1 package ClientPackages;
3 use Exporter;
4 @ISA = ("Exporter");
6 # Each module has to have a function 'process_incoming_msg'. This function works as a interface to gosa-sd and receives the msg hash from gosa-sd. 'process_incoming_function checks, wether it has a function to process the incoming msg and forward the msg to it.
8 use strict;
9 use warnings;
10 use GOSA::GosaSupportDaemon;
11 use IO::Socket::INET;
12 use XML::Simple;
13 use Data::Dumper;
14 use NetAddr::IP;
15 use Net::LDAP;
16 use Net::LDAP::Util;
17 use Socket;
18 use Net::hostent;
20 my $event_dir = "/usr/lib/gosa-si/server/ClientPackages";
21 use lib "/usr/lib/gosa-si/server/ClientPackages";
23 BEGIN{}
24 END {}
26 my ($server_ip, $server_port, $ClientPackages_key, $max_clients, $ldap_uri, $ldap_base, $ldap_admin_dn, $ldap_admin_password, $server_interface);
27 #my ($bus_activ, $bus_key, $bus_ip, $bus_port);
28 my $server;
29 my $network_interface;
30 #my $no_bus;
31 my (@ldap_cfg, @pam_cfg, @nss_cfg, $goto_admin, $goto_secret);
32 my $mesg;
34 my %cfg_defaults = (
35 "server" => {
36 "ip" => [\$server_ip, "0.0.0.0"],
37 "mac-address" => [\$main::server_mac_address, "00:00:00:00:00"],
38 "port" => [\$server_port, "20081"],
39 "ldap-uri" => [\$ldap_uri, ""],
40 "ldap-base" => [\$ldap_base, ""],
41 "ldap-admin-dn" => [\$ldap_admin_dn, ""],
42 "ldap-admin-password" => [\$ldap_admin_password, ""],
43 "max-clients" => [\$max_clients, 100],
44 },
45 "ClientPackages" => {
46 "key" => [\$ClientPackages_key, ""],
47 },
48 );
50 ### START #####################################################################
52 # read configfile and import variables
53 &local_read_configfile();
56 # if server_ip is not an ip address but a name
57 if( inet_aton($server_ip) ){ $server_ip = inet_ntoa(inet_aton($server_ip)); }
58 $network_interface= &get_interface_for_ip($server_ip);
59 $main::server_mac_address= &get_mac($network_interface);
62 # import local events
63 my ($error, $result, $event_hash) = &import_events($event_dir);
65 foreach my $log_line (@$result) {
66 if ($log_line =~ / succeed: /) {
67 &main::daemon_log("0 DEBUG: ClientPackages - $log_line", 7);
68 } else {
69 &main::daemon_log("0 ERROR: ClientPackages - $log_line", 1);
70 }
71 }
73 # Unit tag can be defined in config
74 if((not defined($main::gosa_unit_tag)) || length($main::gosa_unit_tag) == 0) {
75 # Read gosaUnitTag from LDAP
77 my $ldap_handle = &main::get_ldap_handle();
78 if( defined($ldap_handle) ) {
79 &main::daemon_log("0 INFO: Searching for servers gosaUnitTag with mac address $main::server_mac_address",5);
80 # Perform search for Unit Tag
81 $mesg = $ldap_handle->search(
82 base => $ldap_base,
83 scope => 'sub',
84 attrs => ['gosaUnitTag'],
85 filter => "(macaddress=$main::server_mac_address)"
86 );
88 if ((! $main::server_mac_address eq "00:00:00:00:00:00") and $mesg->count == 1) {
89 my $entry= $mesg->entry(0);
90 my $unit_tag= $entry->get_value("gosaUnitTag");
91 $main::ldap_server_dn= $mesg->entry(0)->dn;
92 if(defined($unit_tag) && length($unit_tag) > 0) {
93 &main::daemon_log("0 INFO: Detected gosaUnitTag $unit_tag for creating entries", 5);
94 $main::gosa_unit_tag= $unit_tag;
95 }
96 } else {
97 # Perform another search for Unit Tag
98 my $hostname= `hostname -f`;
99 chomp($hostname);
100 &main::daemon_log("0 INFO: Searching for servers gosaUnitTag with hostname $hostname",5);
101 $mesg = $ldap_handle->search(
102 base => $ldap_base,
103 scope => 'sub',
104 attrs => ['gosaUnitTag'],
105 filter => "(&(cn=$hostname)(objectClass=goServer))"
106 );
107 if ($mesg->count == 1) {
108 my $entry= $mesg->entry(0);
109 my $unit_tag= $entry->get_value("gosaUnitTag");
110 $main::ldap_server_dn= $mesg->entry(0)->dn;
111 if(defined($unit_tag) && length($unit_tag) > 0) {
112 &main::daemon_log("0 INFO: Detected gosaUnitTag $unit_tag for creating entries", 5);
113 $main::gosa_unit_tag= $unit_tag;
114 }
115 } else {
116 # Perform another search for Unit Tag
117 $hostname= `hostname -s`;
118 chomp($hostname);
119 &main::daemon_log("0 INFO: Searching for servers gosaUnitTag with hostname $hostname",5);
120 $mesg = $ldap_handle->search(
121 base => $ldap_base,
122 scope => 'sub',
123 attrs => ['gosaUnitTag'],
124 filter => "(&(cn=$hostname)(objectClass=goServer))"
125 );
126 if ($mesg->count == 1) {
127 my $entry= $mesg->entry(0);
128 my $unit_tag= $entry->get_value("gosaUnitTag");
129 $main::ldap_server_dn= $mesg->entry(0)->dn;
130 if(defined($unit_tag) && length($unit_tag) > 0) {
131 &main::daemon_log("INFO: Detected gosaUnitTag $unit_tag for creating entries", 5);
132 $main::gosa_unit_tag= $unit_tag;
133 }
134 } else {
135 &main::daemon_log("0 WARNING: No gosaUnitTag detected. Not using gosaUnitTag", 3);
136 }
137 }
138 }
139 } else {
140 &main::daemon_log("0 INFO: Using gosaUnitTag from config-file: $main::gosa_unit_tag",5);
141 }
142 }
145 my $server_address = "$server_ip:$server_port";
146 $main::server_address = $server_address;
149 ### functions #################################################################
152 sub get_module_info {
153 my @info = ($server_address,
154 $ClientPackages_key,
155 );
156 return \@info;
157 }
160 #=== FUNCTION ================================================================
161 # NAME: local_read_configfile
162 # PARAMETERS: cfg_file - string -
163 # RETURNS: nothing
164 # DESCRIPTION: read cfg_file and set variables
165 #===============================================================================
166 sub local_read_configfile {
167 my $cfg;
168 if( defined( $main::cfg_file) && ( (-s $main::cfg_file) > 0 )) {
169 if( -r $main::cfg_file ) {
170 $cfg = Config::IniFiles->new( -file => $main::cfg_file );
171 } else {
172 print STDERR "Couldn't read config file!";
173 }
174 } else {
175 $cfg = Config::IniFiles->new() ;
176 }
177 foreach my $section (keys %cfg_defaults) {
178 foreach my $param (keys %{$cfg_defaults{ $section }}) {
179 my $pinfo = $cfg_defaults{ $section }{ $param };
180 ${@$pinfo[0]} = $cfg->val( $section, $param, @$pinfo[1] );
181 }
182 }
184 # Read non predefined sections
185 my $param;
186 if ($cfg->SectionExists('ldap')){
187 foreach $param ($cfg->Parameters('ldap')){
188 push (@ldap_cfg, "$param ".$cfg->val('ldap', $param));
189 }
190 }
191 if ($cfg->SectionExists('pam_ldap')){
192 foreach $param ($cfg->Parameters('pam_ldap')){
193 push (@pam_cfg, "$param ".$cfg->val('pam_ldap', $param));
194 }
195 }
196 if ($cfg->SectionExists('nss_ldap')){
197 foreach $param ($cfg->Parameters('nss_ldap')){
198 push (@nss_cfg, "$param ".$cfg->val('nss_ldap', $param));
199 }
200 }
201 if ($cfg->SectionExists('goto')){
202 $goto_admin= $cfg->val('goto', 'terminal_admin');
203 $goto_secret= $cfg->val('goto', 'terminal_secret');
204 } else {
205 $goto_admin= undef;
206 $goto_secret= undef;
207 }
209 }
212 #=== FUNCTION ================================================================
213 # NAME: get_mac
214 # PARAMETERS: interface name (i.e. eth0)
215 # RETURNS: (mac address)
216 # DESCRIPTION: Uses ioctl to get mac address directly from system.
217 #===============================================================================
218 sub get_mac {
219 my $ifreq= shift;
220 my $result;
221 if ($ifreq && length($ifreq) > 0) {
222 if($ifreq eq "all") {
223 $result = "00:00:00:00:00:00";
224 } else {
225 my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list
227 # A configured MAC Address should always override a guessed value
228 if ($main::server_mac_address and length($main::server_mac_address) > 0) {
229 $result= $main::server_mac_address;
230 }
232 socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
233 or die "socket: $!";
235 if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
236 my ($if, $mac)= unpack 'h36 H12', $ifreq;
238 if (length($mac) > 0) {
239 $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
240 $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
241 $result = $mac;
242 }
243 }
244 }
245 }
246 return $result;
247 }
250 #=== FUNCTION ================================================================
251 # NAME: process_incoming_msg
252 # PARAMETERS: crypted_msg - string - incoming crypted message
253 # RETURNS: nothing
254 # DESCRIPTION: handels the proceeded distribution to the appropriated functions
255 #===============================================================================
256 sub process_incoming_msg {
257 my ($msg, $msg_hash, $session_id) = @_ ;
258 my $error = 0;
259 my $host_name;
260 my $host_key;
261 my @out_msg_l = ("nohandler");
262 my $sql_events;
264 # process incoming msg
265 my $header = @{$msg_hash->{header}}[0];
266 my $source = @{$msg_hash->{source}}[0];
267 my @target_l = @{$msg_hash->{target}};
269 # skip PREFIX
270 $header =~ s/^CLMSG_//;
272 &main::daemon_log("$session_id DEBUG: ClientPackages: msg to process: $header", 7);
274 if( 0 == length @target_l){
275 &main::daemon_log("$session_id ERROR: no target specified for msg $header", 1);
276 $error++;
277 }
279 if( 1 == length @target_l) {
280 my $target = $target_l[0];
281 if(&server_matches($target)) {
282 if ($header eq 'new_key') {
283 @out_msg_l = &new_key($msg_hash)
284 } elsif ($header eq 'here_i_am') {
285 @out_msg_l = &here_i_am($msg, $msg_hash, $session_id)
286 } else {
287 # a event exists with the header as name
288 if( exists $event_hash->{$header} ) {
289 &main::daemon_log("$session_id INFO: found event '$header' at event-module '".$event_hash->{$header}."'", 5);
290 no strict 'refs';
291 @out_msg_l = &{$event_hash->{$header}."::$header"}($msg, $msg_hash, $session_id);
293 # if no event handler is implemented
294 } else {
295 $sql_events = "SELECT * FROM $main::known_clients_tn WHERE ( (macaddress LIKE '$source') OR (hostname='$source') )";
296 my $res = $main::known_clients_db->select_dbentry( $sql_events );
297 my $l = keys(%$res);
299 # set error if no or more than 1 hits are found for sql query
300 if ( $l != 1) {
301 @out_msg_l = ('knownclienterror');
303 # found exact 1 hit in db
304 } else {
305 my $client_events = $res->{'1'}->{'events'};
307 # client is registered for this event, deliver this message to client
308 $header =~ s/^answer_//;
309 if ($client_events =~ /,$header,/) {
310 # answer message finally arrived destination server, so forward messages to GOsa
311 if ($target eq $main::server_address) {
312 $msg =~ s/<header>answer_/<header>/;
313 $msg =~ s/<target>\S+<\/target>/<target>GOSA<\/target>/;
314 }
315 @out_msg_l = ( $msg );
317 # client is not registered for this event, set error
318 } else {
319 @out_msg_l = ('noeventerror');
320 }
321 }
322 }
323 }
325 # if delivery not possible raise error and return
326 if( not defined $out_msg_l[0] ) {
327 @out_msg_l = ();
328 } elsif( $out_msg_l[0] eq 'nohandler') {
329 &main::daemon_log("$session_id ERROR: ClientPackages: no event handler or core function defined for '$header'", 1);
330 @out_msg_l = ();
331 } elsif ($out_msg_l[0] eq 'knownclienterror') {
332 &main::daemon_log("$session_id ERROR: no or more than 1 hits are found at known_clients_db with sql query: '$sql_events'", 1);
333 &main::daemon_log("$session_id ERROR: processing is aborted and message will not be forwarded", 1);
334 @out_msg_l = ();
335 } elsif ($out_msg_l[0] eq 'noeventerror') {
336 &main::daemon_log("$session_id ERROR: client '$target' is not registered for event '$header', processing is aborted", 1);
337 @out_msg_l = ();
338 }
343 }
344 else {
345 &main::daemon_log("INFO: msg is not for gosa-si-server '$server_address', deliver it to target '$target'", 5);
346 push(@out_msg_l, $msg);
347 }
348 }
350 return \@out_msg_l;
351 }
354 #=== FUNCTION ================================================================
355 # NAME: new_passwd
356 # PARAMETERS: msg_hash - ref - hash from function create_xml_hash
357 # RETURNS: nothing
358 # DESCRIPTION: process this incoming message
359 #===============================================================================
360 sub new_key {
361 my ($msg_hash) = @_;
362 my @out_msg_l;
364 my $header = @{$msg_hash->{header}}[0];
365 my $source_name = @{$msg_hash->{source}}[0];
366 my $source_key = @{$msg_hash->{new_key}}[0];
367 my $query_res;
369 # check known_clients_db
370 my $sql_statement = "SELECT * FROM known_clients WHERE hostname='$source_name'";
371 $query_res = $main::known_clients_db->select_dbentry( $sql_statement );
372 if( 1 == keys %{$query_res} ) {
373 my $act_time = &get_time;
374 my $sql_statement= "UPDATE known_clients ".
375 "SET hostkey='$source_key', timestamp='$act_time' ".
376 "WHERE hostname='$source_name'";
377 my $res = $main::known_clients_db->update_dbentry( $sql_statement );
378 my $hash = &create_xml_hash("confirm_new_key", $server_address, $source_name);
379 my $out_msg = &create_xml_string($hash);
380 push(@out_msg_l, $out_msg);
381 }
383 # only do if host still not found
384 if( 0 == @out_msg_l ) {
385 # check known_server_db
386 $sql_statement = "SELECT * FROM known_server WHERE hostname='$source_name'";
387 $query_res = $main::known_server_db->select_dbentry( $sql_statement );
388 if( 1 == keys %{$query_res} ) {
389 my $act_time = &get_time;
390 my $sql_statement= "UPDATE known_server ".
391 "SET hostkey='$source_key', timestamp='$act_time' ".
392 "WHERE hostname='$source_name'";
393 my $res = $main::known_server_db->update_dbentry( $sql_statement );
395 my $hash = &create_xml_hash("confirm_new_key", $server_address, $source_name);
396 my $out_msg = &create_xml_string($hash);
397 push(@out_msg_l, $out_msg);
398 }
399 }
401 return @out_msg_l;
402 }
405 #=== FUNCTION ================================================================
406 # NAME: here_i_am
407 # PARAMETERS: msg_hash - hash - hash from function create_xml_hash
408 # RETURNS: nothing
409 # DESCRIPTION: process this incoming message
410 #===============================================================================
411 sub here_i_am {
412 my ($msg, $msg_hash, $session_id) = @_;
413 my @out_msg_l;
414 my $out_hash;
415 my $source = @{$msg_hash->{source}}[0];
416 my $mac_address = @{$msg_hash->{mac_address}}[0];
417 my $gotoHardwareChecksum = @{$msg_hash->{gotoHardwareChecksum}}[0];
418 my $client_status = @{$msg_hash->{client_status}}[0];
419 my $client_revision = @{$msg_hash->{client_revision}}[0];
420 my $key_lifetime = @{$msg_hash->{key_lifetime}}[0];
422 # Move forced hostname to heap - if used
423 #FIXME: move to some global POE namespace - please
424 if ( defined($msg_hash->{'force-hostname'}[0]) &&
425 length($msg_hash->{'force-hostname'}[0]) > 0){
426 # $heap->{force-hostname}->{$mac_address}= $msg_hash->{'force-hostname'}[0];
427 open (TFILE, ">/var/tmp/$mac_address");
428 print TFILE $msg_hash->{'force-hostname'}[0];
429 close (TFILE);
430 } else {
431 # $heap->{force-hostname}->{$mac_address}= undef;
432 if ( -e "/var/tmp/$mac_address") {
433 unlink("/var/tmp/$mac_address")
434 };
435 }
437 # number of known clients
438 my $nu_clients= $main::known_clients_db->count_dbentries('known_clients');
440 # check wether client address or mac address is already known
441 my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$source'";
442 my $db_res= $main::known_clients_db->select_dbentry( $sql_statement );
444 if ( 1 == keys %{$db_res} ) {
445 &main::daemon_log("$session_id WARNING: $source is already known as a client", 1);
446 &main::daemon_log("$session_id WARNING: values for $source are being overwritten", 1);
447 $nu_clients --;
448 }
450 # number of actual activ clients
451 my $act_nu_clients = $nu_clients;
453 &main::daemon_log("$session_id INFO: number of actual activ clients: $act_nu_clients", 5);
454 &main::daemon_log("$session_id INFO: number of maximal allowed clients: $max_clients", 5);
456 if($max_clients <= $act_nu_clients) {
457 my $out_hash = &create_xml_hash("denied", $server_address, $source);
458 &add_content2xml_hash($out_hash, "denied", "I_cannot_take_any_more_clients!");
459 my $passwd = @{$msg_hash->{new_passwd}}[0];
460 &send_msg_hash2address($out_hash, $source, $passwd);
461 return;
462 }
464 # new client accepted
465 my $new_passwd = @{$msg_hash->{new_passwd}}[0];
467 # add entry to known_clients_db
468 my $events = @{$msg_hash->{events}}[0];
469 my $act_timestamp = &get_time;
470 my $res = $main::known_clients_db->add_dbentry( {table=>'known_clients',
471 primkey=>['hostname'],
472 hostname=>$source,
473 events=>$events,
474 macaddress=>$mac_address,
475 status=>'registered',
476 hostkey=>$new_passwd,
477 timestamp=>$act_timestamp,
478 keylifetime=>$key_lifetime,
479 } );
481 if ($res != 0) {
482 &main::daemon_log("$session_id ERROR: cannot add entry to known_clients: $res");
483 return;
484 }
486 # return acknowledgement to client
487 $out_hash = &create_xml_hash("registered", $server_address, $source);
490 # give the new client his ldap config
491 # Workaround: Send within the registration response, if the client will get an ldap config later
492 my $new_ldap_config_out = &new_ldap_config($source, $session_id);
493 if($new_ldap_config_out && (!($new_ldap_config_out =~ /error/))) {
494 &add_content2xml_hash($out_hash, "ldap_available", "true");
495 } elsif($new_ldap_config_out && $new_ldap_config_out =~ /error/){
496 &add_content2xml_hash($out_hash, "error", $new_ldap_config_out);
498 my $sql_statement = "UPDATE $main::job_queue_tn ".
499 "SET status='error', result='$new_ldap_config_out' ".
500 "WHERE status='processing' AND macaddress LIKE '$mac_address'";
501 my $res = $main::job_db->update_dbentry($sql_statement);
502 &main::daemon_log("$session_id DEBUG: $sql_statement RESULT: $res", 7);
503 }
504 my $register_out = &create_xml_string($out_hash);
505 push(@out_msg_l, $register_out);
507 # Really send the ldap config
508 if( $new_ldap_config_out && (!($new_ldap_config_out =~ /error/))) {
509 push(@out_msg_l, $new_ldap_config_out);
510 }
512 # Send client hardware configuration
513 my $hardware_config_out = &hardware_config($msg, $msg_hash, $session_id);
514 if( $hardware_config_out ) {
515 push(@out_msg_l, $hardware_config_out);
516 }
518 # Send client ntp server
519 my $ntp_config_out = &new_ntp_config($mac_address, $session_id);
520 if ($ntp_config_out) {
521 push(@out_msg_l, $ntp_config_out);
522 }
524 # Send client syslog server
525 my $syslog_config_out = &new_syslog_config($mac_address, $session_id);
526 if ($syslog_config_out) {
527 push(@out_msg_l, $syslog_config_out);
528 }
530 # notify registered client to all other server
531 my %mydata = ( 'client' => $source, 'macaddress' => $mac_address);
532 my $mymsg = &build_msg('new_foreign_client', $main::server_address, "KNOWN_SERVER", \%mydata);
533 push(@out_msg_l, $mymsg);
535 &main::daemon_log("$session_id INFO: register client $source ($mac_address)", 5);
536 &main::daemon_log("$session_id INFO: client version: $client_status - $client_revision", 5);
537 return @out_msg_l;
538 }
541 #=== FUNCTION ================================================================
542 # NAME: who_has
543 # PARAMETERS: msg_hash - hash - hash from function create_xml_hash
544 # RETURNS: nothing
545 # DESCRIPTION: process this incoming message
546 #===============================================================================
547 sub who_has {
548 my ($msg_hash) = @_ ;
549 my @out_msg_l;
551 # what is your search pattern
552 my $search_pattern = @{$msg_hash->{who_has}}[0];
553 my $search_element = @{$msg_hash->{$search_pattern}}[0];
554 &main::daemon_log("who_has-msg looking for $search_pattern $search_element", 7);
556 # scanning known_clients for search_pattern
557 my @host_addresses = keys %$main::known_clients;
558 my $known_clients_entries = length @host_addresses;
559 my $host_address;
560 foreach my $host (@host_addresses) {
561 my $client_element = $main::known_clients->{$host}->{$search_pattern};
562 if ($search_element eq $client_element) {
563 $host_address = $host;
564 last;
565 }
566 }
568 # search was successful
569 if (defined $host_address) {
570 my $source = @{$msg_hash->{source}}[0];
571 my $out_hash = &create_xml_hash("who_has_i_do", $server_address, $source, "mac_address");
572 &add_content2xml_hash($out_hash, "mac_address", $search_element);
573 my $out_msg = &create_xml_string($out_hash);
574 push(@out_msg_l, $out_msg);
575 }
576 return @out_msg_l;
577 }
580 sub who_has_i_do {
581 my ($msg_hash) = @_ ;
582 my $header = @{$msg_hash->{header}}[0];
583 my $source = @{$msg_hash->{source}}[0];
584 my $search_param = @{$msg_hash->{$header}}[0];
585 my $search_value = @{$msg_hash->{$search_param}}[0];
586 print "\ngot msg $header:\nserver $source has client with $search_param $search_value\n";
587 }
590 sub new_syslog_config {
591 my ($mac_address, $session_id) = @_;
592 my $syslog_msg;
594 # Build LDAP connection
595 my $ldap_handle = &main::get_ldap_handle($session_id);
596 if( not defined $ldap_handle ) {
597 &main::daemon_log("$session_id ERROR: cannot connect to ldap: $ldap_uri", 1);
598 return;
599 }
601 # Perform search
602 my $ldap_res = $ldap_handle->search( base => $ldap_base,
603 scope => 'sub',
604 attrs => ['gotoSyslogServer'],
605 filter => "(&(objectClass=GOhard)(macaddress=$mac_address))");
606 if($ldap_res->code) {
607 &main::daemon_log("$session_id ".$ldap_res->error, 1);
608 return;
609 }
611 # Sanity check
612 if ($ldap_res->count != 1) {
613 &main::daemon_log("$session_id ERROR: client with mac address $mac_address not found/unique/active - not sending syslog config".
614 "\n\tbase: $ldap_base".
615 "\n\tscope: sub".
616 "\n\tattrs: gotoSyslogServer".
617 "\n\tfilter: (&(objectClass=GOhard)(macaddress=$mac_address))", 1);
618 return;
619 }
621 my $entry= $ldap_res->entry(0);
622 my $dn = &Net::LDAP::Util::escape_dn_value($entry->dn);
623 my $syslog_server = $entry->get_value("gotoSyslogServer");
625 # If no syslog server is specified at host, just have a look at the object group of the host
626 # Perform object group search
627 if (not defined $syslog_server) {
628 my $ldap_res = $ldap_handle->search( base => $ldap_base,
629 scope => 'sub',
630 attrs => ['gotoSyslogServer'],
631 filter => "(&(objectClass=gosaGroupOfNames)(member=$dn))");
632 if($ldap_res->code) {
633 &main::daemon_log("$session_id ".$ldap_res->error, 1);
634 return;
635 }
637 # Sanity check
638 if ($ldap_res->count != 1) {
639 &main::daemon_log("$session_id ERROR: client with mac address $mac_address not found/unique/active - not sending syslog config".
640 "\n\tbase: $ldap_base".
641 "\n\tscope: sub".
642 "\n\tattrs: gotoSyslogServer".
643 "\n\tfilter: (&(objectClass=gosaGroupOfNames)(member=$dn))", 1);
644 return;
645 }
647 my $entry= $ldap_res->entry(0);
648 $syslog_server= $entry->get_value("gotoSyslogServer");
649 }
651 # Return if no syslog server specified
652 if (not defined $syslog_server) {
653 &main::daemon_log("$session_id WARNING: no syslog server specified for this host '$mac_address'", 3);
654 return;
655 }
657 # Add syslog server to 'syslog_config' message
658 my $syslog_msg_hash = &create_xml_hash("new_syslog_config", $server_address, $mac_address);
659 &add_content2xml_hash($syslog_msg_hash, "server", $syslog_server);
661 return &create_xml_string($syslog_msg_hash);
662 }
665 sub new_ntp_config {
666 my ($address, $session_id) = @_;
667 my $ntp_msg;
669 # Build LDAP connection
670 my $ldap_handle = &main::get_ldap_handle($session_id);
671 if( not defined $ldap_handle ) {
672 &main::daemon_log("$session_id ERROR: cannot connect to ldap: $ldap_uri", 1);
673 return;
674 }
676 # Perform search
677 my $ldap_res = $ldap_handle->search( base => $ldap_base,
678 scope => 'sub',
679 attrs => ['gotoNtpServer'],
680 filter => "(&(objectClass=GOhard)(macaddress=$address))");
681 if($ldap_res->code) {
682 &main::daemon_log("$session_id ".$ldap_res->error, 1);
683 return;
684 }
686 # Sanity check
687 if ($ldap_res->count != 1) {
688 &main::daemon_log("$session_id ERROR: client with mac address $address not found/unique/active - not sending ntp config".
689 "\n\tbase: $ldap_base".
690 "\n\tscope: sub".
691 "\n\tattrs: gotoNtpServer".
692 "\n\tfilter: (&(objectClass=GOhard)(macaddress=$address))", 1);
693 return;
694 }
696 my $entry= $ldap_res->entry(0);
697 my $dn = &Net::LDAP::Util::escape_dn_value($entry->dn);
698 my @ntp_servers= $entry->get_value("gotoNtpServer");
700 # If no ntp server is specified at host, just have a look at the object group of the host
701 # Perform object group search
702 if ((not @ntp_servers) || (@ntp_servers == 0)) {
703 my $ldap_res = $ldap_handle->search( base => $ldap_base,
704 scope => 'sub',
705 attrs => ['gotoNtpServer'],
706 filter => "(&(objectClass=gosaGroupOfNames)(member=$dn))");
707 if($ldap_res->code) {
708 &main::daemon_log("$session_id ".$ldap_res->error, 1);
709 return;
710 }
712 # Sanity check
713 if ($ldap_res->count != 1) {
714 &main::daemon_log("$session_id ERROR: client with mac address $address not found/unique/active - not sending ntp config".
715 "\n\tbase: $ldap_base".
716 "\n\tscope: sub".
717 "\n\tattrs: gotoNtpServer".
718 "\n\tfilter: (&(objectClass=gosaGroupOfNames)(member=$dn))", 1);
719 return;
720 }
722 my $entry= $ldap_res->entry(0);
723 @ntp_servers= $entry->get_value("gotoNtpServer");
724 }
726 # Return if no ntp server specified
727 if ((not @ntp_servers) || (@ntp_servers == 0)) {
728 &main::daemon_log("$session_id WARNING: no ntp server specified for this host '$address'", 3);
729 return;
730 }
732 # Add each ntp server to 'ntp_config' message
733 my $ntp_msg_hash = &create_xml_hash("new_ntp_config", $server_address, $address);
734 foreach my $ntp_server (@ntp_servers) {
735 &add_content2xml_hash($ntp_msg_hash, "server", $ntp_server);
736 }
738 return &create_xml_string($ntp_msg_hash);
739 }
742 #=== FUNCTION ================================================================
743 # NAME: new_ldap_config
744 # PARAMETERS: address - string - ip address and port of a host
745 # RETURNS: gosa-si conform message
746 # DESCRIPTION: send to address the ldap configuration found for dn gotoLdapServer
747 #===============================================================================
748 sub new_ldap_config {
749 my ($address, $session_id) = @_ ;
751 my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$address' OR macaddress LIKE '$address'";
752 my $res = $main::known_clients_db->select_dbentry( $sql_statement );
754 # check hit
755 my $hit_counter = keys %{$res};
756 if( not $hit_counter == 1 ) {
757 &main::daemon_log("$session_id ERROR: more or no hit found in known_clients_db by query '$sql_statement'", 1);
758 }
760 $address = $res->{1}->{hostname};
761 my $macaddress = $res->{1}->{macaddress};
762 my $hostkey = $res->{1}->{hostkey};
764 if (not defined $macaddress) {
765 &main::daemon_log("$session_id ERROR: no mac address found for client $address", 1);
766 return;
767 }
769 # Build LDAP connection
770 my $ldap_handle = &main::get_ldap_handle($session_id);
771 if( not defined $ldap_handle ) {
772 &main::daemon_log("$session_id ERROR: cannot connect to ldap: $ldap_uri", 1);
773 return;
774 }
776 # Perform search
777 $mesg = $ldap_handle->search( base => $ldap_base,
778 scope => 'sub',
779 attrs => ['dn', 'gotoLdapServer', 'gosaUnitTag', 'FAIclass'],
780 filter => "(&(objectClass=GOhard)(macaddress=$macaddress))");
781 if($mesg->code) {
782 &main::daemon_log("$session_id ".$mesg->error, 1);
783 return;
784 }
786 # Sanity check
787 if ($mesg->count != 1) {
788 &main::daemon_log("$session_id WARNING: client with mac address $macaddress not found/unique/active - not sending ldap config".
789 "\n\tbase: $ldap_base".
790 "\n\tscope: sub".
791 "\n\tattrs: dn, gotoLdapServer".
792 "\n\tfilter: (&(objectClass=GOhard)(macaddress=$macaddress))", 1);
793 return;
794 }
796 my $entry= $mesg->entry(0);
797 my $dn= $entry->dn;
798 my @servers= $entry->get_value("gotoLdapServer");
799 my $unit_tag= $entry->get_value("gosaUnitTag");
800 my @ldap_uris;
801 my $server;
802 my $base;
803 my $release;
805 # Fill release if available
806 my $FAIclass= $entry->get_value("FAIclass");
807 if (defined $FAIclass && $FAIclass =~ /^.* :([A-Za-z0-9\/.]+).*$/) {
808 $release= $1;
809 }
811 # Do we need to look at an object class?
812 if (not @servers){
813 my $escaped_dn = &Net::LDAP::Util::escape_dn_value($dn);
814 $mesg = $ldap_handle->search( base => $ldap_base,
815 scope => 'sub',
816 attrs => ['dn', 'gotoLdapServer', 'FAIclass'],
817 filter => "(&(objectClass=gosaGroupOfNames)(member=$escaped_dn))");
818 if($mesg->code) {
819 &main::daemon_log("$session_id ERROR: unable to search for '(&(objectClass=gosaGroupOfNames)(member=$dn))': ".$mesg->error, 1);
820 return;
821 }
823 # Sanity check
824 if ($mesg->count != 1) {
825 &main::daemon_log("$session_id ERROR: client with mac address $macaddress not found/unique/active - not sending ldap config".
826 "\n\tbase: $ldap_base".
827 "\n\tscope: sub".
828 "\n\tattrs: dn, gotoLdapServer, FAIclass".
829 "\n\tfilter: (&(objectClass=gosaGroupOfNames)(member=$escaped_dn))", 1);
830 return;
831 }
833 $entry= $mesg->entry(0);
834 $dn= $entry->dn;
835 @servers= $entry->get_value("gotoLdapServer");
837 if (not defined $release){
838 $FAIclass= $entry->get_value("FAIclass");
839 if (defined $FAIclass && $FAIclass =~ /^.* :([A-Za-z0-9\/.]+).*$/) {
840 $release= $1;
841 }
842 }
843 }
845 @servers= sort (@servers);
847 # complain if no ldap information found
848 if (@servers == 0) {
849 &main::daemon_log("$session_id ERROR: no gotoLdapServer information for LDAP entry '$dn'", 1);
850 }
852 foreach $server (@servers){
853 # Conversation for backward compatibility
854 if (not $server =~ /^\d+:[^:]+:ldap[^:]*:\/\// ) {
855 if ($server =~ /^([^:]+):([^:]+)$/ ) {
856 $server= "1:dummy:ldap://$1/$2";
857 } elsif ($server =~ /^(\d+):([^:]+):(.*)$/ ) {
858 $server= "$1:dummy:ldap://$2/$3";
859 }
860 }
862 $base= $server;
863 $server =~ s%^[^:]+:[^:]+:(ldap.*://[^/]+)/.*$%$1%;
864 $base =~ s%^[^:]+:[^:]+:ldap.*://[^/]+/(.*)$%$1%;
865 push (@ldap_uris, $server);
866 }
868 # Assemble data package
869 my %data = ( 'ldap_uri' => \@ldap_uris, 'ldap_base' => $base,
870 'ldap_cfg' => \@ldap_cfg, 'pam_cfg' => \@pam_cfg,'nss_cfg' => \@nss_cfg );
871 if (defined $release){
872 $data{'release'}= $release;
873 }
875 # Need to append GOto settings?
876 if (defined $goto_admin and defined $goto_secret){
877 $data{'goto_admin'}= $goto_admin;
878 $data{'goto_secret'}= $goto_secret;
879 }
881 # Append unit tag if needed
882 if (defined $unit_tag){
884 # Find admin base and department name
885 $mesg = $ldap_handle->search( base => $ldap_base,
886 scope => 'sub',
887 attrs => ['dn', 'ou'],
888 filter => "(&(objectClass=gosaAdministrativeUnit)(gosaUnitTag=$unit_tag))");
889 #$mesg->code && die $mesg->error;
890 if($mesg->code) {
891 &main::daemon_log($mesg->error, 1);
892 return "error-unit-tag-count-0";
893 }
895 # Sanity check
896 if ($mesg->count != 1) {
897 &main::daemon_log("WARNING: cannot find administrative unit for client with tag $unit_tag", 1);
898 return "error-unit-tag-count-".$mesg->count;
899 }
901 $entry= $mesg->entry(0);
902 $data{'admin_base'}= $entry->dn;
903 $data{'department'}= $entry->get_value("ou");
905 # Append unit Tag
906 $data{'unit_tag'}= $unit_tag;
907 }
909 # Send information
910 return &build_msg("new_ldap_config", $server_address, $address, \%data);
911 }
914 #=== FUNCTION ================================================================
915 # NAME: hardware_config
916 # PARAMETERS: address - string - ip address and port of a host
917 # RETURNS:
918 # DESCRIPTION:
919 #===============================================================================
920 sub hardware_config {
921 my ($msg, $msg_hash, $session_id) = @_ ;
922 my $address = @{$msg_hash->{source}}[0];
923 my $header = @{$msg_hash->{header}}[0];
924 my $gotoHardwareChecksum = @{$msg_hash->{gotoHardwareChecksum}}[0];
926 my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$address'";
927 my $res = $main::known_clients_db->select_dbentry( $sql_statement );
929 # check hit
930 my $hit_counter = keys %{$res};
931 if( not $hit_counter == 1 ) {
932 &main::daemon_log("$session_id ERROR: more or no hit found in known_clients_db by query by '$address'", 1);
933 }
934 my $macaddress = $res->{1}->{macaddress};
935 my $hostkey = $res->{1}->{hostkey};
937 if (not defined $macaddress) {
938 &main::daemon_log("$session_id ERROR: no mac address found for client $address", 1);
939 return;
940 }
942 # Build LDAP connection
943 my $ldap_handle = &main::get_ldap_handle($session_id);
944 if( not defined $ldap_handle ) {
945 &main::daemon_log("$session_id ERROR: cannot connect to ldap: $ldap_uri", 1);
946 return;
947 }
949 # Perform search
950 $mesg = $ldap_handle->search(
951 base => $ldap_base,
952 scope => 'sub',
953 filter => "(&(objectClass=GOhard)(|(macAddress=$macaddress)(dhcpHWaddress=ethernet $macaddress)))"
954 );
956 if($mesg->count() == 0) {
957 &main::daemon_log("Host was not found in LDAP!", 1);
959 # set status = hardware_detection at jobqueue if entry exists
960 # TODO
961 # resolve plain name for host
962 my $func_dic = {table=>$main::job_queue_tn,
963 primkey=>['macaddress', 'headertag'],
964 timestamp=>&get_time,
965 status=>'processing',
966 result=>'none',
967 progress=>'hardware-detection',
968 headertag=>'trigger_action_reinstall',
969 targettag=>$address,
970 xmlmessage=>'none',
971 macaddress=>$macaddress,
972 plainname=>'none',
973 siserver=>'localhost',
974 modified=>'1',
975 };
976 my $hd_res = $main::job_db->add_dbentry($func_dic);
977 &main::daemon_log("$session_id INFO: add '$macaddress' to job queue as an installing job", 5);
979 } else {
980 my $entry= $mesg->entry(0);
981 my $dn= $entry->dn;
982 if (defined($entry->get_value("gotoHardwareChecksum"))) {
983 if (! $entry->get_value("gotoHardwareChecksum") eq $gotoHardwareChecksum) {
984 $entry->replace(gotoHardwareChecksum => $gotoHardwareChecksum);
985 if($entry->update($ldap_handle)) {
986 &main::daemon_log("$session_id INFO: Hardware changed! Detection triggered.", 5);
987 }
988 } else {
989 # Nothing to do
990 return;
991 }
992 }
993 }
995 # Assemble data package
996 my %data = ();
998 # Need to append GOto settings?
999 if (defined $goto_admin and defined $goto_secret){
1000 $data{'goto_admin'}= $goto_admin;
1001 $data{'goto_secret'}= $goto_secret;
1002 }
1004 # Send information
1005 return &build_msg("detect_hardware", $server_address, $address, \%data);
1006 }
1008 sub server_matches {
1009 my $target = shift;
1010 my $target_ip = ($1) if $target =~ /^([0-9\.]*?):.*$/;
1011 if(!defined($target_ip) or length($target_ip) == 0) {
1012 return;
1013 }
1015 my $result = 0;
1017 if($server_ip eq $target_ip) {
1018 $result= 1;
1019 } elsif ($target_ip eq "0.0.0.0") {
1020 $result= 1;
1021 } elsif ($server_ip eq "0.0.0.0") {
1022 if ($target_ip eq "127.0.0.1") {
1023 $result= 1;
1024 } else {
1025 my $PROC_NET_ROUTE= ('/proc/net/route');
1027 open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
1028 or die "Could not open $PROC_NET_ROUTE";
1030 my @ifs = <PROC_NET_ROUTE>;
1032 close(PROC_NET_ROUTE);
1034 # Eat header line
1035 shift @ifs;
1036 chomp @ifs;
1037 foreach my $line(@ifs) {
1038 my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line);
1039 my $destination;
1040 my $mask;
1041 my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination);
1042 $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
1043 ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask);
1044 $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d));
1045 if(new NetAddr::IP($target_ip)->within(new NetAddr::IP($destination, $mask))) {
1046 # destination matches route, save mac and exit
1047 $result= 1;
1048 last;
1049 }
1050 }
1051 }
1052 } else {
1053 &main::daemon_log("Target ip $target_ip does not match Server ip $server_ip",1);
1054 }
1056 return $result;
1057 }
1059 # vim:ts=4:shiftwidth:expandtab
1060 1;