| blob | 4985d4af62fc8fb96af586d2c5915479bbf8cd0f |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
26 /*
27 * Implementation of the "scan file" interface
28 */
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <unistd.h>
33 #include <string.h>
34 #include <errno.h>
35 #include <syslog.h>
36 #include <sys/types.h>
37 #include <fcntl.h>
38 #include <bsm/adt.h>
39 #include <bsm/adt_event.h>
40 #include <pthread.h>
44 /*
45 * vs_svc_nodes - table of scan requests and their thread id and
46 * scan engine context.
47 * The table is sized by the value passed to vs_svc_init. This
48 * value is obtained from the kernel and represents the maximum
49 * request idx that the kernel will request vscand to process.
50 * The table is indexed by the vsr_idx value passed in
51 * the scan request - always non-zero. This value is also the index
52 * into the kernel scan request table and identifies the instance of
53 * the driver being used to access file data for the scan. Although
54 * this is of no consequence here, it is useful information for debug.
55 *
56 * When a scan request is received a response is sent indicating
57 * one of the following:
58 * VS_STATUS_ERROR - an error occurred
59 * VS_STATUS_NO_SCAN - no scan is required
60 * VS_STATUS_SCANNING - request has been queued for async processing
61 *
62 * If the scan is required (VS_STATUS_SCANNING) a thread is created
63 * to perform the scan. It's tid is saved in vs_svc_nodes.
64 *
65 * In the case of SHUTDOWN, vs_terminate requests that all scan
66 * engine connections be closed, thus termintaing any in-progress
67 * scans, then awaits completion of all scanning threads as identified
68 * in vs_svc_nodes.
69 */
72 pthread_t vsn_tid;
73 vs_scan_req_t vsn_req;
74 vs_eng_ctx_t vsn_eng;
82 /* local functions */
89 /*
90 * vs_svc_init, vs_svc_fini
91 *
92 * Invoked on daemon load and unload
93 */
94 int
96 {
102 }
104 void
106 {
108 }
111 /*
112 * vs_svc_terminate
113 *
114 * Close all scan engine connections to terminate in-progress scan
115 * requests, and wait for all threads in vs_svc_nodes to complete
116 */
117 void
119 {
121 pthread_t tid;
123 /* close connections to abort requests */
126 /* wait for threads */
135 }
136 }
139 /*
140 * vs_svc_queue_scan_req
141 *
142 * Determine if the file needs to be scanned - either it has
143 * been modified or its scanstamp is not current.
144 * Initiate a thread to process the request, saving the tid
145 * in vs_svc_nodes[idx].vsn_tid, where idx is the vsr_idx passed in
146 * the scan request.
147 *
148 * Returns: VS_STATUS_ERROR - error
149 * VS_STATUS_NO_SCAN - no scan required
150 * VS_STATUS_SCANNING - async scan initiated
151 */
152 int
154 {
155 pthread_t tid;
158 /* No scan if file quarantined */
162 /* No scan if file not modified AND scanstamp is current */
166 }
168 /* scan required */
175 }
182 }
188 }
191 /*
192 * vs_svc_async_scan
193 *
194 * Initialize response structure, invoke vs_svc_scan_file to
195 * perform the scan, then send the result to the kernel.
196 */
199 {
202 vs_scan_rsp_t scan_rsp;
208 /* clear node and send async response to kernel */
216 }
219 /*
220 * vs_svc_scan_file
221 *
222 * vs_svc_scan_file is responsible for:
223 * - obtaining & releasing a scan engine connection
224 * - invoking the scan engine interface code to do the scan
225 * - retrying a failed scan (up to VS_MAX_RETRY times)
226 * - updating scan statistics
227 * - logging virus information
228 *
229 *
230 * Returns:
231 * VS_STATUS_NO_SCAN - scan not reqd; daemon shutting down
232 * VS_STATUS_CLEAN - scan success. File clean.
233 * new scanstamp returned in scanstamp param.
234 * VS_STATUS_INFECTED - scan success. File infected.
235 * VS_STATUS_ERROR - scan failure either in vscand or scan engine.
236 */
237 static int
239 {
243 vs_result_t result;
249 /* initialize response scanstamp to current scanstamp value */
256 /* get engine connection */
260 }
262 /* shutdown could occur while waiting for engine connection */
266 }
268 /* scan file */
272 /* if no error, clear error state on engine and break */
278 }
280 /* treat error on shutdown as scan not required */
284 }
286 /* set engine's error state and update engine stats */
291 }
295 /*
296 * VS_RESULT_CLEANED - file infected, cleaned data available
297 * VS_RESULT_FORBIDDEN - file infected, no cleaned data
298 * Log virus, write audit record and return INFECTED status
299 */
305 }
307 /* VS_RESULT_CLEAN - Set the scanstamp and return CLEAN status */
312 }
315 }
318 /*
319 * vs_svc_vlog
320 *
321 * log details of infections detected in syslig
322 * If virus log is configured log details there too
323 */
324 static void
326 {
334 /* syslog */
340 filepath,
343 }
344 }
346 /* log file */
350 }
366 }
367 }
370 }
373 /*
374 * vs_svc_audit
375 *
376 * Generate AUE_vscan_quarantine audit record containing name
377 * of infected file, and violation details if available.
378 */
379 static void
381 {
392 }
398 }
405 }
412 }
414 /* populate vscan audit event */
420 }
430 }