = 0; i < result->vsr_nviolations; i++) {
911106dfb16696472af8c1b7b4c554a829354fa8jm        (void) snprintf(data[i], VS_DESCRIPTION_MAX, "%d - %s",
911106dfb16696472af8c1b7b4c554a829354fa8jm            result->vsr_vrec[i].vr_id, result->vsr_vrec[i].vr_desc);
911106dfb16696472af8c1b7b4c554a829354fa8jm        violations[i] = data[i];
911106dfb16696472af8c1b7b4c554a829354fa8jm    }
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm    event->adt_vscan_quarantine.violations = (char **)violations;
911106dfb16696472af8c1b7b4c554a829354fa8jm    event->adt_vscan_quarantine.nviolations = result->vsr_nviolations;
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm    if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS))
911106dfb16696472af8c1b7b4c554a829354fa8jm        syslog(LOG_AUTH | LOG_ALERT, "adt_put_event: %m");
911106dfb16696472af8c1b7b4c554a829354fa8jm
911106dfb16696472af8c1b7b4c554a829354fa8jm    adt_free_event(event);
911106dfb16696472af8c1b7b4c554a829354fa8jm    (void) adt_end_session(ah);
911106dfb16696472af8c1b7b4c554a829354fa8jm}