1 #!/usr/bin/perl
2 #===============================================================================
3 #
4 # FILE: gosa-server
5 #
6 # USAGE: gosa-si-client
7 #
8 # DESCRIPTION:
9 #
10 # OPTIONS: ---
11 # REQUIREMENTS: libnetaddr-ip-perl
12 # BUGS: ---
13 # NOTES:
14 # AUTHOR: (Andreas Rettenberger), <rettenberger@gonicus.de>
15 # COMPANY:
16 # VERSION: 1.0
17 # CREATED: 12.09.2007 08:54:41 CEST
18 # REVISION: ---
19 #===============================================================================
21 use strict;
22 use warnings;
23 use Getopt::Long;
24 use Config::IniFiles;
25 use POSIX;
26 use Time::HiRes qw( gettimeofday );
28 use POE qw(Component::Server::TCP);
29 use IO::Socket::INET;
30 use NetAddr::IP;
31 use Data::Dumper;
32 use Crypt::Rijndael;
33 use GOSA::GosaSupportDaemon;
34 use Digest::MD5 qw(md5_hex md5 md5_base64);
35 use MIME::Base64;
36 use XML::Simple;
37 use Net::DNS;
39 my $event_dir = "/usr/lib/gosa-si/client/events";
40 use lib "/usr/lib/gosa-si/client/events";
42 my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $procid, $pid, $log_file, $fai_logpath);
43 my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain, $server_key_lifetime);
44 my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
45 my $xml;
46 my $default_server_key;
47 my $event_hash;
48 my @servers;
49 my $gotoHardwareChecksum;
51 # globalise variables which are used in imported events
52 our $cfg_file;
53 our $server_address;
54 our $client_address;
55 our $server_key;
57 # default variables
58 our $REGISTERED_FLAG = 1;
60 %cfg_defaults = (
61 "general" =>
62 {"log_file" => [\$log_file, "/var/run/".$0.".log"],
63 "pid_file" => [\$pid_file, "/var/run/".$0.".pid"],
64 "fai_logpath" => [\$fai_logpath, "/var/log/fai/fai.log"],
65 },
66 "client" =>
67 {"port" => [\$client_port, "20083"],
68 "ip" => [\$client_ip, "0.0.0.0"],
69 "mac_address" => [\$client_mac_address, "00:00:00:00:00:00"],
70 "server_domain" => [\$server_domain, ""],
71 "ldap" => [\$ldap_enabled, 1],
72 "ldap_config" => [\$ldap_config, "/etc/ldap/ldap.conf"],
73 "pam_config" => [\$pam_config, "/etc/pam_ldap.conf"],
74 "nss_config" => [\$nss_config, "/etc/libnss_ldap.conf"],
75 },
76 "server" => {
77 "ip" => [\$server_ip, "127.0.0.1"],
78 "port" => [\$server_port, "20081"],
79 "key" => [\$server_key, ""],
80 "timeout" => [\$server_timeout, 10],
81 "key_lifetime" => [\$server_key_lifetime, 600],
82 },
84 );
87 #=== FUNCTIONS = functions =====================================================
89 #=== FUNCTION ================================================================
90 # NAME: check_cmdline_param
91 # PARAMETERS:
92 # RETURNS:
93 # DESCRIPTION:
94 #===============================================================================
95 sub check_cmdline_param () {
96 my $err_config;
97 my $err_counter = 0;
98 if(not defined($cfg_file)) {
99 $cfg_file = "/etc/gosa-si/client.conf";
100 if(! -r $cfg_file) {
101 $err_config = "please specify a config file";
102 $err_counter += 1;
103 }
104 }
105 if( $err_counter > 0 ) {
106 &usage( "", 1 );
107 if( defined( $err_config)) { print STDERR "$err_config\n"}
108 print STDERR "\n";
109 exit( -1 );
110 }
111 }
114 #=== FUNCTION ================================================================
115 # NAME: read_configfile
116 # PARAMETERS: cfg_file - string -
117 # RETURNS:
118 # DESCRIPTION:
119 #===============================================================================
120 sub read_configfile {
121 my ($cfg_file, %cfg_defaults) = @_ ;
122 my $cfg;
123 if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
124 if( -r $cfg_file ) {
125 $cfg = Config::IniFiles->new( -file => $cfg_file );
126 } else {
127 print STDERR "Couldn't read config file!";
128 }
129 } else {
130 $cfg = Config::IniFiles->new() ;
131 }
132 foreach my $section (keys %cfg_defaults) {
133 foreach my $param (keys %{$cfg_defaults{ $section }}) {
134 my $pinfo = $cfg_defaults{ $section }{ $param };
135 ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
136 }
137 }
138 }
141 #=== FUNCTION ================================================================
142 # NAME: check_pid
143 # PARAMETERS:
144 # RETURNS:
145 # DESCRIPTION:
146 #===============================================================================
147 sub check_pid {
148 $pid = -1;
149 # Check, if we are already running
150 if( open(LOCK_FILE, "<$pid_file") ) {
151 $pid = <LOCK_FILE>;
152 if( defined $pid ) {
153 chomp( $pid );
154 if( -f "/proc/$pid/stat" ) {
155 my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
156 if( $0 eq $stat ) {
157 close( LOCK_FILE );
158 exit -1;
159 }
160 }
161 }
162 close( LOCK_FILE );
163 unlink( $pid_file );
164 }
166 # create a syslog msg if it is not to possible to open PID file
167 if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
168 my($msg) = "Couldn't obtain lockfile '$pid_file' ";
169 if (open(LOCK_FILE, '<', $pid_file)
170 && ($pid = <LOCK_FILE>))
171 {
172 chomp($pid);
173 $msg .= "(PID $pid)\n";
174 } else {
175 $msg .= "(unable to read PID)\n";
176 }
177 if( ! ($foreground) ) {
178 openlog( $0, "cons,pid", "daemon" );
179 syslog( "warning", $msg );
180 closelog();
181 }
182 else {
183 print( STDERR " $msg " );
184 }
185 exit( -1 );
186 }
187 }
190 #=== FUNCTION ================================================================
191 # NAME: logging
192 # PARAMETERS: level - string - default 'info'
193 # msg - string -
194 # facility - string - default 'LOG_DAEMON'
195 # RETURNS:
196 # DESCRIPTION:
197 #===============================================================================
198 sub daemon_log {
199 # log into log_file
200 my( $msg, $level ) = @_;
201 if(not defined $msg) { return }
202 if(not defined $level) { $level = 1 }
203 if(defined $log_file){
204 open(LOG_HANDLE, ">>$log_file");
205 if(not defined open( LOG_HANDLE, ">>$log_file" )) {
206 print STDERR "cannot open $log_file: $!";
207 return }
208 chomp($msg);
209 if($level <= $verbose){
210 my ($seconds, $minutes, $hours, $monthday, $month,
211 $year, $weekday, $yearday, $sommertime) = localtime(time);
212 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
213 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
214 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
215 my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
216 $month = $monthnames[$month];
217 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
218 $year+=1900;
219 my $name = $0;
220 $name =~ s/\.\///;
222 my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n";
223 print LOG_HANDLE $log_msg;
224 if( $foreground ) {
225 print STDERR $log_msg;
226 }
227 }
228 close( LOG_HANDLE );
229 }
230 #log into syslog
231 # my ($msg, $level, $facility) = @_;
232 # if(not defined $msg) {return}
233 # if(not defined $level) {$level = "info"}
234 # if(not defined $facility) {$facility = "LOG_DAEMON"}
235 # openlog($0, "pid,cons,", $facility);
236 # syslog($level, $msg);
237 # closelog;
238 # return;
239 }
242 #=== FUNCTION ================================================================
243 # NAME: get_interfaces
244 # PARAMETERS: none
245 # RETURNS: (list of interfaces)
246 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
247 #===============================================================================
248 sub get_interfaces {
249 my @result;
250 my $PROC_NET_DEV= ('/proc/net/dev');
252 open(PROC_NET_DEV, "<$PROC_NET_DEV")
253 or die "Could not open $PROC_NET_DEV";
255 my @ifs = <PROC_NET_DEV>;
257 close(PROC_NET_DEV);
259 # Eat first two line
260 shift @ifs;
261 shift @ifs;
263 chomp @ifs;
264 foreach my $line(@ifs) {
265 my $if= (split /:/, $line)[0];
266 $if =~ s/^\s+//;
267 push @result, $if;
268 }
270 return @result;
271 }
273 #=== FUNCTION ================================================================
274 # NAME: get_mac
275 # PARAMETERS: interface name (i.e. eth0)
276 # RETURNS: (mac address)
277 # DESCRIPTION: Uses ioctl to get mac address directly from system.
278 #===============================================================================
279 sub get_mac {
280 my $ifreq= shift;
281 my $result;
282 if ($ifreq && length($ifreq) > 0) {
283 if($ifreq eq "all") {
284 if(defined($server_ip)) {
285 $result = &get_local_mac_for_remote_ip($server_ip);
286 }
287 elsif ($client_mac_address && length($client_mac_address) > 0 && !($client_mac_address eq "00:00:00:00:00:00")){
288 $result = &client_mac_address;
289 }
290 else {
291 $result = "00:00:00:00:00:00";
292 }
293 } else {
294 my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list
296 # A configured MAC Address should always override a guessed value
297 if ($client_mac_address and length($client_mac_address) > 0 and not($client_mac_address eq "00:00:00:00:00:00")) {
298 $result= $client_mac_address;
299 }
300 else {
301 socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
302 or die "socket: $!";
304 if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
305 my ($if, $mac)= unpack 'h36 H12', $ifreq;
307 if (length($mac) > 0) {
308 $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
309 $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
310 $result = $mac;
311 }
312 }
313 }
314 }
315 }
316 return $result;
317 }
320 #=== FUNCTION ================================================================
321 # NAME: get_interface_for_ip
322 # PARAMETERS: ip address (i.e. 192.168.0.1)
323 # RETURNS: array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else
324 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
325 #===============================================================================
326 sub get_interface_for_ip {
327 my $result;
328 my $ip= shift;
329 if ($ip && length($ip) > 0) {
330 my @ifs= &get_interfaces();
331 if($ip eq "0.0.0.0") {
332 $result = "all";
333 } else {
334 foreach (@ifs) {
335 my $if=$_;
336 if(get_ip($if) eq $ip) {
337 $result = $if;
338 last;
339 }
340 }
341 }
342 }
343 return $result;
344 }
347 #=== FUNCTION ================================================================
348 # NAME: get_ip
349 # PARAMETERS: interface name (i.e. eth0)
350 # RETURNS: (ip address)
351 # DESCRIPTION: Uses ioctl to get ip address directly from system.
352 #===============================================================================
353 sub get_ip {
354 my $ifreq= shift;
355 my $result= "";
356 my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
357 my $proto= getprotobyname('ip');
359 socket SOCKET, PF_INET, SOCK_DGRAM, $proto
360 or die "socket: $!";
362 if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
363 my ($if, $sin) = unpack 'a16 a16', $ifreq;
364 my ($port, $addr) = sockaddr_in $sin;
365 my $ip = inet_ntoa $addr;
367 if ($ip && length($ip) > 0) {
368 $result = $ip;
369 }
370 }
372 return $result;
373 }
376 #=== FUNCTION ================================================================
377 # NAME: get_local_mac_for_remote_ip
378 # PARAMETERS: none (takes server_ip from global variable)
379 # RETURNS: (ip address from interface that is used for communication)
380 # DESCRIPTION: Uses ioctl to get routing table from system, checks which entry
381 # matches (defaultroute last).
382 #===============================================================================
383 sub get_local_mac_for_remote_ip {
384 my $server_ip= shift;
385 my $result= "00:00:00:00:00:00";
387 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
388 my $PROC_NET_ROUTE= ('/proc/net/route');
390 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
391 or die "Could not open $PROC_NET_ROUTE";
393 my @ifs = <PROC_NET_ROUTE>;
395 close(PROC_NET_ROUTE);
397 # Eat header line
398 shift @ifs;
399 chomp @ifs;
400 foreach my $line(@ifs) {
401 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
402 my $destination;
403 my $mask;
404 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
405 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
406 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
407 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
408 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
409 # destination matches route, save mac and exit
410 $result= &get_mac($Iface);
411 last;
412 }
413 }
414 } else {
415 daemon_log("get_local_mac_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
416 }
417 return $result;
418 }
420 sub get_local_ip_for_remote_ip {
421 my $server_ip= shift;
422 my $result="0.0.0.0";
424 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
425 if($server_ip eq "127.0.0.1") {
426 $result="127.0.0.1";
427 } else {
428 my $PROC_NET_ROUTE= ('/proc/net/route');
430 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
431 or die "Could not open $PROC_NET_ROUTE";
433 my @ifs = <PROC_NET_ROUTE>;
435 close(PROC_NET_ROUTE);
437 # Eat header line
438 shift @ifs;
439 chomp @ifs;
440 foreach my $line(@ifs) {
441 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
442 my $destination;
443 my $mask;
444 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
445 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
446 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
447 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
448 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
449 # destination matches route, save mac and exit
450 $result= &get_ip($Iface);
451 last;
452 }
453 }
454 }
455 } else {
456 daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
457 }
458 return $result;
459 }
461 sub new_ldap_config {
462 my ($msg_hash) = @_ ;
463 my $element;
464 my @ldap_uris;
465 my $ldap_base;
466 my @ldap_options;
467 my @pam_options;
468 my @nss_options;
469 my $goto_admin;
470 my $goto_secret;
471 my $admin_base= "";
472 my $department= "";
473 my $release= "";
474 my $unit_tag;
476 # Transform input into array
477 while ( my ($key, $value) = each(%$msg_hash) ) {
478 if ($key =~ /^(source|target|header)$/) {
479 next;
480 }
482 foreach $element (@$value) {
483 if ($key =~ /^ldap_uri$/) {
484 push (@ldap_uris, $element);
485 next;
486 }
487 if ($key =~ /^ldap_base$/) {
488 $ldap_base= $element;
489 next;
490 }
491 if ($key =~ /^goto_admin$/) {
492 $goto_admin= $element;
493 next;
494 }
495 if ($key =~ /^goto_secret$/) {
496 $goto_secret= $element;
497 next;
498 }
499 if ($key =~ /^ldap_cfg$/) {
500 push (@ldap_options, "$element");
501 next;
502 }
503 if ($key =~ /^pam_cfg$/) {
504 push (@pam_options, "$element");
505 next;
506 }
507 if ($key =~ /^nss_cfg$/) {
508 push (@nss_options, "$element");
509 next;
510 }
511 if ($key =~ /^admin_base$/) {
512 $admin_base= $element;
513 next;
514 }
515 if ($key =~ /^department$/) {
516 $department= $element;
517 next;
518 }
519 if ($key =~ /^unit_tag$/) {
520 $unit_tag= $element;
521 next;
522 }
523 if ($key =~ /^release$/) {
524 $release= $element;
525 next;
526 }
527 }
528 }
530 # Unit tagging enabled?
531 if (defined $unit_tag){
532 push (@pam_options, "pam_filter gosaUnitTag=$unit_tag");
533 push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag");
534 push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag");
535 }
537 # Setup ldap.conf
538 my $file1;
539 my $file2;
540 open(file1, "> $ldap_config");
541 print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
542 print file1 "URI";
543 foreach $element (@ldap_uris) {
544 print file1 " $element";
545 }
546 print file1 "\nBASE $ldap_base\n";
547 foreach $element (@ldap_options) {
548 print file1 "$element\n";
549 }
550 close (file1);
551 daemon_log("wrote $ldap_config", 5);
553 # Setup pam_ldap.conf / libnss_ldap.conf
554 open(file1, "> $pam_config");
555 open(file2, "> $nss_config");
556 print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
557 print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n";
558 print file1 "uri";
559 print file2 "uri";
560 foreach $element (@ldap_uris) {
561 print file1 " $element";
562 print file2 " $element";
563 }
564 print file1 "\nbase $ldap_base\n";
565 print file2 "\nbase $ldap_base\n";
566 foreach $element (@pam_options) {
567 print file1 "$element\n";
568 }
569 foreach $element (@nss_options) {
570 print file2 "$element\n";
571 }
572 close (file2);
573 daemon_log("wrote $nss_config", 5);
574 close (file1);
575 daemon_log("wrote $pam_config", 5);
577 # Create goto.secrets if told so - for compatibility reasons
578 if (defined $goto_admin){
579 open(file1, "> /etc/goto/secret");
580 close(file1);
581 chown(0,0, "/etc/goto/secret");
582 chmod(0600, "/etc/goto/secret");
583 open(file1, "> /etc/goto/secret");
584 print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n";
585 close(file1);
586 daemon_log("wrote /etc/goto/secret", 5);
587 }
591 # Write shell based config
592 my $cfg_name= dirname($ldap_config)."/ldap-shell.conf";
593 open(file1, "> $cfg_name");
594 print file1 "LDAP_BASE=\"$ldap_base\"\n";
595 print file1 "ADMIN_BASE=\"$admin_base\"\n";
596 print file1 "DEPARTMENT=\"$department\"\n";
597 print file1 "RELEASE=\"$release\"\n";
598 print file1 "UNIT_TAG=\"".(defined $unit_tag ? "$unit_tag" : "")."\"\n";
599 print file1 "UNIT_TAG_FILTER=\"".(defined $unit_tag ? "(gosaUnitTag=$unit_tag)" : "")."\"\n";
600 close(file1);
601 daemon_log("wrote $cfg_name", 5);
603 return;
605 }
608 sub generate_hw_digest {
609 my $hw_data;
610 foreach my $line (split /\n/, `cat /proc/bus/pci/devices`) {
611 $hw_data.= sprintf "%s", $line =~ /[^\s]+\s([^\s]+)\s.*/;
612 }
613 return(md5_base64($hw_data));
614 }
617 sub create_passwd {
618 my $new_passwd = "";
619 for(my $i=0; $i<31; $i++) {
620 $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))]
621 }
623 return $new_passwd;
624 }
627 sub get_server_addresses {
628 my $domain= shift;
629 my @result;
631 my $error = 0;
632 my $res = Net::DNS::Resolver->new;
633 my $query = $res->send("_gosad._tcp.".$domain, "SRV");
634 my @hits;
636 if ($query) {
637 foreach my $rr ($query->answer) {
638 push(@hits, $rr->target.":".$rr->port);
639 }
640 }
641 else {
642 #warn "query failed: ", $res->errorstring, "\n";
643 $error++;
644 }
646 if( $error == 0 ) {
647 foreach my $hit (@hits) {
648 my ($hit_name, $hit_port) = split(/:/, $hit);
650 my $address_query = $res->send($hit_name);
651 if( 1 == length($address_query->answer) ) {
652 foreach my $rr ($address_query->answer) {
653 push(@result, $rr->address.":".$hit_port);
654 }
655 }
656 }
657 }
659 # my $dig_cmd= 'dig +nocomments srv _gosad._tcp.'.$domain;
660 #
661 # my $output= `$dig_cmd 2>&1`;
662 # open (PIPE, "$dig_cmd 2>&1 |");
663 # while(<PIPE>) {
664 # chomp $_;
665 # # If it's not a comment
666 # if($_ =~ m/^[^;]/) {
667 # my @matches= split /\s+/;
668 #
669 # # Push hostname with port
670 # if($matches[3] eq 'SRV') {
671 # push @result, $matches[7].':'.$matches[6];
672 # } elsif ($matches[3] eq 'A') {
673 # my $i=0;
674 #
675 # # Substitute the hostname with the ip address of the matching A record
676 # foreach my $host (@result) {
677 # if ((split /\:/, $host)[0] eq $matches[0]) {
678 # $result[$i]= $matches[4].':'.(split /\:/, $host)[1];
679 # }
680 # $i++;
681 # }
682 # }
683 # }
684 # }
685 # close(PIPE);
686 return @result;
687 }
690 ##=== FUNCTION ================================================================
691 ## NAME: create_ciphering
692 ## PARAMETERS: passwd - string - used to create ciphering
693 ## RETURNS: cipher - object
694 ## DESCRIPTION: creates a Crypt::Rijndael::MODE_CBC object with passwd as key
695 ##===============================================================================
696 #sub create_ciphering {
697 # my ($passwd) = @_;
698 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
699 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
700 #
701 # #daemon_log("iv: $iv", 7);
702 # #daemon_log("key: $passwd", 7);
703 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
704 # $my_cipher->set_iv($iv);
705 # return $my_cipher;
706 #}
707 #
708 #
709 #sub create_ciphering {
710 # my ($passwd) = @_;
711 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
712 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
713 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
714 # $my_cipher->set_iv($iv);
715 # return $my_cipher;
716 #}
717 #
718 #
719 #sub encrypt_msg {
720 # my ($msg, $key) = @_;
721 # my $my_cipher = &create_ciphering($key);
722 # {
723 # use bytes;
724 # $msg = "\0"x(16-length($msg)%16).$msg;
725 # }
726 # $msg = $my_cipher->encrypt($msg);
727 # chomp($msg = &encode_base64($msg));
728 # # there are no newlines allowed inside msg
729 # $msg=~ s/\n//g;
730 # return $msg;
731 #}
732 #
733 #
734 #sub decrypt_msg {
735 # my ($msg, $key) = @_ ;
736 # $msg = &decode_base64($msg);
737 # my $my_cipher = &create_ciphering($key);
738 # $msg = $my_cipher->decrypt($msg);
739 # $msg =~ s/\0*//g;
740 # return $msg;
741 #}
744 #=== FUNCTION ================================================================
745 # NAME: send_msg_hash_to_target
746 # PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash
747 # PeerAddr string - socket address to send msg
748 # PeerPort string - socket port, if not included in socket address
749 # RETURNS: nothing
750 # DESCRIPTION: ????
751 #===============================================================================
752 sub send_msg_hash_to_target {
753 my ($msg_hash, $address, $encrypt_key) = @_ ;
754 my $msg = &create_xml_string($msg_hash);
755 my $header = @{$msg_hash->{'header'}}[0];
756 my $error = &send_msg_to_target($msg, $address, $encrypt_key, $header);
758 return $error;
759 }
762 sub send_msg_to_target {
763 my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
764 my $error = 0;
766 if( $msg_header ) {
767 $msg_header = "'$msg_header'-";
768 }
769 else {
770 $msg_header = "";
771 }
773 # encrypt xml msg
774 my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
776 # opensocket
777 my $socket = &open_socket($address);
778 if( !$socket ) {
779 daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1);
780 $error++;
781 }
783 if( $error == 0 ) {
784 # send xml msg
785 print $socket $crypted_msg."\n";
787 daemon_log("send ".$msg_header."msg to $address", 1);
788 daemon_log("message:\n$msg", 8);
790 }
792 # close socket in any case
793 if( $socket ) {
794 close $socket;
795 }
797 return $error;
798 }
801 sub open_socket {
802 my ($PeerAddr, $PeerPort) = @_ ;
803 if(defined($PeerPort)){
804 $PeerAddr = $PeerAddr.":".$PeerPort;
805 }
806 my $socket;
807 $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
808 Porto => "tcp",
809 Type => SOCK_STREAM,
810 Timeout => 5,
811 );
812 if(not defined $socket) {
813 return;
814 }
815 &daemon_log("open_socket: $PeerAddr", 7);
816 return $socket;
817 }
820 #=== FUNCTION ================================================================
821 # NAME: register_at_server
822 # PARAMETERS:
823 # RETURNS:
824 # DESCRIPTION:
825 #===============================================================================
826 sub register_at_gosa_si_server {
827 my ($kernel) = $_[KERNEL];
829 if( $REGISTERED_FLAG == 1 ) {
831 # create new passwd and ciphering object for client-server communication
832 $server_key = &create_passwd();
834 my $events = join( ", ", keys %{$event_hash} );
836 while(1) {
838 # fetch first gosa-si-server from @servers
839 my $server = shift(@servers);
840 if( !$server ) {
841 daemon_log("no gosa-si-server left in list of servers", 1);
842 daemon_log("unable to register at a gosa-si-server, force shutdown", 1);
843 exit(1);
844 }
846 # Check if our ip is resolvable - if not: don't try to register
847 my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
848 my $resolver= Net::DNS::Resolver->new;
849 my $dnsresult= $resolver->search($ip);
850 if(!defined($dnsresult)) {
851 &write_to_file("goto-dns-error:Could not resolve hostname for ip $ip", $fai_logpath);
852 exit(1);
853 }
855 # create registration msg
856 my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
857 my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
858 my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server);
859 &add_content2xml_hash($register_hash, "new_passwd", $server_key);
860 &add_content2xml_hash($register_hash, "mac_address", $local_mac);
861 &add_content2xml_hash($register_hash, "events", $events);
862 &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum);
864 # send xml hash to server with general server passwd
865 my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key);
866 if($res == 0) {
867 # Set fixed client address
868 $client_ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
869 $client_address= "$client_ip:$client_port";
870 last;
871 } else {
872 next;
873 }
874 }
875 daemon_log("waiting for msg 'register_at_gosa_si_server'",1);
876 # $kernel->delay_set('register_at_gosa_si_server', 180);
877 $kernel->delay_set('register_at_gosa_si_server', 5);
878 # clear old settings and set it again
879 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
880 }
881 return;
882 }
885 sub check_key_and_xml_validity {
886 my ($crypted_msg, $module_key) = @_;
887 #print STDERR "crypted_msg:$crypted_msg\n";
888 #print STDERR "modul_key:$module_key\n";
890 my $msg;
891 my $msg_hash;
892 eval{
893 $msg = &decrypt_msg($crypted_msg, $module_key);
894 &main::daemon_log("decrypted_msg: \n$msg", 8);
896 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
898 # check header
899 my $header_l = $msg_hash->{'header'};
900 if( 1 != @{$header_l} ) {
901 die 'no or more headers specified';
902 }
903 my $header = @{$header_l}[0];
904 if( 0 == length $header) {
905 die 'header has length 0';
906 }
908 # check source
909 my $source_l = $msg_hash->{'source'};
910 if( 1 != @{$source_l} ) {
911 die 'no or more sources specified';
912 }
913 my $source = @{$source_l}[0];
914 if( 0 == length $source) {
915 die 'source has length 0';
916 }
918 # check target
919 my $target_l = $msg_hash->{'target'};
920 if( 1 != @{$target_l} ) {
921 die 'no or more targets specified ';
922 }
923 my $target = @{$target_l}[0];
924 if( 0 == length $target) {
925 die 'target has length 0 ';
926 }
928 };
929 if($@) {
930 &main::daemon_log("WARNING: do not understand the message or msg is not gosa-si envelope conform:", 5);
931 &main::daemon_log("$@", 8);
932 }
934 return ($msg, $msg_hash);
935 }
938 sub import_events {
940 if (not -e $event_dir) {
941 daemon_log("ERROR: cannot find directory or directory is not readable: $event_dir", 1);
942 }
943 opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n";
945 while (defined (my $event = readdir (DIR))) {
946 if( $event eq "." || $event eq ".." ) { next; }
948 eval{ require $event; };
949 if( $@ ) {
950 daemon_log("ERROR: import of event module '$event' failed", 1);
951 daemon_log("$@", 8);
952 next;
953 }
955 $event =~ /(\S*?).pm$/;
956 my $event_module = $1;
957 my $events_l = eval( $1."::get_events()") ;
958 foreach my $event_name (@{$events_l}) {
959 $event_hash->{$event_name} = $event_module;
960 }
962 }
963 }
965 sub trigger_new_key {
966 my ($kernel) = $_[KERNEL] ;
968 my $msg = "<xml><header>new_key</header><source>$client_address</source><target>$client_address</target></xml>";
969 &send_msg_to_target($msg, $client_address, $server_key, 'new_key');
971 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
973 }
976 sub _start {
977 my ($kernel) = $_[KERNEL];
978 $kernel->alias_set('client_session');
979 $kernel->yield('register_at_gosa_si_server');
980 }
983 sub server_input {
984 my ($kernel, $heap, $input, $wheel) = @_[KERNEL, HEAP, ARG0, ARG1];
985 my $error = 0;
986 my $answer;
988 daemon_log("Incoming msg:\n$input\n", 8);
990 my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $server_key);
991 if( (!$msg) || (!$msg_hash) ) {
992 daemon_log("Deciphering of incoming msg failed", 5);
993 $error++;
994 }
997 ######################
998 # process incoming msg
999 if( $error == 0 ) {
1000 my $header = @{$msg_hash->{header}}[0];
1001 my $source = @{$msg_hash->{source}}[0];
1003 if( exists $event_hash->{$header} ) {
1004 # a event exists with the header as name
1005 daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5);
1006 no strict 'refs';
1007 $answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash);
1008 }
1009 else {
1010 daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 1);
1011 }
1012 }
1014 ########
1015 # answer
1016 if( $answer ) {
1017 # preprocessing
1018 if( $answer =~ "<header>registered</header>") {
1019 # set registered flag to true to stop sending further registered msgs
1020 $REGISTERED_FLAG = 0;
1021 }
1022 else {
1023 &send_msg_to_target($answer, $server_address, $server_key);
1024 }
1025 # postprocessing
1026 if( $answer =~ "<header>new_key</header>") {
1027 # set new key to global variable
1028 $answer =~ /<new_key>(\S*?)<\/new_key>/;
1029 my $new_key = $1;
1030 $server_key = $new_key;
1031 }
1032 }
1034 return;
1035 }
1037 #==== MAIN = main ==============================================================
1038 # parse commandline options
1039 Getopt::Long::Configure( "bundling" );
1040 GetOptions("h|help" => \&usage,
1041 "c|config=s" => \$cfg_file,
1042 "f|foreground" => \$foreground,
1043 "v|verbose+" => \$verbose,
1044 );
1046 # read and set config parameters
1047 &check_cmdline_param ;
1048 &read_configfile($cfg_file, %cfg_defaults);
1049 &check_pid;
1052 # forward error messages to logfile
1053 if ( ! $foreground ) {
1054 open STDIN, '/dev/null' or die "Can’t read /dev/null: $!";
1055 open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!";
1056 open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!";
1057 }
1059 # Just fork, if we are not in foreground mode
1060 if( ! $foreground ) {
1061 chdir '/' or die "Can't chdir to /: $!";
1062 $pid = fork;
1063 setsid or die "Can't start a new session: $!";
1064 umask 0;
1065 }
1066 else {
1067 $pid = $$;
1068 }
1070 # Do something useful - put our PID into the pid_file
1071 if( 0 != $pid ) {
1072 open( LOCK_FILE, ">$pid_file" );
1073 print LOCK_FILE "$pid\n";
1074 close( LOCK_FILE );
1075 if( !$foreground ) {
1076 exit( 0 )
1077 };
1078 }
1080 daemon_log(" ", 1);
1081 daemon_log("$0 started!", 1);
1083 # delete old DBsqlite lock files
1084 system('rm -f /tmp/gosa_si_lock*gosa-si-client*');
1086 # detect ip and mac address and complete host address
1087 $client_address = $client_ip.":".$client_port;
1088 my $network_interface= &get_interface_for_ip($client_ip);
1089 $client_mac_address= &get_mac($network_interface);
1090 daemon_log("gosa-si-client ip address detected: $client_ip", 1);
1091 daemon_log("gosa-si-client mac address detected: $client_mac_address", 1);
1094 # import events
1095 &import_events();
1098 # compute hardware checksum
1099 $gotoHardwareChecksum= &generate_hw_digest();
1100 daemon_log("gosa-si-client gotoHardwareChecksum detected: $gotoHardwareChecksum", 1);
1103 # create socket for incoming xml messages
1104 POE::Component::Server::TCP->new(
1105 Alias => 'gosa-si-client',
1106 Port => $client_port,
1107 ClientInput => \&server_input,
1108 );
1109 daemon_log("start socket for incoming xml messages at port '$client_port' ", 1);
1112 # prepare variables
1113 if (defined $server_ip && defined $server_port) {
1114 $server_address = $server_ip.":".$server_port;
1115 }
1116 $xml = new XML::Simple();
1117 $default_server_key = $server_key;
1120 # add gosa-si-server address from config file at first position of server list
1121 if (defined $server_address) {
1122 unshift(@servers, $server_address);
1123 my $servers_string = join(", ", @servers);
1124 daemon_log("found servers in configuration file: $servers_string", 5);
1125 }
1126 else {
1127 if ( !$server_domain) {
1128 daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
1129 exit( 1 );
1130 }
1131 my @tmp_servers = &get_server_addresses($server_domain);
1132 foreach my $server (@tmp_servers) {
1133 unshift(@servers, $server);
1134 }
1135 my $servers_string = join(", ", @servers);
1136 daemon_log("found servers in DNS: $servers_string", 5);
1137 }
1142 POE::Session->create(
1143 inline_states => {
1144 _start => \&_start,
1145 register_at_gosa_si_server => \®ister_at_gosa_si_server,
1146 trigger_new_key => \&trigger_new_key,
1147 }
1148 );
1150 POE::Kernel->run();
1151 exit;