MDL-64075 antivirus_clamav: Add TCP socket admin settings

moodle · Jan 7, 2020 · a0d871f · a0d871f
1 parent 0acf1ba
commit a0d871f
Show file tree

Hide file tree

Showing 4 changed files with 90 additions and 16 deletions.
diff --git a/lib/antivirus/clamav/adminlib.php b/lib/antivirus/clamav/adminlib.php
@@ -49,17 +49,56 @@ public function write_setting($data) {
     /**
      * Validate data.
      *
-     * This ensures that unix socket transport is supported by this system.
+     * This ensures that the selected socket transport is supported by this system.
      *
      * @param string $data
      * @return mixed True on success, else error message.
      */
     public function validate($data) {
+        $supportedtransports = stream_get_transports();
         if ($data === 'unixsocket') {
-            $supportedtransports = stream_get_transports();
             if (array_search('unix', $supportedtransports) === false) {
                 return get_string('errornounixsocketssupported', 'antivirus_clamav');
             }
+        } else if ($data === 'tcpsocket') {
+            if (array_search('tcp', $supportedtransports) === false) {
+                return get_string('errornotcpsocketssupported', 'antivirus_clamav');
+            }
+        }
+        return true;
+    }
+}
+
+
+/**
+ * Abstract socket checking class
+ *
+ * @package    antivirus_clamav
+ * @copyright  2015 Ruslan Kabalin, Lancaster University.
+ * @copyright  2019 Didier Raboud, Liip AG.
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class antivirus_clamav_socket_setting extends admin_setting_configtext {
+    /**
+     * Ping ClamAV socket.
+     *
+     * This ensures that a socket setting is correct and that ClamAV is running.
+     *
+     * @param string $socketaddress Address to the socket to connect to (for stream_socket_client)
+     * @return mixed True on success, else error message.
+     */
+    protected function validate_clamav_socket($socketaddress) {
+        $socket = stream_socket_client($socketaddress, $errno, $errstr, ANTIVIRUS_CLAMAV_SOCKET_TIMEOUT);
+        if (!$socket) {
+            return get_string('errorcantopensocket', 'antivirus_clamav', "$errstr ($errno)");
+        } else {
+            // Send PING query to ClamAV socket to check its running state.
+            fwrite($socket, "nPING\n");
+            $response = stream_get_line($socket, 4);
+            fclose($socket);
+            if ($response !== 'PONG') {
+                return get_string('errorclamavnoresponse', 'antivirus_clamav');
+            }
         }
         return true;
     }
@@ -71,7 +110,7 @@ public function validate($data) {
  * @copyright  2015 Ruslan Kabalin, Lancaster University.
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
-class antivirus_clamav_pathtounixsocket_setting extends admin_setting_configtext {
+class antivirus_clamav_pathtounixsocket_setting extends antivirus_clamav_socket_setting {
     /**
      * Validate data.
      *
@@ -87,19 +126,38 @@ public function validate($data) {
         }
         $runningmethod = get_config('antivirus_clamav', 'runningmethod');
         if ($runningmethod === 'unixsocket') {
-            $socket = stream_socket_client('unix://' . $data, $errno, $errstr, ANTIVIRUS_CLAMAV_SOCKET_TIMEOUT);
-            if (!$socket) {
-                return get_string('errorcantopensocket', 'antivirus_clamav', "$errstr ($errno)");
-            } else {
-                // Send PING query to ClamAV socket to check its running state.
-                fwrite($socket, "nPING\n");
-                $response = stream_get_line($socket, 4);
-                fclose($socket);
-                if ($response !== 'PONG') {
-                    return get_string('errorclamavnoresponse', 'antivirus_clamav');
-                }
-            }
+            return $this->validate_clamav_socket('unix://' . $data);
         }
         return true;
     }
 }
+
+/**
+ * Admin setting for Internet domain socket host, adds verification.
+ *
+ * @package    antivirus_clamav
+ * @copyright  2019 Didier Raboud, Liip AG.
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class antivirus_clamav_tcpsockethost_setting extends antivirus_clamav_socket_setting {
+    /**
+     * Validate data.
+     *
+     * This ensures that Internet domain socket setting is correct and ClamAV is running.
+     *
+     * @param string $data
+     * @return mixed True on success, else error message.
+     */
+    public function validate($data) {
+        $result = parent::validate($data);
+        if ($result !== true) {
+            return $result;
+        }
+        $runningmethod = get_config('antivirus_clamav', 'runningmethod');
+        $tcpport = get_config('antivirus_clamav', 'tcpsocketport');
+        if ($runningmethod === 'tcpsocket') {
+            return $this->validate_clamav_socket('tcp://' . $data . ':' . $tcpport);
+        }
+        return true;
+    }
+}
diff --git a/lib/antivirus/clamav/lang/en/antivirus_clamav.php b/lib/antivirus/clamav/lang/en/antivirus_clamav.php
@@ -42,4 +42,9 @@
 $string['runningmethoddesc'] = 'Method of running ClamAV. Command line is used by default, however on Unix systems better performance can be obtained by using system sockets.';
 $string['runningmethodcommandline'] = 'Command line';
 $string['runningmethodunixsocket'] = 'Unix domain socket';
+$string['runningmethodtcpsocket'] = 'TCP socket';
+$string['tcpsockethost'] = 'TCP socket hostname';
+$string['tcpsockethostdesc'] = 'Domain name of the ClamAV server';
+$string['tcpsocketport'] = 'TCP socket port';
+$string['tcpsocketportdesc'] = 'The port to use when connecting to ClamAV';
 $string['unknownerror'] = 'There was an unknown error with ClamAV.';
diff --git a/lib/antivirus/clamav/settings.php b/lib/antivirus/clamav/settings.php
@@ -32,6 +32,7 @@
     $runningmethodchoice = array(
         'commandline' => get_string('runningmethodcommandline', 'antivirus_clamav'),
         'unixsocket' => get_string('runningmethodunixsocket', 'antivirus_clamav'),
+        'tcpsocket' => get_string('runningmethodtcpsocket', 'antivirus_clamav'),
     );
     $settings->add(new antivirus_clamav_runningmethod_setting('antivirus_clamav/runningmethod',
             get_string('runningmethod', 'antivirus_clamav'),
@@ -47,6 +48,16 @@
             new lang_string('pathtounixsocket', 'antivirus_clamav'),
             new lang_string('pathtounixsocketdesc', 'antivirus_clamav'), '', PARAM_PATH));
 
+    // Hostname to reach ClamAV tcp socket (used in tcp socket running method).
+    $settings->add(new antivirus_clamav_tcpsockethost_setting('antivirus_clamav/tcpsockethost',
+            new lang_string('tcpsockethost', 'antivirus_clamav'),
+            new lang_string('tcpsockethostdesc', 'antivirus_clamav'), '', PARAM_HOST));
+
+    // Port to reach ClamAV tcp socket (used in tcp socket running method).
+    $settings->add(new admin_setting_configtext('antivirus_clamav/tcpsocketport',
+            new lang_string('tcpsocketport', 'antivirus_clamav'),
+            new lang_string('tcpsocketportdesc', 'antivirus_clamav'), 3310, PARAM_INT));
+
     // How to act on ClamAV failure.
     $options = array(
         'donothing' => new lang_string('configclamdonothing', 'antivirus_clamav'),

diff --git a/lib/antivirus/clamav/version.php b/lib/antivirus/clamav/version.php
@@ -24,6 +24,6 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$plugin->version   = 2019111800;          // The current plugin version (Date: YYYYMMDDXX).
+$plugin->version   = 2019122900;          // The current plugin version (Date: YYYYMMDDXX).
 $plugin->requires  = 2019111200;          // Requires this Moodle version.
 $plugin->component = 'antivirus_clamav';  // Full name of the plugin (used for diagnostics).