![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
90579fd082d47459e5da18b09a5b17084e93d0ef
1 #!/usr/bin/perl
2 #===============================================================================
3 #
4 # FILE: gosa-sd
5 #
6 # USAGE: ./gosa-sd
7 #
8 # DESCRIPTION:
9 #
10 # OPTIONS: ---
11 # REQUIREMENTS: libconfig-inifiles-perl libcrypt-rijndael-perl libxml-simple-perl
12 # libdata-dumper-simple-perl libdbd-sqlite3-perl libnet-ldap-perl
13 # libpoe-perl
14 # BUGS: ---
15 # NOTES:
16 # AUTHOR: (Andreas Rettenberger), <rettenberger@gonicus.de>
17 # COMPANY:
18 # VERSION: 1.0
19 # CREATED: 12.09.2007 08:54:41 CEST
20 # REVISION: ---
21 #===============================================================================
23 use strict;
24 use warnings;
25 use Getopt::Long;
26 use Config::IniFiles;
27 use POSIX;
28 use utf8;
30 use Fcntl;
31 use IO::Socket::INET;
32 use IO::Handle;
33 use IO::Select;
34 use Symbol qw(qualify_to_ref);
35 use Crypt::Rijndael;
36 use MIME::Base64;
37 use Digest::MD5 qw(md5 md5_hex md5_base64);
38 use XML::Simple;
39 use Data::Dumper;
40 use Sys::Syslog qw( :DEFAULT setlogsock);
41 use Cwd;
42 use File::Spec;
43 use File::Basename;
44 use GOSA::DBsqlite;
45 use GOSA::GosaSupportDaemon;
46 use POE qw(Component::Server::TCP);
47 use Net::LDAP;
48 use Net::LDAP::Util qw(:escape);
50 my $modules_path = "/usr/lib/gosa-si/modules";
51 use lib "/usr/lib/gosa-si/modules";
53 my (%cfg_defaults, $foreground, $verbose, $ping_timeout);
54 my ($bus_activ, $bus, $msg_to_bus, $bus_cipher);
55 my ($server, $server_mac_address);
56 my ($gosa_server, $job_queue_timeout, $job_queue_loop_delay);
57 my ($known_modules);
58 my ($pid_file, $procid, $pid, $log_file);
59 my ($arp_activ, $arp_fifo);
60 my ($xml);
61 my ($ldap_uri, $ldap_base, $ldap_admin_dn, $ldap_admin_password);
63 # variables declared in config file are always set to 'our'
64 our (%cfg_defaults, $log_file, $pid_file,
65 $server_ip, $server_port, $SIPackages_key,
66 $arp_activ, $gosa_unit_tag,
67 $GosaPackages_key, $gosa_ip, $gosa_port, $gosa_timeout,
68 );
70 # additional variable which should be globaly accessable
71 our $server_address;
72 our $bus_address;
73 our $gosa_address;
74 our $no_bus;
75 our $no_arp;
76 our $verbose;
77 our $forground;
78 our $cfg_file;
79 our $ldap_handle;
81 # specifies the verbosity of the daemon_log
82 $verbose = 0 ;
84 # if foreground is not null, script will be not forked to background
85 $foreground = 0 ;
87 # specifies the timeout seconds while checking the online status of a registrating client
88 $ping_timeout = 5;
90 $no_bus = 0;
91 $bus_activ = "true";
93 $no_arp = 0;
95 our $prg= basename($0);
97 # holds all gosa jobs
98 our $job_db;
99 our $job_queue_tn = 'jobs';
100 my $job_queue_file_name;
101 my @job_queue_col_names = ("id INTEGER", "timestamp", "status", "result", "progress INTEGER",
102 "headertag", "targettag", "xmlmessage", "macaddress");
104 # holds all other gosa-sd as well as the gosa-sd-bus
105 our $known_server_db;
106 our $known_server_tn = "known_server";
107 my $known_server_file_name;
108 my @known_server_col_names = ('hostname', 'status', 'hostkey', 'timestamp');
110 # holds all registrated clients
111 our $known_clients_db;
112 our $known_clients_tn = "known_clients";
113 my $known_clients_file_name;
114 my @known_clients_col_names = ('hostname', 'status', 'hostkey', 'timestamp', 'macaddress', 'events');
116 # holds all logged in user at each client
117 our $login_users_db;
118 our $login_users_tn = "login_users";
119 my $login_users_file_name;
120 my @login_users_col_names = ('client', 'user', 'timestamp');
122 # holds all fai server, the debian release and tag
123 our $fai_server_db;
124 our $fai_server_tn = "fai_server";
125 my $fai_server_file_name;
126 our @fai_server_col_names = ('timestamp', 'server', 'release', 'tag');
128 %cfg_defaults = (
129 "general" => {
130 "log-file" => [\$log_file, "/var/run/".$prg.".log"],
131 "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"],
132 },
133 "bus" => {
134 "activ" => [\$bus_activ, "true"],
135 },
136 "server" => {
137 # "ip" => [\$server_ip, "0.0.0.0"],
138 "port" => [\$server_port, "20081"],
139 "known-clients" => [\$known_clients_file_name, '/var/lib/gosa-si/clients.db' ],
140 "known-servers" => [\$known_server_file_name, '/var/lib/gosa-si/servers.db'],
141 "login-users" => [\$login_users_file_name, '/var/lib/gosa-si/users.db'],
142 "fai-server" => [\$fai_server_file_name, '/var/lib/gosa-si/fai.db'],
143 "ldap-uri" => [\$ldap_uri, ""],
144 "ldap-base" => [\$ldap_base, ""],
145 "ldap-admin-dn" => [\$ldap_admin_dn, ""],
146 "ldap-admin-password" => [\$ldap_admin_password, ""],
147 "gosa-unit-tag" => [\$gosa_unit_tag, ""],
148 },
149 "GOsaPackages" => {
150 "ip" => [\$gosa_ip, "0.0.0.0"],
151 "port" => [\$gosa_port, "20082"],
152 "job-queue" => [\$job_queue_file_name, '/var/lib/gosa-si/jobs.db'],
153 "job-queue-loop-delay" => [\$job_queue_loop_delay, 3],
154 "key" => [\$GosaPackages_key, "none"],
155 },
156 "SIPackages" => {
157 "key" => [\$SIPackages_key, "none"],
158 },
159 );
162 #=== FUNCTION ================================================================
163 # NAME: usage
164 # PARAMETERS: nothing
165 # RETURNS: nothing
166 # DESCRIPTION: print out usage text to STDERR
167 #===============================================================================
168 sub usage {
169 print STDERR << "EOF" ;
170 usage: $prg [-hvf] [-c config]
172 -h : this (help) message
173 -c <file> : config file
174 -f : foreground, process will not be forked to background
175 -v : be verbose (multiple to increase verbosity)
176 -no-bus : starts $prg without connection to bus
177 -no-arp : starts $prg without connection to arp module
179 EOF
180 print "\n" ;
181 }
184 #=== FUNCTION ================================================================
185 # NAME: read_configfile
186 # PARAMETERS: cfg_file - string -
187 # RETURNS: nothing
188 # DESCRIPTION: read cfg_file and set variables
189 #===============================================================================
190 sub read_configfile {
191 my $cfg;
192 if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
193 if( -r $cfg_file ) {
194 $cfg = Config::IniFiles->new( -file => $cfg_file );
195 } else {
196 print STDERR "Couldn't read config file!\n";
197 }
198 } else {
199 $cfg = Config::IniFiles->new() ;
200 }
201 foreach my $section (keys %cfg_defaults) {
202 foreach my $param (keys %{$cfg_defaults{ $section }}) {
203 my $pinfo = $cfg_defaults{ $section }{ $param };
204 ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
205 }
206 }
207 }
210 #=== FUNCTION ================================================================
211 # NAME: logging
212 # PARAMETERS: level - string - default 'info'
213 # msg - string -
214 # facility - string - default 'LOG_DAEMON'
215 # RETURNS: nothing
216 # DESCRIPTION: function for logging
217 #===============================================================================
218 sub daemon_log {
219 # log into log_file
220 my( $msg, $level ) = @_;
221 if(not defined $msg) { return }
222 if(not defined $level) { $level = 1 }
223 if(defined $log_file){
224 open(LOG_HANDLE, ">>$log_file");
225 if(not defined open( LOG_HANDLE, ">>$log_file" )) {
226 print STDERR "cannot open $log_file: $!";
227 return }
228 chomp($msg);
229 if($level <= $verbose){
230 my ($seconds, $minutes, $hours, $monthday, $month,
231 $year, $weekday, $yearday, $sommertime) = localtime(time);
232 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
233 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
234 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
235 my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
236 $month = $monthnames[$month];
237 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
238 $year+=1900;
239 my $name = $prg;
241 my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n";
242 print LOG_HANDLE $log_msg;
243 if( $foreground ) {
244 print STDERR $log_msg;
245 }
246 }
247 close( LOG_HANDLE );
248 }
249 }
252 #=== FUNCTION ================================================================
253 # NAME: check_cmdline_param
254 # PARAMETERS: nothing
255 # RETURNS: nothing
256 # DESCRIPTION: validates commandline parameter
257 #===============================================================================
258 sub check_cmdline_param () {
259 my $err_config;
260 my $err_counter = 0;
261 if(not defined($cfg_file)) {
262 $cfg_file = "/etc/gosa-si/server.conf";
263 if(! -r $cfg_file) {
264 $err_config = "please specify a config file";
265 $err_counter += 1;
266 }
267 }
268 if( $err_counter > 0 ) {
269 &usage( "", 1 );
270 if( defined( $err_config)) { print STDERR "$err_config\n"}
271 print STDERR "\n";
272 exit( -1 );
273 }
274 }
277 #=== FUNCTION ================================================================
278 # NAME: check_pid
279 # PARAMETERS: nothing
280 # RETURNS: nothing
281 # DESCRIPTION: handels pid processing
282 #===============================================================================
283 sub check_pid {
284 $pid = -1;
285 # Check, if we are already running
286 if( open(LOCK_FILE, "<$pid_file") ) {
287 $pid = <LOCK_FILE>;
288 if( defined $pid ) {
289 chomp( $pid );
290 if( -f "/proc/$pid/stat" ) {
291 my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
292 if( $0 eq $stat ) {
293 close( LOCK_FILE );
294 exit -1;
295 }
296 }
297 }
298 close( LOCK_FILE );
299 unlink( $pid_file );
300 }
302 # create a syslog msg if it is not to possible to open PID file
303 if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
304 my($msg) = "Couldn't obtain lockfile '$pid_file' ";
305 if (open(LOCK_FILE, '<', $pid_file)
306 && ($pid = <LOCK_FILE>))
307 {
308 chomp($pid);
309 $msg .= "(PID $pid)\n";
310 } else {
311 $msg .= "(unable to read PID)\n";
312 }
313 if( ! ($foreground) ) {
314 openlog( $0, "cons,pid", "daemon" );
315 syslog( "warning", $msg );
316 closelog();
317 }
318 else {
319 print( STDERR " $msg " );
320 }
321 exit( -1 );
322 }
323 }
325 #=== FUNCTION ================================================================
326 # NAME: import_modules
327 # PARAMETERS: module_path - string - abs. path to the directory the modules
328 # are stored
329 # RETURNS: nothing
330 # DESCRIPTION: each file in module_path which ends with '.pm' and activation
331 # state is on is imported by "require 'file';"
332 #===============================================================================
333 sub import_modules {
334 daemon_log(" ", 1);
336 if (not -e $modules_path) {
337 daemon_log("ERROR: cannot find directory or directory is not readable: $modules_path", 1);
338 }
340 opendir (DIR, $modules_path) or die "ERROR while loading modules from directory $modules_path : $!\n";
341 while (defined (my $file = readdir (DIR))) {
342 if (not $file =~ /(\S*?).pm$/) {
343 next;
344 }
345 my $mod_name = $1;
347 if( $file =~ /ArpHandler.pm/ ) {
348 if( $no_arp > 0 ) {
349 next;
350 }
351 }
353 eval { require $file; };
354 if ($@) {
355 daemon_log("ERROR: gosa-si-server could not load module $file", 1);
356 daemon_log("$@", 5);
357 } else {
358 my $info = eval($mod_name.'::get_module_info()');
359 # Only load module if get_module_info() returns a non-null object
360 if( $info ) {
361 my ($input_address, $input_key, $input, $input_active, $input_type) = @{$info};
362 $known_modules->{$mod_name} = $info;
363 daemon_log("INFO: module $mod_name loaded", 5);
364 }
365 }
366 }
367 close (DIR);
368 }
371 #=== FUNCTION ================================================================
372 # NAME: sig_int_handler
373 # PARAMETERS: signal - string - signal arose from system
374 # RETURNS: noting
375 # DESCRIPTION: handels tasks to be done befor signal becomes active
376 #===============================================================================
377 sub sig_int_handler {
378 my ($signal) = @_;
380 daemon_log("shutting down gosa-si-server", 1);
381 exit(1);
382 }
383 $SIG{INT} = \&sig_int_handler;
387 sub check_key_and_xml_validity {
388 my ($crypted_msg, $module_key) = @_;
389 my $msg;
390 my $msg_hash;
391 my $error_string;
392 eval{
393 $msg = &decrypt_msg($crypted_msg, $module_key);
395 if ($msg =~ /<xml>/i){
396 &main::daemon_log("decrypted_msg: \n$msg", 8);
397 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
399 ##############
400 # check header
401 if( not exists $msg_hash->{'header'} ) { die "no header specified"; }
402 my $header_l = $msg_hash->{'header'};
403 if( 1 > @{$header_l} ) { die 'empty header tag'; }
404 if( 1 < @{$header_l} ) { die 'more than one header specified'; }
405 my $header = @{$header_l}[0];
406 if( 0 == length $header) { die 'empty string in header tag'; }
408 ##############
409 # check source
410 if( not exists $msg_hash->{'source'} ) { die "no source specified"; }
411 my $source_l = $msg_hash->{'source'};
412 if( 1 > @{$source_l} ) { die 'empty source tag'; }
413 if( 1 < @{$source_l} ) { die 'more than one source specified'; }
414 my $source = @{$source_l}[0];
415 if( 0 == length $source) { die 'source error'; }
417 ##############
418 # check target
419 if( not exists $msg_hash->{'target'} ) { die "no target specified"; }
420 my $target_l = $msg_hash->{'target'};
421 if( 1 > @{$target_l} ) { die 'empty target tag'; }
422 }
423 };
424 if($@) {
425 &main::daemon_log("WARNING: do not understand the message: $@", 5);
426 $msg = undef;
427 $msg_hash = undef;
428 }
430 return ($msg, $msg_hash);
431 }
434 sub check_outgoing_xml_validity {
435 my ($msg) = @_;
437 my $msg_hash;
438 eval{
439 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
441 ##############
442 # check header
443 my $header_l = $msg_hash->{'header'};
444 if( 1 != @{$header_l} ) {
445 die 'no or more than one headers specified';
446 }
447 my $header = @{$header_l}[0];
448 if( 0 == length $header) {
449 die 'header has length 0';
450 }
452 ##############
453 # check source
454 my $source_l = $msg_hash->{'source'};
455 if( 1 != @{$source_l} ) {
456 die 'no or more than 1 sources specified';
457 }
458 my $source = @{$source_l}[0];
459 if( 0 == length $source) {
460 die 'source has length 0';
461 }
462 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
463 $source =~ /^GOSA$/i ) {
464 die "source '$source' is neither a complete ip-address with port nor 'GOSA'";
465 }
467 ##############
468 # check target
469 my $target_l = $msg_hash->{'target'};
470 if( 0 == @{$target_l} ) {
471 die "no targets specified";
472 }
473 foreach my $target (@$target_l) {
474 if( 0 == length $target) {
475 die "target has length 0";
476 }
477 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
478 $target =~ /^GOSA$/i ||
479 $target =~ /^\*$/ ||
480 $target =~ /KNOWN_SERVER/i ||
481 $target =~ /JOBDB/i ||
482 $target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ){
483 die "target '$target' is not a complete ip-address with port or a valid target name or a mac-address";
484 }
485 }
486 };
487 if($@) {
488 daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5);
489 daemon_log("$@ ".(defined($msg) && length($msg)>0)?$msg:"Empty Message", 8);
490 $msg_hash = undef;
491 }
493 return ($msg_hash);
494 }
497 sub input_from_known_server {
498 my ($input, $remote_ip) = @_ ;
499 my ($msg, $msg_hash, $module);
501 my $sql_statement= "SELECT * FROM known_server";
502 my $query_res = $known_server_db->select_dbentry( $sql_statement );
504 while( my ($hit_num, $hit) = each %{ $query_res } ) {
505 my $host_name = $hit->{hostname};
506 if( not $host_name =~ "^$remote_ip") {
507 next;
508 }
509 my $host_key = $hit->{hostkey};
510 daemon_log("DEBUG: input_from_known_server: host_name: $host_name", 7);
511 daemon_log("DEBUG: input_from_known_server: host_key: $host_key", 7);
513 # check if module can open msg envelope with module key
514 my ($tmp_msg, $tmp_msg_hash) = &check_key_and_xml_validity($input, $host_key);
515 if( (!$tmp_msg) || (!$tmp_msg_hash) ) {
516 daemon_log("DEBUG: input_from_known_server: deciphering raise error", 7);
517 daemon_log("$@", 8);
518 next;
519 }
520 else {
521 $msg = $tmp_msg;
522 $msg_hash = $tmp_msg_hash;
523 $module = "SIPackages";
524 last;
525 }
526 }
528 if( (!$msg) || (!$msg_hash) || (!$module) ) {
529 daemon_log("INFO: Incoming message is not from a known server", 5);
530 }
532 return ($msg, $msg_hash, $module);
533 }
536 sub input_from_known_client {
537 my ($input, $remote_ip) = @_ ;
538 my ($msg, $msg_hash, $module);
540 my $sql_statement= "SELECT * FROM known_clients";
541 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
542 while( my ($hit_num, $hit) = each %{ $query_res } ) {
543 my $host_name = $hit->{hostname};
544 if( not $host_name =~ /^$remote_ip:\d*$/) {
545 next;
546 }
547 my $host_key = $hit->{hostkey};
548 &daemon_log("DEBUG: input_from_known_client: host_name: $host_name", 7);
549 &daemon_log("DEBUG: input_from_known_client: host_key: $host_key", 7);
551 # check if module can open msg envelope with module key
552 ($msg, $msg_hash) = &check_key_and_xml_validity($input, $host_key);
554 if( (!$msg) || (!$msg_hash) ) {
555 &daemon_log("DEGUG: input_from_known_client: deciphering raise error", 7);
556 &daemon_log("$@", 8);
557 next;
558 }
559 else {
560 $module = "SIPackages";
561 last;
562 }
563 }
565 if( (!$msg) || (!$msg_hash) || (!$module) ) {
566 &daemon_log("INFO: Incoming message is not from a known client", 5);
567 }
569 return ($msg, $msg_hash, $module);
570 }
573 sub input_from_unknown_host {
574 no strict "refs";
575 my ($input) = @_ ;
576 my ($msg, $msg_hash, $module);
577 my $error_string;
579 my %act_modules = %$known_modules;
581 while( my ($mod, $info) = each(%act_modules)) {
583 # check a key exists for this module
584 my $module_key = ${$mod."_key"};
585 if( not defined $module_key ) {
586 if( $mod eq 'ArpHandler' ) {
587 next;
588 }
589 daemon_log("ERROR: no key specified in config file for $mod", 1);
590 next;
591 }
592 daemon_log("DEBUG: $mod: $module_key", 7);
594 # check if module can open msg envelope with module key
595 ($msg, $msg_hash) = &check_key_and_xml_validity($input, $module_key);
596 if( (not defined $msg) || (not defined $msg_hash) ) {
597 next;
598 }
599 else {
600 $module = $mod;
601 last;
602 }
603 }
605 if( (!$msg) || (!$msg_hash) || (!$module)) {
606 daemon_log("INFO: Incoming message is not from an unknown host", 5);
607 }
609 return ($msg, $msg_hash, $module);
610 }
613 sub create_ciphering {
614 my ($passwd) = @_;
615 if((!defined($passwd)) || length($passwd)==0) {
616 $passwd = "";
617 }
618 $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
619 my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
620 my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
621 $my_cipher->set_iv($iv);
622 return $my_cipher;
623 }
626 sub encrypt_msg {
627 my ($msg, $key) = @_;
628 my $my_cipher = &create_ciphering($key);
629 my $len;
630 {
631 use bytes;
632 $len= 16-length($msg)%16;
633 }
634 $msg = "\0"x($len).$msg;
635 $msg = $my_cipher->encrypt($msg);
636 chomp($msg = &encode_base64($msg));
637 # there are no newlines allowed inside msg
638 $msg=~ s/\n//g;
639 return $msg;
640 }
643 sub decrypt_msg {
645 my ($msg, $key) = @_ ;
646 $msg = &decode_base64($msg);
647 my $my_cipher = &create_ciphering($key);
648 $msg = $my_cipher->decrypt($msg);
649 $msg =~ s/\0*//g;
650 return $msg;
651 }
654 sub get_encrypt_key {
655 my ($target) = @_ ;
656 my $encrypt_key;
657 my $error = 0;
659 # target can be in known_server
660 if( not defined $encrypt_key ) {
661 my $sql_statement= "SELECT * FROM known_server WHERE hostname='$target'";
662 my $query_res = $known_server_db->select_dbentry( $sql_statement );
663 while( my ($hit_num, $hit) = each %{ $query_res } ) {
664 my $host_name = $hit->{hostname};
665 if( $host_name ne $target ) {
666 next;
667 }
668 $encrypt_key = $hit->{hostkey};
669 last;
670 }
671 }
673 # target can be in known_client
674 if( not defined $encrypt_key ) {
675 my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$target'";
676 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
677 while( my ($hit_num, $hit) = each %{ $query_res } ) {
678 my $host_name = $hit->{hostname};
679 if( $host_name ne $target ) {
680 next;
681 }
682 $encrypt_key = $hit->{hostkey};
683 last;
684 }
685 }
687 return $encrypt_key;
688 }
691 #=== FUNCTION ================================================================
692 # NAME: open_socket
693 # PARAMETERS: PeerAddr string something like 192.168.1.1 or 192.168.1.1:10000
694 # [PeerPort] string necessary if port not appended by PeerAddr
695 # RETURNS: socket IO::Socket::INET
696 # DESCRIPTION: open a socket to PeerAddr
697 #===============================================================================
698 sub open_socket {
699 my ($PeerAddr, $PeerPort) = @_ ;
700 if(defined($PeerPort)){
701 $PeerAddr = $PeerAddr.":".$PeerPort;
702 }
703 my $socket;
704 $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
705 Porto => "tcp",
706 Type => SOCK_STREAM,
707 Timeout => 5,
708 );
709 if(not defined $socket) {
710 return;
711 }
712 # &daemon_log("DEBUG: open_socket: $PeerAddr", 7);
713 return $socket;
714 }
717 #=== FUNCTION ================================================================
718 # NAME: get_ip
719 # PARAMETERS: interface name (i.e. eth0)
720 # RETURNS: (ip address)
721 # DESCRIPTION: Uses ioctl to get ip address directly from system.
722 #===============================================================================
723 sub get_ip {
724 my $ifreq= shift;
725 my $result= "";
726 my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
727 my $proto= getprotobyname('ip');
729 socket SOCKET, PF_INET, SOCK_DGRAM, $proto
730 or die "socket: $!";
732 if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
733 my ($if, $sin) = unpack 'a16 a16', $ifreq;
734 my ($port, $addr) = sockaddr_in $sin;
735 my $ip = inet_ntoa $addr;
737 if ($ip && length($ip) > 0) {
738 $result = $ip;
739 }
740 }
742 return $result;
743 }
745 sub get_local_ip_for_remote_ip {
746 my $remote_ip= shift;
747 my $result="0.0.0.0";
749 if($remote_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
750 if($remote_ip eq "127.0.0.1") {
751 $result = "127.0.0.1";
752 } else {
753 my $PROC_NET_ROUTE= ('/proc/net/route');
755 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
756 or die "Could not open $PROC_NET_ROUTE";
758 my @ifs = <PROC_NET_ROUTE>;
760 close(PROC_NET_ROUTE);
762 # Eat header line
763 shift @ifs;
764 chomp @ifs;
765 foreach my $line(@ifs) {
766 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
767 my $destination;
768 my $mask;
769 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
770 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
771 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
772 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
773 if(new NetAddr::IP($remote_ip)->within(new NetAddr::IP($destination, $mask))) {
774 # destination matches route, save mac and exit
775 $result= &get_ip($Iface);
776 last;
777 }
778 }
779 }
780 } else {
781 daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $remote_ip", 1);
782 }
783 return $result;
784 }
786 sub send_msg_to_target {
787 my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
788 my $error = 0;
789 my $header;
790 my $new_status;
791 my $act_status;
792 my ($sql_statement, $res);
794 if( $msg_header ) {
795 $header = "'$msg_header'-";
796 }
797 else {
798 $header = "";
799 }
801 # Patch the source ip
802 if($msg =~ /<source>0\.0\.0\.0:\d*?<\/source>/) {
803 my $remote_ip = &get_local_ip_for_remote_ip(sprintf("%s", $address =~ /^([0-9\.]*?):.*$/));
804 $msg =~ s/<source>(0\.0\.0\.0):(\d*?)<\/source>/<source>$remote_ip:$2<\/source>/s;
805 }
807 # encrypt xml msg
808 my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
810 # opensocket
811 my $socket = &open_socket($address);
812 if( !$socket ) {
813 daemon_log("ERROR: cannot send ".$header."msg to $address , host not reachable", 1);
814 $error++;
815 }
817 if( $error == 0 ) {
818 # send xml msg
819 print $socket $crypted_msg."\n";
821 daemon_log("INFO: send ".$header."msg to $address", 5);
822 daemon_log("message:\n$msg", 8);
824 }
826 # close socket in any case
827 if( $socket ) {
828 close $socket;
829 }
831 if( $error > 0 ) { $new_status = "down"; }
832 else { $new_status = $msg_header; }
835 # known_clients
836 $sql_statement = "SELECT * FROM known_clients WHERE hostname='$address'";
837 $res = $known_clients_db->select_dbentry($sql_statement);
838 if( keys(%$res) > 0) {
839 $act_status = $res->{1}->{'status'};
840 if( $act_status eq "down" ) {
841 $sql_statement = "DELETE FROM known_clients WHERE hostname='$address'";
842 $res = $known_clients_db->del_dbentry($sql_statement);
843 daemon_log("WARNING: failed 2x to send msg to host '$address', delete host from known_clients", 3);
844 }
845 else {
846 $sql_statement = "UPDATE known_clients SET status='$new_status' WHERE hostname='$address'";
847 $res = $known_clients_db->update_dbentry($sql_statement);
848 if($new_status eq "down"){
849 daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3);
850 }
851 else {
852 daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5);
853 }
854 }
855 }
857 # known_server
858 $sql_statement = "SELECT * FROM known_server WHERE hostname='$address'";
859 $res = $known_server_db->select_dbentry($sql_statement);
860 if( keys(%$res) > 0 ) {
861 $act_status = $res->{1}->{'status'};
862 if( $act_status eq "down" ) {
863 $sql_statement = "DELETE FROM known_server WHERE hostname='$address'";
864 $res = $known_server_db->del_dbentry($sql_statement);
865 daemon_log("WARNING: failed 2x to a send msg to host '$address', delete host from known_server", 3);
866 }
867 else {
868 $sql_statement = "UPDATE known_server SET status='$new_status' WHERE hostname='$address'";
869 $res = $known_server_db->update_dbentry($sql_statement);
870 if($new_status eq "down"){
871 daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3);
872 }
873 else {
874 daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5);
875 }
876 }
877 }
878 return $error;
879 }
882 sub _start {
883 my ($kernel) = $_[KERNEL];
884 &trigger_db_loop($kernel);
885 }
888 sub client_input {
889 no strict "refs";
890 my ($kernel, $session, $heap,$input,$wheel) = @_[KERNEL, SESSION, HEAP, ARG0, ARG1];
891 my $session_id = $session->ID;
892 my ($msg, $msg_hash, $module);
893 my $error = 0;
894 my $answer_l;
895 my ($answer_header, @answer_target_l, $answer_source);
896 my $client_answer;
898 daemon_log("INFO: Incoming msg from '".$heap->{'remote_ip'}."'", 5);
899 daemon_log("DEBUG: Incoming message:\n$input", 8);
901 ####################
902 # check incoming msg
903 # msg is from a new client or gosa
904 ($msg, $msg_hash, $module) = &input_from_unknown_host($input);
905 # msg is from a gosa-si-server or gosa-si-bus
906 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
907 ($msg, $msg_hash, $module) = &input_from_known_server($input, $heap->{'remote_ip'});
908 }
909 # msg is from a gosa-si-client
910 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
911 ($msg, $msg_hash, $module) = &input_from_known_client($input, $heap->{'remote_ip'});
912 }
913 # an error occurred
914 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
915 $error++;
916 }
918 ######################
919 # process incoming msg
920 if( $error == 0) {
921 daemon_log("DEBUG: Processing module ".$module, 7);
922 $answer_l = &{ $module."::process_incoming_msg" }($msg, $msg_hash, $session_id);
924 if ( 0 > @{$answer_l} ) {
925 my $answer_str = join("\n", @{$answer_l});
926 daemon_log("DEGUB: $module: Got answer from module: \n".$answer_str,8);
927 }
928 }
929 if( !$answer_l ) { $error++ };
931 ########
932 # answer
933 if( $error == 0 ) {
935 foreach my $answer ( @{$answer_l} ) {
936 # for each answer in answer list
938 # check outgoing msg to xml validity
939 my $answer_hash = &check_outgoing_xml_validity($answer);
940 if( not defined $answer_hash ) {
941 next;
942 }
944 $answer_header = @{$answer_hash->{'header'}}[0];
945 @answer_target_l = @{$answer_hash->{'target'}};
946 $answer_source = @{$answer_hash->{'source'}}[0];
948 # deliver msg to all targets
949 foreach my $answer_target ( @answer_target_l ) {
951 # targets of msg are all gosa-si-clients in known_clients_db
952 if( $answer_target eq "*" ) {
953 # answer is for all clients
954 my $sql_statement= "SELECT * FROM known_clients";
955 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
956 while( my ($hit_num, $hit) = each %{ $query_res } ) {
957 my $host_name = $hit->{hostname};
958 my $host_key = $hit->{hostkey};
959 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
960 }
961 }
963 # targets of msg are all gosa-si-server in known_server_db
964 elsif( $answer_target eq "KNOWN_SERVER" ) {
965 # answer is for all server in known_server
966 my $sql_statement= "SELECT * FROM known_server";
967 my $query_res = $known_server_db->select_dbentry( $sql_statement );
968 while( my ($hit_num, $hit) = each %{ $query_res } ) {
969 my $host_name = $hit->{hostname};
970 my $host_key = $hit->{hostkey};
971 $answer =~ s/KNOWN_SERVER/$host_name/g;
972 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
973 }
974 }
976 # target of msg is GOsa
977 elsif( $answer_target eq "GOSA" ) {
978 $answer =~ /<session_id>(\d+)<\/session_id>/;
979 my $session_id = $1;
980 my $add_on = "";
981 if( defined $session_id ) {
982 $add_on = ".session_id=$session_id";
983 }
984 # answer is for GOSA and has to returned to connected client
985 my $gosa_answer = &encrypt_msg($answer, $GosaPackages_key);
986 $client_answer = $gosa_answer.$add_on;
987 }
989 # target of msg is job queue at this host
990 elsif( $answer_target eq "JOBDB") {
991 $answer =~ /<header>(\S+)<\/header>/;
992 my $header;
993 if( defined $1 ) { $header = $1; }
994 &send_msg_to_target($answer, $server_address, $GosaPackages_key, $header);
995 }
997 # target of msg is a mac address
998 elsif( $answer_target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ) {
999 daemon_log("target is mac address '$answer_target', looking for host in known_clients", 3);
1000 my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$answer_target'";
1001 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
1002 my $found_ip_flag = 0;
1003 while( my ($hit_num, $hit) = each %{ $query_res } ) {
1004 my $host_name = $hit->{hostname};
1005 my $host_key = $hit->{hostkey};
1006 $answer =~ s/$answer_target/$host_name/g;
1007 daemon_log("found host '$host_name', associated to '$answer_target'", 3);
1008 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
1009 $found_ip_flag++ ;
1010 }
1011 if( $found_ip_flag == 0) {
1012 daemon_log("WARNING: no host found in known_clients with mac address '$answer_target'", 3);
1013 if( $bus_activ eq "true" ) {
1014 daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5);
1015 my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'";
1016 my $query_res = $known_server_db->select_dbentry( $sql_statement );
1017 while( my ($hit_num, $hit) = each %{ $query_res } ) {
1018 my $bus_address = $hit->{hostname};
1019 my $bus_key = $hit->{hostkey};
1020 &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header);
1021 last;
1022 }
1023 }
1025 }
1027 # answer is for one specific host
1028 } else {
1029 # get encrypt_key
1030 my $encrypt_key = &get_encrypt_key($answer_target);
1031 if( not defined $encrypt_key ) {
1032 # unknown target, forward msg to bus
1033 daemon_log("WARNING: unknown target '$answer_target'", 3);
1034 if( $bus_activ eq "true" ) {
1035 daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5);
1036 my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'";
1037 my $query_res = $known_server_db->select_dbentry( $sql_statement );
1038 my $res_length = keys( %{$query_res} );
1039 if( $res_length == 0 ){
1040 daemon_log("WARNING: send '$answer_header' to '$bus_address' failed, no bus found in known_server", 3);
1041 }
1042 else {
1043 while( my ($hit_num, $hit) = each %{ $query_res } ) {
1044 my $bus_key = $hit->{hostkey};
1045 &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header);
1046 }
1047 }
1048 }
1049 next;
1050 }
1051 # send_msg
1052 &send_msg_to_target($answer, $answer_target, $encrypt_key, $answer_header);
1053 }
1054 }
1055 }
1056 }
1058 if( $client_answer ) {
1059 if( $client_answer =~ s/session_id=(\d+)$// ) {
1060 my $session_id = $1;
1061 if( defined $session_id ) {
1062 my $session_reference = $kernel->ID_id_to_session($session_id);
1063 $heap = $session_reference->get_heap();
1064 }
1065 }
1066 $heap->{client}->put($client_answer);
1067 }
1069 return;
1070 }
1074 sub trigger_db_loop {
1075 # my ($kernel) = $_[KERNEL];
1076 my ($kernel) = @_ ;
1077 $kernel->delay_set('watch_for_new_jobs', $job_queue_loop_delay);
1078 }
1081 sub watch_for_new_jobs {
1082 my ($kernel,$heap) = @_[KERNEL, HEAP];
1084 # check gosa job queue for jobs with executable timestamp
1085 my $timestamp = &get_time();
1086 my $sql_statement = "SELECT * FROM ".$job_queue_tn.
1087 " WHERE status='waiting' AND timestamp<'$timestamp'";
1088 my $res = $job_db->select_dbentry( $sql_statement );
1090 while( my ($id, $hit) = each %{$res} ) {
1091 my $jobdb_id = $hit->{id};
1092 my $macaddress = $hit->{'macaddress'};
1093 my $job_msg = $hit->{'xmlmessage'};
1094 my $header = $hit->{'headertag'};
1095 my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$macaddress'";
1096 my $res_hash = $known_clients_db->select_dbentry( $sql_statement );
1097 # expect macaddress is unique!!!!!!
1098 my $target = $res_hash->{1}->{hostname};
1100 if (not defined $target) {
1101 &daemon_log("ERROR: no host found for mac address: $macaddress", 1);
1102 &daemon_log("$hit->{xmlmessage}", 8);
1103 my $sql_statement = "UPDATE $job_queue_tn ".
1104 "SET status='error', result='no host found for mac address' ".
1105 "WHERE id='$jobdb_id'";
1106 my $res = $job_db->update_dbentry($sql_statement);
1107 next;
1108 }
1110 # change header
1111 $job_msg =~ s/<header>job_/<header>gosa_/;
1113 # add sqlite_id
1114 $job_msg =~ s/<\/xml>$/<jobdb_id>$jobdb_id<\/jobdb_id><\/xml>/;
1116 my $func_error = &send_msg_to_target($job_msg, $server_address, $GosaPackages_key, $header);
1117 }
1119 $kernel->delay_set('watch_for_new_jobs',3);
1120 }
1123 sub refresh_ldap_handle {
1124 my $mesg;
1126 # Get an ldap handle, if we don't have one
1127 if( ! defined $ldap_handle ){
1128 $ldap_handle = Net::LDAP->new( $ldap_uri );
1129 }
1130 # Still not defined?
1131 if( ! defined $ldap_handle ) {
1132 daemon_log( "ch $$: Net::LDAP constructor failed: $!\n" );
1133 return 0;
1134 }
1136 # Bind to ldap server - eventually authenticate
1137 if( defined $ldap_admin_dn ) {
1138 if( defined $ldap_admin_password ) {
1139 $mesg = $ldap_handle->bind( $ldap_admin_dn, password => $ldap_admin_password );
1140 } else {
1141 $mesg = $ldap_handle->bind( $ldap_admin_dn );
1142 }
1143 } else {
1144 $mesg = $ldap_handle->bind();
1145 }
1147 if( 0 != $mesg->code ) {
1148 undef( $ldap_handle ) if( 81 == $mesg->code );
1149 daemon_log( "ch $$: LDAP bind: error (". $mesg->code . ') - ' . $mesg->error . "\n", 1);
1150 return 0;
1151 }
1153 return 1;
1154 }
1157 sub create_fai_server_db {
1158 my ($table_name) = @_;
1160 #####################################################################
1161 #
1162 # TODO für dich Cajus :-)
1163 #
1164 # ###################################################################
1166 $fai_server_db->add_dbentry( {
1167 table => $table_name,
1168 primkey => [],
1169 server => "dummyserver",
1170 release => "kleinkind",
1171 tag => "imwachstum",
1172 } );
1173 return;
1174 }
1177 #==== MAIN = main ==============================================================
1178 # parse commandline options
1179 Getopt::Long::Configure( "bundling" );
1180 GetOptions("h|help" => \&usage,
1181 "c|config=s" => \$cfg_file,
1182 "f|foreground" => \$foreground,
1183 "v|verbose+" => \$verbose,
1184 "no-bus+" => \$no_bus,
1185 "no-arp+" => \$no_arp,
1186 );
1188 # read and set config parameters
1189 &check_cmdline_param ;
1190 &read_configfile;
1191 &check_pid;
1193 $SIG{CHLD} = 'IGNORE';
1195 # forward error messages to logfile
1196 if( ! $foreground ) {
1197 open(STDERR, '>>', $log_file);
1198 open(STDOUT, '>>', $log_file);
1199 }
1201 # Just fork, if we are not in foreground mode
1202 if( ! $foreground ) {
1203 chdir '/' or die "Can't chdir to /: $!";
1204 $pid = fork;
1205 setsid or die "Can't start a new session: $!";
1206 umask 0;
1207 } else {
1208 $pid = $$;
1209 }
1211 # Do something useful - put our PID into the pid_file
1212 if( 0 != $pid ) {
1213 open( LOCK_FILE, ">$pid_file" );
1214 print LOCK_FILE "$pid\n";
1215 close( LOCK_FILE );
1216 if( !$foreground ) {
1217 exit( 0 )
1218 };
1219 }
1221 daemon_log(" ", 1);
1222 daemon_log("$0 started!", 1);
1224 if ($no_bus > 0) {
1225 $bus_activ = "false"
1226 }
1230 # delete old DBsqlite lock files
1231 #unlink('/tmp/gosa_si_lock*');
1233 # connect to gosa-si job queue
1234 $job_db = GOSA::DBsqlite->new($job_queue_file_name);
1235 $job_db->create_table($job_queue_tn, \@job_queue_col_names);
1237 # connect to known_clients_db
1238 $known_clients_db = GOSA::DBsqlite->new($known_clients_file_name);
1239 $known_clients_db->create_table($known_clients_tn, \@known_clients_col_names);
1241 # connect to known_server_db
1242 $known_server_db = GOSA::DBsqlite->new($known_server_file_name);
1243 $known_server_db->create_table($known_server_tn, \@known_server_col_names);
1245 # connect to login_usr_db
1246 $login_users_db = GOSA::DBsqlite->new($login_users_file_name);
1247 $login_users_db->create_table($login_users_tn, \@login_users_col_names);
1250 # connect to fai_server_db
1251 $fai_server_db = GOSA::DBsqlite->new($fai_server_file_name);
1252 $fai_server_db->create_table($fai_server_tn, \@fai_server_col_names);
1253 &create_fai_server_db($fai_server_tn);
1255 # create xml object used for en/decrypting
1256 $xml = new XML::Simple();
1258 # create socket for incoming xml messages
1259 POE::Component::Server::TCP->new(
1260 Port => $server_port,
1261 ClientInput => \&client_input,
1262 );
1263 daemon_log("start socket for incoming xml messages at port '$server_port' ", 1);
1265 # create session for repeatedly checking the job queue for jobs
1266 POE::Session->create(
1267 inline_states => {
1268 _start => \&_start,
1269 watch_for_new_jobs => \&watch_for_new_jobs,
1270 }
1271 );
1274 # import all modules
1275 &import_modules;
1277 # check wether all modules are gosa-si valid passwd check
1279 POE::Kernel->run();
1280 exit;