It's goto-error-dns...

[gosa.git] / gosa-si / gosa-si-client

#!/usr/bin/perl
#===============================================================================
#
#         FILE:  gosa-server
#
#        USAGE:  gosa-si-client
#
#  DESCRIPTION:
#
#      OPTIONS:  ---
# REQUIREMENTS:  libnetaddr-ip-perl
#         BUGS:  ---
#        NOTES:
#       AUTHOR:   (Andreas Rettenberger), <rettenberger@gonicus.de>
#      COMPANY:
#      VERSION:  1.0
#      CREATED:  12.09.2007 08:54:41 CEST
#     REVISION:  ---
#===============================================================================

use strict;
use warnings;
use Getopt::Long;
use Config::IniFiles;
use POSIX;
use Time::HiRes qw( gettimeofday );

use POE qw(Component::Server::TCP);
use IO::Socket::INET;
use NetAddr::IP;
use Data::Dumper;
use Crypt::Rijndael;
use GOSA::GosaSupportDaemon;
use Digest::MD5  qw(md5_hex md5 md5_base64);
use MIME::Base64;
use XML::Simple;
use Net::DNS;

my $event_dir = "/usr/lib/gosa-si/client/events";
use lib "/usr/lib/gosa-si/client/events";

my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $opts_file, $procid, $pid, $log_file, $fai_logpath);
my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain, $server_key_lifetime);
my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
my $xml;
my $default_server_key;
my $event_hash;
my @servers;
my $gotoHardwareChecksum;
$verbose= 1;

# globalise variables which are used in imported events
our $cfg_file;
our $server_address;
our $client_address;
our $server_key;

# default variables
our $REGISTERED = 0;
my $try_to_register = 0;

%cfg_defaults = (
"general" =>
    {"log-file"           => [\$log_file, "/var/run/".$0.".log"],
    "pid-file"            => [\$pid_file, "/var/run/".$0.".pid"],
    "opts-file"            => [\$opts_file, "/var/run/".$0.".opts"],
    },
"client" => 
    {"port"        => [\$client_port, "20083"],
     "ip"          => [\$client_ip, "0.0.0.0"],
     "mac-address" => [\$client_mac_address, "00:00:00:00:00:00"],
     "server-domain"       => [\$server_domain, ""],
     "ldap"               => [\$ldap_enabled, 1],
     "ldap-config"        => [\$ldap_config, "/etc/ldap/ldap.conf"],
     "pam-config"         => [\$pam_config, "/etc/pam_ldap.conf"],
     "nss-config"         => [\$nss_config, "/etc/libnss_ldap.conf"],
     "fai-logpath"         => [\$fai_logpath, "/var/log/fai/fai.log"],
    },
"server" => {
    "ip"          => [\$server_ip, "127.0.0.1"],
    "port"         => [\$server_port, "20081"],
    "key"          => [\$server_key, ""],
    "timeout"      => [\$server_timeout, 10],
    "key-lifetime" => [\$server_key_lifetime, 600], 
    },

);


#=== FUNCTIONS = functions =====================================================

#===  FUNCTION  ================================================================
#         NAME: check_cmdline_param
#   PARAMETERS: 
#      RETURNS:  
#  DESCRIPTION: 
#===============================================================================
sub check_cmdline_param () {
    my $err_config;
    my $err_counter = 0;
        if(not defined($cfg_file)) {
                $cfg_file = "/etc/gosa-si/client.conf";
                if(! -r $cfg_file) {
                        $err_config = "please specify a config file";
                        $err_counter += 1;
                }
    }
    if( $err_counter > 0 ) {
        &usage( "", 1 );
        if( defined( $err_config)) { print STDERR "$err_config\n"}
        print STDERR "\n";
        exit( -1 );
    }
}


#===  FUNCTION  ================================================================
#         NAME:  read_configfile
#   PARAMETERS:  cfg_file - string - 
#      RETURNS:  
#  DESCRIPTION: 
#===============================================================================
sub read_configfile {
    my ($cfg_file, %cfg_defaults) = @_ ;
    my $cfg;
    if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
        if( -r $cfg_file ) {
            $cfg = Config::IniFiles->new( -file => $cfg_file );
        } else {
            print STDERR "Couldn't read config file!";
        }
    } else {
        $cfg = Config::IniFiles->new() ;
    }
    foreach my $section (keys %cfg_defaults) {
        foreach my $param (keys %{$cfg_defaults{ $section }}) {
            my $pinfo = $cfg_defaults{ $section }{ $param };
            ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
        }
    }
}


#===  FUNCTION  ================================================================
#         NAME: check_pid
#   PARAMETERS:
#      RETURNS:
#  DESCRIPTION:
#===============================================================================
sub check_pid {
    $pid = -1;
    # Check, if we are already running
    if( open(LOCK_FILE, "<$pid_file") ) {
        $pid = <LOCK_FILE>;
        if( defined $pid ) {
            chomp( $pid );
            if( -f "/proc/$pid/stat" ) {
                my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
                if( $0 eq $stat ) {
                    close( LOCK_FILE );
                    exit -1;
                }
            }
        }
        close( LOCK_FILE );
        unlink( $pid_file );
    }

    # create a syslog msg if it is not to possible to open PID file
    if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
        my($msg) = "Couldn't obtain lockfile '$pid_file' ";
        if (open(LOCK_FILE, '<', $pid_file)
                && ($pid = <LOCK_FILE>))
        {
            chomp($pid);
            $msg .= "(PID $pid)\n";
        } else {
            $msg .= "(unable to read PID)\n";
        }
        if( ! ($foreground) ) {
            openlog( $0, "cons,pid", "daemon" );
            syslog( "warning", $msg );
            closelog();
        }
        else {
            print( STDERR " $msg " );
        }
        exit( -1 );
    }
}


#===  FUNCTION  ================================================================
#         NAME:  logging
#   PARAMETERS:  level - string - default 'info' 
#                msg - string - 
#                facility - string - default 'LOG_DAEMON' 
#      RETURNS:  
#  DESCRIPTION: 
#===============================================================================
sub daemon_log {
    # log into log_file
    my( $msg, $level ) = @_;
    if(not defined $msg) { return }
    if(not defined $level) { $level = 1 }
    if(defined $log_file){
        open(LOG_HANDLE, ">>$log_file");
        if(not defined open( LOG_HANDLE, ">>$log_file" )) {
            print STDERR "cannot open $log_file: $!";
            return }
            chomp($msg);
            if($level <= $verbose){
                my ($seconds, $minutes, $hours, $monthday, $month,
                        $year, $weekday, $yearday, $sommertime) = localtime(time);
                $hours = $hours < 10 ? $hours = "0".$hours : $hours;
                $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
                $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
                my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
                $month = $monthnames[$month];
                $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
                $year+=1900;
                my $name = $0;
                $name =~ s/\.\///;

                my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n";
                print LOG_HANDLE $log_msg;
                if( $foreground ) { 
                    print STDERR $log_msg;
                }
            }
        close( LOG_HANDLE );
    }
#log into syslog
#    my ($msg, $level, $facility) = @_;
#    if(not defined $msg) {return}
#    if(not defined $level) {$level = "info"}
#    if(not defined $facility) {$facility = "LOG_DAEMON"}
#    openlog($0, "pid,cons,", $facility);
#    syslog($level, $msg);
#    closelog;
#    return;
}


#===  FUNCTION  ================================================================
#         NAME:  get_interfaces 
#   PARAMETERS:  none
#      RETURNS:  (list of interfaces) 
#  DESCRIPTION:  Uses proc fs (/proc/net/dev) to get list of interfaces.
#===============================================================================
sub get_interfaces {
    my @result;
    my $PROC_NET_DEV= ('/proc/net/dev');

    open(PROC_NET_DEV, "<$PROC_NET_DEV")
        or die "Could not open $PROC_NET_DEV";

    my @ifs = <PROC_NET_DEV>;

    close(PROC_NET_DEV);

    # Eat first two line
    shift @ifs;
    shift @ifs;

    chomp @ifs;
    foreach my $line(@ifs) {
        my $if= (split /:/, $line)[0];
        $if =~ s/^\s+//;
        push @result, $if;
    }

    return @result;
}

#===  FUNCTION  ================================================================
#         NAME:  get_mac 
#   PARAMETERS:  interface name (i.e. eth0)
#      RETURNS:  (mac address) 
#  DESCRIPTION:  Uses ioctl to get mac address directly from system.
#===============================================================================
sub get_mac {
        my $ifreq= shift;
        my $result;
        if ($ifreq && length($ifreq) > 0) { 
                if($ifreq eq "all") {
                        if(defined($server_ip)) {
                                $result = &get_local_mac_for_remote_ip($server_ip);
                        } 
                        elsif ($client_mac_address && length($client_mac_address) > 0 && !($client_mac_address eq "00:00:00:00:00:00")){
                                $result = &client_mac_address;
                        } 
                        else {
                                $result = "00:00:00:00:00:00";
                        }
                } else {
                        my $SIOCGIFHWADDR= 0x8927;     # man 2 ioctl_list

                        # A configured MAC Address should always override a guessed value
                        if ($client_mac_address and length($client_mac_address) > 0 and not($client_mac_address eq "00:00:00:00:00:00")) {
                                $result= $client_mac_address;
                        }
                        else {
                                socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
                                        or die "socket: $!";

                                if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
                                        my ($if, $mac)= unpack 'h36 H12', $ifreq;

                                        if (length($mac) > 0) {
                                                $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
                                                $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
                                                $result = $mac;
                                        }
                                }
                        }
                }
        }
        return $result;
}


#===  FUNCTION  ================================================================
#         NAME:  get_interface_for_ip
#   PARAMETERS:  ip address (i.e. 192.168.0.1)
#      RETURNS:  array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else
#  DESCRIPTION:  Uses proc fs (/proc/net/dev) to get list of interfaces.
#===============================================================================
sub get_interface_for_ip {
    my $result;
    my $ip= shift;
    if ($ip && length($ip) > 0) {
        my @ifs= &get_interfaces();
        if($ip eq "0.0.0.0") {
            $result = "all";
        } else {
            foreach (@ifs) {
                my $if=$_;
                if(get_ip($if) eq $ip) {
                    $result = $if;
                    last;
                }
            }       
        }
    }       
    return $result;
}


#===  FUNCTION  ================================================================
#         NAME:  get_ip 
#   PARAMETERS:  interface name (i.e. eth0)
#      RETURNS:  (ip address) 
#  DESCRIPTION:  Uses ioctl to get ip address directly from system.
#===============================================================================
sub get_ip {
    my $ifreq= shift;
    my $result= "";
    my $SIOCGIFADDR= 0x8915;       # man 2 ioctl_list
        my $proto= getprotobyname('ip');

    socket SOCKET, PF_INET, SOCK_DGRAM, $proto
        or die "socket: $!";

    if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
        my ($if, $sin)    = unpack 'a16 a16', $ifreq;
        my ($port, $addr) = sockaddr_in $sin;
        my $ip            = inet_ntoa $addr;

        if ($ip && length($ip) > 0) {
            $result = $ip;
        }
    }

    return $result;
}


#===  FUNCTION  ================================================================
#         NAME:  get_local_mac_for_remote_ip
#   PARAMETERS:  none (takes server_ip from global variable)
#      RETURNS:  (ip address from interface that is used for communication) 
#  DESCRIPTION:  Uses ioctl to get routing table from system, checks which entry
#                matches (defaultroute last).
#===============================================================================
sub get_local_mac_for_remote_ip {
        my $server_ip= shift;
        my $result= "00:00:00:00:00:00";

        if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
                my $PROC_NET_ROUTE= ('/proc/net/route');

                open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
                        or die "Could not open $PROC_NET_ROUTE";

                my @ifs = <PROC_NET_ROUTE>;

                close(PROC_NET_ROUTE);

                # Eat header line
                shift @ifs;
                chomp @ifs;
                foreach my $line(@ifs) {
                        my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
                        my $destination;
                        my $mask;
                        my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
                        $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
                        ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
                        $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
                        if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
                                # destination matches route, save mac and exit
                                $result= &get_mac($Iface);
                                last;
                        }
                }
        } else {
                daemon_log("get_local_mac_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
        }
        return $result;
}

sub get_local_ip_for_remote_ip {
        my $server_ip= shift;
        my $result="0.0.0.0";

        if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
                if($server_ip eq "127.0.0.1") {
                        $result="127.0.0.1";
                } else {
                        my $PROC_NET_ROUTE= ('/proc/net/route');

                        open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
                                or die "Could not open $PROC_NET_ROUTE";

                        my @ifs = <PROC_NET_ROUTE>;

                        close(PROC_NET_ROUTE);

                        # Eat header line
                        shift @ifs;
                        chomp @ifs;
                        foreach my $line(@ifs) {
                                my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
                                my $destination;
                                my $mask;
                                my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
                                $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
                                ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
                                $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
                                if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
                                        # destination matches route, save mac and exit
                                        $result= &get_ip($Iface);
                                        last;
                                }
                        }
                }
        } else {
                daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
        }
        return $result;
}

sub new_ldap_config {
    my ($msg_hash) = @_ ;
    my $element;
    my @ldap_uris;
    my $ldap_base;
    my @ldap_options;
    my @pam_options;
    my @nss_options;
    my $goto_admin;
    my $goto_secret;
    my $admin_base= "";
    my $department= "";
    my $release= "";
    my $unit_tag;

    # Transform input into array
    while ( my ($key, $value) = each(%$msg_hash) ) {
        if ($key =~ /^(source|target|header)$/) {
                next;
        }

        foreach $element (@$value) {
                if ($key =~ /^ldap_uri$/) {
                        push (@ldap_uris, $element);
                        next;
                }
                if ($key =~ /^ldap_base$/) {
                        $ldap_base= $element;
                        next;
                }
                if ($key =~ /^goto_admin$/) {
                        $goto_admin= $element;
                        next;
                }
                if ($key =~ /^goto_secret$/) {
                        $goto_secret= $element;
                        next;
                }
                if ($key =~ /^ldap_cfg$/) {
                        push (@ldap_options, "$element");
                        next;
                }
                if ($key =~ /^pam_cfg$/) {
                        push (@pam_options, "$element");
                        next;
                }
                if ($key =~ /^nss_cfg$/) {
                        push (@nss_options, "$element");
                        next;
                }
                if ($key =~ /^admin_base$/) {
                        $admin_base= $element;
                        next;
                }
                if ($key =~ /^department$/) {
                        $department= $element;
                        next;
                }
                if ($key =~ /^unit_tag$/) {
                        $unit_tag= $element;
                        next;
                }
                if ($key =~ /^release$/) {
                        $release= $element;
                        next;
                }
        }
    }

    # Unit tagging enabled?
    if (defined $unit_tag){
            push (@pam_options, "pam_filter gosaUnitTag=$unit_tag");
            push (@nss_options, "nss_base_passwd  $admin_base?sub?gosaUnitTag=$unit_tag");
            push (@nss_options, "nss_base_group   $admin_base?sub?gosaUnitTag=$unit_tag");
    }

    # Setup ldap.conf
    my $file1;
    my $file2;
    open(file1, "> $ldap_config");
    print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
    print file1 "URI";
    foreach $element (@ldap_uris) {
        print file1 " $element";
    }
    print file1 "\nBASE $ldap_base\n";
    foreach $element (@ldap_options) {
        print file1 "$element\n";
    }
    close (file1);
    daemon_log("wrote $ldap_config", 5);

    # Setup pam_ldap.conf / libnss_ldap.conf
    open(file1, "> $pam_config");
    open(file2, "> $nss_config");
    print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
    print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n";
    print file1 "uri";
    print file2 "uri";
    foreach $element (@ldap_uris) {
        print file1 " $element";
        print file2 " $element";
    }
    print file1 "\nbase $ldap_base\n";
    print file2 "\nbase $ldap_base\n";
    foreach $element (@pam_options) {
        print file1 "$element\n";
    }
    foreach $element (@nss_options) {
        print file2 "$element\n";
    }
    close (file2);
    daemon_log("wrote $nss_config", 5);
    close (file1);
    daemon_log("wrote $pam_config", 5);

    # Create goto.secrets if told so - for compatibility reasons
    if (defined $goto_admin){
            open(file1, "> /etc/goto/secret");
            close(file1);
            chown(0,0, "/etc/goto/secret");
            chmod(0600, "/etc/goto/secret");
            open(file1, "> /etc/goto/secret");
            print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n";
            close(file1);
            daemon_log("wrote /etc/goto/secret", 5);
    }

    

    # Write shell based config
    my $cfg_name= dirname($ldap_config)."/ldap-shell.conf";
    open(file1, "> $cfg_name");
    print file1 "LDAP_BASE=\"$ldap_base\"\n";
    print file1 "ADMIN_BASE=\"$admin_base\"\n";
    print file1 "DEPARTMENT=\"$department\"\n";
    print file1 "RELEASE=\"$release\"\n";
    print file1 "UNIT_TAG=\"".(defined $unit_tag ? "$unit_tag" : "")."\"\n";
    print file1 "UNIT_TAG_FILTER=\"".(defined $unit_tag ? "(gosaUnitTag=$unit_tag)" : "")."\"\n";
    close(file1);
    daemon_log("wrote $cfg_name", 5);

    return;

}


sub generate_hw_digest {
        my $hw_data;
        foreach my $line (split /\n/, `cat /proc/bus/pci/devices`) {
                $hw_data.= sprintf "%s", $line =~ /[^\s]+\s([^\s]+)\s.*/;
        }
        return(md5_base64($hw_data));
}


sub create_passwd {
    my $new_passwd = "";
    for(my $i=0; $i<31; $i++) {
        $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))]
    }

    return $new_passwd;
}


sub get_server_addresses {
    my $domain= shift;
    my @result;
 
    my $error = 0;
    my $res   = Net::DNS::Resolver->new;
    my $query = $res->send("_gosad._tcp.".$domain, "SRV");
    my @hits;

    if ($query) {
        foreach my $rr ($query->answer) {
            push(@hits, $rr->target.":".$rr->port);
        }
    }
    else {
        #warn "query failed: ", $res->errorstring, "\n";
        $error++;
    }

    if( $error == 0 ) {
        foreach my $hit (@hits) {
            my ($hit_name, $hit_port) = split(/:/, $hit);

            my $address_query = $res->send($hit_name);
            if( 1 == length($address_query->answer) ) {
                foreach my $rr ($address_query->answer) {
                    push(@result, $rr->address.":".$hit_port);
                }
            }
        }
    }

#    my $dig_cmd= 'dig +nocomments srv _gosad._tcp.'.$domain;
#
#    my $output= `$dig_cmd 2>&1`;
#    open (PIPE, "$dig_cmd 2>&1 |");
#    while(<PIPE>) {
#        chomp $_;
#        # If it's not a comment
#        if($_ =~ m/^[^;]/) {
#            my @matches= split /\s+/;
#
#            # Push hostname with port
#            if($matches[3] eq 'SRV') {
#                push @result, $matches[7].':'.$matches[6];
#            } elsif ($matches[3] eq 'A') {
#                my $i=0;
#
#                # Substitute the hostname with the ip address of the matching A record
#                foreach my $host (@result) {
#                    if ((split /\:/, $host)[0] eq $matches[0]) {
#                        $result[$i]= $matches[4].':'.(split /\:/, $host)[1];
#                    }
#                    $i++;
#                }
#            }
#        }
#    }
#    close(PIPE);
    return @result;
}


##===  FUNCTION  ================================================================
##         NAME:  create_ciphering
##   PARAMETERS:  passwd - string - used to create ciphering
##      RETURNS:  cipher - object
##  DESCRIPTION:  creates a Crypt::Rijndael::MODE_CBC object with passwd as key
##===============================================================================
#sub create_ciphering {
#    my ($passwd) = @_;
#    $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
#    my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
#
#    #daemon_log("iv: $iv", 7);
#    #daemon_log("key: $passwd", 7);
#    my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
#    $my_cipher->set_iv($iv);
#    return $my_cipher;
#}
#
#
#sub create_ciphering {
#    my ($passwd) = @_;
#    $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
#    my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
#    my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
#    $my_cipher->set_iv($iv);
#    return $my_cipher;
#}
#
#
#sub encrypt_msg {
#    my ($msg, $key) = @_;
#    my $my_cipher = &create_ciphering($key);
#    {
#      use bytes;
#      $msg = "\0"x(16-length($msg)%16).$msg;
#    }
#    $msg = $my_cipher->encrypt($msg);
#    chomp($msg = &encode_base64($msg));
#    # there are no newlines allowed inside msg
#    $msg=~ s/\n//g;
#    return $msg;
#}
#
#
#sub decrypt_msg {
#    my ($msg, $key) = @_ ;
#    $msg = &decode_base64($msg);
#    my $my_cipher = &create_ciphering($key);
#    $msg = $my_cipher->decrypt($msg); 
#    $msg =~ s/\0*//g;
#    return $msg;
#}


#===  FUNCTION  ================================================================
#         NAME:  send_msg_hash_to_target
#   PARAMETERS:  msg_hash - hash - xml_hash created with function create_xml_hash
#                PeerAddr string - socket address to send msg
#                PeerPort string - socket port, if not included in socket address
#      RETURNS:  nothing
#  DESCRIPTION:  ????
#===============================================================================
sub send_msg_hash_to_target {
    my ($msg_hash, $address, $encrypt_key) = @_ ;
    my $msg = &create_xml_string($msg_hash);
    my $header = @{$msg_hash->{'header'}}[0];
    my $error = &send_msg_to_target($msg, $address, $encrypt_key, $header);
    
    return $error;
}


sub send_msg_to_target {
    my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
    my $error = 0;

    if( $msg_header ) {
        $msg_header = "'$msg_header'-";
    }
    else {
        $msg_header = "";
    }

    # encrypt xml msg
    my $crypted_msg = &encrypt_msg($msg, $encrypt_key);

    # opensocket
    my $socket = &open_socket($address);
    if( !$socket ) {
        daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1);
        $error++;
    }
    
    if( $error == 0 ) {
        # send xml msg
        print $socket $crypted_msg."\n";

        daemon_log("send ".$msg_header."msg to $address", 1);
        daemon_log("message:\n$msg", 8);

    }

    # close socket in any case
    if( $socket ) {
        close $socket;
    }

    return $error;
}


sub write_to_file {
    my ($string, $file) = @_;
    my $error = 0;

    if( not defined $file || not -f $file ) {
        &main::daemon_log("ERROR: $0: check '-f file' failed: $file", 1);
        $error++;
    }
    if( not defined $string || 0 == length($string)) {
        &main::daemon_log("ERROR: $0: empty string to write to file '$file'", 1);
        $error++;
    }
    
    if( $error == 0 ) {

        chomp($string);
    
        open(FILE, ">> $file");
        print FILE $string."\n";
        close(FILE);
    }

    return;    
}


sub open_socket {
    my ($PeerAddr, $PeerPort) = @_ ;
    if(defined($PeerPort)){
        $PeerAddr = $PeerAddr.":".$PeerPort;
    }
    my $socket;
    $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
            Porto => "tcp",
            Type => SOCK_STREAM,
            Timeout => 5,
            );
    if(not defined $socket) {
        return;
    }
    &daemon_log("open_socket: $PeerAddr", 7);
    return $socket;
}


#===  FUNCTION  ================================================================
#         NAME:  register_at_server
#   PARAMETERS:  
#      RETURNS:  
#  DESCRIPTION:  
#===============================================================================
sub register_at_gosa_si_server {
    my ($kernel) = $_[KERNEL];

    if( not $REGISTERED ) {
        $try_to_register++;
        if( $try_to_register > 1 ) {
            &write_to_file("gosa-si-no-server-available", $fai_logpath);
        } 

        # create new passwd and ciphering object for client-server communication
        $server_key = &create_passwd();

        my $events = join( ", ", keys %{$event_hash} );

        while(1) {

            # fetch first gosa-si-server from @servers
            my $server = shift(@servers);

            # append shifted gosa-si-server at the end of @servers, so looking for servers never stop
            push( @servers, $server );
                
                        # Check if our ip is resolvable - if not: don't try to register
                        my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
                        my $resolver= Net::DNS::Resolver->new;
                        my $dnsresult= $resolver->search($ip);
                        my $dnsname="";
                        if(!defined($dnsresult)) {
                                &write_to_file("goto-error-dns:Could not resolve hostname for ip $ip", $fai_logpath);
                                exit(1);
                        } else {
                                $dnsname=$dnsresult->{answer}[0]->{ptrdname};
                        }

            # create registration msg
            my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
            my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
            my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server);
            &add_content2xml_hash($register_hash, "new_passwd", $server_key);
                        &add_content2xml_hash($register_hash, "mac_address", $local_mac);
            &add_content2xml_hash($register_hash, "events", $events);
            &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum);

            # send xml hash to server with general server passwd
            my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key);
                        if($res == 0) {
                                # Set fixed client address
                                $client_ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
                                $client_address= "$client_ip:$client_port";

                                # Write the MAC address to file
                                if(stat($opts_file)) {
                                        unlink($opts_file);
                                }
                                my $opts_file_FH;
                                open($opts_file_FH, ">$opts_file");
                                print $opts_file_FH "MAC=\"$local_mac\"\n";
                                print $opts_file_FH "IPADDRESS=\"$client_ip\"\n";
                                print $opts_file_FH "HOSTNAME=\"$dnsname\"\n";
                                close($opts_file_FH);
                                last;
                        } else {
                # wait 1 sec until trying to register again
                sleep(1);
                                next;
                        }
        }

        

        daemon_log("waiting for msg 'register_at_gosa_si_server'",1);
#        $kernel->delay_set('register_at_gosa_si_server', 180);
        $kernel->delay_set('register_at_gosa_si_server', 5);
        # clear old settings and set it again
        $kernel->delay_set('trigger_new_key', $server_key_lifetime);
    }
    return;
}
    

sub check_key_and_xml_validity {
    my ($crypted_msg, $module_key) = @_;
#print STDERR "crypted_msg:$crypted_msg\n";
#print STDERR "modul_key:$module_key\n";

    my $msg;
    my $msg_hash;
    eval{
        $msg = &decrypt_msg($crypted_msg, $module_key);
        &main::daemon_log("decrypted_msg: \n$msg", 8);

        $msg_hash = $xml->XMLin($msg, ForceArray=>1);

        # check header
        my $header_l = $msg_hash->{'header'};
        if( 1 != @{$header_l} ) {
            die 'no or more headers specified';
        }
        my $header = @{$header_l}[0];
        if( 0 == length $header) {
            die 'header has length 0';
        }

        # check source
        my $source_l = $msg_hash->{'source'};
        if( 1 != @{$source_l} ) {
            die 'no or more sources specified';
        }
        my $source = @{$source_l}[0];
        if( 0 == length $source) {
            die 'source has length 0';
        }

        # check target
        my $target_l = $msg_hash->{'target'};
        if( 1 != @{$target_l} ) {
            die 'no or more targets specified ';
        }
        my $target = @{$target_l}[0];
        if( 0 == length $target) {
            die 'target has length 0 ';
        }

    };
    if($@) {
        &main::daemon_log("WARNING: do not understand the message or msg is not gosa-si envelope conform:", 5);
        &main::daemon_log("$@", 8);
    }

    return ($msg, $msg_hash);
}


sub import_events {

    if (not -e $event_dir) {
        daemon_log("ERROR: cannot find directory or directory is not readable: $event_dir", 1);   
    }
    opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n";

    while (defined (my $event = readdir (DIR))) {
        if( $event eq "." || $event eq ".." ) { next; }    

        eval{ require $event; };
        if( $@ ) {
            daemon_log("ERROR: import of event module '$event' failed", 1);
            daemon_log("$@", 8);
            next;
        }

        $event =~ /(\S*?).pm$/;
        my $event_module = $1;
        my $events_l = eval( $1."::get_events()") ;
        foreach my $event_name (@{$events_l}) {
            $event_hash->{$event_name} = $event_module;
        }

    }
}

sub trigger_new_key {
    my ($kernel) = $_[KERNEL] ;   

    my $msg = "<xml><header>new_key</header><source>$client_address</source><target>$client_address</target></xml>";
    &send_msg_to_target($msg, $client_address, $server_key, 'new_key');

    $kernel->delay_set('trigger_new_key', $server_key_lifetime);

}


sub _start {
    my ($kernel) = $_[KERNEL];
    $kernel->alias_set('client_session');
    $kernel->yield('register_at_gosa_si_server');
}


sub server_input {
    my ($kernel, $heap, $input, $wheel) = @_[KERNEL, HEAP, ARG0, ARG1];
    my $error = 0;
    my $answer;
    
    daemon_log("Incoming msg:\n$input\n", 8);

    my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $server_key);
    if( (!$msg) || (!$msg_hash) ) {
        daemon_log("Deciphering of incoming msg failed", 5);
        $error++;
    }


    ######################
    # process incoming msg
    if( $error == 0 ) {
        my $header = @{$msg_hash->{header}}[0];
        my $source = @{$msg_hash->{source}}[0];

        if( exists $event_hash->{$header} ) {
            # a event exists with the header as name
            daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5);
            no strict 'refs';
            $answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash);
        }
        else {
            daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 1);
        }
    }

    ########
    # answer
    if( $answer ) {
        # preprocessing
        if( $answer =~ "<header>registered</header>") {
            # set registered flag to true to stop sending further registered msgs
            $REGISTERED = 1;
        } 
        else {
            &send_msg_to_target($answer, $server_address, $server_key);
        }
        # postprocessing
        if( $answer =~ "<header>new_key</header>") {
            # set new key to global variable
            $answer =~ /<new_key>(\S*?)<\/new_key>/;
            my $new_key = $1;
            $server_key = $new_key;
        }
    }

    return;
}

#==== MAIN = main ==============================================================
#  parse commandline options
Getopt::Long::Configure( "bundling" );
GetOptions("h|help" => \&usage,
           "c|config=s" => \$cfg_file,
           "f|foreground" => \$foreground,
           "v|verbose+" => \$verbose,
           );

#  read and set config parameters
&check_cmdline_param ;
&read_configfile($cfg_file, %cfg_defaults);
&check_pid;


# forward error messages to logfile
if ( ! $foreground ) {
        open STDIN, '/dev/null' or die "Can’t read /dev/null: $!";
        open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!";
        open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!";
}

# Just fork, if we are not in foreground mode
if( ! $foreground ) { 
    chdir '/'                 or die "Can't chdir to /: $!";
    $pid = fork;
    setsid                    or die "Can't start a new session: $!";
    umask 0;
} 
else { 
    $pid = $$; 
}

# Do something useful - put our PID into the pid_file
if( 0 != $pid ) {
    open( LOCK_FILE, ">$pid_file" );
    print LOCK_FILE "$pid\n";
    close( LOCK_FILE );
    if( !$foreground ) { 
        exit( 0 ) 
    };
}

daemon_log(" ", 1);
daemon_log("$0 started!", 1);

# delete old DBsqlite lock files
system('rm -f /tmp/gosa_si_lock*gosa-si-client*');

# detect ip and mac address and complete host address
$client_address = $client_ip.":".$client_port;
my $network_interface= &get_interface_for_ip($client_ip);
$client_mac_address= &get_mac($network_interface);
daemon_log("gosa-si-client ip address detected: $client_ip", 1);
daemon_log("gosa-si-client mac address detected: $client_mac_address", 1);


# import events
&import_events();


# compute hardware checksum
$gotoHardwareChecksum= &generate_hw_digest();
daemon_log("gosa-si-client gotoHardwareChecksum detected: $gotoHardwareChecksum", 1);


# create socket for incoming xml messages
POE::Component::Server::TCP->new(
    Alias => 'gosa-si-client',
        Port => $client_port,
        ClientInput => \&server_input,
);
daemon_log("start socket for incoming xml messages at port '$client_port' ", 1);


# prepare variables
if (defined $server_ip && defined $server_port) {
    $server_address = $server_ip.":".$server_port;
}
$xml = new XML::Simple();
$default_server_key = $server_key;


# add gosa-si-server address from config file at first position of server list
if (defined $server_address) {
    unshift(@servers, $server_address);
    my $servers_string = join(", ", @servers);
    daemon_log("found servers in configuration file: $servers_string", 5);
} 
else {
    if ( !$server_domain) {
        daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
        exit( 1 );
    }
    my @tmp_servers = &get_server_addresses($server_domain);
    foreach my $server (@tmp_servers) { 
        unshift(@servers, $server); 
    }
    my $servers_string = join(", ", @servers);
    daemon_log("found servers in DNS: $servers_string", 5);
}




POE::Session->create(
        inline_states => {
                _start => \&_start, 
        register_at_gosa_si_server => \&register_at_gosa_si_server,
        trigger_new_key => \&trigger_new_key,
        }
);

POE::Kernel->run();
exit;