1 package ClientPackages;
3 use Exporter;
4 @ISA = ("Exporter");
6 # Each module has to have a function 'process_incoming_msg'. This function works as a interface to gosa-sd and receives the msg hash from gosa-sd. 'process_incoming_function checks, wether it has a function to process the incoming msg and forward the msg to it.
8 use strict;
9 use warnings;
10 use GOSA::GosaSupportDaemon;
11 use IO::Socket::INET;
12 use XML::Simple;
13 use Data::Dumper;
14 use NetAddr::IP;
15 use Net::LDAP;
16 use Net::LDAP::Util;
17 use Socket;
18 use Net::hostent;
20 my $event_dir = "/usr/lib/gosa-si/server/ClientPackages";
21 use lib "/usr/lib/gosa-si/server/ClientPackages";
23 BEGIN{}
24 END {}
26 my ($server_ip, $server_port, $ClientPackages_key, $max_clients, $ldap_uri, $ldap_base, $ldap_admin_dn, $ldap_admin_password, $server_interface);
27 my $server;
28 my $network_interface;
29 my (@ldap_cfg, @pam_cfg, @nss_cfg, $goto_admin, $goto_secret);
30 my $mesg;
32 my %cfg_defaults = (
33 "server" => {
34 "ip" => [\$server_ip, "0.0.0.0"],
35 "mac-address" => [\$main::server_mac_address, "00:00:00:00:00"],
36 "port" => [\$server_port, "20081"],
37 "ldap-uri" => [\$ldap_uri, ""],
38 "ldap-base" => [\$ldap_base, ""],
39 "ldap-admin-dn" => [\$ldap_admin_dn, ""],
40 "ldap-admin-password" => [\$ldap_admin_password, ""],
41 "max-clients" => [\$max_clients, 100],
42 },
43 "ClientPackages" => {
44 "key" => [\$ClientPackages_key, ""],
45 },
46 );
48 ### START #####################################################################
50 # read configfile and import variables
51 &local_read_configfile();
54 # if server_ip is not an ip address but a name
55 if( inet_aton($server_ip) ){ $server_ip = inet_ntoa(inet_aton($server_ip)); }
56 $network_interface= &get_interface_for_ip($server_ip);
57 $main::server_mac_address= &get_mac($network_interface);
60 # import local events
61 my ($error, $result, $event_hash) = &import_events($event_dir);
63 foreach my $log_line (@$result) {
64 if ($log_line =~ / succeed: /) {
65 &main::daemon_log("0 INFO: ClientPackages - $log_line", 5);
66 } else {
67 &main::daemon_log("0 ERROR: ClientPackages - $log_line", 1);
68 }
69 }
70 # build vice versa event_hash, event_name => module
71 my $event2module_hash = {};
72 while (my ($module, $mod_events) = each %$event_hash) {
73 while (my ($event_name, $nothing) = each %$mod_events) {
74 $event2module_hash->{$event_name} = $module;
75 }
77 }
79 # Unit tag can be defined in config
80 if((not defined($main::gosa_unit_tag)) || length($main::gosa_unit_tag) == 0) {
81 # Read gosaUnitTag from LDAP
83 my $ldap_handle = &main::get_ldap_handle();
84 if( defined($ldap_handle) ) {
85 &main::daemon_log("0 INFO: Searching for servers gosaUnitTag with mac address $main::server_mac_address",5);
86 # Perform search for Unit Tag
87 $mesg = $ldap_handle->search(
88 base => $ldap_base,
89 scope => 'sub',
90 attrs => ['gosaUnitTag'],
91 filter => "(macaddress=$main::server_mac_address)"
92 );
94 if ((! $main::server_mac_address eq "00:00:00:00:00:00") and $mesg->count == 1) {
95 my $entry= $mesg->entry(0);
96 my $unit_tag= $entry->get_value("gosaUnitTag");
97 $main::ldap_server_dn= $mesg->entry(0)->dn;
98 if(defined($unit_tag) && length($unit_tag) > 0) {
99 &main::daemon_log("0 INFO: Detected gosaUnitTag $unit_tag for creating entries", 5);
100 $main::gosa_unit_tag= $unit_tag;
101 }
102 } else {
103 # Perform another search for Unit Tag
104 my $hostname= `hostname -f`;
105 chomp($hostname);
106 &main::daemon_log("0 INFO: Searching for servers gosaUnitTag with hostname $hostname",5);
107 $mesg = $ldap_handle->search(
108 base => $ldap_base,
109 scope => 'sub',
110 attrs => ['gosaUnitTag'],
111 filter => "(&(cn=$hostname)(objectClass=goServer))"
112 );
113 if ($mesg->count == 1) {
114 my $entry= $mesg->entry(0);
115 my $unit_tag= $entry->get_value("gosaUnitTag");
116 $main::ldap_server_dn= $mesg->entry(0)->dn;
117 if(defined($unit_tag) && length($unit_tag) > 0) {
118 &main::daemon_log("0 INFO: Detected gosaUnitTag $unit_tag for creating entries", 5);
119 $main::gosa_unit_tag= $unit_tag;
120 }
121 } else {
122 # Perform another search for Unit Tag
123 $hostname= `hostname -s`;
124 chomp($hostname);
125 &main::daemon_log("0 INFO: Searching for servers gosaUnitTag with hostname $hostname",5);
126 $mesg = $ldap_handle->search(
127 base => $ldap_base,
128 scope => 'sub',
129 attrs => ['gosaUnitTag'],
130 filter => "(&(cn=$hostname)(objectClass=goServer))"
131 );
132 if ($mesg->count == 1) {
133 my $entry= $mesg->entry(0);
134 my $unit_tag= $entry->get_value("gosaUnitTag");
135 $main::ldap_server_dn= $mesg->entry(0)->dn;
136 if(defined($unit_tag) && length($unit_tag) > 0) {
137 &main::daemon_log("INFO: Detected gosaUnitTag $unit_tag for creating entries", 5);
138 $main::gosa_unit_tag= $unit_tag;
139 }
140 } else {
141 &main::daemon_log("0 WARNING: No gosaUnitTag detected. Not using gosaUnitTag", 3);
142 }
143 }
144 }
145 } else {
146 &main::daemon_log("0 INFO: Using gosaUnitTag from config-file: $main::gosa_unit_tag",5);
147 }
148 &main::release_ldap_handle($ldap_handle);
149 }
152 my $server_address = "$server_ip:$server_port";
153 $main::server_address = $server_address;
155 {
156 # Check if ou=incoming exists
157 # TODO: This should be transferred to a module init-function
158 my $ldap_handle = &main::get_ldap_handle();
159 if( defined($ldap_handle) ) {
160 &main::daemon_log("0 INFO: Searching for ou=incoming container for new clients", 5);
161 # Perform search
162 my $mesg = $ldap_handle->search(
163 base => $ldap_base,
164 scope => 'one',
165 filter => "(&(ou=incoming)(objectClass=organizationalUnit))"
166 );
167 if(not defined($mesg->count) or $mesg->count == 0) {
168 my $incomingou = Net::LDAP::Entry->new();
169 $incomingou->dn('ou=incoming,'.$ldap_base);
170 $incomingou->add('objectClass' => 'organizationalUnit');
171 $incomingou->add('ou' => 'incoming');
172 my $result = $incomingou->update($ldap_handle);
173 if($result->code != 0) {
174 &main::daemon_log("0 ERROR: Problem adding ou=incoming: '".$result->error()."'!", 1);
175 }
176 }
177 }
178 &main::release_ldap_handle($ldap_handle);
179 }
182 ### functions #################################################################
185 sub get_module_info {
186 my @info = ($server_address,
187 $ClientPackages_key,
188 $event_hash,
189 );
190 return \@info;
191 }
194 #=== FUNCTION ================================================================
195 # NAME: local_read_configfile
196 # PARAMETERS: cfg_file - string -
197 # RETURNS: nothing
198 # DESCRIPTION: read cfg_file and set variables
199 #===============================================================================
200 sub local_read_configfile {
201 my $cfg;
202 if( defined( $main::cfg_file) && ( (-s $main::cfg_file) > 0 )) {
203 if( -r $main::cfg_file ) {
204 $cfg = Config::IniFiles->new( -file => $main::cfg_file );
205 } else {
206 print STDERR "Couldn't read config file!";
207 }
208 } else {
209 $cfg = Config::IniFiles->new() ;
210 }
211 foreach my $section (keys %cfg_defaults) {
212 foreach my $param (keys %{$cfg_defaults{ $section }}) {
213 my $pinfo = $cfg_defaults{ $section }{ $param };
214 ${@$pinfo[0]} = $cfg->val( $section, $param, @$pinfo[1] );
215 }
216 }
218 # Read non predefined sections
219 my $param;
220 if ($cfg->SectionExists('ldap')){
221 foreach $param ($cfg->Parameters('ldap')){
222 push (@ldap_cfg, "$param ".$cfg->val('ldap', $param));
223 }
224 }
225 if ($cfg->SectionExists('pam_ldap')){
226 foreach $param ($cfg->Parameters('pam_ldap')){
227 push (@pam_cfg, "$param ".$cfg->val('pam_ldap', $param));
228 }
229 }
230 if ($cfg->SectionExists('nss_ldap')){
231 foreach $param ($cfg->Parameters('nss_ldap')){
232 push (@nss_cfg, "$param ".$cfg->val('nss_ldap', $param));
233 }
234 }
235 if ($cfg->SectionExists('goto')){
236 $goto_admin= $cfg->val('goto', 'terminal_admin');
237 $goto_secret= $cfg->val('goto', 'terminal_secret');
238 } else {
239 $goto_admin= undef;
240 $goto_secret= undef;
241 }
243 }
246 #=== FUNCTION ================================================================
247 # NAME: get_mac
248 # PARAMETERS: interface name (i.e. eth0)
249 # RETURNS: (mac address)
250 # DESCRIPTION: Uses ioctl to get mac address directly from system.
251 #===============================================================================
252 sub get_mac {
253 my $ifreq= shift;
254 my $result;
255 if ($ifreq && length($ifreq) > 0) {
256 if($ifreq eq "all") {
257 $result = "00:00:00:00:00:00";
258 } else {
259 my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list
261 # A configured MAC Address should always override a guessed value
262 if ($main::server_mac_address and length($main::server_mac_address) > 0) {
263 $result= $main::server_mac_address;
264 }
266 socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
267 or die "socket: $!";
269 if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
270 my ($if, $mac)= unpack 'h36 H12', $ifreq;
272 if (length($mac) > 0) {
273 $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
274 $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
275 $result = $mac;
276 }
277 }
278 }
279 }
280 return $result;
281 }
284 #=== FUNCTION ================================================================
285 # NAME: process_incoming_msg
286 # PARAMETERS: crypted_msg - string - incoming crypted message
287 # RETURNS: nothing
288 # DESCRIPTION: handels the proceeded distribution to the appropriated functions
289 #===============================================================================
290 sub process_incoming_msg {
291 my ($msg, $msg_hash, $session_id) = @_ ;
292 my $error = 0;
293 my $host_name;
294 my $host_key;
295 my @out_msg_l = ("nohandler");
296 my $sql_events;
298 # process incoming msg
299 my $header = @{$msg_hash->{header}}[0];
300 my $source = @{$msg_hash->{source}}[0];
301 my @target_l = @{$msg_hash->{target}};
303 # skip PREFIX
304 $header =~ s/^CLMSG_//;
306 &main::daemon_log("$session_id DEBUG: ClientPackages: msg to process: $header", 26);
308 if( 0 == length @target_l){
309 &main::daemon_log("$session_id ERROR: no target specified for msg $header", 1);
310 $error++;
311 } elsif( 1 == length @target_l) {
312 my $target = $target_l[0];
313 if(&server_matches($target, $session_id)) {
314 if ($header eq 'new_key') {
315 @out_msg_l = &new_key($msg_hash)
316 } elsif ($header eq 'here_i_am') {
317 @out_msg_l = &here_i_am($msg, $msg_hash, $session_id)
318 } else {
319 # a event exists with the header as name
320 if( exists $event2module_hash->{$header} ) {
321 &main::daemon_log("$session_id DEBUG: found event '$header' at event-module '".$event2module_hash->{$header}."'", 26);
322 no strict 'refs';
323 @out_msg_l = &{$event2module_hash->{$header}."::$header"}($msg, $msg_hash, $session_id);
325 # if no event handler is implemented
326 } else {
327 $sql_events = "SELECT * FROM $main::known_clients_tn WHERE ( (macaddress LIKE '$source') OR (hostname='$source') )";
328 my $res = $main::known_clients_db->select_dbentry( $sql_events );
329 my $l = keys(%$res);
331 # set error if no or more than 1 hits are found for sql query
332 if ( $l != 1) {
333 @out_msg_l = ('knownclienterror');
335 # found exact 1 hit in db
336 } else {
337 my $client_events = $res->{'1'}->{'events'};
339 # client is registered for this event, deliver this message to client
340 $header =~ s/^answer_//;
341 if ($client_events =~ /,$header,/) {
342 # answer message finally arrived destination server, so forward messages to GOsa
343 if ($target eq $main::server_address) {
344 $msg =~ s/<header>answer_/<header>/;
345 $msg =~ s/<target>\S+<\/target>/<target>GOSA<\/target>/;
346 }
347 @out_msg_l = ( $msg );
349 # client is not registered for this event, set error
350 } else {
351 @out_msg_l = ('noeventerror');
352 }
353 }
354 }
355 }
357 # if delivery not possible raise error and return
358 if( not defined $out_msg_l[0] ) {
359 @out_msg_l = ();
360 } elsif( $out_msg_l[0] eq 'nohandler') {
361 &main::daemon_log("$session_id ERROR: ClientPackages: no event handler or core function defined for '$header'", 1);
362 @out_msg_l = ();
363 } elsif ($out_msg_l[0] eq 'knownclienterror') {
364 &main::daemon_log("$session_id ERROR: no or more than 1 hits are found at known_clients_db with sql query: '$sql_events'", 1);
365 &main::daemon_log("$session_id ERROR: processing is aborted and message will not be forwarded", 1);
366 @out_msg_l = ();
367 } elsif ($out_msg_l[0] eq 'noeventerror') {
368 &main::daemon_log("$session_id ERROR: client '$target' is not registered for event '$header', processing is aborted", 1);
369 @out_msg_l = ();
370 }
371 } else {
372 &main::daemon_log("DEBUG: msg is not for gosa-si-server '$server_address', deliver it to target '$target'", 26);
373 push(@out_msg_l, $msg);
374 }
375 }
377 return \@out_msg_l;
378 }
381 #=== FUNCTION ================================================================
382 # NAME: new_passwd
383 # PARAMETERS: msg_hash - ref - hash from function create_xml_hash
384 # RETURNS: nothing
385 # DESCRIPTION: process this incoming message
386 #===============================================================================
387 sub new_key {
388 my ($msg_hash) = @_;
389 my @out_msg_l;
391 my $header = @{$msg_hash->{header}}[0];
392 my $source_name = @{$msg_hash->{source}}[0];
393 my $source_key = @{$msg_hash->{new_key}}[0];
394 my $query_res;
396 # check known_clients_db
397 my $sql_statement = "SELECT * FROM known_clients WHERE hostname='$source_name'";
398 $query_res = $main::known_clients_db->select_dbentry( $sql_statement );
399 if( 1 == keys %{$query_res} ) {
400 my $act_time = &get_time;
401 my $sql_statement= "UPDATE known_clients ".
402 "SET hostkey='$source_key', timestamp='$act_time' ".
403 "WHERE hostname='$source_name'";
404 my $res = $main::known_clients_db->update_dbentry( $sql_statement );
405 my $hash = &create_xml_hash("confirm_new_key", $server_address, $source_name);
406 my $out_msg = &create_xml_string($hash);
407 push(@out_msg_l, $out_msg);
408 }
410 # only do if host still not found
411 if( 0 == @out_msg_l ) {
412 # check known_server_db
413 $sql_statement = "SELECT * FROM known_server WHERE hostname='$source_name'";
414 $query_res = $main::known_server_db->select_dbentry( $sql_statement );
415 if( 1 == keys %{$query_res} ) {
416 my $act_time = &get_time;
417 my $sql_statement= "UPDATE known_server ".
418 "SET hostkey='$source_key', timestamp='$act_time' ".
419 "WHERE hostname='$source_name'";
420 my $res = $main::known_server_db->update_dbentry( $sql_statement );
422 my $hash = &create_xml_hash("confirm_new_key", $server_address, $source_name);
423 my $out_msg = &create_xml_string($hash);
424 push(@out_msg_l, $out_msg);
425 }
426 }
428 return @out_msg_l;
429 }
432 #=== FUNCTION ================================================================
433 # NAME: here_i_am
434 # PARAMETERS: msg_hash - hash - hash from function create_xml_hash
435 # RETURNS: nothing
436 # DESCRIPTION: process this incoming message
437 #===============================================================================
438 sub here_i_am {
439 my ($msg, $msg_hash, $session_id) = @_;
440 my @out_msg_l;
441 my $out_hash;
442 my $source = @{$msg_hash->{source}}[0];
443 my $mac_address = @{$msg_hash->{mac_address}}[0];
444 my $gotoHardwareChecksum = @{$msg_hash->{gotoHardwareChecksum}}[0];
445 my $client_status = @{$msg_hash->{client_status}}[0];
446 my $client_revision = @{$msg_hash->{client_revision}}[0];
447 my $key_lifetime = @{$msg_hash->{key_lifetime}}[0];
449 # Move forced hostname to heap - if used
450 #FIXME: move to some global POE namespace - please
451 if ( defined($msg_hash->{'force-hostname'}[0]) &&
452 length($msg_hash->{'force-hostname'}[0]) > 0){
453 # $heap->{force-hostname}->{$mac_address}= $msg_hash->{'force-hostname'}[0];
454 open (TFILE, ">/var/tmp/$mac_address");
455 print TFILE $msg_hash->{'force-hostname'}[0];
456 close (TFILE);
457 } else {
458 # $heap->{force-hostname}->{$mac_address}= undef;
459 if ( -e "/var/tmp/$mac_address") {
460 unlink("/var/tmp/$mac_address")
461 };
462 }
464 # number of known clients
465 my $nu_clients= $main::known_clients_db->count_dbentries('known_clients');
467 # check wether client address or mac address is already known
468 my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$source'";
469 my $db_res= $main::known_clients_db->select_dbentry( $sql_statement );
471 if ( 1 == keys %{$db_res} ) {
472 &main::daemon_log("$session_id WARNING: $source is already known as a client", 3);
473 &main::daemon_log("$session_id WARNING: values for $source are being overwritten", 3);
474 $nu_clients --;
475 }
477 # number of current active clients
478 my $act_nu_clients = $nu_clients;
480 &main::daemon_log("$session_id DEBUG: number of current active clients: $act_nu_clients", 26);
481 &main::daemon_log("$session_id DEBUG: number of maximal allowed clients: $max_clients", 26);
483 if($max_clients <= $act_nu_clients) {
484 my $out_hash = &create_xml_hash("denied", $server_address, $source);
485 &add_content2xml_hash($out_hash, "denied", "I_cannot_take_any_more_clients!");
486 my $passwd = @{$msg_hash->{new_passwd}}[0];
487 &send_msg_hash2address($out_hash, $source, $passwd);
488 return;
489 }
491 # new client accepted
492 my $new_passwd = @{$msg_hash->{new_passwd}}[0];
494 # add entry to known_clients_db
495 my $events = @{$msg_hash->{events}}[0];
496 my $act_timestamp = &get_time;
497 my $res = $main::known_clients_db->add_dbentry( {table=>'known_clients',
498 primkey=>['hostname'],
499 hostname=>$source,
500 events=>$events,
501 macaddress=>$mac_address,
502 status=>'registered',
503 hostkey=>$new_passwd,
504 timestamp=>$act_timestamp,
505 keylifetime=>$key_lifetime,
506 } );
508 if ($res != 0) {
509 &main::daemon_log("$session_id ERROR: cannot add entry to known_clients: $res",1);
510 return;
511 }
513 # return acknowledgement to client
514 $out_hash = &create_xml_hash("registered", $server_address, $source);
516 # give the new client his ldap config
517 # Workaround: Send within the registration response, if the client will get an ldap config later
518 my $new_ldap_config_out = &new_ldap_config($source, $session_id);
519 if($new_ldap_config_out && (!($new_ldap_config_out =~ /error/))) {
520 &add_content2xml_hash($out_hash, "ldap_available", "true");
521 } elsif($new_ldap_config_out && $new_ldap_config_out =~ /error/){
522 &add_content2xml_hash($out_hash, "error", $new_ldap_config_out);
524 my $sql_statement = "UPDATE $main::job_queue_tn ".
525 "SET status='error', result='$new_ldap_config_out' ".
526 "WHERE status='processing' AND macaddress LIKE '$mac_address'";
527 my $res = $main::job_db->update_dbentry($sql_statement);
528 &main::daemon_log("$session_id DEBUG: $sql_statement RESULT: $res", 26);
529 }
530 my $register_out = &create_xml_string($out_hash);
531 push(@out_msg_l, $register_out);
533 # Really send the ldap config
534 if( $new_ldap_config_out && (!($new_ldap_config_out =~ /error/))) {
535 push(@out_msg_l, $new_ldap_config_out);
536 }
538 # Send client hardware configuration
539 my $hardware_config_out = &hardware_config($msg, $msg_hash, $session_id);
540 if( $hardware_config_out ) {
541 push(@out_msg_l, $hardware_config_out);
542 }
544 # Send client ntp server
545 my $ntp_config_out = &new_ntp_config($mac_address, $session_id);
546 if ($ntp_config_out) {
547 push(@out_msg_l, $ntp_config_out);
548 }
550 # Send client syslog server
551 my $syslog_config_out = &new_syslog_config($mac_address, $session_id);
552 if ($syslog_config_out) {
553 push(@out_msg_l, $syslog_config_out);
554 }
556 # update ldap entry if exists
557 my $ldap_handle= &main::get_ldap_handle();
558 my $ldap_res= $ldap_handle->search(
559 base => $ldap_base,
560 scope => 'sub',
561 #attrs => ['ipHostNumber'],
562 filter => "(&(objectClass=GOhard)(macAddress=$mac_address))");
563 if($ldap_res->code) {
564 &main::daemon_log("$session_id ERROR: LDAP Entry for client with mac address $mac_address not found: ".$ldap_res->error, 1);
565 } elsif ($ldap_res->count != 1) {
566 &main::daemon_log("$session_id ERROR: client with mac address $mac_address not found/unique/active - not updating ldap entry".
567 "\n\tbase: $ldap_base".
568 "\n\tscope: sub".
569 "\n\tattrs: ipHostNumber".
570 "\n\tfilter: (&(objectClass=GOhard)(macaddress=$mac_address))", 1);
571 } else {
572 my $entry= $ldap_res->pop_entry();
573 my $ip_address= $entry->get_value('ipHostNumber');
574 my $source_ip= ($1) if $source =~ /^([0-9\.]*?):[0-9]*$/;
575 if(not defined($ip_address) and defined($source_ip)) {
576 $entry->add( 'ipHostNumber' => $source_ip );
577 my $mesg= $entry->update($ldap_handle);
578 $mesg->code && &main::daemon_log("$session_id ERROR: Updating IP Address for client with mac address $mac_address failed with '".$mesg->mesg()."'", 1);
579 } elsif(defined($source_ip) and not ($source_ip eq $ip_address)) {
580 $entry->replace( 'ipHostNumber' => $source_ip );
581 my $mesg= $entry->update($ldap_handle);
582 $mesg->code && &main::daemon_log("$session_id ERROR: Updating IP Address for client with mac address $mac_address failed with '".$mesg->mesg()."'", 1);
583 } elsif (not defined($source_ip)) {
584 &main::daemon_log("ERROR: Could not parse source value '$source' perhaps not an ip address?", 1);
585 }
586 }
587 &main::release_ldap_handle($ldap_handle);
589 # notify registered client to all other server
590 my %mydata = ( 'client' => $source, 'macaddress' => $mac_address);
591 my $mymsg = &build_msg('new_foreign_client', $main::server_address, "KNOWN_SERVER", \%mydata);
592 push(@out_msg_l, $mymsg);
594 &main::daemon_log("$session_id INFO: register client $source ($mac_address), $client_status - $client_revision", 5);
595 return @out_msg_l;
596 }
599 #=== FUNCTION ================================================================
600 # NAME: who_has
601 # PARAMETERS: msg_hash - hash - hash from function create_xml_hash
602 # RETURNS: nothing
603 # DESCRIPTION: process this incoming message
604 #===============================================================================
605 sub who_has {
606 my ($msg_hash) = @_ ;
607 my @out_msg_l;
609 # what is your search pattern
610 my $search_pattern = @{$msg_hash->{who_has}}[0];
611 my $search_element = @{$msg_hash->{$search_pattern}}[0];
612 #&main::daemon_log("who_has-msg looking for $search_pattern $search_element", 7);
614 # scanning known_clients for search_pattern
615 my @host_addresses = keys %$main::known_clients;
616 my $known_clients_entries = length @host_addresses;
617 my $host_address;
618 foreach my $host (@host_addresses) {
619 my $client_element = $main::known_clients->{$host}->{$search_pattern};
620 if ($search_element eq $client_element) {
621 $host_address = $host;
622 last;
623 }
624 }
626 # search was successful
627 if (defined $host_address) {
628 my $source = @{$msg_hash->{source}}[0];
629 my $out_hash = &create_xml_hash("who_has_i_do", $server_address, $source, "mac_address");
630 &add_content2xml_hash($out_hash, "mac_address", $search_element);
631 my $out_msg = &create_xml_string($out_hash);
632 push(@out_msg_l, $out_msg);
633 }
634 return @out_msg_l;
635 }
638 sub who_has_i_do {
639 my ($msg_hash) = @_ ;
640 my $header = @{$msg_hash->{header}}[0];
641 my $source = @{$msg_hash->{source}}[0];
642 my $search_param = @{$msg_hash->{$header}}[0];
643 my $search_value = @{$msg_hash->{$search_param}}[0];
644 print "\ngot msg $header:\nserver $source has client with $search_param $search_value\n";
645 }
648 sub new_syslog_config {
649 my ($mac_address, $session_id) = @_;
650 my $syslog_msg;
651 my $ldap_handle=&main::get_ldap_handle();
653 # Perform search
654 my $ldap_res = $ldap_handle->search( base => $ldap_base,
655 scope => 'sub',
656 attrs => ['gotoSyslogServer'],
657 filter => "(&(objectClass=GOhard)(macaddress=$mac_address))");
658 if($ldap_res->code) {
659 &main::daemon_log("$session_id ERROR: new_syslog_config: ldap search: ".$ldap_res->error, 1);
660 &main::release_ldap_handle($ldap_handle);
661 return;
662 }
664 # Sanity check
665 if ($ldap_res->count != 1) {
666 &main::daemon_log("$session_id ERROR: client with mac address $mac_address not found/unique/active - not sending syslog config".
667 "\n\tbase: $ldap_base".
668 "\n\tscope: sub".
669 "\n\tattrs: gotoSyslogServer".
670 "\n\tfilter: (&(objectClass=GOhard)(macaddress=$mac_address))", 1);
671 &main::release_ldap_handle($ldap_handle);
672 return;
673 }
675 my $entry= $ldap_res->entry(0);
676 my $filter_dn = &Net::LDAP::Util::escape_filter_value($entry->dn);
677 my $syslog_server = $entry->get_value("gotoSyslogServer");
679 # If no syslog server is specified at host, just have a look at the object group of the host
680 # Perform object group search
681 if (not defined $syslog_server) {
682 my $ldap_res = $ldap_handle->search( base => $ldap_base,
683 scope => 'sub',
684 attrs => ['gotoSyslogServer'],
685 filter => "(&(objectClass=gosaGroupOfNames)(member=$filter_dn))");
686 if($ldap_res->code) {
687 &main::daemon_log("$session_id ERROR: new_syslog_config: ldap search: ".$ldap_res->error, 1);
688 &main::release_ldap_handle($ldap_handle);
689 return;
690 }
692 # Sanity check
693 if ($ldap_res->count != 1) {
694 &main::daemon_log("$session_id ERROR: client with mac address $mac_address not found/unique/active - not sending syslog config".
695 "\n\tbase: $ldap_base".
696 "\n\tscope: sub".
697 "\n\tattrs: gotoSyslogServer".
698 "\n\tfilter: (&(objectClass=gosaGroupOfNames)(member=$filter_dn))", 1);
699 &main::release_ldap_handle($ldap_handle);
700 return;
701 }
703 my $entry= $ldap_res->entry(0);
704 $syslog_server= $entry->get_value("gotoSyslogServer");
705 }
707 # Return if no syslog server specified
708 if (not defined $syslog_server) {
709 &main::daemon_log("$session_id WARNING: no syslog server specified for this host '$mac_address'", 3);
710 &main::release_ldap_handle($ldap_handle);
711 return;
712 }
715 # Add syslog server to 'syslog_config' message
716 my $syslog_msg_hash = &create_xml_hash("new_syslog_config", $server_address, $mac_address);
717 &add_content2xml_hash($syslog_msg_hash, "server", $syslog_server);
719 &main::release_ldap_handle($ldap_handle);
720 return &create_xml_string($syslog_msg_hash);
721 }
724 sub new_ntp_config {
725 my ($address, $session_id) = @_;
726 my $ntp_msg;
727 my $ldap_handle=&main::get_ldap_handle();
729 # Perform search
730 my $ldap_res = $ldap_handle->search( base => $ldap_base,
731 scope => 'sub',
732 attrs => ['gotoNtpServer'],
733 filter => "(&(objectClass=GOhard)(macaddress=$address))");
734 if($ldap_res->code) {
735 &main::daemon_log("$session_id ERROR: new_ntp_config: ldap search: ".$ldap_res->error, 1);
736 &main::release_ldap_handle($ldap_handle);
737 return;
738 }
740 # Sanity check
741 if ($ldap_res->count != 1) {
742 &main::daemon_log("$session_id ERROR: client with mac address $address not found/unique/active - not sending ntp config".
743 "\n\tbase: $ldap_base".
744 "\n\tscope: sub".
745 "\n\tattrs: gotoNtpServer".
746 "\n\tfilter: (&(objectClass=GOhard)(macaddress=$address))", 1);
747 &main::release_ldap_handle($ldap_handle);
748 return;
749 }
751 my $entry= $ldap_res->entry(0);
752 my $filter_dn = &Net::LDAP::Util::escape_filter_value($entry->dn);
753 my @ntp_servers= $entry->get_value("gotoNtpServer");
755 # If no ntp server is specified at host, just have a look at the object group of the host
756 # Perform object group search
757 if ((not @ntp_servers) || (@ntp_servers == 0)) {
758 my $ldap_res = $ldap_handle->search( base => $ldap_base,
759 scope => 'sub',
760 attrs => ['gotoNtpServer'],
761 filter => "(&(objectClass=gosaGroupOfNames)(member=$filter_dn))");
762 if($ldap_res->code) {
763 &main::daemon_log("$session_id ERROR: new_ntp_config: ldap search: ".$ldap_res->error, 1);
764 &main::release_ldap_handle($ldap_handle);
765 return;
766 }
768 # Sanity check
769 if ($ldap_res->count != 1) {
770 &main::daemon_log("$session_id ERROR: client with mac address $address not found/unique/active - not sending ntp config".
771 "\n\tbase: $ldap_base".
772 "\n\tscope: sub".
773 "\n\tattrs: gotoNtpServer".
774 "\n\tfilter: (&(objectClass=gosaGroupOfNames)(member=$filter_dn))", 1);
775 &main::release_ldap_handle($ldap_handle);
776 return;
777 }
779 my $entry= $ldap_res->entry(0);
780 @ntp_servers= $entry->get_value("gotoNtpServer");
781 }
783 # Return if no ntp server specified
784 if ((not @ntp_servers) || (@ntp_servers == 0)) {
785 &main::daemon_log("$session_id WARNING: no ntp server specified for this host '$address'", 3);
786 &main::release_ldap_handle($ldap_handle);
787 return;
788 }
790 # Add each ntp server to 'ntp_config' message
791 my $ntp_msg_hash = &create_xml_hash("new_ntp_config", $server_address, $address);
792 foreach my $ntp_server (@ntp_servers) {
793 &add_content2xml_hash($ntp_msg_hash, "server", $ntp_server);
794 }
796 &main::release_ldap_handle($ldap_handle);
797 return &create_xml_string($ntp_msg_hash);
798 }
801 #=== FUNCTION ================================================================
802 # NAME: new_ldap_config
803 # PARAMETERS: address - string - ip address and port of a host
804 # RETURNS: gosa-si conform message
805 # DESCRIPTION: send to address the ldap configuration found for dn gotoLdapServer
806 #===============================================================================
807 sub new_ldap_config {
808 my ($address, $session_id) = @_ ;
810 my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$address' OR macaddress LIKE '$address'";
811 my $res = $main::known_clients_db->select_dbentry( $sql_statement );
813 # check hit
814 my $hit_counter = keys %{$res};
815 if( not $hit_counter == 1 ) {
816 &main::daemon_log("$session_id ERROR: new_ldap_config: more or no hit found in known_clients_db by query '$sql_statement'", 1);
817 return;
818 }
820 $address = $res->{1}->{hostname};
821 my $macaddress = $res->{1}->{macaddress};
822 my $hostkey = $res->{1}->{hostkey};
824 if (not defined $macaddress) {
825 &main::daemon_log("$session_id ERROR: new_ldap_config: no mac address found for client $address", 1);
826 return;
827 }
829 # Perform search
830 my $ldap_handle=&main::get_ldap_handle();
831 $mesg = $ldap_handle->search( base => $ldap_base,
832 scope => 'sub',
833 attrs => ['dn', 'gotoLdapServer', 'gosaUnitTag', 'FAIclass'],
834 filter => "(&(objectClass=GOhard)(macaddress=$macaddress))");
835 if($mesg->code) {
836 &main::daemon_log("$session_id ERROR: new_ldap_config: ldap search: ".$mesg->error, 1);
837 &main::release_ldap_handle($ldap_handle);
838 return;
839 }
841 # Sanity check
842 if ($mesg->count != 1) {
843 &main::daemon_log("$session_id ERROR: client with mac address $macaddress not found/unique/active - not sending ldap config".
844 "\n\tbase: $ldap_base".
845 "\n\tscope: sub".
846 "\n\tattrs: dn, gotoLdapServer".
847 "\n\tfilter: (&(objectClass=GOhard)(macaddress=$macaddress))", 1);
848 &main::release_ldap_handle($ldap_handle);
849 return;
850 }
852 my $entry= $mesg->entry(0);
853 my $filter_dn= &Net::LDAP::Util::escape_filter_value($entry->dn);
854 my @servers= $entry->get_value("gotoLdapServer");
855 my $unit_tag= $entry->get_value("gosaUnitTag");
856 my @ldap_uris;
857 my $server;
858 my $base;
859 my $release;
860 my $dn= $entry->dn;
862 # Fill release if available
863 my $FAIclass= $entry->get_value("FAIclass");
864 if (defined $FAIclass && $FAIclass =~ /^.* :([A-Za-z0-9\/.]+).*$/) {
865 $release= $1;
866 }
868 # Do we need to look at an object class?
869 if (not @servers){
870 $mesg = $ldap_handle->search( base => $ldap_base,
871 scope => 'sub',
872 attrs => ['dn', 'gotoLdapServer', 'FAIclass'],
873 filter => "(&(objectClass=gosaGroupOfNames)(member=$filter_dn))");
874 if($mesg->code) {
875 &main::daemon_log("$session_id ERROR: new_ldap_config: unable to search for '(&(objectClass=gosaGroupOfNames)(member=$filter_dn))': ".$mesg->error, 1);
876 &main::release_ldap_handle($ldap_handle);
877 return;
878 }
880 # Sanity check
881 if ($mesg->count != 1) {
882 &main::daemon_log("$session_id ERROR: new_ldap_config: client with mac address $macaddress not found/unique/active - not sending ldap config".
883 "\n\tbase: $ldap_base".
884 "\n\tscope: sub".
885 "\n\tattrs: dn, gotoLdapServer, FAIclass".
886 "\n\tfilter: (&(objectClass=gosaGroupOfNames)(member=$filter_dn))", 1);
887 &main::release_ldap_handle($ldap_handle);
888 return;
889 }
891 $entry= $mesg->entry(0);
892 $dn= $entry->dn;
893 @servers= $entry->get_value("gotoLdapServer");
895 if (not defined $release){
896 $FAIclass= $entry->get_value("FAIclass");
897 if (defined $FAIclass && $FAIclass =~ /^.* :([A-Za-z0-9\/.]+).*$/) {
898 $release= $1;
899 }
900 }
901 }
903 @servers= sort (@servers);
905 # complain if no ldap information found
906 if (@servers == 0) {
907 &main::daemon_log("$session_id ERROR: no gotoLdapServer information for LDAP entry '$dn'", 1);
908 }
910 foreach $server (@servers){
911 # Conversation for backward compatibility
912 if (not $server =~ /^\d+:[^:]+:ldap[^:]*:\/\// ) {
913 if ($server =~ /^([^:]+):([^:]+)$/ ) {
914 $server= "1:dummy:ldap://$1/$2";
915 } elsif ($server =~ /^(\d+):([^:]+):(.*)$/ ) {
916 $server= "$1:dummy:ldap://$2/$3";
917 }
918 }
920 $base= $server;
921 $server =~ s%^[^:]+:[^:]+:(ldap.*://[^/]+)/.*$%$1%;
922 $base =~ s%^[^:]+:[^:]+:ldap.*://[^/]+/(.*)$%$1%;
923 push (@ldap_uris, $server);
924 }
926 # Assemble data package
927 my %data = ( 'ldap_uri' => \@ldap_uris, 'ldap_base' => $base,
928 'ldap_cfg' => \@ldap_cfg, 'pam_cfg' => \@pam_cfg,'nss_cfg' => \@nss_cfg );
929 if (defined $release){
930 $data{'release'}= $release;
931 }
933 # Need to append GOto settings?
934 if (defined $goto_admin and defined $goto_secret){
935 $data{'goto_admin'}= $goto_admin;
936 $data{'goto_secret'}= $goto_secret;
937 }
939 # Append unit tag if needed
940 if (defined $unit_tag){
942 # Find admin base and department name
943 $mesg = $ldap_handle->search( base => $ldap_base,
944 scope => 'sub',
945 attrs => ['dn', 'ou'],
946 filter => "(&(objectClass=gosaAdministrativeUnit)(gosaUnitTag=$unit_tag))");
947 #$mesg->code && die $mesg->error;
948 if($mesg->code) {
949 &main::daemon_log("$session_id ERROR: new_ldap_config: ldap search: ".$mesg->error, 1);
950 &main::release_ldap_handle($ldap_handle);
951 return "error-unit-tag-count-0";
952 }
954 # Sanity check
955 if ($mesg->count != 1) {
956 &main::daemon_log("WARNING: cannot find administrative unit for client with tag $unit_tag", 3);
957 &main::release_ldap_handle($ldap_handle);
958 return "error-unit-tag-count-".$mesg->count;
959 }
961 $entry= $mesg->entry(0);
962 $data{'admin_base'}= $entry->dn;
963 $data{'department'}= $entry->get_value("ou");
965 # Append unit Tag
966 $data{'unit_tag'}= $unit_tag;
967 }
968 &main::release_ldap_handle($ldap_handle);
970 # Send information
971 return &build_msg("new_ldap_config", $server_address, $address, \%data);
972 }
975 #=== FUNCTION ================================================================
976 # NAME: hardware_config
977 # PARAMETERS: address - string - ip address and port of a host
978 # RETURNS:
979 # DESCRIPTION:
980 #===============================================================================
981 sub hardware_config {
982 my ($msg, $msg_hash, $session_id) = @_ ;
983 my $address = @{$msg_hash->{source}}[0];
984 my $header = @{$msg_hash->{header}}[0];
985 my $gotoHardwareChecksum = @{$msg_hash->{gotoHardwareChecksum}}[0];
987 my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$address'";
988 my $res = $main::known_clients_db->select_dbentry( $sql_statement );
990 # check hit
991 my $hit_counter = keys %{$res};
992 if( not $hit_counter == 1 ) {
993 &main::daemon_log("$session_id ERROR: hardware_config: more or no hit found in known_clients_db by query by '$address'", 1);
994 }
995 my $macaddress = $res->{1}->{macaddress};
996 my $hostkey = $res->{1}->{hostkey};
998 if (not defined $macaddress) {
999 &main::daemon_log("$session_id ERROR: hardware_config: no mac address found for client $address", 1);
1000 return;
1001 }
1003 # Perform search
1004 my $ldap_handle=&main::get_ldap_handle();
1005 $mesg = $ldap_handle->search(
1006 base => $ldap_base,
1007 scope => 'sub',
1008 filter => "(&(objectClass=GOhard)(|(macAddress=$macaddress)(dhcpHWaddress=ethernet $macaddress)))"
1009 );
1011 if($mesg->count() == 0) {
1012 &main::daemon_log("$session_id INFO: Host was not found in LDAP!", 5);
1014 # set status = hardware_detection at jobqueue if entry exists
1015 # TODO
1016 # resolve plain name for host
1017 my $func_dic = {table=>$main::job_queue_tn,
1018 primkey=>['macaddress', 'headertag'],
1019 timestamp=>&get_time,
1020 status=>'processing',
1021 result=>'none',
1022 progress=>'hardware-detection',
1023 headertag=>'trigger_action_reinstall',
1024 targettag=>$address,
1025 xmlmessage=>'none',
1026 macaddress=>$macaddress,
1027 plainname=>'none',
1028 siserver=>'localhost',
1029 modified=>'1',
1030 };
1031 my $hd_res = $main::job_db->add_dbentry($func_dic);
1032 &main::daemon_log("$session_id INFO: add '$macaddress' to job queue as an installing job", 5);
1034 } else {
1035 my $entry= $mesg->entry(0);
1036 if (defined($entry->get_value("gotoHardwareChecksum"))) {
1037 if (! ($entry->get_value("gotoHardwareChecksum") eq $gotoHardwareChecksum)) {
1038 $entry->replace(gotoHardwareChecksum => $gotoHardwareChecksum);
1039 if($entry->update($ldap_handle)) {
1040 &main::daemon_log("$session_id INFO: Hardware changed! Detection triggered.", 5);
1041 }
1042 } else {
1043 # Nothing to do
1044 &main::release_ldap_handle($ldap_handle);
1045 return;
1046 }
1047 }
1048 }
1050 # Assemble data package
1051 my %data = ();
1053 # Need to append GOto settings?
1054 if (defined $goto_admin and defined $goto_secret){
1055 $data{'goto_admin'}= $goto_admin;
1056 $data{'goto_secret'}= $goto_secret;
1057 }
1059 &main::release_ldap_handle($ldap_handle);
1061 # Send information
1062 return &build_msg("detect_hardware", $server_address, $address, \%data);
1063 }
1065 sub server_matches {
1066 my ($target, $session_id) = @_ ;
1067 my $target_ip = ($1) if $target =~ /^([0-9\.]*?):.*$/;
1068 if(!defined($target_ip) or length($target_ip) == 0) {
1069 return;
1070 }
1072 my $result = 0;
1074 if($server_ip eq $target_ip) {
1075 $result= 1;
1076 } elsif ($target_ip eq "0.0.0.0") {
1077 $result= 1;
1078 } elsif ($server_ip eq "0.0.0.0") {
1079 if ($target_ip eq "127.0.0.1") {
1080 $result= 1;
1081 } else {
1082 my $PROC_NET_ROUTE= ('/proc/net/route');
1084 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
1085 or die "Could not open $PROC_NET_ROUTE";
1087 my @ifs = <PROC_NET_ROUTE>;
1089 close(PROC_NET_ROUTE);
1091 # Eat header line
1092 shift @ifs;
1093 chomp @ifs;
1094 foreach my $line(@ifs) {
1095 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
1096 my $destination;
1097 my $mask;
1098 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
1099 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
1100 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
1101 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
1102 if(new NetAddr::IP($target_ip)->within(new NetAddr::IP($destination, $mask))) {
1103 # destination matches route, save mac and exit
1104 $result= 1;
1105 last;
1106 }
1107 }
1108 }
1109 } else {
1110 &main::daemon_log("$session_id INFO: Target ip $target_ip does not match Server ip $server_ip",5);
1111 }
1113 return $result;
1114 }
1116 # vim:ts=4:shiftwidth:expandtab
1117 1;