Add iface option to --broadcast

git-svn: trunk@934

clamav-devel/clamav-milter/INSTALL

@@ -504,6 +504,7 @@ Changes
 0.80b	27/9/04	Added quit() routine to tidy when shutting down
 		honour HAVE_IN_ADDR_T
 		Added --broadcast option
+0.80c	27/9/04	Added iface option to --broadcast
 
 INTERNATIONALISATION
 

clamav-devel/clamav-milter/clamav-milter.c

@@ -26,6 +26,9 @@
  *
  * Change History:
  * $Log: clamav-milter.c,v $
+ * Revision 1.134  2004/09/27 17:08:31  nigelhorne
+ * Add iface option to --broadcast
+ *
  * Revision 1.133  2004/09/27 12:43:23  nigelhorne
  * Added --broadcast
  *
@@ -410,9 +413,9 @@
  * Revision 1.6  2003/09/28 16:37:23  nigelhorne
  * Added -f flag use MaxThreads if --max-children not set
  */
-static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.133 2004/09/27 12:43:23 nigelhorne Exp $";
+static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.134 2004/09/27 17:08:31 nigelhorne Exp $";
 
-#define	CM_VERSION	"0.80b"
+#define	CM_VERSION	"0.80c"
 
 /*#define	CONFDIR	"/usr/local/etc"*/
 
@@ -444,6 +447,7 @@ static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.133 2004/09/27 12:43:23 ni
 #include <assert.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
+#include <net/if.h>
 #include <arpa/inet.h>
 #include <sys/un.h>
 #include <stdarg.h>
@@ -641,10 +645,11 @@ static	int	bflag = 0;	/*
 				 * sender. This probably isn't a good idea
 				 * since most reply addresses will be fake
 				 */
-static	int	Bflag = 0;	/*
+static	const	char	*iface;	/*
 				 * Broadcast a message when a virus is found,
 				 * this allows remote network management
 				 */
+static	int	broadcastSock = -1;
 static	int	pflag = 0;	/*
 				 * Send a warning to the postmaster only,
 				 * this means user's won't be told when someone
@@ -774,7 +779,7 @@ help(void)
 
 	puts(_("\t--advisory\t\t-A\tFlag viruses rather than deleting them."));
 	puts(_("\t--bounce\t\t-b\tSend a failure message to the sender."));
-	puts(_("\t--broadcast\t\t-B\tBroadcast to a network manager when a virus is found."));
+	puts(_("\t--broadcast\t\t-B [IFACE]\tBroadcast to a network manager when a virus is found."));
 	puts(_("\t--config-file=FILE\t-c FILE\tRead configuration from FILE."));
 	puts(_("\t--debug\t\t\t-D\tPrint debug messages."));
 	puts(_("\t--dont-log-clean\t-C\tDon't add an entry to syslog that a mail is clean."));
@@ -812,7 +817,7 @@ int
 main(int argc, char **argv)
 {
 	extern char *optarg;
-	int i;
+	int i, Bflag = 0;
 	const char *cfgfile = CL_DEFAULT_CFG;
 	struct cfgstruct *cpt;
 	struct passwd *user;
@@ -860,9 +865,9 @@ main(int argc, char **argv)
 	for(;;) {
 		int opt_index = 0;
 #ifdef	CL_DEBUG
-		const char *args = "a:AbBc:CDfF:lm:nNop:PqQ:dhHs:St:T:U:Vx:";
+		const char *args = "a:AbB:c:CDfF:lm:nNop:PqQ:dhHs:St:T:U:Vx:";
 #else
-		const char *args = "a:AbBc:CDfF:lm:nNop:PqQ:dhHs:St:T:U:V";
+		const char *args = "a:AbB:c:CDfF:lm:nNop:PqQ:dhHs:St:T:U:V";
 #endif
 
 		static struct option long_options[] = {
@@ -876,7 +881,7 @@ main(int argc, char **argv)
 				"bounce", 0, NULL, 'b'
 			},
 			{
-				"broadcast", 0, NULL, 'B'
+				"broadcast", 2, NULL, 'B'
 			},
 			{
 				"config-file", 1, NULL, 'c'
@@ -983,6 +988,8 @@ main(int argc, char **argv)
 				break;
 			case 'B':	/* broadcast */
 				Bflag++;
+				if(optarg)
+					iface = optarg;
 				break;
 			case 'c':	/* where is clamd.conf? */
 				cfgfile = optarg;
@@ -1093,10 +1100,39 @@ main(int argc, char **argv)
 		return EX_CONFIG;
 	}
 
+	if(Bflag) {
+		int on;
+
+		broadcastSock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
+		/*
+		 * SO_BROADCAST doesn't sent to all NICs on Linux, it only
+		 * broadcasts on eth0, which is why there's an optional argument
+		 * to --broadcast to say which NIC to broadcast on. You can use
+		 * SO_BINDTODEVICE to get around that, but you need to have
+		 * uid == 0 for that
+		 */
+		on = 1;
+		if(setsockopt(broadcastSock, SOL_SOCKET, SO_BROADCAST, (int *)&on, sizeof(on)) < 0) {
+			perror("setsockopt");
+			return EX_UNAVAILABLE;
+		}
+		shutdown(broadcastSock, SHUT_RD);
+	}
+
 	/*
 	 * Drop privileges
 	 */
 	if(getuid() == 0) {
+		if(iface) {
+			struct ifreq ifr;
+
+			memset(&ifr, '\0', sizeof(struct ifreq));
+			strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name) - 1);
+			if(setsockopt(broadcastSock, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) < 0) {
+				perror(iface);
+				return EX_UNAVAILABLE;
+			}
+		}
 		if((cpt = cfgopt(copt, "User")) != NULL) {
 			if((user = getpwnam(cpt->strarg)) == NULL) {
 				fprintf(stderr, _("%s: Can't get information about user %s\n"), argv[0], cpt->strarg);
@@ -1131,7 +1167,11 @@ main(int argc, char **argv)
 					cpt->strarg, user->pw_uid, user->pw_gid);
 		} else
 			fprintf(stderr, _("%s: running as root is not recommended (check \"User\" in clamd.conf)\n"), argv[0]);
+	} else if(iface) {
+		fprintf(stderr, _("%s: Only root can set an interface for --broadcast\n"), argv[0]);
+		return EX_USAGE;
 	}
+
 	if(advisory && quarantine) {
 		fprintf(stderr, _("%s: Advisory mode doesn't work with quarantine mode\n"), argv[0]);
 		return EX_USAGE;
@@ -2707,7 +2747,7 @@ clamfi_eom(SMFICTX *ctx)
 
 		snprintf(reject, sizeof(reject) - 1, _("%s detected by ClamAV - http://www.clamav.net"), virusname);
 		smfi_setreply(ctx, (char *)privdata->rejectCode, "5.7.1", reject);
-		if(Bflag)
+		if(broadcastSock >= 0)
 			broadcast(mess);
 	}
 	clamfi_cleanup(ctx);
@@ -4004,41 +4044,20 @@ quit(void)
 	quitting++;
 
 	if(use_syslog)
-		syslog(LOG_INFO, _("Stopping: %s"), clamav_version);
+		syslog(LOG_INFO, _("Stopping %s"), clamav_version);
 #endif
 }
 
 static void
 broadcast(const char *mess)
 {
-	int on;
 	struct sockaddr_in s;
-	const sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
-
-	if(sock < 0) {
-		perror("socket");
-		return;
-	}
-
-	/*
-	 * SO_BROADCAST doesn't sent to all NICs on Linux, it only broadcasts
-	 * on eth0. You can use SO_BINDTODEVICE to get around that, but you
-	 * need to have uid == 0 for that
-	 */
-	on = 1;
-	if(setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (int *)&on, sizeof(on)) < 0) {
-		perror("setsockopt");
-		close(sock);
-		return;
-	}
 
 	memset(&s, '\0', sizeof(struct sockaddr_in));
 	s.sin_family = AF_INET;
 	s.sin_port = (in_port_t)htons(tcpSocket);
 	s.sin_addr.s_addr = htonl(INADDR_BROADCAST);
 
-	if(sendto(sock, mess, strlen(mess), 0, (struct sockaddr *)&s, sizeof(struct sockaddr_in)) < 0)
+	if(sendto(broadcastSock, mess, strlen(mess), 0, (struct sockaddr *)&s, sizeof(struct sockaddr_in)) < 0)
 		perror("sendto");
-
-	close(sock);
 }

clamav-devel/clamav-milter/clamav-milter.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: bugs@clamav.net\n"
-"POT-Creation-Date: 2004-09-27 14:10+0100\n"
+"POT-Creation-Date: 2004-09-27 18:07+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -26,7 +26,8 @@ msgstr ""
 
 #: clamav-milter.c:779
 msgid ""
-"\t--broadcast\t\t-B\tBroadcast to a network manager when a virus is found."
+"\t--broadcast\t\t-B [IFACE]\tBroadcast to a network manager when a virus is "
+"found."
 msgstr ""
 
 #: clamav-milter.c:780

clamav-devel/docs/man/clamav-milter.8

@@ -63,9 +63,12 @@ Send a failure message to the sender, and to the postmaster.
 fake their source address, so this option is not recommended ].
 See also \-\-noreject.
 .TP
-\fB\-B, \-\-broadcast\fR
+\fB\-B, \-\-broadcast[=<iface>]\fR
 When a virus is intercepted, broadcast a UDP message to the TCPSocket port set
 in \fBclamd.conf\fR.
+If the optional \fIiface\fR option is given, broadcasts will be sent on
+that interface. The default is set by the opertating system, usually to the
+first NIC.
 A future network management program (yet to be written) will intercept these
 broadcasts to raise a warning on the operator's desk.
 .TP