![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
a182873d38b6dd7b3d5d9f15d1a9c02a7a55be36
1 #!/usr/bin/perl
2 #===============================================================================
3 #
4 # FILE: gosa-sd
5 #
6 # USAGE: ./gosa-sd
7 #
8 # DESCRIPTION:
9 #
10 # OPTIONS: ---
11 # REQUIREMENTS: libconfig-inifiles-perl libcrypt-rijndael-perl libxml-simple-perl
12 # libdata-dumper-simple-perl libdbd-sqlite3-perl libnet-ldap-perl
13 # libpoe-perl
14 # BUGS: ---
15 # NOTES:
16 # AUTHOR: (Andreas Rettenberger), <rettenberger@gonicus.de>
17 # COMPANY:
18 # VERSION: 1.0
19 # CREATED: 12.09.2007 08:54:41 CEST
20 # REVISION: ---
21 #===============================================================================
23 use strict;
24 use warnings;
25 use Getopt::Long;
26 use Config::IniFiles;
27 use POSIX;
29 use Fcntl;
30 use IO::Socket::INET;
31 use IO::Handle;
32 use IO::Select;
33 use Symbol qw(qualify_to_ref);
34 use Crypt::Rijndael;
35 use MIME::Base64;
36 use Digest::MD5 qw(md5 md5_hex md5_base64);
37 use XML::Simple;
38 use Data::Dumper;
39 use Sys::Syslog qw( :DEFAULT setlogsock);
40 use Cwd;
41 use File::Spec;
42 use File::Basename;
43 use GOSA::DBsqlite;
44 use GOSA::GosaSupportDaemon;
45 use POE qw(Component::Server::TCP);
47 my $modules_path = "/usr/lib/gosa-si/modules";
48 use lib "/usr/lib/gosa-si/modules";
50 my (%cfg_defaults, $foreground, $verbose, $ping_timeout);
51 my ($bus_activ, $bus, $msg_to_bus, $bus_cipher);
52 my ($server, $server_mac_address);
53 my ($gosa_server, $job_queue_timeout, $job_queue_table_name, $job_queue_file_name,$job_queue_loop_delay);
54 my ($known_modules, $known_clients_file_name, $known_server_file_name);
55 my ($pid_file, $procid, $pid, $log_file);
56 my ($arp_activ, $arp_fifo);
57 my ($xml);
59 # variables declared in config file are always set to 'our'
60 our (%cfg_defaults, $log_file, $pid_file,
61 $server_ip, $server_port, $SIPackages_key,
62 $arp_activ,
63 $GosaPackages_key, $gosa_ip, $gosa_port, $gosa_timeout,
64 );
66 # additional variable which should be globaly accessable
67 our $server_address;
68 our $bus_address;
69 our $gosa_address;
70 our $no_bus;
71 our $no_arp;
72 our $verbose;
73 our $forground;
74 our $cfg_file;
76 # specifies the verbosity of the daemon_log
77 $verbose = 0 ;
79 # if foreground is not null, script will be not forked to background
80 $foreground = 0 ;
82 # specifies the timeout seconds while checking the online status of a registrating client
83 $ping_timeout = 5;
85 $no_bus = 0;
86 $bus_activ = "true";
88 $no_arp = 0;
90 # name of table for storing gosa jobs
91 our $job_queue_table_name = 'jobs';
92 our $job_db;
94 # holds all other gosa-sd as well as the gosa-sd-bus
95 our $known_server_db;
97 # holds all registrated clients
98 our $known_clients_db;
99 our $prg= basename($0);
101 %cfg_defaults = (
102 "general" => {
103 "log-file" => [\$log_file, "/var/run/".$prg.".log"],
104 "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"],
105 },
106 "bus" => {
107 "activ" => [\$bus_activ, "true"],
108 },
109 "server" => {
110 # "ip" => [\$server_ip, "0.0.0.0"],
111 "port" => [\$server_port, "20081"],
112 "known-clients" => [\$known_clients_file_name, '/var/lib/gosa-si/clients.db' ],
113 "known-servers" => [\$known_server_file_name, '/var/lib/gosa-si/servers.db'],
114 },
115 "GOsaPackages" => {
116 "ip" => [\$gosa_ip, "0.0.0.0"],
117 "port" => [\$gosa_port, "20082"],
118 "job-queue" => [\$job_queue_file_name, '/var/lib/gosa-si/jobs.db'],
119 "job-queue-loop-delay" => [\$job_queue_loop_delay, 3],
120 "key" => [\$GosaPackages_key, "none"],
121 },
122 "SIPackages" => {
123 "key" => [\$SIPackages_key, "none"],
124 },
125 );
128 #=== FUNCTION ================================================================
129 # NAME: usage
130 # PARAMETERS: nothing
131 # RETURNS: nothing
132 # DESCRIPTION: print out usage text to STDERR
133 #===============================================================================
134 sub usage {
135 print STDERR << "EOF" ;
136 usage: $prg [-hvf] [-c config]
138 -h : this (help) message
139 -c <file> : config file
140 -f : foreground, process will not be forked to background
141 -v : be verbose (multiple to increase verbosity)
142 -no-bus : starts $prg without connection to bus
143 -no-arp : starts $prg without connection to arp module
145 EOF
146 print "\n" ;
147 }
150 #=== FUNCTION ================================================================
151 # NAME: read_configfile
152 # PARAMETERS: cfg_file - string -
153 # RETURNS: nothing
154 # DESCRIPTION: read cfg_file and set variables
155 #===============================================================================
156 sub read_configfile {
157 my $cfg;
158 if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
159 if( -r $cfg_file ) {
160 $cfg = Config::IniFiles->new( -file => $cfg_file );
161 } else {
162 print STDERR "Couldn't read config file!\n";
163 }
164 } else {
165 $cfg = Config::IniFiles->new() ;
166 }
167 foreach my $section (keys %cfg_defaults) {
168 foreach my $param (keys %{$cfg_defaults{ $section }}) {
169 my $pinfo = $cfg_defaults{ $section }{ $param };
170 ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
171 }
172 }
173 }
176 #=== FUNCTION ================================================================
177 # NAME: logging
178 # PARAMETERS: level - string - default 'info'
179 # msg - string -
180 # facility - string - default 'LOG_DAEMON'
181 # RETURNS: nothing
182 # DESCRIPTION: function for logging
183 #===============================================================================
184 sub daemon_log {
185 # log into log_file
186 my( $msg, $level ) = @_;
187 if(not defined $msg) { return }
188 if(not defined $level) { $level = 1 }
189 if(defined $log_file){
190 open(LOG_HANDLE, ">>$log_file");
191 if(not defined open( LOG_HANDLE, ">>$log_file" )) {
192 print STDERR "cannot open $log_file: $!";
193 return }
194 chomp($msg);
195 if($level <= $verbose){
196 my ($seconds, $minutes, $hours, $monthday, $month,
197 $year, $weekday, $yearday, $sommertime) = localtime(time);
198 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
199 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
200 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
201 my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
202 $month = $monthnames[$month];
203 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
204 $year+=1900;
205 my $name = $prg;
207 my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n";
208 print LOG_HANDLE $log_msg;
209 if( $foreground ) {
210 print STDERR $log_msg;
211 }
212 }
213 close( LOG_HANDLE );
214 }
215 #log into syslog
216 # my ($msg, $level, $facility) = @_;
217 # if(not defined $msg) {return}
218 # if(not defined $level) {$level = "info"}
219 # if(not defined $facility) {$facility = "LOG_DAEMON"}
220 # openlog($0, "pid,cons,", $facility);
221 # syslog($level, $msg);
222 # closelog;
223 # return;
224 }
227 #=== FUNCTION ================================================================
228 # NAME: check_cmdline_param
229 # PARAMETERS: nothing
230 # RETURNS: nothing
231 # DESCRIPTION: validates commandline parameter
232 #===============================================================================
233 sub check_cmdline_param () {
234 my $err_config;
235 my $err_counter = 0;
236 if(not defined($cfg_file)) {
237 $cfg_file = "/etc/gosa-si/server.conf";
238 if(! -r $cfg_file) {
239 $err_config = "please specify a config file";
240 $err_counter += 1;
241 }
242 }
243 if( $err_counter > 0 ) {
244 &usage( "", 1 );
245 if( defined( $err_config)) { print STDERR "$err_config\n"}
246 print STDERR "\n";
247 exit( -1 );
248 }
249 }
252 #=== FUNCTION ================================================================
253 # NAME: check_pid
254 # PARAMETERS: nothing
255 # RETURNS: nothing
256 # DESCRIPTION: handels pid processing
257 #===============================================================================
258 sub check_pid {
259 $pid = -1;
260 # Check, if we are already running
261 if( open(LOCK_FILE, "<$pid_file") ) {
262 $pid = <LOCK_FILE>;
263 if( defined $pid ) {
264 chomp( $pid );
265 if( -f "/proc/$pid/stat" ) {
266 my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
267 if( $0 eq $stat ) {
268 close( LOCK_FILE );
269 exit -1;
270 }
271 }
272 }
273 close( LOCK_FILE );
274 unlink( $pid_file );
275 }
277 # create a syslog msg if it is not to possible to open PID file
278 if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
279 my($msg) = "Couldn't obtain lockfile '$pid_file' ";
280 if (open(LOCK_FILE, '<', $pid_file)
281 && ($pid = <LOCK_FILE>))
282 {
283 chomp($pid);
284 $msg .= "(PID $pid)\n";
285 } else {
286 $msg .= "(unable to read PID)\n";
287 }
288 if( ! ($foreground) ) {
289 openlog( $0, "cons,pid", "daemon" );
290 syslog( "warning", $msg );
291 closelog();
292 }
293 else {
294 print( STDERR " $msg " );
295 }
296 exit( -1 );
297 }
298 }
300 #=== FUNCTION ================================================================
301 # NAME: import_modules
302 # PARAMETERS: module_path - string - abs. path to the directory the modules
303 # are stored
304 # RETURNS: nothing
305 # DESCRIPTION: each file in module_path which ends with '.pm' and activation
306 # state is on is imported by "require 'file';"
307 #===============================================================================
308 sub import_modules {
309 daemon_log(" ", 1);
311 if (not -e $modules_path) {
312 daemon_log("ERROR: cannot find directory or directory is not readable: $modules_path", 1);
313 }
315 opendir (DIR, $modules_path) or die "ERROR while loading modules from directory $modules_path : $!\n";
316 while (defined (my $file = readdir (DIR))) {
317 if (not $file =~ /(\S*?).pm$/) {
318 next;
319 }
320 my $mod_name = $1;
322 if( $file =~ /ArpHandler.pm/ ) {
323 if( $no_arp > 0 ) {
324 next;
325 }
326 }
328 eval { require $file; };
329 if ($@) {
330 daemon_log("ERROR: gosa-si-server could not load module $file", 1);
331 daemon_log("$@", 5);
332 } else {
333 my $info = eval($mod_name.'::get_module_info()');
334 # Only load module if get_module_info() returns a non-null object
335 if( $info ) {
336 my ($input_address, $input_key, $input, $input_active, $input_type) = @{$info};
337 $known_modules->{$mod_name} = $info;
338 daemon_log("module $mod_name loaded", 1);
339 }
340 }
341 }
342 close (DIR);
343 }
346 #=== FUNCTION ================================================================
347 # NAME: sig_int_handler
348 # PARAMETERS: signal - string - signal arose from system
349 # RETURNS: noting
350 # DESCRIPTION: handels tasks to be done befor signal becomes active
351 #===============================================================================
352 sub sig_int_handler {
353 my ($signal) = @_;
355 daemon_log("shutting down gosa-si-server", 1);
356 exit(1);
357 }
358 $SIG{INT} = \&sig_int_handler;
362 sub check_key_and_xml_validity {
363 my ($crypted_msg, $module_key) = @_;
365 my $msg;
366 my $msg_hash;
367 eval{
368 $msg = &decrypt_msg($crypted_msg, $module_key);
370 if ($msg =~ /<xml>/i){
371 &main::daemon_log("decrypted_msg: \n$msg", 8);
372 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
374 # check header
375 my $header_l = $msg_hash->{'header'};
376 if( 1 != @{$header_l} ) {
377 die 'header error';
378 }
379 my $header = @{$header_l}[0];
380 if( 0 == length $header) {
381 die 'header error';
382 }
384 # check source
385 my $source_l = $msg_hash->{'source'};
386 if( not defined @{$source_l} or 1 != @{$source_l} ) {
387 die 'source error';
388 }
389 my $source = @{$source_l}[0];
390 if( 0 == length $source) {
391 die 'source error';
392 }
394 # check target
395 my $target_l = $msg_hash->{'target'};
396 if( 1 != @{$target_l} ) {
397 die'target error';
398 }
399 my $target = @{$target_l}[0];
400 if( 0 == length $target) {
401 die 'target error';
402 }
403 }
404 };
405 if($@) {
406 &main::daemon_log("WARNING: do not understand the message", 5);
407 &main::daemon_log("$@", 8);
408 }
410 return ($msg, $msg_hash);
411 }
414 sub check_outgoing_xml_validity {
415 my ($msg) = @_;
417 my $msg_hash;
418 eval{
419 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
421 ##############
422 # check header
423 my $header_l = $msg_hash->{'header'};
424 if( 1 != @{$header_l} ) {
425 die 'no or more than one headers specified';
426 }
427 my $header = @{$header_l}[0];
428 if( 0 == length $header) {
429 die 'header has length 0';
430 }
432 ##############
433 # check source
434 my $source_l = $msg_hash->{'source'};
435 if( 1 != @{$source_l} ) {
436 die 'no or more than 1 sources specified';
437 }
438 my $source = @{$source_l}[0];
439 if( 0 == length $source) {
440 die 'source has length 0';
441 }
442 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
443 $source =~ /^GOSA$/i ) {
444 die "source '$source' is neither a complete ip-address with port nor 'GOSA'";
445 }
447 ##############
448 # check target
449 my $target_l = $msg_hash->{'target'};
450 if( 0 == @{$target_l} ) {
451 die "no targets specified";
452 }
453 foreach my $target (@$target_l) {
454 if( 0 == length $target) {
455 die "target has length 0";
456 }
457 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
458 $target =~ /^GOSA$/i ||
459 $target =~ /^\*$/ ||
460 $target =~ /KNOWN_SERVER/i ||
461 $target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ){
462 die "target '$target' is not a complete ip-address with port or a valid target name or a mac-address";
463 }
464 }
465 };
466 if($@) {
467 daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5);
468 daemon_log("$@ $msg", 8);
469 $msg_hash = undef;
470 }
472 return ($msg_hash);
473 }
476 sub input_from_known_server {
477 my ($input, $remote_ip) = @_ ;
478 my ($msg, $msg_hash, $module);
480 my $sql_statement= "SELECT * FROM known_server";
481 my $query_res = $known_server_db->select_dbentry( $sql_statement );
483 while( my ($hit_num, $hit) = each %{ $query_res } ) {
484 my $host_name = $hit->{hostname};
485 if( not $host_name =~ "^$remote_ip") {
486 next;
487 }
488 my $host_key = $hit->{hostkey};
489 daemon_log("SIPackages: known_server host_name: $host_name", 7);
490 daemon_log("SIPackages: known_server host_key: $host_key", 7);
492 # check if module can open msg envelope with module key
493 my ($tmp_msg, $tmp_msg_hash) = &check_key_and_xml_validity($input, $host_key);
494 if( (!$tmp_msg) || (!$tmp_msg_hash) ) {
495 daemon_log("SIPackages: deciphering raise error", 7);
496 daemon_log("$@", 8);
497 next;
498 }
499 else {
500 $msg = $tmp_msg;
501 $msg_hash = $tmp_msg_hash;
502 $module = "SIPackages";
503 last;
504 }
505 }
507 if( (!$msg) || (!$msg_hash) || (!$module) ) {
508 daemon_log("Incoming message is not from a known server", 3);
509 }
511 return ($msg, $msg_hash, $module);
512 }
515 sub input_from_known_client {
516 my ($input, $remote_ip) = @_ ;
517 my ($msg, $msg_hash, $module);
519 my $sql_statement= "SELECT * FROM known_clients";
520 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
521 while( my ($hit_num, $hit) = each %{ $query_res } ) {
522 my $host_name = $hit->{hostname};
523 if( not $host_name =~ /^$remote_ip:\d*$/) {
524 next;
525 }
526 my $host_key = $hit->{hostkey};
527 &daemon_log("SIPackages: known_client host_name: $host_name", 7);
528 &daemon_log("SIPackages: known_client host_key: $host_key", 7);
530 # check if module can open msg envelope with module key
531 ($msg, $msg_hash) = &check_key_and_xml_validity($input, $host_key);
533 if( (!$msg) || (!$msg_hash) ) {
534 &daemon_log("SIPackages: deciphering raise error", 7);
535 &daemon_log("$@", 8);
536 next;
537 }
538 else {
539 $module = "SIPackages";
540 last;
541 }
542 }
544 if( (!$msg) || (!$msg_hash) || (!$module) ) {
545 &daemon_log("Incoming message is not from a known client", 3);
546 }
548 return ($msg, $msg_hash, $module);
549 }
552 sub input_from_unknown_host {
553 no strict "refs";
554 my ($input) = @_ ;
555 my ($msg, $msg_hash, $module);
557 my %act_modules = %$known_modules;
559 while( my ($mod, $info) = each(%act_modules)) {
561 # check a key exists for this module
562 my $module_key = ${$mod."_key"};
563 if( ! $module_key ) {
564 if( $mod eq 'ArpHandler' ) {
565 next;
566 }
567 daemon_log("ERROR: no key specified in config file for $mod", 1);
568 next;
569 }
570 daemon_log("$mod: $module_key", 5);
572 # check if module can open msg envelope with module key
573 ($msg, $msg_hash) = &check_key_and_xml_validity($input, $module_key);
574 if( (!$msg) || (!$msg_hash) ) {
575 #daemon_log("$mod: deciphering failed", 5);
576 next;
577 }
578 else {
579 $module = $mod;
580 last;
581 }
582 }
584 if( (!$msg) || (!$msg_hash) || (!$module)) {
585 daemon_log("Incoming message is not from a unknown host", 5);
586 }
588 return ($msg, $msg_hash, $module);
589 }
592 sub create_ciphering {
593 my ($passwd) = @_;
594 if((!defined($passwd)) || length($passwd)==0) {
595 $passwd = "";
596 }
597 $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
598 my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
599 my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
600 $my_cipher->set_iv($iv);
601 return $my_cipher;
602 }
605 sub encrypt_msg {
606 my ($msg, $key) = @_;
607 my $my_cipher = &create_ciphering($key);
608 {
609 use bytes;
610 $msg = "\0"x(16-length($msg)%16).$msg;
611 }
612 $msg = $my_cipher->encrypt($msg);
613 chomp($msg = &encode_base64($msg));
614 # there are no newlines allowed inside msg
615 $msg=~ s/\n//g;
616 return $msg;
617 }
620 sub decrypt_msg {
622 my ($msg, $key) = @_ ;
623 $msg = &decode_base64($msg);
624 my $my_cipher = &create_ciphering($key);
625 $msg = $my_cipher->decrypt($msg);
626 $msg =~ s/\0*//g;
627 return $msg;
628 }
631 sub get_encrypt_key {
632 my ($target) = @_ ;
633 my $encrypt_key;
634 my $error = 0;
636 # target can be in known_server
637 if( not defined $encrypt_key ) {
638 my $sql_statement= "SELECT * FROM known_server WHERE hostname='$target'";
639 my $query_res = $known_server_db->select_dbentry( $sql_statement );
640 while( my ($hit_num, $hit) = each %{ $query_res } ) {
641 my $host_name = $hit->{hostname};
642 if( $host_name ne $target ) {
643 next;
644 }
645 $encrypt_key = $hit->{hostkey};
646 last;
647 }
648 }
650 # target can be in known_client
651 if( not defined $encrypt_key ) {
652 my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$target'";
653 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
654 while( my ($hit_num, $hit) = each %{ $query_res } ) {
655 my $host_name = $hit->{hostname};
656 if( $host_name ne $target ) {
657 next;
658 }
659 $encrypt_key = $hit->{hostkey};
660 last;
661 }
662 }
664 return $encrypt_key;
665 }
668 #=== FUNCTION ================================================================
669 # NAME: open_socket
670 # PARAMETERS: PeerAddr string something like 192.168.1.1 or 192.168.1.1:10000
671 # [PeerPort] string necessary if port not appended by PeerAddr
672 # RETURNS: socket IO::Socket::INET
673 # DESCRIPTION: open a socket to PeerAddr
674 #===============================================================================
675 sub open_socket {
676 my ($PeerAddr, $PeerPort) = @_ ;
677 if(defined($PeerPort)){
678 $PeerAddr = $PeerAddr.":".$PeerPort;
679 }
680 my $socket;
681 $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
682 Porto => "tcp",
683 Type => SOCK_STREAM,
684 Timeout => 5,
685 );
686 if(not defined $socket) {
687 return;
688 }
689 &daemon_log("open_socket: $PeerAddr", 7);
690 return $socket;
691 }
694 #=== FUNCTION ================================================================
695 # NAME: get_ip
696 # PARAMETERS: interface name (i.e. eth0)
697 # RETURNS: (ip address)
698 # DESCRIPTION: Uses ioctl to get ip address directly from system.
699 #===============================================================================
700 sub get_ip {
701 my $ifreq= shift;
702 my $result= "";
703 my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
704 my $proto= getprotobyname('ip');
706 socket SOCKET, PF_INET, SOCK_DGRAM, $proto
707 or die "socket: $!";
709 if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
710 my ($if, $sin) = unpack 'a16 a16', $ifreq;
711 my ($port, $addr) = sockaddr_in $sin;
712 my $ip = inet_ntoa $addr;
714 if ($ip && length($ip) > 0) {
715 $result = $ip;
716 }
717 }
719 return $result;
720 }
722 sub get_local_ip_for_remote_ip {
723 my $remote_ip= shift;
724 my $result="0.0.0.0";
726 if($remote_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
727 if($remote_ip eq "127.0.0.1") {
728 $result = "127.0.0.1";
729 } else {
730 my $PROC_NET_ROUTE= ('/proc/net/route');
732 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
733 or die "Could not open $PROC_NET_ROUTE";
735 my @ifs = <PROC_NET_ROUTE>;
737 close(PROC_NET_ROUTE);
739 # Eat header line
740 shift @ifs;
741 chomp @ifs;
742 foreach my $line(@ifs) {
743 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
744 my $destination;
745 my $mask;
746 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
747 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
748 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
749 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
750 if(new NetAddr::IP($remote_ip)->within(new NetAddr::IP($destination, $mask))) {
751 # destination matches route, save mac and exit
752 $result= &get_ip($Iface);
753 last;
754 }
755 }
756 }
757 } else {
758 daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $remote_ip", 1);
759 }
760 return $result;
761 }
763 sub send_msg_to_target {
764 my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
765 my $error = 0;
766 my $header;
767 my $new_status;
768 my $act_status;
769 my ($sql_statement, $res);
771 if( $msg_header ) {
772 $header = "'$msg_header'-";
773 }
774 else {
775 $header = "";
776 }
778 # Patch the source ip
779 if($msg =~ /<source>0\.0\.0\.0:\d*?<\/source>/) {
780 my $remote_ip = &get_local_ip_for_remote_ip(sprintf("%s", $address =~ /^([0-9\.]*?):.*$/));
781 $msg =~ s/<source>(0\.0\.0\.0):(\d*?)<\/source>/<source>$remote_ip:$2<\/source>/s;
782 }
784 # encrypt xml msg
785 my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
787 # opensocket
788 my $socket = &open_socket($address);
789 if( !$socket ) {
790 daemon_log("cannot send ".$header."msg to $address , host not reachable", 1);
791 $error++;
792 }
794 if( $error == 0 ) {
795 # send xml msg
796 print $socket $crypted_msg."\n";
798 daemon_log("send ".$header."msg to $address", 1);
799 daemon_log("message:\n$msg", 8);
801 }
803 # close socket in any case
804 if( $socket ) {
805 close $socket;
806 }
808 if( $error > 0 ) { $new_status = "down"; }
809 else { $new_status = $msg_header; }
812 # known_clients
813 $sql_statement = "SELECT * FROM known_clients WHERE hostname='$address'";
814 $res = $known_clients_db->select_dbentry($sql_statement);
815 if( keys(%$res) > 0) {
816 $act_status = $res->{1}->{'status'};
817 if( $act_status eq "down" ) {
818 $sql_statement = "DELETE FROM known_clients WHERE hostname='$address'";
819 $res = $known_clients_db->del_dbentry($sql_statement);
820 daemon_log("WARNING: failed 2x to send msg to host '$address', delete host from known_clients", 3);
821 }
822 else {
823 $sql_statement = "UPDATE known_clients SET status='$new_status' WHERE hostname='$address'";
824 $res = $known_clients_db->update_dbentry($sql_statement);
825 if($new_status eq "down"){
826 daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3);
827 }
828 else {
829 daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5);
830 }
831 }
832 }
834 # known_server
835 $sql_statement = "SELECT * FROM known_server WHERE hostname='$address'";
836 $res = $known_server_db->select_dbentry($sql_statement);
837 if( keys(%$res) > 0 ) {
838 $act_status = $res->{1}->{'status'};
839 if( $act_status eq "down" ) {
840 $sql_statement = "DELETE FROM known_server WHERE hostname='$address'";
841 $res = $known_server_db->del_dbentry($sql_statement);
842 daemon_log("WARNING: failed 2x to a send msg to host '$address', delete host from known_server", 3);
843 }
844 else {
845 $sql_statement = "UPDATE known_server SET status='$new_status' WHERE hostname='$address'";
846 $res = $known_server_db->update_dbentry($sql_statement);
847 if($new_status eq "down"){
848 daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3);
849 }
850 else {
851 daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5);
852 }
853 }
854 }
856 return;
857 }
860 sub _start {
861 my ($kernel) = $_[KERNEL];
862 &trigger_db_loop($kernel);
863 }
866 sub client_input {
867 no strict "refs";
868 my ($kernel, $session, $heap,$input,$wheel) = @_[KERNEL, SESSION, HEAP, ARG0, ARG1];
869 my $session_id = $session->ID;
870 my ($msg, $msg_hash, $module);
871 my $error = 0;
872 my $answer_l;
873 my ($answer_header, @answer_target_l, $answer_source);
874 my $client_answer;
876 daemon_log("Incoming msg from '".$heap->{'remote_ip'}."'", 7);
877 daemon_log("message:\n$input", 8);
879 ####################
880 # check incoming msg
881 # msg is from a new client or gosa
882 ($msg, $msg_hash, $module) = &input_from_unknown_host($input);
883 # msg is from a gosa-si-server or gosa-si-bus
884 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
885 ($msg, $msg_hash, $module) = &input_from_known_server($input, $heap->{'remote_ip'});
886 }
887 # msg is from a gosa-si-client
888 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
889 ($msg, $msg_hash, $module) = &input_from_known_client($input, $heap->{'remote_ip'});
890 }
891 # an error occurred
892 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
893 $error++;
894 }
896 ######################
897 # process incoming msg
898 if( $error == 0) {
899 daemon_log("Processing module ".$module, 5);
900 $answer_l = &{ $module."::process_incoming_msg" }($msg, $msg_hash, $session_id);
902 if ( 0 > @{$answer_l} ) {
903 my $answer_str = join("\n", @{$answer_l});
904 daemon_log("$module: Got answer from module: \n".$answer_str,8);
905 }
906 }
907 if( !$answer_l ) { $error++ };
909 ########
910 # answer
911 if( $error == 0 ) {
913 foreach my $answer ( @{$answer_l} ) {
914 # for each answer in answer list
916 # check outgoing msg to xml validity
917 my $answer_hash = &check_outgoing_xml_validity($answer);
918 if( not defined $answer_hash ) {
919 next;
920 }
922 $answer_header = @{$answer_hash->{'header'}}[0];
923 @answer_target_l = @{$answer_hash->{'target'}};
924 $answer_source = @{$answer_hash->{'source'}}[0];
926 # deliver msg to all targets
927 foreach my $answer_target ( @answer_target_l ) {
928 if( $answer_target eq "*" ) {
929 # answer is for all clients
930 my $sql_statement= "SELECT * FROM known_clients";
931 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
932 while( my ($hit_num, $hit) = each %{ $query_res } ) {
933 my $host_name = $hit->{hostname};
934 my $host_key = $hit->{hostkey};
935 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
936 }
937 }
938 elsif( $answer_target eq "GOSA" ) {
939 $answer =~ /<session_id>(\d+)<\/session_id>/;
940 my $session_id = $1;
941 my $add_on = "";
943 if( defined $session_id ) {
944 $add_on = ".session_id=$session_id";
945 }
947 # answer is for GOSA and has to returned to connected client
948 my $gosa_answer = &encrypt_msg($answer, $GosaPackages_key);
949 $client_answer = $gosa_answer.$add_on;
950 }
951 elsif( $answer_target eq "KNOWN_SERVER" ) {
952 # answer is for all server in known_server
953 my $sql_statement= "SELECT * FROM known_server";
954 my $query_res = $known_server_db->select_dbentry( $sql_statement );
955 while( my ($hit_num, $hit) = each %{ $query_res } ) {
956 my $host_name = $hit->{hostname};
957 my $host_key = $hit->{hostkey};
958 $answer =~ s/KNOWN_SERVER/$host_name/g;
959 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
960 }
961 }
962 elsif( $answer_target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ) {
963 daemon_log("target is mac address '$answer_target', looking for host in known_clients", 3);
964 my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$answer_target'";
965 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
966 my $found_ip_flag = 0;
967 while( my ($hit_num, $hit) = each %{ $query_res } ) {
968 my $host_name = $hit->{hostname};
969 my $host_key = $hit->{hostkey};
970 $answer =~ s/$answer_target/$host_name/g;
971 daemon_log("found host '$host_name', assoziated to '$answer_target'", 3);
972 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
973 $found_ip_flag++ ;
974 }
975 if( $found_ip_flag == 0) {
976 daemon_log("WARNING: no host found in known_clients with mac address '$answer_target'", 3);
977 if( $bus_activ eq "true" ) {
978 daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5);
979 my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'";
980 my $query_res = $known_server_db->select_dbentry( $sql_statement );
981 while( my ($hit_num, $hit) = each %{ $query_res } ) {
982 my $bus_address = $hit->{hostname};
983 my $bus_key = $hit->{hostkey};
984 &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header);
985 last;
986 }
987 }
989 }
990 } else {
991 # ... answer is for one specific host
993 # get encrypt_key
994 my $encrypt_key = &get_encrypt_key($answer_target);
995 if( not defined $encrypt_key ) {
996 # unknown target, forward msg to bus
997 daemon_log("WARNING: unknown target '$answer_target'", 3);
998 if( $bus_activ eq "true" ) {
999 daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5);
1000 my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'";
1001 my $query_res = $known_server_db->select_dbentry( $sql_statement );
1002 my $res_length = keys( %{$query_res} );
1003 if( $res_length == 0 ){
1004 daemon_log("WARNING: send '$answer_header' to '$bus_address' failed, no bus found in known_server", 3);
1005 }
1006 else {
1007 while( my ($hit_num, $hit) = each %{ $query_res } ) {
1008 my $bus_key = $hit->{hostkey};
1009 &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header);
1010 }
1011 }
1012 }
1013 next;
1014 }
1015 # send_msg
1016 &send_msg_to_target($answer, $answer_target, $encrypt_key, $answer_header);
1017 }
1018 }
1019 }
1020 }
1022 if( $client_answer ) {
1023 if( $client_answer =~ s/session_id=(\d+)$// ) {
1024 my $session_id = $1;
1025 if( defined $session_id ) {
1026 my $session_reference = $kernel->ID_id_to_session($session_id);
1027 $heap = $session_reference->get_heap();
1028 }
1029 }
1030 $heap->{client}->put($client_answer);
1031 }
1033 return;
1034 }
1038 sub trigger_db_loop {
1039 # my ($kernel) = $_[KERNEL];
1040 my ($kernel) = @_ ;
1041 $kernel->delay_set('watch_for_new_jobs', $job_queue_loop_delay);
1042 }
1045 sub watch_for_new_jobs {
1046 my ($kernel,$heap) = @_[KERNEL, HEAP];
1048 # check gosa job queue for jobs with executable timestamp
1049 my $timestamp = &get_time();
1051 my $sql_statement = "SELECT * FROM ".$job_queue_table_name.
1052 " WHERE status='waiting' AND timestamp<'$timestamp'";
1054 my $res = $job_db->select_dbentry( $sql_statement );
1056 while( my ($id, $hit) = each %{$res} ) {
1058 my $jobdb_id = $hit->{id};
1059 my $macaddress = $hit->{macaddress};
1060 my $job_msg_hash = &transform_msg2hash($hit->{xmlmessage});
1061 my $out_msg_hash = $job_msg_hash;
1062 my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$macaddress'";
1063 my $res_hash = $known_clients_db->select_dbentry( $sql_statement );
1064 # expect macaddress is unique!!!!!!
1065 my $target = $res_hash->{1}->{hostname};
1067 if (not defined $target) {
1068 &daemon_log("ERROR: no host found for mac address: $job_msg_hash->{mac}[0]", 1);
1069 &daemon_log("xml message: $hit->{xmlmessage}", 5);
1070 my $sql_statement = "UPDATE $job_queue_table_name ".
1071 "SET status='error', result='no host found for mac address' ".
1072 "WHERE id='$jobdb_id'";
1073 my $res = $job_db->update_dbentry($sql_statement);
1074 next;
1075 }
1077 # add target
1078 &add_content2xml_hash($out_msg_hash, "target", $target);
1080 # add new header
1081 my $out_header = $job_msg_hash->{header}[0];
1082 $out_header =~ s/job_/gosa_/;
1083 delete $out_msg_hash->{header};
1084 &add_content2xml_hash($out_msg_hash, "header", $out_header);
1086 # add sqlite_id
1087 &add_content2xml_hash($out_msg_hash, "jobdb_id", $jobdb_id);
1089 my $out_msg = &create_xml_string($out_msg_hash);
1091 # encrypt msg as a GosaPackage module
1092 my $cipher = &create_ciphering($GosaPackages_key);
1093 my $crypted_out_msg = &encrypt_msg($out_msg, $cipher);
1095 my $error = &send_msg_hash2address($out_msg_hash, "$gosa_ip:$gosa_port", $GosaPackages_key);
1097 if ($error == 0) {
1098 my $sql_statement = "UPDATE $job_queue_table_name ".
1099 "SET status='processing', targettag='$target' ".
1100 "WHERE id='$jobdb_id'";
1101 my $res = $job_db->update_dbentry($sql_statement);
1102 } else {
1103 my $sql_statement = "UPDATE $job_queue_table_name ".
1104 "SET status='error' ".
1105 "WHERE id='$jobdb_id'";
1106 my $res = $job_db->update_dbentry($sql_statement);
1107 }
1108 }
1110 $kernel->delay_set('watch_for_new_jobs',3);
1111 }
1114 #==== MAIN = main ==============================================================
1115 # parse commandline options
1116 Getopt::Long::Configure( "bundling" );
1117 GetOptions("h|help" => \&usage,
1118 "c|config=s" => \$cfg_file,
1119 "f|foreground" => \$foreground,
1120 "v|verbose+" => \$verbose,
1121 "no-bus+" => \$no_bus,
1122 "no-arp+" => \$no_arp,
1123 );
1125 # read and set config parameters
1126 &check_cmdline_param ;
1127 &read_configfile;
1128 &check_pid;
1130 $SIG{CHLD} = 'IGNORE';
1132 # forward error messages to logfile
1133 if( ! $foreground ) {
1134 open(STDERR, '>>', $log_file);
1135 open(STDOUT, '>>', $log_file);
1136 }
1138 # Just fork, if we are not in foreground mode
1139 if( ! $foreground ) {
1140 chdir '/' or die "Can't chdir to /: $!";
1141 $pid = fork;
1142 setsid or die "Can't start a new session: $!";
1143 umask 0;
1144 } else {
1145 $pid = $$;
1146 }
1148 # Do something useful - put our PID into the pid_file
1149 if( 0 != $pid ) {
1150 open( LOCK_FILE, ">$pid_file" );
1151 print LOCK_FILE "$pid\n";
1152 close( LOCK_FILE );
1153 if( !$foreground ) {
1154 exit( 0 )
1155 };
1156 }
1158 daemon_log(" ", 1);
1159 daemon_log("$0 started!", 1);
1161 if ($no_bus > 0) {
1162 $bus_activ = "false"
1163 }
1167 # delete old DBsqlite lock files
1168 #unlink('/tmp/gosa_si_lock*');
1170 # connect to gosa-si job queue
1171 my @job_col_names = ("id INTEGER", "timestamp", "status", "result", "headertag", "targettag", "xmlmessage", "macaddress");
1172 $job_db = GOSA::DBsqlite->new($job_queue_file_name);
1173 $job_db->create_table('jobs', \@job_col_names);
1175 # connect to known_clients_db
1176 my @clients_col_names = ('hostname', 'status', 'hostkey', 'timestamp', 'macaddress', 'events');
1177 $known_clients_db = GOSA::DBsqlite->new($known_clients_file_name);
1178 $known_clients_db->create_table('known_clients', \@clients_col_names);
1180 # connect to known_server_db
1181 my @server_col_names = ('hostname', 'status', 'hostkey', 'timestamp');
1182 $known_server_db = GOSA::DBsqlite->new($known_server_file_name);
1183 $known_server_db->create_table('known_server', \@server_col_names);
1185 # create xml object used for en/decrypting
1186 $xml = new XML::Simple();
1188 # create socket for incoming xml messages
1189 POE::Component::Server::TCP->new(
1190 Port => $server_port,
1191 ClientInput => \&client_input,
1192 );
1193 daemon_log("start socket for incoming xml messages at port '$server_port' ", 1);
1195 # create session for repeatedly checking the job queue for jobs
1196 POE::Session->create(
1197 inline_states => {
1198 _start => \&_start,
1199 watch_for_new_jobs => \&watch_for_new_jobs,
1200 }
1201 );
1204 # import all modules
1205 &import_modules;
1207 # check wether all modules are gosa-si valid passwd check
1209 POE::Kernel->run();
1210 exit;