2ffe6f7d09343c5489ac5f60ecc1caffc768d24a
1 #!/usr/bin/perl
2 #===============================================================================
3 #
4 # FILE: gosa-sd
5 #
6 # USAGE: ./gosa-sd
7 #
8 # DESCRIPTION:
9 #
10 # OPTIONS: ---
11 # REQUIREMENTS: libconfig-inifiles-perl libcrypt-rijndael-perl libxml-simple-perl
12 # libdata-dumper-simple-perl libdbd-sqlite3-perl libnet-ldap-perl
13 # libpoe-perl
14 # BUGS: ---
15 # NOTES:
16 # AUTHOR: (Andreas Rettenberger), <rettenberger@gonicus.de>
17 # COMPANY:
18 # VERSION: 1.0
19 # CREATED: 12.09.2007 08:54:41 CEST
20 # REVISION: ---
21 #===============================================================================
23 use strict;
24 use warnings;
25 use Getopt::Long;
26 use Config::IniFiles;
27 use POSIX;
29 use Fcntl;
30 use IO::Socket::INET;
31 use IO::Handle;
32 use IO::Select;
33 use Symbol qw(qualify_to_ref);
34 use Crypt::Rijndael;
35 use MIME::Base64;
36 use Digest::MD5 qw(md5 md5_hex md5_base64);
37 use XML::Simple;
38 use Data::Dumper;
39 use Sys::Syslog qw( :DEFAULT setlogsock);
40 use Cwd;
41 use File::Spec;
42 use File::Basename;
43 use GOSA::DBsqlite;
44 use GOSA::GosaSupportDaemon;
45 use POE qw(Component::Server::TCP);
47 my $modules_path = "/usr/lib/gosa-si/modules";
48 use lib "/usr/lib/gosa-si/modules";
50 my (%cfg_defaults, $foreground, $verbose, $ping_timeout);
51 my ($bus_activ, $bus, $msg_to_bus, $bus_cipher);
52 my ($server, $server_mac_address);
53 my ($gosa_server, $job_queue_timeout, $job_queue_table_name, $job_queue_file_name,$job_queue_loop_delay);
54 my ($known_modules, $known_clients_file_name, $known_server_file_name);
55 my ($pid_file, $procid, $pid, $log_file);
56 my ($arp_activ, $arp_fifo);
57 my ($xml);
59 # variables declared in config file are always set to 'our'
60 our (%cfg_defaults, $log_file, $pid_file,
61 $server_ip, $server_port, $SIPackages_key,
62 $arp_activ, $gosa_unit_tag,
63 $GosaPackages_key, $gosa_ip, $gosa_port, $gosa_timeout,
64 );
66 # additional variable which should be globaly accessable
67 our $server_address;
68 our $bus_address;
69 our $gosa_address;
70 our $no_bus;
71 our $no_arp;
72 our $verbose;
73 our $forground;
74 our $cfg_file;
76 # specifies the verbosity of the daemon_log
77 $verbose = 0 ;
79 # if foreground is not null, script will be not forked to background
80 $foreground = 0 ;
82 # specifies the timeout seconds while checking the online status of a registrating client
83 $ping_timeout = 5;
85 $no_bus = 0;
86 $bus_activ = "true";
88 $no_arp = 0;
90 # holds all gosa jobs
91 our $job_db;
92 our $job_queue_table_name = 'jobs';
94 # holds all other gosa-sd as well as the gosa-sd-bus
95 our $known_server_db;
97 # holds all registrated clients
98 our $known_clients_db;
99 our $prg= basename($0);
101 %cfg_defaults = (
102 "general" => {
103 "log-file" => [\$log_file, "/var/run/".$prg.".log"],
104 "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"],
105 },
106 "bus" => {
107 "activ" => [\$bus_activ, "true"],
108 },
109 "server" => {
110 # "ip" => [\$server_ip, "0.0.0.0"],
111 "port" => [\$server_port, "20081"],
112 "known-clients" => [\$known_clients_file_name, '/var/lib/gosa-si/clients.db' ],
113 "known-servers" => [\$known_server_file_name, '/var/lib/gosa-si/servers.db'],
114 "gosa-unit-tag" => [\$gosa_unit_tag, ""],
115 },
116 "GOsaPackages" => {
117 "ip" => [\$gosa_ip, "0.0.0.0"],
118 "port" => [\$gosa_port, "20082"],
119 "job-queue" => [\$job_queue_file_name, '/var/lib/gosa-si/jobs.db'],
120 "job-queue-loop-delay" => [\$job_queue_loop_delay, 3],
121 "key" => [\$GosaPackages_key, "none"],
122 },
123 "SIPackages" => {
124 "key" => [\$SIPackages_key, "none"],
125 },
126 );
129 #=== FUNCTION ================================================================
130 # NAME: usage
131 # PARAMETERS: nothing
132 # RETURNS: nothing
133 # DESCRIPTION: print out usage text to STDERR
134 #===============================================================================
135 sub usage {
136 print STDERR << "EOF" ;
137 usage: $prg [-hvf] [-c config]
139 -h : this (help) message
140 -c <file> : config file
141 -f : foreground, process will not be forked to background
142 -v : be verbose (multiple to increase verbosity)
143 -no-bus : starts $prg without connection to bus
144 -no-arp : starts $prg without connection to arp module
146 EOF
147 print "\n" ;
148 }
151 #=== FUNCTION ================================================================
152 # NAME: read_configfile
153 # PARAMETERS: cfg_file - string -
154 # RETURNS: nothing
155 # DESCRIPTION: read cfg_file and set variables
156 #===============================================================================
157 sub read_configfile {
158 my $cfg;
159 if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
160 if( -r $cfg_file ) {
161 $cfg = Config::IniFiles->new( -file => $cfg_file );
162 } else {
163 print STDERR "Couldn't read config file!\n";
164 }
165 } else {
166 $cfg = Config::IniFiles->new() ;
167 }
168 foreach my $section (keys %cfg_defaults) {
169 foreach my $param (keys %{$cfg_defaults{ $section }}) {
170 my $pinfo = $cfg_defaults{ $section }{ $param };
171 ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
172 }
173 }
174 }
177 #=== FUNCTION ================================================================
178 # NAME: logging
179 # PARAMETERS: level - string - default 'info'
180 # msg - string -
181 # facility - string - default 'LOG_DAEMON'
182 # RETURNS: nothing
183 # DESCRIPTION: function for logging
184 #===============================================================================
185 sub daemon_log {
186 # log into log_file
187 my( $msg, $level ) = @_;
188 if(not defined $msg) { return }
189 if(not defined $level) { $level = 1 }
190 if(defined $log_file){
191 open(LOG_HANDLE, ">>$log_file");
192 if(not defined open( LOG_HANDLE, ">>$log_file" )) {
193 print STDERR "cannot open $log_file: $!";
194 return }
195 chomp($msg);
196 if($level <= $verbose){
197 my ($seconds, $minutes, $hours, $monthday, $month,
198 $year, $weekday, $yearday, $sommertime) = localtime(time);
199 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
200 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
201 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
202 my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
203 $month = $monthnames[$month];
204 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
205 $year+=1900;
206 my $name = $prg;
208 my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n";
209 print LOG_HANDLE $log_msg;
210 if( $foreground ) {
211 print STDERR $log_msg;
212 }
213 }
214 close( LOG_HANDLE );
215 }
216 #log into syslog
217 # my ($msg, $level, $facility) = @_;
218 # if(not defined $msg) {return}
219 # if(not defined $level) {$level = "info"}
220 # if(not defined $facility) {$facility = "LOG_DAEMON"}
221 # openlog($0, "pid,cons,", $facility);
222 # syslog($level, $msg);
223 # closelog;
224 # return;
225 }
228 #=== FUNCTION ================================================================
229 # NAME: check_cmdline_param
230 # PARAMETERS: nothing
231 # RETURNS: nothing
232 # DESCRIPTION: validates commandline parameter
233 #===============================================================================
234 sub check_cmdline_param () {
235 my $err_config;
236 my $err_counter = 0;
237 if(not defined($cfg_file)) {
238 $cfg_file = "/etc/gosa-si/server.conf";
239 if(! -r $cfg_file) {
240 $err_config = "please specify a config file";
241 $err_counter += 1;
242 }
243 }
244 if( $err_counter > 0 ) {
245 &usage( "", 1 );
246 if( defined( $err_config)) { print STDERR "$err_config\n"}
247 print STDERR "\n";
248 exit( -1 );
249 }
250 }
253 #=== FUNCTION ================================================================
254 # NAME: check_pid
255 # PARAMETERS: nothing
256 # RETURNS: nothing
257 # DESCRIPTION: handels pid processing
258 #===============================================================================
259 sub check_pid {
260 $pid = -1;
261 # Check, if we are already running
262 if( open(LOCK_FILE, "<$pid_file") ) {
263 $pid = <LOCK_FILE>;
264 if( defined $pid ) {
265 chomp( $pid );
266 if( -f "/proc/$pid/stat" ) {
267 my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
268 if( $0 eq $stat ) {
269 close( LOCK_FILE );
270 exit -1;
271 }
272 }
273 }
274 close( LOCK_FILE );
275 unlink( $pid_file );
276 }
278 # create a syslog msg if it is not to possible to open PID file
279 if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
280 my($msg) = "Couldn't obtain lockfile '$pid_file' ";
281 if (open(LOCK_FILE, '<', $pid_file)
282 && ($pid = <LOCK_FILE>))
283 {
284 chomp($pid);
285 $msg .= "(PID $pid)\n";
286 } else {
287 $msg .= "(unable to read PID)\n";
288 }
289 if( ! ($foreground) ) {
290 openlog( $0, "cons,pid", "daemon" );
291 syslog( "warning", $msg );
292 closelog();
293 }
294 else {
295 print( STDERR " $msg " );
296 }
297 exit( -1 );
298 }
299 }
301 #=== FUNCTION ================================================================
302 # NAME: import_modules
303 # PARAMETERS: module_path - string - abs. path to the directory the modules
304 # are stored
305 # RETURNS: nothing
306 # DESCRIPTION: each file in module_path which ends with '.pm' and activation
307 # state is on is imported by "require 'file';"
308 #===============================================================================
309 sub import_modules {
310 daemon_log(" ", 1);
312 if (not -e $modules_path) {
313 daemon_log("ERROR: cannot find directory or directory is not readable: $modules_path", 1);
314 }
316 opendir (DIR, $modules_path) or die "ERROR while loading modules from directory $modules_path : $!\n";
317 while (defined (my $file = readdir (DIR))) {
318 if (not $file =~ /(\S*?).pm$/) {
319 next;
320 }
321 my $mod_name = $1;
323 if( $file =~ /ArpHandler.pm/ ) {
324 if( $no_arp > 0 ) {
325 next;
326 }
327 }
329 eval { require $file; };
330 if ($@) {
331 daemon_log("ERROR: gosa-si-server could not load module $file", 1);
332 daemon_log("$@", 5);
333 } else {
334 my $info = eval($mod_name.'::get_module_info()');
335 # Only load module if get_module_info() returns a non-null object
336 if( $info ) {
337 my ($input_address, $input_key, $input, $input_active, $input_type) = @{$info};
338 $known_modules->{$mod_name} = $info;
339 daemon_log("module $mod_name loaded", 1);
340 }
341 }
342 }
343 close (DIR);
344 }
347 #=== FUNCTION ================================================================
348 # NAME: sig_int_handler
349 # PARAMETERS: signal - string - signal arose from system
350 # RETURNS: noting
351 # DESCRIPTION: handels tasks to be done befor signal becomes active
352 #===============================================================================
353 sub sig_int_handler {
354 my ($signal) = @_;
356 daemon_log("shutting down gosa-si-server", 1);
357 exit(1);
358 }
359 $SIG{INT} = \&sig_int_handler;
363 sub check_key_and_xml_validity {
364 my ($crypted_msg, $module_key) = @_;
365 my $msg;
366 my $msg_hash;
367 my $error_string;
368 eval{
369 $msg = &decrypt_msg($crypted_msg, $module_key);
371 if ($msg =~ /<xml>/i){
372 &main::daemon_log("decrypted_msg: \n$msg", 8);
373 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
375 ##############
376 # check header
377 if( not exists $msg_hash->{'header'} ) { die "no header specified"; }
378 my $header_l = $msg_hash->{'header'};
379 if( 1 > @{$header_l} ) { die 'empty header tag'; }
380 if( 1 < @{$header_l} ) { die 'more than one header specified'; }
381 my $header = @{$header_l}[0];
382 if( 0 == length $header) { die 'empty string in header tag'; }
384 ##############
385 # check source
386 if( not exists $msg_hash->{'source'} ) { die "no source specified"; }
387 my $source_l = $msg_hash->{'source'};
388 if( 1 > @{$source_l} ) { die 'empty source tag'; }
389 if( 1 < @{$source_l} ) { die 'more than one source specified'; }
390 my $source = @{$source_l}[0];
391 if( 0 == length $source) { die 'source error'; }
393 ##############
394 # check target
395 if( not exists $msg_hash->{'target'} ) { die "no target specified"; }
396 my $target_l = $msg_hash->{'target'};
397 if( 1 > @{$target_l} ) { die 'empty target tag'; }
398 }
399 };
400 if($@) {
401 &main::daemon_log("WARNING: do not understand the message", 5);
402 &main::daemon_log("$@", 8);
403 $msg = undef;
404 $msg_hash = undef;
405 }
407 return ($msg, $msg_hash);
408 }
411 sub check_outgoing_xml_validity {
412 my ($msg) = @_;
414 my $msg_hash;
415 eval{
416 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
418 ##############
419 # check header
420 my $header_l = $msg_hash->{'header'};
421 if( 1 != @{$header_l} ) {
422 die 'no or more than one headers specified';
423 }
424 my $header = @{$header_l}[0];
425 if( 0 == length $header) {
426 die 'header has length 0';
427 }
429 ##############
430 # check source
431 my $source_l = $msg_hash->{'source'};
432 if( 1 != @{$source_l} ) {
433 die 'no or more than 1 sources specified';
434 }
435 my $source = @{$source_l}[0];
436 if( 0 == length $source) {
437 die 'source has length 0';
438 }
439 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
440 $source =~ /^GOSA$/i ) {
441 die "source '$source' is neither a complete ip-address with port nor 'GOSA'";
442 }
444 ##############
445 # check target
446 my $target_l = $msg_hash->{'target'};
447 if( 0 == @{$target_l} ) {
448 die "no targets specified";
449 }
450 foreach my $target (@$target_l) {
451 if( 0 == length $target) {
452 die "target has length 0";
453 }
454 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
455 $target =~ /^GOSA$/i ||
456 $target =~ /^\*$/ ||
457 $target =~ /KNOWN_SERVER/i ||
458 $target =~ /JOBDB/i ||
459 $target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ){
460 die "target '$target' is not a complete ip-address with port or a valid target name or a mac-address";
461 }
462 }
463 };
464 if($@) {
465 daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5);
466 daemon_log("$@ ".(defined($msg) && length($msg)>0)?$msg:"Empty Message", 8);
467 $msg_hash = undef;
468 }
470 return ($msg_hash);
471 }
474 sub input_from_known_server {
475 my ($input, $remote_ip) = @_ ;
476 my ($msg, $msg_hash, $module);
478 my $sql_statement= "SELECT * FROM known_server";
479 my $query_res = $known_server_db->select_dbentry( $sql_statement );
481 while( my ($hit_num, $hit) = each %{ $query_res } ) {
482 my $host_name = $hit->{hostname};
483 if( not $host_name =~ "^$remote_ip") {
484 next;
485 }
486 my $host_key = $hit->{hostkey};
487 daemon_log("SIPackages: known_server host_name: $host_name", 7);
488 daemon_log("SIPackages: known_server host_key: $host_key", 7);
490 # check if module can open msg envelope with module key
491 my ($tmp_msg, $tmp_msg_hash) = &check_key_and_xml_validity($input, $host_key);
492 if( (!$tmp_msg) || (!$tmp_msg_hash) ) {
493 daemon_log("SIPackages: deciphering raise error", 7);
494 daemon_log("$@", 8);
495 next;
496 }
497 else {
498 $msg = $tmp_msg;
499 $msg_hash = $tmp_msg_hash;
500 $module = "SIPackages";
501 last;
502 }
503 }
505 if( (!$msg) || (!$msg_hash) || (!$module) ) {
506 daemon_log("Incoming message is not from a known server", 3);
507 }
509 return ($msg, $msg_hash, $module);
510 }
513 sub input_from_known_client {
514 my ($input, $remote_ip) = @_ ;
515 my ($msg, $msg_hash, $module);
517 my $sql_statement= "SELECT * FROM known_clients";
518 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
519 while( my ($hit_num, $hit) = each %{ $query_res } ) {
520 my $host_name = $hit->{hostname};
521 if( not $host_name =~ /^$remote_ip:\d*$/) {
522 next;
523 }
524 my $host_key = $hit->{hostkey};
525 &daemon_log("SIPackages: known_client host_name: $host_name", 7);
526 &daemon_log("SIPackages: known_client host_key: $host_key", 7);
528 # check if module can open msg envelope with module key
529 ($msg, $msg_hash) = &check_key_and_xml_validity($input, $host_key);
531 if( (!$msg) || (!$msg_hash) ) {
532 &daemon_log("SIPackages: deciphering raise error", 7);
533 &daemon_log("$@", 8);
534 next;
535 }
536 else {
537 $module = "SIPackages";
538 last;
539 }
540 }
542 if( (!$msg) || (!$msg_hash) || (!$module) ) {
543 &daemon_log("Incoming message is not from a known client", 3);
544 }
546 return ($msg, $msg_hash, $module);
547 }
550 sub input_from_unknown_host {
551 no strict "refs";
552 my ($input) = @_ ;
553 my ($msg, $msg_hash, $module);
554 my $error_string;
556 my %act_modules = %$known_modules;
558 while( my ($mod, $info) = each(%act_modules)) {
560 # check a key exists for this module
561 my $module_key = ${$mod."_key"};
562 if( not defined $module_key ) {
563 if( $mod eq 'ArpHandler' ) {
564 next;
565 }
566 daemon_log("ERROR: no key specified in config file for $mod", 1);
567 next;
568 }
569 daemon_log("$mod: $module_key", 5);
571 # check if module can open msg envelope with module key
572 ($msg, $msg_hash) = &check_key_and_xml_validity($input, $module_key);
573 if( (not defined $msg) || (not defined $msg_hash) ) {
574 next;
575 }
576 else {
577 $module = $mod;
578 last;
579 }
580 }
582 if( (!$msg) || (!$msg_hash) || (!$module)) {
583 daemon_log("Incoming message is not from an unknown host", 5);
584 }
586 return ($msg, $msg_hash, $module);
587 }
590 sub create_ciphering {
591 my ($passwd) = @_;
592 if((!defined($passwd)) || length($passwd)==0) {
593 $passwd = "";
594 }
595 $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
596 my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
597 my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
598 $my_cipher->set_iv($iv);
599 return $my_cipher;
600 }
603 sub encrypt_msg {
604 my ($msg, $key) = @_;
605 my $my_cipher = &create_ciphering($key);
606 {
607 use bytes;
608 $msg = "\0"x(16-length($msg)%16).$msg;
609 }
610 $msg = $my_cipher->encrypt($msg);
611 chomp($msg = &encode_base64($msg));
612 # there are no newlines allowed inside msg
613 $msg=~ s/\n//g;
614 return $msg;
615 }
618 sub decrypt_msg {
620 my ($msg, $key) = @_ ;
621 $msg = &decode_base64($msg);
622 my $my_cipher = &create_ciphering($key);
623 $msg = $my_cipher->decrypt($msg);
624 $msg =~ s/\0*//g;
625 return $msg;
626 }
629 sub get_encrypt_key {
630 my ($target) = @_ ;
631 my $encrypt_key;
632 my $error = 0;
634 # target can be in known_server
635 if( not defined $encrypt_key ) {
636 my $sql_statement= "SELECT * FROM known_server WHERE hostname='$target'";
637 my $query_res = $known_server_db->select_dbentry( $sql_statement );
638 while( my ($hit_num, $hit) = each %{ $query_res } ) {
639 my $host_name = $hit->{hostname};
640 if( $host_name ne $target ) {
641 next;
642 }
643 $encrypt_key = $hit->{hostkey};
644 last;
645 }
646 }
648 # target can be in known_client
649 if( not defined $encrypt_key ) {
650 my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$target'";
651 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
652 while( my ($hit_num, $hit) = each %{ $query_res } ) {
653 my $host_name = $hit->{hostname};
654 if( $host_name ne $target ) {
655 next;
656 }
657 $encrypt_key = $hit->{hostkey};
658 last;
659 }
660 }
662 return $encrypt_key;
663 }
666 #=== FUNCTION ================================================================
667 # NAME: open_socket
668 # PARAMETERS: PeerAddr string something like 192.168.1.1 or 192.168.1.1:10000
669 # [PeerPort] string necessary if port not appended by PeerAddr
670 # RETURNS: socket IO::Socket::INET
671 # DESCRIPTION: open a socket to PeerAddr
672 #===============================================================================
673 sub open_socket {
674 my ($PeerAddr, $PeerPort) = @_ ;
675 if(defined($PeerPort)){
676 $PeerAddr = $PeerAddr.":".$PeerPort;
677 }
678 my $socket;
679 $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
680 Porto => "tcp",
681 Type => SOCK_STREAM,
682 Timeout => 5,
683 );
684 if(not defined $socket) {
685 return;
686 }
687 &daemon_log("open_socket: $PeerAddr", 7);
688 return $socket;
689 }
692 #=== FUNCTION ================================================================
693 # NAME: get_ip
694 # PARAMETERS: interface name (i.e. eth0)
695 # RETURNS: (ip address)
696 # DESCRIPTION: Uses ioctl to get ip address directly from system.
697 #===============================================================================
698 sub get_ip {
699 my $ifreq= shift;
700 my $result= "";
701 my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
702 my $proto= getprotobyname('ip');
704 socket SOCKET, PF_INET, SOCK_DGRAM, $proto
705 or die "socket: $!";
707 if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
708 my ($if, $sin) = unpack 'a16 a16', $ifreq;
709 my ($port, $addr) = sockaddr_in $sin;
710 my $ip = inet_ntoa $addr;
712 if ($ip && length($ip) > 0) {
713 $result = $ip;
714 }
715 }
717 return $result;
718 }
720 sub get_local_ip_for_remote_ip {
721 my $remote_ip= shift;
722 my $result="0.0.0.0";
724 if($remote_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
725 if($remote_ip eq "127.0.0.1") {
726 $result = "127.0.0.1";
727 } else {
728 my $PROC_NET_ROUTE= ('/proc/net/route');
730 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
731 or die "Could not open $PROC_NET_ROUTE";
733 my @ifs = <PROC_NET_ROUTE>;
735 close(PROC_NET_ROUTE);
737 # Eat header line
738 shift @ifs;
739 chomp @ifs;
740 foreach my $line(@ifs) {
741 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
742 my $destination;
743 my $mask;
744 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
745 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
746 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
747 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
748 if(new NetAddr::IP($remote_ip)->within(new NetAddr::IP($destination, $mask))) {
749 # destination matches route, save mac and exit
750 $result= &get_ip($Iface);
751 last;
752 }
753 }
754 }
755 } else {
756 daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $remote_ip", 1);
757 }
758 return $result;
759 }
761 sub send_msg_to_target {
762 my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
763 my $error = 0;
764 my $header;
765 my $new_status;
766 my $act_status;
767 my ($sql_statement, $res);
769 if( $msg_header ) {
770 $header = "'$msg_header'-";
771 }
772 else {
773 $header = "";
774 }
776 # Patch the source ip
777 if($msg =~ /<source>0\.0\.0\.0:\d*?<\/source>/) {
778 my $remote_ip = &get_local_ip_for_remote_ip(sprintf("%s", $address =~ /^([0-9\.]*?):.*$/));
779 $msg =~ s/<source>(0\.0\.0\.0):(\d*?)<\/source>/<source>$remote_ip:$2<\/source>/s;
780 }
782 # encrypt xml msg
783 my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
785 # opensocket
786 my $socket = &open_socket($address);
787 if( !$socket ) {
788 daemon_log("cannot send ".$header."msg to $address , host not reachable", 1);
789 $error++;
790 }
792 if( $error == 0 ) {
793 # send xml msg
794 print $socket $crypted_msg."\n";
796 daemon_log("send ".$header."msg to $address", 1);
797 daemon_log("message:\n$msg", 8);
799 }
801 # close socket in any case
802 if( $socket ) {
803 close $socket;
804 }
806 if( $error > 0 ) { $new_status = "down"; }
807 else { $new_status = $msg_header; }
810 # known_clients
811 $sql_statement = "SELECT * FROM known_clients WHERE hostname='$address'";
812 $res = $known_clients_db->select_dbentry($sql_statement);
813 if( keys(%$res) > 0) {
814 $act_status = $res->{1}->{'status'};
815 if( $act_status eq "down" ) {
816 $sql_statement = "DELETE FROM known_clients WHERE hostname='$address'";
817 $res = $known_clients_db->del_dbentry($sql_statement);
818 daemon_log("WARNING: failed 2x to send msg to host '$address', delete host from known_clients", 3);
819 }
820 else {
821 $sql_statement = "UPDATE known_clients SET status='$new_status' WHERE hostname='$address'";
822 $res = $known_clients_db->update_dbentry($sql_statement);
823 if($new_status eq "down"){
824 daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3);
825 }
826 else {
827 daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5);
828 }
829 }
830 }
832 # known_server
833 $sql_statement = "SELECT * FROM known_server WHERE hostname='$address'";
834 $res = $known_server_db->select_dbentry($sql_statement);
835 if( keys(%$res) > 0 ) {
836 $act_status = $res->{1}->{'status'};
837 if( $act_status eq "down" ) {
838 $sql_statement = "DELETE FROM known_server WHERE hostname='$address'";
839 $res = $known_server_db->del_dbentry($sql_statement);
840 daemon_log("WARNING: failed 2x to a send msg to host '$address', delete host from known_server", 3);
841 }
842 else {
843 $sql_statement = "UPDATE known_server SET status='$new_status' WHERE hostname='$address'";
844 $res = $known_server_db->update_dbentry($sql_statement);
845 if($new_status eq "down"){
846 daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3);
847 }
848 else {
849 daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5);
850 }
851 }
852 }
854 return $error;
855 }
858 sub _start {
859 my ($kernel) = $_[KERNEL];
860 &trigger_db_loop($kernel);
861 }
864 sub client_input {
865 no strict "refs";
866 my ($kernel, $session, $heap,$input,$wheel) = @_[KERNEL, SESSION, HEAP, ARG0, ARG1];
867 my $session_id = $session->ID;
868 my ($msg, $msg_hash, $module);
869 my $error = 0;
870 my $answer_l;
871 my ($answer_header, @answer_target_l, $answer_source);
872 my $client_answer;
874 daemon_log("Incoming msg from '".$heap->{'remote_ip'}."'", 7);
875 daemon_log("message:\n$input", 8);
877 ####################
878 # check incoming msg
879 # msg is from a new client or gosa
880 ($msg, $msg_hash, $module) = &input_from_unknown_host($input);
881 # msg is from a gosa-si-server or gosa-si-bus
882 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
883 ($msg, $msg_hash, $module) = &input_from_known_server($input, $heap->{'remote_ip'});
884 }
885 # msg is from a gosa-si-client
886 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
887 ($msg, $msg_hash, $module) = &input_from_known_client($input, $heap->{'remote_ip'});
888 }
889 # an error occurred
890 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
891 $error++;
892 }
894 ######################
895 # process incoming msg
896 if( $error == 0) {
897 daemon_log("Processing module ".$module, 5);
898 $answer_l = &{ $module."::process_incoming_msg" }($msg, $msg_hash, $session_id);
900 if ( 0 > @{$answer_l} ) {
901 my $answer_str = join("\n", @{$answer_l});
902 daemon_log("$module: Got answer from module: \n".$answer_str,8);
903 }
904 }
905 if( !$answer_l ) { $error++ };
907 ########
908 # answer
909 if( $error == 0 ) {
911 foreach my $answer ( @{$answer_l} ) {
912 # for each answer in answer list
914 # check outgoing msg to xml validity
915 my $answer_hash = &check_outgoing_xml_validity($answer);
916 if( not defined $answer_hash ) {
917 next;
918 }
920 $answer_header = @{$answer_hash->{'header'}}[0];
921 @answer_target_l = @{$answer_hash->{'target'}};
922 $answer_source = @{$answer_hash->{'source'}}[0];
924 # deliver msg to all targets
925 foreach my $answer_target ( @answer_target_l ) {
927 # targets of msg are all gosa-si-clients in known_clients_db
928 if( $answer_target eq "*" ) {
929 # answer is for all clients
930 my $sql_statement= "SELECT * FROM known_clients";
931 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
932 while( my ($hit_num, $hit) = each %{ $query_res } ) {
933 my $host_name = $hit->{hostname};
934 my $host_key = $hit->{hostkey};
935 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
936 }
937 }
939 # targets of msg are all gosa-si-server in known_server_db
940 elsif( $answer_target eq "KNOWN_SERVER" ) {
941 # answer is for all server in known_server
942 my $sql_statement= "SELECT * FROM known_server";
943 my $query_res = $known_server_db->select_dbentry( $sql_statement );
944 while( my ($hit_num, $hit) = each %{ $query_res } ) {
945 my $host_name = $hit->{hostname};
946 my $host_key = $hit->{hostkey};
947 $answer =~ s/KNOWN_SERVER/$host_name/g;
948 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
949 }
950 }
952 # target of msg is GOsa
953 elsif( $answer_target eq "GOSA" ) {
954 $answer =~ /<session_id>(\d+)<\/session_id>/;
955 my $session_id = $1;
956 my $add_on = "";
957 if( defined $session_id ) {
958 $add_on = ".session_id=$session_id";
959 }
960 # answer is for GOSA and has to returned to connected client
961 my $gosa_answer = &encrypt_msg($answer, $GosaPackages_key);
962 $client_answer = $gosa_answer.$add_on;
963 }
965 # target of msg is job queue at this host
966 elsif( $answer_target eq "JOBDB") {
967 $answer =~ /<header>(\S+)<\/header>/;
968 my $header;
969 if( defined $1 ) { $header = $1; }
970 &send_msg_to_target($answer, $server_address, $GosaPackages_key, $header);
971 }
973 # target of msg is a mac address
974 elsif( $answer_target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ) {
975 daemon_log("target is mac address '$answer_target', looking for host in known_clients", 3);
976 my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$answer_target'";
977 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
978 my $found_ip_flag = 0;
979 while( my ($hit_num, $hit) = each %{ $query_res } ) {
980 my $host_name = $hit->{hostname};
981 my $host_key = $hit->{hostkey};
982 $answer =~ s/$answer_target/$host_name/g;
983 daemon_log("found host '$host_name', associated to '$answer_target'", 3);
984 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
985 $found_ip_flag++ ;
986 }
987 if( $found_ip_flag == 0) {
988 daemon_log("WARNING: no host found in known_clients with mac address '$answer_target'", 3);
989 if( $bus_activ eq "true" ) {
990 daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5);
991 my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'";
992 my $query_res = $known_server_db->select_dbentry( $sql_statement );
993 while( my ($hit_num, $hit) = each %{ $query_res } ) {
994 my $bus_address = $hit->{hostname};
995 my $bus_key = $hit->{hostkey};
996 &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header);
997 last;
998 }
999 }
1001 }
1003 # answer is for one specific host
1004 } else {
1005 # get encrypt_key
1006 my $encrypt_key = &get_encrypt_key($answer_target);
1007 if( not defined $encrypt_key ) {
1008 # unknown target, forward msg to bus
1009 daemon_log("WARNING: unknown target '$answer_target'", 3);
1010 if( $bus_activ eq "true" ) {
1011 daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5);
1012 my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'";
1013 my $query_res = $known_server_db->select_dbentry( $sql_statement );
1014 my $res_length = keys( %{$query_res} );
1015 if( $res_length == 0 ){
1016 daemon_log("WARNING: send '$answer_header' to '$bus_address' failed, no bus found in known_server", 3);
1017 }
1018 else {
1019 while( my ($hit_num, $hit) = each %{ $query_res } ) {
1020 my $bus_key = $hit->{hostkey};
1021 &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header);
1022 }
1023 }
1024 }
1025 next;
1026 }
1027 # send_msg
1028 &send_msg_to_target($answer, $answer_target, $encrypt_key, $answer_header);
1029 }
1030 }
1031 }
1032 }
1034 if( $client_answer ) {
1035 if( $client_answer =~ s/session_id=(\d+)$// ) {
1036 my $session_id = $1;
1037 if( defined $session_id ) {
1038 my $session_reference = $kernel->ID_id_to_session($session_id);
1039 $heap = $session_reference->get_heap();
1040 }
1041 }
1042 $heap->{client}->put($client_answer);
1043 }
1045 return;
1046 }
1050 sub trigger_db_loop {
1051 # my ($kernel) = $_[KERNEL];
1052 my ($kernel) = @_ ;
1053 $kernel->delay_set('watch_for_new_jobs', $job_queue_loop_delay);
1054 }
1057 sub watch_for_new_jobs {
1058 my ($kernel,$heap) = @_[KERNEL, HEAP];
1060 # check gosa job queue for jobs with executable timestamp
1061 my $timestamp = &get_time();
1062 my $sql_statement = "SELECT * FROM ".$job_queue_table_name.
1063 " WHERE status='waiting' AND timestamp<'$timestamp'";
1064 my $res = $job_db->select_dbentry( $sql_statement );
1066 while( my ($id, $hit) = each %{$res} ) {
1067 my $jobdb_id = $hit->{id};
1068 my $macaddress = $hit->{'macaddress'};
1069 my $job_msg = $hit->{'xmlmessage'};
1070 my $header = $hit->{'headertag'};
1071 my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$macaddress'";
1072 my $res_hash = $known_clients_db->select_dbentry( $sql_statement );
1073 # expect macaddress is unique!!!!!!
1074 my $target = $res_hash->{1}->{hostname};
1076 if (not defined $target) {
1077 &daemon_log("ERROR: no host found for mac address: $macaddress", 1);
1078 &daemon_log("$hit->{xmlmessage}", 8);
1079 my $sql_statement = "UPDATE $job_queue_table_name ".
1080 "SET status='error', result='no host found for mac address' ".
1081 "WHERE id='$jobdb_id'";
1082 my $res = $job_db->update_dbentry($sql_statement);
1083 next;
1084 }
1086 # change header
1087 $job_msg =~ s/<header>job_/<header>gosa_/;
1089 # add sqlite_id
1090 $job_msg =~ s/<\/xml>$/<jobdb_id>$jobdb_id<\/jobdb_id><\/xml>/;
1092 my $func_error = &send_msg_to_target($job_msg, $server_address, $GosaPackages_key, $header);
1094 # if ( $func_error ) {
1095 #print STDERR "========================================\n";
1096 #print STDERR "func_error: $func_error\n";
1097 #
1098 # my $sql_statement = "UPDATE $job_queue_table_name ".
1099 # "SET status='error', targettag='$target' ".
1100 # "WHERE id='$jobdb_id'";
1101 #print STDERR "sql: $sql_statement\n";
1102 # my $res = $job_db->update_dbentry($sql_statement);
1103 #print STDERR "res: ".Dumper($res);
1104 #
1105 # } else {
1106 #print STDERR "========================================\n";
1107 #print STDERR "func_error: $func_error\n";
1108 #
1109 # my $sql_statement = "UPDATE $job_queue_table_name ".
1110 # "SET status='done', targettag='$target' ".
1111 # "WHERE id='$jobdb_id'";
1112 #print STDERR "sql: $sql_statement\n";
1113 # my $res = $job_db->update_dbentry($sql_statement);
1114 #print STDERR "res: ".Dumper($res);
1115 # }
1116 }
1118 $kernel->delay_set('watch_for_new_jobs',3);
1119 }
1122 #==== MAIN = main ==============================================================
1123 # parse commandline options
1124 Getopt::Long::Configure( "bundling" );
1125 GetOptions("h|help" => \&usage,
1126 "c|config=s" => \$cfg_file,
1127 "f|foreground" => \$foreground,
1128 "v|verbose+" => \$verbose,
1129 "no-bus+" => \$no_bus,
1130 "no-arp+" => \$no_arp,
1131 );
1133 # read and set config parameters
1134 &check_cmdline_param ;
1135 &read_configfile;
1136 &check_pid;
1138 $SIG{CHLD} = 'IGNORE';
1140 # forward error messages to logfile
1141 if( ! $foreground ) {
1142 open(STDERR, '>>', $log_file);
1143 open(STDOUT, '>>', $log_file);
1144 }
1146 # Just fork, if we are not in foreground mode
1147 if( ! $foreground ) {
1148 chdir '/' or die "Can't chdir to /: $!";
1149 $pid = fork;
1150 setsid or die "Can't start a new session: $!";
1151 umask 0;
1152 } else {
1153 $pid = $$;
1154 }
1156 # Do something useful - put our PID into the pid_file
1157 if( 0 != $pid ) {
1158 open( LOCK_FILE, ">$pid_file" );
1159 print LOCK_FILE "$pid\n";
1160 close( LOCK_FILE );
1161 if( !$foreground ) {
1162 exit( 0 )
1163 };
1164 }
1166 daemon_log(" ", 1);
1167 daemon_log("$0 started!", 1);
1169 if ($no_bus > 0) {
1170 $bus_activ = "false"
1171 }
1175 # delete old DBsqlite lock files
1176 #unlink('/tmp/gosa_si_lock*');
1178 # connect to gosa-si job queue
1179 my @job_col_names = ("id INTEGER", "timestamp", "status", "result", "progress", "headertag", "targettag", "xmlmessage", "macaddress");
1180 $job_db = GOSA::DBsqlite->new($job_queue_file_name);
1181 $job_db->create_table('jobs', \@job_col_names);
1183 # connect to known_clients_db
1184 my @clients_col_names = ('hostname', 'status', 'hostkey', 'timestamp', 'macaddress', 'events');
1185 $known_clients_db = GOSA::DBsqlite->new($known_clients_file_name);
1186 $known_clients_db->create_table('known_clients', \@clients_col_names);
1188 # connect to known_server_db
1189 my @server_col_names = ('hostname', 'status', 'hostkey', 'timestamp');
1190 $known_server_db = GOSA::DBsqlite->new($known_server_file_name);
1191 $known_server_db->create_table('known_server', \@server_col_names);
1193 # create xml object used for en/decrypting
1194 $xml = new XML::Simple();
1196 # create socket for incoming xml messages
1197 POE::Component::Server::TCP->new(
1198 Port => $server_port,
1199 ClientInput => \&client_input,
1200 );
1201 daemon_log("start socket for incoming xml messages at port '$server_port' ", 1);
1203 # create session for repeatedly checking the job queue for jobs
1204 POE::Session->create(
1205 inline_states => {
1206 _start => \&_start,
1207 watch_for_new_jobs => \&watch_for_new_jobs,
1208 }
1209 );
1212 # import all modules
1213 &import_modules;
1215 # check wether all modules are gosa-si valid passwd check
1217 POE::Kernel->run();
1218 exit;