eef48fdfa9ebdd7c76aeb0a7c458f0cd8eb40fcc
1 #!/usr/bin/perl
2 #===============================================================================
3 #
4 # FILE: gosa-server
5 #
6 # USAGE: gosa-si-client
7 #
8 # DESCRIPTION:
9 #
10 # OPTIONS: ---
11 # REQUIREMENTS: libnetaddr-ip-perl
12 # BUGS: ---
13 # NOTES:
14 # AUTHOR: (Andreas Rettenberger), <rettenberger@gonicus.de>
15 # COMPANY:
16 # VERSION: 1.0
17 # CREATED: 12.09.2007 08:54:41 CEST
18 # REVISION: ---
19 #===============================================================================
21 use strict;
22 use warnings;
23 use utf8;
24 use Getopt::Long;
25 use Config::IniFiles;
26 use POSIX;
27 use Time::HiRes qw( gettimeofday );
29 use POE qw(Component::Server::TCP Wheel::FollowTail);
30 use IO::Socket::INET;
31 use NetAddr::IP;
32 use Data::Dumper;
33 use Crypt::Rijndael;
34 use GOSA::GosaSupportDaemon;
35 use Digest::MD5 qw(md5_hex md5 md5_base64);
36 use MIME::Base64;
37 use XML::Simple;
38 use Net::DNS;
39 use File::Basename;
41 my $event_dir = "/usr/lib/gosa-si/client/events";
42 use lib "/usr/lib/gosa-si/client/events";
44 my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $opts_file, $procid, $pid, $log_file, $fai_logpath);
45 my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain, $server_key_lifetime);
46 my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
47 my $xml;
48 my $default_server_key;
49 my $event_hash;
50 my @servers;
51 my $gotoHardwareChecksum;
52 my $gosa_si_client_fifo;
53 my %files_to_watch;
54 $verbose= 1;
56 # globalise variables which are used in imported events
57 our $cfg_file;
58 our $server_address;
59 our $client_address;
60 our $server_key;
62 # default variables
63 our $REGISTERED = 0;
65 # path to fifo for non-gosa-si-client messages to gosa-si-server
66 $gosa_si_client_fifo = "/var/run/gosa-si-client.socket";
67 %files_to_watch = (fifo => $gosa_si_client_fifo);
69 # in function register_at_gosa_si_server, after which period of seconds a new registration should be tried if a registration was
70 # not successful until now
71 my $delay_set_time = 5;
72 our $prg= basename($0);
74 %cfg_defaults = (
75 "general" =>
76 {"log-file" => [\$log_file, "/var/run/".$prg.".log"],
77 "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"],
78 "opts-file" => [\$opts_file, "/var/run/".$prg.".opts"],
79 },
80 "client" =>
81 {"port" => [\$client_port, "20083"],
82 "ip" => [\$client_ip, "0.0.0.0"],
83 "mac-address" => [\$client_mac_address, "00:00:00:00:00:00"],
84 "server-domain" => [\$server_domain, ""],
85 "ldap" => [\$ldap_enabled, 1],
86 "ldap-config" => [\$ldap_config, "/etc/ldap/ldap.conf"],
87 "pam-config" => [\$pam_config, "/etc/pam_ldap.conf"],
88 "nss-config" => [\$nss_config, "/etc/libnss_ldap.conf"],
89 "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"],
90 },
91 "server" => {
92 "ip" => [\$server_ip, "127.0.0.1"],
93 "port" => [\$server_port, "20081"],
94 "key" => [\$server_key, ""],
95 "timeout" => [\$server_timeout, 10],
96 "key-lifetime" => [\$server_key_lifetime, 600],
97 },
99 );
102 #=== FUNCTIONS = functions =====================================================
104 #=== FUNCTION ================================================================
105 # NAME: check_cmdline_param
106 # PARAMETERS:
107 # RETURNS:
108 # DESCRIPTION:
109 #===============================================================================
110 sub check_cmdline_param () {
111 my $err_config;
112 my $err_counter = 0;
113 if(not defined($cfg_file)) {
114 $cfg_file = "/etc/gosa-si/client.conf";
115 if(! -r $cfg_file) {
116 $err_config = "please specify a config file";
117 $err_counter += 1;
118 }
119 }
120 if( $err_counter > 0 ) {
121 &usage( "", 1 );
122 if( defined( $err_config)) { print STDERR "$err_config\n"}
123 print STDERR "\n";
124 exit( -1 );
125 }
126 }
129 #=== FUNCTION ================================================================
130 # NAME: read_configfile
131 # PARAMETERS: cfg_file - string -
132 # RETURNS:
133 # DESCRIPTION:
134 #===============================================================================
135 sub read_configfile {
136 my ($cfg_file, %cfg_defaults) = @_ ;
137 my $cfg;
138 if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
139 if( -r $cfg_file ) {
140 $cfg = Config::IniFiles->new( -file => $cfg_file );
141 } else {
142 print STDERR "Couldn't read config file!";
143 }
144 } else {
145 $cfg = Config::IniFiles->new() ;
146 }
147 foreach my $section (keys %cfg_defaults) {
148 foreach my $param (keys %{$cfg_defaults{ $section }}) {
149 my $pinfo = $cfg_defaults{ $section }{ $param };
150 ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
151 }
152 }
153 }
156 #=== FUNCTION ================================================================
157 # NAME: check_pid
158 # PARAMETERS:
159 # RETURNS:
160 # DESCRIPTION:
161 #===============================================================================
162 sub check_pid {
163 $pid = -1;
164 # Check, if we are already running
165 if( open(LOCK_FILE, "<$pid_file") ) {
166 $pid = <LOCK_FILE>;
167 if( defined $pid ) {
168 chomp( $pid );
169 if( -f "/proc/$pid/stat" ) {
170 my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
171 if( $0 eq $stat ) {
172 close( LOCK_FILE );
173 exit -1;
174 }
175 }
176 }
177 close( LOCK_FILE );
178 unlink( $pid_file );
179 }
181 # create a syslog msg if it is not to possible to open PID file
182 if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
183 my($msg) = "Couldn't obtain lockfile '$pid_file' ";
184 if (open(LOCK_FILE, '<', $pid_file)
185 && ($pid = <LOCK_FILE>))
186 {
187 chomp($pid);
188 $msg .= "(PID $pid)\n";
189 } else {
190 $msg .= "(unable to read PID)\n";
191 }
192 if( ! ($foreground) ) {
193 openlog( $0, "cons,pid", "daemon" );
194 syslog( "warning", $msg );
195 closelog();
196 }
197 else {
198 print( STDERR " $msg " );
199 }
200 exit( -1 );
201 }
202 }
205 sub sig_int_handler {
206 my ($signal) = @_;
208 daemon_log("shutting down gosa-si-server", 1);
209 exit(1);
210 }
211 $SIG{INT} = \&sig_int_handler;
214 #=== FUNCTION ================================================================
215 # NAME: logging
216 # PARAMETERS: level - string - default 'info'
217 # msg - string -
218 # facility - string - default 'LOG_DAEMON'
219 # RETURNS:
220 # DESCRIPTION:
221 #===============================================================================
222 sub daemon_log {
223 # log into log_file
224 my( $msg, $level ) = @_;
225 if(not defined $msg) { return }
226 if(not defined $level) { $level = 1 }
227 if(defined $log_file){
228 open(LOG_HANDLE, ">>$log_file");
229 if(not defined open( LOG_HANDLE, ">>$log_file" )) {
230 print STDERR "cannot open $log_file: $!";
231 return }
232 chomp($msg);
233 if($level <= $verbose){
234 my ($seconds, $minutes, $hours, $monthday, $month,
235 $year, $weekday, $yearday, $sommertime) = localtime(time);
236 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
237 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
238 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
239 my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
240 $month = $monthnames[$month];
241 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
242 $year+=1900;
244 my $log_msg = "$month $monthday $hours:$minutes:$seconds $prg $msg\n";
245 print LOG_HANDLE $log_msg;
246 if( $foreground ) {
247 print STDERR $log_msg;
248 }
249 }
250 close( LOG_HANDLE );
251 }
252 #log into syslog
253 # my ($msg, $level, $facility) = @_;
254 # if(not defined $msg) {return}
255 # if(not defined $level) {$level = "info"}
256 # if(not defined $facility) {$facility = "LOG_DAEMON"}
257 # openlog($0, "pid,cons,", $facility);
258 # syslog($level, $msg);
259 # closelog;
260 # return;
261 }
264 #=== FUNCTION ================================================================
265 # NAME: get_interfaces
266 # PARAMETERS: none
267 # RETURNS: (list of interfaces)
268 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
269 #===============================================================================
270 sub get_interfaces {
271 my @result;
272 my $PROC_NET_DEV= ('/proc/net/dev');
274 open(PROC_NET_DEV, "<$PROC_NET_DEV")
275 or die "Could not open $PROC_NET_DEV";
277 my @ifs = <PROC_NET_DEV>;
279 close(PROC_NET_DEV);
281 # Eat first two line
282 shift @ifs;
283 shift @ifs;
285 chomp @ifs;
286 foreach my $line(@ifs) {
287 my $if= (split /:/, $line)[0];
288 $if =~ s/^\s+//;
289 push @result, $if;
290 }
292 return @result;
293 }
295 #=== FUNCTION ================================================================
296 # NAME: get_mac
297 # PARAMETERS: interface name (i.e. eth0)
298 # RETURNS: (mac address)
299 # DESCRIPTION: Uses ioctl to get mac address directly from system.
300 #===============================================================================
301 sub get_mac {
302 my $ifreq= shift;
303 my $result;
304 if ($ifreq && length($ifreq) > 0) {
305 if($ifreq eq "all") {
306 if(defined($server_ip)) {
307 $result = &get_local_mac_for_remote_ip($server_ip);
308 }
309 elsif ($client_mac_address && length($client_mac_address) > 0 && !($client_mac_address eq "00:00:00:00:00:00")){
310 $result = &client_mac_address;
311 }
312 else {
313 $result = "00:00:00:00:00:00";
314 }
315 } else {
316 my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list
318 # A configured MAC Address should always override a guessed value
319 if ($client_mac_address and length($client_mac_address) > 0 and not($client_mac_address eq "00:00:00:00:00:00")) {
320 $result= $client_mac_address;
321 }
322 else {
323 socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
324 or die "socket: $!";
326 if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
327 my ($if, $mac)= unpack 'h36 H12', $ifreq;
329 if (length($mac) > 0) {
330 $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
331 $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
332 $result = $mac;
333 }
334 }
335 }
336 }
337 }
338 return $result;
339 }
342 #=== FUNCTION ================================================================
343 # NAME: get_interface_for_ip
344 # PARAMETERS: ip address (i.e. 192.168.0.1)
345 # RETURNS: array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else
346 # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
347 #===============================================================================
348 sub get_interface_for_ip {
349 my $result;
350 my $ip= shift;
351 if ($ip && length($ip) > 0) {
352 my @ifs= &get_interfaces();
353 if($ip eq "0.0.0.0") {
354 $result = "all";
355 } else {
356 foreach (@ifs) {
357 my $if=$_;
358 if(get_ip($if) eq $ip) {
359 $result = $if;
360 last;
361 }
362 }
363 }
364 }
365 return $result;
366 }
369 #=== FUNCTION ================================================================
370 # NAME: get_ip
371 # PARAMETERS: interface name (i.e. eth0)
372 # RETURNS: (ip address)
373 # DESCRIPTION: Uses ioctl to get ip address directly from system.
374 #===============================================================================
375 sub get_ip {
376 my $ifreq= shift;
377 my $result= "";
378 my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
379 my $proto= getprotobyname('ip');
381 socket SOCKET, PF_INET, SOCK_DGRAM, $proto
382 or die "socket: $!";
384 if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
385 my ($if, $sin) = unpack 'a16 a16', $ifreq;
386 my ($port, $addr) = sockaddr_in $sin;
387 my $ip = inet_ntoa $addr;
389 if ($ip && length($ip) > 0) {
390 $result = $ip;
391 }
392 }
394 return $result;
395 }
398 #=== FUNCTION ================================================================
399 # NAME: get_local_mac_for_remote_ip
400 # PARAMETERS: none (takes server_ip from global variable)
401 # RETURNS: (ip address from interface that is used for communication)
402 # DESCRIPTION: Uses ioctl to get routing table from system, checks which entry
403 # matches (defaultroute last).
404 #===============================================================================
405 sub get_local_mac_for_remote_ip {
406 my $server_ip= shift;
407 my $result= "00:00:00:00:00:00";
409 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
410 my $PROC_NET_ROUTE= ('/proc/net/route');
412 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
413 or die "Could not open $PROC_NET_ROUTE";
415 my @ifs = <PROC_NET_ROUTE>;
417 close(PROC_NET_ROUTE);
419 # Eat header line
420 shift @ifs;
421 chomp @ifs;
422 foreach my $line(@ifs) {
423 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
424 my $destination;
425 my $mask;
426 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
427 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
428 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
429 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
430 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
431 # destination matches route, save mac and exit
432 $result= &get_mac($Iface);
433 last;
434 }
435 }
436 } else {
437 daemon_log("get_local_mac_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
438 }
439 return $result;
440 }
442 sub get_local_ip_for_remote_ip {
443 my $server_ip= shift;
444 my $result="0.0.0.0";
446 if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
447 if($server_ip eq "127.0.0.1") {
448 $result="127.0.0.1";
449 } else {
450 my $PROC_NET_ROUTE= ('/proc/net/route');
452 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
453 or die "Could not open $PROC_NET_ROUTE";
455 my @ifs = <PROC_NET_ROUTE>;
457 close(PROC_NET_ROUTE);
459 # Eat header line
460 shift @ifs;
461 chomp @ifs;
462 foreach my $line(@ifs) {
463 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
464 my $destination;
465 my $mask;
466 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
467 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
468 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
469 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
470 if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) {
471 # destination matches route, save mac and exit
472 $result= &get_ip($Iface);
473 last;
474 }
475 }
476 }
477 } else {
478 daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
479 }
480 return $result;
481 }
484 sub generate_hw_digest {
485 my $hw_data;
486 foreach my $line (split /\n/, `cat /proc/bus/pci/devices`) {
487 $hw_data.= sprintf "%s", $line =~ /[^\s]+\s([^\s]+)\s.*/;
488 }
489 return(md5_base64($hw_data));
490 }
493 sub create_passwd {
494 my $new_passwd = "";
495 for(my $i=0; $i<31; $i++) {
496 $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))]
497 }
499 return $new_passwd;
500 }
503 sub create_ciphering {
504 my ($passwd) = @_;
505 if((!defined($passwd)) || length($passwd)==0) {
506 $passwd = "";
507 }
508 $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
509 my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
510 my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
511 $my_cipher->set_iv($iv);
512 return $my_cipher;
513 }
516 sub encrypt_msg {
517 my ($msg, $key) = @_;
518 my $my_cipher = &create_ciphering($key);
519 my $len;
520 {
521 use bytes;
522 $len= 16-length($msg)%16;
523 }
524 $msg = "\0"x($len).$msg;
525 $msg = $my_cipher->encrypt($msg);
526 chomp($msg = &encode_base64($msg));
527 # there are no newlines allowed inside msg
528 $msg=~ s/\n//g;
529 return $msg;
530 }
533 sub decrypt_msg {
535 my ($msg, $key) = @_ ;
536 $msg = &decode_base64($msg);
537 my $my_cipher = &create_ciphering($key);
538 $msg = $my_cipher->decrypt($msg);
539 $msg =~ s/\0*//g;
540 return $msg;
541 }
544 sub get_server_addresses {
545 my $domain= shift;
546 my @result;
548 my $error = 0;
549 my $res = Net::DNS::Resolver->new;
550 my $query = $res->send("_gosa-si._tcp.".$domain, "SRV");
551 my @hits;
553 if ($query) {
554 foreach my $rr ($query->answer) {
555 push(@hits, $rr->target.":".$rr->port);
556 }
557 }
558 else {
559 #warn "query failed: ", $res->errorstring, "\n";
560 $error++;
561 }
563 if( $error == 0 ) {
564 foreach my $hit (@hits) {
565 my ($hit_name, $hit_port) = split(/:/, $hit);
566 chomp($hit_name);
567 chomp($hit_port);
569 my $address_query = $res->send($hit_name);
570 if( 1 == length($address_query->answer) ) {
571 foreach my $rr ($address_query->answer) {
572 push(@result, $rr->address.":".$hit_port);
573 }
574 }
575 }
576 }
578 # my $dig_cmd= 'dig +nocomments srv _gosa-si._tcp.'.$domain;
579 #
580 # my $output= `$dig_cmd 2>&1`;
581 # open (PIPE, "$dig_cmd 2>&1 |");
582 # while(<PIPE>) {
583 # chomp $_;
584 # # If it's not a comment
585 # if($_ =~ m/^[^;]/) {
586 # my @matches= split /\s+/;
587 #
588 # # Push hostname with port
589 # if($matches[3] eq 'SRV') {
590 # push @result, $matches[7].':'.$matches[6];
591 # } elsif ($matches[3] eq 'A') {
592 # my $i=0;
593 #
594 # # Substitute the hostname with the ip address of the matching A record
595 # foreach my $host (@result) {
596 # if ((split /\:/, $host)[0] eq $matches[0]) {
597 # $result[$i]= $matches[4].':'.(split /\:/, $host)[1];
598 # }
599 # $i++;
600 # }
601 # }
602 # }
603 # }
604 # close(PIPE);
605 return @result;
606 }
609 ##=== FUNCTION ================================================================
610 ## NAME: create_ciphering
611 ## PARAMETERS: passwd - string - used to create ciphering
612 ## RETURNS: cipher - object
613 ## DESCRIPTION: creates a Crypt::Rijndael::MODE_CBC object with passwd as key
614 ##===============================================================================
615 #sub create_ciphering {
616 # my ($passwd) = @_;
617 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
618 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
619 #
620 # #daemon_log("iv: $iv", 7);
621 # #daemon_log("key: $passwd", 7);
622 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
623 # $my_cipher->set_iv($iv);
624 # return $my_cipher;
625 #}
626 #
627 #
628 #sub create_ciphering {
629 # my ($passwd) = @_;
630 # $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
631 # my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
632 # my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
633 # $my_cipher->set_iv($iv);
634 # return $my_cipher;
635 #}
636 #
637 #
638 #sub encrypt_msg {
639 # my ($msg, $key) = @_;
640 # my $my_cipher = &create_ciphering($key);
641 # {
642 # use bytes;
643 # $msg = "\0"x(16-length($msg)%16).$msg;
644 # }
645 # $msg = $my_cipher->encrypt($msg);
646 # chomp($msg = &encode_base64($msg));
647 # # there are no newlines allowed inside msg
648 # $msg=~ s/\n//g;
649 # return $msg;
650 #}
651 #
652 #
653 #sub decrypt_msg {
654 # my ($msg, $key) = @_ ;
655 # $msg = &decode_base64($msg);
656 # my $my_cipher = &create_ciphering($key);
657 # $msg = $my_cipher->decrypt($msg);
658 # $msg =~ s/\0*//g;
659 # return $msg;
660 #}
663 #=== FUNCTION ================================================================
664 # NAME: send_msg_hash_to_target
665 # PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash
666 # PeerAddr string - socket address to send msg
667 # PeerPort string - socket port, if not included in socket address
668 # RETURNS: nothing
669 # DESCRIPTION: ????
670 #===============================================================================
671 sub send_msg_hash_to_target {
672 my ($msg_hash, $address, $encrypt_key) = @_ ;
673 my $msg = &create_xml_string($msg_hash);
674 my $header = @{$msg_hash->{'header'}}[0];
675 my $error = &send_msg_to_target($msg, $address, $encrypt_key, $header);
677 return $error;
678 }
681 sub send_msg_to_target {
682 my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
683 my $error = 0;
685 if( $msg_header ) {
686 $msg_header = "'$msg_header'-";
687 }
688 else {
689 $msg_header = "";
690 }
692 # encrypt xml msg
693 my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
695 # opensocket
696 my $socket = &open_socket($address);
697 if( !$socket ) {
698 daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1);
699 $error++;
700 }
702 if( $error == 0 ) {
703 # send xml msg
704 print $socket $crypted_msg."\n";
706 daemon_log("send ".$msg_header."msg to $address", 1);
707 daemon_log("message:\n$msg", 8);
709 }
711 # close socket in any case
712 if( $socket ) {
713 close $socket;
714 }
716 return $error;
717 }
720 sub write_to_file {
721 my ($string, $file) = @_;
722 my $error = 0;
724 if( not defined $file || not -f $file ) {
725 &main::daemon_log("ERROR: $prg: check '-f file' failed: $file", 1);
726 $error++;
727 }
728 if( not defined $string || 0 == length($string)) {
729 &main::daemon_log("ERROR: $prg: empty string to write to file '$file'", 1);
730 $error++;
731 }
733 if( $error == 0 ) {
735 chomp($string);
737 open(FILE, ">> $file");
738 print FILE $string."\n";
739 close(FILE);
740 }
742 return;
743 }
746 sub open_socket {
747 my ($PeerAddr, $PeerPort) = @_ ;
748 if(defined($PeerPort)){
749 $PeerAddr = $PeerAddr.":".$PeerPort;
750 }
751 my $socket;
752 $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
753 Porto => "tcp",
754 Type => SOCK_STREAM,
755 Timeout => 5,
756 );
757 if(not defined $socket) {
758 return;
759 }
760 &daemon_log("open_socket: $PeerAddr", 7);
761 return $socket;
762 }
765 #=== FUNCTION ================================================================
766 # NAME: register_at_server
767 # PARAMETERS:
768 # RETURNS:
769 # DESCRIPTION:
770 #===============================================================================
771 sub register_at_gosa_si_server {
772 my ($kernel) = $_[KERNEL];
773 my $try_to_register = 0;
775 if( not $REGISTERED ) {
776 # create new passwd and ciphering object for client-server communication
777 $server_key = &create_passwd();
779 my $events = join( ", ", keys %{$event_hash} );
780 while(1) {
782 if( $try_to_register >= @servers ) {
783 last;
784 }
786 # fetch first gosa-si-server from @servers
787 my $server = shift(@servers);
789 # append shifted gosa-si-server at the end of @servers, so looking for servers never stop if
790 # a registration never occured
791 push( @servers, $server );
793 # Check if our ip is resolvable - if not: don't try to register
794 my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
795 my $resolver= Net::DNS::Resolver->new;
796 my $dnsresult= $resolver->search($ip);
797 my $dnsname="";
798 if(!defined($dnsresult)) {
799 &write_to_file("goto-error-dns:$ip", $fai_logpath);
800 exit(1);
801 } else {
802 $dnsname=$dnsresult->{answer}[0]->{ptrdname};
803 }
805 # create registration msg
806 my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
807 my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
808 my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server);
809 &add_content2xml_hash($register_hash, "new_passwd", $server_key);
810 &add_content2xml_hash($register_hash, "mac_address", $local_mac);
811 &add_content2xml_hash($register_hash, "events", $events);
812 &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum);
814 # send xml hash to server with general server passwd
815 my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key);
816 if($res == 0) {
817 # reset try_to_register
818 $try_to_register = 0;
820 # Set fixed client address
821 $client_ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
822 $client_address= "$client_ip:$client_port";
824 # Write the MAC address to file
825 if(stat($opts_file)) {
826 unlink($opts_file);
827 }
828 my $opts_file_FH;
829 my $hostname= $dnsname;
830 $hostname =~ s/\..*$//;
831 open($opts_file_FH, ">$opts_file");
832 print $opts_file_FH "MAC=\"$local_mac\"\n";
833 print $opts_file_FH "IPADDRESS=\"$client_ip\"\n";
834 print $opts_file_FH "HOSTNAME=\"$hostname\"\n";
835 print $opts_file_FH "FQDN=\"$dnsname\"\n";
836 close($opts_file_FH);
837 last;
838 } else {
839 $try_to_register++;
840 # wait 1 sec until trying to register again
841 sleep(1);
842 next;
843 }
844 }
846 if( $try_to_register >= @servers ) {
847 &write_to_file("gosa-si-no-server-available", $fai_logpath);
848 $kernel->delay_set('register_at_gosa_si_server', $delay_set_time);
849 }
850 else {
851 daemon_log("waiting for msg 'register_at_gosa_si_server'",1);
852 $kernel->delay_set('register_at_gosa_si_server', $delay_set_time);
853 # clear old settings and set it again
854 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
855 }
856 }
857 return;
858 }
861 sub check_key_and_xml_validity {
862 my ($crypted_msg, $module_key) = @_;
864 my $msg;
865 my $msg_hash;
866 eval{
867 $msg = &decrypt_msg($crypted_msg, $module_key);
868 &main::daemon_log("decrypted_msg: \n$msg", 8);
870 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
872 ##############
873 # check header
874 my $header_l = $msg_hash->{'header'};
875 if( 1 != @{$header_l} ) {
876 die 'no or more headers specified';
877 }
878 my $header = @{$header_l}[0];
879 if( 0 == length $header) {
880 die 'header has length 0';
881 }
883 ##############
884 # check source
885 my $source_l = $msg_hash->{'source'};
886 if( 1 != @{$source_l} ) {
887 die 'no or more than 1 sources specified';
888 }
889 my $source = @{$source_l}[0];
890 if( 0 == length $source) {
891 die 'source has length 0';
892 }
893 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) {
894 die "source '$source' is neither a complete ip-address with port nor 'GOSA'";
895 }
897 ##############
898 # check target
899 my $target_l = $msg_hash->{'target'};
900 if( 1 != @{$target_l} ) {
901 die 'no or more than 1 targets specified ';
902 }
903 my $target = @{$target_l}[0];
904 if( 0 == length $target) {
905 die 'target has length 0 ';
906 }
907 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ){
908 die "source is neither a complete ip-address with port nor 'GOSA'";
909 }
910 };
911 if($@) {
912 &main::daemon_log("WARNING: do not understand the message or msg is not gosa-si envelope conform:", 5);
913 &main::daemon_log("$@", 8);
914 $msg = undef;
915 $msg_hash = undef;
916 }
918 return ($msg, $msg_hash);
919 }
922 sub check_outgoing_xml_validity {
923 my ($msg) = @_;
925 my $msg_hash;
926 eval{
927 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
929 ##############
930 # check header
931 my $header_l = $msg_hash->{'header'};
932 if( 1 != @{$header_l} ) {
933 die 'no or more than one headers specified';
934 }
935 my $header = @{$header_l}[0];
936 if( 0 == length $header) {
937 die 'header has length 0';
938 }
940 ##############
941 # check source
942 my $source_l = $msg_hash->{'source'};
943 if( 1 != @{$source_l} ) {
944 die 'no or more than 1 sources specified';
945 }
946 my $source = @{$source_l}[0];
947 if( 0 == length $source) {
948 die 'source has length 0';
949 }
950 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
951 $source =~ /^GOSA$/i ) {
952 die "source '$source' is neither a complete ip-address with port";
953 }
955 ##############
956 # check target
957 my $target_l = $msg_hash->{'target'};
958 if( 1 != @{$target_l} ) {
959 die "no or more than one targets specified";
960 }
961 foreach my $target (@$target_l) {
962 if( 0 == length $target) {
963 die "target has length 0";
964 }
965 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) {
966 die "target '$target' is not a complete ip-address with port or a valid target name";
967 }
968 }
969 };
970 if($@) {
971 daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5);
972 daemon_log("$@ $msg", 8);
973 $msg_hash = undef;
974 }
975 return ($msg_hash);
976 }
979 sub import_events {
981 if (not -e $event_dir) {
982 daemon_log("ERROR: cannot find directory or directory is not readable: $event_dir", 1);
983 }
984 opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n";
986 while (defined (my $event = readdir (DIR))) {
987 if( $event eq "." || $event eq ".." ) { next; }
989 eval{ require $event; };
990 if( $@ ) {
991 daemon_log("ERROR: import of event module '$event' failed", 1);
992 daemon_log("$@", 8);
993 next;
994 }
996 $event =~ /(\S*?).pm$/;
997 my $event_module = $1;
998 my $events_l = eval( $1."::get_events()") ;
999 foreach my $event_name (@{$events_l}) {
1000 $event_hash->{$event_name} = $event_module;
1001 }
1003 }
1005 my @all_events = keys %$event_hash;
1006 my $all_events_string = join(", ", @all_events);
1008 daemon_log("INFO: imported events: $all_events_string", 5);
1009 }
1011 sub trigger_new_key {
1012 my ($kernel) = $_[KERNEL] ;
1014 my $msg = "<xml><header>new_key</header><source>$client_address</source><target>$client_address</target></xml>";
1015 &send_msg_to_target($msg, $client_address, $server_key, 'new_key');
1017 $kernel->delay_set('trigger_new_key', $server_key_lifetime);
1019 }
1022 sub generic_file_reset {
1023 my ( $heap, $wheel_id ) = @_[ HEAP, ARG0 ];
1025 my $service = $heap->{services}->{$wheel_id};
1026 daemon_log("INFO: '$service' watching reset", 5);
1027 return;
1028 }
1030 sub generic_file_error {
1031 my ( $heap, $operation, $errno, $error_string, $wheel_id ) =
1032 @_[ HEAP, ARG0, ARG1, ARG2, ARG3 ];
1034 my $service = $heap->{services}->{$wheel_id};
1035 daemon_log("ERROR: '$service' watcher $operation error $errno: $error_string", 1);
1036 daemon_log("ERROR: shutting down '$service' file watcher", 1);
1038 delete $heap->{services}->{$wheel_id};
1039 delete $heap->{watchers}->{$wheel_id};
1040 return;
1041 }
1043 sub fifo_got_record {
1044 my $file_record = $_[ARG0];
1045 my $header;
1046 my $content = "";
1048 $file_record =~ /^(\S+)[ ]?([\s\S]+)?$/;
1049 if( defined $1 ) {
1050 $header = $1;
1051 } else {
1052 return;
1053 }
1055 if( defined $2 ) {
1056 $content = $2;
1057 }
1059 my $clmsg_hash = &create_xml_hash("CLMSG_$header", $client_address, $server_address, $content);
1060 &add_content2xml_hash($clmsg_hash, "macaddress", $client_mac_address);
1061 my $clmsg = &create_xml_string($clmsg_hash);
1062 &send_msg_to_target($clmsg, $server_address, $server_key);
1063 return;
1064 }
1067 sub _start {
1068 my ($kernel, $heap) = @_[KERNEL, HEAP];
1069 $kernel->alias_set('client_session');
1071 # force a registration at a gosa-si-server
1072 $kernel->yield('register_at_gosa_si_server');
1074 # install all file watcher defined
1075 while( my($file_name, $file) = each %files_to_watch ) {
1076 my $file_watcher = POE::Wheel::FollowTail->new(
1077 Filename => $file,
1078 InputEvent => $file_name."_record",
1079 ResetEvent => "file_reset",
1080 ErrorEvent => "file_error",
1081 );
1082 $heap->{services}->{ $file_watcher->ID } = $file_name;
1083 $heap->{watchers}->{ $file_watcher->ID } = $file_watcher;
1084 }
1085 }
1088 sub server_input {
1089 my ($kernel, $heap, $input, $wheel) = @_[KERNEL, HEAP, ARG0, ARG1];
1090 my $error = 0;
1091 my $answer;
1093 daemon_log("Incoming msg:\n$input\n", 8);
1095 my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $server_key);
1096 if( (!$msg) || (!$msg_hash) ) {
1097 daemon_log("Deciphering of incoming msg failed", 5);
1098 $error++;
1099 }
1102 ######################
1103 # process incoming msg
1104 if( $error == 0 ) {
1105 my $header = @{$msg_hash->{header}}[0];
1106 my $source = @{$msg_hash->{source}}[0];
1108 if( exists $event_hash->{$header} ) {
1109 # a event exists with the header as name
1110 daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5);
1111 no strict 'refs';
1112 $answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash);
1113 }
1114 else {
1115 daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 1);
1116 }
1117 }
1119 ########
1120 # answer
1121 if( $answer ) {
1123 #check gosa-si envelope validity
1124 my $answer_hash = &check_outgoing_xml_validity($answer);
1126 if( $answer_hash ) {
1127 # answer is valid
1129 # preprocessing
1130 if( $answer =~ "<header>registered</header>") {
1131 # set registered flag to true to stop sending further registered msgs
1132 $REGISTERED = 1;
1133 }
1134 else {
1135 &send_msg_to_target($answer, $server_address, $server_key);
1136 }
1138 # postprocessing
1139 if( $answer =~ "<header>new_key</header>") {
1140 # set new key to global variable
1141 $answer =~ /<new_key>(\S*?)<\/new_key>/;
1142 my $new_key = $1;
1143 $server_key = $new_key;
1144 }
1145 }
1147 }
1149 return;
1150 }
1152 sub get_dns_domains() {
1153 my $line;
1154 my @searches;
1155 open(RESOLV, "</etc/resolv.conf");
1156 while(<RESOLV>){
1157 $line= $_;
1158 chomp $line;
1159 $line =~ s/^\s+//;
1160 $line =~ s/\s+$//;
1161 $line =~ s/\s+/ /;
1162 if ($line =~ /^domain (.*)$/ ){
1163 push(@searches, $1);
1164 } elsif ($line =~ /^search (.*)$/ ){
1165 push(@searches, split(/ /, $1));
1166 }
1167 }
1168 close(RESOLV);
1170 my %tmp = map { $_ => 1 } @searches;
1171 @searches = sort keys %tmp;
1173 return @searches;
1174 }
1176 #==== MAIN = main ==============================================================
1177 # parse commandline options
1178 Getopt::Long::Configure( "bundling" );
1179 GetOptions("h|help" => \&usage,
1180 "c|config=s" => \$cfg_file,
1181 "f|foreground" => \$foreground,
1182 "v|verbose+" => \$verbose,
1183 );
1185 # read and set config parameters
1186 &check_cmdline_param ;
1187 &read_configfile($cfg_file, %cfg_defaults);
1188 &check_pid;
1191 # forward error messages to logfile
1192 if ( ! $foreground ) {
1193 open STDIN, '/dev/null' or die "Can’t read /dev/null: $!";
1194 open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!";
1195 open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!";
1196 }
1198 # Just fork, if we are not in foreground mode
1199 if( ! $foreground ) {
1200 chdir '/' or die "Can't chdir to /: $!";
1201 $pid = fork;
1202 setsid or die "Can't start a new session: $!";
1203 umask 0;
1204 }
1205 else {
1206 $pid = $$;
1207 }
1209 # Do something useful - put our PID into the pid_file
1210 if( 0 != $pid ) {
1211 open( LOCK_FILE, ">$pid_file" );
1212 print LOCK_FILE "$pid\n";
1213 close( LOCK_FILE );
1214 if( !$foreground ) {
1215 exit( 0 )
1216 };
1217 }
1219 daemon_log(" ", 1);
1220 daemon_log("$prg started!", 1);
1222 # delete old DBsqlite lock files
1223 system('rm -f /tmp/gosa_si_lock*gosa-si-client*');
1225 # detect ip and mac address and complete host address
1226 #if( inet_aton($client_ip) ){
1227 #print STDERR "ip: $client_ip\n";
1228 # $client_ip = inet_ntoa(inet_aton($client_ip));
1229 #print STDERR "ip: $client_ip\n";
1230 #}
1231 $client_address = $client_ip.":".$client_port;
1232 my $network_interface= &get_interface_for_ip($client_ip);
1233 $client_mac_address= &get_mac($network_interface);
1234 daemon_log("gosa-si-client ip address detected: $client_ip", 1);
1235 daemon_log("gosa-si-client mac address detected: $client_mac_address", 1);
1238 # import events
1239 &import_events();
1242 # compute hardware checksum
1243 $gotoHardwareChecksum= &generate_hw_digest();
1244 daemon_log("gosa-si-client gotoHardwareChecksum detected: $gotoHardwareChecksum", 1);
1247 # create socket for incoming xml messages
1248 POE::Component::Server::TCP->new(
1249 Alias => 'gosa-si-client',
1250 Port => $client_port,
1251 ClientInput => \&server_input,
1252 );
1253 daemon_log("start socket for incoming xml messages at port '$client_port' ", 1);
1256 # prepare variables
1257 if( inet_aton($server_ip) ){ $server_ip = inet_ntoa(inet_aton($server_ip)); }
1258 ############################################################
1259 # to change
1260 if( $server_ip eq "127.0.1.1" ) { $server_ip = "127.0.0.1" }
1261 ############################################################
1262 if (defined $server_ip && defined $server_port) {
1263 $server_address = $server_ip.":".$server_port;
1264 }
1265 $xml = new XML::Simple();
1266 $default_server_key = $server_key;
1269 # add gosa-si-server address from config file at first position of server list
1270 my $server_check_cfg = Config::IniFiles->new( -file => $cfg_file );
1271 my $server_check = $server_check_cfg->val( "server", "ip");
1272 if( defined $server_check ) {
1273 unshift(@servers, $server_address);
1274 my $servers_string = join(", ", @servers);
1275 daemon_log("INFO: found servers in configuration file: $servers_string", 5);
1276 } else {
1277 my @tmp_servers;
1278 if ( !$server_domain) {
1279 # Try our DNS Searchlist
1280 for my $domain(get_dns_domains()) {
1281 chomp($domain);
1282 my @tmp_domains= &get_server_addresses($domain);
1283 if(@tmp_domains) {
1284 for my $tmp_server(@tmp_domains) {
1285 push @tmp_servers, $tmp_server;
1286 }
1287 }
1288 }
1289 if(@tmp_servers && length(@tmp_servers)==0) {
1290 daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
1291 kill 2, $$;
1292 }
1293 } else {
1294 @tmp_servers = &get_server_addresses($server_domain);
1295 if( 0 == @tmp_servers ) {
1296 daemon_log("ERROR: no gosa-si-server found in DNS for domain '$server_domain'",1);
1297 daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
1298 kill 2, $$;
1299 }
1300 }
1302 foreach my $server (@tmp_servers) {
1303 unshift(@servers, $server);
1304 }
1305 my $servers_string = join(", ", @servers);
1306 daemon_log("INFO: found servers in DNS: $servers_string", 5);
1307 }
1310 # open fifo for non-gosa-si-client-msgs to gosa-si-server
1311 POSIX::mkfifo("$gosa_si_client_fifo", "0600");
1314 POE::Session->create(
1315 inline_states => {
1316 _start => \&_start,
1317 register_at_gosa_si_server => \®ister_at_gosa_si_server,
1318 trigger_new_key => \&trigger_new_key,
1320 # handle records from each defined file differently
1321 fifo_record => \&fifo_got_record,
1323 # handle file resets and errors the same way for each file
1324 file_reset => \&generic_file_reset,
1325 file_error => \&generic_file_error,
1326 }
1327 );
1329 POE::Kernel->run();
1330 exit;