a63346b9f92e915fc1e656b1ef6295a4dbc4158f
1 #!/usr/bin/perl
2 #===============================================================================
3 #
4 # FILE: gosa-server
5 #
6 # USAGE: gosa-si-client
7 #
8 # DESCRIPTION:
9 #
10 # OPTIONS: ---
11 # REQUIREMENTS: libnetaddr-ip-perl
12 # BUGS: ---
13 # NOTES:
14 # AUTHOR: (Andreas Rettenberger), <rettenberger@gonicus.de>
15 # COMPANY:
16 # VERSION: 1.0
17 # CREATED: 12.09.2007 08:54:41 CEST
18 # REVISION: ---
19 #===============================================================================
21 use strict;
22 use warnings;
23 use Getopt::Long;
24 use Config::IniFiles;
25 use POSIX;
26 use Time::HiRes qw( gettimeofday );
28 use POE qw(Component::Server::TCP);
29 use IO::Socket::INET;
30 use NetAddr::IP;
31 use Data::Dumper;
32 use Crypt::Rijndael;
33 use GOSA::GosaSupportDaemon;
34 use Digest::MD5 qw(md5_hex md5 md5_base64);
35 use MIME::Base64;
36 use XML::Simple;
37 use Net::DNS;
39 my $event_dir = "/usr/lib/gosa-si/client/events";
40 use lib "/usr/lib/gosa-si/client/events";
42 my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $procid, $pid, $log_file, $fai_logpath);
43 my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain, $server_key_lifetime);
44 my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
45 my $xml;
46 my $default_server_key;
47 my $event_hash;
48 my @servers;
49 my $gotoHardwareChecksum;
50 $verbose= 1;
52 # globalise variables which are used in imported events
53 our $cfg_file;
54 our $server_address;
55 our $client_address;
56 our $server_key;
58 # default variables
59 our $REGISTERED = 0;
60 my $try_to_register = 0;
62 %cfg_defaults = (
63 "general" =>
64 {"log-file" => [\$log_file, "/var/run/".$0.".log"],
65 "pid-file" => [\$pid_file, "/var/run/".$0.".pid"],
66 },
67 "client" =>
68 {"port" => [\$client_port, "20083"],
69 "ip" => [\$client_ip, "0.0.0.0"],
70 "mac-address" => [\$client_mac_address, "00:00:00:00:00:00"],
71 "server-domain" => [\$server_domain, ""],
72 "ldap" => [\$ldap_enabled, 1],
73 "ldap-config" => [\$ldap_config, "/etc/ldap/ldap.conf"],
74 "pam-config" => [\$pam_config, "/etc/pam_ldap.conf"],
75 "nss-config" => [\$nss_config, "/etc/libnss_ldap.conf"],
76 "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"],
77 },
78 "server" => {
79 "ip" => [\$server_ip, "127.0.0.1"],
80 "port" => [\$server_port, "20081"],
81 "key" => [\$server_key, ""],
82 "timeout" => [\$server_timeout, 10],
83 "key-lifetime" => [\$server_key_lifetime, 600],
84 },
86 );
89 #=== FUNCTIONS = functions =====================================================
91 #=== FUNCTION ================================================================
92 # NAME: check_cmdline_param
93 # PARAMETERS:
94 # RETURNS:
95 # DESCRIPTION:
96 #===============================================================================
97 sub check_cmdline_param () {
98 my $err_config;
99 my $err_counter = 0;
100 if(not defined($cfg_file)) {
101 $cfg_file = "/etc/gosa-si/client.conf";
102 if(! -r $cfg_file) {
103 $err_config = "please specify a config file";
104 $err_counter += 1;
105 }
106 }
107 if( $err_counter > 0 ) {
108 &usage( "", 1 );
109 if( defined( $err_config)) { print STDERR "$err_config\n"}
110 print STDERR "\n";
111 exit( -1 );
112 }
113 }
116 #=== FUNCTION ================================================================
117 # NAME: read_configfile
118 # PARAMETERS: cfg_file - string -
119 # RETURNS:
120 # DESCRIPTION:
121 #===============================================================================
122 sub read_configfile {
123 my ($cfg_file, %cfg_defaults) = @_ ;
124 my $cfg;
125 if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
126 if( -r $cfg_file ) {
127 $cfg = Config::IniFiles->new( -file => $cfg_file );
128 } else {
129 print STDERR "Couldn't read config file!";
130 }
131 } else {
132 $cfg = Config::IniFiles->new() ;
133 }
134 foreach my $section (keys %cfg_defaults) {
135 foreach my $param (keys %{$cfg_defaults{ $section }}) {
136 my $pinfo = $cfg_defaults{ $section }{ $param };
137 ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
138 }
139 }
140 }
143 #=== FUNCTION ================================================================
144 # NAME: check_pid
145 # PARAMETERS:
146 # RETURNS:
147 # DESCRIPTION:
148 #===============================================================================
149 sub check_pid {
150 $pid = -1;
151 # Check, if we are already running
152 if( open(LOCK_FILE, "<$pid_file") ) {
153 $pid = <LOCK_FILE>;
154 if( defined $pid ) {
155 chomp( $pid );
156 if( -f "/proc/$pid/stat" ) {
157 my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
158 if( $0 eq $stat ) {
159 close( LOCK_FILE );
160 exit -1;
161 }
162 }
163 }
164 close( LOCK_FILE );
165 unlink( $pid_file );
166 }
168 # create a syslog msg if it is not to possible to open PID file
169 if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
170 my($msg) = "Couldn't obtain lockfile '$pid_file' ";
171 if (open(LOCK_FILE, '<', $pid_file)
172 && ($pid = <LOCK_FILE>))
173 {
174 chomp($pid);
175 $msg .= "(PID $pid)\n";
176 } else {
177 $msg .= "(unable to read PID)\n";
178 }
179 if( ! ($foreground) ) {
180 openlog( $0, "cons,pid", "daemon" );
181 syslog( "warning", $msg );
182 closelog();
183 }
184 else {
185 print( STDERR " $msg " );
186 }
187 exit( -1 );
188 }
189 }
192 #=== FUNCTION ================================================================
193 # NAME: logging
194 # PARAMETERS: level - string - default 'info'
195 # msg - string -
196 # facility - string - default 'LOG_DAEMON'
197 # RETURNS:
198 # DESCRIPTION:
199 #===============================================================================
200 sub daemon_log {
201 # log into log_file
202 my( $msg, $level ) = @_;
203 if(not defined $msg) { return }
204 if(not defined $level) { $level = 1 }
205 if(defined $log_file){
206 open(LOG_HANDLE, ">>$log_file");
207 if(not defined open( LOG_HANDLE, ">>$log_file" )) {
208 print STDERR "cannot open $log_file: $!";
209 return }
210 chomp($msg);
211 if($level <= $verbose){
212 my ($seconds, $minutes, $hours, $monthday, $month,
213 $year, $weekday, $yearday, $sommertime) = localtime(time);
214 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
215 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
216 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
217 my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
218 $month = $monthnames[$month];
219 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
220 $year+=1900;
221 my $name = $0;
222 $name =~ s/\.\///;
224 my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n";
225 print LOG_HANDLE $log_msg;
226 if( $foreground ) {
227 print STDERR $log_msg;
228 }
229 }
230 close( LOG_HANDLE );
231 }
232 #log into syslog
233 # my ($msg, $level, $facility) = @_;
234 # if(not defined $msg) {return}
235 # if(not defined $level) {$level = "info"}
236 # if(not defined $facility) {$facility = "LOG_DAEMON"}
237 # openlog($0, "pid,cons,", $facility);
238 # syslog($level, $msg);
239 # closelog;
240 # return;
241 }
244 #=== FUNCTION ================================================================
245 # NAME: get_interfaces
246 # PARAMETERS: none
247 # RETURNS: (list of interfaces)
248 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
249 #===============================================================================
250 sub get_interfaces {
251 my @result;
252 my $PROC_NET_DEV= ('/proc/net/dev');
254 open(PROC_NET_DEV, "<$PROC_NET_DEV")
255 or die "Could not open $PROC_NET_DEV";
257 my @ifs = <PROC_NET_DEV>;
259 close(PROC_NET_DEV);
261 # Eat first two line
262 shift @ifs;
263 shift @ifs;
265 chomp @ifs;
266 foreach my $line(@ifs) {
267 my $if= (split /:/, $line)[0];
268 $if =~ s/^\s+//;
269 push @result, $if;
270 }
272 return @result;
273 }
275 #=== FUNCTION ================================================================
276 # NAME: get_mac
277 # PARAMETERS: interface name (i.e. eth0)
278 # RETURNS: (mac address)
279 # DESCRIPTION: Uses ioctl to get mac address directly from system.
280 #===============================================================================
281 sub get_mac {
282 my $ifreq= shift;
283 my $result;
284 if ($ifreq && length($ifreq) > 0) {
285 if($ifreq eq "all") {
286 if(defined($server_ip)) {
287 $result = &get_local_mac_for_remote_ip($server_ip);
288 }
289 elsif ($client_mac_address && length($client_mac_address) > 0 && !($client_mac_address eq "00:00:00:00:00:00")){
290 $result = &client_mac_address;
291 }
292 else {
293 $result = "00:00:00:00:00:00";
294 }
295 } else {
296 my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list
298 # A configured MAC Address should always override a guessed value
299 if ($client_mac_address and length($client_mac_address) > 0 and not($client_mac_address eq "00:00:00:00:00:00")) {
300 $result= $client_mac_address;
301 }
302 else {
303 socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
304 or die "socket: $!";
306 if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
307 my ($if, $mac)= unpack 'h36 H12', $ifreq;
309 if (length($mac) > 0) {
310 $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
311 $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
312 $result = $mac;
313 }
314 }
315 }
316 }
317 }
318 return $result;
319 }
322 #=== FUNCTION ================================================================
323 # NAME: get_interface_for_ip
324 # PARAMETERS: ip address (i.e. 192.168.0.1)
325 # RETURNS: array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else
326 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
327 #===============================================================================
328 sub get_interface_for_ip {
329 my $result;
330 my $ip= shift;
331 if ($ip && length($ip) > 0) {
332 my @ifs= &get_interfaces();
333 if($ip eq "0.0.0.0") {
334 $result = "all";
335 } else {
336 foreach (@ifs) {
337 my $if=$_;
338 if(get_ip($if) eq $ip) {
339 $result = $if;
340 last;
341 }
342 }
343 }
344 }
345 return $result;
346 }
349 #=== FUNCTION ================================================================
350 # NAME: get_ip
351 # PARAMETERS: interface name (i.e. eth0)
352 # RETURNS: (ip address)
353 # DESCRIPTION: Uses ioctl to get ip address directly from system.
354 #===============================================================================
355 sub get_ip {
356 my $ifreq= shift;
357 my $result= "";
358 my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
359 my $proto= getprotobyname('ip');
361 socket SOCKET, PF_INET, SOCK_DGRAM, $proto
362 or die "socket: $!";
364 if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
365 my ($if, $sin) = unpack 'a16 a16', $ifreq;
366 my ($port, $addr) = sockaddr_in $sin;
367 my $ip = inet_ntoa $addr;
369 if ($ip && length($ip) > 0) {
370 $result = $ip;
371 }
372 }
374 return $result;
375 }
378 #=== FUNCTION ================================================================
379 # NAME: get_local_mac_for_remote_ip
380 # PARAMETERS: none (takes server_ip from global variable)
381 # RETURNS: (ip address from interface that is used for communication)
382 # DESCRIPTION: Uses ioctl to get routing table from system, checks which entry
383 # matches (defaultroute last).
384 #===============================================================================
385 sub get_local_mac_for_remote_ip {
386 my $server_ip= shift;
387 my $result= "00:00:00:00:00:00";
389 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
390 my $PROC_NET_ROUTE= ('/proc/net/route');
392 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
393 or die "Could not open $PROC_NET_ROUTE";
395 my @ifs = <PROC_NET_ROUTE>;
397 close(PROC_NET_ROUTE);
399 # Eat header line
400 shift @ifs;
401 chomp @ifs;
402 foreach my $line(@ifs) {
403 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
404 my $destination;
405 my $mask;
406 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
407 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
408 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
409 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
410 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
411 # destination matches route, save mac and exit
412 $result= &get_mac($Iface);
413 last;
414 }
415 }
416 } else {
417 daemon_log("get_local_mac_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
418 }
419 return $result;
420 }
422 sub get_local_ip_for_remote_ip {
423 my $server_ip= shift;
424 my $result="0.0.0.0";
426 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
427 if($server_ip eq "127.0.0.1") {
428 $result="127.0.0.1";
429 } else {
430 my $PROC_NET_ROUTE= ('/proc/net/route');
432 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
433 or die "Could not open $PROC_NET_ROUTE";
435 my @ifs = <PROC_NET_ROUTE>;
437 close(PROC_NET_ROUTE);
439 # Eat header line
440 shift @ifs;
441 chomp @ifs;
442 foreach my $line(@ifs) {
443 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
444 my $destination;
445 my $mask;
446 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
447 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
448 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
449 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
450 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
451 # destination matches route, save mac and exit
452 $result= &get_ip($Iface);
453 last;
454 }
455 }
456 }
457 } else {
458 daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
459 }
460 return $result;
461 }
463 sub new_ldap_config {
464 my ($msg_hash) = @_ ;
465 my $element;
466 my @ldap_uris;
467 my $ldap_base;
468 my @ldap_options;
469 my @pam_options;
470 my @nss_options;
471 my $goto_admin;
472 my $goto_secret;
473 my $admin_base= "";
474 my $department= "";
475 my $release= "";
476 my $unit_tag;
478 # Transform input into array
479 while ( my ($key, $value) = each(%$msg_hash) ) {
480 if ($key =~ /^(source|target|header)$/) {
481 next;
482 }
484 foreach $element (@$value) {
485 if ($key =~ /^ldap_uri$/) {
486 push (@ldap_uris, $element);
487 next;
488 }
489 if ($key =~ /^ldap_base$/) {
490 $ldap_base= $element;
491 next;
492 }
493 if ($key =~ /^goto_admin$/) {
494 $goto_admin= $element;
495 next;
496 }
497 if ($key =~ /^goto_secret$/) {
498 $goto_secret= $element;
499 next;
500 }
501 if ($key =~ /^ldap_cfg$/) {
502 push (@ldap_options, "$element");
503 next;
504 }
505 if ($key =~ /^pam_cfg$/) {
506 push (@pam_options, "$element");
507 next;
508 }
509 if ($key =~ /^nss_cfg$/) {
510 push (@nss_options, "$element");
511 next;
512 }
513 if ($key =~ /^admin_base$/) {
514 $admin_base= $element;
515 next;
516 }
517 if ($key =~ /^department$/) {
518 $department= $element;
519 next;
520 }
521 if ($key =~ /^unit_tag$/) {
522 $unit_tag= $element;
523 next;
524 }
525 if ($key =~ /^release$/) {
526 $release= $element;
527 next;
528 }
529 }
530 }
532 # Unit tagging enabled?
533 if (defined $unit_tag){
534 push (@pam_options, "pam_filter gosaUnitTag=$unit_tag");
535 push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag");
536 push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag");
537 }
539 # Setup ldap.conf
540 my $file1;
541 my $file2;
542 open(file1, "> $ldap_config");
543 print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
544 print file1 "URI";
545 foreach $element (@ldap_uris) {
546 print file1 " $element";
547 }
548 print file1 "\nBASE $ldap_base\n";
549 foreach $element (@ldap_options) {
550 print file1 "$element\n";
551 }
552 close (file1);
553 daemon_log("wrote $ldap_config", 5);
555 # Setup pam_ldap.conf / libnss_ldap.conf
556 open(file1, "> $pam_config");
557 open(file2, "> $nss_config");
558 print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
559 print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n";
560 print file1 "uri";
561 print file2 "uri";
562 foreach $element (@ldap_uris) {
563 print file1 " $element";
564 print file2 " $element";
565 }
566 print file1 "\nbase $ldap_base\n";
567 print file2 "\nbase $ldap_base\n";
568 foreach $element (@pam_options) {
569 print file1 "$element\n";
570 }
571 foreach $element (@nss_options) {
572 print file2 "$element\n";
573 }
574 close (file2);
575 daemon_log("wrote $nss_config", 5);
576 close (file1);
577 daemon_log("wrote $pam_config", 5);
579 # Create goto.secrets if told so - for compatibility reasons
580 if (defined $goto_admin){
581 open(file1, "> /etc/goto/secret");
582 close(file1);
583 chown(0,0, "/etc/goto/secret");
584 chmod(0600, "/etc/goto/secret");
585 open(file1, "> /etc/goto/secret");
586 print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n";
587 close(file1);
588 daemon_log("wrote /etc/goto/secret", 5);
589 }
593 # Write shell based config
594 my $cfg_name= dirname($ldap_config)."/ldap-shell.conf";
595 open(file1, "> $cfg_name");
596 print file1 "LDAP_BASE=\"$ldap_base\"\n";
597 print file1 "ADMIN_BASE=\"$admin_base\"\n";
598 print file1 "DEPARTMENT=\"$department\"\n";
599 print file1 "RELEASE=\"$release\"\n";
600 print file1 "UNIT_TAG=\"".(defined $unit_tag ? "$unit_tag" : "")."\"\n";
601 print file1 "UNIT_TAG_FILTER=\"".(defined $unit_tag ? "(gosaUnitTag=$unit_tag)" : "")."\"\n";
602 close(file1);
603 daemon_log("wrote $cfg_name", 5);
605 return;
607 }
610 sub generate_hw_digest {
611 my $hw_data;
612 foreach my $line (split /\n/, `cat /proc/bus/pci/devices`) {
613 $hw_data.= sprintf "%s", $line =~ /[^\s]+\s([^\s]+)\s.*/;
614 }
615 return(md5_base64($hw_data));
616 }
619 sub create_passwd {
620 my $new_passwd = "";
621 for(my $i=0; $i<31; $i++) {
622 $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))]
623 }
625 return $new_passwd;
626 }
629 sub get_server_addresses {
630 my $domain= shift;
631 my @result;
633 my $error = 0;
634 my $res = Net::DNS::Resolver->new;
635 my $query = $res->send("_gosad._tcp.".$domain, "SRV");
636 my @hits;
638 if ($query) {
639 foreach my $rr ($query->answer) {
640 push(@hits, $rr->target.":".$rr->port);
641 }
642 }
643 else {
644 #warn "query failed: ", $res->errorstring, "\n";
645 $error++;
646 }
648 if( $error == 0 ) {
649 foreach my $hit (@hits) {
650 my ($hit_name, $hit_port) = split(/:/, $hit);
652 my $address_query = $res->send($hit_name);
653 if( 1 == length($address_query->answer) ) {
654 foreach my $rr ($address_query->answer) {
655 push(@result, $rr->address.":".$hit_port);
656 }
657 }
658 }
659 }
661 # my $dig_cmd= 'dig +nocomments srv _gosad._tcp.'.$domain;
662 #
663 # my $output= `$dig_cmd 2>&1`;
664 # open (PIPE, "$dig_cmd 2>&1 |");
665 # while(<PIPE>) {
666 # chomp $_;
667 # # If it's not a comment
668 # if($_ =~ m/^[^;]/) {
669 # my @matches= split /\s+/;
670 #
671 # # Push hostname with port
672 # if($matches[3] eq 'SRV') {
673 # push @result, $matches[7].':'.$matches[6];
674 # } elsif ($matches[3] eq 'A') {
675 # my $i=0;
676 #
677 # # Substitute the hostname with the ip address of the matching A record
678 # foreach my $host (@result) {
679 # if ((split /\:/, $host)[0] eq $matches[0]) {
680 # $result[$i]= $matches[4].':'.(split /\:/, $host)[1];
681 # }
682 # $i++;
683 # }
684 # }
685 # }
686 # }
687 # close(PIPE);
688 return @result;
689 }
692 ##=== FUNCTION ================================================================
693 ## NAME: create_ciphering
694 ## PARAMETERS: passwd - string - used to create ciphering
695 ## RETURNS: cipher - object
696 ## DESCRIPTION: creates a Crypt::Rijndael::MODE_CBC object with passwd as key
697 ##===============================================================================
698 #sub create_ciphering {
699 # my ($passwd) = @_;
700 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
701 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
702 #
703 # #daemon_log("iv: $iv", 7);
704 # #daemon_log("key: $passwd", 7);
705 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
706 # $my_cipher->set_iv($iv);
707 # return $my_cipher;
708 #}
709 #
710 #
711 #sub create_ciphering {
712 # my ($passwd) = @_;
713 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
714 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
715 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
716 # $my_cipher->set_iv($iv);
717 # return $my_cipher;
718 #}
719 #
720 #
721 #sub encrypt_msg {
722 # my ($msg, $key) = @_;
723 # my $my_cipher = &create_ciphering($key);
724 # {
725 # use bytes;
726 # $msg = "\0"x(16-length($msg)%16).$msg;
727 # }
728 # $msg = $my_cipher->encrypt($msg);
729 # chomp($msg = &encode_base64($msg));
730 # # there are no newlines allowed inside msg
731 # $msg=~ s/\n//g;
732 # return $msg;
733 #}
734 #
735 #
736 #sub decrypt_msg {
737 # my ($msg, $key) = @_ ;
738 # $msg = &decode_base64($msg);
739 # my $my_cipher = &create_ciphering($key);
740 # $msg = $my_cipher->decrypt($msg);
741 # $msg =~ s/\0*//g;
742 # return $msg;
743 #}
746 #=== FUNCTION ================================================================
747 # NAME: send_msg_hash_to_target
748 # PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash
749 # PeerAddr string - socket address to send msg
750 # PeerPort string - socket port, if not included in socket address
751 # RETURNS: nothing
752 # DESCRIPTION: ????
753 #===============================================================================
754 sub send_msg_hash_to_target {
755 my ($msg_hash, $address, $encrypt_key) = @_ ;
756 my $msg = &create_xml_string($msg_hash);
757 my $header = @{$msg_hash->{'header'}}[0];
758 my $error = &send_msg_to_target($msg, $address, $encrypt_key, $header);
760 return $error;
761 }
764 sub send_msg_to_target {
765 my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
766 my $error = 0;
768 if( $msg_header ) {
769 $msg_header = "'$msg_header'-";
770 }
771 else {
772 $msg_header = "";
773 }
775 # encrypt xml msg
776 my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
778 # opensocket
779 my $socket = &open_socket($address);
780 if( !$socket ) {
781 daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1);
782 $error++;
783 }
785 if( $error == 0 ) {
786 # send xml msg
787 print $socket $crypted_msg."\n";
789 daemon_log("send ".$msg_header."msg to $address", 1);
790 daemon_log("message:\n$msg", 8);
792 }
794 # close socket in any case
795 if( $socket ) {
796 close $socket;
797 }
799 return $error;
800 }
803 sub write_to_file {
804 my ($string, $file) = @_;
805 my $error = 0;
807 if( not defined $file || not -f $file ) {
808 &main::daemon_log("ERROR: $0: check '-f file' failed: $file", 1);
809 $error++;
810 }
811 if( not defined $string || 0 == length($string)) {
812 &main::daemon_log("ERROR: $0: empty string to write to file '$file'", 1);
813 $error++;
814 }
816 if( $error == 0 ) {
818 chomp($string);
820 open(FILE, ">> $file");
821 print FILE $string."\n";
822 close(FILE);
823 }
825 return;
826 }
829 sub open_socket {
830 my ($PeerAddr, $PeerPort) = @_ ;
831 if(defined($PeerPort)){
832 $PeerAddr = $PeerAddr.":".$PeerPort;
833 }
834 my $socket;
835 $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
836 Porto => "tcp",
837 Type => SOCK_STREAM,
838 Timeout => 5,
839 );
840 if(not defined $socket) {
841 return;
842 }
843 &daemon_log("open_socket: $PeerAddr", 7);
844 return $socket;
845 }
848 #=== FUNCTION ================================================================
849 # NAME: register_at_server
850 # PARAMETERS:
851 # RETURNS:
852 # DESCRIPTION:
853 #===============================================================================
854 sub register_at_gosa_si_server {
855 my ($kernel) = $_[KERNEL];
857 if( not $REGISTERED ) {
858 $try_to_register++;
859 if( $try_to_register > 1 ) {
860 &write_to_file("gosa-si-no-server-available", $fai_logpath);
861 }
863 # create new passwd and ciphering object for client-server communication
864 $server_key = &create_passwd();
866 my $events = join( ", ", keys %{$event_hash} );
868 while(1) {
870 # fetch first gosa-si-server from @servers
871 my $server = shift(@servers);
873 # append shifted gosa-si-server at the end of @servers, so looking for servers never stop
874 push( @servers, $server );
876 # Check if our ip is resolvable - if not: don't try to register
877 my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
878 my $resolver= Net::DNS::Resolver->new;
879 my $dnsresult= $resolver->search($ip);
880 if(!defined($dnsresult)) {
881 &write_to_file("goto-dns-error:Could not resolve hostname for ip $ip", $fai_logpath);
882 exit(1);
883 }
885 # create registration msg
886 my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
887 my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
888 my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server);
889 &add_content2xml_hash($register_hash, "new_passwd", $server_key);
890 &add_content2xml_hash($register_hash, "mac_address", $local_mac);
891 &add_content2xml_hash($register_hash, "events", $events);
892 &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum);
894 # send xml hash to server with general server passwd
895 my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key);
896 if($res == 0) {
897 # Set fixed client address
898 $client_ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
899 $client_address= "$client_ip:$client_port";
900 last;
901 } else {
902 # wait 1 sec until trying to register again
903 sleep(1);
904 next;
905 }
906 }
910 daemon_log("waiting for msg 'register_at_gosa_si_server'",1);
911 # $kernel->delay_set('register_at_gosa_si_server', 180);
912 $kernel->delay_set('register_at_gosa_si_server', 5);
913 # clear old settings and set it again
914 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
915 }
916 return;
917 }
920 sub check_key_and_xml_validity {
921 my ($crypted_msg, $module_key) = @_;
922 #print STDERR "crypted_msg:$crypted_msg\n";
923 #print STDERR "modul_key:$module_key\n";
925 my $msg;
926 my $msg_hash;
927 eval{
928 $msg = &decrypt_msg($crypted_msg, $module_key);
929 &main::daemon_log("decrypted_msg: \n$msg", 8);
931 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
933 # check header
934 my $header_l = $msg_hash->{'header'};
935 if( 1 != @{$header_l} ) {
936 die 'no or more headers specified';
937 }
938 my $header = @{$header_l}[0];
939 if( 0 == length $header) {
940 die 'header has length 0';
941 }
943 # check source
944 my $source_l = $msg_hash->{'source'};
945 if( 1 != @{$source_l} ) {
946 die 'no or more sources specified';
947 }
948 my $source = @{$source_l}[0];
949 if( 0 == length $source) {
950 die 'source has length 0';
951 }
953 # check target
954 my $target_l = $msg_hash->{'target'};
955 if( 1 != @{$target_l} ) {
956 die 'no or more targets specified ';
957 }
958 my $target = @{$target_l}[0];
959 if( 0 == length $target) {
960 die 'target has length 0 ';
961 }
963 };
964 if($@) {
965 &main::daemon_log("WARNING: do not understand the message or msg is not gosa-si envelope conform:", 5);
966 &main::daemon_log("$@", 8);
967 }
969 return ($msg, $msg_hash);
970 }
973 sub import_events {
975 if (not -e $event_dir) {
976 daemon_log("ERROR: cannot find directory or directory is not readable: $event_dir", 1);
977 }
978 opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n";
980 while (defined (my $event = readdir (DIR))) {
981 if( $event eq "." || $event eq ".." ) { next; }
983 eval{ require $event; };
984 if( $@ ) {
985 daemon_log("ERROR: import of event module '$event' failed", 1);
986 daemon_log("$@", 8);
987 next;
988 }
990 $event =~ /(\S*?).pm$/;
991 my $event_module = $1;
992 my $events_l = eval( $1."::get_events()") ;
993 foreach my $event_name (@{$events_l}) {
994 $event_hash->{$event_name} = $event_module;
995 }
997 }
998 }
1000 sub trigger_new_key {
1001 my ($kernel) = $_[KERNEL] ;
1003 my $msg = "<xml><header>new_key</header><source>$client_address</source><target>$client_address</target></xml>";
1004 &send_msg_to_target($msg, $client_address, $server_key, 'new_key');
1006 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
1008 }
1011 sub _start {
1012 my ($kernel) = $_[KERNEL];
1013 $kernel->alias_set('client_session');
1014 $kernel->yield('register_at_gosa_si_server');
1015 }
1018 sub server_input {
1019 my ($kernel, $heap, $input, $wheel) = @_[KERNEL, HEAP, ARG0, ARG1];
1020 my $error = 0;
1021 my $answer;
1023 daemon_log("Incoming msg:\n$input\n", 8);
1025 my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $server_key);
1026 if( (!$msg) || (!$msg_hash) ) {
1027 daemon_log("Deciphering of incoming msg failed", 5);
1028 $error++;
1029 }
1032 ######################
1033 # process incoming msg
1034 if( $error == 0 ) {
1035 my $header = @{$msg_hash->{header}}[0];
1036 my $source = @{$msg_hash->{source}}[0];
1038 if( exists $event_hash->{$header} ) {
1039 # a event exists with the header as name
1040 daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5);
1041 no strict 'refs';
1042 $answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash);
1043 }
1044 else {
1045 daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 1);
1046 }
1047 }
1049 ########
1050 # answer
1051 if( $answer ) {
1052 # preprocessing
1053 if( $answer =~ "<header>registered</header>") {
1054 # set registered flag to true to stop sending further registered msgs
1055 $REGISTERED = 1;
1056 }
1057 else {
1058 &send_msg_to_target($answer, $server_address, $server_key);
1059 }
1060 # postprocessing
1061 if( $answer =~ "<header>new_key</header>") {
1062 # set new key to global variable
1063 $answer =~ /<new_key>(\S*?)<\/new_key>/;
1064 my $new_key = $1;
1065 $server_key = $new_key;
1066 }
1067 }
1069 return;
1070 }
1072 #==== MAIN = main ==============================================================
1073 # parse commandline options
1074 Getopt::Long::Configure( "bundling" );
1075 GetOptions("h|help" => \&usage,
1076 "c|config=s" => \$cfg_file,
1077 "f|foreground" => \$foreground,
1078 "v|verbose+" => \$verbose,
1079 );
1081 # read and set config parameters
1082 &check_cmdline_param ;
1083 &read_configfile($cfg_file, %cfg_defaults);
1084 &check_pid;
1087 # forward error messages to logfile
1088 if ( ! $foreground ) {
1089 open STDIN, '/dev/null' or die "Can’t read /dev/null: $!";
1090 open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!";
1091 open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!";
1092 }
1094 # Just fork, if we are not in foreground mode
1095 if( ! $foreground ) {
1096 chdir '/' or die "Can't chdir to /: $!";
1097 $pid = fork;
1098 setsid or die "Can't start a new session: $!";
1099 umask 0;
1100 }
1101 else {
1102 $pid = $$;
1103 }
1105 # Do something useful - put our PID into the pid_file
1106 if( 0 != $pid ) {
1107 open( LOCK_FILE, ">$pid_file" );
1108 print LOCK_FILE "$pid\n";
1109 close( LOCK_FILE );
1110 if( !$foreground ) {
1111 exit( 0 )
1112 };
1113 }
1115 daemon_log(" ", 1);
1116 daemon_log("$0 started!", 1);
1118 # delete old DBsqlite lock files
1119 system('rm -f /tmp/gosa_si_lock*gosa-si-client*');
1121 # detect ip and mac address and complete host address
1122 $client_address = $client_ip.":".$client_port;
1123 my $network_interface= &get_interface_for_ip($client_ip);
1124 $client_mac_address= &get_mac($network_interface);
1125 daemon_log("gosa-si-client ip address detected: $client_ip", 1);
1126 daemon_log("gosa-si-client mac address detected: $client_mac_address", 1);
1129 # import events
1130 &import_events();
1133 # compute hardware checksum
1134 $gotoHardwareChecksum= &generate_hw_digest();
1135 daemon_log("gosa-si-client gotoHardwareChecksum detected: $gotoHardwareChecksum", 1);
1138 # create socket for incoming xml messages
1139 POE::Component::Server::TCP->new(
1140 Alias => 'gosa-si-client',
1141 Port => $client_port,
1142 ClientInput => \&server_input,
1143 );
1144 daemon_log("start socket for incoming xml messages at port '$client_port' ", 1);
1147 # prepare variables
1148 if (defined $server_ip && defined $server_port) {
1149 $server_address = $server_ip.":".$server_port;
1150 }
1151 $xml = new XML::Simple();
1152 $default_server_key = $server_key;
1155 # add gosa-si-server address from config file at first position of server list
1156 if (defined $server_address) {
1157 unshift(@servers, $server_address);
1158 my $servers_string = join(", ", @servers);
1159 daemon_log("found servers in configuration file: $servers_string", 5);
1160 }
1161 else {
1162 if ( !$server_domain) {
1163 daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
1164 exit( 1 );
1165 }
1166 my @tmp_servers = &get_server_addresses($server_domain);
1167 foreach my $server (@tmp_servers) {
1168 unshift(@servers, $server);
1169 }
1170 my $servers_string = join(", ", @servers);
1171 daemon_log("found servers in DNS: $servers_string", 5);
1172 }
1177 POE::Session->create(
1178 inline_states => {
1179 _start => \&_start,
1180 register_at_gosa_si_server => \®ister_at_gosa_si_server,
1181 trigger_new_key => \&trigger_new_key,
1182 }
1183 );
1185 POE::Kernel->run();
1186 exit;