![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 #!/usr/bin/perl
2 #===============================================================================
3 #
4 # FILE: gosa-sd
5 #
6 # USAGE: ./gosa-sd
7 #
8 # DESCRIPTION:
9 #
10 # OPTIONS: ---
11 # REQUIREMENTS: libconfig-inifiles-perl libcrypt-rijndael-perl libxml-simple-perl
12 # libdata-dumper-simple-perl libdbd-sqlite3-perl libnet-ldap-perl
13 # libpoe-perl
14 # BUGS: ---
15 # NOTES:
16 # AUTHOR: (Andreas Rettenberger), <rettenberger@gonicus.de>
17 # COMPANY:
18 # VERSION: 1.0
19 # CREATED: 12.09.2007 08:54:41 CEST
20 # REVISION: ---
21 #===============================================================================
23 use strict;
24 use warnings;
25 use Getopt::Long;
26 use Config::IniFiles;
27 use POSIX;
28 use utf8;
30 use Fcntl;
31 use IO::Socket::INET;
32 use IO::Handle;
33 use IO::Select;
34 use Symbol qw(qualify_to_ref);
35 use Crypt::Rijndael;
36 use MIME::Base64;
37 use Digest::MD5 qw(md5 md5_hex md5_base64);
38 use XML::Simple;
39 use Data::Dumper;
40 use Sys::Syslog qw( :DEFAULT setlogsock);
41 use Cwd;
42 use File::Spec;
43 use File::Basename;
44 use GOSA::DBsqlite;
45 use GOSA::GosaSupportDaemon;
46 use POE qw(Component::Server::TCP);
48 my $modules_path = "/usr/lib/gosa-si/modules";
49 use lib "/usr/lib/gosa-si/modules";
51 my (%cfg_defaults, $foreground, $verbose, $ping_timeout);
52 my ($bus_activ, $bus, $msg_to_bus, $bus_cipher);
53 my ($server, $server_mac_address);
54 my ($gosa_server, $job_queue_timeout, $job_queue_loop_delay);
55 my ($known_modules);
56 my ($pid_file, $procid, $pid, $log_file);
57 my ($arp_activ, $arp_fifo);
58 my ($xml);
60 # variables declared in config file are always set to 'our'
61 our (%cfg_defaults, $log_file, $pid_file,
62 $server_ip, $server_port, $SIPackages_key,
63 $arp_activ, $gosa_unit_tag,
64 $GosaPackages_key, $gosa_ip, $gosa_port, $gosa_timeout,
65 );
67 # additional variable which should be globaly accessable
68 our $server_address;
69 our $bus_address;
70 our $gosa_address;
71 our $no_bus;
72 our $no_arp;
73 our $verbose;
74 our $forground;
75 our $cfg_file;
77 # specifies the verbosity of the daemon_log
78 $verbose = 0 ;
80 # if foreground is not null, script will be not forked to background
81 $foreground = 0 ;
83 # specifies the timeout seconds while checking the online status of a registrating client
84 $ping_timeout = 5;
86 $no_bus = 0;
87 $bus_activ = "true";
89 $no_arp = 0;
91 our $prg= basename($0);
93 # holds all gosa jobs
94 our $job_db;
95 our $job_queue_tn = 'jobs';
96 my $job_queue_file_name;
97 my @job_queue_col_names = ("id INTEGER", "timestamp", "status", "result", "progress INTEGER",
98 "headertag", "targettag", "xmlmessage", "macaddress");
100 # holds all other gosa-sd as well as the gosa-sd-bus
101 our $known_server_db;
102 our $known_server_tn = "known_server";
103 my $known_server_file_name;
104 my @known_server_col_names = ('hostname', 'status', 'hostkey', 'timestamp');
106 # holds all registrated clients
107 our $known_clients_db;
108 our $known_clients_tn = "known_clients";
109 my $known_clients_file_name;
110 my @known_clients_col_names = ('hostname', 'status', 'hostkey', 'timestamp', 'macaddress', 'events');
112 # holds all logged in user at each client
113 our $login_users_db;
114 our $login_users_tn = "login_users";
115 my $login_users_file_name;
116 my @login_users_col_names = ('client', 'user', 'timestamp');
118 # holds all fai server, the debian release and tag
119 our $fai_server_db;
120 our $fai_server_tn = "fai_server";
121 my $fai_server_file_name;
122 my @fai_server_col_names = ('timestamp', 'server', 'release', 'tag');
124 %cfg_defaults = (
125 "general" => {
126 "log-file" => [\$log_file, "/var/run/".$prg.".log"],
127 "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"],
128 },
129 "bus" => {
130 "activ" => [\$bus_activ, "true"],
131 },
132 "server" => {
133 # "ip" => [\$server_ip, "0.0.0.0"],
134 "port" => [\$server_port, "20081"],
135 "known-clients" => [\$known_clients_file_name, '/var/lib/gosa-si/clients.db' ],
136 "known-servers" => [\$known_server_file_name, '/var/lib/gosa-si/servers.db'],
137 "login-users" => [\$login_users_file_name, '/var/lib/gosa-si/users.db'],
138 "fai-server" => [\$fai_server_file_name, '/var/lib/gosa-si/fai.db'],
139 "gosa-unit-tag" => [\$gosa_unit_tag, ""],
140 },
141 "GOsaPackages" => {
142 "ip" => [\$gosa_ip, "0.0.0.0"],
143 "port" => [\$gosa_port, "20082"],
144 "job-queue" => [\$job_queue_file_name, '/var/lib/gosa-si/jobs.db'],
145 "job-queue-loop-delay" => [\$job_queue_loop_delay, 3],
146 "key" => [\$GosaPackages_key, "none"],
147 },
148 "SIPackages" => {
149 "key" => [\$SIPackages_key, "none"],
150 },
151 );
154 #=== FUNCTION ================================================================
155 # NAME: usage
156 # PARAMETERS: nothing
157 # RETURNS: nothing
158 # DESCRIPTION: print out usage text to STDERR
159 #===============================================================================
160 sub usage {
161 print STDERR << "EOF" ;
162 usage: $prg [-hvf] [-c config]
164 -h : this (help) message
165 -c <file> : config file
166 -f : foreground, process will not be forked to background
167 -v : be verbose (multiple to increase verbosity)
168 -no-bus : starts $prg without connection to bus
169 -no-arp : starts $prg without connection to arp module
171 EOF
172 print "\n" ;
173 }
176 #=== FUNCTION ================================================================
177 # NAME: read_configfile
178 # PARAMETERS: cfg_file - string -
179 # RETURNS: nothing
180 # DESCRIPTION: read cfg_file and set variables
181 #===============================================================================
182 sub read_configfile {
183 my $cfg;
184 if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
185 if( -r $cfg_file ) {
186 $cfg = Config::IniFiles->new( -file => $cfg_file );
187 } else {
188 print STDERR "Couldn't read config file!\n";
189 }
190 } else {
191 $cfg = Config::IniFiles->new() ;
192 }
193 foreach my $section (keys %cfg_defaults) {
194 foreach my $param (keys %{$cfg_defaults{ $section }}) {
195 my $pinfo = $cfg_defaults{ $section }{ $param };
196 ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
197 }
198 }
199 }
202 #=== FUNCTION ================================================================
203 # NAME: logging
204 # PARAMETERS: level - string - default 'info'
205 # msg - string -
206 # facility - string - default 'LOG_DAEMON'
207 # RETURNS: nothing
208 # DESCRIPTION: function for logging
209 #===============================================================================
210 sub daemon_log {
211 # log into log_file
212 my( $msg, $level ) = @_;
213 if(not defined $msg) { return }
214 if(not defined $level) { $level = 1 }
215 if(defined $log_file){
216 open(LOG_HANDLE, ">>$log_file");
217 if(not defined open( LOG_HANDLE, ">>$log_file" )) {
218 print STDERR "cannot open $log_file: $!";
219 return }
220 chomp($msg);
221 if($level <= $verbose){
222 my ($seconds, $minutes, $hours, $monthday, $month,
223 $year, $weekday, $yearday, $sommertime) = localtime(time);
224 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
225 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
226 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
227 my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
228 $month = $monthnames[$month];
229 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
230 $year+=1900;
231 my $name = $prg;
233 my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n";
234 print LOG_HANDLE $log_msg;
235 if( $foreground ) {
236 print STDERR $log_msg;
237 }
238 }
239 close( LOG_HANDLE );
240 }
241 }
244 #=== FUNCTION ================================================================
245 # NAME: check_cmdline_param
246 # PARAMETERS: nothing
247 # RETURNS: nothing
248 # DESCRIPTION: validates commandline parameter
249 #===============================================================================
250 sub check_cmdline_param () {
251 my $err_config;
252 my $err_counter = 0;
253 if(not defined($cfg_file)) {
254 $cfg_file = "/etc/gosa-si/server.conf";
255 if(! -r $cfg_file) {
256 $err_config = "please specify a config file";
257 $err_counter += 1;
258 }
259 }
260 if( $err_counter > 0 ) {
261 &usage( "", 1 );
262 if( defined( $err_config)) { print STDERR "$err_config\n"}
263 print STDERR "\n";
264 exit( -1 );
265 }
266 }
269 #=== FUNCTION ================================================================
270 # NAME: check_pid
271 # PARAMETERS: nothing
272 # RETURNS: nothing
273 # DESCRIPTION: handels pid processing
274 #===============================================================================
275 sub check_pid {
276 $pid = -1;
277 # Check, if we are already running
278 if( open(LOCK_FILE, "<$pid_file") ) {
279 $pid = <LOCK_FILE>;
280 if( defined $pid ) {
281 chomp( $pid );
282 if( -f "/proc/$pid/stat" ) {
283 my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
284 if( $0 eq $stat ) {
285 close( LOCK_FILE );
286 exit -1;
287 }
288 }
289 }
290 close( LOCK_FILE );
291 unlink( $pid_file );
292 }
294 # create a syslog msg if it is not to possible to open PID file
295 if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
296 my($msg) = "Couldn't obtain lockfile '$pid_file' ";
297 if (open(LOCK_FILE, '<', $pid_file)
298 && ($pid = <LOCK_FILE>))
299 {
300 chomp($pid);
301 $msg .= "(PID $pid)\n";
302 } else {
303 $msg .= "(unable to read PID)\n";
304 }
305 if( ! ($foreground) ) {
306 openlog( $0, "cons,pid", "daemon" );
307 syslog( "warning", $msg );
308 closelog();
309 }
310 else {
311 print( STDERR " $msg " );
312 }
313 exit( -1 );
314 }
315 }
317 #=== FUNCTION ================================================================
318 # NAME: import_modules
319 # PARAMETERS: module_path - string - abs. path to the directory the modules
320 # are stored
321 # RETURNS: nothing
322 # DESCRIPTION: each file in module_path which ends with '.pm' and activation
323 # state is on is imported by "require 'file';"
324 #===============================================================================
325 sub import_modules {
326 daemon_log(" ", 1);
328 if (not -e $modules_path) {
329 daemon_log("ERROR: cannot find directory or directory is not readable: $modules_path", 1);
330 }
332 opendir (DIR, $modules_path) or die "ERROR while loading modules from directory $modules_path : $!\n";
333 while (defined (my $file = readdir (DIR))) {
334 if (not $file =~ /(\S*?).pm$/) {
335 next;
336 }
337 my $mod_name = $1;
339 if( $file =~ /ArpHandler.pm/ ) {
340 if( $no_arp > 0 ) {
341 next;
342 }
343 }
345 eval { require $file; };
346 if ($@) {
347 daemon_log("ERROR: gosa-si-server could not load module $file", 1);
348 daemon_log("$@", 5);
349 } else {
350 my $info = eval($mod_name.'::get_module_info()');
351 # Only load module if get_module_info() returns a non-null object
352 if( $info ) {
353 my ($input_address, $input_key, $input, $input_active, $input_type) = @{$info};
354 $known_modules->{$mod_name} = $info;
355 daemon_log("INFO: module $mod_name loaded", 5);
356 }
357 }
358 }
359 close (DIR);
360 }
363 #=== FUNCTION ================================================================
364 # NAME: sig_int_handler
365 # PARAMETERS: signal - string - signal arose from system
366 # RETURNS: noting
367 # DESCRIPTION: handels tasks to be done befor signal becomes active
368 #===============================================================================
369 sub sig_int_handler {
370 my ($signal) = @_;
372 daemon_log("shutting down gosa-si-server", 1);
373 exit(1);
374 }
375 $SIG{INT} = \&sig_int_handler;
379 sub check_key_and_xml_validity {
380 my ($crypted_msg, $module_key) = @_;
381 my $msg;
382 my $msg_hash;
383 my $error_string;
384 eval{
385 $msg = &decrypt_msg($crypted_msg, $module_key);
387 if ($msg =~ /<xml>/i){
388 &main::daemon_log("decrypted_msg: \n$msg", 8);
389 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
391 ##############
392 # check header
393 if( not exists $msg_hash->{'header'} ) { die "no header specified"; }
394 my $header_l = $msg_hash->{'header'};
395 if( 1 > @{$header_l} ) { die 'empty header tag'; }
396 if( 1 < @{$header_l} ) { die 'more than one header specified'; }
397 my $header = @{$header_l}[0];
398 if( 0 == length $header) { die 'empty string in header tag'; }
400 ##############
401 # check source
402 if( not exists $msg_hash->{'source'} ) { die "no source specified"; }
403 my $source_l = $msg_hash->{'source'};
404 if( 1 > @{$source_l} ) { die 'empty source tag'; }
405 if( 1 < @{$source_l} ) { die 'more than one source specified'; }
406 my $source = @{$source_l}[0];
407 if( 0 == length $source) { die 'source error'; }
409 ##############
410 # check target
411 if( not exists $msg_hash->{'target'} ) { die "no target specified"; }
412 my $target_l = $msg_hash->{'target'};
413 if( 1 > @{$target_l} ) { die 'empty target tag'; }
414 }
415 };
416 if($@) {
417 &main::daemon_log("WARNING: do not understand the message", 5);
418 &main::daemon_log("$@", 8);
419 $msg = undef;
420 $msg_hash = undef;
421 }
423 return ($msg, $msg_hash);
424 }
427 sub check_outgoing_xml_validity {
428 my ($msg) = @_;
430 my $msg_hash;
431 eval{
432 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
434 ##############
435 # check header
436 my $header_l = $msg_hash->{'header'};
437 if( 1 != @{$header_l} ) {
438 die 'no or more than one headers specified';
439 }
440 my $header = @{$header_l}[0];
441 if( 0 == length $header) {
442 die 'header has length 0';
443 }
445 ##############
446 # check source
447 my $source_l = $msg_hash->{'source'};
448 if( 1 != @{$source_l} ) {
449 die 'no or more than 1 sources specified';
450 }
451 my $source = @{$source_l}[0];
452 if( 0 == length $source) {
453 die 'source has length 0';
454 }
455 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
456 $source =~ /^GOSA$/i ) {
457 die "source '$source' is neither a complete ip-address with port nor 'GOSA'";
458 }
460 ##############
461 # check target
462 my $target_l = $msg_hash->{'target'};
463 if( 0 == @{$target_l} ) {
464 die "no targets specified";
465 }
466 foreach my $target (@$target_l) {
467 if( 0 == length $target) {
468 die "target has length 0";
469 }
470 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
471 $target =~ /^GOSA$/i ||
472 $target =~ /^\*$/ ||
473 $target =~ /KNOWN_SERVER/i ||
474 $target =~ /JOBDB/i ||
475 $target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ){
476 die "target '$target' is not a complete ip-address with port or a valid target name or a mac-address";
477 }
478 }
479 };
480 if($@) {
481 daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5);
482 daemon_log("$@ ".(defined($msg) && length($msg)>0)?$msg:"Empty Message", 8);
483 $msg_hash = undef;
484 }
486 return ($msg_hash);
487 }
490 sub input_from_known_server {
491 my ($input, $remote_ip) = @_ ;
492 my ($msg, $msg_hash, $module);
494 my $sql_statement= "SELECT * FROM known_server";
495 my $query_res = $known_server_db->select_dbentry( $sql_statement );
497 while( my ($hit_num, $hit) = each %{ $query_res } ) {
498 my $host_name = $hit->{hostname};
499 if( not $host_name =~ "^$remote_ip") {
500 next;
501 }
502 my $host_key = $hit->{hostkey};
503 daemon_log("DEBUG: input_from_known_server: host_name: $host_name", 7);
504 daemon_log("DEBUG: input_from_known_server: host_key: $host_key", 7);
506 # check if module can open msg envelope with module key
507 my ($tmp_msg, $tmp_msg_hash) = &check_key_and_xml_validity($input, $host_key);
508 if( (!$tmp_msg) || (!$tmp_msg_hash) ) {
509 daemon_log("DEBUG: input_from_known_server: deciphering raise error", 7);
510 daemon_log("$@", 8);
511 next;
512 }
513 else {
514 $msg = $tmp_msg;
515 $msg_hash = $tmp_msg_hash;
516 $module = "SIPackages";
517 last;
518 }
519 }
521 if( (!$msg) || (!$msg_hash) || (!$module) ) {
522 daemon_log("INFO: Incoming message is not from a known server", 5);
523 }
525 return ($msg, $msg_hash, $module);
526 }
529 sub input_from_known_client {
530 my ($input, $remote_ip) = @_ ;
531 my ($msg, $msg_hash, $module);
533 my $sql_statement= "SELECT * FROM known_clients";
534 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
535 while( my ($hit_num, $hit) = each %{ $query_res } ) {
536 my $host_name = $hit->{hostname};
537 if( not $host_name =~ /^$remote_ip:\d*$/) {
538 next;
539 }
540 my $host_key = $hit->{hostkey};
541 &daemon_log("DEBUG: input_from_known_client: host_name: $host_name", 7);
542 &daemon_log("DEBUG: input_from_known_client: host_key: $host_key", 7);
544 # check if module can open msg envelope with module key
545 ($msg, $msg_hash) = &check_key_and_xml_validity($input, $host_key);
547 if( (!$msg) || (!$msg_hash) ) {
548 &daemon_log("DEGUG: input_from_known_client: deciphering raise error", 7);
549 &daemon_log("$@", 8);
550 next;
551 }
552 else {
553 $module = "SIPackages";
554 last;
555 }
556 }
558 if( (!$msg) || (!$msg_hash) || (!$module) ) {
559 &daemon_log("INFO: Incoming message is not from a known client", 5);
560 }
562 return ($msg, $msg_hash, $module);
563 }
566 sub input_from_unknown_host {
567 no strict "refs";
568 my ($input) = @_ ;
569 my ($msg, $msg_hash, $module);
570 my $error_string;
572 my %act_modules = %$known_modules;
574 while( my ($mod, $info) = each(%act_modules)) {
576 # check a key exists for this module
577 my $module_key = ${$mod."_key"};
578 if( not defined $module_key ) {
579 if( $mod eq 'ArpHandler' ) {
580 next;
581 }
582 daemon_log("ERROR: no key specified in config file for $mod", 1);
583 next;
584 }
585 daemon_log("DEBUG: $mod: $module_key", 7);
587 # check if module can open msg envelope with module key
588 ($msg, $msg_hash) = &check_key_and_xml_validity($input, $module_key);
589 if( (not defined $msg) || (not defined $msg_hash) ) {
590 next;
591 }
592 else {
593 $module = $mod;
594 last;
595 }
596 }
598 if( (!$msg) || (!$msg_hash) || (!$module)) {
599 daemon_log("INFO: Incoming message is not from an unknown host", 5);
600 }
602 return ($msg, $msg_hash, $module);
603 }
606 sub create_ciphering {
607 my ($passwd) = @_;
608 if((!defined($passwd)) || length($passwd)==0) {
609 $passwd = "";
610 }
611 $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
612 my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
613 my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
614 $my_cipher->set_iv($iv);
615 return $my_cipher;
616 }
619 sub encrypt_msg {
620 my ($msg, $key) = @_;
621 my $my_cipher = &create_ciphering($key);
622 my $len;
623 {
624 use bytes;
625 $len= 16-length($msg)%16;
626 }
627 $msg = "\0"x($len).$msg;
628 $msg = $my_cipher->encrypt($msg);
629 chomp($msg = &encode_base64($msg));
630 # there are no newlines allowed inside msg
631 $msg=~ s/\n//g;
632 return $msg;
633 }
636 sub decrypt_msg {
638 my ($msg, $key) = @_ ;
639 $msg = &decode_base64($msg);
640 my $my_cipher = &create_ciphering($key);
641 $msg = $my_cipher->decrypt($msg);
642 $msg =~ s/\0*//g;
643 return $msg;
644 }
647 sub get_encrypt_key {
648 my ($target) = @_ ;
649 my $encrypt_key;
650 my $error = 0;
652 # target can be in known_server
653 if( not defined $encrypt_key ) {
654 my $sql_statement= "SELECT * FROM known_server WHERE hostname='$target'";
655 my $query_res = $known_server_db->select_dbentry( $sql_statement );
656 while( my ($hit_num, $hit) = each %{ $query_res } ) {
657 my $host_name = $hit->{hostname};
658 if( $host_name ne $target ) {
659 next;
660 }
661 $encrypt_key = $hit->{hostkey};
662 last;
663 }
664 }
666 # target can be in known_client
667 if( not defined $encrypt_key ) {
668 my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$target'";
669 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
670 while( my ($hit_num, $hit) = each %{ $query_res } ) {
671 my $host_name = $hit->{hostname};
672 if( $host_name ne $target ) {
673 next;
674 }
675 $encrypt_key = $hit->{hostkey};
676 last;
677 }
678 }
680 return $encrypt_key;
681 }
684 #=== FUNCTION ================================================================
685 # NAME: open_socket
686 # PARAMETERS: PeerAddr string something like 192.168.1.1 or 192.168.1.1:10000
687 # [PeerPort] string necessary if port not appended by PeerAddr
688 # RETURNS: socket IO::Socket::INET
689 # DESCRIPTION: open a socket to PeerAddr
690 #===============================================================================
691 sub open_socket {
692 my ($PeerAddr, $PeerPort) = @_ ;
693 if(defined($PeerPort)){
694 $PeerAddr = $PeerAddr.":".$PeerPort;
695 }
696 my $socket;
697 $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
698 Porto => "tcp",
699 Type => SOCK_STREAM,
700 Timeout => 5,
701 );
702 if(not defined $socket) {
703 return;
704 }
705 # &daemon_log("DEBUG: open_socket: $PeerAddr", 7);
706 return $socket;
707 }
710 #=== FUNCTION ================================================================
711 # NAME: get_ip
712 # PARAMETERS: interface name (i.e. eth0)
713 # RETURNS: (ip address)
714 # DESCRIPTION: Uses ioctl to get ip address directly from system.
715 #===============================================================================
716 sub get_ip {
717 my $ifreq= shift;
718 my $result= "";
719 my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
720 my $proto= getprotobyname('ip');
722 socket SOCKET, PF_INET, SOCK_DGRAM, $proto
723 or die "socket: $!";
725 if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
726 my ($if, $sin) = unpack 'a16 a16', $ifreq;
727 my ($port, $addr) = sockaddr_in $sin;
728 my $ip = inet_ntoa $addr;
730 if ($ip && length($ip) > 0) {
731 $result = $ip;
732 }
733 }
735 return $result;
736 }
738 sub get_local_ip_for_remote_ip {
739 my $remote_ip= shift;
740 my $result="0.0.0.0";
742 if($remote_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
743 if($remote_ip eq "127.0.0.1") {
744 $result = "127.0.0.1";
745 } else {
746 my $PROC_NET_ROUTE= ('/proc/net/route');
748 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
749 or die "Could not open $PROC_NET_ROUTE";
751 my @ifs = <PROC_NET_ROUTE>;
753 close(PROC_NET_ROUTE);
755 # Eat header line
756 shift @ifs;
757 chomp @ifs;
758 foreach my $line(@ifs) {
759 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
760 my $destination;
761 my $mask;
762 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
763 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
764 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
765 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
766 if(new NetAddr::IP($remote_ip)->within(new NetAddr::IP($destination, $mask))) {
767 # destination matches route, save mac and exit
768 $result= &get_ip($Iface);
769 last;
770 }
771 }
772 }
773 } else {
774 daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $remote_ip", 1);
775 }
776 return $result;
777 }
779 sub send_msg_to_target {
780 my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
781 my $error = 0;
782 my $header;
783 my $new_status;
784 my $act_status;
785 my ($sql_statement, $res);
787 if( $msg_header ) {
788 $header = "'$msg_header'-";
789 }
790 else {
791 $header = "";
792 }
794 # Patch the source ip
795 if($msg =~ /<source>0\.0\.0\.0:\d*?<\/source>/) {
796 my $remote_ip = &get_local_ip_for_remote_ip(sprintf("%s", $address =~ /^([0-9\.]*?):.*$/));
797 $msg =~ s/<source>(0\.0\.0\.0):(\d*?)<\/source>/<source>$remote_ip:$2<\/source>/s;
798 }
800 # encrypt xml msg
801 my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
803 # opensocket
804 my $socket = &open_socket($address);
805 if( !$socket ) {
806 daemon_log("ERROR: cannot send ".$header."msg to $address , host not reachable", 1);
807 $error++;
808 }
810 if( $error == 0 ) {
811 # send xml msg
812 print $socket $crypted_msg."\n";
814 daemon_log("INFO: send ".$header."msg to $address", 5);
815 daemon_log("message:\n$msg", 8);
817 }
819 # close socket in any case
820 if( $socket ) {
821 close $socket;
822 }
824 if( $error > 0 ) { $new_status = "down"; }
825 else { $new_status = $msg_header; }
828 # known_clients
829 $sql_statement = "SELECT * FROM known_clients WHERE hostname='$address'";
830 $res = $known_clients_db->select_dbentry($sql_statement);
831 if( keys(%$res) > 0) {
832 $act_status = $res->{1}->{'status'};
833 if( $act_status eq "down" ) {
834 $sql_statement = "DELETE FROM known_clients WHERE hostname='$address'";
835 $res = $known_clients_db->del_dbentry($sql_statement);
836 daemon_log("WARNING: failed 2x to send msg to host '$address', delete host from known_clients", 3);
837 }
838 else {
839 $sql_statement = "UPDATE known_clients SET status='$new_status' WHERE hostname='$address'";
840 $res = $known_clients_db->update_dbentry($sql_statement);
841 if($new_status eq "down"){
842 daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3);
843 }
844 else {
845 daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5);
846 }
847 }
848 }
850 # known_server
851 $sql_statement = "SELECT * FROM known_server WHERE hostname='$address'";
852 $res = $known_server_db->select_dbentry($sql_statement);
853 if( keys(%$res) > 0 ) {
854 $act_status = $res->{1}->{'status'};
855 if( $act_status eq "down" ) {
856 $sql_statement = "DELETE FROM known_server WHERE hostname='$address'";
857 $res = $known_server_db->del_dbentry($sql_statement);
858 daemon_log("WARNING: failed 2x to a send msg to host '$address', delete host from known_server", 3);
859 }
860 else {
861 $sql_statement = "UPDATE known_server SET status='$new_status' WHERE hostname='$address'";
862 $res = $known_server_db->update_dbentry($sql_statement);
863 if($new_status eq "down"){
864 daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3);
865 }
866 else {
867 daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5);
868 }
869 }
870 }
871 return $error;
872 }
875 sub _start {
876 my ($kernel) = $_[KERNEL];
877 &trigger_db_loop($kernel);
878 }
881 sub client_input {
882 no strict "refs";
883 my ($kernel, $session, $heap,$input,$wheel) = @_[KERNEL, SESSION, HEAP, ARG0, ARG1];
884 my $session_id = $session->ID;
885 my ($msg, $msg_hash, $module);
886 my $error = 0;
887 my $answer_l;
888 my ($answer_header, @answer_target_l, $answer_source);
889 my $client_answer;
891 daemon_log("INFO: Incoming msg from '".$heap->{'remote_ip'}."'", 5);
892 daemon_log("DEBUG: Incoming message:\n$input", 8);
894 ####################
895 # check incoming msg
896 # msg is from a new client or gosa
897 ($msg, $msg_hash, $module) = &input_from_unknown_host($input);
898 # msg is from a gosa-si-server or gosa-si-bus
899 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
900 ($msg, $msg_hash, $module) = &input_from_known_server($input, $heap->{'remote_ip'});
901 }
902 # msg is from a gosa-si-client
903 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
904 ($msg, $msg_hash, $module) = &input_from_known_client($input, $heap->{'remote_ip'});
905 }
906 # an error occurred
907 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
908 $error++;
909 }
911 ######################
912 # process incoming msg
913 if( $error == 0) {
914 daemon_log("DEBUG: Processing module ".$module, 7);
915 $answer_l = &{ $module."::process_incoming_msg" }($msg, $msg_hash, $session_id);
917 if ( 0 > @{$answer_l} ) {
918 my $answer_str = join("\n", @{$answer_l});
919 daemon_log("DEGUB: $module: Got answer from module: \n".$answer_str,8);
920 }
921 }
922 if( !$answer_l ) { $error++ };
924 ########
925 # answer
926 if( $error == 0 ) {
928 foreach my $answer ( @{$answer_l} ) {
929 # for each answer in answer list
931 # check outgoing msg to xml validity
932 my $answer_hash = &check_outgoing_xml_validity($answer);
933 if( not defined $answer_hash ) {
934 next;
935 }
937 $answer_header = @{$answer_hash->{'header'}}[0];
938 @answer_target_l = @{$answer_hash->{'target'}};
939 $answer_source = @{$answer_hash->{'source'}}[0];
941 # deliver msg to all targets
942 foreach my $answer_target ( @answer_target_l ) {
944 # targets of msg are all gosa-si-clients in known_clients_db
945 if( $answer_target eq "*" ) {
946 # answer is for all clients
947 my $sql_statement= "SELECT * FROM known_clients";
948 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
949 while( my ($hit_num, $hit) = each %{ $query_res } ) {
950 my $host_name = $hit->{hostname};
951 my $host_key = $hit->{hostkey};
952 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
953 }
954 }
956 # targets of msg are all gosa-si-server in known_server_db
957 elsif( $answer_target eq "KNOWN_SERVER" ) {
958 # answer is for all server in known_server
959 my $sql_statement= "SELECT * FROM known_server";
960 my $query_res = $known_server_db->select_dbentry( $sql_statement );
961 while( my ($hit_num, $hit) = each %{ $query_res } ) {
962 my $host_name = $hit->{hostname};
963 my $host_key = $hit->{hostkey};
964 $answer =~ s/KNOWN_SERVER/$host_name/g;
965 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
966 }
967 }
969 # target of msg is GOsa
970 elsif( $answer_target eq "GOSA" ) {
971 $answer =~ /<session_id>(\d+)<\/session_id>/;
972 my $session_id = $1;
973 my $add_on = "";
974 if( defined $session_id ) {
975 $add_on = ".session_id=$session_id";
976 }
977 # answer is for GOSA and has to returned to connected client
978 my $gosa_answer = &encrypt_msg($answer, $GosaPackages_key);
979 $client_answer = $gosa_answer.$add_on;
980 }
982 # target of msg is job queue at this host
983 elsif( $answer_target eq "JOBDB") {
984 $answer =~ /<header>(\S+)<\/header>/;
985 my $header;
986 if( defined $1 ) { $header = $1; }
987 &send_msg_to_target($answer, $server_address, $GosaPackages_key, $header);
988 }
990 # target of msg is a mac address
991 elsif( $answer_target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ) {
992 daemon_log("target is mac address '$answer_target', looking for host in known_clients", 3);
993 my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$answer_target'";
994 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
995 my $found_ip_flag = 0;
996 while( my ($hit_num, $hit) = each %{ $query_res } ) {
997 my $host_name = $hit->{hostname};
998 my $host_key = $hit->{hostkey};
999 $answer =~ s/$answer_target/$host_name/g;
1000 daemon_log("found host '$host_name', associated to '$answer_target'", 3);
1001 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
1002 $found_ip_flag++ ;
1003 }
1004 if( $found_ip_flag == 0) {
1005 daemon_log("WARNING: no host found in known_clients with mac address '$answer_target'", 3);
1006 if( $bus_activ eq "true" ) {
1007 daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5);
1008 my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'";
1009 my $query_res = $known_server_db->select_dbentry( $sql_statement );
1010 while( my ($hit_num, $hit) = each %{ $query_res } ) {
1011 my $bus_address = $hit->{hostname};
1012 my $bus_key = $hit->{hostkey};
1013 &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header);
1014 last;
1015 }
1016 }
1018 }
1020 # answer is for one specific host
1021 } else {
1022 # get encrypt_key
1023 my $encrypt_key = &get_encrypt_key($answer_target);
1024 if( not defined $encrypt_key ) {
1025 # unknown target, forward msg to bus
1026 daemon_log("WARNING: unknown target '$answer_target'", 3);
1027 if( $bus_activ eq "true" ) {
1028 daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5);
1029 my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'";
1030 my $query_res = $known_server_db->select_dbentry( $sql_statement );
1031 my $res_length = keys( %{$query_res} );
1032 if( $res_length == 0 ){
1033 daemon_log("WARNING: send '$answer_header' to '$bus_address' failed, no bus found in known_server", 3);
1034 }
1035 else {
1036 while( my ($hit_num, $hit) = each %{ $query_res } ) {
1037 my $bus_key = $hit->{hostkey};
1038 &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header);
1039 }
1040 }
1041 }
1042 next;
1043 }
1044 # send_msg
1045 &send_msg_to_target($answer, $answer_target, $encrypt_key, $answer_header);
1046 }
1047 }
1048 }
1049 }
1051 if( $client_answer ) {
1052 if( $client_answer =~ s/session_id=(\d+)$// ) {
1053 my $session_id = $1;
1054 if( defined $session_id ) {
1055 my $session_reference = $kernel->ID_id_to_session($session_id);
1056 $heap = $session_reference->get_heap();
1057 }
1058 }
1059 $heap->{client}->put($client_answer);
1060 }
1062 return;
1063 }
1067 sub trigger_db_loop {
1068 # my ($kernel) = $_[KERNEL];
1069 my ($kernel) = @_ ;
1070 $kernel->delay_set('watch_for_new_jobs', $job_queue_loop_delay);
1071 }
1074 sub watch_for_new_jobs {
1075 my ($kernel,$heap) = @_[KERNEL, HEAP];
1077 # check gosa job queue for jobs with executable timestamp
1078 my $timestamp = &get_time();
1079 my $sql_statement = "SELECT * FROM ".$job_queue_tn.
1080 " WHERE status='waiting' AND timestamp<'$timestamp'";
1081 my $res = $job_db->select_dbentry( $sql_statement );
1083 while( my ($id, $hit) = each %{$res} ) {
1084 my $jobdb_id = $hit->{id};
1085 my $macaddress = $hit->{'macaddress'};
1086 my $job_msg = $hit->{'xmlmessage'};
1087 my $header = $hit->{'headertag'};
1088 my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$macaddress'";
1089 my $res_hash = $known_clients_db->select_dbentry( $sql_statement );
1090 # expect macaddress is unique!!!!!!
1091 my $target = $res_hash->{1}->{hostname};
1093 if (not defined $target) {
1094 &daemon_log("ERROR: no host found for mac address: $macaddress", 1);
1095 &daemon_log("$hit->{xmlmessage}", 8);
1096 my $sql_statement = "UPDATE $job_queue_tn ".
1097 "SET status='error', result='no host found for mac address' ".
1098 "WHERE id='$jobdb_id'";
1099 my $res = $job_db->update_dbentry($sql_statement);
1100 next;
1101 }
1103 # change header
1104 $job_msg =~ s/<header>job_/<header>gosa_/;
1106 # add sqlite_id
1107 $job_msg =~ s/<\/xml>$/<jobdb_id>$jobdb_id<\/jobdb_id><\/xml>/;
1109 my $func_error = &send_msg_to_target($job_msg, $server_address, $GosaPackages_key, $header);
1110 }
1112 $kernel->delay_set('watch_for_new_jobs',3);
1113 }
1116 sub create_fai_server_db {
1118 #####################################################################
1119 #
1120 # TODO für dich Cajus :-)
1121 #
1122 # ###################################################################
1126 $fai_server_db->add_dbentry( {
1127 table => $fai_server_tn,
1128 primkey => [],
1129 server => "dummyserver",
1130 release => "kleinkind",
1131 tag => "imwachstum",
1132 } );
1133 return;
1134 }
1138 #==== MAIN = main ==============================================================
1139 # parse commandline options
1140 Getopt::Long::Configure( "bundling" );
1141 GetOptions("h|help" => \&usage,
1142 "c|config=s" => \$cfg_file,
1143 "f|foreground" => \$foreground,
1144 "v|verbose+" => \$verbose,
1145 "no-bus+" => \$no_bus,
1146 "no-arp+" => \$no_arp,
1147 );
1149 # read and set config parameters
1150 &check_cmdline_param ;
1151 &read_configfile;
1152 &check_pid;
1154 $SIG{CHLD} = 'IGNORE';
1156 # forward error messages to logfile
1157 if( ! $foreground ) {
1158 open(STDERR, '>>', $log_file);
1159 open(STDOUT, '>>', $log_file);
1160 }
1162 # Just fork, if we are not in foreground mode
1163 if( ! $foreground ) {
1164 chdir '/' or die "Can't chdir to /: $!";
1165 $pid = fork;
1166 setsid or die "Can't start a new session: $!";
1167 umask 0;
1168 } else {
1169 $pid = $$;
1170 }
1172 # Do something useful - put our PID into the pid_file
1173 if( 0 != $pid ) {
1174 open( LOCK_FILE, ">$pid_file" );
1175 print LOCK_FILE "$pid\n";
1176 close( LOCK_FILE );
1177 if( !$foreground ) {
1178 exit( 0 )
1179 };
1180 }
1182 daemon_log(" ", 1);
1183 daemon_log("$0 started!", 1);
1185 if ($no_bus > 0) {
1186 $bus_activ = "false"
1187 }
1191 # delete old DBsqlite lock files
1192 #unlink('/tmp/gosa_si_lock*');
1194 # connect to gosa-si job queue
1195 $job_db = GOSA::DBsqlite->new($job_queue_file_name);
1196 $job_db->create_table($job_queue_tn, \@job_queue_col_names);
1198 # connect to known_clients_db
1199 $known_clients_db = GOSA::DBsqlite->new($known_clients_file_name);
1200 $known_clients_db->create_table($known_clients_tn, \@known_clients_col_names);
1202 # connect to known_server_db
1203 $known_server_db = GOSA::DBsqlite->new($known_server_file_name);
1204 $known_server_db->create_table($known_server_tn, \@known_server_col_names);
1206 # connect to login_usr_db
1207 $login_users_db = GOSA::DBsqlite->new($login_users_file_name);
1208 $login_users_db->create_table($login_users_tn, \@login_users_col_names);
1211 # connect to fai_server_db
1212 $fai_server_db = GOSA::DBsqlite->new($fai_server_file_name);
1213 $fai_server_db->create_table($fai_server_tn, \@fai_server_col_names);
1214 &create_fai_server_db;
1216 # create xml object used for en/decrypting
1217 $xml = new XML::Simple();
1219 # create socket for incoming xml messages
1220 POE::Component::Server::TCP->new(
1221 Port => $server_port,
1222 ClientInput => \&client_input,
1223 );
1224 daemon_log("start socket for incoming xml messages at port '$server_port' ", 1);
1226 # create session for repeatedly checking the job queue for jobs
1227 POE::Session->create(
1228 inline_states => {
1229 _start => \&_start,
1230 watch_for_new_jobs => \&watch_for_new_jobs,
1231 }
1232 );
1235 # import all modules
1236 &import_modules;
1238 # check wether all modules are gosa-si valid passwd check
1240 POE::Kernel->run();
1241 exit;