9e18182a260f8d8356dba98045ec45c0395e6c85
1 #!/usr/bin/perl
2 #===============================================================================
3 #
4 # FILE: gosa-server
5 #
6 # USAGE: gosa-si-client
7 #
8 # DESCRIPTION:
9 #
10 # OPTIONS: ---
11 # REQUIREMENTS: libnetaddr-ip-perl
12 # BUGS: ---
13 # NOTES:
14 # AUTHOR: (Andreas Rettenberger), <rettenberger@gonicus.de>
15 # COMPANY:
16 # VERSION: 1.0
17 # CREATED: 12.09.2007 08:54:41 CEST
18 # REVISION: ---
19 #===============================================================================
21 use strict;
22 use warnings;
23 use Getopt::Long;
24 use Config::IniFiles;
25 use POSIX;
26 use Time::HiRes qw( gettimeofday );
28 use POE qw(Component::Server::TCP Wheel::FollowTail);
29 use IO::Socket::INET;
30 use NetAddr::IP;
31 use Data::Dumper;
32 use Crypt::Rijndael;
33 use GOSA::GosaSupportDaemon;
34 use Digest::MD5 qw(md5_hex md5 md5_base64);
35 use MIME::Base64;
36 use XML::Simple;
37 use Net::DNS;
38 use File::Basename;
40 my $event_dir = "/usr/lib/gosa-si/client/events";
41 use lib "/usr/lib/gosa-si/client/events";
43 my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $opts_file, $procid, $pid, $log_file, $fai_logpath);
44 my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain, $server_key_lifetime);
45 my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
46 my $xml;
47 my $default_server_key;
48 my $event_hash;
49 my @servers;
50 my $gotoHardwareChecksum;
51 my $gosa_si_client_fifo;
52 my %files_to_watch;
53 $verbose= 1;
55 # globalise variables which are used in imported events
56 our $cfg_file;
57 our $server_address;
58 our $client_address;
59 our $server_key;
61 # default variables
62 our $REGISTERED = 0;
64 # path to fifo for non-gosa-si-client messages to gosa-si-server
65 $gosa_si_client_fifo = "/var/run/gosa-si-client.socket";
66 %files_to_watch = (fifo => $gosa_si_client_fifo);
68 # in function register_at_gosa_si_server, after which period of seconds a new registration should be tried if a registration was
69 # not successful until now
70 my $delay_set_time = 5;
71 our $prg= basename($0);
73 %cfg_defaults = (
74 "general" =>
75 {"log-file" => [\$log_file, "/var/run/".$prg.".log"],
76 "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"],
77 "opts-file" => [\$opts_file, "/var/run/".$prg.".opts"],
78 },
79 "client" =>
80 {"port" => [\$client_port, "20083"],
81 "ip" => [\$client_ip, "0.0.0.0"],
82 "mac-address" => [\$client_mac_address, "00:00:00:00:00:00"],
83 "server-domain" => [\$server_domain, ""],
84 "ldap" => [\$ldap_enabled, 1],
85 "ldap-config" => [\$ldap_config, "/etc/ldap/ldap.conf"],
86 "pam-config" => [\$pam_config, "/etc/pam_ldap.conf"],
87 "nss-config" => [\$nss_config, "/etc/libnss_ldap.conf"],
88 "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"],
89 },
90 "server" => {
91 "ip" => [\$server_ip, "127.0.0.1"],
92 "port" => [\$server_port, "20081"],
93 "key" => [\$server_key, ""],
94 "timeout" => [\$server_timeout, 10],
95 "key-lifetime" => [\$server_key_lifetime, 600],
96 },
98 );
101 #=== FUNCTIONS = functions =====================================================
103 #=== FUNCTION ================================================================
104 # NAME: check_cmdline_param
105 # PARAMETERS:
106 # RETURNS:
107 # DESCRIPTION:
108 #===============================================================================
109 sub check_cmdline_param () {
110 my $err_config;
111 my $err_counter = 0;
112 if(not defined($cfg_file)) {
113 $cfg_file = "/etc/gosa-si/client.conf";
114 if(! -r $cfg_file) {
115 $err_config = "please specify a config file";
116 $err_counter += 1;
117 }
118 }
119 if( $err_counter > 0 ) {
120 &usage( "", 1 );
121 if( defined( $err_config)) { print STDERR "$err_config\n"}
122 print STDERR "\n";
123 exit( -1 );
124 }
125 }
128 #=== FUNCTION ================================================================
129 # NAME: read_configfile
130 # PARAMETERS: cfg_file - string -
131 # RETURNS:
132 # DESCRIPTION:
133 #===============================================================================
134 sub read_configfile {
135 my ($cfg_file, %cfg_defaults) = @_ ;
136 my $cfg;
137 if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
138 if( -r $cfg_file ) {
139 $cfg = Config::IniFiles->new( -file => $cfg_file );
140 } else {
141 print STDERR "Couldn't read config file!";
142 }
143 } else {
144 $cfg = Config::IniFiles->new() ;
145 }
146 foreach my $section (keys %cfg_defaults) {
147 foreach my $param (keys %{$cfg_defaults{ $section }}) {
148 my $pinfo = $cfg_defaults{ $section }{ $param };
149 ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
150 }
151 }
152 }
155 #=== FUNCTION ================================================================
156 # NAME: check_pid
157 # PARAMETERS:
158 # RETURNS:
159 # DESCRIPTION:
160 #===============================================================================
161 sub check_pid {
162 $pid = -1;
163 # Check, if we are already running
164 if( open(LOCK_FILE, "<$pid_file") ) {
165 $pid = <LOCK_FILE>;
166 if( defined $pid ) {
167 chomp( $pid );
168 if( -f "/proc/$pid/stat" ) {
169 my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
170 if( $0 eq $stat ) {
171 close( LOCK_FILE );
172 exit -1;
173 }
174 }
175 }
176 close( LOCK_FILE );
177 unlink( $pid_file );
178 }
180 # create a syslog msg if it is not to possible to open PID file
181 if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
182 my($msg) = "Couldn't obtain lockfile '$pid_file' ";
183 if (open(LOCK_FILE, '<', $pid_file)
184 && ($pid = <LOCK_FILE>))
185 {
186 chomp($pid);
187 $msg .= "(PID $pid)\n";
188 } else {
189 $msg .= "(unable to read PID)\n";
190 }
191 if( ! ($foreground) ) {
192 openlog( $0, "cons,pid", "daemon" );
193 syslog( "warning", $msg );
194 closelog();
195 }
196 else {
197 print( STDERR " $msg " );
198 }
199 exit( -1 );
200 }
201 }
204 #=== FUNCTION ================================================================
205 # NAME: logging
206 # PARAMETERS: level - string - default 'info'
207 # msg - string -
208 # facility - string - default 'LOG_DAEMON'
209 # RETURNS:
210 # DESCRIPTION:
211 #===============================================================================
212 sub daemon_log {
213 # log into log_file
214 my( $msg, $level ) = @_;
215 if(not defined $msg) { return }
216 if(not defined $level) { $level = 1 }
217 if(defined $log_file){
218 open(LOG_HANDLE, ">>$log_file");
219 if(not defined open( LOG_HANDLE, ">>$log_file" )) {
220 print STDERR "cannot open $log_file: $!";
221 return }
222 chomp($msg);
223 if($level <= $verbose){
224 my ($seconds, $minutes, $hours, $monthday, $month,
225 $year, $weekday, $yearday, $sommertime) = localtime(time);
226 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
227 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
228 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
229 my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
230 $month = $monthnames[$month];
231 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
232 $year+=1900;
234 my $log_msg = "$month $monthday $hours:$minutes:$seconds $prg $msg\n";
235 print LOG_HANDLE $log_msg;
236 if( $foreground ) {
237 print STDERR $log_msg;
238 }
239 }
240 close( LOG_HANDLE );
241 }
242 #log into syslog
243 # my ($msg, $level, $facility) = @_;
244 # if(not defined $msg) {return}
245 # if(not defined $level) {$level = "info"}
246 # if(not defined $facility) {$facility = "LOG_DAEMON"}
247 # openlog($0, "pid,cons,", $facility);
248 # syslog($level, $msg);
249 # closelog;
250 # return;
251 }
254 #=== FUNCTION ================================================================
255 # NAME: get_interfaces
256 # PARAMETERS: none
257 # RETURNS: (list of interfaces)
258 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
259 #===============================================================================
260 sub get_interfaces {
261 my @result;
262 my $PROC_NET_DEV= ('/proc/net/dev');
264 open(PROC_NET_DEV, "<$PROC_NET_DEV")
265 or die "Could not open $PROC_NET_DEV";
267 my @ifs = <PROC_NET_DEV>;
269 close(PROC_NET_DEV);
271 # Eat first two line
272 shift @ifs;
273 shift @ifs;
275 chomp @ifs;
276 foreach my $line(@ifs) {
277 my $if= (split /:/, $line)[0];
278 $if =~ s/^\s+//;
279 push @result, $if;
280 }
282 return @result;
283 }
285 #=== FUNCTION ================================================================
286 # NAME: get_mac
287 # PARAMETERS: interface name (i.e. eth0)
288 # RETURNS: (mac address)
289 # DESCRIPTION: Uses ioctl to get mac address directly from system.
290 #===============================================================================
291 sub get_mac {
292 my $ifreq= shift;
293 my $result;
294 if ($ifreq && length($ifreq) > 0) {
295 if($ifreq eq "all") {
296 if(defined($server_ip)) {
297 $result = &get_local_mac_for_remote_ip($server_ip);
298 }
299 elsif ($client_mac_address && length($client_mac_address) > 0 && !($client_mac_address eq "00:00:00:00:00:00")){
300 $result = &client_mac_address;
301 }
302 else {
303 $result = "00:00:00:00:00:00";
304 }
305 } else {
306 my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list
308 # A configured MAC Address should always override a guessed value
309 if ($client_mac_address and length($client_mac_address) > 0 and not($client_mac_address eq "00:00:00:00:00:00")) {
310 $result= $client_mac_address;
311 }
312 else {
313 socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
314 or die "socket: $!";
316 if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
317 my ($if, $mac)= unpack 'h36 H12', $ifreq;
319 if (length($mac) > 0) {
320 $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
321 $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
322 $result = $mac;
323 }
324 }
325 }
326 }
327 }
328 return $result;
329 }
332 #=== FUNCTION ================================================================
333 # NAME: get_interface_for_ip
334 # PARAMETERS: ip address (i.e. 192.168.0.1)
335 # RETURNS: array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else
336 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
337 #===============================================================================
338 sub get_interface_for_ip {
339 my $result;
340 my $ip= shift;
341 if ($ip && length($ip) > 0) {
342 my @ifs= &get_interfaces();
343 if($ip eq "0.0.0.0") {
344 $result = "all";
345 } else {
346 foreach (@ifs) {
347 my $if=$_;
348 if(get_ip($if) eq $ip) {
349 $result = $if;
350 last;
351 }
352 }
353 }
354 }
355 return $result;
356 }
359 #=== FUNCTION ================================================================
360 # NAME: get_ip
361 # PARAMETERS: interface name (i.e. eth0)
362 # RETURNS: (ip address)
363 # DESCRIPTION: Uses ioctl to get ip address directly from system.
364 #===============================================================================
365 sub get_ip {
366 my $ifreq= shift;
367 my $result= "";
368 my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
369 my $proto= getprotobyname('ip');
371 socket SOCKET, PF_INET, SOCK_DGRAM, $proto
372 or die "socket: $!";
374 if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
375 my ($if, $sin) = unpack 'a16 a16', $ifreq;
376 my ($port, $addr) = sockaddr_in $sin;
377 my $ip = inet_ntoa $addr;
379 if ($ip && length($ip) > 0) {
380 $result = $ip;
381 }
382 }
384 return $result;
385 }
388 #=== FUNCTION ================================================================
389 # NAME: get_local_mac_for_remote_ip
390 # PARAMETERS: none (takes server_ip from global variable)
391 # RETURNS: (ip address from interface that is used for communication)
392 # DESCRIPTION: Uses ioctl to get routing table from system, checks which entry
393 # matches (defaultroute last).
394 #===============================================================================
395 sub get_local_mac_for_remote_ip {
396 my $server_ip= shift;
397 my $result= "00:00:00:00:00:00";
399 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
400 my $PROC_NET_ROUTE= ('/proc/net/route');
402 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
403 or die "Could not open $PROC_NET_ROUTE";
405 my @ifs = <PROC_NET_ROUTE>;
407 close(PROC_NET_ROUTE);
409 # Eat header line
410 shift @ifs;
411 chomp @ifs;
412 foreach my $line(@ifs) {
413 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
414 my $destination;
415 my $mask;
416 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
417 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
418 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
419 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
420 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
421 # destination matches route, save mac and exit
422 $result= &get_mac($Iface);
423 last;
424 }
425 }
426 } else {
427 daemon_log("get_local_mac_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
428 }
429 return $result;
430 }
432 sub get_local_ip_for_remote_ip {
433 my $server_ip= shift;
434 my $result="0.0.0.0";
436 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
437 if($server_ip eq "127.0.0.1") {
438 $result="127.0.0.1";
439 } else {
440 my $PROC_NET_ROUTE= ('/proc/net/route');
442 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
443 or die "Could not open $PROC_NET_ROUTE";
445 my @ifs = <PROC_NET_ROUTE>;
447 close(PROC_NET_ROUTE);
449 # Eat header line
450 shift @ifs;
451 chomp @ifs;
452 foreach my $line(@ifs) {
453 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
454 my $destination;
455 my $mask;
456 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
457 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
458 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
459 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
460 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
461 # destination matches route, save mac and exit
462 $result= &get_ip($Iface);
463 last;
464 }
465 }
466 }
467 } else {
468 daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
469 }
470 return $result;
471 }
473 sub new_ldap_config {
474 my ($msg_hash) = @_ ;
475 my $element;
476 my @ldap_uris;
477 my $ldap_base;
478 my @ldap_options;
479 my @pam_options;
480 my @nss_options;
481 my $goto_admin;
482 my $goto_secret;
483 my $admin_base= "";
484 my $department= "";
485 my $release= "";
486 my $unit_tag;
488 # Transform input into array
489 while ( my ($key, $value) = each(%$msg_hash) ) {
490 if ($key =~ /^(source|target|header)$/) {
491 next;
492 }
494 foreach $element (@$value) {
495 if ($key =~ /^ldap_uri$/) {
496 push (@ldap_uris, $element);
497 next;
498 }
499 if ($key =~ /^ldap_base$/) {
500 $ldap_base= $element;
501 next;
502 }
503 if ($key =~ /^goto_admin$/) {
504 $goto_admin= $element;
505 next;
506 }
507 if ($key =~ /^goto_secret$/) {
508 $goto_secret= $element;
509 next;
510 }
511 if ($key =~ /^ldap_cfg$/) {
512 push (@ldap_options, "$element");
513 next;
514 }
515 if ($key =~ /^pam_cfg$/) {
516 push (@pam_options, "$element");
517 next;
518 }
519 if ($key =~ /^nss_cfg$/) {
520 push (@nss_options, "$element");
521 next;
522 }
523 if ($key =~ /^admin_base$/) {
524 $admin_base= $element;
525 next;
526 }
527 if ($key =~ /^department$/) {
528 $department= $element;
529 next;
530 }
531 if ($key =~ /^unit_tag$/) {
532 $unit_tag= $element;
533 next;
534 }
535 if ($key =~ /^release$/) {
536 $release= $element;
537 next;
538 }
539 }
540 }
542 # Unit tagging enabled?
543 if (defined $unit_tag){
544 push (@pam_options, "pam_filter gosaUnitTag=$unit_tag");
545 push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag");
546 push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag");
547 }
549 # Setup ldap.conf
550 my $file1;
551 my $file2;
552 open(file1, "> $ldap_config");
553 print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
554 print file1 "URI";
555 foreach $element (@ldap_uris) {
556 print file1 " $element";
557 }
558 print file1 "\nBASE $ldap_base\n";
559 foreach $element (@ldap_options) {
560 print file1 "$element\n";
561 }
562 close (file1);
563 daemon_log("wrote $ldap_config", 5);
565 # Setup pam_ldap.conf / libnss_ldap.conf
566 open(file1, "> $pam_config");
567 open(file2, "> $nss_config");
568 print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
569 print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n";
570 print file1 "uri";
571 print file2 "uri";
572 foreach $element (@ldap_uris) {
573 print file1 " $element";
574 print file2 " $element";
575 }
576 print file1 "\nbase $ldap_base\n";
577 print file2 "\nbase $ldap_base\n";
578 foreach $element (@pam_options) {
579 print file1 "$element\n";
580 }
581 foreach $element (@nss_options) {
582 print file2 "$element\n";
583 }
584 close (file2);
585 daemon_log("wrote $nss_config", 5);
586 close (file1);
587 daemon_log("wrote $pam_config", 5);
589 # Create goto.secrets if told so - for compatibility reasons
590 if (defined $goto_admin){
591 open(file1, "> /etc/goto/secret");
592 close(file1);
593 chown(0,0, "/etc/goto/secret");
594 chmod(0600, "/etc/goto/secret");
595 open(file1, "> /etc/goto/secret");
596 print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n";
597 close(file1);
598 daemon_log("wrote /etc/goto/secret", 5);
599 }
601 # Write shell based config
602 my $cfg_name= dirname($ldap_config)."/ldap-shell.conf";
604 # Get first LDAP server
605 my $ldap_server= $ldap_uris[0];
606 $ldap_server=~ s/^ldap:\/\/([^:]+).*$/$1/;
608 open(file1, "> $cfg_name");
609 print file1 "LDAP_BASE=\"$ldap_base\"\n";
610 print file1 "LDAP_SERVER=\"$ldap_server\"\n";
611 print file1 "ADMIN_BASE=\"$admin_base\"\n";
612 print file1 "DEPARTMENT=\"$department\"\n";
613 print file1 "RELEASE=\"$release\"\n";
614 print file1 "UNIT_TAG=\"".(defined $unit_tag ? "$unit_tag" : "")."\"\n";
615 print file1 "UNIT_TAG_FILTER=\"".(defined $unit_tag ? "(gosaUnitTag=$unit_tag)" : "")."\"\n";
616 close(file1);
617 daemon_log("wrote $cfg_name", 5);
619 return;
621 }
624 sub generate_hw_digest {
625 my $hw_data;
626 foreach my $line (split /\n/, `cat /proc/bus/pci/devices`) {
627 $hw_data.= sprintf "%s", $line =~ /[^\s]+\s([^\s]+)\s.*/;
628 }
629 return(md5_base64($hw_data));
630 }
633 sub create_passwd {
634 my $new_passwd = "";
635 for(my $i=0; $i<31; $i++) {
636 $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))]
637 }
639 return $new_passwd;
640 }
643 sub create_ciphering {
644 my ($passwd) = @_;
645 if((!defined($passwd)) || length($passwd)==0) {
646 $passwd = "";
647 }
648 $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
649 my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
650 my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
651 $my_cipher->set_iv($iv);
652 return $my_cipher;
653 }
656 sub encrypt_msg {
657 my ($msg, $key) = @_;
658 my $my_cipher = &create_ciphering($key);
659 {
660 use bytes;
661 $msg = "\0"x(16-length($msg)%16).$msg;
662 }
663 $msg = $my_cipher->encrypt($msg);
664 chomp($msg = &encode_base64($msg));
665 # there are no newlines allowed inside msg
666 $msg=~ s/\n//g;
667 return $msg;
668 }
671 sub decrypt_msg {
673 my ($msg, $key) = @_ ;
674 $msg = &decode_base64($msg);
675 my $my_cipher = &create_ciphering($key);
676 $msg = $my_cipher->decrypt($msg);
677 $msg =~ s/\0*//g;
678 return $msg;
679 }
682 sub get_server_addresses {
683 my $domain= shift;
684 my @result;
686 my $error = 0;
687 my $res = Net::DNS::Resolver->new;
688 my $query = $res->send("_gosa-si._tcp.".$domain, "SRV");
689 my @hits;
691 if ($query) {
692 foreach my $rr ($query->answer) {
693 push(@hits, $rr->target.":".$rr->port);
694 }
695 }
696 else {
697 #warn "query failed: ", $res->errorstring, "\n";
698 $error++;
699 }
701 if( $error == 0 ) {
702 foreach my $hit (@hits) {
703 my ($hit_name, $hit_port) = split(/:/, $hit);
705 my $address_query = $res->send($hit_name);
706 if( 1 == length($address_query->answer) ) {
707 foreach my $rr ($address_query->answer) {
708 push(@result, $rr->address.":".$hit_port);
709 }
710 }
711 }
712 }
714 # my $dig_cmd= 'dig +nocomments srv _gosa-si._tcp.'.$domain;
715 #
716 # my $output= `$dig_cmd 2>&1`;
717 # open (PIPE, "$dig_cmd 2>&1 |");
718 # while(<PIPE>) {
719 # chomp $_;
720 # # If it's not a comment
721 # if($_ =~ m/^[^;]/) {
722 # my @matches= split /\s+/;
723 #
724 # # Push hostname with port
725 # if($matches[3] eq 'SRV') {
726 # push @result, $matches[7].':'.$matches[6];
727 # } elsif ($matches[3] eq 'A') {
728 # my $i=0;
729 #
730 # # Substitute the hostname with the ip address of the matching A record
731 # foreach my $host (@result) {
732 # if ((split /\:/, $host)[0] eq $matches[0]) {
733 # $result[$i]= $matches[4].':'.(split /\:/, $host)[1];
734 # }
735 # $i++;
736 # }
737 # }
738 # }
739 # }
740 # close(PIPE);
741 return @result;
742 }
745 ##=== FUNCTION ================================================================
746 ## NAME: create_ciphering
747 ## PARAMETERS: passwd - string - used to create ciphering
748 ## RETURNS: cipher - object
749 ## DESCRIPTION: creates a Crypt::Rijndael::MODE_CBC object with passwd as key
750 ##===============================================================================
751 #sub create_ciphering {
752 # my ($passwd) = @_;
753 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
754 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
755 #
756 # #daemon_log("iv: $iv", 7);
757 # #daemon_log("key: $passwd", 7);
758 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
759 # $my_cipher->set_iv($iv);
760 # return $my_cipher;
761 #}
762 #
763 #
764 #sub create_ciphering {
765 # my ($passwd) = @_;
766 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
767 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
768 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
769 # $my_cipher->set_iv($iv);
770 # return $my_cipher;
771 #}
772 #
773 #
774 #sub encrypt_msg {
775 # my ($msg, $key) = @_;
776 # my $my_cipher = &create_ciphering($key);
777 # {
778 # use bytes;
779 # $msg = "\0"x(16-length($msg)%16).$msg;
780 # }
781 # $msg = $my_cipher->encrypt($msg);
782 # chomp($msg = &encode_base64($msg));
783 # # there are no newlines allowed inside msg
784 # $msg=~ s/\n//g;
785 # return $msg;
786 #}
787 #
788 #
789 #sub decrypt_msg {
790 # my ($msg, $key) = @_ ;
791 # $msg = &decode_base64($msg);
792 # my $my_cipher = &create_ciphering($key);
793 # $msg = $my_cipher->decrypt($msg);
794 # $msg =~ s/\0*//g;
795 # return $msg;
796 #}
799 #=== FUNCTION ================================================================
800 # NAME: send_msg_hash_to_target
801 # PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash
802 # PeerAddr string - socket address to send msg
803 # PeerPort string - socket port, if not included in socket address
804 # RETURNS: nothing
805 # DESCRIPTION: ????
806 #===============================================================================
807 sub send_msg_hash_to_target {
808 my ($msg_hash, $address, $encrypt_key) = @_ ;
809 my $msg = &create_xml_string($msg_hash);
810 my $header = @{$msg_hash->{'header'}}[0];
811 my $error = &send_msg_to_target($msg, $address, $encrypt_key, $header);
813 return $error;
814 }
817 sub send_msg_to_target {
818 my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
819 my $error = 0;
821 if( $msg_header ) {
822 $msg_header = "'$msg_header'-";
823 }
824 else {
825 $msg_header = "";
826 }
828 # encrypt xml msg
829 my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
831 # opensocket
832 my $socket = &open_socket($address);
833 if( !$socket ) {
834 daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1);
835 $error++;
836 }
838 if( $error == 0 ) {
839 # send xml msg
840 print $socket $crypted_msg."\n";
842 daemon_log("send ".$msg_header."msg to $address", 1);
843 daemon_log("message:\n$msg", 8);
845 }
847 # close socket in any case
848 if( $socket ) {
849 close $socket;
850 }
852 return $error;
853 }
856 sub write_to_file {
857 my ($string, $file) = @_;
858 my $error = 0;
860 if( not defined $file || not -f $file ) {
861 &main::daemon_log("ERROR: $prg: check '-f file' failed: $file", 1);
862 $error++;
863 }
864 if( not defined $string || 0 == length($string)) {
865 &main::daemon_log("ERROR: $prg: empty string to write to file '$file'", 1);
866 $error++;
867 }
869 if( $error == 0 ) {
871 chomp($string);
873 open(FILE, ">> $file");
874 print FILE $string."\n";
875 close(FILE);
876 }
878 return;
879 }
882 sub open_socket {
883 my ($PeerAddr, $PeerPort) = @_ ;
884 if(defined($PeerPort)){
885 $PeerAddr = $PeerAddr.":".$PeerPort;
886 }
887 my $socket;
888 $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
889 Porto => "tcp",
890 Type => SOCK_STREAM,
891 Timeout => 5,
892 );
893 if(not defined $socket) {
894 return;
895 }
896 &daemon_log("open_socket: $PeerAddr", 7);
897 return $socket;
898 }
901 #=== FUNCTION ================================================================
902 # NAME: register_at_server
903 # PARAMETERS:
904 # RETURNS:
905 # DESCRIPTION:
906 #===============================================================================
907 sub register_at_gosa_si_server {
908 my ($kernel) = $_[KERNEL];
909 my $try_to_register = 0;
911 if( not $REGISTERED ) {
912 # create new passwd and ciphering object for client-server communication
913 $server_key = &create_passwd();
915 my $events = join( ", ", keys %{$event_hash} );
916 while(1) {
918 if( $try_to_register >= @servers ) {
919 last;
920 }
922 # fetch first gosa-si-server from @servers
923 my $server = shift(@servers);
925 # append shifted gosa-si-server at the end of @servers, so looking for servers never stop if
926 # a registration never occured
927 push( @servers, $server );
929 # Check if our ip is resolvable - if not: don't try to register
930 my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
931 my $resolver= Net::DNS::Resolver->new;
932 my $dnsresult= $resolver->search($ip);
933 my $dnsname="";
934 if(!defined($dnsresult)) {
935 &write_to_file("goto-error-dns:$ip", $fai_logpath);
936 exit(1);
937 } else {
938 $dnsname=$dnsresult->{answer}[0]->{ptrdname};
939 }
941 # create registration msg
942 my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
943 my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
944 my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server);
945 &add_content2xml_hash($register_hash, "new_passwd", $server_key);
946 &add_content2xml_hash($register_hash, "mac_address", $local_mac);
947 &add_content2xml_hash($register_hash, "events", $events);
948 &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum);
950 # send xml hash to server with general server passwd
951 my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key);
952 if($res == 0) {
953 # reset try_to_register
954 $try_to_register = 0;
956 # Set fixed client address
957 $client_ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
958 $client_address= "$client_ip:$client_port";
960 # Write the MAC address to file
961 if(stat($opts_file)) {
962 unlink($opts_file);
963 }
964 my $opts_file_FH;
965 my $hostname= $dnsname;
966 $hostname =~ s/\..*$//;
967 open($opts_file_FH, ">$opts_file");
968 print $opts_file_FH "MAC=\"$local_mac\"\n";
969 print $opts_file_FH "IPADDRESS=\"$client_ip\"\n";
970 print $opts_file_FH "HOSTNAME=\"$hostname\"\n";
971 print $opts_file_FH "FQDN=\"$dnsname\"\n";
972 close($opts_file_FH);
973 last;
974 } else {
975 $try_to_register++;
976 # wait 1 sec until trying to register again
977 sleep(1);
978 next;
979 }
980 }
982 if( $try_to_register >= @servers ) {
983 &write_to_file("gosa-si-no-server-available", $fai_logpath);
984 $kernel->delay_set('register_at_gosa_si_server', $delay_set_time);
985 }
986 else {
987 daemon_log("waiting for msg 'register_at_gosa_si_server'",1);
988 $kernel->delay_set('register_at_gosa_si_server', $delay_set_time);
989 # clear old settings and set it again
990 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
991 }
992 }
993 return;
994 }
997 sub check_key_and_xml_validity {
998 my ($crypted_msg, $module_key) = @_;
999 #print STDERR "crypted_msg:$crypted_msg\n";
1000 #print STDERR "modul_key:$module_key\n";
1002 my $msg;
1003 my $msg_hash;
1004 eval{
1005 $msg = &decrypt_msg($crypted_msg, $module_key);
1006 &main::daemon_log("decrypted_msg: \n$msg", 8);
1008 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
1010 ##############
1011 # check header
1012 my $header_l = $msg_hash->{'header'};
1013 if( 1 != @{$header_l} ) {
1014 die 'no or more headers specified';
1015 }
1016 my $header = @{$header_l}[0];
1017 if( 0 == length $header) {
1018 die 'header has length 0';
1019 }
1021 ##############
1022 # check source
1023 my $source_l = $msg_hash->{'source'};
1024 if( 1 != @{$source_l} ) {
1025 die 'no or more than 1 sources specified';
1026 }
1027 my $source = @{$source_l}[0];
1028 if( 0 == length $source) {
1029 die 'source has length 0';
1030 }
1031 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) {
1032 die "source '$source' is neither a complete ip-address with port nor 'GOSA'";
1033 }
1035 ##############
1036 # check target
1037 my $target_l = $msg_hash->{'target'};
1038 if( 1 != @{$target_l} ) {
1039 die 'no or more than 1 targets specified ';
1040 }
1041 my $target = @{$target_l}[0];
1042 if( 0 == length $target) {
1043 die 'target has length 0 ';
1044 }
1045 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ){
1046 die "source is neither a complete ip-address with port nor 'GOSA'";
1047 }
1048 };
1049 if($@) {
1050 &main::daemon_log("WARNING: do not understand the message or msg is not gosa-si envelope conform:", 5);
1051 &main::daemon_log("$@", 8);
1052 $msg = undef;
1053 $msg_hash = undef;
1054 }
1056 return ($msg, $msg_hash);
1057 }
1060 sub check_outgoing_xml_validity {
1061 my ($msg) = @_;
1063 my $msg_hash;
1064 eval{
1065 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
1067 ##############
1068 # check header
1069 my $header_l = $msg_hash->{'header'};
1070 if( 1 != @{$header_l} ) {
1071 die 'no or more than one headers specified';
1072 }
1073 my $header = @{$header_l}[0];
1074 if( 0 == length $header) {
1075 die 'header has length 0';
1076 }
1078 ##############
1079 # check source
1080 my $source_l = $msg_hash->{'source'};
1081 if( 1 != @{$source_l} ) {
1082 die 'no or more than 1 sources specified';
1083 }
1084 my $source = @{$source_l}[0];
1085 if( 0 == length $source) {
1086 die 'source has length 0';
1087 }
1088 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
1089 $source =~ /^GOSA$/i ) {
1090 die "source '$source' is neither a complete ip-address with port";
1091 }
1093 ##############
1094 # check target
1095 my $target_l = $msg_hash->{'target'};
1096 if( 1 != @{$target_l} ) {
1097 die "no or more than one targets specified";
1098 }
1099 foreach my $target (@$target_l) {
1100 if( 0 == length $target) {
1101 die "target has length 0";
1102 }
1103 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) {
1104 die "target '$target' is not a complete ip-address with port or a valid target name";
1105 }
1106 }
1107 };
1108 if($@) {
1109 daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5);
1110 daemon_log("$@ $msg", 8);
1111 $msg_hash = undef;
1112 }
1113 return ($msg_hash);
1114 }
1117 sub import_events {
1119 if (not -e $event_dir) {
1120 daemon_log("ERROR: cannot find directory or directory is not readable: $event_dir", 1);
1121 }
1122 opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n";
1124 while (defined (my $event = readdir (DIR))) {
1125 if( $event eq "." || $event eq ".." ) { next; }
1127 eval{ require $event; };
1128 if( $@ ) {
1129 daemon_log("ERROR: import of event module '$event' failed", 1);
1130 daemon_log("$@", 8);
1131 next;
1132 }
1134 $event =~ /(\S*?).pm$/;
1135 my $event_module = $1;
1136 my $events_l = eval( $1."::get_events()") ;
1137 foreach my $event_name (@{$events_l}) {
1138 $event_hash->{$event_name} = $event_module;
1139 }
1141 }
1143 my @all_events = keys %$event_hash;
1144 my $all_events_string = join(", ", @all_events);
1146 daemon_log("INFO: imported events: $all_events_string", 5);
1147 }
1149 sub trigger_new_key {
1150 my ($kernel) = $_[KERNEL] ;
1152 my $msg = "<xml><header>new_key</header><source>$client_address</source><target>$client_address</target></xml>";
1153 &send_msg_to_target($msg, $client_address, $server_key, 'new_key');
1155 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
1157 }
1160 sub generic_file_reset {
1161 my ( $heap, $wheel_id ) = @_[ HEAP, ARG0 ];
1163 my $service = $heap->{services}->{$wheel_id};
1164 daemon_log("INFO: '$service' watching reset", 5);
1165 return;
1166 }
1168 sub generic_file_error {
1169 my ( $heap, $operation, $errno, $error_string, $wheel_id ) =
1170 @_[ HEAP, ARG0, ARG1, ARG2, ARG3 ];
1172 my $service = $heap->{services}->{$wheel_id};
1173 daemon_log("ERROR: '$service' watcher $operation error $errno: $error_string", 1);
1174 daemon_log("ERROR: shutting down '$service' file watcher", 1);
1176 delete $heap->{services}->{$wheel_id};
1177 delete $heap->{watchers}->{$wheel_id};
1178 return;
1179 }
1181 sub fifo_got_record {
1182 my $file_record = $_[ARG0];
1183 my $header;
1184 my $content = "";
1186 $file_record =~ /^(\S+)[ ]?([\s\S]+)?$/;
1187 if( defined $1 ) {
1188 $header = $1;
1189 } else {
1190 return;
1191 }
1193 if( defined $2 ) {
1194 $content = $2;
1195 }
1197 my $clmsg_hash = &create_xml_hash("CLMSG_$header", $client_address, $server_address, $content);
1198 &add_content2xml_hash($clmsg_hash, "macaddress", $client_mac_address);
1199 my $clmsg = &create_xml_string($clmsg_hash);
1200 &send_msg_to_target($clmsg, $server_address, $server_key);
1201 return;
1202 }
1205 sub _start {
1206 my ($kernel, $heap) = @_[KERNEL, HEAP];
1207 $kernel->alias_set('client_session');
1209 # force a registration at a gosa-si-server
1210 $kernel->yield('register_at_gosa_si_server');
1212 # install all file watcher defined
1213 while( my($file_name, $file) = each %files_to_watch ) {
1214 my $file_watcher = POE::Wheel::FollowTail->new(
1215 Filename => $file,
1216 InputEvent => $file_name."_record",
1217 ResetEvent => "file_reset",
1218 ErrorEvent => "file_error",
1219 );
1220 $heap->{services}->{ $file_watcher->ID } = $file_name;
1221 $heap->{watchers}->{ $file_watcher->ID } = $file_watcher;
1222 }
1223 }
1226 sub server_input {
1227 my ($kernel, $heap, $input, $wheel) = @_[KERNEL, HEAP, ARG0, ARG1];
1228 my $error = 0;
1229 my $answer;
1231 daemon_log("Incoming msg:\n$input\n", 8);
1233 my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $server_key);
1234 if( (!$msg) || (!$msg_hash) ) {
1235 daemon_log("Deciphering of incoming msg failed", 5);
1236 $error++;
1237 }
1240 ######################
1241 # process incoming msg
1242 if( $error == 0 ) {
1243 my $header = @{$msg_hash->{header}}[0];
1244 my $source = @{$msg_hash->{source}}[0];
1246 if( exists $event_hash->{$header} ) {
1247 # a event exists with the header as name
1248 daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5);
1249 no strict 'refs';
1250 $answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash);
1251 }
1252 else {
1253 daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 1);
1254 }
1255 }
1257 ########
1258 # answer
1259 if( $answer ) {
1261 #check gosa-si envelope validity
1262 my $answer_hash = &check_outgoing_xml_validity($answer);
1264 if( $answer_hash ) {
1265 # answer is valid
1267 # preprocessing
1268 if( $answer =~ "<header>registered</header>") {
1269 # set registered flag to true to stop sending further registered msgs
1270 $REGISTERED = 1;
1271 }
1272 else {
1273 &send_msg_to_target($answer, $server_address, $server_key);
1274 }
1276 # postprocessing
1277 if( $answer =~ "<header>new_key</header>") {
1278 # set new key to global variable
1279 $answer =~ /<new_key>(\S*?)<\/new_key>/;
1280 my $new_key = $1;
1281 $server_key = $new_key;
1282 }
1283 }
1285 }
1287 return;
1288 }
1290 #==== MAIN = main ==============================================================
1291 # parse commandline options
1292 Getopt::Long::Configure( "bundling" );
1293 GetOptions("h|help" => \&usage,
1294 "c|config=s" => \$cfg_file,
1295 "f|foreground" => \$foreground,
1296 "v|verbose+" => \$verbose,
1297 );
1299 # read and set config parameters
1300 &check_cmdline_param ;
1301 &read_configfile($cfg_file, %cfg_defaults);
1302 &check_pid;
1305 # forward error messages to logfile
1306 if ( ! $foreground ) {
1307 open STDIN, '/dev/null' or die "Can’t read /dev/null: $!";
1308 open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!";
1309 open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!";
1310 }
1312 # Just fork, if we are not in foreground mode
1313 if( ! $foreground ) {
1314 chdir '/' or die "Can't chdir to /: $!";
1315 $pid = fork;
1316 setsid or die "Can't start a new session: $!";
1317 umask 0;
1318 }
1319 else {
1320 $pid = $$;
1321 }
1323 # Do something useful - put our PID into the pid_file
1324 if( 0 != $pid ) {
1325 open( LOCK_FILE, ">$pid_file" );
1326 print LOCK_FILE "$pid\n";
1327 close( LOCK_FILE );
1328 if( !$foreground ) {
1329 exit( 0 )
1330 };
1331 }
1333 daemon_log(" ", 1);
1334 daemon_log("$prg started!", 1);
1336 # delete old DBsqlite lock files
1337 system('rm -f /tmp/gosa_si_lock*gosa-si-client*');
1339 # detect ip and mac address and complete host address
1340 #if( inet_aton($client_ip) ){
1341 #print STDERR "ip: $client_ip\n";
1342 # $client_ip = inet_ntoa(inet_aton($client_ip));
1343 #print STDERR "ip: $client_ip\n";
1344 #}
1345 $client_address = $client_ip.":".$client_port;
1346 my $network_interface= &get_interface_for_ip($client_ip);
1347 $client_mac_address= &get_mac($network_interface);
1348 daemon_log("gosa-si-client ip address detected: $client_ip", 1);
1349 daemon_log("gosa-si-client mac address detected: $client_mac_address", 1);
1352 # import events
1353 &import_events();
1356 # compute hardware checksum
1357 $gotoHardwareChecksum= &generate_hw_digest();
1358 daemon_log("gosa-si-client gotoHardwareChecksum detected: $gotoHardwareChecksum", 1);
1361 # create socket for incoming xml messages
1362 POE::Component::Server::TCP->new(
1363 Alias => 'gosa-si-client',
1364 Port => $client_port,
1365 ClientInput => \&server_input,
1366 );
1367 daemon_log("start socket for incoming xml messages at port '$client_port' ", 1);
1370 # prepare variables
1371 if( inet_aton($server_ip) ){ $server_ip = inet_ntoa(inet_aton($server_ip)); }
1372 ############################################################
1373 # to change
1374 if( $server_ip eq "127.0.1.1" ) { $server_ip = "127.0.0.1" }
1375 ############################################################
1376 if (defined $server_ip && defined $server_port) {
1377 $server_address = $server_ip.":".$server_port;
1378 }
1379 $xml = new XML::Simple();
1380 $default_server_key = $server_key;
1383 # add gosa-si-server address from config file at first position of server list
1384 my $server_check_cfg = Config::IniFiles->new( -file => $cfg_file );
1385 my $server_check = $server_check_cfg->val( "server", "ip");
1386 if( defined $server_check ) {
1387 unshift(@servers, $server_address);
1388 my $servers_string = join(", ", @servers);
1389 daemon_log("found servers in configuration file: $servers_string", 5);
1390 }
1391 else {
1392 if ( !$server_domain) {
1393 daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
1394 exit( 1 );
1395 }
1396 my @tmp_servers = &get_server_addresses($server_domain);
1397 foreach my $server (@tmp_servers) {
1398 unshift(@servers, $server);
1399 }
1400 my $servers_string = join(", ", @servers);
1401 daemon_log("found servers in DNS: $servers_string", 5);
1402 }
1405 # open fifo for non-gosa-si-client-msgs to gosa-si-server
1406 POSIX::mkfifo("$gosa_si_client_fifo", "0600");
1409 POE::Session->create(
1410 inline_states => {
1411 _start => \&_start,
1412 register_at_gosa_si_server => \®ister_at_gosa_si_server,
1413 trigger_new_key => \&trigger_new_key,
1415 # handle records from each defined file differently
1416 fifo_record => \&fifo_got_record,
1418 # handle file resets and errors the same way for each file
1419 file_reset => \&generic_file_reset,
1420 file_error => \&generic_file_error,
1421 }
1422 );
1424 POE::Kernel->run();
1425 exit;