vscan/vscand/vs_icap.h

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 * PRIVATE header file for the icap client vs_icap.c
 */

#ifndef _VS_ICAP_H_
#define	_VS_ICAP_H_

#ifdef __cplusplus
extern "C" {
#endif

/* macros */
#define	MATCH(a, b)	(!strncasecmp((a), (b), strlen((b))))

#define	VS_ICAP_VER	"ICAP/1.0"

/* max sizes for vs_options_t */
#define	VS_DEFN_SZ	32
#define	VS_SERVICE_SZ	64

#define	VS_BUF_SZ	4096	/* keep this a power-of-two value. */
#define	VS_HDR_SZ	8	/* > length of VS_BUF_SZ in hex + 2 for \r\n */
#define	VS_TAIL_SZ	8	/* > \r\n */
#define	VS_ENCAP_SZ	64	/* space reserved in header for encap offsets */
#define	VS_TERMINATION	"0\r\n\r\n"

/*
 * The Symantec ICAP server REQUIRES the "avscan" resource name
 * after the IP address in the OPTIONS and  RESPMOD requests
 * This is ignored by the other ICAP servers.
 */
#define	VS_SERVICE_NAME "avscan"

/* infection/violation record processing */
#define	VS_VIOLATION_LINES   4
#define	VS_INFECTION_FIELDS  3

/* previewing files */
#define	VS_MIN_PREVIEW_LEN	4

/* defines which files types should be previewed */
typedef enum {
	VS_PREVIEW_ALL = 1,	/* preview all files */
	VS_PREVIEW_NONE,	/* preview no files, transfer all complete */
	VS_PREVIEW_LIST,	/* preview only files of listed types */
	VS_PREVIEW_EXCEPT	/* preview all files except listed types */
} vs_preview_t;

/* valid ICAP response codes */
typedef enum {
	VS_RESP_CONTINUE	= 100,
	VS_RESP_OK		= 200,
	VS_RESP_CREATED		= 201, /* file repaired. */
	VS_RESP_NO_CONT_NEEDED	= 204,
	VS_RESP_BAD_REQ		= 400,
	VS_RESP_FORBIDDEN	= 403, /* virus found but not repairable */
	VS_RESP_NOT_FOUND	= 404,
	VS_RESP_NOT_ALLOWED	= 405,
	VS_RESP_TIMEOUT		= 408,
	VS_RESP_INTERNAL_ERR	= 500,
	VS_RESP_NOT_IMPL	= 501,
	VS_RESP_SERV_UNAVAIL	= 503,  /* service unavailable or overloaded */
	VS_RESP_ICAP_VER_UNSUPP	= 505,
	/* Symantec additions - not ICAP standard */
	VS_RESP_SCAN_ERR	= 533,
	VS_RESP_NO_LICENSE	= 539,
	VS_RESP_RES_UNAVAIL	= 551,
	/* all else */
	VS_RESP_UNKNOWN
} vs_icap_resp_t;


/* the ICAP OPTIONS HEADERS used by NAS AVA */
typedef enum {
	VS_OPT_SERVICE = 1,
	VS_OPT_ISTAG,
	VS_OPT_METHODS,
	VS_OPT_ALLOW,
	VS_OPT_PREVIEW,
	VS_OPT_XFER_PREVIEW,
	VS_OPT_XFER_COMPLETE,
	VS_OPT_MAX_CONNECTIONS,
	VS_OPT_TTL,
	VS_OPT_X_DEF_INFO,
	VS_OPT_HDR_MAX = VS_OPT_X_DEF_INFO
} vs_option_hdr_t;


/*
 * the ICAP RESPMOD RESPONSE HEADERS used by NAS AVA
 *
 * Do NOT change the order of:
 * VS_RESP_X_VIRUS_ID, VS_RESP_X_INFECTION, VS_RESP_X_VIOLATIONS
 * Virus data saved from any one of these headers may be replaced
 * with data found in a preferable header (one with more info).
 * They are listed in order of preference.
 */
typedef enum {
	VS_RESP_ENCAPSULATED = 1,
	VS_RESP_ISTAG,
	VS_RESP_X_VIRUS_ID,
	VS_RESP_X_INFECTION,
	VS_RESP_X_VIOLATIONS,
	VS_RESP_HDR_MAX = VS_RESP_X_VIOLATIONS
} vs_resp_hdr_t;


/*
 * vs_options_t
 * vs_impl.c manages an array of vs_options_t, one per scan engine.
 * vs_options_t is used to store the scan engine configuration info
 * returned from the scan engine in the ICAP OPTIONS RESPONSE.
 * This information is then used to determine how to communicate with
 * the scan engines (eg which files to preview), when to resend the
 * ICAP OPTIONS REQUEST, and the istag is used as the scanstamp of
 * the file. The istag is also returned in the ICAP RESPMOD RESPONSE
 * and is used to update the stored one if it has changed.
 */
typedef struct vs_options {
	/* host & port used to detect config changes */
	char vso_host[MAXHOSTNAMELEN];
	int vso_port;

	/* configuration options returned from scan engine */
	int vso_preview_len;		/* the preview supported */
	int vso_allow;			/* allow 204 */
	vs_scanstamp_t vso_scanstamp;	/* from istag received */
	char vso_defninfo[VS_DEFN_SZ];	/* virus definition info */
	char vso_service[VS_SERVICE_SZ]; /* name of SE service */
	int vso_respmod;		/* set if RESPMOD method supported */
	vs_preview_t vso_xfer_how;	/* transfer preview or complete */
	iovec_t *vso_xfer_preview;	/* file exts supporting preview */
	iovec_t *vso_xfer_complete;	/* file exts to be sent complete */
	long vso_ttl;			/* after this expiry, re-get options */
	time_t vso_req_time;		/* time when option was last sent */
} vs_options_t;


/*
 * vs_info_t
 *
 * vs_info_t is part of the context created for each scan engine request.
 * It contains send/recv buffers and other temporary storage required
 * during the processing of the request/response.
 * threat_hdr_t defines from which header the virus information was
 * obtained. This is used to determine whether to overwrite existing
 * info if a 'better' header is found.
 */
typedef struct vs_info {
	char vsi_send_hdr[VS_HDR_SZ];
	char vsi_send_buf[VS_BUF_SZ + VS_TAIL_SZ];
	char vsi_recv_buf[VS_BUF_SZ];

	/*  response header information */
	boolean_t vsi_res_hdr;
	boolean_t vsi_res_body;
	boolean_t vsi_html_content;	/* L8R - set, not used */
	int	vsi_content_len;	/* L8R - set, not used */
	int	vsi_icap_rc;
	int	vsi_http_rc;
	int	vsi_threat_hdr;
} vs_info_t;


/*
 * vs_scan_ctx_t
 *
 * A vs_scan_ctx_t is created for each scan request. It will contain
 * everything that is needed to process the scan request and return
 * the response to the caller.
 * - engine connection information used to identify which scan engine
 *   the request is being sent to,
 * - information about the file being scanned,
 * - a place to store information about the file that will be created
 *   to hold cleaned data if the scan engine detects an infection
 *   and returns a cleaned version of the file,
 * - a copy of the vs_options_t for the scan engine. This allows the
 *   NAS AVA scan engine connection parameters to be reconfigured without
 *   affecting any in-progress requests,
 * - a vs_info_t - the temporary storage needed to process the request,
 * - a vs_result_t - a place to store the  scan result information to be
 *   returned to the caller.
 */
typedef struct vs_scan_ctx {
	/* scan engine idx and connection info */
	int vsc_idx;
	char vsc_host[MAXHOSTNAMELEN];
	int vsc_port;
	int vsc_sockfd;

	/* info about file to be scanned */
	int vsc_fd;
	char *vsc_fname;
	uint64_t vsc_fsize;
	int vsc_flags;

	/* file to hold repaired data */
	boolean_t vsc_repair;
	int vsc_repair_fd;
	char *vsc_repair_fname;

	vs_options_t vsc_options;
	vs_info_t vsc_info;
	vs_result_t *vsc_result;
} vs_scan_ctx_t;


/*
 * vs_icap_hdr_t
 *
 * vs_icap.c defines tables of handlers for each ICAP OPTIONS RESPONSE HEADER
 * and each ICAP RESPMOD RESPONSE HEADER which NAS AVA uses.
 * Each entry in these tables is an vs_hdr_t.
 */
typedef struct vs_hdr {
	int  vsh_id;
	char *vsh_name;
	int  (*vsh_func)(vs_scan_ctx_t *, int, char *);
}vs_hdr_t;


/*
 * vs_resp_msg_t
 *
 * vs_icap.c defines a table mapping ICAP response code values to text strings.
 * Each entry in this tables is a vs_resp_msg_t.
 */
typedef struct vs_resp_msg {
	int vsm_rc;
	char *vsm_msg;
} vs_resp_msg_t;

#ifdef __cplusplus
}
#endif

#endif /* _VS_ICAP_H_ */