2 * Copyright (C) 2010-2016 SATOH Fumiyasu @ OSS Technology Corp., Japan
3 * Copyright (C) 2016-2017 Trever L. Adams
4 * Copyright (C) 2017 Ralph Boehme <slow@samba.org>
5 * Copyright (C) 2017 Jeremy Allison <jra@samba.org>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "vfs_virusfilter_common.h"
22 #include "vfs_virusfilter_utils.h"
25 * Default configuration values
26 * ======================================================================
29 #define VIRUSFILTER_DEFAULT_QUARANTINE_PREFIX "virusfilter."
30 #define VIRUSFILTER_DEFAULT_QUARANTINE_SUFFIX ".infected"
31 #define VIRUSFILTER_DEFAULT_RENAME_PREFIX "virusfilter."
32 #define VIRUSFILTER_DEFAULT_RENAME_SUFFIX ".infected"
34 /* ====================================================================== */
36 enum virusfilter_scanner_enum {
37 VIRUSFILTER_SCANNER_CLAMAV,
38 VIRUSFILTER_SCANNER_FSAV,
39 VIRUSFILTER_SCANNER_SOPHOS
42 static const struct enum_list scanner_list[] = {
43 { VIRUSFILTER_SCANNER_CLAMAV, "clamav" },
44 { VIRUSFILTER_SCANNER_FSAV, "fsav" },
45 { VIRUSFILTER_SCANNER_SOPHOS, "sophos" },
49 static const struct enum_list virusfilter_actions[] = {
50 { VIRUSFILTER_ACTION_QUARANTINE, "quarantine" },
51 { VIRUSFILTER_ACTION_RENAME, "rename" },
52 { VIRUSFILTER_ACTION_DELETE, "delete" },
54 /* alias for "delete" */
55 { VIRUSFILTER_ACTION_DELETE, "remove" },
57 /* alias for "delete" */
58 { VIRUSFILTER_ACTION_DELETE, "unlink" },
59 { VIRUSFILTER_ACTION_DO_NOTHING, "nothing" },
63 static int virusfilter_config_destructor(struct virusfilter_config *config)
65 TALLOC_FREE(config->backend);
70 * This is adapted from vfs_recycle module.
71 * Caller must have become_root();
73 static bool quarantine_directory_exist(
74 struct vfs_handle_struct *handle,
78 struct smb_filename smb_fname = {
79 .base_name = discard_const_p(char, dname)
82 ret = SMB_VFS_STAT(handle->conn, &smb_fname);
84 return S_ISDIR(smb_fname.st.st_ex_mode);
91 * Create directory tree
92 * @param conn connection
93 * @param dname Directory tree to be created
94 * @return Returns true for success
95 * This is adapted from vfs_recycle module.
96 * Caller must have become_root();
98 static bool quarantine_create_dir(
99 struct vfs_handle_struct *handle,
100 struct virusfilter_config *config,
105 char *new_dir = NULL;
106 char *tmp_str = NULL;
108 char *tok_str = NULL;
112 char *saveptr = NULL;
114 tmp_str = talloc_strdup(talloc_tos(), dname);
115 if (tmp_str == NULL) {
116 DBG_ERR("virusfilter-vfs: out of memory!\n");
122 len = strlen(dname)+1;
123 new_dir = (char *)talloc_size(talloc_tos(), len + 1);
124 if (new_dir == NULL) {
125 DBG_ERR("virusfilter-vfs: out of memory!\n");
130 if (dname[0] == '/') {
132 cat_len = strlcat(new_dir, "/", len + 1);
133 if (cat_len >= len+1) {
138 /* Create directory tree if necessary */
139 for (token = strtok_r(tok_str, "/", &saveptr);
141 token = strtok_r(NULL, "/", &saveptr))
143 cat_len = strlcat(new_dir, token, len + 1);
144 if (cat_len >= len+1) {
147 ok = quarantine_directory_exist(handle, new_dir);
149 DBG_DEBUG("quarantine: dir %s already exists\n",
152 struct smb_filename *smb_fname = NULL;
154 DBG_INFO("quarantine: creating new dir %s\n", new_dir);
156 smb_fname = synthetic_smb_fname(talloc_tos(),
162 if (smb_fname == NULL) {
166 ret = SMB_VFS_NEXT_MKDIRAT(handle,
167 handle->conn->cwd_fsp,
169 config->quarantine_dir_mode);
171 TALLOC_FREE(smb_fname);
173 DBG_WARNING("quarantine: mkdirat failed for %s "
174 "with error: %s\n", new_dir,
179 TALLOC_FREE(smb_fname);
181 cat_len = strlcat(new_dir, "/", len + 1);
182 if (cat_len >= len + 1) {
189 TALLOC_FREE(tmp_str);
190 TALLOC_FREE(new_dir);
194 static int virusfilter_vfs_connect(
195 struct vfs_handle_struct *handle,
199 int snum = SNUM(handle->conn);
200 struct virusfilter_config *config = NULL;
201 const char *exclude_files = NULL;
202 const char *temp_quarantine_dir_mode = NULL;
203 const char *infected_file_command = NULL;
204 const char *scan_error_command = NULL;
205 const char *quarantine_dir = NULL;
206 const char *quarantine_prefix = NULL;
207 const char *quarantine_suffix = NULL;
208 const char *rename_prefix = NULL;
209 const char *rename_suffix = NULL;
210 const char *socket_path = NULL;
213 enum virusfilter_scanner_enum backend;
214 int connect_timeout = 0;
218 config = talloc_zero(handle, struct virusfilter_config);
219 if (config == NULL) {
220 DBG_ERR("talloc_zero failed\n");
223 talloc_set_destructor(config, virusfilter_config_destructor);
225 SMB_VFS_HANDLE_SET_DATA(handle, config, NULL,
226 struct virusfilter_config, return -1);
228 config->scan_request_limit = lp_parm_int(
229 snum, "virusfilter", "scan request limit", 0);
231 config->scan_on_open = lp_parm_bool(
232 snum, "virusfilter", "scan on open", true);
234 config->scan_on_close = lp_parm_bool(
235 snum, "virusfilter", "scan on close", false);
237 config->max_nested_scan_archive = lp_parm_int(
238 snum, "virusfilter", "max nested scan archive", 1);
240 config->scan_archive = lp_parm_bool(
241 snum, "virusfilter", "scan archive", false);
243 config->scan_mime = lp_parm_bool(
244 snum, "virusfilter", "scan mime", false);
246 config->max_file_size = (ssize_t)lp_parm_ulong(
247 snum, "virusfilter", "max file size", 100000000L);
249 config->min_file_size = (ssize_t)lp_parm_ulong(
250 snum, "virusfilter", "min file size", 10);
252 exclude_files = lp_parm_const_string(
253 snum, "virusfilter", "exclude files", NULL);
254 if (exclude_files != NULL) {
255 set_namearray(&config->exclude_files, exclude_files);
258 config->cache_entry_limit = lp_parm_int(
259 snum, "virusfilter", "cache entry limit", 100);
261 config->cache_time_limit = lp_parm_int(
262 snum, "virusfilter", "cache time limit", 10);
264 config->infected_file_action = lp_parm_enum(
265 snum, "virusfilter", "infected file action",
266 virusfilter_actions, VIRUSFILTER_ACTION_DO_NOTHING);
268 infected_file_command = lp_parm_const_string(
269 snum, "virusfilter", "infected file command", NULL);
270 if (infected_file_command != NULL) {
271 config->infected_file_command = talloc_strdup(
273 infected_file_command);
274 if (config->infected_file_command == NULL) {
275 DBG_ERR("virusfilter-vfs: out of memory!\n");
279 scan_error_command = lp_parm_const_string(
280 snum, "virusfilter", "scan error command", NULL);
281 if (scan_error_command != NULL) {
282 config->scan_error_command = talloc_strdup(config,
284 if (config->scan_error_command == NULL) {
285 DBG_ERR("virusfilter-vfs: out of memory!\n");
290 config->block_access_on_error = lp_parm_bool(
291 snum, "virusfilter", "block access on error", false);
293 tmp = talloc_asprintf(config, "%s/.quarantine",
294 handle->conn->connectpath);
296 quarantine_dir = lp_parm_const_string(
297 snum, "virusfilter", "quarantine directory",
298 tmp ? tmp : "/tmp/.quarantine");
299 if (quarantine_dir != NULL) {
300 config->quarantine_dir = talloc_strdup(config, quarantine_dir);
301 if (config->quarantine_dir == NULL) {
302 DBG_ERR("virusfilter-vfs: out of memory!\n");
307 if (tmp != config->quarantine_dir) {
311 temp_quarantine_dir_mode = lp_parm_const_string(
312 snum, "virusfilter", "quarantine directory mode", "0755");
313 if (temp_quarantine_dir_mode != NULL) {
314 unsigned int mode = 0;
315 sscanf(temp_quarantine_dir_mode, "%o", &mode);
316 config->quarantine_dir_mode = mode;
319 quarantine_prefix = lp_parm_const_string(
320 snum, "virusfilter", "quarantine prefix",
321 VIRUSFILTER_DEFAULT_QUARANTINE_PREFIX);
322 if (quarantine_prefix != NULL) {
323 config->quarantine_prefix = talloc_strdup(config,
325 if (config->quarantine_prefix == NULL) {
326 DBG_ERR("virusfilter-vfs: out of memory!\n");
331 quarantine_suffix = lp_parm_const_string(
332 snum, "virusfilter", "quarantine suffix",
333 VIRUSFILTER_DEFAULT_QUARANTINE_SUFFIX);
334 if (quarantine_suffix != NULL) {
335 config->quarantine_suffix = talloc_strdup(config,
337 if (config->quarantine_suffix == NULL) {
338 DBG_ERR("virusfilter-vfs: out of memory!\n");
344 * Make sure prefixes and suffixes do not contain directory
347 if (config->quarantine_prefix != NULL) {
348 sret = strstr(config->quarantine_prefix, "/");
350 DBG_ERR("quarantine prefix must not contain directory "
351 "delimiter(s) such as '/' (%s replaced with %s)\n",
352 config->quarantine_prefix,
353 VIRUSFILTER_DEFAULT_QUARANTINE_PREFIX);
354 config->quarantine_prefix =
355 VIRUSFILTER_DEFAULT_QUARANTINE_PREFIX;
358 if (config->quarantine_suffix != NULL) {
359 sret = strstr(config->quarantine_suffix, "/");
361 DBG_ERR("quarantine suffix must not contain directory "
362 "delimiter(s) such as '/' (%s replaced with %s)\n",
363 config->quarantine_suffix,
364 VIRUSFILTER_DEFAULT_QUARANTINE_SUFFIX);
365 config->quarantine_suffix =
366 VIRUSFILTER_DEFAULT_QUARANTINE_SUFFIX;
370 config->quarantine_keep_tree = lp_parm_bool(
371 snum, "virusfilter", "quarantine keep tree", true);
373 config->quarantine_keep_name = lp_parm_bool(
374 snum, "virusfilter", "quarantine keep name", true);
376 rename_prefix = lp_parm_const_string(
377 snum, "virusfilter", "rename prefix",
378 VIRUSFILTER_DEFAULT_RENAME_PREFIX);
379 if (rename_prefix != NULL) {
380 config->rename_prefix = talloc_strdup(config, rename_prefix);
381 if (config->rename_prefix == NULL) {
382 DBG_ERR("virusfilter-vfs: out of memory!\n");
387 rename_suffix = lp_parm_const_string(
388 snum, "virusfilter", "rename suffix",
389 VIRUSFILTER_DEFAULT_RENAME_SUFFIX);
390 if (rename_suffix != NULL) {
391 config->rename_suffix = talloc_strdup(config, rename_suffix);
392 if (config->rename_suffix == NULL) {
393 DBG_ERR("virusfilter-vfs: out of memory!\n");
399 * Make sure prefixes and suffixes do not contain directory
402 if (config->rename_prefix != NULL) {
403 sret = strstr(config->rename_prefix, "/");
405 DBG_ERR("rename prefix must not contain directory "
406 "delimiter(s) such as '/' (%s replaced with %s)\n",
407 config->rename_prefix,
408 VIRUSFILTER_DEFAULT_RENAME_PREFIX);
409 config->rename_prefix =
410 VIRUSFILTER_DEFAULT_RENAME_PREFIX;
413 if (config->rename_suffix != NULL) {
414 sret = strstr(config->rename_suffix, "/");
416 DBG_ERR("rename suffix must not contain directory "
417 "delimiter(s) such as '/' (%s replaced with %s)\n",
418 config->rename_suffix,
419 VIRUSFILTER_DEFAULT_RENAME_SUFFIX);
420 config->rename_suffix =
421 VIRUSFILTER_DEFAULT_RENAME_SUFFIX;
425 config->infected_open_errno = lp_parm_int(
426 snum, "virusfilter", "infected file errno on open", EACCES);
428 config->infected_close_errno = lp_parm_int(
429 snum, "virusfilter", "infected file errno on close", 0);
431 config->scan_error_open_errno = lp_parm_int(
432 snum, "virusfilter", "scan error errno on open", EACCES);
434 config->scan_error_close_errno = lp_parm_int(
435 snum, "virusfilter", "scan error errno on close", 0);
437 socket_path = lp_parm_const_string(
438 snum, "virusfilter", "socket path", NULL);
439 if (socket_path != NULL) {
440 config->socket_path = talloc_strdup(config, socket_path);
441 if (config->socket_path == NULL) {
442 DBG_ERR("virusfilter-vfs: out of memory!\n");
447 /* canonicalize socket_path */
448 if (config->socket_path != NULL && config->socket_path[0] != '/') {
449 DBG_ERR("socket path must be an absolute path. "
450 "Using backend default\n");
451 config->socket_path = NULL;
453 if (config->socket_path != NULL) {
454 config->socket_path = canonicalize_absolute_path(
455 handle, config->socket_path);
456 if (config->socket_path == NULL) {
462 connect_timeout = lp_parm_int(snum, "virusfilter",
463 "connect timeout", 30000);
465 io_timeout = lp_parm_int(snum, "virusfilter", "io timeout", 60000);
467 config->io_h = virusfilter_io_new(config, connect_timeout, io_timeout);
468 if (config->io_h == NULL) {
469 DBG_ERR("virusfilter_io_new failed");
473 if (config->cache_entry_limit > 0) {
474 config->cache = virusfilter_cache_new(handle,
475 config->cache_entry_limit,
476 config->cache_time_limit);
477 if (config->cache == NULL) {
478 DBG_ERR("Initializing cache failed: Cache disabled\n");
484 * Check quarantine directory now to save processing
485 * and becoming root over and over.
487 if (config->infected_file_action == VIRUSFILTER_ACTION_QUARANTINE) {
492 * Do SMB_VFS_NEXT_MKDIR(config->quarantine_dir)
496 dir_exists = quarantine_directory_exist(handle,
497 config->quarantine_dir);
499 DBG_DEBUG("Creating quarantine directory: %s\n",
500 config->quarantine_dir);
501 ok = quarantine_create_dir(handle, config,
502 config->quarantine_dir);
506 DBG_ERR("Creating quarantine directory %s "
508 config->quarantine_dir,
515 * Now that the frontend options are initialized, load the configured
519 backend = (enum virusfilter_scanner_enum)lp_parm_enum(snum,
524 if (backend == (enum virusfilter_scanner_enum)-1) {
525 DBG_ERR("No AV-Scanner configured, "
526 "please set \"virusfilter:scanner\"\n");
531 case VIRUSFILTER_SCANNER_SOPHOS:
532 ret = virusfilter_sophos_init(config);
534 case VIRUSFILTER_SCANNER_FSAV:
535 ret = virusfilter_fsav_init(config);
537 case VIRUSFILTER_SCANNER_CLAMAV:
538 ret = virusfilter_clamav_init(config);
541 DBG_ERR("Unhandled scanner %d\n", backend);
545 DBG_ERR("Scanner backend init failed\n");
549 if (config->backend->fns->connect != NULL) {
550 ret = config->backend->fns->connect(handle, config, svc, user);
556 return SMB_VFS_NEXT_CONNECT(handle, svc, user);
559 static void virusfilter_vfs_disconnect(struct vfs_handle_struct *handle)
561 struct virusfilter_config *config = NULL;
563 SMB_VFS_HANDLE_GET_DATA(handle, config,
564 struct virusfilter_config, return);
566 if (config->backend->fns->disconnect != NULL) {
567 config->backend->fns->disconnect(handle);
570 free_namearray(config->exclude_files);
571 virusfilter_io_disconnect(config->io_h);
573 SMB_VFS_NEXT_DISCONNECT(handle);
576 static int virusfilter_set_module_env(TALLOC_CTX *mem_ctx,
577 struct virusfilter_config *config,
582 ret = virusfilter_env_set(mem_ctx, env_list, "VIRUSFILTER_VERSION",
583 VIRUSFILTER_VERSION);
587 ret = virusfilter_env_set(mem_ctx, env_list, "VIRUSFILTER_MODULE_NAME",
588 config->backend->name);
593 if (config->backend->version != 0) {
594 char *version = NULL;
596 version = talloc_asprintf(talloc_tos(), "%u",
597 config->backend->version);
598 if (version == NULL) {
601 ret = virusfilter_env_set(mem_ctx, env_list,
602 "VIRUSFILTER_MODULE_VERSION",
604 TALLOC_FREE(version);
613 static char *quarantine_check_tree(TALLOC_CTX *mem_ctx,
614 struct vfs_handle_struct *handle,
615 struct virusfilter_config *config,
616 const struct smb_filename *smb_fname,
620 char *temp_path = NULL;
621 char *q_dir_out = NULL;
624 temp_path = talloc_asprintf(talloc_tos(), "%s/%s", q_dir_in, cwd_fname);
625 if (temp_path == NULL) {
626 DBG_ERR("talloc_asprintf failed\n");
631 ok = quarantine_directory_exist(handle, temp_path);
634 DBG_DEBUG("quarantine: directory [%s] exists\n", temp_path);
635 q_dir_out = talloc_move(mem_ctx, &temp_path);
639 DBG_DEBUG("quarantine: Creating directory %s\n", temp_path);
642 ok = quarantine_create_dir(handle, config, temp_path);
645 DBG_NOTICE("Could not create quarantine directory [%s], "
646 "ignoring for [%s]\n",
647 temp_path, smb_fname_str_dbg(smb_fname));
651 q_dir_out = talloc_move(mem_ctx, &temp_path);
654 TALLOC_FREE(temp_path);
658 static virusfilter_action infected_file_action_quarantine(
659 struct vfs_handle_struct *handle,
660 struct virusfilter_config *config,
662 const struct files_struct *fsp,
663 const char **filepath_newp)
665 TALLOC_CTX *frame = talloc_stackframe();
666 connection_struct *conn = handle->conn;
667 char *cwd_fname = fsp->conn->cwd_fsp->fsp_name->base_name;
668 char *fname = fsp->fsp_name->base_name;
669 const struct smb_filename *smb_fname = fsp->fsp_name;
670 struct smb_filename *q_smb_fname = NULL;
672 char *q_prefix = NULL;
673 char *q_suffix = NULL;
674 char *q_filepath = NULL;
675 char *dir_name = NULL;
676 const char *base_name = NULL;
677 char *rand_filename_component = NULL;
678 virusfilter_action action = VIRUSFILTER_ACTION_QUARANTINE;
683 q_dir = virusfilter_string_sub(frame, conn,
684 config->quarantine_dir);
685 q_prefix = virusfilter_string_sub(frame, conn,
686 config->quarantine_prefix);
687 q_suffix = virusfilter_string_sub(frame, conn,
688 config->quarantine_suffix);
689 if (q_dir == NULL || q_prefix == NULL || q_suffix == NULL) {
690 DBG_ERR("Quarantine failed: %s/%s: Cannot allocate "
691 "memory\n", cwd_fname, fname);
692 action = VIRUSFILTER_ACTION_DO_NOTHING;
696 if (config->quarantine_keep_name || config->quarantine_keep_tree) {
697 ok = parent_dirname(frame, smb_fname->base_name,
698 &dir_name, &base_name);
700 DBG_ERR("parent_dirname failed\n");
701 action = VIRUSFILTER_ACTION_DO_NOTHING;
705 if (config->quarantine_keep_tree) {
708 tree = quarantine_check_tree(frame, handle, config,
713 * If we can't create the tree, just move it
714 * into the toplevel quarantine dir.
722 /* Get a 16 byte + \0 random filename component. */
723 rand_filename_component = generate_random_str(frame, 16);
724 if (rand_filename_component == NULL) {
725 DBG_ERR("generate_random_str failed\n");
726 action = VIRUSFILTER_ACTION_DO_NOTHING;
730 if (config->quarantine_keep_name) {
731 q_filepath = talloc_asprintf(frame, "%s/%s%s%s-%s",
734 rand_filename_component);
736 q_filepath = talloc_asprintf(frame, "%s/%s%s",
738 rand_filename_component);
740 if (q_filepath == NULL) {
741 DBG_ERR("talloc_asprintf failed\n");
742 action = VIRUSFILTER_ACTION_DO_NOTHING;
746 q_smb_fname = synthetic_smb_fname(frame,
748 smb_fname->stream_name,
752 if (q_smb_fname == NULL) {
753 action = VIRUSFILTER_ACTION_DO_NOTHING;
758 ret = virusfilter_vfs_next_move(handle, smb_fname, q_smb_fname);
764 DBG_ERR("Quarantine [%s/%s] rename to %s failed: %s\n",
765 cwd_fname, fname, q_filepath, strerror(saved_errno));
767 action = VIRUSFILTER_ACTION_DO_NOTHING;
771 *filepath_newp = talloc_move(mem_ctx, &q_filepath);
778 static virusfilter_action infected_file_action_rename(
779 struct vfs_handle_struct *handle,
780 struct virusfilter_config *config,
782 const struct files_struct *fsp,
783 const char **filepath_newp)
785 TALLOC_CTX *frame = talloc_stackframe();
786 connection_struct *conn = handle->conn;
787 char *cwd_fname = fsp->conn->cwd_fsp->fsp_name->base_name;
788 char *fname = fsp->fsp_name->base_name;
789 const struct smb_filename *smb_fname = fsp->fsp_name;
790 struct smb_filename *q_smb_fname = NULL;
792 char *q_prefix = NULL;
793 char *q_suffix = NULL;
794 char *q_filepath = NULL;
795 const char *base_name = NULL;
796 virusfilter_action action = VIRUSFILTER_ACTION_RENAME;
801 q_prefix = virusfilter_string_sub(frame, conn,
802 config->rename_prefix);
803 q_suffix = virusfilter_string_sub(frame, conn,
804 config->rename_suffix);
805 if (q_prefix == NULL || q_suffix == NULL) {
806 DBG_ERR("Rename failed: %s/%s: Cannot allocate "
807 "memory\n", cwd_fname, fname);
808 action = VIRUSFILTER_ACTION_DO_NOTHING;
812 ok = parent_dirname(frame, fname, &q_dir, &base_name);
814 DBG_ERR("Rename failed: %s/%s: Cannot allocate "
815 "memory\n", cwd_fname, fname);
816 action = VIRUSFILTER_ACTION_DO_NOTHING;
821 DBG_ERR("Rename failed: %s/%s: Cannot allocate "
822 "memory\n", cwd_fname, fname);
823 action = VIRUSFILTER_ACTION_DO_NOTHING;
827 q_filepath = talloc_asprintf(frame, "%s/%s%s%s", q_dir,
828 q_prefix, base_name, q_suffix);
830 q_smb_fname = synthetic_smb_fname(frame, q_filepath,
831 smb_fname->stream_name, NULL,
834 if (q_smb_fname == NULL) {
835 action = VIRUSFILTER_ACTION_DO_NOTHING;
840 ret = virusfilter_vfs_next_move(handle, smb_fname, q_smb_fname);
847 DBG_ERR("Rename failed: %s/%s: Rename failed: %s\n",
848 cwd_fname, fname, strerror(saved_errno));
850 action = VIRUSFILTER_ACTION_DO_NOTHING;
854 *filepath_newp = talloc_move(mem_ctx, &q_filepath);
861 static virusfilter_action infected_file_action_delete(
862 struct vfs_handle_struct *handle,
863 const struct files_struct *fsp)
869 ret = SMB_VFS_NEXT_UNLINKAT(handle,
870 handle->conn->cwd_fsp,
878 DBG_ERR("Delete [%s/%s] failed: %s\n",
879 fsp->conn->cwd_fsp->fsp_name->base_name,
880 fsp->fsp_name->base_name,
881 strerror(saved_errno));
883 return VIRUSFILTER_ACTION_DO_NOTHING;
886 return VIRUSFILTER_ACTION_DELETE;
889 static virusfilter_action virusfilter_do_infected_file_action(
890 struct vfs_handle_struct *handle,
891 struct virusfilter_config *config,
893 const struct files_struct *fsp,
894 const char **filepath_newp)
896 virusfilter_action action;
898 *filepath_newp = NULL;
900 switch (config->infected_file_action) {
901 case VIRUSFILTER_ACTION_RENAME:
902 action = infected_file_action_rename(handle, config, mem_ctx,
906 case VIRUSFILTER_ACTION_QUARANTINE:
907 action = infected_file_action_quarantine(handle, config, mem_ctx,
911 case VIRUSFILTER_ACTION_DELETE:
912 action = infected_file_action_delete(handle, fsp);
915 case VIRUSFILTER_ACTION_DO_NOTHING:
917 action = VIRUSFILTER_ACTION_DO_NOTHING;
924 static virusfilter_action virusfilter_treat_infected_file(
925 struct vfs_handle_struct *handle,
926 struct virusfilter_config *config,
927 const struct files_struct *fsp,
931 connection_struct *conn = handle->conn;
932 char *cwd_fname = fsp->conn->cwd_fsp->fsp_name->base_name;
933 char *fname = fsp->fsp_name->base_name;
934 TALLOC_CTX *mem_ctx = talloc_tos();
936 virusfilter_action action;
937 const char *action_name = "UNKNOWN";
938 const char *filepath_q = NULL;
939 char *env_list = NULL;
940 char *command = NULL;
944 action = virusfilter_do_infected_file_action(handle, config, mem_ctx,
946 for (i=0; virusfilter_actions[i].name; i++) {
947 if (virusfilter_actions[i].value == action) {
948 action_name = virusfilter_actions[i].name;
952 DBG_WARNING("Infected file action: %s/%s: %s\n", cwd_fname,
955 if (!config->infected_file_command) {
959 ret = virusfilter_set_module_env(mem_ctx, config, &env_list);
963 ret = virusfilter_env_set(mem_ctx, &env_list,
964 "VIRUSFILTER_INFECTED_SERVICE_FILE_PATH",
969 if (report != NULL) {
970 ret = virusfilter_env_set(mem_ctx, &env_list,
971 "VIRUSFILTER_INFECTED_FILE_REPORT",
977 ret = virusfilter_env_set(mem_ctx, &env_list,
978 "VIRUSFILTER_INFECTED_FILE_ACTION",
983 if (filepath_q != NULL) {
984 ret = virusfilter_env_set(mem_ctx, &env_list,
985 "VIRUSFILTER_QUARANTINED_FILE_PATH",
992 ret = virusfilter_env_set(mem_ctx, &env_list,
993 "VIRUSFILTER_RESULT_IS_CACHE", "yes");
999 command = virusfilter_string_sub(mem_ctx, conn,
1000 config->infected_file_command);
1001 if (command == NULL) {
1002 DBG_ERR("virusfilter_string_sub failed\n");
1006 DBG_NOTICE("Infected file command line: %s/%s: %s\n", cwd_fname,
1009 command_result = virusfilter_shell_run(mem_ctx, command, &env_list,
1011 if (command_result != 0) {
1012 DBG_ERR("Infected file command failed: %d\n", command_result);
1015 DBG_DEBUG("Infected file command finished: %d\n", command_result);
1018 TALLOC_FREE(env_list);
1019 TALLOC_FREE(command);
1024 static void virusfilter_treat_scan_error(
1025 struct vfs_handle_struct *handle,
1026 struct virusfilter_config *config,
1027 const struct files_struct *fsp,
1031 connection_struct *conn = handle->conn;
1032 const char *cwd_fname = fsp->conn->cwd_fsp->fsp_name->base_name;
1033 const char *fname = fsp->fsp_name->base_name;
1034 TALLOC_CTX *mem_ctx = talloc_tos();
1035 char *env_list = NULL;
1036 char *command = NULL;
1040 if (!config->scan_error_command) {
1043 ret = virusfilter_set_module_env(mem_ctx, config, &env_list);
1047 ret = virusfilter_env_set(mem_ctx, &env_list,
1048 "VIRUSFILTER_SCAN_ERROR_SERVICE_FILE_PATH",
1053 if (report != NULL) {
1054 ret = virusfilter_env_set(mem_ctx, &env_list,
1055 "VIRUSFILTER_SCAN_ERROR_REPORT",
1062 ret = virusfilter_env_set(mem_ctx, &env_list,
1063 "VIRUSFILTER_RESULT_IS_CACHE", "1");
1069 command = virusfilter_string_sub(mem_ctx, conn,
1070 config->scan_error_command);
1071 if (command == NULL) {
1072 DBG_ERR("virusfilter_string_sub failed\n");
1076 DBG_NOTICE("Scan error command line: %s/%s: %s\n", cwd_fname,
1079 command_result = virusfilter_shell_run(mem_ctx, command, &env_list,
1081 if (command_result != 0) {
1082 DBG_ERR("Scan error command failed: %d\n", command_result);
1086 TALLOC_FREE(env_list);
1087 TALLOC_FREE(command);
1090 static virusfilter_result virusfilter_scan(
1091 struct vfs_handle_struct *handle,
1092 struct virusfilter_config *config,
1093 const struct files_struct *fsp)
1095 virusfilter_result scan_result;
1096 char *scan_report = NULL;
1097 const char *fname = fsp->fsp_name->base_name;
1098 const char *cwd_fname = fsp->conn->cwd_fsp->fsp_name->base_name;
1099 struct virusfilter_cache_entry *scan_cache_e = NULL;
1100 bool is_cache = false;
1101 virusfilter_action file_action = VIRUSFILTER_ACTION_DO_NOTHING;
1102 bool add_scan_cache = true;
1105 if (config->cache) {
1106 DBG_DEBUG("Searching cache entry: fname: %s\n", fname);
1107 scan_cache_e = virusfilter_cache_get(config->cache,
1109 if (scan_cache_e != NULL) {
1110 DBG_DEBUG("Cache entry found: cached result: %d\n",
1111 scan_cache_e->result);
1113 scan_result = scan_cache_e->result;
1114 scan_report = scan_cache_e->report;
1115 goto virusfilter_scan_result_eval;
1117 DBG_DEBUG("Cache entry not found\n");
1120 if (config->backend->fns->scan_init != NULL) {
1121 scan_result = config->backend->fns->scan_init(config);
1122 if (scan_result != VIRUSFILTER_RESULT_OK) {
1123 scan_result = VIRUSFILTER_RESULT_ERROR;
1124 scan_report = talloc_asprintf(
1126 "Initializing scanner failed");
1127 goto virusfilter_scan_result_eval;
1131 scan_result = config->backend->fns->scan(handle, config, fsp,
1134 if (config->backend->fns->scan_end != NULL) {
1135 bool scan_end = true;
1137 if (config->scan_request_limit > 0) {
1139 config->scan_request_count++;
1140 if (config->scan_request_count >=
1141 config->scan_request_limit)
1144 config->scan_request_count = 0;
1148 config->backend->fns->scan_end(config);
1152 virusfilter_scan_result_eval:
1154 switch (scan_result) {
1155 case VIRUSFILTER_RESULT_CLEAN:
1156 DBG_INFO("Scan result: Clean: %s/%s\n", cwd_fname, fname);
1159 case VIRUSFILTER_RESULT_INFECTED:
1160 DBG_ERR("Scan result: Infected: %s/%s: %s\n",
1161 cwd_fname, fname, scan_report ? scan_report :
1162 "infected (memory error on report)");
1163 file_action = virusfilter_treat_infected_file(handle,
1164 config, fsp, scan_report, is_cache);
1165 if (file_action != VIRUSFILTER_ACTION_DO_NOTHING) {
1166 add_scan_cache = false;
1170 case VIRUSFILTER_RESULT_SUSPECTED:
1171 if (!config->block_suspected_file) {
1174 DBG_ERR("Scan result: Suspected: %s/%s: %s\n",
1175 cwd_fname, fname, scan_report ? scan_report :
1176 "suspected infection (memory error on report)");
1177 file_action = virusfilter_treat_infected_file(handle,
1178 config, fsp, scan_report, is_cache);
1179 if (file_action != VIRUSFILTER_ACTION_DO_NOTHING) {
1180 add_scan_cache = false;
1184 case VIRUSFILTER_RESULT_ERROR:
1185 DBG_ERR("Scan result: Error: %s/%s: %s\n",
1186 cwd_fname, fname, scan_report ? scan_report :
1187 "error (memory error on report)");
1188 virusfilter_treat_scan_error(handle, config, fsp,
1189 scan_report, is_cache);
1190 add_scan_cache = false;
1194 DBG_ERR("Scan result: Unknown result code %d: %s/%s: %s\n",
1195 scan_result, cwd_fname, fname, scan_report ?
1196 scan_report : "Unknown (memory error on report)");
1197 virusfilter_treat_scan_error(handle, config, fsp,
1198 scan_report, is_cache);
1199 add_scan_cache = false;
1203 if (config->cache) {
1204 if (!is_cache && add_scan_cache) {
1205 DBG_DEBUG("Adding new cache entry: %s, %d\n", fname,
1207 ok = virusfilter_cache_entry_add(
1208 config->cache, cwd_fname, fname,
1209 scan_result, scan_report);
1211 DBG_ERR("Cannot create cache entry: "
1212 "virusfilter_cache_entry_new failed");
1213 goto virusfilter_scan_return;
1215 } else if (is_cache) {
1216 virusfilter_cache_entry_free(scan_cache_e);
1220 virusfilter_scan_return:
1224 static int virusfilter_vfs_openat(struct vfs_handle_struct *handle,
1225 const struct files_struct *dirfsp,
1226 const struct smb_filename *smb_fname_in,
1227 struct files_struct *fsp,
1231 TALLOC_CTX *mem_ctx = talloc_tos();
1232 struct virusfilter_config *config = NULL;
1233 const char *cwd_fname = dirfsp->fsp_name->base_name;
1234 virusfilter_result scan_result;
1235 const char *fname = fsp->fsp_name->base_name;
1236 char *dir_name = NULL;
1237 const char *base_name = NULL;
1241 int rename_trap_count = 0;
1245 struct smb_filename *smb_fname = NULL;
1246 SMB_STRUCT_STAT sbuf = smb_fname_in->st;
1248 SMB_VFS_HANDLE_GET_DATA(handle, config,
1249 struct virusfilter_config, return -1);
1251 if (fsp->fsp_flags.is_directory) {
1252 DBG_INFO("Not scanned: Directory: %s/\n", cwd_fname);
1253 goto virusfilter_vfs_open_next;
1256 test_prefix = strlen(config->rename_prefix);
1257 test_suffix = strlen(config->rename_suffix);
1258 if (test_prefix > 0) {
1259 rename_trap_count++;
1261 if (test_suffix > 0) {
1262 rename_trap_count++;
1265 smb_fname = cp_smb_filename(mem_ctx, smb_fname_in);
1266 if (smb_fname == NULL) {
1267 goto virusfilter_vfs_open_fail;
1270 if (is_named_stream(smb_fname)) {
1271 DBG_INFO("Not scanned: only file backed streams can be scanned:"
1272 " %s/%s\n", cwd_fname, fname);
1273 goto virusfilter_vfs_open_next;
1276 if (!config->scan_on_open) {
1277 DBG_INFO("Not scanned: scan on open is disabled: %s/%s\n",
1279 goto virusfilter_vfs_open_next;
1282 if (flags & O_TRUNC) {
1283 DBG_INFO("Not scanned: Open flags have O_TRUNC: %s/%s\n",
1285 goto virusfilter_vfs_open_next;
1288 ret = SMB_VFS_NEXT_FSTAT(handle, fsp, &sbuf);
1292 * Do not return immediately if !(flags & O_CREAT) &&
1294 * Do not do this here or anywhere else. The module is
1295 * stackable and there may be modules below, such as audit
1296 * modules, which should be handled.
1298 goto virusfilter_vfs_open_next;
1300 ret = S_ISREG(smb_fname->st.st_ex_mode);
1302 DBG_INFO("Not scanned: Directory or special file: %s/%s\n",
1304 goto virusfilter_vfs_open_next;
1306 if (config->max_file_size > 0 &&
1307 smb_fname->st.st_ex_size > config->max_file_size)
1309 DBG_INFO("Not scanned: file size > max file size: %s/%s\n",
1311 goto virusfilter_vfs_open_next;
1313 if (config->min_file_size > 0 &&
1314 smb_fname->st.st_ex_size < config->min_file_size)
1316 DBG_INFO("Not scanned: file size < min file size: %s/%s\n",
1318 goto virusfilter_vfs_open_next;
1321 ok1 = is_in_path(fname, config->exclude_files, false);
1322 if (config->exclude_files && ok1)
1324 DBG_INFO("Not scanned: exclude files: %s/%s\n",
1326 goto virusfilter_vfs_open_next;
1329 if (config->infected_file_action == VIRUSFILTER_ACTION_QUARANTINE) {
1330 sret = strstr_m(fname, config->quarantine_dir);
1332 scan_errno = config->infected_open_errno;
1333 goto virusfilter_vfs_open_fail;
1337 if (test_prefix > 0 || test_suffix > 0) {
1338 ok1 = parent_dirname(mem_ctx, fname, &dir_name, &base_name);
1341 if (test_prefix > 0) {
1342 ret = strncmp(base_name,
1343 config->rename_prefix, test_prefix);
1348 if (test_suffix > 0) {
1349 ret = strcmp(base_name + (strlen(base_name)
1351 config->rename_suffix);
1357 TALLOC_FREE(dir_name);
1359 if ((rename_trap_count == 2 && test_prefix &&
1360 test_suffix) || (rename_trap_count == 1 &&
1361 (test_prefix || test_suffix)))
1364 config->infected_open_errno;
1365 goto virusfilter_vfs_open_fail;
1370 scan_result = virusfilter_scan(handle, config, fsp);
1372 switch (scan_result) {
1373 case VIRUSFILTER_RESULT_CLEAN:
1375 case VIRUSFILTER_RESULT_INFECTED:
1376 scan_errno = config->infected_open_errno;
1377 goto virusfilter_vfs_open_fail;
1378 case VIRUSFILTER_RESULT_ERROR:
1379 if (config->block_access_on_error) {
1380 DBG_INFO("Block access\n");
1381 scan_errno = config->scan_error_open_errno;
1382 goto virusfilter_vfs_open_fail;
1386 scan_errno = config->scan_error_open_errno;
1387 goto virusfilter_vfs_open_fail;
1390 TALLOC_FREE(smb_fname);
1392 virusfilter_vfs_open_next:
1393 return SMB_VFS_NEXT_OPENAT(handle, dirfsp, smb_fname_in, fsp, flags, mode);
1395 virusfilter_vfs_open_fail:
1396 TALLOC_FREE(smb_fname);
1397 errno = (scan_errno != 0) ? scan_errno : EACCES;
1401 static int virusfilter_vfs_close(
1402 struct vfs_handle_struct *handle,
1406 * The name of this variable is for consistency. If API changes to
1407 * match _open change to cwd_fname as in virusfilter_vfs_open.
1409 const char *cwd_fname = handle->conn->connectpath;
1411 struct virusfilter_config *config = NULL;
1412 char *fname = fsp->fsp_name->base_name;
1413 int close_result = -1;
1414 int close_errno = 0;
1415 virusfilter_result scan_result;
1418 SMB_VFS_HANDLE_GET_DATA(handle, config,
1419 struct virusfilter_config, return -1);
1422 * Must close after scan? It appears not as the scanners are not
1423 * internal and other modules such as greyhole seem to do
1424 * SMB_VFS_NEXT_* functions before processing.
1426 close_result = SMB_VFS_NEXT_CLOSE(handle, fsp);
1427 if (close_result == -1) {
1428 close_errno = errno;
1432 * Return immediately if close_result == -1, and close_errno == EBADF.
1433 * If close failed, file likely doesn't exist, do not try to scan.
1435 if (close_result == -1 && close_errno == EBADF) {
1436 if (fsp->fsp_flags.modified) {
1437 DBG_DEBUG("Removing cache entry (if existent): "
1438 "fname: %s\n", fname);
1439 virusfilter_cache_remove(config->cache,
1442 goto virusfilter_vfs_close_fail;
1445 if (fsp->fsp_flags.is_directory) {
1446 DBG_INFO("Not scanned: Directory: %s/\n", cwd_fname);
1447 return close_result;
1450 if (is_named_stream(fsp->fsp_name)) {
1451 if (config->scan_on_open && fsp->fsp_flags.modified) {
1452 if (config->cache) {
1453 DBG_DEBUG("Removing cache entry (if existent)"
1454 ": fname: %s\n", fname);
1455 virusfilter_cache_remove(
1460 DBG_INFO("Not scanned: only file backed streams can be scanned:"
1461 " %s/%s\n", cwd_fname, fname);
1462 return close_result;
1465 if (!config->scan_on_close) {
1466 if (config->scan_on_open && fsp->fsp_flags.modified) {
1467 if (config->cache) {
1468 DBG_DEBUG("Removing cache entry (if existent)"
1469 ": fname: %s\n", fname);
1470 virusfilter_cache_remove(
1475 DBG_INFO("Not scanned: scan on close is disabled: %s/%s\n",
1477 return close_result;
1480 if (!fsp->fsp_flags.modified) {
1481 DBG_NOTICE("Not scanned: File not modified: %s/%s\n",
1484 return close_result;
1487 if (config->exclude_files && is_in_path(fname,
1488 config->exclude_files, false))
1490 DBG_INFO("Not scanned: exclude files: %s/%s\n",
1492 return close_result;
1495 scan_result = virusfilter_scan(handle, config, fsp);
1497 switch (scan_result) {
1498 case VIRUSFILTER_RESULT_CLEAN:
1500 case VIRUSFILTER_RESULT_INFECTED:
1501 scan_errno = config->infected_close_errno;
1502 goto virusfilter_vfs_close_fail;
1503 case VIRUSFILTER_RESULT_ERROR:
1504 if (config->block_access_on_error) {
1505 DBG_INFO("Block access\n");
1506 scan_errno = config->scan_error_close_errno;
1507 goto virusfilter_vfs_close_fail;
1511 scan_errno = config->scan_error_close_errno;
1512 goto virusfilter_vfs_close_fail;
1515 if (close_errno != 0) {
1516 errno = close_errno;
1519 return close_result;
1521 virusfilter_vfs_close_fail:
1523 errno = (scan_errno != 0) ? scan_errno : close_errno;
1525 return close_result;
1528 static int virusfilter_vfs_unlinkat(struct vfs_handle_struct *handle,
1529 struct files_struct *dirfsp,
1530 const struct smb_filename *smb_fname,
1533 int ret = SMB_VFS_NEXT_UNLINKAT(handle,
1537 struct virusfilter_config *config = NULL;
1538 struct smb_filename *full_fname = NULL;
1540 char *cwd_fname = dirfsp->fsp_name->base_name;
1542 if (ret != 0 && errno != ENOENT) {
1546 SMB_VFS_HANDLE_GET_DATA(handle, config,
1547 struct virusfilter_config, return -1);
1549 if (config->cache == NULL) {
1553 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1556 if (full_fname == NULL) {
1560 fname = full_fname->base_name;
1562 DBG_DEBUG("Removing cache entry (if existent): fname: %s\n", fname);
1563 virusfilter_cache_remove(config->cache, cwd_fname, fname);
1565 TALLOC_FREE(full_fname);
1569 static int virusfilter_vfs_renameat(
1570 struct vfs_handle_struct *handle,
1571 files_struct *srcfsp,
1572 const struct smb_filename *smb_fname_src,
1573 files_struct *dstfsp,
1574 const struct smb_filename *smb_fname_dst)
1576 int ret = SMB_VFS_NEXT_RENAMEAT(handle,
1581 struct virusfilter_config *config = NULL;
1583 char *dst_fname = NULL;
1584 char *cwd_fname = handle->conn->cwd_fsp->fsp_name->base_name;
1585 struct smb_filename *full_src = NULL;
1586 struct smb_filename *full_dst = NULL;
1592 SMB_VFS_HANDLE_GET_DATA(handle, config,
1593 struct virusfilter_config, return -1);
1595 if (config->cache == NULL) {
1599 full_src = full_path_from_dirfsp_atname(talloc_tos(),
1602 if (full_src == NULL) {
1608 full_dst = full_path_from_dirfsp_atname(talloc_tos(),
1611 if (full_dst == NULL) {
1617 fname = full_src->base_name;
1618 dst_fname = full_dst->base_name;
1620 DBG_DEBUG("Renaming cache entry: fname: %s to: %s\n",
1622 virusfilter_cache_entry_rename(config->cache,
1629 TALLOC_FREE(full_src);
1630 TALLOC_FREE(full_dst);
1635 /* VFS operations */
1636 static struct vfs_fn_pointers vfs_virusfilter_fns = {
1637 .connect_fn = virusfilter_vfs_connect,
1638 .disconnect_fn = virusfilter_vfs_disconnect,
1639 .openat_fn = virusfilter_vfs_openat,
1640 .close_fn = virusfilter_vfs_close,
1641 .unlinkat_fn = virusfilter_vfs_unlinkat,
1642 .renameat_fn = virusfilter_vfs_renameat,
1645 NTSTATUS vfs_virusfilter_init(TALLOC_CTX *);
1646 NTSTATUS vfs_virusfilter_init(TALLOC_CTX *ctx)
1650 status = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
1652 &vfs_virusfilter_fns);
1653 if (!NT_STATUS_IS_OK(status)) {
1657 virusfilter_debug_class = debug_add_class("virusfilter");
1658 if (virusfilter_debug_class == -1) {
1659 virusfilter_debug_class = DBGC_VFS;
1660 DBG_ERR("Couldn't register custom debugging class!\n");
1662 DBG_DEBUG("Debug class number: %d\n", virusfilter_debug_class);
1665 DBG_INFO("registered\n");
git.samba.org / samba.git / blob