vs_svc.c revision bfc848c632c9eacb2a640246d96e198f1b185c03
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Implementation of the "scan file" interface
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <syslog.h>
#include <fcntl.h>
#include <bsm/adt_event.h>
#include <pthread.h>
#include "vs_incl.h"
/*
* vs_svc_nodes - table of scan requests and their thread id and
* scan engine context.
* The table is sized by the value passed to vs_svc_init. This
* value is obtained from the kernel and represents the maximum
* request idx that the kernel will request vscand to process.
* The table is indexed by the vsr_idx value passed in
* the scan request - always non-zero. This value is also the index
* into the kernel scan request table and identifies the instance of
* the driver being used to access file data for the scan. Although
* this is of no consequence here, it is useful information for debug.
*
* When a scan request is received a response is sent indicating
* one of the following:
* VS_STATUS_ERROR - an error occurred
* VS_STATUS_NO_SCAN - no scan is required
* VS_STATUS_SCANNING - request has been queued for async processing
*
* If the scan is required (VS_STATUS_SCANNING) a thread is created
* to perform the scan. It's tid is saved in vs_svc_nodes.
*
* In the case of SHUTDOWN, vs_terminate requests that all scan
* engine connections be closed, thus termintaing any in-progress
* scans, then awaits completion of all scanning threads as identified
* in vs_svc_nodes.
*/
typedef struct vs_svc_node {
static vs_svc_node_t *vs_svc_nodes;
/* local functions */
static void *vs_svc_async_scan(void *);
static void vs_svc_vlog(char *, vs_result_t *);
static void vs_svc_audit(char *, vs_result_t *);
/*
* vs_svc_init, vs_svc_fini
*
* Invoked on daemon load and unload
*/
int
{
vs_svc_nodes = (vs_svc_node_t *)
}
void
{
if (vs_svc_nodes)
}
/*
* vs_svc_terminate
*
* Close all scan engine connections to terminate in-progress scan
* requests, and wait for all threads in vs_svc_nodes to complete
*/
void
{
int i;
/* close connections to abort requests */
/* wait for threads */
for (i = 1; i <= vs_svc_max_node; i++) {
(void) pthread_mutex_lock(&vs_svc_mutex);
(void) pthread_mutex_unlock(&vs_svc_mutex);
if (tid != 0)
}
}
/*
* vs_svc_queue_scan_req
*
* Determine if the file needs to be scanned - either it has
* been modified or its scanstamp is not current.
* Initiate a thread to process the request, saving the tid
* in vs_svc_nodes[idx].vsn_tid, where idx is the vsr_idx passed in
* the scan request.
*
* Returns: VS_STATUS_ERROR - error
* VS_STATUS_NO_SCAN - no scan required
* VS_STATUS_SCANNING - async scan initiated
*/
int
{
/* No scan if file quarantined */
if (req->vsr_quarantined)
return (VS_STATUS_NO_SCAN);
/* No scan if file not modified AND scanstamp is current */
if ((req->vsr_modified == 0) &&
return (VS_STATUS_NO_SCAN);
}
/* scan required */
(void) pthread_mutex_lock(&vs_svc_mutex);
(void) pthread_mutex_unlock(&vs_svc_mutex);
return (VS_STATUS_ERROR);
}
(void) pthread_mutex_unlock(&vs_svc_mutex);
return (VS_STATUS_ERROR);
}
(void) pthread_mutex_unlock(&vs_svc_mutex);
return (VS_STATUS_SCANNING);
}
/*
* vs_svc_async_scan
*
* Initialize response structure, invoke vs_svc_scan_file to
* perform the scan, then send the result to the kernel.
*/
static void *
vs_svc_async_scan(void *arg)
{
/* clear node and send async response to kernel */
(void) pthread_mutex_lock(&vs_svc_mutex);
(void) pthread_mutex_unlock(&vs_svc_mutex);
(void) vscand_kernel_result(&scan_rsp);
return (NULL);
}
/*
* vs_svc_scan_file
*
* vs_svc_scan_file is responsible for:
* - obtaining & releasing a scan engine connection
* - invoking the scan engine interface code to do the scan
* - retrying a failed scan (up to VS_MAX_RETRY times)
* - updating scan statistics
* - logging virus information
*
*
* Returns:
* VS_STATUS_NO_SCAN - scan not reqd; daemon shutting down
* VS_STATUS_CLEAN - scan success. File clean.
* new scanstamp returned in scanstamp param.
* VS_STATUS_INFECTED - scan success. File infected.
* VS_STATUS_ERROR - scan failure either in vscand or scan engine.
*/
static int
{
char devname[MAXPATHLEN];
int flags = 0;
int retries;
/* initialize response scanstamp to current scanstamp value */
/* get engine connection */
continue;
}
/* shutdown could occur while waiting for engine connection */
if (vscand_get_state() == VS_STATE_SHUTDOWN) {
return (VS_STATUS_NO_SCAN);
}
/* scan file */
/* if no error, clear error state on engine and break */
vs_eng_set_error(eng, 0);
break;
}
/* treat error on shutdown as scan not required */
if (vscand_get_state() == VS_STATE_SHUTDOWN) {
return (VS_STATUS_NO_SCAN);
}
/* set engine's error state and update engine stats */
}
/*
* VS_RESULT_CLEANED - file infected, cleaned data available
* VS_RESULT_FORBIDDEN - file infected, no cleaned data
* Log virus, write audit record and return INFECTED status
*/
return (VS_STATUS_INFECTED);
}
/* VS_RESULT_CLEAN - Set the scanstamp and return CLEAN status */
sizeof (vs_scanstamp_t));
return (VS_STATUS_CLEAN);
}
return (VS_STATUS_ERROR);
}
/*
* vs_svc_vlog
*
* log details of infections detected in syslig
* If virus log is configured log details there too
*/
static void
{
int i;
char *log;
/* syslog */
if (result->vsr_nviolations == 0) {
} else {
for (i = 0; i < result->vsr_nviolations; i++) {
}
}
/* log file */
return;
}
if (result->vsr_nviolations == 0) {
} else {
for (i = 0; i < result->vsr_nviolations; i++) {
}
}
}
/*
* vs_svc_audit
*
* Generate AUE_vscan_quarantine audit record containing name
* of infected file, and violation details if available.
*/
static void
{
int i;
char *violations[VS_MAX_VIOLATIONS];
return;
}
return;
}
(void) adt_end_session(ah);
return;
}
"adt_alloc_event(ADT_vscan_quarantine)): %m");
(void) adt_end_session(ah);
return;
}
/* populate vscan audit event */
for (i = 0; i < result->vsr_nviolations; i++) {
violations[i] = data[i];
}
(void) adt_end_session(ah);
}