clamonacc - fix bug where version was being printed after daemon forking; add startup_check function; add conditional local daemon check for either ExcludeUID or ExcludeUname to help deter continuous event loops

6 years ago · 16ce199041
parent 18b723e697
commit 16ce199041
3 changed files with 63 additions and 36 deletions
--- a/clamonacc/clamonacc.c
+++ b/clamonacc/clamonacc.c
@ -51,6 +51,8 @@
 pthread_t ddd_pid = 0;
 pthread_t scque_pid = 0;

+static int startup_checks(struct onas_context *ctx);
+
 int main(int argc, char **argv)
 {
 	const struct optstruct *opts;
@ -73,9 +75,34 @@ int main(int argc, char **argv)
 	}
 	ctx->opts = opts;

-        if(optget(opts, "help")->enabled) {
-            help();
-            ret = 2;
+	clamdopts = optparse(optget(opts, "config-file")->strarg, 0, NULL, 1, OPT_CLAMD, 0, NULL);
+	if (clamdopts == NULL) {
+		logg("!Clamonacc: can't parse clamd configuration file %s\n", optget(opts, "config-file")->strarg);
+		return 2;
+	}
+	ctx->clamdopts = clamdopts;
+
+	/* Setup our client */
+	switch(onas_setup_client(&ctx)) {
+		case CL_SUCCESS:
+			if (CL_SUCCESS == onas_check_client_connection(&ctx)) {
+				break;
+			}
+		case CL_BREAK:
+			ret = 0;
+			logg("*Clamonacc: not setting up client\n");
+			goto clean_up;
+			break;
+		case CL_EARG:
+		default:
+			logg("!Clamonacc: can't setup client\n");
+			ret = 2;
+			goto clean_up;
+			break;
+	}
+
+        ret = startup_checks(ctx);
+        if (ret) {
            goto clean_up;
        }

@ -88,13 +115,6 @@ int main(int argc, char **argv)
        }
 #endif

-	clamdopts = optparse(optget(opts, "config-file")->strarg, 0, NULL, 1, OPT_CLAMD, 0, NULL);
-	if (clamdopts == NULL) {
-		logg("!Clamonacc: can't parse clamd configuration file %s\n", optget(opts, "config-file")->strarg);
-		return 2;
-	}
-	ctx->clamdopts = clamdopts;
-
        ctx->maxthreads = optget(ctx->clamdopts, "OnAccessMaxThreads")->numarg;

        /* Setup our event queue */
@ -111,24 +131,6 @@ int main(int argc, char **argv)
                break;
        }

-	/* Setup our client */
-	switch(onas_setup_client(&ctx)) {
-		case CL_SUCCESS:
-			if (CL_SUCCESS == onas_check_client_connection(&ctx)) {
-				break;
-			}
-		case CL_BREAK:
-			ret = 0;
-			logg("*Clamonacc: not setting up client\n");
-			goto clean_up;
-			break;
-		case CL_EARG:
-		default:
-			logg("!Clamonacc: can't setup client\n");
-			ret = 2;
-			goto clean_up;
-			break;
-	}
 #if defined(FANOTIFY)
 	/* Setup fanotify */
 	switch(onas_setup_fanotif(&ctx)) {
@ -216,6 +218,35 @@ int onas_start_eloop(struct onas_context **ctx) {
 	return ret;
 }

+static int startup_checks(struct onas_context *ctx) {
+
+	int ret = 0;
+        cl_error_t err = CL_SUCCESS;
+
+	if(optget(ctx->opts, "help")->enabled) {
+		help();
+		ret = 2;
+		goto done;
+	}
+
+	if(optget(ctx->opts, "version")->enabled) {
+		onas_print_server_version(&ctx);
+		ret = 2;
+		goto done;
+	}
+
+	if (0 == onas_check_remote(&ctx, &err)) {
+		if(!optget(ctx->clamdopts, "OnAccessExcludeUID")->enabled &&
+				!optget(ctx->clamdopts, "OnAccessExcludeUname")->enabled) {
+			logg("!Clamonacc: neither OnAccessExcludeUID or OnAccessExcludeUname is specified ... it is reccomended you exclude the clamd instance UID or uname to prevent infinite event scanning loops\n");
+			ret = 2;
+			goto done;
+		}
+	}
+done:
+	return ret;
+}
+
 void help(void)
 {
    mprintf_stdout = 1;
--- a/clamonacc/client/onaccess_client.c
+++ b/clamonacc/client/onaccess_client.c
@ -69,7 +69,7 @@

 struct sockaddr_un nixsock;

-static void print_server_version(struct onas_context **ctx)
+void onas_print_server_version(struct onas_context **ctx)
 {
 	if(onas_get_clamd_version(ctx)) {
 		/* can't get version from server, fallback */
@ -270,11 +270,6 @@ cl_error_t onas_setup_client (struct onas_context **ctx) {
 	logg_verbose = 1;
    }

-    if(optget(opts, "version")->enabled) {
-	print_server_version(ctx);
-	return CL_BREAK;
-    }
-
    if(optget(opts, "infected")->enabled) {
 	(*ctx)->printinfected = 1;
    }
@ -357,7 +352,7 @@ int onas_get_clamd_version(struct onas_context **ctx)
    }

    if (!b_remote) {
-	curlcode = onas_curl_init(&curl, optget((*ctx)->clamdopts, "LocalSocket")->strarg, (*ctx)->portnum, timeout);
+	curlcode = onas_curl_init(&curl, optget((*ctx)->clamdopts, "LocalSocket")->strarg, 0, timeout);
    } else {
 	curlcode = onas_curl_init(&curl, optget((*ctx)->clamdopts, "TCPAddr")->strarg, (*ctx)->portnum, timeout);
 	if (CURLE_OK != curlcode) {
@ -371,7 +366,7 @@ int onas_get_clamd_version(struct onas_context **ctx)

    curlcode = curl_easy_perform(curl);
    if (CURLE_OK != curlcode) {
-	    logg("!ClamClient: could not connect to clam daemon, %s\n", curl_easy_strerror(curlcode));
+	    logg("*ClamClient: could not connect to clam daemon, %s\n", curl_easy_strerror(curlcode));
 	    return 2;
    }

--- a/clamonacc/client/onaccess_client.h
+++ b/clamonacc/client/onaccess_client.h
@ -37,6 +37,7 @@ enum {
 };


+void onas_print_server_version(struct onas_context **ctx);
 int onas_client_scan(const char *tcpaddr, int64_t portnum, int32_t scantype, uint64_t maxstream, const char *fname, int fd, int64_t timeout, STATBUF sb, int *infected, int *err, cl_error_t *ret_code);
 CURLcode onas_curl_init(CURL **curl, const char *ipaddr, int64_t port, int64_t timeout);
 int onas_get_clamd_version(struct onas_context **ctx);