| blob | 41d9840760f197af0a79601d95c9b62e38b56d1e |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
28 /*
29 * Implementation of the "scan file" interface
30 */
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <unistd.h>
35 #include <string.h>
36 #include <errno.h>
37 #include <syslog.h>
38 #include <sys/types.h>
39 #include <fcntl.h>
40 #include <bsm/adt.h>
41 #include <bsm/adt_event.h>
42 #include <pthread.h>
46 /*
47 * vs_svc_nodes - table of scan requests and their thread id and
48 * scan engine context.
49 * The table is sized by the value passed to vs_svc_init. This
50 * value is obtained from the kernel and represents the maximum
51 * request idx that the kernel will request vscand to process.
52 * The table is indexed by the vsr_idx value passed in
53 * the scan request - always non-zero. This value is also the index
54 * into the kernel scan request table and identifies the instance of
55 * the driver being used to access file data for the scan. Although
56 * this is of no consequence here, it is useful information for debug.
57 *
58 * When a scan request is received a response is sent indicating
59 * one of the following:
60 * VS_STATUS_ERROR - an error occurred
61 * VS_STATUS_NO_SCAN - no scan is required
62 * VS_STATUS_SCANNING - request has been queued for async processing
63 *
64 * If the scan is required (VS_STATUS_SCANNING) a thread is created
65 * to perform the scan. It's tid is saved in vs_svc_nodes.
66 *
67 * In the case of SHUTDOWN, vs_terminate requests that all scan
68 * engine connections be closed, thus termintaing any in-progress
69 * scans, then awaits completion of all scanning threads as identified
70 * in vs_svc_nodes.
71 */
74 pthread_t vsn_tid;
75 vs_scan_req_t vsn_req;
76 vs_eng_ctx_t vsn_eng;
84 /* local functions */
91 /*
92 * vs_svc_init, vs_svc_fini
93 *
94 * Invoked on daemon load and unload
95 */
96 int
98 {
104 }
106 void
108 {
111 }
114 /*
115 * vs_svc_terminate
116 *
117 * Close all scan engine connections to terminate in-progress scan
118 * requests, and wait for all threads in vs_svc_nodes to complete
119 */
120 void
122 {
124 pthread_t tid;
126 /* close connections to abort requests */
129 /* wait for threads */
138 }
139 }
142 /*
143 * vs_svc_queue_scan_req
144 *
145 * Determine if the file needs to be scanned - either it has
146 * been modified or its scanstamp is not current.
147 * Initiate a thread to process the request, saving the tid
148 * in vs_svc_nodes[idx].vsn_tid, where idx is the vsr_idx passed in
149 * the scan request.
150 *
151 * Returns: VS_STATUS_ERROR - error
152 * VS_STATUS_NO_SCAN - no scan required
153 * VS_STATUS_SCANNING - async scan initiated
154 */
155 int
157 {
158 pthread_t tid;
161 /* No scan if file quarantined */
165 /* No scan if file not modified AND scanstamp is current */
169 }
171 /* scan required */
178 }
185 }
191 }
194 /*
195 * vs_svc_async_scan
196 *
197 * Initialize response structure, invoke vs_svc_scan_file to
198 * perform the scan, then send the result to the kernel.
199 */
202 {
205 vs_scan_rsp_t scan_rsp;
211 /* clear node and send async response to kernel */
219 }
222 /*
223 * vs_svc_scan_file
224 *
225 * vs_svc_scan_file is responsible for:
226 * - obtaining & releasing a scan engine connection
227 * - invoking the scan engine interface code to do the scan
228 * - retrying a failed scan (up to VS_MAX_RETRY times)
229 * - updating scan statistics
230 * - logging virus information
231 *
232 *
233 * Returns:
234 * VS_STATUS_NO_SCAN - scan not reqd; daemon shutting down
235 * VS_STATUS_CLEAN - scan success. File clean.
236 * new scanstamp returned in scanstamp param.
237 * VS_STATUS_INFECTED - scan success. File infected.
238 * VS_STATUS_ERROR - scan failure either in vscand or scan engine.
239 */
240 static int
242 {
246 vs_result_t result;
252 /* initialize response scanstamp to current scanstamp value */
259 /* get engine connection */
263 }
265 /* shutdown could occur while waiting for engine connection */
269 }
271 /* scan file */
275 /* if no error, clear error state on engine and break */
281 }
283 /* treat error on shutdown as scan not required */
287 }
289 /* set engine's error state and update engine stats */
294 }
298 /*
299 * VS_RESULT_CLEANED - file infected, cleaned data available
300 * VS_RESULT_FORBIDDEN - file infected, no cleaned data
301 * Log virus, write audit record and return INFECTED status
302 */
308 }
310 /* VS_RESULT_CLEAN - Set the scanstamp and return CLEAN status */
315 }
318 }
321 /*
322 * vs_svc_vlog
323 *
324 * log details of infections detected in syslig
325 * If virus log is configured log details there too
326 */
327 static void
329 {
337 /* syslog */
343 filepath,
346 }
347 }
349 /* log file */
353 }
369 }
370 }
373 }
376 /*
377 * vs_svc_audit
378 *
379 * Generate AUE_vscan_quarantine audit record containing name
380 * of infected file, and violation details if available.
381 */
382 static void
384 {
395 }
401 }
408 }
415 }
417 /* populate vscan audit event */
423 }
433 }