86bae5f7f0f28dfd127c59481307dc1116a0a6fc
1 #!/usr/bin/perl
2 #===============================================================================
3 #
4 # FILE: gosa-server
5 #
6 # USAGE: gosa-si-client
7 #
8 # DESCRIPTION:
9 #
10 # OPTIONS: ---
11 # REQUIREMENTS: libnetaddr-ip-perl
12 # BUGS: ---
13 # NOTES:
14 # AUTHOR: (Andreas Rettenberger), <rettenberger@gonicus.de>
15 # COMPANY:
16 # VERSION: 1.0
17 # CREATED: 12.09.2007 08:54:41 CEST
18 # REVISION: ---
19 #===============================================================================
21 use strict;
22 use warnings;
23 use Getopt::Long;
24 use Config::IniFiles;
25 use POSIX;
26 use Time::HiRes qw( gettimeofday );
28 use POE qw(Component::Server::TCP);
29 use IO::Socket::INET;
30 use NetAddr::IP;
31 use Data::Dumper;
32 use Crypt::Rijndael;
33 use GOSA::GosaSupportDaemon;
34 use Digest::MD5 qw(md5_hex md5 md5_base64);
35 use MIME::Base64;
36 use XML::Simple;
37 use Net::DNS;
39 my $event_dir = "/usr/lib/gosa-si/client/events";
40 use lib "/usr/lib/gosa-si/client/events";
42 my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $procid, $pid, $log_file, $fai_logpath);
43 my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain, $server_key_lifetime);
44 my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
45 my $xml;
46 my $default_server_key;
47 my $event_hash;
48 my @servers;
49 my $gotoHardwareChecksum;
50 $verbose= 1;
52 # globalise variables which are used in imported events
53 our $cfg_file;
54 our $server_address;
55 our $client_address;
56 our $server_key;
58 # default variables
59 our $REGISTERED = 0;
61 %cfg_defaults = (
62 "general" =>
63 {"log-file" => [\$log_file, "/var/run/".$0.".log"],
64 "pid-file" => [\$pid_file, "/var/run/".$0.".pid"],
65 },
66 "client" =>
67 {"port" => [\$client_port, "20083"],
68 "ip" => [\$client_ip, "0.0.0.0"],
69 "mac-address" => [\$client_mac_address, "00:00:00:00:00:00"],
70 "server-domain" => [\$server_domain, ""],
71 "ldap" => [\$ldap_enabled, 1],
72 "ldap-config" => [\$ldap_config, "/etc/ldap/ldap.conf"],
73 "pam-config" => [\$pam_config, "/etc/pam_ldap.conf"],
74 "nss-config" => [\$nss_config, "/etc/libnss_ldap.conf"],
75 "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"],
76 },
77 "server" => {
78 "ip" => [\$server_ip, "127.0.0.1"],
79 "port" => [\$server_port, "20081"],
80 "key" => [\$server_key, ""],
81 "timeout" => [\$server_timeout, 10],
82 "key-lifetime" => [\$server_key_lifetime, 600],
83 },
85 );
88 #=== FUNCTIONS = functions =====================================================
90 #=== FUNCTION ================================================================
91 # NAME: check_cmdline_param
92 # PARAMETERS:
93 # RETURNS:
94 # DESCRIPTION:
95 #===============================================================================
96 sub check_cmdline_param () {
97 my $err_config;
98 my $err_counter = 0;
99 if(not defined($cfg_file)) {
100 $cfg_file = "/etc/gosa-si/client.conf";
101 if(! -r $cfg_file) {
102 $err_config = "please specify a config file";
103 $err_counter += 1;
104 }
105 }
106 if( $err_counter > 0 ) {
107 &usage( "", 1 );
108 if( defined( $err_config)) { print STDERR "$err_config\n"}
109 print STDERR "\n";
110 exit( -1 );
111 }
112 }
115 #=== FUNCTION ================================================================
116 # NAME: read_configfile
117 # PARAMETERS: cfg_file - string -
118 # RETURNS:
119 # DESCRIPTION:
120 #===============================================================================
121 sub read_configfile {
122 my ($cfg_file, %cfg_defaults) = @_ ;
123 my $cfg;
124 if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
125 if( -r $cfg_file ) {
126 $cfg = Config::IniFiles->new( -file => $cfg_file );
127 } else {
128 print STDERR "Couldn't read config file!";
129 }
130 } else {
131 $cfg = Config::IniFiles->new() ;
132 }
133 foreach my $section (keys %cfg_defaults) {
134 foreach my $param (keys %{$cfg_defaults{ $section }}) {
135 my $pinfo = $cfg_defaults{ $section }{ $param };
136 ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
137 }
138 }
139 }
142 #=== FUNCTION ================================================================
143 # NAME: check_pid
144 # PARAMETERS:
145 # RETURNS:
146 # DESCRIPTION:
147 #===============================================================================
148 sub check_pid {
149 $pid = -1;
150 # Check, if we are already running
151 if( open(LOCK_FILE, "<$pid_file") ) {
152 $pid = <LOCK_FILE>;
153 if( defined $pid ) {
154 chomp( $pid );
155 if( -f "/proc/$pid/stat" ) {
156 my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
157 if( $0 eq $stat ) {
158 close( LOCK_FILE );
159 exit -1;
160 }
161 }
162 }
163 close( LOCK_FILE );
164 unlink( $pid_file );
165 }
167 # create a syslog msg if it is not to possible to open PID file
168 if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
169 my($msg) = "Couldn't obtain lockfile '$pid_file' ";
170 if (open(LOCK_FILE, '<', $pid_file)
171 && ($pid = <LOCK_FILE>))
172 {
173 chomp($pid);
174 $msg .= "(PID $pid)\n";
175 } else {
176 $msg .= "(unable to read PID)\n";
177 }
178 if( ! ($foreground) ) {
179 openlog( $0, "cons,pid", "daemon" );
180 syslog( "warning", $msg );
181 closelog();
182 }
183 else {
184 print( STDERR " $msg " );
185 }
186 exit( -1 );
187 }
188 }
191 #=== FUNCTION ================================================================
192 # NAME: logging
193 # PARAMETERS: level - string - default 'info'
194 # msg - string -
195 # facility - string - default 'LOG_DAEMON'
196 # RETURNS:
197 # DESCRIPTION:
198 #===============================================================================
199 sub daemon_log {
200 # log into log_file
201 my( $msg, $level ) = @_;
202 if(not defined $msg) { return }
203 if(not defined $level) { $level = 1 }
204 if(defined $log_file){
205 open(LOG_HANDLE, ">>$log_file");
206 if(not defined open( LOG_HANDLE, ">>$log_file" )) {
207 print STDERR "cannot open $log_file: $!";
208 return }
209 chomp($msg);
210 if($level <= $verbose){
211 my ($seconds, $minutes, $hours, $monthday, $month,
212 $year, $weekday, $yearday, $sommertime) = localtime(time);
213 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
214 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
215 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
216 my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
217 $month = $monthnames[$month];
218 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
219 $year+=1900;
220 my $name = $0;
221 $name =~ s/\.\///;
223 my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n";
224 print LOG_HANDLE $log_msg;
225 if( $foreground ) {
226 print STDERR $log_msg;
227 }
228 }
229 close( LOG_HANDLE );
230 }
231 #log into syslog
232 # my ($msg, $level, $facility) = @_;
233 # if(not defined $msg) {return}
234 # if(not defined $level) {$level = "info"}
235 # if(not defined $facility) {$facility = "LOG_DAEMON"}
236 # openlog($0, "pid,cons,", $facility);
237 # syslog($level, $msg);
238 # closelog;
239 # return;
240 }
243 #=== FUNCTION ================================================================
244 # NAME: get_interfaces
245 # PARAMETERS: none
246 # RETURNS: (list of interfaces)
247 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
248 #===============================================================================
249 sub get_interfaces {
250 my @result;
251 my $PROC_NET_DEV= ('/proc/net/dev');
253 open(PROC_NET_DEV, "<$PROC_NET_DEV")
254 or die "Could not open $PROC_NET_DEV";
256 my @ifs = <PROC_NET_DEV>;
258 close(PROC_NET_DEV);
260 # Eat first two line
261 shift @ifs;
262 shift @ifs;
264 chomp @ifs;
265 foreach my $line(@ifs) {
266 my $if= (split /:/, $line)[0];
267 $if =~ s/^\s+//;
268 push @result, $if;
269 }
271 return @result;
272 }
274 #=== FUNCTION ================================================================
275 # NAME: get_mac
276 # PARAMETERS: interface name (i.e. eth0)
277 # RETURNS: (mac address)
278 # DESCRIPTION: Uses ioctl to get mac address directly from system.
279 #===============================================================================
280 sub get_mac {
281 my $ifreq= shift;
282 my $result;
283 if ($ifreq && length($ifreq) > 0) {
284 if($ifreq eq "all") {
285 if(defined($server_ip)) {
286 $result = &get_local_mac_for_remote_ip($server_ip);
287 }
288 elsif ($client_mac_address && length($client_mac_address) > 0 && !($client_mac_address eq "00:00:00:00:00:00")){
289 $result = &client_mac_address;
290 }
291 else {
292 $result = "00:00:00:00:00:00";
293 }
294 } else {
295 my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list
297 # A configured MAC Address should always override a guessed value
298 if ($client_mac_address and length($client_mac_address) > 0 and not($client_mac_address eq "00:00:00:00:00:00")) {
299 $result= $client_mac_address;
300 }
301 else {
302 socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
303 or die "socket: $!";
305 if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
306 my ($if, $mac)= unpack 'h36 H12', $ifreq;
308 if (length($mac) > 0) {
309 $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
310 $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
311 $result = $mac;
312 }
313 }
314 }
315 }
316 }
317 return $result;
318 }
321 #=== FUNCTION ================================================================
322 # NAME: get_interface_for_ip
323 # PARAMETERS: ip address (i.e. 192.168.0.1)
324 # RETURNS: array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else
325 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
326 #===============================================================================
327 sub get_interface_for_ip {
328 my $result;
329 my $ip= shift;
330 if ($ip && length($ip) > 0) {
331 my @ifs= &get_interfaces();
332 if($ip eq "0.0.0.0") {
333 $result = "all";
334 } else {
335 foreach (@ifs) {
336 my $if=$_;
337 if(get_ip($if) eq $ip) {
338 $result = $if;
339 last;
340 }
341 }
342 }
343 }
344 return $result;
345 }
348 #=== FUNCTION ================================================================
349 # NAME: get_ip
350 # PARAMETERS: interface name (i.e. eth0)
351 # RETURNS: (ip address)
352 # DESCRIPTION: Uses ioctl to get ip address directly from system.
353 #===============================================================================
354 sub get_ip {
355 my $ifreq= shift;
356 my $result= "";
357 my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
358 my $proto= getprotobyname('ip');
360 socket SOCKET, PF_INET, SOCK_DGRAM, $proto
361 or die "socket: $!";
363 if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
364 my ($if, $sin) = unpack 'a16 a16', $ifreq;
365 my ($port, $addr) = sockaddr_in $sin;
366 my $ip = inet_ntoa $addr;
368 if ($ip && length($ip) > 0) {
369 $result = $ip;
370 }
371 }
373 return $result;
374 }
377 #=== FUNCTION ================================================================
378 # NAME: get_local_mac_for_remote_ip
379 # PARAMETERS: none (takes server_ip from global variable)
380 # RETURNS: (ip address from interface that is used for communication)
381 # DESCRIPTION: Uses ioctl to get routing table from system, checks which entry
382 # matches (defaultroute last).
383 #===============================================================================
384 sub get_local_mac_for_remote_ip {
385 my $server_ip= shift;
386 my $result= "00:00:00:00:00:00";
388 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
389 my $PROC_NET_ROUTE= ('/proc/net/route');
391 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
392 or die "Could not open $PROC_NET_ROUTE";
394 my @ifs = <PROC_NET_ROUTE>;
396 close(PROC_NET_ROUTE);
398 # Eat header line
399 shift @ifs;
400 chomp @ifs;
401 foreach my $line(@ifs) {
402 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
403 my $destination;
404 my $mask;
405 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
406 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
407 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
408 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
409 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
410 # destination matches route, save mac and exit
411 $result= &get_mac($Iface);
412 last;
413 }
414 }
415 } else {
416 daemon_log("get_local_mac_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
417 }
418 return $result;
419 }
421 sub get_local_ip_for_remote_ip {
422 my $server_ip= shift;
423 my $result="0.0.0.0";
425 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
426 if($server_ip eq "127.0.0.1") {
427 $result="127.0.0.1";
428 } else {
429 my $PROC_NET_ROUTE= ('/proc/net/route');
431 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
432 or die "Could not open $PROC_NET_ROUTE";
434 my @ifs = <PROC_NET_ROUTE>;
436 close(PROC_NET_ROUTE);
438 # Eat header line
439 shift @ifs;
440 chomp @ifs;
441 foreach my $line(@ifs) {
442 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
443 my $destination;
444 my $mask;
445 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
446 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
447 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
448 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
449 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
450 # destination matches route, save mac and exit
451 $result= &get_ip($Iface);
452 last;
453 }
454 }
455 }
456 } else {
457 daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
458 }
459 return $result;
460 }
462 sub new_ldap_config {
463 my ($msg_hash) = @_ ;
464 my $element;
465 my @ldap_uris;
466 my $ldap_base;
467 my @ldap_options;
468 my @pam_options;
469 my @nss_options;
470 my $goto_admin;
471 my $goto_secret;
472 my $admin_base= "";
473 my $department= "";
474 my $release= "";
475 my $unit_tag;
477 # Transform input into array
478 while ( my ($key, $value) = each(%$msg_hash) ) {
479 if ($key =~ /^(source|target|header)$/) {
480 next;
481 }
483 foreach $element (@$value) {
484 if ($key =~ /^ldap_uri$/) {
485 push (@ldap_uris, $element);
486 next;
487 }
488 if ($key =~ /^ldap_base$/) {
489 $ldap_base= $element;
490 next;
491 }
492 if ($key =~ /^goto_admin$/) {
493 $goto_admin= $element;
494 next;
495 }
496 if ($key =~ /^goto_secret$/) {
497 $goto_secret= $element;
498 next;
499 }
500 if ($key =~ /^ldap_cfg$/) {
501 push (@ldap_options, "$element");
502 next;
503 }
504 if ($key =~ /^pam_cfg$/) {
505 push (@pam_options, "$element");
506 next;
507 }
508 if ($key =~ /^nss_cfg$/) {
509 push (@nss_options, "$element");
510 next;
511 }
512 if ($key =~ /^admin_base$/) {
513 $admin_base= $element;
514 next;
515 }
516 if ($key =~ /^department$/) {
517 $department= $element;
518 next;
519 }
520 if ($key =~ /^unit_tag$/) {
521 $unit_tag= $element;
522 next;
523 }
524 if ($key =~ /^release$/) {
525 $release= $element;
526 next;
527 }
528 }
529 }
531 # Unit tagging enabled?
532 if (defined $unit_tag){
533 push (@pam_options, "pam_filter gosaUnitTag=$unit_tag");
534 push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag");
535 push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag");
536 }
538 # Setup ldap.conf
539 my $file1;
540 my $file2;
541 open(file1, "> $ldap_config");
542 print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
543 print file1 "URI";
544 foreach $element (@ldap_uris) {
545 print file1 " $element";
546 }
547 print file1 "\nBASE $ldap_base\n";
548 foreach $element (@ldap_options) {
549 print file1 "$element\n";
550 }
551 close (file1);
552 daemon_log("wrote $ldap_config", 5);
554 # Setup pam_ldap.conf / libnss_ldap.conf
555 open(file1, "> $pam_config");
556 open(file2, "> $nss_config");
557 print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
558 print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n";
559 print file1 "uri";
560 print file2 "uri";
561 foreach $element (@ldap_uris) {
562 print file1 " $element";
563 print file2 " $element";
564 }
565 print file1 "\nbase $ldap_base\n";
566 print file2 "\nbase $ldap_base\n";
567 foreach $element (@pam_options) {
568 print file1 "$element\n";
569 }
570 foreach $element (@nss_options) {
571 print file2 "$element\n";
572 }
573 close (file2);
574 daemon_log("wrote $nss_config", 5);
575 close (file1);
576 daemon_log("wrote $pam_config", 5);
578 # Create goto.secrets if told so - for compatibility reasons
579 if (defined $goto_admin){
580 open(file1, "> /etc/goto/secret");
581 close(file1);
582 chown(0,0, "/etc/goto/secret");
583 chmod(0600, "/etc/goto/secret");
584 open(file1, "> /etc/goto/secret");
585 print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n";
586 close(file1);
587 daemon_log("wrote /etc/goto/secret", 5);
588 }
592 # Write shell based config
593 my $cfg_name= dirname($ldap_config)."/ldap-shell.conf";
594 open(file1, "> $cfg_name");
595 print file1 "LDAP_BASE=\"$ldap_base\"\n";
596 print file1 "ADMIN_BASE=\"$admin_base\"\n";
597 print file1 "DEPARTMENT=\"$department\"\n";
598 print file1 "RELEASE=\"$release\"\n";
599 print file1 "UNIT_TAG=\"".(defined $unit_tag ? "$unit_tag" : "")."\"\n";
600 print file1 "UNIT_TAG_FILTER=\"".(defined $unit_tag ? "(gosaUnitTag=$unit_tag)" : "")."\"\n";
601 close(file1);
602 daemon_log("wrote $cfg_name", 5);
604 return;
606 }
609 sub generate_hw_digest {
610 my $hw_data;
611 foreach my $line (split /\n/, `cat /proc/bus/pci/devices`) {
612 $hw_data.= sprintf "%s", $line =~ /[^\s]+\s([^\s]+)\s.*/;
613 }
614 return(md5_base64($hw_data));
615 }
618 sub create_passwd {
619 my $new_passwd = "";
620 for(my $i=0; $i<31; $i++) {
621 $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))]
622 }
624 return $new_passwd;
625 }
628 sub get_server_addresses {
629 my $domain= shift;
630 my @result;
632 my $error = 0;
633 my $res = Net::DNS::Resolver->new;
634 my $query = $res->send("_gosad._tcp.".$domain, "SRV");
635 my @hits;
637 if ($query) {
638 foreach my $rr ($query->answer) {
639 push(@hits, $rr->target.":".$rr->port);
640 }
641 }
642 else {
643 #warn "query failed: ", $res->errorstring, "\n";
644 $error++;
645 }
647 if( $error == 0 ) {
648 foreach my $hit (@hits) {
649 my ($hit_name, $hit_port) = split(/:/, $hit);
651 my $address_query = $res->send($hit_name);
652 if( 1 == length($address_query->answer) ) {
653 foreach my $rr ($address_query->answer) {
654 push(@result, $rr->address.":".$hit_port);
655 }
656 }
657 }
658 }
660 # my $dig_cmd= 'dig +nocomments srv _gosad._tcp.'.$domain;
661 #
662 # my $output= `$dig_cmd 2>&1`;
663 # open (PIPE, "$dig_cmd 2>&1 |");
664 # while(<PIPE>) {
665 # chomp $_;
666 # # If it's not a comment
667 # if($_ =~ m/^[^;]/) {
668 # my @matches= split /\s+/;
669 #
670 # # Push hostname with port
671 # if($matches[3] eq 'SRV') {
672 # push @result, $matches[7].':'.$matches[6];
673 # } elsif ($matches[3] eq 'A') {
674 # my $i=0;
675 #
676 # # Substitute the hostname with the ip address of the matching A record
677 # foreach my $host (@result) {
678 # if ((split /\:/, $host)[0] eq $matches[0]) {
679 # $result[$i]= $matches[4].':'.(split /\:/, $host)[1];
680 # }
681 # $i++;
682 # }
683 # }
684 # }
685 # }
686 # close(PIPE);
687 return @result;
688 }
691 ##=== FUNCTION ================================================================
692 ## NAME: create_ciphering
693 ## PARAMETERS: passwd - string - used to create ciphering
694 ## RETURNS: cipher - object
695 ## DESCRIPTION: creates a Crypt::Rijndael::MODE_CBC object with passwd as key
696 ##===============================================================================
697 #sub create_ciphering {
698 # my ($passwd) = @_;
699 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
700 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
701 #
702 # #daemon_log("iv: $iv", 7);
703 # #daemon_log("key: $passwd", 7);
704 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
705 # $my_cipher->set_iv($iv);
706 # return $my_cipher;
707 #}
708 #
709 #
710 #sub create_ciphering {
711 # my ($passwd) = @_;
712 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
713 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
714 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
715 # $my_cipher->set_iv($iv);
716 # return $my_cipher;
717 #}
718 #
719 #
720 #sub encrypt_msg {
721 # my ($msg, $key) = @_;
722 # my $my_cipher = &create_ciphering($key);
723 # {
724 # use bytes;
725 # $msg = "\0"x(16-length($msg)%16).$msg;
726 # }
727 # $msg = $my_cipher->encrypt($msg);
728 # chomp($msg = &encode_base64($msg));
729 # # there are no newlines allowed inside msg
730 # $msg=~ s/\n//g;
731 # return $msg;
732 #}
733 #
734 #
735 #sub decrypt_msg {
736 # my ($msg, $key) = @_ ;
737 # $msg = &decode_base64($msg);
738 # my $my_cipher = &create_ciphering($key);
739 # $msg = $my_cipher->decrypt($msg);
740 # $msg =~ s/\0*//g;
741 # return $msg;
742 #}
745 #=== FUNCTION ================================================================
746 # NAME: send_msg_hash_to_target
747 # PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash
748 # PeerAddr string - socket address to send msg
749 # PeerPort string - socket port, if not included in socket address
750 # RETURNS: nothing
751 # DESCRIPTION: ????
752 #===============================================================================
753 sub send_msg_hash_to_target {
754 my ($msg_hash, $address, $encrypt_key) = @_ ;
755 my $msg = &create_xml_string($msg_hash);
756 my $header = @{$msg_hash->{'header'}}[0];
757 my $error = &send_msg_to_target($msg, $address, $encrypt_key, $header);
759 return $error;
760 }
763 sub send_msg_to_target {
764 my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
765 my $error = 0;
767 if( $msg_header ) {
768 $msg_header = "'$msg_header'-";
769 }
770 else {
771 $msg_header = "";
772 }
774 # encrypt xml msg
775 my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
777 # opensocket
778 my $socket = &open_socket($address);
779 if( !$socket ) {
780 daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1);
781 $error++;
782 }
784 if( $error == 0 ) {
785 # send xml msg
786 print $socket $crypted_msg."\n";
788 daemon_log("send ".$msg_header."msg to $address", 1);
789 daemon_log("message:\n$msg", 8);
791 }
793 # close socket in any case
794 if( $socket ) {
795 close $socket;
796 }
798 return $error;
799 }
802 sub open_socket {
803 my ($PeerAddr, $PeerPort) = @_ ;
804 if(defined($PeerPort)){
805 $PeerAddr = $PeerAddr.":".$PeerPort;
806 }
807 my $socket;
808 $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
809 Porto => "tcp",
810 Type => SOCK_STREAM,
811 Timeout => 5,
812 );
813 if(not defined $socket) {
814 return;
815 }
816 &daemon_log("open_socket: $PeerAddr", 7);
817 return $socket;
818 }
821 #=== FUNCTION ================================================================
822 # NAME: register_at_server
823 # PARAMETERS:
824 # RETURNS:
825 # DESCRIPTION:
826 #===============================================================================
827 sub register_at_gosa_si_server {
828 my ($kernel) = $_[KERNEL];
830 if( not $REGISTERED ) {
832 # create new passwd and ciphering object for client-server communication
833 $server_key = &create_passwd();
835 my $events = join( ", ", keys %{$event_hash} );
837 while(1) {
839 # fetch first gosa-si-server from @servers
840 my $server = shift(@servers);
841 if( !$server ) {
842 daemon_log("no gosa-si-server left in list of servers", 1);
843 daemon_log("unable to register at a gosa-si-server, force shutdown", 1);
844 exit(1);
845 }
847 # Check if our ip is resolvable - if not: don't try to register
848 my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
849 my $resolver= Net::DNS::Resolver->new;
850 my $dnsresult= $resolver->search($ip);
851 if(!defined($dnsresult)) {
852 &write_to_file("goto-dns-error:Could not resolve hostname for ip $ip", $fai_logpath);
853 exit(1);
854 }
856 # create registration msg
857 my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
858 my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
859 my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server);
860 &add_content2xml_hash($register_hash, "new_passwd", $server_key);
861 &add_content2xml_hash($register_hash, "mac_address", $local_mac);
862 &add_content2xml_hash($register_hash, "events", $events);
863 &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum);
865 # send xml hash to server with general server passwd
866 my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key);
867 if($res == 0) {
868 # Set fixed client address
869 $client_ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
870 $client_address= "$client_ip:$client_port";
871 last;
872 } else {
873 next;
874 }
875 }
876 daemon_log("waiting for msg 'register_at_gosa_si_server'",1);
877 # $kernel->delay_set('register_at_gosa_si_server', 180);
878 $kernel->delay_set('register_at_gosa_si_server', 5);
879 # clear old settings and set it again
880 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
881 }
882 return;
883 }
886 sub check_key_and_xml_validity {
887 my ($crypted_msg, $module_key) = @_;
888 #print STDERR "crypted_msg:$crypted_msg\n";
889 #print STDERR "modul_key:$module_key\n";
891 my $msg;
892 my $msg_hash;
893 eval{
894 $msg = &decrypt_msg($crypted_msg, $module_key);
895 &main::daemon_log("decrypted_msg: \n$msg", 8);
897 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
899 # check header
900 my $header_l = $msg_hash->{'header'};
901 if( 1 != @{$header_l} ) {
902 die 'no or more headers specified';
903 }
904 my $header = @{$header_l}[0];
905 if( 0 == length $header) {
906 die 'header has length 0';
907 }
909 # check source
910 my $source_l = $msg_hash->{'source'};
911 if( 1 != @{$source_l} ) {
912 die 'no or more sources specified';
913 }
914 my $source = @{$source_l}[0];
915 if( 0 == length $source) {
916 die 'source has length 0';
917 }
919 # check target
920 my $target_l = $msg_hash->{'target'};
921 if( 1 != @{$target_l} ) {
922 die 'no or more targets specified ';
923 }
924 my $target = @{$target_l}[0];
925 if( 0 == length $target) {
926 die 'target has length 0 ';
927 }
929 };
930 if($@) {
931 &main::daemon_log("WARNING: do not understand the message or msg is not gosa-si envelope conform:", 5);
932 &main::daemon_log("$@", 8);
933 }
935 return ($msg, $msg_hash);
936 }
939 sub import_events {
941 if (not -e $event_dir) {
942 daemon_log("ERROR: cannot find directory or directory is not readable: $event_dir", 1);
943 }
944 opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n";
946 while (defined (my $event = readdir (DIR))) {
947 if( $event eq "." || $event eq ".." ) { next; }
949 eval{ require $event; };
950 if( $@ ) {
951 daemon_log("ERROR: import of event module '$event' failed", 1);
952 daemon_log("$@", 8);
953 next;
954 }
956 $event =~ /(\S*?).pm$/;
957 my $event_module = $1;
958 my $events_l = eval( $1."::get_events()") ;
959 foreach my $event_name (@{$events_l}) {
960 $event_hash->{$event_name} = $event_module;
961 }
963 }
964 }
966 sub trigger_new_key {
967 my ($kernel) = $_[KERNEL] ;
969 my $msg = "<xml><header>new_key</header><source>$client_address</source><target>$client_address</target></xml>";
970 &send_msg_to_target($msg, $client_address, $server_key, 'new_key');
972 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
974 }
977 sub _start {
978 my ($kernel) = $_[KERNEL];
979 $kernel->alias_set('client_session');
980 $kernel->yield('register_at_gosa_si_server');
981 }
984 sub server_input {
985 my ($kernel, $heap, $input, $wheel) = @_[KERNEL, HEAP, ARG0, ARG1];
986 my $error = 0;
987 my $answer;
989 daemon_log("Incoming msg:\n$input\n", 8);
991 my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $server_key);
992 if( (!$msg) || (!$msg_hash) ) {
993 daemon_log("Deciphering of incoming msg failed", 5);
994 $error++;
995 }
998 ######################
999 # process incoming msg
1000 if( $error == 0 ) {
1001 my $header = @{$msg_hash->{header}}[0];
1002 my $source = @{$msg_hash->{source}}[0];
1004 if( exists $event_hash->{$header} ) {
1005 # a event exists with the header as name
1006 daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5);
1007 no strict 'refs';
1008 $answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash);
1009 }
1010 else {
1011 daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 1);
1012 }
1013 }
1015 ########
1016 # answer
1017 if( $answer ) {
1018 # preprocessing
1019 if( $answer =~ "<header>registered</header>") {
1020 # set registered flag to true to stop sending further registered msgs
1021 $REGISTERED = 1;
1022 }
1023 else {
1024 &send_msg_to_target($answer, $server_address, $server_key);
1025 }
1026 # postprocessing
1027 if( $answer =~ "<header>new_key</header>") {
1028 # set new key to global variable
1029 $answer =~ /<new_key>(\S*?)<\/new_key>/;
1030 my $new_key = $1;
1031 $server_key = $new_key;
1032 }
1033 }
1035 return;
1036 }
1038 #==== MAIN = main ==============================================================
1039 # parse commandline options
1040 Getopt::Long::Configure( "bundling" );
1041 GetOptions("h|help" => \&usage,
1042 "c|config=s" => \$cfg_file,
1043 "f|foreground" => \$foreground,
1044 "v|verbose+" => \$verbose,
1045 );
1047 # read and set config parameters
1048 &check_cmdline_param ;
1049 &read_configfile($cfg_file, %cfg_defaults);
1050 &check_pid;
1053 # forward error messages to logfile
1054 if ( ! $foreground ) {
1055 open STDIN, '/dev/null' or die "Can’t read /dev/null: $!";
1056 open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!";
1057 open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!";
1058 }
1060 # Just fork, if we are not in foreground mode
1061 if( ! $foreground ) {
1062 chdir '/' or die "Can't chdir to /: $!";
1063 $pid = fork;
1064 setsid or die "Can't start a new session: $!";
1065 umask 0;
1066 }
1067 else {
1068 $pid = $$;
1069 }
1071 # Do something useful - put our PID into the pid_file
1072 if( 0 != $pid ) {
1073 open( LOCK_FILE, ">$pid_file" );
1074 print LOCK_FILE "$pid\n";
1075 close( LOCK_FILE );
1076 if( !$foreground ) {
1077 exit( 0 )
1078 };
1079 }
1081 daemon_log(" ", 1);
1082 daemon_log("$0 started!", 1);
1084 # delete old DBsqlite lock files
1085 system('rm -f /tmp/gosa_si_lock*gosa-si-client*');
1087 # detect ip and mac address and complete host address
1088 $client_address = $client_ip.":".$client_port;
1089 my $network_interface= &get_interface_for_ip($client_ip);
1090 $client_mac_address= &get_mac($network_interface);
1091 daemon_log("gosa-si-client ip address detected: $client_ip", 1);
1092 daemon_log("gosa-si-client mac address detected: $client_mac_address", 1);
1095 # import events
1096 &import_events();
1099 # compute hardware checksum
1100 $gotoHardwareChecksum= &generate_hw_digest();
1101 daemon_log("gosa-si-client gotoHardwareChecksum detected: $gotoHardwareChecksum", 1);
1104 # create socket for incoming xml messages
1105 POE::Component::Server::TCP->new(
1106 Alias => 'gosa-si-client',
1107 Port => $client_port,
1108 ClientInput => \&server_input,
1109 );
1110 daemon_log("start socket for incoming xml messages at port '$client_port' ", 1);
1113 # prepare variables
1114 if (defined $server_ip && defined $server_port) {
1115 $server_address = $server_ip.":".$server_port;
1116 }
1117 $xml = new XML::Simple();
1118 $default_server_key = $server_key;
1121 # add gosa-si-server address from config file at first position of server list
1122 if (defined $server_address) {
1123 unshift(@servers, $server_address);
1124 my $servers_string = join(", ", @servers);
1125 daemon_log("found servers in configuration file: $servers_string", 5);
1126 }
1127 else {
1128 if ( !$server_domain) {
1129 daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
1130 exit( 1 );
1131 }
1132 my @tmp_servers = &get_server_addresses($server_domain);
1133 foreach my $server (@tmp_servers) {
1134 unshift(@servers, $server);
1135 }
1136 my $servers_string = join(", ", @servers);
1137 daemon_log("found servers in DNS: $servers_string", 5);
1138 }
1143 POE::Session->create(
1144 inline_states => {
1145 _start => \&_start,
1146 register_at_gosa_si_server => \®ister_at_gosa_si_server,
1147 trigger_new_key => \&trigger_new_key,
1148 }
1149 );
1151 POE::Kernel->run();
1152 exit;