[Libguestfs] [PATCH v4 0/7] Feature: Yara file scanning

2017-03-12 Thread Matteo Cafasso 
Rebase patches on top of 1.37.1.

No changes since last series.

Matteo Cafasso (7):
  daemon: expose file upload logic
  appliance: add yara dependency
  New API: yara_load
  New API: yara_destroy
  New API: internal_yara_scan
  New API: yara_scan
  yara_scan: added API tests

 appliance/packagelist.in |   4 +
 configure.ac |   1 +
 daemon/Makefile.am   |   4 +-
 daemon/cleanups.c|   9 +
 daemon/cleanups.h|   2 +
 daemon/daemon.h  |   3 +
 daemon/upload.c  |  70 +++
 daemon/yara.c| 301 +++
 generator/Makefile.am|   3 +
 generator/actions.ml |   6 +-
 generator/proc_nr.ml |   3 +
 generator/structs.ml |   9 +
 gobject/Makefile.inc |   8 +-
 java/Makefile.inc|   1 +
 java/com/redhat/et/libguestfs/.gitignore |   1 +
 lib/MAX_PROC_NR  |   2 +-
 lib/Makefile.am  |   1 +
 lib/yara.c   | 127 +
 m4/guestfs_daemon.m4 |  14 ++
 tests/yara/Makefile.am   |  26 +++
 tests/yara/test-yara-scan.sh |  72 
 21 files changed, 630 insertions(+), 37 deletions(-)
 create mode 100644 daemon/yara.c
 create mode 100644 lib/yara.c
 create mode 100644 tests/yara/Makefile.am
 create mode 100755 tests/yara/test-yara-scan.sh

--
2.11.0

___
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs

[Libguestfs] [PATCH v4 6/7] New API: yara_scan

2017-03-12 Thread Matteo Cafasso 
The yara_scan API parses the file generated by the daemon counterpart
function and returns the list of yara_detection structs to the user.

It writes the daemon's command output on a temporary file and parses it,
deserialising the XDR formatted yara_detection structs.

It returns to the caller the list of yara_detection structs generated by
the internal_yara_scan command.

Signed-off-by: Matteo Cafasso 
---
 generator/actions.ml |   3 +-
 lib/Makefile.am  |   1 +
 lib/yara.c   | 127 +++
 3 files changed, 130 insertions(+), 1 deletion(-)
 create mode 100644 lib/yara.c

diff --git a/generator/actions.ml b/generator/actions.ml
index 4df3b2a32..d36a4f8a9 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -38,7 +38,8 @@ let non_daemon_functions =
   Actions_inspection_deprecated.non_daemon_functions @
   Actions_properties.non_daemon_functions @
   Actions_properties_deprecated.non_daemon_functions @
-  Actions_tsk.non_daemon_functions
+  Actions_tsk.non_daemon_functions @
+  Actions_yara.non_daemon_functions

 (* daemon_functions are any functions which cause some action
  * to take place in the daemon.
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 063706f8f..fc55c2dcf 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -127,6 +127,7 @@ libguestfs_la_SOURCES = \
wait.c \
whole-file.c \
version.c \
+   yara.c \
libguestfs.syms

 libguestfs_la_CPPFLAGS = \
diff --git a/lib/yara.c b/lib/yara.c
new file mode 100644
index 0..864766e7a
--- /dev/null
+++ b/lib/yara.c
@@ -0,0 +1,127 @@
+/* libguestfs
+ * Copyright (C) 2016 Red Hat Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "guestfs.h"
+#include "guestfs_protocol.h"
+#include "guestfs-internal.h"
+#include "guestfs-internal-all.h"
+#include "guestfs-internal-actions.h"
+
+static struct guestfs_yara_detection_list *parse_yara_detection_file 
(guestfs_h *, const char *);
+static int deserialise_yara_detection_list (guestfs_h *, FILE *, struct 
guestfs_yara_detection_list *);
+
+struct guestfs_yara_detection_list *
+guestfs_impl_yara_scan (guestfs_h *g, const char *path)
+{
+  int ret = 0;
+  CLEANUP_UNLINK_FREE char *tmpfile = NULL;
+
+  tmpfile = guestfs_int_make_temp_path (g, "yara_scan");
+  if (tmpfile == NULL)
+return NULL;
+
+  ret = guestfs_internal_yara_scan (g, path, tmpfile);
+  if (ret < 0)
+return NULL;
+
+  return parse_yara_detection_file (g, tmpfile);  /* caller frees */
+}
+
+/* Parse the file content and return detections list.
+ * Return a list of yara_detection on success, NULL on error.
+ */
+static struct guestfs_yara_detection_list *
+parse_yara_detection_file (guestfs_h *g, const char *tmpfile)
+{
+  int ret = 0;
+  CLEANUP_FCLOSE FILE *fp = NULL;
+  struct guestfs_yara_detection_list *detections = NULL;
+
+  fp = fopen (tmpfile, "r");
+  if (fp == NULL) {
+perrorf (g, "fopen: %s", tmpfile);
+return NULL;
+  }
+
+  /* Initialise results array. */
+  detections = safe_malloc (g, sizeof (*detections));
+  detections->len = 8;
+  detections->val = safe_malloc (g, detections->len *
+ sizeof (*detections->val));
+
+  /* Deserialise buffer into detection list. */
+  ret = deserialise_yara_detection_list (g, fp, detections);
+  if (ret < 0) {
+guestfs_free_yara_detection_list (detections);
+return NULL;
+  }
+
+  return detections;
+}
+
+/* Deserialise the file content and populate the detection list.
+ * Return the number of deserialised detections, -1 on error.
+ */
+static int
+deserialise_yara_detection_list (guestfs_h *g, FILE *fp,
+ struct guestfs_yara_detection_list 
*detections)
+{
+  XDR xdr;
+  int ret = 0;
+  uint32_t index = 0;
+  struct stat statbuf;
+
+  ret = fstat (fileno(fp), );
+  if (ret == -1)
+return -1;
+
+  xdrstdio_create (, fp, XDR_DECODE);
+
+  for (index = 0; xdr_getpos () < statbuf.st_size; index++) {
+if (index == detections->len) {
+  detections->len = 2 * detections->len;
+  detections->val = safe_realloc (g, detections->val,
+

[Libguestfs] [PATCH v4 5/7] New API: internal_yara_scan

2017-03-12 Thread Matteo Cafasso 
The internal_yara_scan runs the Yara engine with the previously loaded
rules against the given file.

For each rule matching against the scanned file, a struct containing
the file name and the rule identifier is returned.

The gathered list of yara_detection structs is serialised into XDR format
and written to a file.

Signed-off-by: Matteo Cafasso 
---
 daemon/yara.c| 86 
 generator/proc_nr.ml |  1 +
 generator/structs.ml |  9 
 gobject/Makefile.inc |  2 +
 java/Makefile.inc|  1 +
 java/com/redhat/et/libguestfs/.gitignore |  1 +
 lib/MAX_PROC_NR  |  2 +-
 7 files changed, 101 insertions(+), 1 deletion(-)

diff --git a/daemon/yara.c b/daemon/yara.c
index cb49593c7..471547341 100644
--- a/daemon/yara.c
+++ b/daemon/yara.c
@@ -54,6 +54,8 @@ static bool initialized = false;
 static int compile_rules_file (const char *, const char *);
 static void compile_error_callback (int, const char *, int, const char *, void 
*);
 static void cleanup_destroy_yara_compiler (void *ptr);
+static int yara_rules_callback (int , void *, void *);
+static int send_detection_info (const char *, YR_RULE *);

 /* Has one FileIn parameter.
  * Takes optional arguments, consult optargs_bitmask.
@@ -119,6 +121,38 @@ do_yara_destroy (void)
   return 0;
 }

+/* Has one FileOut parameter. */
+int
+do_internal_yara_scan (const char *path)
+{
+  int ret = 0;
+  CLEANUP_CLOSE int fd = -1;
+
+  if (rules == NULL) {
+reply_with_error ("no yara rules loaded");
+return -1;
+  }
+
+  CHROOT_IN;
+  fd = open (path, O_RDONLY|O_CLOEXEC);
+  CHROOT_OUT;
+
+  if (fd < 0) {
+reply_with_perror ("%s", path);
+return -1;
+  }
+
+  reply (NULL, NULL);  /* Reply message. */
+
+  ret = yr_rules_scan_fd (rules, fd, 0, yara_rules_callback, (void *) path, 0);
+  if (ret == ERROR_SUCCESS)
+ret = send_file_end (0);  /* File transfer end. */
+  else
+send_file_end (1);  /* Cancel file transfer. */
+
+  return 0;
+}
+
 /* Compile source code rules and load them.
  * Return ERROR_SUCCESS on success, Yara error code type on error.
  */
@@ -170,6 +204,58 @@ compile_error_callback(int level, const char *name, int 
line,
 fprintf (stderr, "Yara warning (line %d): %s\n", line, message);
 }

+/* Yara scan callback, called by yr_rules_scan_file.
+ * Return 0 on success, -1 on error.
+ */
+static int
+yara_rules_callback (int code, void *message, void *data)
+{
+  int ret = 0;
+
+  if (code == CALLBACK_MSG_RULE_MATCHING)
+ret = send_detection_info ((const char *)data, (YR_RULE *) message);
+
+  return (ret == 0) ? CALLBACK_CONTINUE : CALLBACK_ERROR;
+}
+
+/* Serialize file path and rule name and send it out.
+ * Return 0 on success, -1 on error.
+ */
+static int
+send_detection_info (const char *name, YR_RULE *rule)
+{
+  XDR xdr;
+  int ret = 0;
+  size_t len = 0;
+  CLEANUP_FREE char *buf = NULL;
+  struct guestfs_int_yara_detection detection;
+
+  detection.name = (char *) name;
+  detection.rule = (char *) rule->identifier;
+
+  /* Serialize detection struct. */
+  buf = malloc (GUESTFS_MAX_CHUNK_SIZE);
+  if (buf == NULL) {
+perror ("malloc");
+return -1;
+  }
+
+  xdrmem_create (, buf, GUESTFS_MAX_CHUNK_SIZE, XDR_ENCODE);
+
+  ret = xdr_guestfs_int_yara_detection (, );
+  if (ret == 0) {
+perror ("xdr_guestfs_int_yara_detection");
+return -1;
+  }
+
+  len = xdr_getpos ();
+
+  xdr_destroy ();
+
+  /* Send serialised yara_detection out. */
+  return send_file_write (buf, len);
+}
+
 /* Clean up yara handle on daemon exit. */
 void yara_finalize (void) __attribute__((destructor));

diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
index d471b1a83..c7619638a 100644
--- a/generator/proc_nr.ml
+++ b/generator/proc_nr.ml
@@ -481,6 +481,7 @@ let proc_nr = [
 471, "mksquashfs";
 472, "yara_load";
 473, "yara_destroy";
+474, "internal_yara_scan";
 ]

 (* End of list.  If adding a new entry, add it at the end of the list
diff --git a/generator/structs.ml b/generator/structs.ml
index c1c9b668e..01aa3d371 100644
--- a/generator/structs.ml
+++ b/generator/structs.ml
@@ -469,6 +469,15 @@ let structs = [
 ];
 s_camel_name = "TSKDirent" };

+  (* Yara detection information. *)
+  { defaults with
+s_name = "yara_detection";
+s_cols = [
+"name", FString;
+"rule", FString;
+];
+s_camel_name = "YaraDetection" };
+
 ] (* end of structs *)

 let lookup_struct name =
diff --git a/gobject/Makefile.inc b/gobject/Makefile.inc
index b0ebf15d9..4b067d9e0 100644
--- a/gobject/Makefile.inc
+++ b/gobject/Makefile.inc
@@ -49,6 +49,7 @@ guestfs_gobject_headers= \
   include/guestfs-gobject/struct-version.h \
   include/guestfs-gobject/struct-xattr.h \
   include/guestfs-gobject/struct-xfsinfo.h \
+  include/guestfs-gobject/struct-yara_detection.h \
   include/guestfs-gobject/optargs-add_domain.h \

[Libguestfs] [PATCH v4 4/7] New API: yara_destroy

2017-03-12 Thread Matteo Cafasso 
The yara_destroy API allows to claim resources back via the removal of
the previously loaded Yara rules.

Signed-off-by: Matteo Cafasso 
---
 daemon/yara.c| 14 ++
 generator/proc_nr.ml |  1 +
 lib/MAX_PROC_NR  |  2 +-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/daemon/yara.c b/daemon/yara.c
index 0e4128aed..cb49593c7 100644
--- a/daemon/yara.c
+++ b/daemon/yara.c
@@ -105,6 +105,20 @@ do_yara_load (const char *namespace)
   return (ret == ERROR_SUCCESS) ? 0 : -1;
 }

+int
+do_yara_destroy (void)
+{
+  if (rules == NULL) {
+reply_with_error ("no yara rules loaded");
+return -1;
+  }
+
+  yr_rules_destroy (rules);
+  rules = NULL;
+
+  return 0;
+}
+
 /* Compile source code rules and load them.
  * Return ERROR_SUCCESS on success, Yara error code type on error.
  */
diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
index d50cc9efa..d471b1a83 100644
--- a/generator/proc_nr.ml
+++ b/generator/proc_nr.ml
@@ -480,6 +480,7 @@ let proc_nr = [
 470, "internal_find_inode";
 471, "mksquashfs";
 472, "yara_load";
+473, "yara_destroy";
 ]

 (* End of list.  If adding a new entry, add it at the end of the list
diff --git a/lib/MAX_PROC_NR b/lib/MAX_PROC_NR
index 68cfb10d1..8410b8b89 100644
--- a/lib/MAX_PROC_NR
+++ b/lib/MAX_PROC_NR
@@ -1 +1 @@
-472
+473
--
2.11.0

___
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs

[Libguestfs] [PATCH v4 3/7] New API: yara_load

2017-03-12 Thread Matteo Cafasso 
The yara_load API allows to load a set of Yara rules contained within a
file on the host.

Rules can be in binary format, as when compiled with yarac command, or
in source code format. In the latter case, the rules will be first
compiled and then loaded.

Subsequent calls of the yara_load API will result in the discard of the
previously loaded rules.

Signed-off-by: Matteo Cafasso 
---
 daemon/Makefile.am|   1 +
 daemon/cleanups.c |   9 +++
 daemon/cleanups.h |   2 +
 daemon/yara.c | 201 ++
 generator/Makefile.am |   3 +
 generator/actions.ml  |   3 +-
 generator/proc_nr.ml  |   1 +
 gobject/Makefile.inc  |   6 +-
 lib/MAX_PROC_NR   |   2 +-
 9 files changed, 224 insertions(+), 4 deletions(-)
 create mode 100644 daemon/yara.c

diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 9d73bb805..563622cdb 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -164,6 +164,7 @@ guestfsd_SOURCES = \
wc.c \
xattr.c \
xfs.c \
+   yara.c \
zero.c \
zerofree.c

diff --git a/daemon/cleanups.c b/daemon/cleanups.c
index 092e493d7..3102cf94b 100644
--- a/daemon/cleanups.c
+++ b/daemon/cleanups.c
@@ -62,6 +62,15 @@ cleanup_close (void *ptr)
 }

 void
+cleanup_fclose (void *ptr)
+{
+  FILE *f = * (FILE **) ptr;
+
+  if (f)
+fclose (f);
+}
+
+void
 cleanup_aug_close (void *ptr)
 {
   augeas *aug = * (augeas **) ptr;
diff --git a/daemon/cleanups.h b/daemon/cleanups.h
index 6746e2744..a791244cb 100644
--- a/daemon/cleanups.h
+++ b/daemon/cleanups.h
@@ -26,6 +26,7 @@ extern void cleanup_free (void *ptr);
 extern void cleanup_free_string_list (void *ptr);
 extern void cleanup_unlink_free (void *ptr);
 extern void cleanup_close (void *ptr);
+extern void cleanup_fclose (void *ptr);
 extern void cleanup_aug_close (void *ptr);
 extern void cleanup_free_stringsbuf (void *ptr);

@@ -35,6 +36,7 @@ extern void cleanup_free_stringsbuf (void *ptr);
 __attribute__((cleanup(cleanup_free_string_list)))
 #define CLEANUP_UNLINK_FREE __attribute__((cleanup(cleanup_unlink_free)))
 #define CLEANUP_CLOSE __attribute__((cleanup(cleanup_close)))
+#define CLEANUP_FCLOSE __attribute__((cleanup(cleanup_fclose)))
 #define CLEANUP_AUG_CLOSE __attribute__((cleanup(cleanup_aug_close)))
 #define CLEANUP_FREE_STRINGSBUF 
__attribute__((cleanup(cleanup_free_stringsbuf)))
 #else
diff --git a/daemon/yara.c b/daemon/yara.c
new file mode 100644
index 0..0e4128aed
--- /dev/null
+++ b/daemon/yara.c
@@ -0,0 +1,201 @@
+/* libguestfs - the guestfsd daemon
+ * Copyright (C) 2016 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 
USA.
+ */
+
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "daemon.h"
+#include "actions.h"
+#include "optgroups.h"
+#include "guestfs_protocol.h"
+
+#ifdef HAVE_YARA
+
+#include 
+
+#define CLEANUP_DESTROY_YARA_COMPILER   \
+  __attribute__((cleanup(cleanup_destroy_yara_compiler)))
+
+struct write_callback_data {
+  int fd;
+  uint64_t written;
+};
+
+/* Yara compiled rules. */
+static YR_RULES *rules = NULL;
+static bool initialized = false;
+
+static int compile_rules_file (const char *, const char *);
+static void compile_error_callback (int, const char *, int, const char *, void 
*);
+static void cleanup_destroy_yara_compiler (void *ptr);
+
+/* Has one FileIn parameter.
+ * Takes optional arguments, consult optargs_bitmask.
+ */
+int
+do_yara_load (const char *namespace)
+{
+  int ret = 0;
+  CLEANUP_CLOSE int fd = -1;
+  char tmpfile[] = "/tmp/yaraXX";
+
+  fd = mkstemp (tmpfile);
+  if (fd == -1) {
+reply_with_perror ("mkstemp");
+return -1;
+  }
+
+  ret = upload_to_fd (fd);
+  if (ret < 0) {
+unlink (tmpfile);
+return -1;
+  }
+
+  /* Initialize yara only once. */
+  if (!initialized) {
+ret = yr_initialize ();
+if (ret != ERROR_SUCCESS) {
+  reply_with_error ("failed initializing yara");
+  unlink (tmpfile);
+  return -1;
+}
+
+initialized = true;
+  }
+
+  /* Clear namespace if no optional parameter is given. */
+  if (!(optargs_bitmask & GUESTFS_YARA_LOAD_NAMESPACE_BITMASK))
+namespace = NULL;
+
+  /* Try to load the rules

[Libguestfs] [PATCH v4 2/7] appliance: add yara dependency

2017-03-12 Thread Matteo Cafasso 
libyara3 on Debian/Ubuntu
yara on SUSE/RedHat

Signed-off-by: Matteo Cafasso 
---
 appliance/packagelist.in |  4 
 daemon/Makefile.am   |  3 ++-
 m4/guestfs_daemon.m4 | 14 ++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/appliance/packagelist.in b/appliance/packagelist.in
index 5cf22768a..8846ce846 100644
--- a/appliance/packagelist.in
+++ b/appliance/packagelist.in
@@ -52,6 +52,7 @@ ifelse(REDHAT,1,
   vim-minimal
   xz
   yajl
+  yara
   zfs-fuse
 )

@@ -86,6 +87,7 @@ dnl iproute has been renamed to iproute2
   libsystemd-journal0
   libtirpc1
   libyajl2
+  libyara3
   linux-image
   dnl syslinux 'suggests' mtools, but in reality it's a hard dependency:
   mtools
@@ -129,6 +131,7 @@ ifelse(ARCHLINUX,1,
   vim
   xz
   yajl
+  yara
 )

 ifelse(SUSE,1,
@@ -159,6 +162,7 @@ ifelse(SUSE,1,
   systemd
   vim
   xz
+  yara
 )

 ifelse(FRUGALWARE,1,
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index e3ad05350..9d73bb805 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -187,7 +187,8 @@ guestfsd_LDADD = \
$(SERVENT_LIB) \
$(PCRE_LIBS) \
$(TSK_LIBS) \
-   $(RPC_LIBS)
+   $(RPC_LIBS) \
+   $(YARA_LIBS)

 guestfsd_CPPFLAGS = \
-I$(top_srcdir)/gnulib/lib \
diff --git a/m4/guestfs_daemon.m4 b/m4/guestfs_daemon.m4
index eb5a6d5cf..522cd5f0e 100644
--- a/m4/guestfs_daemon.m4
+++ b/m4/guestfs_daemon.m4
@@ -126,3 +126,17 @@ AC_CHECK_LIB([tsk],[tsk_version_print],[
 AC_DEFINE([HAVE_LIBTSK], [1], [Define to 1 if The Sleuth Kit library 
(libtsk) is available.])
 ], [])
 ],[AC_MSG_WARN([The Sleuth Kit library (libtsk) not found])])
+
+dnl yara library (optional)
+PKG_CHECK_MODULES([YARA], [libyara],[
+AC_SUBST([YARA_CFLAGS])
+AC_SUBST([YARA_LIBS])
+AC_DEFINE([HAVE_YARA],[1],[yara library found at compile time.])
+],[
+AC_CHECK_LIB([yara],[yr_initialize],[
+AC_CHECK_HEADER([yara.h],[
+AC_SUBST([YARA_LIBS], [-lyara])
+AC_DEFINE([HAVE_YARA], [1], [Define to 1 if Yara library is 
available.])
+], [])
+],[AC_MSG_WARN([Yara library not found])])
+])
--
2.11.0

___
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs

[Libguestfs] [PATCH v4 1/7] daemon: expose file upload logic

2017-03-12 Thread Matteo Cafasso 
Allows other modules to use the same logic for uploading files.

Signed-off-by: Matteo Cafasso 
---
 daemon/daemon.h |  3 +++
 daemon/upload.c | 70 -
 2 files changed, 42 insertions(+), 31 deletions(-)

diff --git a/daemon/daemon.h b/daemon/daemon.h
index 793074dea..bc89f78dd 100644
--- a/daemon/daemon.h
+++ b/daemon/daemon.h
@@ -258,6 +258,9 @@ extern int64_t ntfs_minimum_size (const char *device);
 extern int swap_set_uuid (const char *device, const char *uuid);
 extern int swap_set_label (const char *device, const char *label);

+/*-- in upload.c --*/
+extern int upload_to_fd (int fd);
+
 /* ordinary daemon functions use these to indicate errors
  * NB: you don't need to prefix the string with the current command,
  * it is added automatically by the client-side RPC stubs.
diff --git a/daemon/upload.c b/daemon/upload.c
index 655baf29d..144bb246c 100644
--- a/daemon/upload.c
+++ b/daemon/upload.c
@@ -54,60 +54,68 @@ write_cb (void *data_vp, const void *buf, size_t len)
   return 0;
 }

+int
+upload_to_fd (int fd)
+{
+  int ret = 0, err = 0;
+  struct write_cb_data data = { .fd = fd, .written = 0 };
+
+  ret = receive_file (write_cb, );
+  if (ret == -1) { /* write error */
+err = errno;
+ret = cancel_receive ();
+errno = err;
+reply_with_error ("write error");
+close (fd);
+return -1;
+  }
+  if (ret == -2) { /* cancellation from library */
+/* This error is ignored by the library since it initiated the
+ * cancel.  Nevertheless we must send an error reply here.
+ */
+reply_with_error ("file upload cancelled");
+close (fd);
+return -1;
+  }
+
+  if (close (fd) == -1) {
+reply_with_perror ("close");
+return -1;
+  }
+
+  return 0;
+}
+
 /* Has one FileIn parameter. */
 static int
 upload (const char *filename, int flags, int64_t offset)
 {
-  struct write_cb_data data = { .written = 0 };
-  int err, r, is_dev;
+  int err, is_dev, fd;

   is_dev = STRPREFIX (filename, "/dev/");

   if (!is_dev) CHROOT_IN;
-  data.fd = open (filename, flags, 0666);
+  fd = open (filename, flags, 0666);
   if (!is_dev) CHROOT_OUT;
-  if (data.fd == -1) {
+  if (fd == -1) {
 err = errno;
-r = cancel_receive ();
+cancel_receive ();
 errno = err;
 reply_with_perror ("%s", filename);
 return -1;
   }

   if (offset) {
-if (lseek (data.fd, offset, SEEK_SET) == -1) {
+if (lseek (fd, offset, SEEK_SET) == -1) {
   err = errno;
-  r = cancel_receive ();
+  cancel_receive ();
   errno = err;
   reply_with_perror ("lseek: %s", filename);
   return -1;
 }
   }

-  r = receive_file (write_cb, );
-  if (r == -1) {   /* write error */
-err = errno;
-r = cancel_receive ();
-errno = err;
-reply_with_error ("write error: %s", filename);
-close (data.fd);
-return -1;
-  }
-  if (r == -2) {   /* cancellation from library */
-/* This error is ignored by the library since it initiated the
- * cancel.  Nevertheless we must send an error reply here.
- */
-reply_with_error ("file upload cancelled");
-close (data.fd);
-return -1;
-  }
-
-  if (close (data.fd) == -1) {
-reply_with_perror ("close: %s", filename);
-return -1;
-  }
-
-  return 0;
+  return upload_to_fd (fd);
 }

 /* Has one FileIn parameter. */
--
2.11.0

___
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs

[Libguestfs] [PATCH v4 7/7] yara_scan: added API tests

2017-03-12 Thread Matteo Cafasso 
Signed-off-by: Matteo Cafasso 
---
 configure.ac |  1 +
 tests/yara/Makefile.am   | 26 
 tests/yara/test-yara-scan.sh | 72 
 3 files changed, 99 insertions(+)
 create mode 100644 tests/yara/Makefile.am
 create mode 100755 tests/yara/test-yara-scan.sh

diff --git a/configure.ac b/configure.ac
index ecb2dca3c..6e7f4c540 100644
--- a/configure.ac
+++ b/configure.ac
@@ -296,6 +296,7 @@ AC_CONFIG_FILES([Makefile
  tests/tsk/Makefile
  tests/xfs/Makefile
  tests/xml/Makefile
+ tests/yara/Makefile
  tools/Makefile
  utils/boot-analysis/Makefile
  utils/boot-benchmark/Makefile
diff --git a/tests/yara/Makefile.am b/tests/yara/Makefile.am
new file mode 100644
index 0..e23d94e4c
--- /dev/null
+++ b/tests/yara/Makefile.am
@@ -0,0 +1,26 @@
+# libguestfs
+# Copyright (C) 2016 Red Hat Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+include $(top_srcdir)/subdir-rules.mk
+
+TESTS = \
+   test-yara-scan.sh
+
+TESTS_ENVIRONMENT = $(top_builddir)/run --test
+
+EXTRA_DIST = \
+   $(TESTS)
diff --git a/tests/yara/test-yara-scan.sh b/tests/yara/test-yara-scan.sh
new file mode 100755
index 0..a899e33e4
--- /dev/null
+++ b/tests/yara/test-yara-scan.sh
@@ -0,0 +1,72 @@
+#!/bin/bash -
+# libguestfs
+# Copyright (C) 2016 Red Hat Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+# Test the yara_scan command.
+
+set -e
+
+if [ -n "$SKIP_TEST_YARA_SCAN_SH" ]; then
+echo "$0: test skipped because environment variable is set."
+exit 77
+fi
+
+rm -f test-yara-rules.yar
+
+# Skip if Yara is not supported by the appliance.
+if ! guestfish add /dev/null : run : available "libyara"; then
+echo "$0: skipped because Yara is not available in the appliance"
+exit 77
+fi
+
+if [ ! -s ../../test-data/phony-guests/blank-fs.img ]; then
+echo "$0: skipped because blank-fs.img is zero-sized"
+exit 77
+fi
+
+/bin/cat << EOF > test-yara-rules.yar
+rule TestRule
+{
+strings:
+\$my_text_string = "some text"
+
+condition:
+\$my_text_string
+}
+EOF
+
+output=$(
+guestfish --ro -a ../../test-data/phony-guests/blank-fs.img

[Libguestfs] IRC question: Does libguestfs support windows

2017-03-12 Thread Richard W.M. Jones 

04:53 < archers> hi all
04:53 < archers> libguestfs donot support windows any more ?

Unfortunately the user didn't stay in the channel for longer than 5
mins so I wasn't able to get any more details or reply.

However in general the answer is: yes, libguestfs supports Windows.

Libguestfs supports Windows guests.

On RHEL, you will need to support the libguestfs-winsupport package.
This package is now included in base RHEL starting with RHEL 7.2 IIRC.
Previously it was in a separate channel called V2VWIN.
libguestfs-winsupport in RHEL has some intentional limitations
described here:

http://libguestfs.org/guestfs-faq.1.html#cannot-open-windows-guests-which-use-ntfs
http://libguestfs.org/guestfs-faq.1.html#mount:-unsupported-filesystem-type-with-ntfs-in-rhel-7.2

Libguestfs probably cannot be compiled on Windows, although certainly
the library side could be compiled with not too much effort.  (See
also:
http://libguestfs.org/guestfs-faq.1.html#how-can-i-compile-and-install-libguestfs-without-supermin)

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/

___
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs

Re: [Libguestfs] virt-inspector command hung up

2017-03-12 Thread Richard W.M. Jones 
On Sun, Mar 12, 2017 at 02:28:30PM +0800, power off wrote:
> Hi,
> I met a problem when using libguestfs-1.28.1 (centos 7.1) on a virtual 
> machine.
> Execute virt-inspector command to get OS information and the command hangs .
> 
> 
> ...
>  Launching appliance, timeout set to 600 seconds
>  libguestfs: launch: program=virt-inspcetor
>  libguestfs: launch: version=1.28.1rhel=7,release=1.18.el7,libvirt
>  libguestfs: launch: backend registered: unix
>  libguestfs: launch: backend registered: uml
>  libguestfs: launch: backend registered: libvirt
>  libguestfs: launch: backend registered: direct
>  libguestfs: launch: backend=libvirt
>  libguestfs: launch: tmpdir=/tmp/libguestfsQp28Qo
>  libguestfs: launch: umask=0027
>  libguestfs: launch: euid=2016
>  libguestfs: libvirt version = 1002008 (1.2.8)
>  libguestfs: guest random name = guestfs-w8hcve9rhu0dve4a
>  libguestfs: [0ms] connect to libvirt
>  libguestfs: opening libvirt handle: URI = qemu://session, auth = 
> default+wrapper, flags = 0
> 
> 
> command hung on here.We review the libguestfs soure code
> It  seems that libguestfs call libvirt API virConnetOpenAuth failed but no 
> returns.
>
> 
> And I set LIBVIRT_DEBUG=debug,and execute virt-inspect command again.
> I find the command hung after function virFileFindResourceFull  from libvirt 
> debug log.
> .
> 2017-03-11 07:19:09.246+000: 114046: debug: doRemoteOpen:882 : Peoceeding 
> with sockname /run/user/2016/libvirt/libvirt-sock
> 2017-03-11 07:19:09.246+000: 114046: debug: virFileFindResourceFull:1608 : 
> Resolved 'libvirtd' to ‘/usr/sbin/libvirtd’
> 
> 
> there is no more debug log.

euid=2016, so you're not running this as root.  So it seems as if
the session libvirtd cannot be run for some reason.

Have a look if there are any `libvirtd --timeout=30' processes
running (and kill them if there are).

> System run well  about half of a year before this problem happened. 
> 
> Any ideas?

You might try CentOS 7.3, since newer versions of libvirt generally
get bugs fixed.

> PS: can I reboot virtual machine to resume it?

If you mean the libguestfs appliance, then no.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/

___
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs

[Libguestfs] virt-inspector command hung up

2017-03-12 Thread power off 
Hi,
I met a problem when using libguestfs-1.28.1 (centos 7.1) on a virtual machine.
Execute virt-inspector command to get OS information and the command hangs .


...
 Launching appliance, timeout set to 600 seconds
 libguestfs: launch: program=virt-inspcetor
 libguestfs: launch: version=1.28.1rhel=7,release=1.18.el7,libvirt
 libguestfs: launch: backend registered: unix
 libguestfs: launch: backend registered: uml
 libguestfs: launch: backend registered: libvirt
 libguestfs: launch: backend registered: direct
 libguestfs: launch: backend=libvirt
 libguestfs: launch: tmpdir=/tmp/libguestfsQp28Qo
 libguestfs: launch: umask=0027
 libguestfs: launch: euid=2016
 libguestfs: libvirt version = 1002008 (1.2.8)
 libguestfs: guest random name = guestfs-w8hcve9rhu0dve4a
 libguestfs: [0ms] connect to libvirt
 libguestfs: opening libvirt handle: URI = qemu://session, auth = 
default+wrapper, flags = 0


command hung on here.We review the libguestfs soure code
It  seems that libguestfs call libvirt API virConnetOpenAuth failed but no 
returns.




And I set LIBVIRT_DEBUG=debug,and execute virt-inspect command again.
I find the command hung after function virFileFindResourceFull  from libvirt 
debug log.
.
2017-03-11 07:19:09.246+000: 114046: debug: doRemoteOpen:882 : Peoceeding with 
sockname /run/user/2016/libvirt/libvirt-sock
2017-03-11 07:19:09.246+000: 114046: debug: virFileFindResourceFull:1608 : 
Resolved 'libvirtd' to ‘/usr/sbin/libvirtd’


there is no more debug log.


System run well  about half of a year before this problem happened. 


Any ideas?
PS: can I reboot virtual machine to resume it?


Thanks


Gao Lin








  
 

___
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs