![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 #!/usr/bin/perl
2 #===============================================================================
3 #
4 # FILE: gosa-server
5 #
6 # USAGE: gosa-si-client
7 #
8 # DESCRIPTION:
9 #
10 # OPTIONS: ---
11 # REQUIREMENTS: libnetaddr-ip-perl
12 # BUGS: ---
13 # NOTES:
14 # AUTHOR: (Andreas Rettenberger), <rettenberger@gonicus.de>
15 # COMPANY:
16 # VERSION: 1.0
17 # CREATED: 12.09.2007 08:54:41 CEST
18 # REVISION: ---
19 #===============================================================================
21 use strict;
22 use warnings;
23 use utf8;
24 use Getopt::Long;
25 use Config::IniFiles;
26 use POSIX;
27 use Time::HiRes qw( gettimeofday );
29 use POE qw(Component::Server::TCP Wheel::FollowTail);
30 use IO::Socket::INET;
31 use NetAddr::IP;
32 use Data::Dumper;
33 use Crypt::Rijndael;
34 use GOSA::GosaSupportDaemon;
35 use Digest::MD5 qw(md5_hex md5 md5_base64);
36 use MIME::Base64;
37 use XML::Simple;
38 use Net::DNS;
39 use File::Basename;
41 my $event_dir = "/usr/lib/gosa-si/client/events";
42 use lib "/usr/lib/gosa-si/client/events";
44 my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $opts_file, $procid, $pid, $log_file, $fai_logpath);
45 my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain, $server_key_lifetime);
46 my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
47 my $xml;
48 my $default_server_key;
49 my $event_hash;
50 my @servers;
51 my $gotoHardwareChecksum;
52 my $gosa_si_client_fifo;
53 my %files_to_watch;
54 $verbose= 1;
56 # globalise variables which are used in imported events
57 our $cfg_file;
58 our $server_address;
59 our $client_address;
60 our $server_key;
62 # default variables
63 our $REGISTERED = 0;
65 # path to fifo for non-gosa-si-client messages to gosa-si-server
66 $gosa_si_client_fifo = "/var/run/gosa-si-client.socket";
67 %files_to_watch = (fifo => $gosa_si_client_fifo);
69 # in function register_at_gosa_si_server, after which period of seconds a new registration should be tried if a registration was
70 # not successful until now
71 my $delay_set_time = 5;
72 our $prg= basename($0);
74 %cfg_defaults = (
75 "general" =>
76 {"log-file" => [\$log_file, "/var/run/".$prg.".log"],
77 "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"],
78 "opts-file" => [\$opts_file, "/var/run/".$prg.".opts"],
79 },
80 "client" =>
81 {"port" => [\$client_port, "20083"],
82 "ip" => [\$client_ip, "0.0.0.0"],
83 "mac-address" => [\$client_mac_address, "00:00:00:00:00:00"],
84 "server-domain" => [\$server_domain, ""],
85 "ldap" => [\$ldap_enabled, 1],
86 "ldap-config" => [\$ldap_config, "/etc/ldap/ldap.conf"],
87 "pam-config" => [\$pam_config, "/etc/pam_ldap.conf"],
88 "nss-config" => [\$nss_config, "/etc/libnss_ldap.conf"],
89 "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"],
90 },
91 "server" => {
92 "ip" => [\$server_ip, "127.0.0.1"],
93 "port" => [\$server_port, "20081"],
94 "key" => [\$server_key, ""],
95 "timeout" => [\$server_timeout, 10],
96 "key-lifetime" => [\$server_key_lifetime, 600],
97 },
99 );
102 #=== FUNCTIONS = functions =====================================================
104 #=== FUNCTION ================================================================
105 # NAME: check_cmdline_param
106 # PARAMETERS:
107 # RETURNS:
108 # DESCRIPTION:
109 #===============================================================================
110 sub check_cmdline_param () {
111 my $err_config;
112 my $err_counter = 0;
113 if(not defined($cfg_file)) {
114 $cfg_file = "/etc/gosa-si/client.conf";
115 if(! -r $cfg_file) {
116 $err_config = "please specify a config file";
117 $err_counter += 1;
118 }
119 }
120 if( $err_counter > 0 ) {
121 &usage( "", 1 );
122 if( defined( $err_config)) { print STDERR "$err_config\n"}
123 print STDERR "\n";
124 exit( -1 );
125 }
126 }
129 #=== FUNCTION ================================================================
130 # NAME: read_configfile
131 # PARAMETERS: cfg_file - string -
132 # RETURNS:
133 # DESCRIPTION:
134 #===============================================================================
135 sub read_configfile {
136 my ($cfg_file, %cfg_defaults) = @_ ;
137 my $cfg;
138 if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
139 if( -r $cfg_file ) {
140 $cfg = Config::IniFiles->new( -file => $cfg_file );
141 } else {
142 print STDERR "Couldn't read config file!";
143 }
144 } else {
145 $cfg = Config::IniFiles->new() ;
146 }
147 foreach my $section (keys %cfg_defaults) {
148 foreach my $param (keys %{$cfg_defaults{ $section }}) {
149 my $pinfo = $cfg_defaults{ $section }{ $param };
150 ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
151 }
152 }
153 }
156 #=== FUNCTION ================================================================
157 # NAME: check_pid
158 # PARAMETERS:
159 # RETURNS:
160 # DESCRIPTION:
161 #===============================================================================
162 sub check_pid {
163 $pid = -1;
164 # Check, if we are already running
165 if( open(LOCK_FILE, "<$pid_file") ) {
166 $pid = <LOCK_FILE>;
167 if( defined $pid ) {
168 chomp( $pid );
169 if( -f "/proc/$pid/stat" ) {
170 my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
171 if( $0 eq $stat ) {
172 close( LOCK_FILE );
173 exit -1;
174 }
175 }
176 }
177 close( LOCK_FILE );
178 unlink( $pid_file );
179 }
181 # create a syslog msg if it is not to possible to open PID file
182 if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
183 my($msg) = "Couldn't obtain lockfile '$pid_file' ";
184 if (open(LOCK_FILE, '<', $pid_file)
185 && ($pid = <LOCK_FILE>))
186 {
187 chomp($pid);
188 $msg .= "(PID $pid)\n";
189 } else {
190 $msg .= "(unable to read PID)\n";
191 }
192 if( ! ($foreground) ) {
193 openlog( $0, "cons,pid", "daemon" );
194 syslog( "warning", $msg );
195 closelog();
196 }
197 else {
198 print( STDERR " $msg " );
199 }
200 exit( -1 );
201 }
202 }
205 sub sig_int_handler {
206 my ($signal) = @_;
208 daemon_log("shutting down gosa-si-server", 1);
209 exit(1);
210 }
211 $SIG{INT} = \&sig_int_handler;
214 #=== FUNCTION ================================================================
215 # NAME: logging
216 # PARAMETERS: level - string - default 'info'
217 # msg - string -
218 # facility - string - default 'LOG_DAEMON'
219 # RETURNS:
220 # DESCRIPTION:
221 #===============================================================================
222 sub daemon_log {
223 # log into log_file
224 my( $msg, $level ) = @_;
225 if(not defined $msg) { return }
226 if(not defined $level) { $level = 1 }
227 if(defined $log_file){
228 open(LOG_HANDLE, ">>$log_file");
229 if(not defined open( LOG_HANDLE, ">>$log_file" )) {
230 print STDERR "cannot open $log_file: $!";
231 return }
232 chomp($msg);
233 if($level <= $verbose){
234 my ($seconds, $minutes, $hours, $monthday, $month,
235 $year, $weekday, $yearday, $sommertime) = localtime(time);
236 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
237 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
238 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
239 my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
240 $month = $monthnames[$month];
241 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
242 $year+=1900;
244 my $log_msg = "$month $monthday $hours:$minutes:$seconds $prg $msg\n";
245 print LOG_HANDLE $log_msg;
246 if( $foreground ) {
247 print STDERR $log_msg;
248 }
249 }
250 close( LOG_HANDLE );
251 }
252 #log into syslog
253 # my ($msg, $level, $facility) = @_;
254 # if(not defined $msg) {return}
255 # if(not defined $level) {$level = "info"}
256 # if(not defined $facility) {$facility = "LOG_DAEMON"}
257 # openlog($0, "pid,cons,", $facility);
258 # syslog($level, $msg);
259 # closelog;
260 # return;
261 }
264 #=== FUNCTION ================================================================
265 # NAME: get_interfaces
266 # PARAMETERS: none
267 # RETURNS: (list of interfaces)
268 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
269 #===============================================================================
270 sub get_interfaces {
271 my @result;
272 my $PROC_NET_DEV= ('/proc/net/dev');
274 open(PROC_NET_DEV, "<$PROC_NET_DEV")
275 or die "Could not open $PROC_NET_DEV";
277 my @ifs = <PROC_NET_DEV>;
279 close(PROC_NET_DEV);
281 # Eat first two line
282 shift @ifs;
283 shift @ifs;
285 chomp @ifs;
286 foreach my $line(@ifs) {
287 my $if= (split /:/, $line)[0];
288 $if =~ s/^\s+//;
289 push @result, $if;
290 }
292 return @result;
293 }
295 #=== FUNCTION ================================================================
296 # NAME: get_mac
297 # PARAMETERS: interface name (i.e. eth0)
298 # RETURNS: (mac address)
299 # DESCRIPTION: Uses ioctl to get mac address directly from system.
300 #===============================================================================
301 sub get_mac {
302 my $ifreq= shift;
303 my $result;
304 if ($ifreq && length($ifreq) > 0) {
305 if($ifreq eq "all") {
306 if(defined($server_ip)) {
307 $result = &get_local_mac_for_remote_ip($server_ip);
308 }
309 elsif ($client_mac_address && length($client_mac_address) > 0 && !($client_mac_address eq "00:00:00:00:00:00")){
310 $result = &client_mac_address;
311 }
312 else {
313 $result = "00:00:00:00:00:00";
314 }
315 } else {
316 my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list
318 # A configured MAC Address should always override a guessed value
319 if ($client_mac_address and length($client_mac_address) > 0 and not($client_mac_address eq "00:00:00:00:00:00")) {
320 $result= $client_mac_address;
321 }
322 else {
323 socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
324 or die "socket: $!";
326 if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
327 my ($if, $mac)= unpack 'h36 H12', $ifreq;
329 if (length($mac) > 0) {
330 $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
331 $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
332 $result = $mac;
333 }
334 }
335 }
336 }
337 }
338 return $result;
339 }
342 #=== FUNCTION ================================================================
343 # NAME: get_interface_for_ip
344 # PARAMETERS: ip address (i.e. 192.168.0.1)
345 # RETURNS: array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else
346 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
347 #===============================================================================
348 sub get_interface_for_ip {
349 my $result;
350 my $ip= shift;
351 if ($ip && length($ip) > 0) {
352 my @ifs= &get_interfaces();
353 if($ip eq "0.0.0.0") {
354 $result = "all";
355 } else {
356 foreach (@ifs) {
357 my $if=$_;
358 if(get_ip($if) eq $ip) {
359 $result = $if;
360 last;
361 }
362 }
363 }
364 }
365 return $result;
366 }
369 #=== FUNCTION ================================================================
370 # NAME: get_ip
371 # PARAMETERS: interface name (i.e. eth0)
372 # RETURNS: (ip address)
373 # DESCRIPTION: Uses ioctl to get ip address directly from system.
374 #===============================================================================
375 sub get_ip {
376 my $ifreq= shift;
377 my $result= "";
378 my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
379 my $proto= getprotobyname('ip');
381 socket SOCKET, PF_INET, SOCK_DGRAM, $proto
382 or die "socket: $!";
384 if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
385 my ($if, $sin) = unpack 'a16 a16', $ifreq;
386 my ($port, $addr) = sockaddr_in $sin;
387 my $ip = inet_ntoa $addr;
389 if ($ip && length($ip) > 0) {
390 $result = $ip;
391 }
392 }
394 return $result;
395 }
398 #=== FUNCTION ================================================================
399 # NAME: get_local_mac_for_remote_ip
400 # PARAMETERS: none (takes server_ip from global variable)
401 # RETURNS: (ip address from interface that is used for communication)
402 # DESCRIPTION: Uses ioctl to get routing table from system, checks which entry
403 # matches (defaultroute last).
404 #===============================================================================
405 sub get_local_mac_for_remote_ip {
406 my $server_ip= shift;
407 my $result= "00:00:00:00:00:00";
409 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
410 my $PROC_NET_ROUTE= ('/proc/net/route');
412 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
413 or die "Could not open $PROC_NET_ROUTE";
415 my @ifs = <PROC_NET_ROUTE>;
417 close(PROC_NET_ROUTE);
419 # Eat header line
420 shift @ifs;
421 chomp @ifs;
422 foreach my $line(@ifs) {
423 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
424 my $destination;
425 my $mask;
426 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
427 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
428 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
429 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
430 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
431 # destination matches route, save mac and exit
432 $result= &get_mac($Iface);
433 last;
434 }
435 }
436 } else {
437 daemon_log("get_local_mac_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
438 }
439 return $result;
440 }
442 sub get_local_ip_for_remote_ip {
443 my $server_ip= shift;
444 my $result="0.0.0.0";
446 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
447 if($server_ip eq "127.0.0.1") {
448 $result="127.0.0.1";
449 } else {
450 my $PROC_NET_ROUTE= ('/proc/net/route');
452 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
453 or die "Could not open $PROC_NET_ROUTE";
455 my @ifs = <PROC_NET_ROUTE>;
457 close(PROC_NET_ROUTE);
459 # Eat header line
460 shift @ifs;
461 chomp @ifs;
462 foreach my $line(@ifs) {
463 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
464 my $destination;
465 my $mask;
466 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
467 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
468 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
469 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
470 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
471 # destination matches route, save mac and exit
472 $result= &get_ip($Iface);
473 last;
474 }
475 }
476 }
477 } else {
478 daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
479 }
480 return $result;
481 }
484 sub generate_hw_digest {
485 my $hw_data;
486 foreach my $line (split /\n/, `cat /proc/bus/pci/devices`) {
487 $hw_data.= sprintf "%s", $line =~ /[^\s]+\s([^\s]+)\s.*/;
488 }
489 return(md5_base64($hw_data));
490 }
493 sub create_passwd {
494 my $new_passwd = "";
495 for(my $i=0; $i<31; $i++) {
496 $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))]
497 }
499 return $new_passwd;
500 }
503 sub create_ciphering {
504 my ($passwd) = @_;
505 if((!defined($passwd)) || length($passwd)==0) {
506 $passwd = "";
507 }
508 $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
509 my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
510 my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
511 $my_cipher->set_iv($iv);
512 return $my_cipher;
513 }
516 sub encrypt_msg {
517 my ($msg, $key) = @_;
518 my $my_cipher = &create_ciphering($key);
519 {
520 use bytes;
521 $msg = "\0"x(16-length($msg)%16).$msg;
522 }
523 $msg = $my_cipher->encrypt($msg);
524 chomp($msg = &encode_base64($msg));
525 # there are no newlines allowed inside msg
526 $msg=~ s/\n//g;
527 return $msg;
528 }
531 sub decrypt_msg {
533 my ($msg, $key) = @_ ;
534 $msg = &decode_base64($msg);
535 my $my_cipher = &create_ciphering($key);
536 $msg = $my_cipher->decrypt($msg);
537 $msg =~ s/\0*//g;
538 return $msg;
539 }
542 sub get_server_addresses {
543 my $domain= shift;
544 my @result;
546 my $error = 0;
547 my $res = Net::DNS::Resolver->new;
548 my $query = $res->send("_gosa-si._tcp.".$domain, "SRV");
549 my @hits;
551 if ($query) {
552 foreach my $rr ($query->answer) {
553 push(@hits, $rr->target.":".$rr->port);
554 }
555 }
556 else {
557 #warn "query failed: ", $res->errorstring, "\n";
558 $error++;
559 }
561 if( $error == 0 ) {
562 foreach my $hit (@hits) {
563 my ($hit_name, $hit_port) = split(/:/, $hit);
565 my $address_query = $res->send($hit_name);
566 if( 1 == length($address_query->answer) ) {
567 foreach my $rr ($address_query->answer) {
568 push(@result, $rr->address.":".$hit_port);
569 }
570 }
571 }
572 }
574 # my $dig_cmd= 'dig +nocomments srv _gosa-si._tcp.'.$domain;
575 #
576 # my $output= `$dig_cmd 2>&1`;
577 # open (PIPE, "$dig_cmd 2>&1 |");
578 # while(<PIPE>) {
579 # chomp $_;
580 # # If it's not a comment
581 # if($_ =~ m/^[^;]/) {
582 # my @matches= split /\s+/;
583 #
584 # # Push hostname with port
585 # if($matches[3] eq 'SRV') {
586 # push @result, $matches[7].':'.$matches[6];
587 # } elsif ($matches[3] eq 'A') {
588 # my $i=0;
589 #
590 # # Substitute the hostname with the ip address of the matching A record
591 # foreach my $host (@result) {
592 # if ((split /\:/, $host)[0] eq $matches[0]) {
593 # $result[$i]= $matches[4].':'.(split /\:/, $host)[1];
594 # }
595 # $i++;
596 # }
597 # }
598 # }
599 # }
600 # close(PIPE);
601 return @result;
602 }
605 ##=== FUNCTION ================================================================
606 ## NAME: create_ciphering
607 ## PARAMETERS: passwd - string - used to create ciphering
608 ## RETURNS: cipher - object
609 ## DESCRIPTION: creates a Crypt::Rijndael::MODE_CBC object with passwd as key
610 ##===============================================================================
611 #sub create_ciphering {
612 # my ($passwd) = @_;
613 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
614 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
615 #
616 # #daemon_log("iv: $iv", 7);
617 # #daemon_log("key: $passwd", 7);
618 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
619 # $my_cipher->set_iv($iv);
620 # return $my_cipher;
621 #}
622 #
623 #
624 #sub create_ciphering {
625 # my ($passwd) = @_;
626 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
627 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
628 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
629 # $my_cipher->set_iv($iv);
630 # return $my_cipher;
631 #}
632 #
633 #
634 #sub encrypt_msg {
635 # my ($msg, $key) = @_;
636 # my $my_cipher = &create_ciphering($key);
637 # {
638 # use bytes;
639 # $msg = "\0"x(16-length($msg)%16).$msg;
640 # }
641 # $msg = $my_cipher->encrypt($msg);
642 # chomp($msg = &encode_base64($msg));
643 # # there are no newlines allowed inside msg
644 # $msg=~ s/\n//g;
645 # return $msg;
646 #}
647 #
648 #
649 #sub decrypt_msg {
650 # my ($msg, $key) = @_ ;
651 # $msg = &decode_base64($msg);
652 # my $my_cipher = &create_ciphering($key);
653 # $msg = $my_cipher->decrypt($msg);
654 # $msg =~ s/\0*//g;
655 # return $msg;
656 #}
659 #=== FUNCTION ================================================================
660 # NAME: send_msg_hash_to_target
661 # PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash
662 # PeerAddr string - socket address to send msg
663 # PeerPort string - socket port, if not included in socket address
664 # RETURNS: nothing
665 # DESCRIPTION: ????
666 #===============================================================================
667 sub send_msg_hash_to_target {
668 my ($msg_hash, $address, $encrypt_key) = @_ ;
669 my $msg = &create_xml_string($msg_hash);
670 my $header = @{$msg_hash->{'header'}}[0];
671 my $error = &send_msg_to_target($msg, $address, $encrypt_key, $header);
673 return $error;
674 }
677 sub send_msg_to_target {
678 my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
679 my $error = 0;
681 if( $msg_header ) {
682 $msg_header = "'$msg_header'-";
683 }
684 else {
685 $msg_header = "";
686 }
688 # encrypt xml msg
689 my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
691 # opensocket
692 my $socket = &open_socket($address);
693 if( !$socket ) {
694 daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1);
695 $error++;
696 }
698 if( $error == 0 ) {
699 # send xml msg
700 print $socket $crypted_msg."\n";
702 daemon_log("send ".$msg_header."msg to $address", 1);
703 daemon_log("message:\n$msg", 8);
705 }
707 # close socket in any case
708 if( $socket ) {
709 close $socket;
710 }
712 return $error;
713 }
716 sub write_to_file {
717 my ($string, $file) = @_;
718 my $error = 0;
720 if( not defined $file || not -f $file ) {
721 &main::daemon_log("ERROR: $prg: check '-f file' failed: $file", 1);
722 $error++;
723 }
724 if( not defined $string || 0 == length($string)) {
725 &main::daemon_log("ERROR: $prg: empty string to write to file '$file'", 1);
726 $error++;
727 }
729 if( $error == 0 ) {
731 chomp($string);
733 open(FILE, ">> $file");
734 print FILE $string."\n";
735 close(FILE);
736 }
738 return;
739 }
742 sub open_socket {
743 my ($PeerAddr, $PeerPort) = @_ ;
744 if(defined($PeerPort)){
745 $PeerAddr = $PeerAddr.":".$PeerPort;
746 }
747 my $socket;
748 $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
749 Porto => "tcp",
750 Type => SOCK_STREAM,
751 Timeout => 5,
752 );
753 if(not defined $socket) {
754 return;
755 }
756 &daemon_log("open_socket: $PeerAddr", 7);
757 return $socket;
758 }
761 #=== FUNCTION ================================================================
762 # NAME: register_at_server
763 # PARAMETERS:
764 # RETURNS:
765 # DESCRIPTION:
766 #===============================================================================
767 sub register_at_gosa_si_server {
768 my ($kernel) = $_[KERNEL];
769 my $try_to_register = 0;
771 if( not $REGISTERED ) {
772 # create new passwd and ciphering object for client-server communication
773 $server_key = &create_passwd();
775 my $events = join( ", ", keys %{$event_hash} );
776 while(1) {
778 if( $try_to_register >= @servers ) {
779 last;
780 }
782 # fetch first gosa-si-server from @servers
783 my $server = shift(@servers);
785 # append shifted gosa-si-server at the end of @servers, so looking for servers never stop if
786 # a registration never occured
787 push( @servers, $server );
789 # Check if our ip is resolvable - if not: don't try to register
790 my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
791 my $resolver= Net::DNS::Resolver->new;
792 my $dnsresult= $resolver->search($ip);
793 my $dnsname="";
794 if(!defined($dnsresult)) {
795 &write_to_file("goto-error-dns:$ip", $fai_logpath);
796 exit(1);
797 } else {
798 $dnsname=$dnsresult->{answer}[0]->{ptrdname};
799 }
801 # create registration msg
802 my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
803 my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
804 my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server);
805 &add_content2xml_hash($register_hash, "new_passwd", $server_key);
806 &add_content2xml_hash($register_hash, "mac_address", $local_mac);
807 &add_content2xml_hash($register_hash, "events", $events);
808 &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum);
810 # send xml hash to server with general server passwd
811 my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key);
812 if($res == 0) {
813 # reset try_to_register
814 $try_to_register = 0;
816 # Set fixed client address
817 $client_ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
818 $client_address= "$client_ip:$client_port";
820 # Write the MAC address to file
821 if(stat($opts_file)) {
822 unlink($opts_file);
823 }
824 my $opts_file_FH;
825 my $hostname= $dnsname;
826 $hostname =~ s/\..*$//;
827 open($opts_file_FH, ">$opts_file");
828 print $opts_file_FH "MAC=\"$local_mac\"\n";
829 print $opts_file_FH "IPADDRESS=\"$client_ip\"\n";
830 print $opts_file_FH "HOSTNAME=\"$hostname\"\n";
831 print $opts_file_FH "FQDN=\"$dnsname\"\n";
832 close($opts_file_FH);
833 last;
834 } else {
835 $try_to_register++;
836 # wait 1 sec until trying to register again
837 sleep(1);
838 next;
839 }
840 }
842 if( $try_to_register >= @servers ) {
843 &write_to_file("gosa-si-no-server-available", $fai_logpath);
844 $kernel->delay_set('register_at_gosa_si_server', $delay_set_time);
845 }
846 else {
847 daemon_log("waiting for msg 'register_at_gosa_si_server'",1);
848 $kernel->delay_set('register_at_gosa_si_server', $delay_set_time);
849 # clear old settings and set it again
850 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
851 }
852 }
853 return;
854 }
857 sub check_key_and_xml_validity {
858 my ($crypted_msg, $module_key) = @_;
859 #print STDERR "crypted_msg:$crypted_msg\n";
860 #print STDERR "modul_key:$module_key\n";
862 my $msg;
863 my $msg_hash;
864 eval{
865 $msg = &decrypt_msg($crypted_msg, $module_key);
866 &main::daemon_log("decrypted_msg: \n$msg", 8);
868 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
870 ##############
871 # check header
872 my $header_l = $msg_hash->{'header'};
873 if( 1 != @{$header_l} ) {
874 die 'no or more headers specified';
875 }
876 my $header = @{$header_l}[0];
877 if( 0 == length $header) {
878 die 'header has length 0';
879 }
881 ##############
882 # check source
883 my $source_l = $msg_hash->{'source'};
884 if( 1 != @{$source_l} ) {
885 die 'no or more than 1 sources specified';
886 }
887 my $source = @{$source_l}[0];
888 if( 0 == length $source) {
889 die 'source has length 0';
890 }
891 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) {
892 die "source '$source' is neither a complete ip-address with port nor 'GOSA'";
893 }
895 ##############
896 # check target
897 my $target_l = $msg_hash->{'target'};
898 if( 1 != @{$target_l} ) {
899 die 'no or more than 1 targets specified ';
900 }
901 my $target = @{$target_l}[0];
902 if( 0 == length $target) {
903 die 'target has length 0 ';
904 }
905 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ){
906 die "source is neither a complete ip-address with port nor 'GOSA'";
907 }
908 };
909 if($@) {
910 &main::daemon_log("WARNING: do not understand the message or msg is not gosa-si envelope conform:", 5);
911 &main::daemon_log("$@", 8);
912 $msg = undef;
913 $msg_hash = undef;
914 }
916 return ($msg, $msg_hash);
917 }
920 sub check_outgoing_xml_validity {
921 my ($msg) = @_;
923 my $msg_hash;
924 eval{
925 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
927 ##############
928 # check header
929 my $header_l = $msg_hash->{'header'};
930 if( 1 != @{$header_l} ) {
931 die 'no or more than one headers specified';
932 }
933 my $header = @{$header_l}[0];
934 if( 0 == length $header) {
935 die 'header has length 0';
936 }
938 ##############
939 # check source
940 my $source_l = $msg_hash->{'source'};
941 if( 1 != @{$source_l} ) {
942 die 'no or more than 1 sources specified';
943 }
944 my $source = @{$source_l}[0];
945 if( 0 == length $source) {
946 die 'source has length 0';
947 }
948 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
949 $source =~ /^GOSA$/i ) {
950 die "source '$source' is neither a complete ip-address with port";
951 }
953 ##############
954 # check target
955 my $target_l = $msg_hash->{'target'};
956 if( 1 != @{$target_l} ) {
957 die "no or more than one targets specified";
958 }
959 foreach my $target (@$target_l) {
960 if( 0 == length $target) {
961 die "target has length 0";
962 }
963 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) {
964 die "target '$target' is not a complete ip-address with port or a valid target name";
965 }
966 }
967 };
968 if($@) {
969 daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5);
970 daemon_log("$@ $msg", 8);
971 $msg_hash = undef;
972 }
973 return ($msg_hash);
974 }
977 sub import_events {
979 if (not -e $event_dir) {
980 daemon_log("ERROR: cannot find directory or directory is not readable: $event_dir", 1);
981 }
982 opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n";
984 while (defined (my $event = readdir (DIR))) {
985 if( $event eq "." || $event eq ".." ) { next; }
987 eval{ require $event; };
988 if( $@ ) {
989 daemon_log("ERROR: import of event module '$event' failed", 1);
990 daemon_log("$@", 8);
991 next;
992 }
994 $event =~ /(\S*?).pm$/;
995 my $event_module = $1;
996 my $events_l = eval( $1."::get_events()") ;
997 foreach my $event_name (@{$events_l}) {
998 $event_hash->{$event_name} = $event_module;
999 }
1001 }
1003 my @all_events = keys %$event_hash;
1004 my $all_events_string = join(", ", @all_events);
1006 daemon_log("INFO: imported events: $all_events_string", 5);
1007 }
1009 sub trigger_new_key {
1010 my ($kernel) = $_[KERNEL] ;
1012 my $msg = "<xml><header>new_key</header><source>$client_address</source><target>$client_address</target></xml>";
1013 &send_msg_to_target($msg, $client_address, $server_key, 'new_key');
1015 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
1017 }
1020 sub generic_file_reset {
1021 my ( $heap, $wheel_id ) = @_[ HEAP, ARG0 ];
1023 my $service = $heap->{services}->{$wheel_id};
1024 daemon_log("INFO: '$service' watching reset", 5);
1025 return;
1026 }
1028 sub generic_file_error {
1029 my ( $heap, $operation, $errno, $error_string, $wheel_id ) =
1030 @_[ HEAP, ARG0, ARG1, ARG2, ARG3 ];
1032 my $service = $heap->{services}->{$wheel_id};
1033 daemon_log("ERROR: '$service' watcher $operation error $errno: $error_string", 1);
1034 daemon_log("ERROR: shutting down '$service' file watcher", 1);
1036 delete $heap->{services}->{$wheel_id};
1037 delete $heap->{watchers}->{$wheel_id};
1038 return;
1039 }
1041 sub fifo_got_record {
1042 my $file_record = $_[ARG0];
1043 my $header;
1044 my $content = "";
1046 $file_record =~ /^(\S+)[ ]?([\s\S]+)?$/;
1047 if( defined $1 ) {
1048 $header = $1;
1049 } else {
1050 return;
1051 }
1053 if( defined $2 ) {
1054 $content = $2;
1055 }
1057 my $clmsg_hash = &create_xml_hash("CLMSG_$header", $client_address, $server_address, $content);
1058 &add_content2xml_hash($clmsg_hash, "macaddress", $client_mac_address);
1059 my $clmsg = &create_xml_string($clmsg_hash);
1060 &send_msg_to_target($clmsg, $server_address, $server_key);
1061 return;
1062 }
1065 sub _start {
1066 my ($kernel, $heap) = @_[KERNEL, HEAP];
1067 $kernel->alias_set('client_session');
1069 # force a registration at a gosa-si-server
1070 $kernel->yield('register_at_gosa_si_server');
1072 # install all file watcher defined
1073 while( my($file_name, $file) = each %files_to_watch ) {
1074 my $file_watcher = POE::Wheel::FollowTail->new(
1075 Filename => $file,
1076 InputEvent => $file_name."_record",
1077 ResetEvent => "file_reset",
1078 ErrorEvent => "file_error",
1079 );
1080 $heap->{services}->{ $file_watcher->ID } = $file_name;
1081 $heap->{watchers}->{ $file_watcher->ID } = $file_watcher;
1082 }
1083 }
1086 sub server_input {
1087 my ($kernel, $heap, $input, $wheel) = @_[KERNEL, HEAP, ARG0, ARG1];
1088 my $error = 0;
1089 my $answer;
1091 daemon_log("Incoming msg:\n$input\n", 8);
1093 my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $server_key);
1094 if( (!$msg) || (!$msg_hash) ) {
1095 daemon_log("Deciphering of incoming msg failed", 5);
1096 $error++;
1097 }
1100 ######################
1101 # process incoming msg
1102 if( $error == 0 ) {
1103 my $header = @{$msg_hash->{header}}[0];
1104 my $source = @{$msg_hash->{source}}[0];
1106 if( exists $event_hash->{$header} ) {
1107 # a event exists with the header as name
1108 daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5);
1109 no strict 'refs';
1110 $answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash);
1111 }
1112 else {
1113 daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 1);
1114 }
1115 }
1117 ########
1118 # answer
1119 if( $answer ) {
1121 #check gosa-si envelope validity
1122 my $answer_hash = &check_outgoing_xml_validity($answer);
1124 if( $answer_hash ) {
1125 # answer is valid
1127 # preprocessing
1128 if( $answer =~ "<header>registered</header>") {
1129 # set registered flag to true to stop sending further registered msgs
1130 $REGISTERED = 1;
1131 }
1132 else {
1133 &send_msg_to_target($answer, $server_address, $server_key);
1134 }
1136 # postprocessing
1137 if( $answer =~ "<header>new_key</header>") {
1138 # set new key to global variable
1139 $answer =~ /<new_key>(\S*?)<\/new_key>/;
1140 my $new_key = $1;
1141 $server_key = $new_key;
1142 }
1143 }
1145 }
1147 return;
1148 }
1150 #==== MAIN = main ==============================================================
1151 # parse commandline options
1152 Getopt::Long::Configure( "bundling" );
1153 GetOptions("h|help" => \&usage,
1154 "c|config=s" => \$cfg_file,
1155 "f|foreground" => \$foreground,
1156 "v|verbose+" => \$verbose,
1157 );
1159 # read and set config parameters
1160 &check_cmdline_param ;
1161 &read_configfile($cfg_file, %cfg_defaults);
1162 &check_pid;
1165 # forward error messages to logfile
1166 if ( ! $foreground ) {
1167 open STDIN, '/dev/null' or die "Can’t read /dev/null: $!";
1168 open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!";
1169 open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!";
1170 }
1172 # Just fork, if we are not in foreground mode
1173 if( ! $foreground ) {
1174 chdir '/' or die "Can't chdir to /: $!";
1175 $pid = fork;
1176 setsid or die "Can't start a new session: $!";
1177 umask 0;
1178 }
1179 else {
1180 $pid = $$;
1181 }
1183 # Do something useful - put our PID into the pid_file
1184 if( 0 != $pid ) {
1185 open( LOCK_FILE, ">$pid_file" );
1186 print LOCK_FILE "$pid\n";
1187 close( LOCK_FILE );
1188 if( !$foreground ) {
1189 exit( 0 )
1190 };
1191 }
1193 daemon_log(" ", 1);
1194 daemon_log("$prg started!", 1);
1196 # delete old DBsqlite lock files
1197 system('rm -f /tmp/gosa_si_lock*gosa-si-client*');
1199 # detect ip and mac address and complete host address
1200 #if( inet_aton($client_ip) ){
1201 #print STDERR "ip: $client_ip\n";
1202 # $client_ip = inet_ntoa(inet_aton($client_ip));
1203 #print STDERR "ip: $client_ip\n";
1204 #}
1205 $client_address = $client_ip.":".$client_port;
1206 my $network_interface= &get_interface_for_ip($client_ip);
1207 $client_mac_address= &get_mac($network_interface);
1208 daemon_log("gosa-si-client ip address detected: $client_ip", 1);
1209 daemon_log("gosa-si-client mac address detected: $client_mac_address", 1);
1212 # import events
1213 &import_events();
1216 # compute hardware checksum
1217 $gotoHardwareChecksum= &generate_hw_digest();
1218 daemon_log("gosa-si-client gotoHardwareChecksum detected: $gotoHardwareChecksum", 1);
1221 # create socket for incoming xml messages
1222 POE::Component::Server::TCP->new(
1223 Alias => 'gosa-si-client',
1224 Port => $client_port,
1225 ClientInput => \&server_input,
1226 );
1227 daemon_log("start socket for incoming xml messages at port '$client_port' ", 1);
1230 # prepare variables
1231 if( inet_aton($server_ip) ){ $server_ip = inet_ntoa(inet_aton($server_ip)); }
1232 ############################################################
1233 # to change
1234 if( $server_ip eq "127.0.1.1" ) { $server_ip = "127.0.0.1" }
1235 ############################################################
1236 if (defined $server_ip && defined $server_port) {
1237 $server_address = $server_ip.":".$server_port;
1238 }
1239 $xml = new XML::Simple();
1240 $default_server_key = $server_key;
1243 # add gosa-si-server address from config file at first position of server list
1244 my $server_check_cfg = Config::IniFiles->new( -file => $cfg_file );
1245 my $server_check = $server_check_cfg->val( "server", "ip");
1246 if( defined $server_check ) {
1247 unshift(@servers, $server_address);
1248 my $servers_string = join(", ", @servers);
1249 daemon_log("found servers in configuration file: $servers_string", 5);
1250 }
1251 else {
1252 if ( !$server_domain) {
1253 daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
1254 kill 2, $$;
1255 }
1256 my @tmp_servers = &get_server_addresses($server_domain);
1257 if( 0 == @tmp_servers ) {
1258 daemon_log("ERROR: no gosa-si-server found in DNS for domain '$server_domain'",1);
1259 daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
1260 kill 2, $$;
1261 }
1263 foreach my $server (@tmp_servers) {
1264 unshift(@servers, $server);
1265 }
1266 my $servers_string = join(", ", @servers);
1267 daemon_log("found servers in DNS: $servers_string", 5);
1268 }
1271 # open fifo for non-gosa-si-client-msgs to gosa-si-server
1272 POSIX::mkfifo("$gosa_si_client_fifo", "0600");
1275 POE::Session->create(
1276 inline_states => {
1277 _start => \&_start,
1278 register_at_gosa_si_server => \®ister_at_gosa_si_server,
1279 trigger_new_key => \&trigger_new_key,
1281 # handle records from each defined file differently
1282 fifo_record => \&fifo_got_record,
1284 # handle file resets and errors the same way for each file
1285 file_reset => \&generic_file_reset,
1286 file_error => \&generic_file_error,
1287 }
1288 );
1290 POE::Kernel->run();
1291 exit;