usr/src/cmd/vscan/vscand/vs_icap.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26 /*
  27  * PRIVATE header file for the icap client vs_icap.c
  28  */
  29
  30 #ifndef _VS_ICAP_H_
  31 #define _VS_ICAP_H_
  32
  33 #pragma ident   "%Z%%M% %I%     %E% SMI"
  34
  35 #ifdef __cplusplus
  36 extern "C" {
  37 #endif
  38
  39 /* macros */
  40 #define MATCH(a, b)     (!strncasecmp((a), (b), strlen((b))))
  41
  42 #define VS_ICAP_VER     "ICAP/1.0"
  43
  44 /* max sizes for vs_options_t */
  45 #define VS_DEFN_SZ      32
  46 #define VS_SERVICE_SZ   64
  47
  48 #define VS_BUF_SZ       4096    /* keep this a power-of-two value. */
  49 #define VS_HDR_SZ       8       /* > length of VS_BUF_SZ in hex + 2 for \r\n */
  50 #define VS_TAIL_SZ      8       /* > \r\n */
  51 #define VS_ENCAP_SZ     64      /* space reserved in header for encap offsets */
  52 #define VS_TERMINATION  "0\r\n\r\n"
  53
  54 /*
  55  * The Symantec ICAP server REQUIRES the "avscan" resource name
  56  * after the IP address in the OPTIONS and  RESPMOD requests
  57  * This is ignored by the other ICAP servers.
  58  */
  59 #define VS_SERVICE_NAME "avscan"
  60
  61 /* infection/violation record processing */
  62 #define VS_VIOLATION_LINES   4
  63 #define VS_INFECTION_FIELDS  3
  64
  65 /* previewing files */
  66 #define VS_MIN_PREVIEW_LEN      4
  67
  68 /* defines which files types should be previewed */
  69 typedef enum {
  70         VS_PREVIEW_ALL = 1,     /* preview all files */
  71         VS_PREVIEW_NONE,        /* preview no files, transfer all complete */
  72         VS_PREVIEW_LIST,        /* preview only files of listed types */
  73         VS_PREVIEW_EXCEPT       /* preview all files except listed types */
  74 } vs_preview_t;
  75
  76 /* valid ICAP response codes */
  77 typedef enum {
  78         VS_RESP_CONTINUE        = 100,
  79         VS_RESP_OK              = 200,
  80         VS_RESP_CREATED         = 201, /* file repaired. */
  81         VS_RESP_NO_CONT_NEEDED  = 204,
  82         VS_RESP_BAD_REQ         = 400,
  83         VS_RESP_FORBIDDEN       = 403, /* virus found but not repairable */
  84         VS_RESP_NOT_FOUND       = 404,
  85         VS_RESP_NOT_ALLOWED     = 405,
  86         VS_RESP_TIMEOUT         = 408,
  87         VS_RESP_INTERNAL_ERR    = 500,
  88         VS_RESP_NOT_IMPL        = 501,
  89         VS_RESP_SERV_UNAVAIL    = 503,  /* service unavailable or overloaded */
  90         VS_RESP_ICAP_VER_UNSUPP = 505,
  91         /* Symantec additions - not ICAP standard */
  92         VS_RESP_SCAN_ERR        = 533,
  93         VS_RESP_NO_LICENSE      = 539,
  94         VS_RESP_RES_UNAVAIL     = 551,
  95         /* all else */
  96         VS_RESP_UNKNOWN
  97 } vs_icap_resp_t;
  98
  99
 100 /* the ICAP OPTIONS HEADERS used by NAS AVA */
 101 typedef enum {
 102         VS_OPT_SERVICE = 1,
 103         VS_OPT_ISTAG,
 104         VS_OPT_METHODS,
 105         VS_OPT_ALLOW,
 106         VS_OPT_PREVIEW,
 107         VS_OPT_XFER_PREVIEW,
 108         VS_OPT_XFER_COMPLETE,
 109         VS_OPT_MAX_CONNECTIONS,
 110         VS_OPT_TTL,
 111         VS_OPT_X_DEF_INFO,
 112         VS_OPT_HDR_MAX = VS_OPT_X_DEF_INFO
 113 } vs_option_hdr_t;
 114
 115
 116 /*
 117  * the ICAP RESPMOD RESPONSE HEADERS used by NAS AVA
 118  *
 119  * Do NOT change the order of:
 120  * VS_RESP_X_VIRUS_ID, VS_RESP_X_INFECTION, VS_RESP_X_VIOLATIONS
 121  * Virus data saved from any one of these headers may be replaced
 122  * with data found in a preferable header (one with more info).
 123  * They are listed in order of preference.
 124  */
 125 typedef enum {
 126         VS_RESP_ENCAPSULATED = 1,
 127         VS_RESP_ISTAG,
 128         VS_RESP_X_VIRUS_ID,
 129         VS_RESP_X_INFECTION,
 130         VS_RESP_X_VIOLATIONS,
 131         VS_RESP_HDR_MAX = VS_RESP_X_VIOLATIONS
 132 } vs_resp_hdr_t;
 133
 134
 135 /*
 136  * vs_options_t
 137  * vs_impl.c manages an array of vs_options_t, one per scan engine.
 138  * vs_options_t is used to store the scan engine configuration info
 139  * returned from the scan engine in the ICAP OPTIONS RESPONSE.
 140  * This information is then used to determine how to communicate with
 141  * the scan engines (eg which files to preview), when to resend the
 142  * ICAP OPTIONS REQUEST, and the istag is used as the scanstamp of
 143  * the file. The istag is also returned in the ICAP RESPMOD RESPONSE
 144  * and is used to update the stored one if it has changed.
 145  */
 146 typedef struct vs_options {
 147         /* host & port used to detect config changes */
 148         char vso_host[MAXHOSTNAMELEN];
 149         int vso_port;
 150
 151         /* configuration options returned from scan engine */
 152         int vso_preview_len;            /* the preview supported */
 153         int vso_allow;                  /* allow 204 */
 154         vs_scanstamp_t vso_scanstamp;   /* from istag received */
 155         char vso_defninfo[VS_DEFN_SZ];  /* virus definition info */
 156         char vso_service[VS_SERVICE_SZ]; /* name of SE service */
 157         int vso_respmod;                /* set if RESPMOD method supported */
 158         vs_preview_t vso_xfer_how;      /* transfer preview or complete */
 159         iovec_t *vso_xfer_preview;      /* file exts supporting preview */
 160         iovec_t *vso_xfer_complete;     /* file exts to be sent complete */
 161         long vso_ttl;                   /* after this expiry, re-get options */
 162         time_t vso_req_time;            /* time when option was last sent */
 163 } vs_options_t;
 164
 165
 166 /*
 167  * vs_info_t
 168  *
 169  * vs_info_t is part of the context created for each scan engine request.
 170  * It contains send/recv buffers and other temporary storage required
 171  * during the processing of the request/response.
 172  * threat_hdr_t defines from which header the virus information was
 173  * obtained. This is used to determine whether to overwrite existing
 174  * info if a 'better' header is found.
 175  */
 176 typedef struct vs_info {
 177         char vsi_send_hdr[VS_HDR_SZ];
 178         char vsi_send_buf[VS_BUF_SZ + VS_TAIL_SZ];
 179         char vsi_recv_buf[VS_BUF_SZ];
 180
 181         /*  response header information */
 182         boolean_t vsi_res_hdr;
 183         boolean_t vsi_res_body;
 184         boolean_t vsi_html_content;     /* L8R - set, not used */
 185         int     vsi_content_len;        /* L8R - set, not used */
 186         int     vsi_icap_rc;
 187         int     vsi_http_rc;
 188         int     vsi_threat_hdr;
 189 } vs_info_t;
 190
 191
 192 /*
 193  * vs_scan_ctx_t
 194  *
 195  * A vs_scan_ctx_t is created for each scan request. It will contain
 196  * everything that is needed to process the scan request and return
 197  * the response to the caller.
 198  * - engine connection information used to identify which scan engine
 199  *   the request is being sent to,
 200  * - information about the file being scanned,
 201  * - a place to store information about the file that will be created
 202  *   to hold cleaned data if the scan engine detects an infection
 203  *   and returns a cleaned version of the file,
 204  * - a copy of the vs_options_t for the scan engine. This allows the
 205  *   NAS AVA scan engine connection parameters to be reconfigured without
 206  *   affecting any in-progress requests,
 207  * - a vs_info_t - the temporary storage needed to process the request,
 208  * - a vs_result_t - a place to store the  scan result information to be
 209  *   returned to the caller.
 210  */
 211 typedef struct vs_scan_ctx {
 212         /* scan engine idx and connection info */
 213         int vsc_idx;
 214         char vsc_host[MAXHOSTNAMELEN];
 215         int vsc_port;
 216         int vsc_sockfd;
 217
 218         /* info about file to be scanned */
 219         int vsc_fd;
 220         char *vsc_fname;
 221         uint64_t vsc_fsize;
 222         int vsc_flags;
 223
 224         /* file to hold repaired data */
 225         boolean_t vsc_repair;
 226         int vsc_repair_fd;
 227         char *vsc_repair_fname;
 228
 229         vs_options_t vsc_options;
 230         vs_info_t vsc_info;
 231         vs_result_t *vsc_result;
 232 } vs_scan_ctx_t;
 233
 234
 235 /*
 236  * vs_icap_hdr_t
 237  *
 238  * vs_icap.c defines tables of handlers for each ICAP OPTIONS RESPONSE HEADER
 239  * and each ICAP RESPMOD RESPONSE HEADER which NAS AVA uses.
 240  * Each entry in these tables is an vs_hdr_t.
 241  */
 242 typedef struct vs_hdr {
 243         int  vsh_id;
 244         char *vsh_name;
 245         int  (*vsh_func)(vs_scan_ctx_t *, int, char *);
 246 }vs_hdr_t;
 247
 248
 249 /*
 250  * vs_resp_msg_t
 251  *
 252  * vs_icap.c defines a table mapping ICAP response code values to text strings.
 253  * Each entry in this tables is a vs_resp_msg_t.
 254  */
 255 typedef struct vs_resp_msg {
 256         int vsm_rc;
 257         char *vsm_msg;
 258 } vs_resp_msg_t;
 259
 260 #ifdef __cplusplus
 261 }
 262 #endif
 263
 264 #endif /* _VS_ICAP_H_ */