1 #!/usr/bin/perl
2 #===============================================================================
3 #
4 # FILE: gosa-sd
5 #
6 # USAGE: ./gosa-sd
7 #
8 # DESCRIPTION:
9 #
10 # OPTIONS: ---
11 # REQUIREMENTS: libconfig-inifiles-perl libcrypt-rijndael-perl libxml-simple-perl
12 # libdata-dumper-simple-perl libdbd-sqlite3-perl libnet-ldap-perl
13 # libpoe-perl
14 # BUGS: ---
15 # NOTES:
16 # AUTHOR: (Andreas Rettenberger), <rettenberger@gonicus.de>
17 # COMPANY:
18 # VERSION: 1.0
19 # CREATED: 12.09.2007 08:54:41 CEST
20 # REVISION: ---
21 #===============================================================================
23 use strict;
24 use warnings;
25 use Getopt::Long;
26 use Config::IniFiles;
27 use POSIX;
29 use Fcntl;
30 use IO::Socket::INET;
31 use IO::Handle;
32 use IO::Select;
33 use Symbol qw(qualify_to_ref);
34 use Crypt::Rijndael;
35 use MIME::Base64;
36 use Digest::MD5 qw(md5 md5_hex md5_base64);
37 use XML::Simple;
38 use Data::Dumper;
39 use Sys::Syslog qw( :DEFAULT setlogsock);
40 use Cwd;
41 use File::Spec;
42 use File::Basename;
43 use GOSA::DBsqlite;
44 use POE qw(Component::Server::TCP);
46 my $modules_path = "/usr/lib/gosa-si/modules";
47 use lib "/usr/lib/gosa-si/modules";
49 my (%cfg_defaults, $foreground, $verbose, $ping_timeout);
50 my ($bus_activ, $bus, $msg_to_bus, $bus_cipher);
51 my ($server, $server_mac_address);
52 my ($gosa_server, $job_queue_timeout, $job_queue_table_name, $job_queue_file_name,$job_queue_loop_delay);
53 my ($known_modules, $known_clients_file_name, $known_server_file_name);
54 my ($pid_file, $procid, $pid, $log_file);
55 my ($arp_activ, $arp_fifo);
56 my ($xml);
58 # variables declared in config file are always set to 'our'
59 our (%cfg_defaults, $log_file, $pid_file,
60 $server_ip, $server_port, $SIPackages_key,
61 $arp_activ,
62 $GosaPackages_key, $gosa_ip, $gosa_port, $gosa_timeout,
63 );
65 # additional variable which should be globaly accessable
66 our $server_address;
67 our $bus_address;
68 our $gosa_address;
69 our $no_bus;
70 our $no_arp;
71 our $verbose;
72 our $forground;
73 our $cfg_file;
75 # specifies the verbosity of the daemon_log
76 $verbose = 0 ;
78 # if foreground is not null, script will be not forked to background
79 $foreground = 0 ;
81 # specifies the timeout seconds while checking the online status of a registrating client
82 $ping_timeout = 5;
84 $no_bus = 0;
85 $bus_activ = "true";
87 $no_arp = 0;
89 # name of table for storing gosa jobs
90 our $job_queue_table_name = 'jobs';
91 our $job_db;
93 # holds all other gosa-sd as well as the gosa-sd-bus
94 our $known_server_db;
96 # holds all registrated clients
97 our $known_clients_db;
98 our $prg= basename($0);
100 %cfg_defaults = (
101 "general" => {
102 "log-file" => [\$log_file, "/var/run/".$prg.".log"],
103 "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"],
104 },
105 "bus" => {
106 "activ" => [\$bus_activ, "true"],
107 },
108 "server" => {
109 # "ip" => [\$server_ip, "0.0.0.0"],
110 "port" => [\$server_port, "20081"],
111 "known-clients" => [\$known_clients_file_name, '/var/lib/gosa-si/clients.db' ],
112 "known-servers" => [\$known_server_file_name, '/var/lib/gosa-si/servers.db'],
113 },
114 "GOsaPackages" => {
115 "ip" => [\$gosa_ip, "0.0.0.0"],
116 "port" => [\$gosa_port, "20082"],
117 "job-queue" => [\$job_queue_file_name, '/var/lib/gosa-si/jobs.db'],
118 "job-queue-loop-delay" => [\$job_queue_loop_delay, 3],
119 "key" => [\$GosaPackages_key, "none"],
120 },
121 "SIPackages" => {
122 "key" => [\$SIPackages_key, "none"],
123 },
124 );
127 #=== FUNCTION ================================================================
128 # NAME: usage
129 # PARAMETERS: nothing
130 # RETURNS: nothing
131 # DESCRIPTION: print out usage text to STDERR
132 #===============================================================================
133 sub usage {
134 print STDERR << "EOF" ;
135 usage: $prg [-hvf] [-c config]
137 -h : this (help) message
138 -c <file> : config file
139 -f : foreground, process will not be forked to background
140 -v : be verbose (multiple to increase verbosity)
141 -no-bus : starts $prg without connection to bus
142 -no-arp : starts $prg without connection to arp module
144 EOF
145 print "\n" ;
146 }
149 #=== FUNCTION ================================================================
150 # NAME: read_configfile
151 # PARAMETERS: cfg_file - string -
152 # RETURNS: nothing
153 # DESCRIPTION: read cfg_file and set variables
154 #===============================================================================
155 sub read_configfile {
156 my $cfg;
157 if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
158 if( -r $cfg_file ) {
159 $cfg = Config::IniFiles->new( -file => $cfg_file );
160 } else {
161 print STDERR "Couldn't read config file!\n";
162 }
163 } else {
164 $cfg = Config::IniFiles->new() ;
165 }
166 foreach my $section (keys %cfg_defaults) {
167 foreach my $param (keys %{$cfg_defaults{ $section }}) {
168 my $pinfo = $cfg_defaults{ $section }{ $param };
169 ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
170 }
171 }
172 }
175 #=== FUNCTION ================================================================
176 # NAME: logging
177 # PARAMETERS: level - string - default 'info'
178 # msg - string -
179 # facility - string - default 'LOG_DAEMON'
180 # RETURNS: nothing
181 # DESCRIPTION: function for logging
182 #===============================================================================
183 sub daemon_log {
184 # log into log_file
185 my( $msg, $level ) = @_;
186 if(not defined $msg) { return }
187 if(not defined $level) { $level = 1 }
188 if(defined $log_file){
189 open(LOG_HANDLE, ">>$log_file");
190 if(not defined open( LOG_HANDLE, ">>$log_file" )) {
191 print STDERR "cannot open $log_file: $!";
192 return }
193 chomp($msg);
194 if($level <= $verbose){
195 my ($seconds, $minutes, $hours, $monthday, $month,
196 $year, $weekday, $yearday, $sommertime) = localtime(time);
197 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
198 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
199 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
200 my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
201 $month = $monthnames[$month];
202 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
203 $year+=1900;
204 my $name = $prg;
206 my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n";
207 print LOG_HANDLE $log_msg;
208 if( $foreground ) {
209 print STDERR $log_msg;
210 }
211 }
212 close( LOG_HANDLE );
213 }
214 #log into syslog
215 # my ($msg, $level, $facility) = @_;
216 # if(not defined $msg) {return}
217 # if(not defined $level) {$level = "info"}
218 # if(not defined $facility) {$facility = "LOG_DAEMON"}
219 # openlog($0, "pid,cons,", $facility);
220 # syslog($level, $msg);
221 # closelog;
222 # return;
223 }
226 sub get_time {
227 my ($seconds, $minutes, $hours, $monthday, $month,
228 $year, $weekday, $yearday, $sommertime) = localtime(time);
229 $hours = $hours < 10 ? $hours = "0".$hours : $hours;
230 $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
231 $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
232 $month+=1;
233 $month = $month < 10 ? $month = "0".$month : $month;
234 $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
235 $year+=1900;
236 return "$year$month$monthday$hours$minutes$seconds";
238 }
241 #=== FUNCTION ================================================================
242 # NAME: check_cmdline_param
243 # PARAMETERS: nothing
244 # RETURNS: nothing
245 # DESCRIPTION: validates commandline parameter
246 #===============================================================================
247 sub check_cmdline_param () {
248 my $err_config;
249 my $err_counter = 0;
250 if(not defined($cfg_file)) {
251 $cfg_file = "/etc/gosa-si/server.conf";
252 if(! -r $cfg_file) {
253 $err_config = "please specify a config file";
254 $err_counter += 1;
255 }
256 }
257 if( $err_counter > 0 ) {
258 &usage( "", 1 );
259 if( defined( $err_config)) { print STDERR "$err_config\n"}
260 print STDERR "\n";
261 exit( -1 );
262 }
263 }
266 #=== FUNCTION ================================================================
267 # NAME: check_pid
268 # PARAMETERS: nothing
269 # RETURNS: nothing
270 # DESCRIPTION: handels pid processing
271 #===============================================================================
272 sub check_pid {
273 $pid = -1;
274 # Check, if we are already running
275 if( open(LOCK_FILE, "<$pid_file") ) {
276 $pid = <LOCK_FILE>;
277 if( defined $pid ) {
278 chomp( $pid );
279 if( -f "/proc/$pid/stat" ) {
280 my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
281 if( $0 eq $stat ) {
282 close( LOCK_FILE );
283 exit -1;
284 }
285 }
286 }
287 close( LOCK_FILE );
288 unlink( $pid_file );
289 }
291 # create a syslog msg if it is not to possible to open PID file
292 if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
293 my($msg) = "Couldn't obtain lockfile '$pid_file' ";
294 if (open(LOCK_FILE, '<', $pid_file)
295 && ($pid = <LOCK_FILE>))
296 {
297 chomp($pid);
298 $msg .= "(PID $pid)\n";
299 } else {
300 $msg .= "(unable to read PID)\n";
301 }
302 if( ! ($foreground) ) {
303 openlog( $0, "cons,pid", "daemon" );
304 syslog( "warning", $msg );
305 closelog();
306 }
307 else {
308 print( STDERR " $msg " );
309 }
310 exit( -1 );
311 }
312 }
314 #=== FUNCTION ================================================================
315 # NAME: import_modules
316 # PARAMETERS: module_path - string - abs. path to the directory the modules
317 # are stored
318 # RETURNS: nothing
319 # DESCRIPTION: each file in module_path which ends with '.pm' and activation
320 # state is on is imported by "require 'file';"
321 #===============================================================================
322 sub import_modules {
323 daemon_log(" ", 1);
325 if (not -e $modules_path) {
326 daemon_log("ERROR: cannot find directory or directory is not readable: $modules_path", 1);
327 }
329 opendir (DIR, $modules_path) or die "ERROR while loading modules from directory $modules_path : $!\n";
330 while (defined (my $file = readdir (DIR))) {
331 if (not $file =~ /(\S*?).pm$/) {
332 next;
333 }
334 my $mod_name = $1;
336 if( $file =~ /ArpHandler.pm/ ) {
337 if( $no_arp > 0 ) {
338 next;
339 }
340 }
342 eval { require $file; };
343 if ($@) {
344 daemon_log("ERROR: gosa-si-server could not load module $file", 1);
345 daemon_log("$@", 5);
346 } else {
347 my $info = eval($mod_name.'::get_module_info()');
348 # Only load module if get_module_info() returns a non-null object
349 if( $info ) {
350 my ($input_address, $input_key, $input, $input_active, $input_type) = @{$info};
351 $known_modules->{$mod_name} = $info;
352 daemon_log("module $mod_name loaded", 1);
353 }
354 }
355 }
356 close (DIR);
357 }
360 #=== FUNCTION ================================================================
361 # NAME: sig_int_handler
362 # PARAMETERS: signal - string - signal arose from system
363 # RETURNS: noting
364 # DESCRIPTION: handels tasks to be done befor signal becomes active
365 #===============================================================================
366 sub sig_int_handler {
367 my ($signal) = @_;
369 daemon_log("shutting down gosa-si-server", 1);
370 exit(1);
371 }
372 $SIG{INT} = \&sig_int_handler;
376 sub check_key_and_xml_validity {
377 my ($crypted_msg, $module_key) = @_;
378 #print STDERR "crypted_msg:$crypted_msg\n";
379 #print STDERR "modul_key:$module_key\n";
381 my $msg;
382 my $msg_hash;
383 eval{
384 $msg = &decrypt_msg($crypted_msg, $module_key);
386 if ($msg =~ /<xml>/i){
387 &main::daemon_log("decrypted_msg: \n$msg", 8);
388 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
390 # check header
391 my $header_l = $msg_hash->{'header'};
392 if( 1 != @{$header_l} ) {
393 die 'header error';
394 }
395 my $header = @{$header_l}[0];
396 if( 0 == length $header) {
397 die 'header error';
398 }
400 # check source
401 my $source_l = $msg_hash->{'source'};
402 if( not defined @{$source_l} or 1 != @{$source_l} ) {
403 die 'source error';
404 }
405 my $source = @{$source_l}[0];
406 if( 0 == length $source) {
407 die 'source error';
408 }
410 # check target
411 my $target_l = $msg_hash->{'target'};
412 if( 1 != @{$target_l} ) {
413 die'target error';
414 }
415 my $target = @{$target_l}[0];
416 if( 0 == length $target) {
417 die 'target error';
418 }
419 }
420 };
421 if($@) {
422 &main::daemon_log("WARNING: do not understand the message", 5);
423 &main::daemon_log("$@", 8);
424 }
426 return ($msg, $msg_hash);
427 }
430 sub check_outgoing_xml_validity {
431 my ($msg) = @_;
433 my $msg_hash;
434 eval{
435 $msg_hash = $xml->XMLin($msg, ForceArray=>1);
437 ##############
438 # check header
439 my $header_l = $msg_hash->{'header'};
440 if( 1 != @{$header_l} ) {
441 die 'no or more than one headers specified';
442 }
443 my $header = @{$header_l}[0];
444 if( 0 == length $header) {
445 die 'header has length 0';
446 }
448 ##############
449 # check source
450 my $source_l = $msg_hash->{'source'};
451 if( 1 != @{$source_l} ) {
452 die 'no or more than 1 sources specified';
453 }
454 my $source = @{$source_l}[0];
455 if( 0 == length $source) {
456 die 'source has length 0';
457 }
458 unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
459 $source =~ /^GOSA$/i ) {
460 die "source '$source' is neither a complete ip-address with port nor 'GOSA'";
461 }
463 ##############
464 # check target
465 my $target_l = $msg_hash->{'target'};
466 if( 0 == @{$target_l} ) {
467 die "no targets specified";
468 }
469 foreach my $target (@$target_l) {
470 if( 0 == length $target) {
471 die "target has length 0";
472 }
473 unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
474 $target =~ /^GOSA$/i ||
475 $target =~ /^\*$/ ||
476 $target =~ /KNOWN_SERVER/i ||
477 $target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ){
478 die "target '$target' is not a complete ip-address with port or a valid target name or a mac-address";
479 }
480 }
481 };
482 if($@) {
483 daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5);
484 daemon_log("$@ $msg", 8);
485 $msg_hash = undef;
486 }
488 return ($msg_hash);
489 }
492 sub input_from_known_server {
493 my ($input, $remote_ip) = @_ ;
494 my ($msg, $msg_hash, $module);
496 my $sql_statement= "SELECT * FROM known_server";
497 my $query_res = $known_server_db->select_dbentry( $sql_statement );
499 while( my ($hit_num, $hit) = each %{ $query_res } ) {
500 my $host_name = $hit->{hostname};
501 if( not $host_name =~ "^$remote_ip") {
502 next;
503 }
504 my $host_key = $hit->{hostkey};
505 daemon_log("SIPackages: known_server host_name: $host_name", 7);
506 daemon_log("SIPackages: known_server host_key: $host_key", 7);
508 # check if module can open msg envelope with module key
509 my ($tmp_msg, $tmp_msg_hash) = &check_key_and_xml_validity($input, $host_key);
510 if( (!$tmp_msg) || (!$tmp_msg_hash) ) {
511 daemon_log("SIPackages: deciphering raise error", 7);
512 daemon_log("$@", 8);
513 next;
514 }
515 else {
516 $msg = $tmp_msg;
517 $msg_hash = $tmp_msg_hash;
518 $module = "SIPackages";
519 last;
520 }
521 }
523 if( (!$msg) || (!$msg_hash) || (!$module) ) {
524 daemon_log("Incoming message is not from a known server", 3);
525 }
527 return ($msg, $msg_hash, $module);
528 }
531 sub input_from_known_client {
532 my ($input, $remote_ip) = @_ ;
533 my ($msg, $msg_hash, $module);
535 my $sql_statement= "SELECT * FROM known_clients";
536 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
537 while( my ($hit_num, $hit) = each %{ $query_res } ) {
538 my $host_name = $hit->{hostname};
539 if( not $host_name =~ /^$remote_ip:\d*$/) {
540 next;
541 }
542 my $host_key = $hit->{hostkey};
543 &daemon_log("SIPackages: known_client host_name: $host_name", 7);
544 &daemon_log("SIPackages: known_client host_key: $host_key", 7);
546 # check if module can open msg envelope with module key
547 ($msg, $msg_hash) = &check_key_and_xml_validity($input, $host_key);
549 if( (!$msg) || (!$msg_hash) ) {
550 &daemon_log("SIPackages: deciphering raise error", 7);
551 &daemon_log("$@", 8);
552 next;
553 }
554 else {
555 $module = "SIPackages";
556 last;
557 }
558 }
560 if( (!$msg) || (!$msg_hash) || (!$module) ) {
561 &daemon_log("Incoming message is not from a known client", 3);
562 }
564 return ($msg, $msg_hash, $module);
565 }
568 sub input_from_unknown_host {
569 no strict "refs";
570 my ($input) = @_ ;
571 my ($msg, $msg_hash, $module);
573 my %act_modules = %$known_modules;
575 while( my ($mod, $info) = each(%act_modules)) {
577 # check a key exists for this module
578 my $module_key = ${$mod."_key"};
579 if( ! $module_key ) {
580 if( $mod eq 'ArpHandler' ) {
581 next;
582 }
583 daemon_log("ERROR: no key specified in config file for $mod", 1);
584 next;
585 }
586 daemon_log("$mod: $module_key", 5);
588 # check if module can open msg envelope with module key
589 ($msg, $msg_hash) = &check_key_and_xml_validity($input, $module_key);
590 if( (!$msg) || (!$msg_hash) ) {
591 #daemon_log("$mod: deciphering failed", 5);
592 next;
593 }
594 else {
595 $module = $mod;
596 last;
597 }
598 }
600 if( (!$msg) || (!$msg_hash) || (!$module)) {
601 daemon_log("Incoming message is not from a unknown host", 5);
602 }
604 return ($msg, $msg_hash, $module);
605 }
607 sub create_ciphering {
608 my ($passwd) = @_;
609 if((!defined($passwd)) || length($passwd)==0) {
610 $passwd = "";
611 }
612 $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
613 my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
614 my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
615 $my_cipher->set_iv($iv);
616 return $my_cipher;
617 }
620 sub encrypt_msg {
621 my ($msg, $key) = @_;
622 my $my_cipher = &create_ciphering($key);
623 {
624 use bytes;
625 $msg = "\0"x(16-length($msg)%16).$msg;
626 }
627 $msg = $my_cipher->encrypt($msg);
628 chomp($msg = &encode_base64($msg));
629 # there are no newlines allowed inside msg
630 $msg=~ s/\n//g;
631 return $msg;
632 }
635 sub decrypt_msg {
636 my ($msg, $key) = @_ ;
637 $msg = &decode_base64($msg);
638 my $my_cipher = &create_ciphering($key);
639 $msg = $my_cipher->decrypt($msg);
640 $msg =~ s/\0*//g;
641 return $msg;
642 }
645 sub get_encrypt_key {
646 my ($target) = @_ ;
647 my $encrypt_key;
648 my $error = 0;
650 # target can be in known_server
651 if( not defined $encrypt_key ) {
652 my $sql_statement= "SELECT * FROM known_server WHERE hostname='$target'";
653 my $query_res = $known_server_db->select_dbentry( $sql_statement );
654 while( my ($hit_num, $hit) = each %{ $query_res } ) {
655 my $host_name = $hit->{hostname};
656 if( $host_name ne $target ) {
657 next;
658 }
659 $encrypt_key = $hit->{hostkey};
660 last;
661 }
662 }
664 # target can be in known_client
665 if( not defined $encrypt_key ) {
666 my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$target'";
667 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
668 while( my ($hit_num, $hit) = each %{ $query_res } ) {
669 my $host_name = $hit->{hostname};
670 if( $host_name ne $target ) {
671 next;
672 }
673 $encrypt_key = $hit->{hostkey};
674 last;
675 }
676 }
678 return $encrypt_key;
679 }
682 #=== FUNCTION ================================================================
683 # NAME: open_socket
684 # PARAMETERS: PeerAddr string something like 192.168.1.1 or 192.168.1.1:10000
685 # [PeerPort] string necessary if port not appended by PeerAddr
686 # RETURNS: socket IO::Socket::INET
687 # DESCRIPTION: open a socket to PeerAddr
688 #===============================================================================
689 sub open_socket {
690 my ($PeerAddr, $PeerPort) = @_ ;
691 if(defined($PeerPort)){
692 $PeerAddr = $PeerAddr.":".$PeerPort;
693 }
694 my $socket;
695 $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
696 Porto => "tcp",
697 Type => SOCK_STREAM,
698 Timeout => 5,
699 );
700 if(not defined $socket) {
701 return;
702 }
703 &daemon_log("open_socket: $PeerAddr", 7);
704 return $socket;
705 }
708 #=== FUNCTION ================================================================
709 # NAME: get_ip
710 # PARAMETERS: interface name (i.e. eth0)
711 # RETURNS: (ip address)
712 # DESCRIPTION: Uses ioctl to get ip address directly from system.
713 #===============================================================================
714 sub get_ip {
715 my $ifreq= shift;
716 my $result= "";
717 my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
718 my $proto= getprotobyname('ip');
720 socket SOCKET, PF_INET, SOCK_DGRAM, $proto
721 or die "socket: $!";
723 if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
724 my ($if, $sin) = unpack 'a16 a16', $ifreq;
725 my ($port, $addr) = sockaddr_in $sin;
726 my $ip = inet_ntoa $addr;
728 if ($ip && length($ip) > 0) {
729 $result = $ip;
730 }
731 }
733 return $result;
734 }
736 sub get_local_ip_for_remote_ip {
737 my $remote_ip= shift;
738 my $result="0.0.0.0";
740 if($remote_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
741 if($remote_ip eq "127.0.0.1") {
742 $result = "127.0.0.1";
743 } else {
744 my $PROC_NET_ROUTE= ('/proc/net/route');
746 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
747 or die "Could not open $PROC_NET_ROUTE";
749 my @ifs = <PROC_NET_ROUTE>;
751 close(PROC_NET_ROUTE);
753 # Eat header line
754 shift @ifs;
755 chomp @ifs;
756 foreach my $line(@ifs) {
757 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
758 my $destination;
759 my $mask;
760 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
761 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
762 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
763 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
764 if(new NetAddr::IP($remote_ip)->within(new NetAddr::IP($destination, $mask))) {
765 # destination matches route, save mac and exit
766 $result= &get_ip($Iface);
767 last;
768 }
769 }
770 }
771 } else {
772 daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $remote_ip", 1);
773 }
774 return $result;
775 }
777 sub send_msg_to_target {
778 my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
779 my $error = 0;
780 my $header;
781 my $new_status;
782 my $act_status;
783 my ($sql_statement, $res);
785 if( $msg_header ) {
786 $header = "'$msg_header'-";
787 }
788 else {
789 $header = "";
790 }
792 # Patch the source ip
793 if($msg =~ /<source>0\.0\.0\.0:\d*?<\/source>/) {
794 my $remote_ip = &get_local_ip_for_remote_ip(sprintf("%s", $address =~ /^([0-9\.]*?):.*$/));
795 $msg =~ s/<source>(0\.0\.0\.0):(\d*?)<\/source>/<source>$remote_ip:$2<\/source>/s;
796 }
798 # encrypt xml msg
799 my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
801 # opensocket
802 my $socket = &open_socket($address);
803 if( !$socket ) {
804 daemon_log("cannot send ".$header."msg to $address , host not reachable", 1);
805 $error++;
806 }
808 if( $error == 0 ) {
809 # send xml msg
810 print $socket $crypted_msg."\n";
812 daemon_log("send ".$header."msg to $address", 1);
813 daemon_log("message:\n$msg", 8);
815 }
817 # close socket in any case
818 if( $socket ) {
819 close $socket;
820 }
822 if( $error > 0 ) { $new_status = "down"; }
823 else { $new_status = $msg_header; }
826 # known_clients
827 $sql_statement = "SELECT * FROM known_clients WHERE hostname='$address'";
828 $res = $known_clients_db->select_dbentry($sql_statement);
829 if( keys(%$res) > 0) {
830 $act_status = $res->{1}->{'status'};
831 if( $act_status eq "down" ) {
832 $sql_statement = "DELETE FROM known_clients WHERE hostname='$address'";
833 $res = $known_clients_db->del_dbentry($sql_statement);
834 daemon_log("WARNING: failed 2x to send msg to host '$address', delete host from known_clients", 3);
835 }
836 else {
837 $sql_statement = "UPDATE known_clients SET status='$new_status' WHERE hostname='$address'";
838 $res = $known_clients_db->update_dbentry($sql_statement);
839 if($new_status eq "down"){
840 daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3);
841 }
842 else {
843 daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5);
844 }
845 }
846 }
848 # known_server
849 $sql_statement = "SELECT * FROM known_server WHERE hostname='$address'";
850 $res = $known_server_db->select_dbentry($sql_statement);
851 if( keys(%$res) > 0 ) {
852 $act_status = $res->{1}->{'status'};
853 if( $act_status eq "down" ) {
854 $sql_statement = "DELETE FROM known_server WHERE hostname='$address'";
855 $res = $known_server_db->del_dbentry($sql_statement);
856 daemon_log("WARNING: failed 2x to a send msg to host '$address', delete host from known_server", 3);
857 }
858 else {
859 $sql_statement = "UPDATE known_server SET status='$new_status' WHERE hostname='$address'";
860 $res = $known_server_db->update_dbentry($sql_statement);
861 if($new_status eq "down"){
862 daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3);
863 }
864 else {
865 daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5);
866 }
867 }
868 }
870 return;
871 }
874 sub _start {
875 my ($kernel) = $_[KERNEL];
876 &trigger_db_loop($kernel);
877 }
880 sub client_input {
881 no strict "refs";
882 my ($kernel, $session, $heap,$input,$wheel) = @_[KERNEL, SESSION, HEAP, ARG0, ARG1];
883 my $session_id = $session->ID;
884 my ($msg, $msg_hash, $module);
885 my $error = 0;
886 my $answer_l;
887 my ($answer_header, @answer_target_l, $answer_source);
888 my $client_answer;
890 daemon_log("Incoming msg from '".$heap->{'remote_ip'}."'", 7);
891 daemon_log("\n$input", 8);
893 ####################
894 # check incoming msg
895 # msg is from a new client or gosa
896 ($msg, $msg_hash, $module) = &input_from_unknown_host($input);
897 # msg is from a gosa-si-server or gosa-si-bus
898 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
899 ($msg, $msg_hash, $module) = &input_from_known_server($input, $heap->{'remote_ip'});
900 }
901 # msg is from a gosa-si-client
902 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
903 ($msg, $msg_hash, $module) = &input_from_known_client($input, $heap->{'remote_ip'});
904 }
905 # an error occurred
906 if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
907 $error++;
908 }
910 ######################
911 # process incoming msg
912 if( $error == 0) {
913 daemon_log("Processing module ".$module, 5);
914 $answer_l = &{ $module."::process_incoming_msg" }($msg, $msg_hash, $session_id);
916 if ( 0 > @{$answer_l} ) {
917 my $answer_str = join("\n", @{$answer_l});
918 daemon_log("$module: Got answer from module: \n".$answer_str,8);
919 }
920 }
921 if( !$answer_l ) { $error++ };
923 ########
924 # answer
925 if( $error == 0 ) {
927 foreach my $answer ( @{$answer_l} ) {
928 # for each answer in answer list
930 # check outgoing msg to xml validity
931 my $answer_hash = &check_outgoing_xml_validity($answer);
932 if( not defined $answer_hash ) {
933 next;
934 }
936 $answer_header = @{$answer_hash->{'header'}}[0];
937 @answer_target_l = @{$answer_hash->{'target'}};
938 $answer_source = @{$answer_hash->{'source'}}[0];
940 # deliver msg to all targets
941 foreach my $answer_target ( @answer_target_l ) {
942 if( $answer_target eq "*" ) {
943 # answer is for all clients
944 my $sql_statement= "SELECT * FROM known_clients";
945 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
946 while( my ($hit_num, $hit) = each %{ $query_res } ) {
947 my $host_name = $hit->{hostname};
948 my $host_key = $hit->{hostkey};
949 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
950 }
951 }
952 elsif( $answer_target eq "GOSA" ) {
953 $answer =~ /<session_id>(\d+)<\/session_id>/;
954 my $session_id = $1;
955 my $add_on = "";
957 if( defined $session_id ) {
958 $add_on = ".session_id=$session_id";
959 }
961 # answer is for GOSA and has to returned to connected client
962 my $gosa_answer = &encrypt_msg($answer, $GosaPackages_key);
963 $client_answer = $gosa_answer.$add_on;
964 }
965 elsif( $answer_target eq "KNOWN_SERVER" ) {
966 # answer is for all server in known_server
967 my $sql_statement= "SELECT * FROM known_server";
968 my $query_res = $known_server_db->select_dbentry( $sql_statement );
969 while( my ($hit_num, $hit) = each %{ $query_res } ) {
970 my $host_name = $hit->{hostname};
971 my $host_key = $hit->{hostkey};
972 $answer =~ s/KNOWN_SERVER/$host_name/g;
973 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
974 }
975 }
976 elsif( $answer_target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ) {
977 daemon_log("target is mac address '$answer_target', looking for host in known_clients", 3);
978 my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$answer_target'";
979 my $query_res = $known_clients_db->select_dbentry( $sql_statement );
980 my $found_ip_flag = 0;
981 while( my ($hit_num, $hit) = each %{ $query_res } ) {
982 my $host_name = $hit->{hostname};
983 my $host_key = $hit->{hostkey};
984 $answer =~ s/$answer_target/$host_name/g;
985 daemon_log("found host '$host_name', assoziated to '$answer_target'", 3);
986 &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
987 $found_ip_flag++ ;
988 }
989 if( $found_ip_flag == 0) {
990 daemon_log("WARNING: no host found in known_clients with mac address '$answer_target'", 3);
991 if( $bus_activ eq "true" ) {
992 daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5);
993 my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'";
994 my $query_res = $known_server_db->select_dbentry( $sql_statement );
995 while( my ($hit_num, $hit) = each %{ $query_res } ) {
996 my $bus_address = $hit->{hostname};
997 my $bus_key = $hit->{hostkey};
998 &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header);
999 last;
1000 }
1001 }
1003 }
1004 } else {
1005 # ... answer is for one specific host
1007 # get encrypt_key
1008 my $encrypt_key = &get_encrypt_key($answer_target);
1009 if( not defined $encrypt_key ) {
1010 # unknown target, forward msg to bus
1011 daemon_log("WARNING: unknown target '$answer_target'", 3);
1012 if( $bus_activ eq "true" ) {
1013 daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5);
1014 my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'";
1015 my $query_res = $known_server_db->select_dbentry( $sql_statement );
1016 my $res_length = keys( %{$query_res} );
1017 if( $res_length == 0 ){
1018 daemon_log("WARNING: send '$answer_header' to '$bus_address' failed, no bus found in known_server", 3);
1019 }
1020 else {
1021 while( my ($hit_num, $hit) = each %{ $query_res } ) {
1022 my $bus_key = $hit->{hostkey};
1023 &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header);
1024 }
1025 }
1026 }
1027 next;
1028 }
1029 # send_msg
1030 &send_msg_to_target($answer, $answer_target, $encrypt_key, $answer_header);
1031 }
1032 }
1033 }
1034 }
1036 if( $client_answer ) {
1037 if( $client_answer =~ s/session_id=(\d+)$// ) {
1038 my $session_id = $1;
1039 if( defined $session_id ) {
1040 my $session_reference = $kernel->ID_id_to_session($session_id);
1041 $heap = $session_reference->get_heap();
1042 }
1043 }
1044 $heap->{client}->put($client_answer);
1045 }
1047 return;
1048 }
1052 sub trigger_db_loop {
1053 # my ($kernel) = $_[KERNEL];
1054 my ($kernel) = @_ ;
1055 $kernel->delay_set('watch_for_new_jobs', $job_queue_loop_delay);
1056 }
1059 sub watch_for_new_jobs {
1060 my ($kernel,$heap) = @_[KERNEL, HEAP];
1062 # check gosa job queue for jobs with executable timestamp
1063 my $timestamp = &get_time();
1065 my $sql_statement = "SELECT * FROM ".$job_queue_table_name.
1066 " WHERE status='waiting' AND timestamp<'$timestamp'";
1068 my $res = $job_db->select_dbentry( $sql_statement );
1070 while( my ($id, $hit) = each %{$res} ) {
1072 my $jobdb_id = $hit->{id};
1073 my $macaddress = $hit->{macaddress};
1074 my $job_msg_hash = &transform_msg2hash($hit->{xmlmessage});
1075 my $out_msg_hash = $job_msg_hash;
1076 my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$macaddress'";
1077 my $res_hash = $known_clients_db->select_dbentry( $sql_statement );
1078 # expect macaddress is unique!!!!!!
1079 my $target = $res_hash->{1}->{hostname};
1081 if (not defined $target) {
1082 &daemon_log("ERROR: no host found for mac address: $job_msg_hash->{mac}[0]", 1);
1083 &daemon_log("xml message: $hit->{xmlmessage}", 5);
1084 my $sql_statement = "UPDATE $job_queue_table_name ".
1085 "SET status='error', result='no host found for mac address' ".
1086 "WHERE id='$jobdb_id'";
1087 my $res = $job_db->update_dbentry($sql_statement);
1088 next;
1089 }
1091 # add target
1092 &add_content2xml_hash($out_msg_hash, "target", $target);
1094 # add new header
1095 my $out_header = $job_msg_hash->{header}[0];
1096 $out_header =~ s/job_/gosa_/;
1097 delete $out_msg_hash->{header};
1098 &add_content2xml_hash($out_msg_hash, "header", $out_header);
1100 # add sqlite_id
1101 &add_content2xml_hash($out_msg_hash, "jobdb_id", $jobdb_id);
1103 my $out_msg = &create_xml_string($out_msg_hash);
1105 # encrypt msg as a GosaPackage module
1106 my $cipher = &create_ciphering($GosaPackages_key);
1107 my $crypted_out_msg = &encrypt_msg($out_msg, $cipher);
1109 my $error = &send_msg_hash2address($out_msg_hash, "$gosa_ip:$gosa_port", $GosaPackages_key);
1111 if ($error == 0) {
1112 my $sql_statement = "UPDATE $job_queue_table_name ".
1113 "SET status='processing', targettag='$target' ".
1114 "WHERE id='$jobdb_id'";
1115 my $res = $job_db->update_dbentry($sql_statement);
1116 } else {
1117 my $sql_statement = "UPDATE $job_queue_table_name ".
1118 "SET status='error' ".
1119 "WHERE id='$jobdb_id'";
1120 my $res = $job_db->update_dbentry($sql_statement);
1121 }
1122 }
1124 $kernel->delay_set('watch_for_new_jobs',3);
1125 }
1128 #==== MAIN = main ==============================================================
1129 # parse commandline options
1130 Getopt::Long::Configure( "bundling" );
1131 GetOptions("h|help" => \&usage,
1132 "c|config=s" => \$cfg_file,
1133 "f|foreground" => \$foreground,
1134 "v|verbose+" => \$verbose,
1135 "no-bus+" => \$no_bus,
1136 "no-arp+" => \$no_arp,
1137 );
1139 # read and set config parameters
1140 &check_cmdline_param ;
1141 &read_configfile;
1142 &check_pid;
1144 $SIG{CHLD} = 'IGNORE';
1146 # forward error messages to logfile
1147 if( ! $foreground ) {
1148 open(STDERR, '>>', $log_file);
1149 open(STDOUT, '>>', $log_file);
1150 }
1152 # Just fork, if we are not in foreground mode
1153 if( ! $foreground ) {
1154 chdir '/' or die "Can't chdir to /: $!";
1155 $pid = fork;
1156 setsid or die "Can't start a new session: $!";
1157 umask 0;
1158 } else {
1159 $pid = $$;
1160 }
1162 # Do something useful - put our PID into the pid_file
1163 if( 0 != $pid ) {
1164 open( LOCK_FILE, ">$pid_file" );
1165 print LOCK_FILE "$pid\n";
1166 close( LOCK_FILE );
1167 if( !$foreground ) {
1168 exit( 0 )
1169 };
1170 }
1172 daemon_log(" ", 1);
1173 daemon_log("$0 started!", 1);
1175 if ($no_bus > 0) {
1176 $bus_activ = "false"
1177 }
1181 # delete old DBsqlite lock files
1182 #unlink('/tmp/gosa_si_lock*');
1184 # connect to gosa-si job queue
1185 my @job_col_names = ("id INTEGER", "timestamp", "status", "result", "headertag", "targettag", "xmlmessage", "macaddress");
1186 $job_db = GOSA::DBsqlite->new($job_queue_file_name);
1187 $job_db->create_table('jobs', \@job_col_names);
1189 # connect to known_clients_db
1190 my @clients_col_names = ('hostname', 'status', 'hostkey', 'timestamp', 'macaddress', 'events');
1191 $known_clients_db = GOSA::DBsqlite->new($known_clients_file_name);
1192 $known_clients_db->create_table('known_clients', \@clients_col_names);
1194 # connect to known_server_db
1195 my @server_col_names = ('hostname', 'status', 'hostkey', 'timestamp');
1196 $known_server_db = GOSA::DBsqlite->new($known_server_file_name);
1197 $known_server_db->create_table('known_server', \@server_col_names);
1199 # create xml object used for en/decrypting
1200 $xml = new XML::Simple();
1202 # create socket for incoming xml messages
1203 POE::Component::Server::TCP->new(
1204 Port => $server_port,
1205 ClientInput => \&client_input,
1206 );
1207 daemon_log("start socket for incoming xml messages at port '$server_port' ", 1);
1209 # create session for repeatedly checking the job queue for jobs
1210 POE::Session->create(
1211 inline_states => {
1212 _start => \&_start,
1213 watch_for_new_jobs => \&watch_for_new_jobs,
1214 }
1215 );
1218 # import all modules
1219 &import_modules;
1221 # check wether all modules are gosa-si valid passwd check
1223 POE::Kernel->run();
1224 exit;