Code killing

[gosa.git] / gosa-si / gosa-si-server

#!/usr/bin/perl
#===============================================================================
#
#         FILE:  gosa-sd
#
#        USAGE:  ./gosa-sd
#
#  DESCRIPTION:
#
#      OPTIONS:  ---
# REQUIREMENTS:  libconfig-inifiles-perl libcrypt-rijndael-perl libxml-simple-perl 
#                libdata-dumper-simple-perl libdbd-sqlite3-perl libnet-ldap-perl
#                libpoe-perl
#         BUGS:  ---
#        NOTES:
#       AUTHOR:   (Andreas Rettenberger), <rettenberger@gonicus.de>
#      COMPANY:
#      VERSION:  1.0
#      CREATED:  12.09.2007 08:54:41 CEST
#     REVISION:  ---
#===============================================================================

use strict;
use warnings;
use Getopt::Long;
use Config::IniFiles;
use POSIX;
use utf8;

use Fcntl;
use IO::Socket::INET;
use IO::Handle;
use IO::Select;
use Symbol qw(qualify_to_ref);
use Crypt::Rijndael;
use MIME::Base64;
use Digest::MD5  qw(md5 md5_hex md5_base64);
use XML::Simple;
use Data::Dumper;
use Sys::Syslog qw( :DEFAULT setlogsock);
use Cwd;
use File::Spec;
use File::Basename;
use GOSA::DBsqlite;
use GOSA::GosaSupportDaemon;
use POE qw(Component::Server::TCP);

my $modules_path = "/usr/lib/gosa-si/modules";
use lib "/usr/lib/gosa-si/modules";

my (%cfg_defaults, $foreground, $verbose, $ping_timeout);
my ($bus_activ, $bus, $msg_to_bus, $bus_cipher);
my ($server, $server_mac_address);
my ($gosa_server, $job_queue_timeout, $job_queue_table_name, $job_queue_file_name,$job_queue_loop_delay);
my ($known_modules, $known_clients_file_name, $known_server_file_name);
my ($pid_file, $procid, $pid, $log_file);
my ($arp_activ, $arp_fifo);
my ($xml);

# variables declared in config file are always set to 'our'
our (%cfg_defaults, $log_file, $pid_file, 
    $server_ip, $server_port, $SIPackages_key, 
    $arp_activ, $gosa_unit_tag,
    $GosaPackages_key, $gosa_ip, $gosa_port, $gosa_timeout,
);

# additional variable which should be globaly accessable
our $server_address;
our $bus_address;
our $gosa_address;
our $no_bus;
our $no_arp;
our $verbose;
our $forground;
our $cfg_file;

# specifies the verbosity of the daemon_log
$verbose = 0 ;

# if foreground is not null, script will be not forked to background
$foreground = 0 ;

# specifies the timeout seconds while checking the online status of a registrating client
$ping_timeout = 5;

$no_bus = 0;
$bus_activ = "true";

$no_arp = 0;

# holds all gosa jobs
our $job_db;
our $job_queue_table_name = 'jobs';

# holds all other gosa-sd as well as the gosa-sd-bus
our $known_server_db;

# holds all registrated clients
our $known_clients_db;
our $prg= basename($0);

%cfg_defaults = (
"general" => {
    "log-file" => [\$log_file, "/var/run/".$prg.".log"],
    "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"],
    },
"bus" => {
    "activ" => [\$bus_activ, "true"],
    },
"server" => {
#    "ip" => [\$server_ip, "0.0.0.0"],  
    "port" => [\$server_port, "20081"],
    "known-clients" => [\$known_clients_file_name, '/var/lib/gosa-si/clients.db' ],
    "known-servers" => [\$known_server_file_name, '/var/lib/gosa-si/servers.db'],
        "gosa-unit-tag" => [\$gosa_unit_tag, ""],
    },
"GOsaPackages" => {
    "ip" => [\$gosa_ip, "0.0.0.0"],
    "port" => [\$gosa_port, "20082"],
    "job-queue" => [\$job_queue_file_name, '/var/lib/gosa-si/jobs.db'],
    "job-queue-loop-delay" => [\$job_queue_loop_delay, 3],
    "key" => [\$GosaPackages_key, "none"],
    },
"SIPackages" => {
    "key" => [\$SIPackages_key, "none"],
    },
);


#===  FUNCTION  ================================================================
#         NAME:  usage
#   PARAMETERS:  nothing
#      RETURNS:  nothing
#  DESCRIPTION:  print out usage text to STDERR
#===============================================================================
sub usage {
    print STDERR << "EOF" ;
usage: $prg [-hvf] [-c config]

           -h        : this (help) message
           -c <file> : config file
           -f        : foreground, process will not be forked to background
           -v        : be verbose (multiple to increase verbosity)
           -no-bus   : starts $prg without connection to bus
           -no-arp   : starts $prg without connection to arp module
 
EOF
    print "\n" ;
}


#===  FUNCTION  ================================================================
#         NAME:  read_configfile
#   PARAMETERS:  cfg_file - string -
#      RETURNS:  nothing
#  DESCRIPTION:  read cfg_file and set variables
#===============================================================================
sub read_configfile {
    my $cfg;
    if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
        if( -r $cfg_file ) {
            $cfg = Config::IniFiles->new( -file => $cfg_file );
        } else {
            print STDERR "Couldn't read config file!\n";
        }
    } else {
        $cfg = Config::IniFiles->new() ;
    }
    foreach my $section (keys %cfg_defaults) {
        foreach my $param (keys %{$cfg_defaults{ $section }}) {
            my $pinfo = $cfg_defaults{ $section }{ $param };
            ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
        }
    }
}


#===  FUNCTION  ================================================================
#         NAME:  logging
#   PARAMETERS:  level - string - default 'info'
#                msg - string -
#                facility - string - default 'LOG_DAEMON'
#      RETURNS:  nothing
#  DESCRIPTION:  function for logging
#===============================================================================
sub daemon_log {
    # log into log_file
    my( $msg, $level ) = @_;
    if(not defined $msg) { return }
    if(not defined $level) { $level = 1 }
    if(defined $log_file){
        open(LOG_HANDLE, ">>$log_file");
        if(not defined open( LOG_HANDLE, ">>$log_file" )) {
            print STDERR "cannot open $log_file: $!";
            return }
            chomp($msg);
            if($level <= $verbose){
                my ($seconds, $minutes, $hours, $monthday, $month,
                        $year, $weekday, $yearday, $sommertime) = localtime(time);
                $hours = $hours < 10 ? $hours = "0".$hours : $hours;
                $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
                $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
                my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
                $month = $monthnames[$month];
                $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
                $year+=1900;
                my $name = $prg;

                my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n";
                print LOG_HANDLE $log_msg;
                if( $foreground ) { 
                    print STDERR $log_msg;
                }
            }
        close( LOG_HANDLE );
    }
}


#===  FUNCTION  ================================================================
#         NAME:  check_cmdline_param
#   PARAMETERS:  nothing
#      RETURNS:  nothing
#  DESCRIPTION:  validates commandline parameter
#===============================================================================
sub check_cmdline_param () {
    my $err_config;
    my $err_counter = 0;
        if(not defined($cfg_file)) {
                $cfg_file = "/etc/gosa-si/server.conf";
                if(! -r $cfg_file) {
                        $err_config = "please specify a config file";
                        $err_counter += 1;
                }
    }
    if( $err_counter > 0 ) {
        &usage( "", 1 );
        if( defined( $err_config)) { print STDERR "$err_config\n"}
        print STDERR "\n";
        exit( -1 );
    }
}


#===  FUNCTION  ================================================================
#         NAME:  check_pid
#   PARAMETERS:  nothing
#      RETURNS:  nothing
#  DESCRIPTION:  handels pid processing
#===============================================================================
sub check_pid {
    $pid = -1;
    # Check, if we are already running
    if( open(LOCK_FILE, "<$pid_file") ) {
        $pid = <LOCK_FILE>;
        if( defined $pid ) {
            chomp( $pid );
            if( -f "/proc/$pid/stat" ) {
                my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/;
                if( $0 eq $stat ) {
                    close( LOCK_FILE );
                    exit -1;
                }
            }
        }
        close( LOCK_FILE );
        unlink( $pid_file );
    }

    # create a syslog msg if it is not to possible to open PID file
    if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) {
        my($msg) = "Couldn't obtain lockfile '$pid_file' ";
        if (open(LOCK_FILE, '<', $pid_file)
                && ($pid = <LOCK_FILE>))
        {
            chomp($pid);
            $msg .= "(PID $pid)\n";
        } else {
            $msg .= "(unable to read PID)\n";
        }
        if( ! ($foreground) ) {
            openlog( $0, "cons,pid", "daemon" );
            syslog( "warning", $msg );
            closelog();
        }
        else {
            print( STDERR " $msg " );
        }
        exit( -1 );
    }
}

#===  FUNCTION  ================================================================
#         NAME:  import_modules
#   PARAMETERS:  module_path - string - abs. path to the directory the modules 
#                are stored
#      RETURNS:  nothing
#  DESCRIPTION:  each file in module_path which ends with '.pm' and activation 
#                state is on is imported by "require 'file';"
#===============================================================================
sub import_modules {
    daemon_log(" ", 1);

    if (not -e $modules_path) {
        daemon_log("ERROR: cannot find directory or directory is not readable: $modules_path", 1);   
    }

    opendir (DIR, $modules_path) or die "ERROR while loading modules from directory $modules_path : $!\n";
    while (defined (my $file = readdir (DIR))) {
        if (not $file =~ /(\S*?).pm$/) {
            next;
        }
                my $mod_name = $1;

        if( $file =~ /ArpHandler.pm/ ) {
            if( $no_arp > 0 ) {
                next;
            }
        }
        
        eval { require $file; };
        if ($@) {
            daemon_log("ERROR: gosa-si-server could not load module $file", 1);
            daemon_log("$@", 5);
                } else {
                        my $info = eval($mod_name.'::get_module_info()');
                        # Only load module if get_module_info() returns a non-null object
                        if( $info ) {
                                my ($input_address, $input_key, $input, $input_active, $input_type) = @{$info};
                                $known_modules->{$mod_name} = $info;
                                daemon_log("INFO: module $mod_name loaded", 5);
                        }
                }
    }   
    close (DIR);
}


#===  FUNCTION  ================================================================
#         NAME:  sig_int_handler
#   PARAMETERS:  signal - string - signal arose from system
#      RETURNS:  noting
#  DESCRIPTION:  handels tasks to be done befor signal becomes active
#===============================================================================
sub sig_int_handler {
    my ($signal) = @_;

    daemon_log("shutting down gosa-si-server", 1);
    exit(1);
}
$SIG{INT} = \&sig_int_handler;



sub check_key_and_xml_validity {
    my ($crypted_msg, $module_key) = @_;
    my $msg;
    my $msg_hash;
    my $error_string;
    eval{
        $msg = &decrypt_msg($crypted_msg, $module_key);

        if ($msg =~ /<xml>/i){
            &main::daemon_log("decrypted_msg: \n$msg", 8);
            $msg_hash = $xml->XMLin($msg, ForceArray=>1);

            ##############
            # check header
            if( not exists $msg_hash->{'header'} ) { die "no header specified"; }
            my $header_l = $msg_hash->{'header'};
            if( 1 > @{$header_l} ) { die 'empty header tag'; }
            if( 1 < @{$header_l} ) { die 'more than one header specified'; }
            my $header = @{$header_l}[0];
            if( 0 == length $header) { die 'empty string in header tag'; }

            ##############
            # check source
            if( not exists $msg_hash->{'source'} ) { die "no source specified"; }
            my $source_l = $msg_hash->{'source'};
            if( 1 > @{$source_l} ) { die 'empty source tag'; }
            if( 1 < @{$source_l} ) { die 'more than one source specified'; }
            my $source = @{$source_l}[0];
            if( 0 == length $source) { die 'source error'; }

            ##############
            # check target
            if( not exists $msg_hash->{'target'} ) { die "no target specified"; }
            my $target_l = $msg_hash->{'target'};
            if( 1 > @{$target_l} ) { die 'empty target tag'; }
        }
    };
    if($@) {
        &main::daemon_log("WARNING: do not understand the message", 5);
        &main::daemon_log("$@", 8);
        $msg = undef;
        $msg_hash = undef;
    }

    return ($msg, $msg_hash);
}


sub check_outgoing_xml_validity {
    my ($msg) = @_;

    my $msg_hash;
    eval{
        $msg_hash = $xml->XMLin($msg, ForceArray=>1);

        ##############
        # check header
        my $header_l = $msg_hash->{'header'};
        if( 1 != @{$header_l} ) {
            die 'no or more than one headers specified';
        }
        my $header = @{$header_l}[0];
        if( 0 == length $header) {
            die 'header has length 0';
        }

        ##############
        # check source
        my $source_l = $msg_hash->{'source'};
        if( 1 != @{$source_l} ) {
            die 'no or more than 1 sources specified';
        }
        my $source = @{$source_l}[0];
        if( 0 == length $source) {
            die 'source has length 0';
        }
        unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
                $source =~ /^GOSA$/i ) {
            die "source '$source' is neither a complete ip-address with port nor 'GOSA'";
        }
        
        ##############
        # check target  
        my $target_l = $msg_hash->{'target'};
        if( 0 == @{$target_l} ) {
            die "no targets specified";
        }
        foreach my $target (@$target_l) {
            if( 0 == length $target) {
                die "target has length 0";
            }
            unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ||
                    $target =~ /^GOSA$/i ||
                    $target =~ /^\*$/ ||
                    $target =~ /KNOWN_SERVER/i ||
                    $target =~ /JOBDB/i ||
                    $target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ){
                die "target '$target' is not a complete ip-address with port or a valid target name or a mac-address";
            }
        }
    };
    if($@) {
        daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5);
        daemon_log("$@ ".(defined($msg) && length($msg)>0)?$msg:"Empty Message", 8);
        $msg_hash = undef;
    }

    return ($msg_hash);
}


sub input_from_known_server {
    my ($input, $remote_ip) = @_ ;  
    my ($msg, $msg_hash, $module);

    my $sql_statement= "SELECT * FROM known_server";
    my $query_res = $known_server_db->select_dbentry( $sql_statement ); 

    while( my ($hit_num, $hit) = each %{ $query_res } ) {    
        my $host_name = $hit->{hostname};
        if( not $host_name =~ "^$remote_ip") {
            next;
        }
        my $host_key = $hit->{hostkey};
        daemon_log("DEBUG: input_from_known_server: host_name: $host_name", 7);
        daemon_log("DEBUG: input_from_known_server: host_key: $host_key", 7);

        # check if module can open msg envelope with module key
        my ($tmp_msg, $tmp_msg_hash) = &check_key_and_xml_validity($input, $host_key);
        if( (!$tmp_msg) || (!$tmp_msg_hash) ) {
            daemon_log("DEBUG: input_from_known_server: deciphering raise error", 7);
            daemon_log("$@", 8);
            next;
        }
        else {
            $msg = $tmp_msg;
            $msg_hash = $tmp_msg_hash;
            $module = "SIPackages";
            last;
        }
    }

    if( (!$msg) || (!$msg_hash) || (!$module) ) {
        daemon_log("INFO: Incoming message is not from a known server", 5);
    }
  
    return ($msg, $msg_hash, $module);
}


sub input_from_known_client {
    my ($input, $remote_ip) = @_ ;  
    my ($msg, $msg_hash, $module);

    my $sql_statement= "SELECT * FROM known_clients";
    my $query_res = $known_clients_db->select_dbentry( $sql_statement ); 
    while( my ($hit_num, $hit) = each %{ $query_res } ) {    
        my $host_name = $hit->{hostname};
        if( not $host_name =~ /^$remote_ip:\d*$/) {
                next;
                }
        my $host_key = $hit->{hostkey};
        &daemon_log("DEBUG: input_from_known_client: host_name: $host_name", 7);
        &daemon_log("DEBUG: input_from_known_client: host_key: $host_key", 7);

        # check if module can open msg envelope with module key
        ($msg, $msg_hash) = &check_key_and_xml_validity($input, $host_key);

        if( (!$msg) || (!$msg_hash) ) {
            &daemon_log("DEGUG: input_from_known_client: deciphering raise error", 7);
            &daemon_log("$@", 8);
            next;
        }
        else {
            $module = "SIPackages";
            last;
        }
    }

    if( (!$msg) || (!$msg_hash) || (!$module) ) {
        &daemon_log("INFO: Incoming message is not from a known client", 5);
    }

    return ($msg, $msg_hash, $module);
}


sub input_from_unknown_host {
    no strict "refs";
    my ($input) = @_ ;
    my ($msg, $msg_hash, $module);
    my $error_string;
    
        my %act_modules = %$known_modules;

        while( my ($mod, $info) = each(%act_modules)) {

        # check a key exists for this module
        my $module_key = ${$mod."_key"};
        if( not defined $module_key ) {
            if( $mod eq 'ArpHandler' ) {
                next;
            }
            daemon_log("ERROR: no key specified in config file for $mod", 1);
            next;
        }
        daemon_log("DEBUG: $mod: $module_key", 7);

        # check if module can open msg envelope with module key
        ($msg, $msg_hash) = &check_key_and_xml_validity($input, $module_key);
        if( (not defined $msg) || (not defined $msg_hash) ) {
            next;
        }
        else {
            $module = $mod;
            last;
        }
    }

    if( (!$msg) || (!$msg_hash) || (!$module)) {
        daemon_log("INFO: Incoming message is not from an unknown host", 5);
    }

    return ($msg, $msg_hash, $module);
}


sub create_ciphering {
    my ($passwd) = @_;
        if((!defined($passwd)) || length($passwd)==0) {
                $passwd = "";
        }
    $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
    my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
    my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
    $my_cipher->set_iv($iv);
    return $my_cipher;
}


sub encrypt_msg {
    my ($msg, $key) = @_;
    my $my_cipher = &create_ciphering($key);
    my $len;
    {
            use bytes;
            $len= 16-length($msg)%16;
    }
    $msg = "\0"x($len).$msg;
    $msg = $my_cipher->encrypt($msg);
    chomp($msg = &encode_base64($msg));
    # there are no newlines allowed inside msg
    $msg=~ s/\n//g;
    return $msg;
}


sub decrypt_msg {

    my ($msg, $key) = @_ ;
    $msg = &decode_base64($msg);
    my $my_cipher = &create_ciphering($key);
    $msg = $my_cipher->decrypt($msg); 
    $msg =~ s/\0*//g;
    return $msg;
}


sub get_encrypt_key {
    my ($target) = @_ ;
    my $encrypt_key;
    my $error = 0;

    # target can be in known_server
    if( not defined $encrypt_key ) {
        my $sql_statement= "SELECT * FROM known_server WHERE hostname='$target'";
        my $query_res = $known_server_db->select_dbentry( $sql_statement ); 
        while( my ($hit_num, $hit) = each %{ $query_res } ) {    
            my $host_name = $hit->{hostname};
            if( $host_name ne $target ) {
                next;
            }
            $encrypt_key = $hit->{hostkey};
            last;
        }
    }

    # target can be in known_client
    if( not defined $encrypt_key ) {
        my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$target'";
        my $query_res = $known_clients_db->select_dbentry( $sql_statement ); 
        while( my ($hit_num, $hit) = each %{ $query_res } ) {    
            my $host_name = $hit->{hostname};
            if( $host_name ne $target ) {
                next;
            }
            $encrypt_key = $hit->{hostkey};
            last;
        }
    }

    return $encrypt_key;
}


#===  FUNCTION  ================================================================
#         NAME:  open_socket
#   PARAMETERS:  PeerAddr string something like 192.168.1.1 or 192.168.1.1:10000
#                [PeerPort] string necessary if port not appended by PeerAddr
#      RETURNS:  socket IO::Socket::INET
#  DESCRIPTION:  open a socket to PeerAddr
#===============================================================================
sub open_socket {
    my ($PeerAddr, $PeerPort) = @_ ;
    if(defined($PeerPort)){
        $PeerAddr = $PeerAddr.":".$PeerPort;
    }
    my $socket;
    $socket = new IO::Socket::INET(PeerAddr => $PeerAddr,
            Porto => "tcp",
            Type => SOCK_STREAM,
            Timeout => 5,
            );
    if(not defined $socket) {
        return;
    }
#    &daemon_log("DEBUG: open_socket: $PeerAddr", 7);
    return $socket;
}


#===  FUNCTION  ================================================================
#         NAME:  get_ip 
#   PARAMETERS:  interface name (i.e. eth0)
#      RETURNS:  (ip address) 
#  DESCRIPTION:  Uses ioctl to get ip address directly from system.
#===============================================================================
sub get_ip {
        my $ifreq= shift;
        my $result= "";
        my $SIOCGIFADDR= 0x8915;       # man 2 ioctl_list
        my $proto= getprotobyname('ip');

        socket SOCKET, PF_INET, SOCK_DGRAM, $proto
                or die "socket: $!";

        if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
                my ($if, $sin)    = unpack 'a16 a16', $ifreq;
                my ($port, $addr) = sockaddr_in $sin;
                my $ip            = inet_ntoa $addr;

                if ($ip && length($ip) > 0) {
                        $result = $ip;
                }
        }

        return $result;
}

sub get_local_ip_for_remote_ip {
        my $remote_ip= shift;
        my $result="0.0.0.0";

        if($remote_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
                if($remote_ip eq "127.0.0.1") {
                        $result = "127.0.0.1";
                } else {
                        my $PROC_NET_ROUTE= ('/proc/net/route');

                        open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
                                or die "Could not open $PROC_NET_ROUTE";

                        my @ifs = <PROC_NET_ROUTE>;

                        close(PROC_NET_ROUTE);

                        # Eat header line
                        shift @ifs;
                        chomp @ifs;
                        foreach my $line(@ifs) {
                                my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
                                my $destination;
                                my $mask;
                                my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
                                $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
                                ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
                                $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
                                if(new NetAddr::IP($remote_ip)->within(new NetAddr::IP($destination, $mask))) {
                                        # destination matches route, save mac and exit
                                        $result= &get_ip($Iface);
                                        last;
                                }
                        }
                }
        } else {
                daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $remote_ip", 1);
        }
        return $result;
}

sub send_msg_to_target {
    my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
    my $error = 0;
    my $header;
    my $new_status;
    my $act_status;
    my ($sql_statement, $res);
  
    if( $msg_header ) {
        $header = "'$msg_header'-";
    }
    else {
        $header = "";
    }

        # Patch the source ip
        if($msg =~ /<source>0\.0\.0\.0:\d*?<\/source>/) {
                my $remote_ip = &get_local_ip_for_remote_ip(sprintf("%s", $address =~ /^([0-9\.]*?):.*$/));
                $msg =~ s/<source>(0\.0\.0\.0):(\d*?)<\/source>/<source>$remote_ip:$2<\/source>/s;
        }

    # encrypt xml msg
    my $crypted_msg = &encrypt_msg($msg, $encrypt_key);

    # opensocket
    my $socket = &open_socket($address);
    if( !$socket ) {
        daemon_log("ERROR: cannot send ".$header."msg to $address , host not reachable", 1);
        $error++;
    }
    
    if( $error == 0 ) {
        # send xml msg
        print $socket $crypted_msg."\n";

        daemon_log("INFO: send ".$header."msg to $address", 5);
        daemon_log("message:\n$msg", 8);
        
    }

    # close socket in any case
    if( $socket ) {
        close $socket;
    }

    if( $error > 0 ) { $new_status = "down"; }
    else { $new_status = $msg_header; }


    # known_clients
    $sql_statement = "SELECT * FROM known_clients WHERE hostname='$address'";
    $res = $known_clients_db->select_dbentry($sql_statement);
    if( keys(%$res) > 0) {
        $act_status = $res->{1}->{'status'};
        if( $act_status eq "down" ) {
            $sql_statement = "DELETE FROM known_clients WHERE hostname='$address'";
            $res = $known_clients_db->del_dbentry($sql_statement);
            daemon_log("WARNING: failed 2x to send msg to host '$address', delete host from known_clients", 3);
        } 
        else { 
            $sql_statement = "UPDATE known_clients SET status='$new_status' WHERE hostname='$address'";
            $res = $known_clients_db->update_dbentry($sql_statement);
            if($new_status eq "down"){
                daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3);
            }
            else {
                daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5);
            }
        }
    }

    # known_server
    $sql_statement = "SELECT * FROM known_server WHERE hostname='$address'";
    $res = $known_server_db->select_dbentry($sql_statement);
    if( keys(%$res) > 0 ) {
        $act_status = $res->{1}->{'status'};
        if( $act_status eq "down" ) {
            $sql_statement = "DELETE FROM known_server WHERE hostname='$address'";
            $res = $known_server_db->del_dbentry($sql_statement);
            daemon_log("WARNING: failed 2x to a send msg to host '$address', delete host from known_server", 3);
        } 
        else { 
            $sql_statement = "UPDATE known_server SET status='$new_status' WHERE hostname='$address'";
            $res = $known_server_db->update_dbentry($sql_statement);
            if($new_status eq "down"){
                daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3);
            }
            else {
                daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5);
            }
        }
    }
    return $error; 
}


sub _start {
    my ($kernel) = $_[KERNEL];
    &trigger_db_loop($kernel);
}


sub client_input {
    no strict "refs";
    my ($kernel, $session, $heap,$input,$wheel) = @_[KERNEL, SESSION, HEAP, ARG0, ARG1];
    my $session_id = $session->ID;
    my ($msg, $msg_hash, $module);
    my $error = 0;
    my $answer_l;
    my ($answer_header, @answer_target_l, $answer_source);
    my $client_answer;

    daemon_log("INFO: Incoming msg from '".$heap->{'remote_ip'}."'", 5);
    daemon_log("DEBUG: Incoming message:\n$input", 8);

    ####################
    # check incoming msg
    # msg is from a new client or gosa
    ($msg, $msg_hash, $module) = &input_from_unknown_host($input);
    # msg is from a gosa-si-server or gosa-si-bus
    if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
        ($msg, $msg_hash, $module) = &input_from_known_server($input, $heap->{'remote_ip'});
    }
    # msg is from a gosa-si-client
    if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
        ($msg, $msg_hash, $module) = &input_from_known_client($input, $heap->{'remote_ip'});
    }
    # an error occurred
    if(( !$msg ) || ( !$msg_hash ) || ( !$module )){
        $error++;
    }

    ######################
    # process incoming msg
    if( $error == 0) {
        daemon_log("DEBUG: Processing module ".$module, 7);
        $answer_l = &{ $module."::process_incoming_msg" }($msg, $msg_hash, $session_id);

        if ( 0 > @{$answer_l} ) {
            my $answer_str = join("\n", @{$answer_l});
            daemon_log("DEGUB: $module: Got answer from module: \n".$answer_str,8);
        }
    }
    if( !$answer_l ) { $error++ };

    ########
    # answer
    if( $error == 0 ) {

        foreach my $answer ( @{$answer_l} ) {
            # for each answer in answer list
            
            # check outgoing msg to xml validity
            my $answer_hash = &check_outgoing_xml_validity($answer);
            if( not defined $answer_hash ) {
                next;
            }
            
            $answer_header = @{$answer_hash->{'header'}}[0];
            @answer_target_l = @{$answer_hash->{'target'}};
            $answer_source = @{$answer_hash->{'source'}}[0];

            # deliver msg to all targets 
            foreach my $answer_target ( @answer_target_l ) {

                # targets of msg are all gosa-si-clients in known_clients_db
                if( $answer_target eq "*" ) {
                    # answer is for all clients
                    my $sql_statement= "SELECT * FROM known_clients";
                    my $query_res = $known_clients_db->select_dbentry( $sql_statement ); 
                    while( my ($hit_num, $hit) = each %{ $query_res } ) {    
                        my $host_name = $hit->{hostname};
                        my $host_key = $hit->{hostkey};
                        &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
                    }
                }

                # targets of msg are all gosa-si-server in known_server_db
                elsif( $answer_target eq "KNOWN_SERVER" ) {
                    # answer is for all server in known_server
                    my $sql_statement= "SELECT * FROM known_server";
                    my $query_res = $known_server_db->select_dbentry( $sql_statement ); 
                    while( my ($hit_num, $hit) = each %{ $query_res } ) {    
                        my $host_name = $hit->{hostname};
                        my $host_key = $hit->{hostkey};
                        $answer =~ s/KNOWN_SERVER/$host_name/g;
                        &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
                    }
                }

                # target of msg is GOsa
                elsif( $answer_target eq "GOSA" ) {
                    $answer =~ /<session_id>(\d+)<\/session_id>/;
                    my $session_id = $1;
                    my $add_on = "";
                    if( defined $session_id ) {
                        $add_on = ".session_id=$session_id";
                    }
                    # answer is for GOSA and has to returned to connected client
                    my $gosa_answer = &encrypt_msg($answer, $GosaPackages_key);
                    $client_answer = $gosa_answer.$add_on;
                }

                # target of msg is job queue at this host
                elsif( $answer_target eq "JOBDB") {
                    $answer =~ /<header>(\S+)<\/header>/;   
                    my $header;
                    if( defined $1 ) { $header = $1; }
                    &send_msg_to_target($answer, $server_address, $GosaPackages_key, $header);
                }

                # target of msg is a mac address
                elsif( $answer_target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ) {
                    daemon_log("target is mac address '$answer_target', looking for host in known_clients", 3);
                    my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$answer_target'";
                    my $query_res = $known_clients_db->select_dbentry( $sql_statement );
                    my $found_ip_flag = 0;
                    while( my ($hit_num, $hit) = each %{ $query_res } ) {    
                        my $host_name = $hit->{hostname};
                        my $host_key = $hit->{hostkey};
                        $answer =~ s/$answer_target/$host_name/g;
                        daemon_log("found host '$host_name', associated to '$answer_target'", 3);
                        &send_msg_to_target($answer, $host_name, $host_key, $answer_header);
                        $found_ip_flag++ ;
                    }   
                    if( $found_ip_flag == 0) {
                        daemon_log("WARNING: no host found in known_clients with mac address '$answer_target'", 3);
                        if( $bus_activ eq "true" ) { 
                            daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5);
                            my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'";
                            my $query_res = $known_server_db->select_dbentry( $sql_statement );
                            while( my ($hit_num, $hit) = each %{ $query_res } ) {    
                                my $bus_address = $hit->{hostname};
                                my $bus_key = $hit->{hostkey};
                                &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header);
                                last;
                            }
                        }

                    }

                #  answer is for one specific host   
                } else {
                    # get encrypt_key
                    my $encrypt_key = &get_encrypt_key($answer_target);
                    if( not defined $encrypt_key ) {
                        # unknown target, forward msg to bus
                        daemon_log("WARNING: unknown target '$answer_target'", 3);
                        if( $bus_activ eq "true" ) { 
                            daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5);
                            my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'";
                            my $query_res = $known_server_db->select_dbentry( $sql_statement );
                            my $res_length = keys( %{$query_res} );
                            if( $res_length == 0 ){
                                daemon_log("WARNING: send '$answer_header' to '$bus_address' failed, no bus found in known_server", 3);
                            }
                            else {
                                while( my ($hit_num, $hit) = each %{ $query_res } ) {    
                                    my $bus_key = $hit->{hostkey};
                                    &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header);
                                }
                            }
                        }
                        next;
                    }
                    # send_msg
                    &send_msg_to_target($answer, $answer_target, $encrypt_key, $answer_header);
                }
            }
        }
    }

    if( $client_answer ) {
        if( $client_answer =~ s/session_id=(\d+)$// ) {
            my $session_id = $1;
            if( defined $session_id ) {
                my $session_reference = $kernel->ID_id_to_session($session_id);
                $heap = $session_reference->get_heap();
            }     
        }
        $heap->{client}->put($client_answer);
    }

    return;
}



sub trigger_db_loop {
#       my ($kernel) = $_[KERNEL];
        my ($kernel) = @_ ;
        $kernel->delay_set('watch_for_new_jobs', $job_queue_loop_delay);
}


sub watch_for_new_jobs {
        my ($kernel,$heap) = @_[KERNEL, HEAP];

        # check gosa job queue for jobs with executable timestamp
    my $timestamp = &get_time();
    my $sql_statement = "SELECT * FROM ".$job_queue_table_name.
        " WHERE status='waiting' AND timestamp<'$timestamp'";
        my $res = $job_db->select_dbentry( $sql_statement );

        while( my ($id, $hit) = each %{$res} ) {         
                my $jobdb_id = $hit->{id};
                my $macaddress = $hit->{'macaddress'};
        my $job_msg = $hit->{'xmlmessage'};
        my $header = $hit->{'headertag'};
        my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$macaddress'";
                my $res_hash = $known_clients_db->select_dbentry( $sql_statement );
                # expect macaddress is unique!!!!!!
                my $target = $res_hash->{1}->{hostname};

                if (not defined $target) {
                        &daemon_log("ERROR: no host found for mac address: $macaddress", 1);
                        &daemon_log("$hit->{xmlmessage}", 8);
            my $sql_statement = "UPDATE $job_queue_table_name ".
                "SET status='error', result='no host found for mac address' ".
                "WHERE id='$jobdb_id'";
                        my $res = $job_db->update_dbentry($sql_statement);
                        next;
                }

                # change header
        $job_msg =~ s/<header>job_/<header>gosa_/;

                # add sqlite_id 
        $job_msg =~ s/<\/xml>$/<jobdb_id>$jobdb_id<\/jobdb_id><\/xml>/;

                my $func_error = &send_msg_to_target($job_msg, $server_address, $GosaPackages_key, $header);
    }

        $kernel->delay_set('watch_for_new_jobs',3);
}


#==== MAIN = main ==============================================================
#  parse commandline options
Getopt::Long::Configure( "bundling" );
GetOptions("h|help" => \&usage,
        "c|config=s" => \$cfg_file,
        "f|foreground" => \$foreground,
        "v|verbose+" => \$verbose,
        "no-bus+" => \$no_bus,
        "no-arp+" => \$no_arp,
           );

#  read and set config parameters
&check_cmdline_param ;
&read_configfile;
&check_pid;

$SIG{CHLD} = 'IGNORE';

# forward error messages to logfile
if( ! $foreground ) {
    open(STDERR, '>>', $log_file);
    open(STDOUT, '>>', $log_file);
}

# Just fork, if we are not in foreground mode
if( ! $foreground ) { 
    chdir '/'                 or die "Can't chdir to /: $!";
    $pid = fork;
    setsid                    or die "Can't start a new session: $!";
    umask 0;
} else { 
    $pid = $$; 
}

# Do something useful - put our PID into the pid_file
if( 0 != $pid ) {
    open( LOCK_FILE, ">$pid_file" );
    print LOCK_FILE "$pid\n";
    close( LOCK_FILE );
    if( !$foreground ) { 
        exit( 0 ) 
    };
}

daemon_log(" ", 1);
daemon_log("$0 started!", 1);

if ($no_bus > 0) {
    $bus_activ = "false"
}



# delete old DBsqlite lock files
#unlink('/tmp/gosa_si_lock*');

# connect to gosa-si job queue
my @job_col_names = ("id INTEGER", "timestamp", "status", "result", "progress", "headertag", "targettag", "xmlmessage", "macaddress");
$job_db = GOSA::DBsqlite->new($job_queue_file_name);
$job_db->create_table('jobs', \@job_col_names);

# connect to known_clients_db
my @clients_col_names = ('hostname', 'status', 'hostkey', 'timestamp', 'macaddress', 'events', 'login');
$known_clients_db = GOSA::DBsqlite->new($known_clients_file_name);
$known_clients_db->create_table('known_clients', \@clients_col_names);

# connect to known_server_db
my @server_col_names = ('hostname', 'status', 'hostkey', 'timestamp');
$known_server_db = GOSA::DBsqlite->new($known_server_file_name);
$known_server_db->create_table('known_server', \@server_col_names);

# create xml object used for en/decrypting
$xml = new XML::Simple();

# create socket for incoming xml messages
POE::Component::Server::TCP->new(
        Port => $server_port,
        ClientInput => \&client_input,
);
daemon_log("start socket for incoming xml messages at port '$server_port' ", 1);

# create session for repeatedly checking the job queue for jobs
POE::Session->create(
        inline_states => {
                _start => \&_start,
                watch_for_new_jobs => \&watch_for_new_jobs,
        }
);


# import all modules
&import_modules;

# check wether all modules are gosa-si valid passwd check

POE::Kernel->run();
exit;