bde1ce2522f48dfc476788828ab0f8aa4da0b0d3
1 #!/usr/bin/perl
2 #===============================================================================
3 #
4 # FILE: gosa-server
5 #
6 # USAGE: gosa-si-client
7 #
8 # DESCRIPTION:
9 #
10 # OPTIONS: ---
11 # REQUIREMENTS: libnetaddr-ip-perl
12 # BUGS: ---
13 # NOTES:
14 # AUTHOR: (Andreas Rettenberger), <rettenberger@gonicus.de>
15 # COMPANY:
16 # VERSION: 1.0
17 # CREATED: 12.09.2007 08:54:41 CEST
18 # REVISION: ---
19 #===============================================================================
21 use strict;
22 use warnings;
23 use utf8;
24 use Getopt::Long;
25 use Config::IniFiles;
26 use POSIX;
27 use Time::HiRes qw( gettimeofday );
29 use POE qw(Component::Server::TCP Wheel::FollowTail);
30 use IO::Socket::INET;
31 use NetAddr::IP;
32 use Data::Dumper;
33 use Crypt::Rijndael;
34 use GOSA::GosaSupportDaemon;
35 use Digest::MD5 qw(md5_hex md5 md5_base64);
36 use MIME::Base64;
37 use XML::Simple;
38 use Net::DNS;
39 use File::Basename;
41 my $event_dir = "/usr/lib/gosa-si/client/events";
42 use lib "/usr/lib/gosa-si/client/events";
44 my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $opts_file, $procid, $pid, $log_file, $fai_logpath);
45 my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain, $server_key_lifetime);
46 my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
47 my $xml;
48 my $default_server_key;
49 my $event_hash;
50 my @servers;
51 my $gotoHardwareChecksum;
52 my $gosa_si_client_fifo;
53 my %files_to_watch;
54 $verbose= 1;
56 # globalise variables which are used in imported events
57 our $cfg_file;
58 our $server_address;
59 our $client_address;
60 our $server_key;
62 # default variables
63 our $REGISTERED = 0;
65 # path to fifo for non-gosa-si-client messages to gosa-si-server
66 $gosa_si_client_fifo = "/var/run/gosa-si-client.socket";
67 %files_to_watch = (fifo => $gosa_si_client_fifo);
69 # in function register_at_gosa_si_server, after which period of seconds a new registration should be tried if a registration was
70 # not successful until now
71 my $delay_set_time = 5;
72 our $prg= basename($0);
74 %cfg_defaults = (
75 "general" =>
76 {"log-file" => [\$log_file, "/var/run/".$prg.".log"],
77 "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"],
78 "opts-file" => [\$opts_file, "/var/run/".$prg.".opts"],
79 },
80 "client" =>
81 {"port" => [\$client_port, "20083"],
82 "ip" => [\$client_ip, "0.0.0.0"],
83 "mac-address" => [\$client_mac_address, "00:00:00:00:00:00"],
84 "server-domain" => [\$server_domain, ""],
85 "ldap" => [\$ldap_enabled, 1],
86 "ldap-config" => [\$ldap_config, "/etc/ldap/ldap.conf"],
87 "pam-config" => [\$pam_config, "/etc/pam_ldap.conf"],
88 "nss-config" => [\$nss_config, "/etc/libnss_ldap.conf"],
89 "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"],
90 },
91 "server" => {
92 "ip" => [\$server_ip, "127.0.0.1"],
93 "port" => [\$server_port, "20081"],
94 "key" => [\$server_key, ""],
95 "timeout" => [\$server_timeout, 10],
96 "key-lifetime" => [\$server_key_lifetime, 600],
97 },
99 );
102 #=== FUNCTIONS = functions =====================================================
104 #=== FUNCTION ================================================================
105 # NAME: check_cmdline_param
106 # PARAMETERS:
107 # RETURNS:
108 # DESCRIPTION:
109 #===============================================================================
110 sub check_cmdline_param () {
111 my $err_config;
112 my $err_counter = 0;
113 if(not defined($cfg_file)) {
114 $cfg_file = "/etc/gosa-si/client.conf";
115 if(! -r $cfg_file) {
116 $err_config = "please specify a config file";
117 $err_counter += 1;
118 }
119 }
120 if( $err_counter > 0 ) {
121 &usage( "", 1 );
122 if( defined( $err_config)) { print STDERR "$err_config\n"}
123 print STDERR "\n";
124 exit( -1 );
125 }
126 }
129 #=== FUNCTION ================================================================
130 # NAME: read_configfile
131 # PARAMETERS: cfg_file - string -
132 # RETURNS:
133 # DESCRIPTION:
134 #===============================================================================
135 sub read_configfile {
136 my ($cfg_file, %cfg_defaults) = @_ ;
137 my $cfg;
138 if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
139 if( -r $cfg_file ) {
140 $cfg = Config::IniFiles->new( -file => $cfg_file );
141 } else {
142 print STDERR "Couldn't read config file!";
143 }
144 } else {
145 $cfg = Config::IniFiles->new() ;
146 }
147 foreach my $section (keys %cfg_defaults) {
148 foreach my $param (keys %{$cfg_defaults{ $section }}) {
149 my $pinfo = $cfg_defaults{ $section }{ $param };
150 ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
151 }
152 }
153 }
156 #=== FUNCTION ================================================================
157 # NAME: check_pid
158 # PARAMETERS:
159 # RETURNS:
160 # DESCRIPTION:
161 #===============================================================================
162 sub check_pid {
163 $pid = -1;
164 # Check, if we are already running
165 if( open(LOCK_FILE, "<$pid_file") ) {
166 $pid = <LOCK_FILE>;
167 if( defined $pid ) {
168 chomp( $pid );
169 if( -f "/proc/$pid/stat" ) {
170 my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
171 if( $0 eq $stat ) {
172 close( LOCK_FILE );
173 exit -1;
174 }
175 }
176 }
177 close( LOCK_FILE );
178 unlink( $pid_file );
179 }
181 # create a syslog msg if it is not to possible to open PID file
182 if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
183 my($msg) = "Couldn't obtain lockfile '$pid_file' ";
184 if (open(LOCK_FILE, '<', $pid_file)
185 && ($pid = <LOCK_FILE>))
186 {
187 chomp($pid);
188 $msg .= "(PID $pid)\n";
189 } else {
190 $msg .= "(unable to read PID)\n";
191 }
192 if( ! ($foreground) ) {
193 openlog( $0, "cons,pid", "daemon" );
194 syslog( "warning", $msg );
195 closelog();
196 }
197 else {
198 print( STDERR " $msg " );
199 }
200 exit( -1 );
201 }
202 }
205 sub sig_int_handler {
206 my ($signal) = @_;
208 daemon_log("shutting down gosa-si-server", 1);
209 exit(1);
210 }
211 $SIG{INT} = \&sig_int_handler;
214 #=== FUNCTION ================================================================
215 # NAME: logging
216 # PARAMETERS: level - string - default 'info'
217 # msg - string -
218 # facility - string - default 'LOG_DAEMON'
219 # RETURNS:
220 # DESCRIPTION:
221 #===============================================================================
222 sub daemon_log {
223 # log into log_file
224 my( $msg, $level ) = @_;
225 if(not defined $msg) { return }
226 if(not defined $level) { $level = 1 }
227 if(defined $log_file){
228 open(LOG_HANDLE, ">>$log_file");
229 if(not defined open( LOG_HANDLE, ">>$log_file" )) {
230 print STDERR "cannot open $log_file: $!";
231 return }
232 chomp($msg);
233 if($level <= $verbose){
234 my ($seconds, $minutes, $hours, $monthday, $month,
235 $year, $weekday, $yearday, $sommertime) = localtime(time);
236 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
237 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
238 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
239 my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
240 $month = $monthnames[$month];
241 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
242 $year+=1900;
244 my $log_msg = "$month $monthday $hours:$minutes:$seconds $prg $msg\n";
245 print LOG_HANDLE $log_msg;
246 if( $foreground ) {
247 print STDERR $log_msg;
248 }
249 }
250 close( LOG_HANDLE );
251 }
252 #log into syslog
253 # my ($msg, $level, $facility) = @_;
254 # if(not defined $msg) {return}
255 # if(not defined $level) {$level = "info"}
256 # if(not defined $facility) {$facility = "LOG_DAEMON"}
257 # openlog($0, "pid,cons,", $facility);
258 # syslog($level, $msg);
259 # closelog;
260 # return;
261 }
264 #=== FUNCTION ================================================================
265 # NAME: get_interfaces
266 # PARAMETERS: none
267 # RETURNS: (list of interfaces)
268 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
269 #===============================================================================
270 sub get_interfaces {
271 my @result;
272 my $PROC_NET_DEV= ('/proc/net/dev');
274 open(PROC_NET_DEV, "<$PROC_NET_DEV")
275 or die "Could not open $PROC_NET_DEV";
277 my @ifs = <PROC_NET_DEV>;
279 close(PROC_NET_DEV);
281 # Eat first two line
282 shift @ifs;
283 shift @ifs;
285 chomp @ifs;
286 foreach my $line(@ifs) {
287 my $if= (split /:/, $line)[0];
288 $if =~ s/^\s+//;
289 push @result, $if;
290 }
292 return @result;
293 }
295 #=== FUNCTION ================================================================
296 # NAME: get_mac
297 # PARAMETERS: interface name (i.e. eth0)
298 # RETURNS: (mac address)
299 # DESCRIPTION: Uses ioctl to get mac address directly from system.
300 #===============================================================================
301 sub get_mac {
302 my $ifreq= shift;
303 my $result;
304 if ($ifreq && length($ifreq) > 0) {
305 if($ifreq eq "all") {
306 if(defined($server_ip)) {
307 $result = &get_local_mac_for_remote_ip($server_ip);
308 }
309 elsif ($client_mac_address && length($client_mac_address) > 0 && !($client_mac_address eq "00:00:00:00:00:00")){
310 $result = &client_mac_address;
311 }
312 else {
313 $result = "00:00:00:00:00:00";
314 }
315 } else {
316 my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list
318 # A configured MAC Address should always override a guessed value
319 if ($client_mac_address and length($client_mac_address) > 0 and not($client_mac_address eq "00:00:00:00:00:00")) {
320 $result= $client_mac_address;
321 }
322 else {
323 socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
324 or die "socket: $!";
326 if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
327 my ($if, $mac)= unpack 'h36 H12', $ifreq;
329 if (length($mac) > 0) {
330 $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
331 $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
332 $result = $mac;
333 }
334 }
335 }
336 }
337 }
338 return $result;
339 }
342 #=== FUNCTION ================================================================
343 # NAME: get_interface_for_ip
344 # PARAMETERS: ip address (i.e. 192.168.0.1)
345 # RETURNS: array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else
346 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
347 #===============================================================================
348 sub get_interface_for_ip {
349 my $result;
350 my $ip= shift;
351 if ($ip && length($ip) > 0) {
352 my @ifs= &get_interfaces();
353 if($ip eq "0.0.0.0") {
354 $result = "all";
355 } else {
356 foreach (@ifs) {
357 my $if=$_;
358 if(get_ip($if) eq $ip) {
359 $result = $if;
360 last;
361 }
362 }
363 }
364 }
365 return $result;
366 }
369 #=== FUNCTION ================================================================
370 # NAME: get_ip
371 # PARAMETERS: interface name (i.e. eth0)
372 # RETURNS: (ip address)
373 # DESCRIPTION: Uses ioctl to get ip address directly from system.
374 #===============================================================================
375 sub get_ip {
376 my $ifreq= shift;
377 my $result= "";
378 my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
379 my $proto= getprotobyname('ip');
381 socket SOCKET, PF_INET, SOCK_DGRAM, $proto
382 or die "socket: $!";
384 if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
385 my ($if, $sin) = unpack 'a16 a16', $ifreq;
386 my ($port, $addr) = sockaddr_in $sin;
387 my $ip = inet_ntoa $addr;
389 if ($ip && length($ip) > 0) {
390 $result = $ip;
391 }
392 }
394 return $result;
395 }
398 #=== FUNCTION ================================================================
399 # NAME: get_local_mac_for_remote_ip
400 # PARAMETERS: none (takes server_ip from global variable)
401 # RETURNS: (ip address from interface that is used for communication)
402 # DESCRIPTION: Uses ioctl to get routing table from system, checks which entry
403 # matches (defaultroute last).
404 #===============================================================================
405 sub get_local_mac_for_remote_ip {
406 my $server_ip= shift;
407 my $result= "00:00:00:00:00:00";
409 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
410 my $PROC_NET_ROUTE= ('/proc/net/route');
412 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
413 or die "Could not open $PROC_NET_ROUTE";
415 my @ifs = <PROC_NET_ROUTE>;
417 close(PROC_NET_ROUTE);
419 # Eat header line
420 shift @ifs;
421 chomp @ifs;
422 foreach my $line(@ifs) {
423 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
424 my $destination;
425 my $mask;
426 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
427 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
428 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
429 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
430 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
431 # destination matches route, save mac and exit
432 $result= &get_mac($Iface);
433 last;
434 }
435 }
436 } else {
437 daemon_log("get_local_mac_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
438 }
439 return $result;
440 }
442 sub get_local_ip_for_remote_ip {
443 my $server_ip= shift;
444 my $result="0.0.0.0";
446 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
447 if($server_ip eq "127.0.0.1") {
448 $result="127.0.0.1";
449 } else {
450 my $PROC_NET_ROUTE= ('/proc/net/route');
452 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
453 or die "Could not open $PROC_NET_ROUTE";
455 my @ifs = <PROC_NET_ROUTE>;
457 close(PROC_NET_ROUTE);
459 # Eat header line
460 shift @ifs;
461 chomp @ifs;
462 foreach my $line(@ifs) {
463 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
464 my $destination;
465 my $mask;
466 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
467 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
468 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
469 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
470 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
471 # destination matches route, save mac and exit
472 $result= &get_ip($Iface);
473 last;
474 }
475 }
476 }
477 } else {
478 daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
479 }
480 return $result;
481 }
484 sub generate_hw_digest {
485 my $hw_data;
486 foreach my $line (split /\n/, `cat /proc/bus/pci/devices`) {
487 $hw_data.= sprintf "%s", $line =~ /[^\s]+\s([^\s]+)\s.*/;
488 }
489 return(md5_base64($hw_data));
490 }
493 sub create_passwd {
494 my $new_passwd = "";
495 for(my $i=0; $i<31; $i++) {
496 $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))]
497 }
499 return $new_passwd;
500 }
503 sub create_ciphering {
504 my ($passwd) = @_;
505 if((!defined($passwd)) || length($passwd)==0) {
506 $passwd = "";
507 }
508 $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
509 my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
510 my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
511 $my_cipher->set_iv($iv);
512 return $my_cipher;
513 }
516 sub encrypt_msg {
517 my ($msg, $key) = @_;
518 my $my_cipher = &create_ciphering($key);
519 {
520 use bytes;
521 $msg = "\0"x(16-length($msg)%16).$msg;
522 }
523 $msg = $my_cipher->encrypt($msg);
524 chomp($msg = &encode_base64($msg));
525 # there are no newlines allowed inside msg
526 $msg=~ s/\n//g;
527 return $msg;
528 }
531 sub decrypt_msg {
533 my ($msg, $key) = @_ ;
534 $msg = &decode_base64($msg);
535 my $my_cipher = &create_ciphering($key);
536 $msg = $my_cipher->decrypt($msg);
537 $msg =~ s/\0*//g;
538 return $msg;
539 }
542 sub get_server_addresses {
543 my $domain= shift;
544 my @result;
546 my $error = 0;
547 my $res = Net::DNS::Resolver->new;
548 my $query = $res->send("_gosa-si._tcp.".$domain, "SRV");
549 my @hits;
551 if ($query) {
552 foreach my $rr ($query->answer) {
553 push(@hits, $rr->target.":".$rr->port);
554 }
555 }
556 else {
557 #warn "query failed: ", $res->errorstring, "\n";
558 $error++;
559 }
561 if( $error == 0 ) {
562 foreach my $hit (@hits) {
563 my ($hit_name, $hit_port) = split(/:/, $hit);
564 chomp($hit_name);
565 chomp($hit_port);
567 my $address_query = $res->send($hit_name);
568 if( 1 == length($address_query->answer) ) {
569 foreach my $rr ($address_query->answer) {
570 push(@result, $rr->address.":".$hit_port);
571 }
572 }
573 }
574 }
576 # my $dig_cmd= 'dig +nocomments srv _gosa-si._tcp.'.$domain;
577 #
578 # my $output= `$dig_cmd 2>&1`;
579 # open (PIPE, "$dig_cmd 2>&1 |");
580 # while(<PIPE>) {
581 # chomp $_;
582 # # If it's not a comment
583 # if($_ =~ m/^[^;]/) {
584 # my @matches= split /\s+/;
585 #
586 # # Push hostname with port
587 # if($matches[3] eq 'SRV') {
588 # push @result, $matches[7].':'.$matches[6];
589 # } elsif ($matches[3] eq 'A') {
590 # my $i=0;
591 #
592 # # Substitute the hostname with the ip address of the matching A record
593 # foreach my $host (@result) {
594 # if ((split /\:/, $host)[0] eq $matches[0]) {
595 # $result[$i]= $matches[4].':'.(split /\:/, $host)[1];
596 # }
597 # $i++;
598 # }
599 # }
600 # }
601 # }
602 # close(PIPE);
603 return @result;
604 }
607 ##=== FUNCTION ================================================================
608 ## NAME: create_ciphering
609 ## PARAMETERS: passwd - string - used to create ciphering
610 ## RETURNS: cipher - object
611 ## DESCRIPTION: creates a Crypt::Rijndael::MODE_CBC object with passwd as key
612 ##===============================================================================
613 #sub create_ciphering {
614 # my ($passwd) = @_;
615 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
616 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
617 #
618 # #daemon_log("iv: $iv", 7);
619 # #daemon_log("key: $passwd", 7);
620 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
621 # $my_cipher->set_iv($iv);
622 # return $my_cipher;
623 #}
624 #
625 #
626 #sub create_ciphering {
627 # my ($passwd) = @_;
628 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
629 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
630 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
631 # $my_cipher->set_iv($iv);
632 # return $my_cipher;
633 #}
634 #
635 #
636 #sub encrypt_msg {
637 # my ($msg, $key) = @_;
638 # my $my_cipher = &create_ciphering($key);
639 # {
640 # use bytes;
641 # $msg = "\0"x(16-length($msg)%16).$msg;
642 # }
643 # $msg = $my_cipher->encrypt($msg);
644 # chomp($msg = &encode_base64($msg));
645 # # there are no newlines allowed inside msg
646 # $msg=~ s/\n//g;
647 # return $msg;
648 #}
649 #
650 #
651 #sub decrypt_msg {
652 # my ($msg, $key) = @_ ;
653 # $msg = &decode_base64($msg);
654 # my $my_cipher = &create_ciphering($key);
655 # $msg = $my_cipher->decrypt($msg);
656 # $msg =~ s/\0*//g;
657 # return $msg;
658 #}
661 #=== FUNCTION ================================================================
662 # NAME: send_msg_hash_to_target
663 # PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash
664 # PeerAddr string - socket address to send msg
665 # PeerPort string - socket port, if not included in socket address
666 # RETURNS: nothing
667 # DESCRIPTION: ????
668 #===============================================================================
669 sub send_msg_hash_to_target {
670 my ($msg_hash, $address, $encrypt_key) = @_ ;
671 my $msg = &create_xml_string($msg_hash);
672 my $header = @{$msg_hash->{'header'}}[0];
673 my $error = &send_msg_to_target($msg, $address, $encrypt_key, $header);
675 return $error;
676 }
679 sub send_msg_to_target {
680 my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
681 my $error = 0;
683 if( $msg_header ) {
684 $msg_header = "'$msg_header'-";
685 }
686 else {
687 $msg_header = "";
688 }
690 # encrypt xml msg
691 my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
693 # opensocket
694 my $socket = &open_socket($address);
695 if( !$socket ) {
696 daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1);
697 $error++;
698 }
700 if( $error == 0 ) {
701 # send xml msg
702 print $socket $crypted_msg."\n";
704 daemon_log("send ".$msg_header."msg to $address", 1);
705 daemon_log("message:\n$msg", 8);
707 }
709 # close socket in any case
710 if( $socket ) {
711 close $socket;
712 }
714 return $error;
715 }
718 sub write_to_file {
719 my ($string, $file) = @_;
720 my $error = 0;
722 if( not defined $file || not -f $file ) {
723 &main::daemon_log("ERROR: $prg: check '-f file' failed: $file", 1);
724 $error++;
725 }
726 if( not defined $string || 0 == length($string)) {
727 &main::daemon_log("ERROR: $prg: empty string to write to file '$file'", 1);
728 $error++;
729 }
731 if( $error == 0 ) {
733 chomp($string);
735 open(FILE, ">> $file");
736 print FILE $string."\n";
737 close(FILE);
738 }
740 return;
741 }
744 sub open_socket {
745 my ($PeerAddr, $PeerPort) = @_ ;
746 if(defined($PeerPort)){
747 $PeerAddr = $PeerAddr.":".$PeerPort;
748 }
749 my $socket;
750 $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
751 Porto => "tcp",
752 Type => SOCK_STREAM,
753 Timeout => 5,
754 );
755 if(not defined $socket) {
756 return;
757 }
758 &daemon_log("open_socket: $PeerAddr", 7);
759 return $socket;
760 }
763 #=== FUNCTION ================================================================
764 # NAME: register_at_server
765 # PARAMETERS:
766 # RETURNS:
767 # DESCRIPTION:
768 #===============================================================================
769 sub register_at_gosa_si_server {
770 my ($kernel) = $_[KERNEL];
771 my $try_to_register = 0;
773 if( not $REGISTERED ) {
774 # create new passwd and ciphering object for client-server communication
775 $server_key = &create_passwd();
777 my $events = join( ", ", keys %{$event_hash} );
778 while(1) {
780 if( $try_to_register >= @servers ) {
781 last;
782 }
784 # fetch first gosa-si-server from @servers
785 my $server = shift(@servers);
787 # append shifted gosa-si-server at the end of @servers, so looking for servers never stop if
788 # a registration never occured
789 push( @servers, $server );
791 # Check if our ip is resolvable - if not: don't try to register
792 my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
793 my $resolver= Net::DNS::Resolver->new;
794 my $dnsresult= $resolver->search($ip);
795 my $dnsname="";
796 if(!defined($dnsresult)) {
797 &write_to_file("goto-error-dns:$ip", $fai_logpath);
798 exit(1);
799 } else {
800 $dnsname=$dnsresult->{answer}[0]->{ptrdname};
801 }
803 # create registration msg
804 my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
805 my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
806 my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server);
807 &add_content2xml_hash($register_hash, "new_passwd", $server_key);
808 &add_content2xml_hash($register_hash, "mac_address", $local_mac);
809 &add_content2xml_hash($register_hash, "events", $events);
810 &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum);
812 # send xml hash to server with general server passwd
813 my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key);
814 if($res == 0) {
815 # reset try_to_register
816 $try_to_register = 0;
818 # Set fixed client address
819 $client_ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
820 $client_address= "$client_ip:$client_port";
822 # Write the MAC address to file
823 if(stat($opts_file)) {
824 unlink($opts_file);
825 }
826 my $opts_file_FH;
827 my $hostname= $dnsname;
828 $hostname =~ s/\..*$//;
829 open($opts_file_FH, ">$opts_file");
830 print $opts_file_FH "MAC=\"$local_mac\"\n";
831 print $opts_file_FH "IPADDRESS=\"$client_ip\"\n";
832 print $opts_file_FH "HOSTNAME=\"$hostname\"\n";
833 print $opts_file_FH "FQDN=\"$dnsname\"\n";
834 close($opts_file_FH);
835 last;
836 } else {
837 $try_to_register++;
838 # wait 1 sec until trying to register again
839 sleep(1);
840 next;
841 }
842 }
844 if( $try_to_register >= @servers ) {
845 &write_to_file("gosa-si-no-server-available", $fai_logpath);
846 $kernel->delay_set('register_at_gosa_si_server', $delay_set_time);
847 }
848 else {
849 daemon_log("waiting for msg 'register_at_gosa_si_server'",1);
850 $kernel->delay_set('register_at_gosa_si_server', $delay_set_time);
851 # clear old settings and set it again
852 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
853 }
854 }
855 return;
856 }
859 sub check_key_and_xml_validity {
860 my ($crypted_msg, $module_key) = @_;
862 my $msg;
863 my $msg_hash;
864 eval{
865 $msg = &decrypt_msg($crypted_msg, $module_key);
866 &main::daemon_log("decrypted_msg: \n$msg", 8);
868 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
870 ##############
871 # check header
872 my $header_l = $msg_hash->{'header'};
873 if( 1 != @{$header_l} ) {
874 die 'no or more headers specified';
875 }
876 my $header = @{$header_l}[0];
877 if( 0 == length $header) {
878 die 'header has length 0';
879 }
881 ##############
882 # check source
883 my $source_l = $msg_hash->{'source'};
884 if( 1 != @{$source_l} ) {
885 die 'no or more than 1 sources specified';
886 }
887 my $source = @{$source_l}[0];
888 if( 0 == length $source) {
889 die 'source has length 0';
890 }
891 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) {
892 die "source '$source' is neither a complete ip-address with port nor 'GOSA'";
893 }
895 ##############
896 # check target
897 my $target_l = $msg_hash->{'target'};
898 if( 1 != @{$target_l} ) {
899 die 'no or more than 1 targets specified ';
900 }
901 my $target = @{$target_l}[0];
902 if( 0 == length $target) {
903 die 'target has length 0 ';
904 }
905 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ){
906 die "source is neither a complete ip-address with port nor 'GOSA'";
907 }
908 };
909 if($@) {
910 &main::daemon_log("WARNING: do not understand the message or msg is not gosa-si envelope conform:", 5);
911 &main::daemon_log("$@", 8);
912 $msg = undef;
913 $msg_hash = undef;
914 }
916 return ($msg, $msg_hash);
917 }
920 sub check_outgoing_xml_validity {
921 my ($msg) = @_;
923 my $msg_hash;
924 eval{
925 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
927 ##############
928 # check header
929 my $header_l = $msg_hash->{'header'};
930 if( 1 != @{$header_l} ) {
931 die 'no or more than one headers specified';
932 }
933 my $header = @{$header_l}[0];
934 if( 0 == length $header) {
935 die 'header has length 0';
936 }
938 ##############
939 # check source
940 my $source_l = $msg_hash->{'source'};
941 if( 1 != @{$source_l} ) {
942 die 'no or more than 1 sources specified';
943 }
944 my $source = @{$source_l}[0];
945 if( 0 == length $source) {
946 die 'source has length 0';
947 }
948 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
949 $source =~ /^GOSA$/i ) {
950 die "source '$source' is neither a complete ip-address with port";
951 }
953 ##############
954 # check target
955 my $target_l = $msg_hash->{'target'};
956 if( 1 != @{$target_l} ) {
957 die "no or more than one targets specified";
958 }
959 foreach my $target (@$target_l) {
960 if( 0 == length $target) {
961 die "target has length 0";
962 }
963 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) {
964 die "target '$target' is not a complete ip-address with port or a valid target name";
965 }
966 }
967 };
968 if($@) {
969 daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5);
970 daemon_log("$@ $msg", 8);
971 $msg_hash = undef;
972 }
973 return ($msg_hash);
974 }
977 sub import_events {
979 if (not -e $event_dir) {
980 daemon_log("ERROR: cannot find directory or directory is not readable: $event_dir", 1);
981 }
982 opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n";
984 while (defined (my $event = readdir (DIR))) {
985 if( $event eq "." || $event eq ".." ) { next; }
987 eval{ require $event; };
988 if( $@ ) {
989 daemon_log("ERROR: import of event module '$event' failed", 1);
990 daemon_log("$@", 8);
991 next;
992 }
994 $event =~ /(\S*?).pm$/;
995 my $event_module = $1;
996 my $events_l = eval( $1."::get_events()") ;
997 foreach my $event_name (@{$events_l}) {
998 $event_hash->{$event_name} = $event_module;
999 }
1001 }
1003 my @all_events = keys %$event_hash;
1004 my $all_events_string = join(", ", @all_events);
1006 daemon_log("INFO: imported events: $all_events_string", 5);
1007 }
1009 sub trigger_new_key {
1010 my ($kernel) = $_[KERNEL] ;
1012 my $msg = "<xml><header>new_key</header><source>$client_address</source><target>$client_address</target></xml>";
1013 &send_msg_to_target($msg, $client_address, $server_key, 'new_key');
1015 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
1017 }
1020 sub generic_file_reset {
1021 my ( $heap, $wheel_id ) = @_[ HEAP, ARG0 ];
1023 my $service = $heap->{services}->{$wheel_id};
1024 daemon_log("INFO: '$service' watching reset", 5);
1025 return;
1026 }
1028 sub generic_file_error {
1029 my ( $heap, $operation, $errno, $error_string, $wheel_id ) =
1030 @_[ HEAP, ARG0, ARG1, ARG2, ARG3 ];
1032 my $service = $heap->{services}->{$wheel_id};
1033 daemon_log("ERROR: '$service' watcher $operation error $errno: $error_string", 1);
1034 daemon_log("ERROR: shutting down '$service' file watcher", 1);
1036 delete $heap->{services}->{$wheel_id};
1037 delete $heap->{watchers}->{$wheel_id};
1038 return;
1039 }
1041 sub fifo_got_record {
1042 my $file_record = $_[ARG0];
1043 my $header;
1044 my $content = "";
1046 $file_record =~ /^(\S+)[ ]?([\s\S]+)?$/;
1047 if( defined $1 ) {
1048 $header = $1;
1049 } else {
1050 return;
1051 }
1053 if( defined $2 ) {
1054 $content = $2;
1055 }
1057 my $clmsg_hash = &create_xml_hash("CLMSG_$header", $client_address, $server_address, $content);
1058 &add_content2xml_hash($clmsg_hash, "macaddress", $client_mac_address);
1059 my $clmsg = &create_xml_string($clmsg_hash);
1060 &send_msg_to_target($clmsg, $server_address, $server_key);
1061 return;
1062 }
1065 sub _start {
1066 my ($kernel, $heap) = @_[KERNEL, HEAP];
1067 $kernel->alias_set('client_session');
1069 # force a registration at a gosa-si-server
1070 $kernel->yield('register_at_gosa_si_server');
1072 # install all file watcher defined
1073 while( my($file_name, $file) = each %files_to_watch ) {
1074 my $file_watcher = POE::Wheel::FollowTail->new(
1075 Filename => $file,
1076 InputEvent => $file_name."_record",
1077 ResetEvent => "file_reset",
1078 ErrorEvent => "file_error",
1079 );
1080 $heap->{services}->{ $file_watcher->ID } = $file_name;
1081 $heap->{watchers}->{ $file_watcher->ID } = $file_watcher;
1082 }
1083 }
1086 sub server_input {
1087 my ($kernel, $heap, $input, $wheel) = @_[KERNEL, HEAP, ARG0, ARG1];
1088 my $error = 0;
1089 my $answer;
1091 daemon_log("Incoming msg:\n$input\n", 8);
1093 my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $server_key);
1094 if( (!$msg) || (!$msg_hash) ) {
1095 daemon_log("Deciphering of incoming msg failed", 5);
1096 $error++;
1097 }
1100 ######################
1101 # process incoming msg
1102 if( $error == 0 ) {
1103 my $header = @{$msg_hash->{header}}[0];
1104 my $source = @{$msg_hash->{source}}[0];
1106 if( exists $event_hash->{$header} ) {
1107 # a event exists with the header as name
1108 daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5);
1109 no strict 'refs';
1110 $answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash);
1111 }
1112 else {
1113 daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 1);
1114 }
1115 }
1117 ########
1118 # answer
1119 if( $answer ) {
1121 #check gosa-si envelope validity
1122 my $answer_hash = &check_outgoing_xml_validity($answer);
1124 if( $answer_hash ) {
1125 # answer is valid
1127 # preprocessing
1128 if( $answer =~ "<header>registered</header>") {
1129 # set registered flag to true to stop sending further registered msgs
1130 $REGISTERED = 1;
1131 }
1132 else {
1133 &send_msg_to_target($answer, $server_address, $server_key);
1134 }
1136 # postprocessing
1137 if( $answer =~ "<header>new_key</header>") {
1138 # set new key to global variable
1139 $answer =~ /<new_key>(\S*?)<\/new_key>/;
1140 my $new_key = $1;
1141 $server_key = $new_key;
1142 }
1143 }
1145 }
1147 return;
1148 }
1150 sub get_dns_domains() {
1151 my $line;
1152 my @searches;
1153 open(RESOLV, "</etc/resolv.conf");
1154 while(<RESOLV>){
1155 $line= $_;
1156 chomp $line;
1157 $line =~ s/^\s+//;
1158 $line =~ s/\s+$//;
1159 $line =~ s/\s+/ /;
1160 if ($line =~ /^domain (.*)$/ ){
1161 push(@searches, $1);
1162 } elsif ($line =~ /^search (.*)$/ ){
1163 push(@searches, split(/ /, $1));
1164 }
1165 }
1166 close(RESOLV);
1168 my %tmp = map { $_ => 1 } @searches;
1169 @searches = sort keys %tmp;
1171 return @searches;
1172 }
1174 #==== MAIN = main ==============================================================
1175 # parse commandline options
1176 Getopt::Long::Configure( "bundling" );
1177 GetOptions("h|help" => \&usage,
1178 "c|config=s" => \$cfg_file,
1179 "f|foreground" => \$foreground,
1180 "v|verbose+" => \$verbose,
1181 );
1183 # read and set config parameters
1184 &check_cmdline_param ;
1185 &read_configfile($cfg_file, %cfg_defaults);
1186 &check_pid;
1189 # forward error messages to logfile
1190 if ( ! $foreground ) {
1191 open STDIN, '/dev/null' or die "Can’t read /dev/null: $!";
1192 open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!";
1193 open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!";
1194 }
1196 # Just fork, if we are not in foreground mode
1197 if( ! $foreground ) {
1198 chdir '/' or die "Can't chdir to /: $!";
1199 $pid = fork;
1200 setsid or die "Can't start a new session: $!";
1201 umask 0;
1202 }
1203 else {
1204 $pid = $$;
1205 }
1207 # Do something useful - put our PID into the pid_file
1208 if( 0 != $pid ) {
1209 open( LOCK_FILE, ">$pid_file" );
1210 print LOCK_FILE "$pid\n";
1211 close( LOCK_FILE );
1212 if( !$foreground ) {
1213 exit( 0 )
1214 };
1215 }
1217 daemon_log(" ", 1);
1218 daemon_log("$prg started!", 1);
1220 # delete old DBsqlite lock files
1221 system('rm -f /tmp/gosa_si_lock*gosa-si-client*');
1223 # detect ip and mac address and complete host address
1224 #if( inet_aton($client_ip) ){
1225 #print STDERR "ip: $client_ip\n";
1226 # $client_ip = inet_ntoa(inet_aton($client_ip));
1227 #print STDERR "ip: $client_ip\n";
1228 #}
1229 $client_address = $client_ip.":".$client_port;
1230 my $network_interface= &get_interface_for_ip($client_ip);
1231 $client_mac_address= &get_mac($network_interface);
1232 daemon_log("gosa-si-client ip address detected: $client_ip", 1);
1233 daemon_log("gosa-si-client mac address detected: $client_mac_address", 1);
1236 # import events
1237 &import_events();
1240 # compute hardware checksum
1241 $gotoHardwareChecksum= &generate_hw_digest();
1242 daemon_log("gosa-si-client gotoHardwareChecksum detected: $gotoHardwareChecksum", 1);
1245 # create socket for incoming xml messages
1246 POE::Component::Server::TCP->new(
1247 Alias => 'gosa-si-client',
1248 Port => $client_port,
1249 ClientInput => \&server_input,
1250 );
1251 daemon_log("start socket for incoming xml messages at port '$client_port' ", 1);
1254 # prepare variables
1255 if( inet_aton($server_ip) ){ $server_ip = inet_ntoa(inet_aton($server_ip)); }
1256 ############################################################
1257 # to change
1258 if( $server_ip eq "127.0.1.1" ) { $server_ip = "127.0.0.1" }
1259 ############################################################
1260 if (defined $server_ip && defined $server_port) {
1261 $server_address = $server_ip.":".$server_port;
1262 }
1263 $xml = new XML::Simple();
1264 $default_server_key = $server_key;
1267 # add gosa-si-server address from config file at first position of server list
1268 my $server_check_cfg = Config::IniFiles->new( -file => $cfg_file );
1269 my $server_check = $server_check_cfg->val( "server", "ip");
1270 if( defined $server_check ) {
1271 unshift(@servers, $server_address);
1272 my $servers_string = join(", ", @servers);
1273 daemon_log("INFO: found servers in configuration file: $servers_string", 5);
1274 } else {
1275 my @tmp_servers;
1276 if ( !$server_domain) {
1277 # Try our DNS Searchlist
1278 for my $domain(get_dns_domains()) {
1279 chomp($domain);
1280 my @tmp_domains= &get_server_addresses($domain);
1281 if(@tmp_domains) {
1282 for my $tmp_server(@tmp_domains) {
1283 push @tmp_servers, $tmp_server;
1284 }
1285 }
1286 }
1287 if(@tmp_servers && length(@tmp_servers)==0) {
1288 daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
1289 kill 2, $$;
1290 }
1291 } else {
1292 @tmp_servers = &get_server_addresses($server_domain);
1293 if( 0 == @tmp_servers ) {
1294 daemon_log("ERROR: no gosa-si-server found in DNS for domain '$server_domain'",1);
1295 daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
1296 kill 2, $$;
1297 }
1298 }
1300 foreach my $server (@tmp_servers) {
1301 unshift(@servers, $server);
1302 }
1303 my $servers_string = join(", ", @servers);
1304 daemon_log("INFO: found servers in DNS: $servers_string", 5);
1305 }
1308 # open fifo for non-gosa-si-client-msgs to gosa-si-server
1309 POSIX::mkfifo("$gosa_si_client_fifo", "0600");
1312 POE::Session->create(
1313 inline_states => {
1314 _start => \&_start,
1315 register_at_gosa_si_server => \®ister_at_gosa_si_server,
1316 trigger_new_key => \&trigger_new_key,
1318 # handle records from each defined file differently
1319 fifo_record => \&fifo_got_record,
1321 # handle file resets and errors the same way for each file
1322 file_reset => \&generic_file_reset,
1323 file_error => \&generic_file_error,
1324 }
1325 );
1327 POE::Kernel->run();
1328 exit;