diff --git a/gosa-si/gosa-si-client b/gosa-si/gosa-si-client
index 9b0374de264db0b450c8f716dd700f741b50a421..c3608750a3458e474bd86618ef628b7a7bdce57b 100755 (executable)
--- a/gosa-si/gosa-si-client
+++ b/gosa-si/gosa-si-client
use POSIX;
use Time::HiRes qw( gettimeofday );
-use POE qw(Component::Server::TCP);
+use POE qw(Component::Server::TCP Wheel::FollowTail Wheel::Run);
use IO::Socket::INET;
use NetAddr::IP;
use Data::Dumper;
use Digest::MD5 qw(md5_hex md5 md5_base64);
use MIME::Base64;
use XML::Simple;
-use Net::DNS;
use File::Basename;
+use File::Spec;
+# Workaround: need pure perl to make it work with UTF-8 :-(
+$XML::Simple::PREFERRED_PARSER= "XML::SAX::PurePerl";
+
+my $client_version = '$HeadURL$:$Rev$';
+my $client_headURL;
+my $client_revision;
+my $client_status;
my $event_dir = "/usr/lib/gosa-si/client/events";
use lib "/usr/lib/gosa-si/client/events";
-my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $opts_file, $procid, $pid, $log_file, $fai_logpath);
-my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain, $server_key_lifetime);
-my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
+my (%cfg_defaults, $foreground, $verbose, $pid_file, $procid, $pid, $log_file, $fai_logpath);
+my ($server_ip, $server_port, $server_timeout, $server_domain, $server_key_lifetime);
+my ($client_port, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
my $xml;
-my $default_server_key;
my $event_hash;
+my $default_server_key;
my @servers;
my $gotoHardwareChecksum;
+my $gosa_si_client_fifo;
+my %files_to_watch;
$verbose= 1;
# globalise variables which are used in imported events
+our $global_kernel;
our $cfg_file;
+our $opts_file;
our $server_address;
our $client_address;
+our $client_ip;
+our $client_mac_address;
+our $client_dnsname;
+our $client_force_hostname;
our $server_key;
# default variables
our $REGISTERED = 0;
+# path to fifo for non-gosa-si-client messages to gosa-si-server
+$gosa_si_client_fifo = "/var/run/gosa-si-client.socket";
+%files_to_watch = (fifo => $gosa_si_client_fifo);
+
# in function register_at_gosa_si_server, after which period of seconds a new registration should be tried if a registration was
# not successful until now
-my $delay_set_time = 5;
+my $delay_set_time = 10;
our $prg= basename($0);
+# all x seconds the client reports logged_in users to gosa-si-server
+my $trigger_logged_in_users_report_delay = 600;
+
+# directory where all log files from installation are stored
+my $fai_log_dir = "/tmp/fai";
+
%cfg_defaults = (
"general" =>
{"log-file" => [\$log_file, "/var/run/".$prg.".log"],
{"port" => [\$client_port, "20083"],
"ip" => [\$client_ip, "0.0.0.0"],
"mac-address" => [\$client_mac_address, "00:00:00:00:00:00"],
- "server-domain" => [\$server_domain, ""],
+ "server-domain" => [\$server_domain, ""],
"ldap" => [\$ldap_enabled, 1],
"ldap-config" => [\$ldap_config, "/etc/ldap/ldap.conf"],
"pam-config" => [\$pam_config, "/etc/pam_ldap.conf"],
- "nss-config" => [\$nss_config, "/etc/libnss_ldap.conf"],
- "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"],
+ "nss-config" => [\$nss_config, "/etc/libnss-ldap.conf"],
+ "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"],
+ "force-hostname" => [\$client_force_hostname, "false"],
},
"server" => {
"ip" => [\$server_ip, "127.0.0.1"],
sub read_configfile {
my ($cfg_file, %cfg_defaults) = @_ ;
my $cfg;
- if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
+ if( defined( $cfg_file) && ( (-s $cfg_file) > 0 )) {
if( -r $cfg_file ) {
$cfg = Config::IniFiles->new( -file => $cfg_file );
} else {
foreach my $section (keys %cfg_defaults) {
foreach my $param (keys %{$cfg_defaults{ $section }}) {
my $pinfo = $cfg_defaults{ $section }{ $param };
- ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
+ ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] );
}
}
}
}
+sub sig_int_handler {
+ my ($signal) = @_;
+
+ daemon_log("shutting down gosa-si-client", 1);
+ system("kill `ps -C gosa-si-client -o pid=`");
+}
+$SIG{INT} = \&sig_int_handler;
+
+
#=== FUNCTION ================================================================
# NAME: logging
# PARAMETERS: level - string - default 'info'
# DESCRIPTION:
#===============================================================================
sub daemon_log {
- # log into log_file
+# log into log_file
my( $msg, $level ) = @_;
if(not defined $msg) { return }
if(not defined $level) { $level = 1 }
if(defined $log_file){
open(LOG_HANDLE, ">>$log_file");
+ chmod 0600, $log_file;
if(not defined open( LOG_HANDLE, ">>$log_file" )) {
print STDERR "cannot open $log_file: $!";
- return }
- chomp($msg);
- if($level <= $verbose){
- my ($seconds, $minutes, $hours, $monthday, $month,
- $year, $weekday, $yearday, $sommertime) = localtime(time);
- $hours = $hours < 10 ? $hours = "0".$hours : $hours;
- $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
- $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
- my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
- $month = $monthnames[$month];
- $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
- $year+=1900;
-
- my $log_msg = "$month $monthday $hours:$minutes:$seconds $prg $msg\n";
- print LOG_HANDLE $log_msg;
- if( $foreground ) {
- print STDERR $log_msg;
- }
+ return
+ }
+ chomp($msg);
+ if($level <= $verbose){
+ my ($seconds, $minutes, $hours, $monthday, $month,
+ $year, $weekday, $yearday, $sommertime) = localtime(time);
+ $hours = $hours < 10 ? $hours = "0".$hours : $hours;
+ $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes;
+ $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds;
+ my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
+ $month = $monthnames[$month];
+ $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday;
+ $year+=1900;
+
+ my $log_msg = "$month $monthday $hours:$minutes:$seconds $prg $msg\n";
+ print LOG_HANDLE $log_msg;
+ if( $foreground ) {
+ print STDERR $log_msg;
}
+ }
close( LOG_HANDLE );
}
-#log into syslog
-# my ($msg, $level, $facility) = @_;
-# if(not defined $msg) {return}
-# if(not defined $level) {$level = "info"}
-# if(not defined $facility) {$facility = "LOG_DAEMON"}
-# openlog($0, "pid,cons,", $facility);
-# syslog($level, $msg);
-# closelog;
-# return;
}
-#=== FUNCTION ================================================================
-# NAME: get_interfaces
-# PARAMETERS: none
-# RETURNS: (list of interfaces)
-# DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
-#===============================================================================
-sub get_interfaces {
- my @result;
- my $PROC_NET_DEV= ('/proc/net/dev');
-
- open(PROC_NET_DEV, "<$PROC_NET_DEV")
- or die "Could not open $PROC_NET_DEV";
-
- my @ifs = <PROC_NET_DEV>;
-
- close(PROC_NET_DEV);
-
- # Eat first two line
- shift @ifs;
- shift @ifs;
-
- chomp @ifs;
- foreach my $line(@ifs) {
- my $if= (split /:/, $line)[0];
- $if =~ s/^\s+//;
- push @result, $if;
- }
-
- return @result;
-}
-
#=== FUNCTION ================================================================
# NAME: get_mac
# PARAMETERS: interface name (i.e. eth0)
}
-#=== FUNCTION ================================================================
-# NAME: get_interface_for_ip
-# PARAMETERS: ip address (i.e. 192.168.0.1)
-# RETURNS: array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else
-# DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces.
-#===============================================================================
-sub get_interface_for_ip {
- my $result;
- my $ip= shift;
- if ($ip && length($ip) > 0) {
- my @ifs= &get_interfaces();
- if($ip eq "0.0.0.0") {
- $result = "all";
- } else {
- foreach (@ifs) {
- my $if=$_;
- if(get_ip($if) eq $ip) {
- $result = $if;
- last;
- }
- }
- }
- }
- return $result;
-}
-
-
-#=== FUNCTION ================================================================
-# NAME: get_ip
-# PARAMETERS: interface name (i.e. eth0)
-# RETURNS: (ip address)
-# DESCRIPTION: Uses ioctl to get ip address directly from system.
-#===============================================================================
-sub get_ip {
- my $ifreq= shift;
- my $result= "";
- my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list
- my $proto= getprotobyname('ip');
-
- socket SOCKET, PF_INET, SOCK_DGRAM, $proto
- or die "socket: $!";
-
- if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) {
- my ($if, $sin) = unpack 'a16 a16', $ifreq;
- my ($port, $addr) = sockaddr_in $sin;
- my $ip = inet_ntoa $addr;
-
- if ($ip && length($ip) > 0) {
- $result = $ip;
- }
- }
-
- return $result;
-}
-
#=== FUNCTION ================================================================
# NAME: get_local_mac_for_remote_ip
my $result="0.0.0.0";
if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) {
- if($server_ip eq "127.0.0.1") {
- $result="127.0.0.1";
- } else {
+ # client should always have a 'valid' ip-address, which is available from other hosts too,
+ # 127.0.0.1 says nothing to foreign host
+ #if($server_ip eq "127.0.0.1") {
+ # $result="127.0.0.1";
+ #} else {
my $PROC_NET_ROUTE= ('/proc/net/route');
open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
last;
}
}
- }
+ #}
} else {
daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $server_ip", 1);
}
return $result;
}
-sub new_ldap_config {
- my ($msg_hash) = @_ ;
- my $element;
- my @ldap_uris;
- my $ldap_base;
- my @ldap_options;
- my @pam_options;
- my @nss_options;
- my $goto_admin;
- my $goto_secret;
- my $admin_base= "";
- my $department= "";
- my $release= "";
- my $unit_tag;
-
- # Transform input into array
- while ( my ($key, $value) = each(%$msg_hash) ) {
- if ($key =~ /^(source|target|header)$/) {
- next;
- }
-
- foreach $element (@$value) {
- if ($key =~ /^ldap_uri$/) {
- push (@ldap_uris, $element);
- next;
- }
- if ($key =~ /^ldap_base$/) {
- $ldap_base= $element;
- next;
- }
- if ($key =~ /^goto_admin$/) {
- $goto_admin= $element;
- next;
- }
- if ($key =~ /^goto_secret$/) {
- $goto_secret= $element;
- next;
- }
- if ($key =~ /^ldap_cfg$/) {
- push (@ldap_options, "$element");
- next;
- }
- if ($key =~ /^pam_cfg$/) {
- push (@pam_options, "$element");
- next;
- }
- if ($key =~ /^nss_cfg$/) {
- push (@nss_options, "$element");
- next;
- }
- if ($key =~ /^admin_base$/) {
- $admin_base= $element;
- next;
- }
- if ($key =~ /^department$/) {
- $department= $element;
- next;
- }
- if ($key =~ /^unit_tag$/) {
- $unit_tag= $element;
- next;
- }
- if ($key =~ /^release$/) {
- $release= $element;
- next;
- }
- }
- }
-
- # Unit tagging enabled?
- if (defined $unit_tag){
- push (@pam_options, "pam_filter gosaUnitTag=$unit_tag");
- push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag");
- push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag");
- }
-
- # Setup ldap.conf
- my $file1;
- my $file2;
- open(file1, "> $ldap_config");
- print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
- print file1 "URI";
- foreach $element (@ldap_uris) {
- print file1 " $element";
- }
- print file1 "\nBASE $ldap_base\n";
- foreach $element (@ldap_options) {
- print file1 "$element\n";
- }
- close (file1);
- daemon_log("wrote $ldap_config", 5);
-
- # Setup pam_ldap.conf / libnss_ldap.conf
- open(file1, "> $pam_config");
- open(file2, "> $nss_config");
- print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
- print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n";
- print file1 "uri";
- print file2 "uri";
- foreach $element (@ldap_uris) {
- print file1 " $element";
- print file2 " $element";
- }
- print file1 "\nbase $ldap_base\n";
- print file2 "\nbase $ldap_base\n";
- foreach $element (@pam_options) {
- print file1 "$element\n";
- }
- foreach $element (@nss_options) {
- print file2 "$element\n";
- }
- close (file2);
- daemon_log("wrote $nss_config", 5);
- close (file1);
- daemon_log("wrote $pam_config", 5);
-
- # Create goto.secrets if told so - for compatibility reasons
- if (defined $goto_admin){
- open(file1, "> /etc/goto/secret");
- close(file1);
- chown(0,0, "/etc/goto/secret");
- chmod(0600, "/etc/goto/secret");
- open(file1, "> /etc/goto/secret");
- print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n";
- close(file1);
- daemon_log("wrote /etc/goto/secret", 5);
- }
-
-
-
- # Write shell based config
- my $cfg_name= dirname($ldap_config)."/ldap-shell.conf";
- open(file1, "> $cfg_name");
- print file1 "LDAP_BASE=\"$ldap_base\"\n";
- print file1 "ADMIN_BASE=\"$admin_base\"\n";
- print file1 "DEPARTMENT=\"$department\"\n";
- print file1 "RELEASE=\"$release\"\n";
- print file1 "UNIT_TAG=\"".(defined $unit_tag ? "$unit_tag" : "")."\"\n";
- print file1 "UNIT_TAG_FILTER=\"".(defined $unit_tag ? "(gosaUnitTag=$unit_tag)" : "")."\"\n";
- close(file1);
- daemon_log("wrote $cfg_name", 5);
-
- return;
-
-}
-
sub generate_hw_digest {
my $hw_data;
}
-sub create_passwd {
- my $new_passwd = "";
- for(my $i=0; $i<31; $i++) {
- $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))]
- }
-
- return $new_passwd;
+sub create_ciphering {
+ my ($passwd) = @_;
+ if((!defined($passwd)) || length($passwd)==0) {
+ $passwd = "";
+ }
+ $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
+ my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
+ my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
+ $my_cipher->set_iv($iv);
+ return $my_cipher;
}
-sub get_server_addresses {
- my $domain= shift;
- my @result;
-
- my $error = 0;
- my $res = Net::DNS::Resolver->new;
- my $query = $res->send("_gosad._tcp.".$domain, "SRV");
- my @hits;
-
- if ($query) {
- foreach my $rr ($query->answer) {
- push(@hits, $rr->target.":".$rr->port);
- }
- }
- else {
- #warn "query failed: ", $res->errorstring, "\n";
- $error++;
+sub encrypt_msg {
+ my ($msg, $key) = @_;
+ my $my_cipher = &create_ciphering($key);
+ my $len;
+ {
+ use bytes;
+ $len= 16-length($msg)%16;
}
+ $msg = "\0"x($len).$msg;
+ $msg = $my_cipher->encrypt($msg);
+ chomp($msg = &encode_base64($msg));
+ # there are no newlines allowed inside msg
+ $msg=~ s/\n//g;
+ return $msg;
+}
- if( $error == 0 ) {
- foreach my $hit (@hits) {
- my ($hit_name, $hit_port) = split(/:/, $hit);
- my $address_query = $res->send($hit_name);
- if( 1 == length($address_query->answer) ) {
- foreach my $rr ($address_query->answer) {
- push(@result, $rr->address.":".$hit_port);
- }
- }
- }
- }
+sub decrypt_msg {
-# my $dig_cmd= 'dig +nocomments srv _gosad._tcp.'.$domain;
-#
-# my $output= `$dig_cmd 2>&1`;
-# open (PIPE, "$dig_cmd 2>&1 |");
-# while(<PIPE>) {
-# chomp $_;
-# # If it's not a comment
-# if($_ =~ m/^[^;]/) {
-# my @matches= split /\s+/;
-#
-# # Push hostname with port
-# if($matches[3] eq 'SRV') {
-# push @result, $matches[7].':'.$matches[6];
-# } elsif ($matches[3] eq 'A') {
-# my $i=0;
-#
-# # Substitute the hostname with the ip address of the matching A record
-# foreach my $host (@result) {
-# if ((split /\:/, $host)[0] eq $matches[0]) {
-# $result[$i]= $matches[4].':'.(split /\:/, $host)[1];
-# }
-# $i++;
-# }
-# }
-# }
-# }
-# close(PIPE);
- return @result;
+ my ($msg, $key) = @_ ;
+ $msg = &decode_base64($msg);
+ my $my_cipher = &create_ciphering($key);
+ $msg = $my_cipher->decrypt($msg);
+ $msg =~ s/\0*//g;
+ return $msg;
}
-##=== FUNCTION ================================================================
-## NAME: create_ciphering
-## PARAMETERS: passwd - string - used to create ciphering
-## RETURNS: cipher - object
-## DESCRIPTION: creates a Crypt::Rijndael::MODE_CBC object with passwd as key
-##===============================================================================
-#sub create_ciphering {
-# my ($passwd) = @_;
-# $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
-# my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
-#
-# #daemon_log("iv: $iv", 7);
-# #daemon_log("key: $passwd", 7);
-# my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
-# $my_cipher->set_iv($iv);
-# return $my_cipher;
-#}
-#
-#
-#sub create_ciphering {
-# my ($passwd) = @_;
-# $passwd = substr(md5_hex("$passwd") x 32, 0, 32);
-# my $iv = substr(md5_hex('GONICUS GmbH'),0, 16);
-# my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC());
-# $my_cipher->set_iv($iv);
-# return $my_cipher;
-#}
-#
-#
-#sub encrypt_msg {
-# my ($msg, $key) = @_;
-# my $my_cipher = &create_ciphering($key);
-# {
-# use bytes;
-# $msg = "\0"x(16-length($msg)%16).$msg;
-# }
-# $msg = $my_cipher->encrypt($msg);
-# chomp($msg = &encode_base64($msg));
-# # there are no newlines allowed inside msg
-# $msg=~ s/\n//g;
-# return $msg;
-#}
-#
-#
-#sub decrypt_msg {
-# my ($msg, $key) = @_ ;
-# $msg = &decode_base64($msg);
-# my $my_cipher = &create_ciphering($key);
-# $msg = $my_cipher->decrypt($msg);
-# $msg =~ s/\0*//g;
-# return $msg;
-#}
-
-
#=== FUNCTION ================================================================
# NAME: send_msg_hash_to_target
# PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash
my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
my $error = 0;
- if( $msg_header ) {
- $msg_header = "'$msg_header'-";
- }
- else {
- $msg_header = "";
- }
+ if( $msg_header ) { $msg_header = "'$msg_header'-"; }
+ else { $msg_header = ""; }
# encrypt xml msg
my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
# opensocket
my $socket = &open_socket($address);
if( !$socket ) {
- daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1);
+ daemon_log("ERROR: cannot send ".$msg_header."msg to $address , host not reachable", 1);
+ if ($REGISTERED == 1) {
+ $REGISTERED = 0; # if server is not available, cause reregistering
+ daemon_log("INFO: cause reregistering at gosa-si-server", 5);
+ $global_kernel->yield('register_at_gosa_si_server');
+
+ }
$error++;
}
+ # send xml msg
if( $error == 0 ) {
- # send xml msg
print $socket $crypted_msg."\n";
-
- daemon_log("send ".$msg_header."msg to $address", 1);
- daemon_log("message:\n$msg", 8);
-
+ daemon_log("INFO: send ".$msg_header."msg to $address", 5);
+ daemon_log("DEBUG: message:\n$msg", 9);
}
# close socket in any case
chomp($string);
- open(FILE, ">> $file");
- print FILE $string."\n";
- close(FILE);
+ if (open(FILE, ">> $file")){
+ print FILE $string."\n";
+ close(FILE);
+ }
}
return;
if(not defined $socket) {
return;
}
- &daemon_log("open_socket: $PeerAddr", 7);
+ &daemon_log("DEBUG: open_socket: $PeerAddr", 7);
return $socket;
}
# DESCRIPTION:
#===============================================================================
sub register_at_gosa_si_server {
- my ($kernel) = $_[KERNEL];
- my $try_to_register = 0;
+ my ($kernel) = $_[KERNEL];
+ my $try_to_register = 0;
+
+ # if client is already registered, stop registration process
+ if ($REGISTERED) {
+ $kernel->delay('register_at_gosa_si_server');
+
+ # client is not registered, start registration process
+ } else {
+ # clear all other triggered events and wait till registration was successful
+ $kernel->delay('trigger_new_key');
- if( not $REGISTERED ) {
- # create new passwd and ciphering object for client-server communication
- $server_key = &create_passwd();
+ # create new passwd and ciphering object for client-server communication
+ $server_key = &create_passwd();
- my $events = join( ", ", keys %{$event_hash} );
- while(1) {
+ my $events = join( ",", keys %{$event_hash} );
+ while(1) {
+ $try_to_register++;
- if( $try_to_register >= @servers ) {
- last;
- }
+ # after one complete round through all server, stop trying to register
+ if( $try_to_register > @servers ) { last; }
# fetch first gosa-si-server from @servers
- my $server = shift(@servers);
-
# append shifted gosa-si-server at the end of @servers, so looking for servers never stop if
# a registration never occured
+ my $server = shift(@servers);
push( @servers, $server );
-
- # Check if our ip is resolvable - if not: don't try to register
- my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
- my $resolver= Net::DNS::Resolver->new;
- my $dnsresult= $resolver->search($ip);
- my $dnsname="";
- if(!defined($dnsresult)) {
- &write_to_file("goto-error-dns:$ip", $fai_logpath);
- exit(1);
+
+ # Check if our ip is resolvable - if not: don't try to register
+ if(!(defined($server) && $server =~ m/^[0-9\.]*?:.*$/)) {
+ &main::daemon_log("ERROR: Server with address '".defined($server)?$server:""."' is invalid!", 1);
+ if (length(@servers) == 1) {
+ &main::daemon_log("ERROR: No valid servers found!", 1);
+ exit(1);
+ }
+ }
+
+ # Check if our ip is resolvable - if not: don't try to register
+ my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
+ my $dnsname= gethostbyaddr(inet_aton($ip), AF_INET);
+ if(!defined($dnsname)) {
+ if( defined($client_force_hostname) && $client_force_hostname eq "true") {
+ $dnsname = `hostname`;
} else {
- $dnsname=$dnsresult->{answer}[0]->{ptrdname};
+ &write_to_file("goto-error-dns:$ip", $fai_logpath);
+ exit(1);
}
+ }
- # create registration msg
- my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
- my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
- my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server);
- &add_content2xml_hash($register_hash, "new_passwd", $server_key);
+ # create registration msg
+ my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
+ my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
+ my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server);
+ &add_content2xml_hash($register_hash, "new_passwd", $server_key);
&add_content2xml_hash($register_hash, "mac_address", $local_mac);
- &add_content2xml_hash($register_hash, "events", $events);
- &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum);
-
- # send xml hash to server with general server passwd
- my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key);
- if($res == 0) {
- # reset try_to_register
- $try_to_register = 0;
-
- # Set fixed client address
+ &add_content2xml_hash($register_hash, "events", $events);
+ &add_content2xml_hash($register_hash, "client_status", $client_status);
+ &add_content2xml_hash($register_hash, "client_revision", $client_revision);
+ &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum);
+ &add_content2xml_hash($register_hash, "key_lifetime", $server_key_lifetime);
+
+ # Add $HOSTNAME from ENV if force-hostname is set
+ if( defined($client_force_hostname) && $client_force_hostname eq "true") {
+ if(defined($ENV{HOSTNAME}) && length($ENV{HOSTNAME}) >0 ) {
+ &add_content2xml_hash($register_hash, "force-hostname", $ENV{HOSTNAME});
+ } else {
+ &main::daemon_log("force-hostname was set to true, but no \$HOSTNAME was found in Environment!",0);
+ }
+ }
+
+ # send xml hash to server with general server passwd
+ my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key);
+
+ # if delivery of registration msg succeed
+ if($res eq "0") {
+ # reset try_to_register
+ $try_to_register = 0;
+
+ # Set fixed client address and mac address
$client_ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/));
$client_address= "$client_ip:$client_port";
+ $client_mac_address = $local_mac;
+ $client_dnsname = $dnsname;
+ last;
- # Write the MAC address to file
- if(stat($opts_file)) {
- unlink($opts_file);
- }
- my $opts_file_FH;
- my $hostname= $dnsname;
- $hostname =~ s/\..*$//;
- open($opts_file_FH, ">$opts_file");
- print $opts_file_FH "MAC=\"$local_mac\"\n";
- print $opts_file_FH "IPADDRESS=\"$client_ip\"\n";
- print $opts_file_FH "HOSTNAME=\"$hostname\"\n";
- print $opts_file_FH "FQDN=\"$dnsname\"\n";
- close($opts_file_FH);
- last;
+ # delivery of registration msg failed
} else {
- $try_to_register++;
- # wait 1 sec until trying to register again
- sleep(1);
+ # wait 1 sec until trying to register again
+ sleep(1);
next;
}
- }
- if( $try_to_register >= @servers ) {
- &write_to_file("gosa-si-no-server-available", $fai_logpath);
- $kernel->delay_set('register_at_gosa_si_server', $delay_set_time);
- }
- else {
- daemon_log("waiting for msg 'register_at_gosa_si_server'",1);
- $kernel->delay_set('register_at_gosa_si_server', $delay_set_time);
- # clear old settings and set it again
- $kernel->delay_set('trigger_new_key', $server_key_lifetime);
- }
- }
- return;
+ } # end of while
+ # one circle through all servers finished and no registration succeed
+ if ( $try_to_register >= @servers ) {
+ &write_to_file("gosa-si-no-server-available", $fai_logpath);
+ $kernel->delay_set('register_at_gosa_si_server', $delay_set_time);
+
+ # delivery of registraion msg succeed, waiting for server response
+ } else {
+ daemon_log("INFO: waiting for msg 'register_at_gosa_si_server'",5);
+ $kernel->delay_set('register_at_gosa_si_server', $delay_set_time);
+ # clear old settings and set it again
+ $kernel->delay('trigger_new_key');
+ $kernel->delay_set('trigger_new_key', $server_key_lifetime);
+ }
+
+ }
+ return;
}
sub check_key_and_xml_validity {
my ($crypted_msg, $module_key) = @_;
-#print STDERR "crypted_msg:$crypted_msg\n";
-#print STDERR "modul_key:$module_key\n";
my $msg;
my $msg_hash;
eval{
$msg = &decrypt_msg($crypted_msg, $module_key);
- &main::daemon_log("decrypted_msg: \n$msg", 8);
+ &main::daemon_log("decrypted_msg: \n$msg", 9);
$msg_hash = $xml->XMLin($msg, ForceArray=>1);
}
-sub import_events {
+sub trigger_new_key {
+ my ($kernel) = $_[KERNEL] ;
+
+ my $msg = "<xml><header>new_key</header><source>$client_address</source><target>$client_address</target></xml>";
+ &send_msg_to_target($msg, $client_address, $server_key, 'new_key');
+
+ $kernel->delay_set('trigger_new_key', $server_key_lifetime);
+}
+
+
+sub trigger_logged_in_users_report {
+ my ($kernel) = $_[KERNEL] ;
- if (not -e $event_dir) {
- daemon_log("ERROR: cannot find directory or directory is not readable: $event_dir", 1);
+ # just do if client is registered already
+ if( $REGISTERED ) {
+ my $result = qx(/usr/bin/users);
+ my @logged_in_user_list;
+ if( defined $result ) {
+ chomp($result);
+ @logged_in_user_list = split(/\s/, $result);
+ }
+
+ system("echo 'CURRENTLY_LOGGED_IN ".join(" ", @logged_in_user_list)."' > /var/run/gosa-si-client.socket");
+ $kernel->delay_set('trigger_logged_in_users_report', $trigger_logged_in_users_report_delay);
+ } else {
+ # try it in 10 sec again
+ $kernel->delay_set('trigger_logged_in_users_report', 10);
}
- opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n";
+}
- while (defined (my $event = readdir (DIR))) {
- if( $event eq "." || $event eq ".." ) { next; }
- eval{ require $event; };
- if( $@ ) {
- daemon_log("ERROR: import of event module '$event' failed", 1);
- daemon_log("$@", 8);
- next;
- }
+sub generic_file_error {
+ my ( $heap, $operation, $errno, $error_string, $wheel_id ) =
+ @_[ HEAP, ARG0, ARG1, ARG2, ARG3 ];
- $event =~ /(\S*?).pm$/;
- my $event_module = $1;
- my $events_l = eval( $1."::get_events()") ;
- foreach my $event_name (@{$events_l}) {
- $event_hash->{$event_name} = $event_module;
- }
+ my $service = $heap->{services}->{$wheel_id};
+ daemon_log("ERROR: '$service' watcher $operation error $errno: $error_string", 1);
+ daemon_log("ERROR: shutting down '$service' file watcher", 1);
+
+ delete $heap->{services}->{$wheel_id};
+ delete $heap->{watchers}->{$wheel_id};
+ return;
+}
+
+
+sub fifo_got_record {
+ my $file_record = $_[ARG0];
+ my $header;
+ my $content = "";
+ daemon_log("DEBUG: fifo got record: $file_record", 7);
+
+ $file_record =~ /^(\S+)[ ]?([\s\S]+)?$/;
+ if( defined $1 ) {
+ $header = $1;
+ } else {
+ return;
+ }
+ if( defined $2 ) {
+ $content = $2;
}
+
+ my $clmsg_hash = &create_xml_hash("CLMSG_$header", $client_address, $server_address, $content);
+ &add_content2xml_hash($clmsg_hash, "macaddress", $client_mac_address);
+ my $clmsg = &create_xml_string($clmsg_hash);
+ &send_msg_to_target($clmsg, $server_address, $server_key, "CLMSG_$header");
+
+ # if installation finished, save all log files
+ if ($file_record eq "TASKBEGIN finish") {
+ &save_fai_log($fai_log_dir);
+ }
+
+ return;
}
-sub trigger_new_key {
- my ($kernel) = $_[KERNEL] ;
- my $msg = "<xml><header>new_key</header><source>$client_address</source><target>$client_address</target></xml>";
- &send_msg_to_target($msg, $client_address, $server_key, 'new_key');
+sub save_fai_log {
+ my ($fai_log_dir) = @_ ;
+ my $FAI_DIR;
- $kernel->delay_set('trigger_new_key', $server_key_lifetime);
+ opendir($FAI_DIR, $fai_log_dir);
+ if (not defined $FAI_DIR) {
+ daemon_log("ERROR: can not open directory $fai_log_dir: $!", 1);
+ return;
+ }
+
+ my @log_files = readdir($FAI_DIR);
+ closedir($FAI_DIR);
+ my @log_list;
+
+ foreach my $log_file (@log_files) {
+ if( $log_file eq "." || $log_file eq ".." ) { next; }
+ my $log = "log_file:$log_file:";
+ $log_file = File::Spec->catfile( $fai_log_dir, $log_file );
+ open(my $FILE, "<$log_file");
+ if (not defined $FILE ) {
+ daemon_log("ERROR: can not open '$log_file': $!", 1);
+ next;
+ }
+ my @lines = <$FILE>;
+ my $log_string = join("", @lines);
+ $log .= &encode_base64($log_string);
+ push(@log_list, $log);
+ close ($FILE);
+ }
+
+ my $all_log_string = join("\n", @log_list);
+ my $msg_hash = &create_xml_hash("CLMSG_save_fai_log", $client_address, $server_address, $all_log_string);
+ &add_content2xml_hash($msg_hash, "macaddress", $client_mac_address);
+ my $msg = &create_xml_string($msg_hash);
+ &send_msg_to_target($msg, $server_address, $server_key, "CLMSG_save_fai_log");
}
+sub sig_handler {
+ my ($kernel, $signal) = @_[KERNEL, ARG0] ;
+ daemon_log("0 INFO got signal '$signal'", 1);
+ $kernel->sig_handled();
+ return;
+}
+
+
sub _start {
- my ($kernel) = $_[KERNEL];
+ my ($kernel, $heap) = @_[KERNEL, HEAP];
$kernel->alias_set('client_session');
+ $global_kernel = $kernel; # this is used to throw events at each point of the skript
+
+ $kernel->sig(USR1 => "sig_handler");
+
+ # force a registration at a gosa-si-server
$kernel->yield('register_at_gosa_si_server');
+
+ # install all file watcher defined
+ while( my($name, $file) = each %files_to_watch ) {
+ my $watcher = POE::Wheel::FollowTail->new(
+ Filename => $file,
+ InputEvent => $name."_record",
+ # ResetEvent => "file_reset",
+ ErrorEvent => "file_error",
+ );
+# $heap->{tail} = POE::Wheel::Run->new(
+# Program => [ "/usr/bin/tail", "-f", $file ],
+# StdoutEvent => $file_name."_record",
+# );
+ $heap->{services}->{ $watcher->ID } = $name;
+ $heap->{watchers}->{ $watcher->ID } = $watcher;
+ }
+ $kernel->yield('trigger_logged_in_users_report');
+}
+
+
+sub _default {
+ daemon_log("ERROR: can not handle incoming msg with header '$_[ARG0]'", 1);
+ return;
}
sub server_input {
my ($kernel, $heap, $input, $wheel) = @_[KERNEL, HEAP, ARG0, ARG1];
+ my $remote_ip = $heap->{'remote_ip'},
my $error = 0;
my $answer;
- daemon_log("Incoming msg:\n$input\n", 8);
+
+ daemon_log("INFO: Incoming msg from '$remote_ip'", 5);
+ daemon_log("DEBUG: Incoming msg:\n$input\n", 9);
my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $server_key);
if( (!$msg) || (!$msg_hash) ) {
- daemon_log("Deciphering of incoming msg failed", 5);
+ daemon_log("WARNING: Deciphering of incoming msg failed", 3);
+ if($server_address =~ /$remote_ip/) {
+ # got a msg from gosa-si-server which can not be decrypted, may the secrete not up-to-date
+ # cause a reregistering with a new secrete handshake
+ daemon_log("WARNING: Message from gosa-si-server could not be understood, cause reregistering at server", 3);
+
+ # if client is alread in a registration process, that means not registered, do nothing
+ # if not, cause re-registration
+ if (not $REGISTERED) {
+ &daemon_log("WARNING: gosa-si-client is already in a registration process so ignore this message", 3);
+ } else {
+ $REGISTERED = 0;
+ $kernel->post('client_session', 'register_at_gosa_si_server');
+ }
+ }
$error++;
}
my $source = @{$msg_hash->{source}}[0];
if( exists $event_hash->{$header} ) {
+
# a event exists with the header as name
- daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5);
+ daemon_log("INFO: found event '$header' at event-module '".$event_hash->{$header}."'", 5);
no strict 'refs';
$answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash);
}
else {
- daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 1);
+ daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 3);
}
}
$REGISTERED = 1;
}
else {
- &send_msg_to_target($answer, $server_address, $server_key);
+ $answer =~ /<header>(\S+)<\/header>/;
+ &send_msg_to_target($answer, $server_address, $server_key, $1);
}
# postprocessing
return;
}
+
#==== MAIN = main ==============================================================
# parse commandline options
Getopt::Long::Configure( "bundling" );
# forward error messages to logfile
if ( ! $foreground ) {
- open STDIN, '/dev/null' or die "Can’t read /dev/null: $!";
- open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!";
- open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!";
+ open( STDIN, '+>/dev/null' );
+ open( STDOUT, '+>&STDIN' );
+ open( STDERR, '+>&STDIN' );
}
# Just fork, if we are not in foreground mode
$pid = fork;
setsid or die "Can't start a new session: $!";
umask 0;
-}
-else {
+} else {
$pid = $$;
}
};
}
+# parse head url and revision from svn
+my $client_status_hash = { 'developmental'=>'revision', 'stable'=>'release'};
+$client_version =~ /^\$HeadURL: (\S+) \$:\$Rev: (\d+) \$$/;
+$client_headURL = defined $1 ? $1 : 'unknown' ;
+$client_revision = defined $2 ? $2 : 'unknown' ;
+if ($client_headURL =~ /\/tag\// ||
+ $client_headURL =~ /\/branches\// ) {
+ $client_status = "stable";
+} else {
+ $client_status = "developmental" ;
+}
+
daemon_log(" ", 1);
daemon_log("$prg started!", 1);
+daemon_log("INFO: status: $client_status", 1);
+daemon_log("INFO: ".$client_status_hash->{$client_status}.": $client_revision", 1);
# delete old DBsqlite lock files
system('rm -f /tmp/gosa_si_lock*gosa-si-client*');
$client_address = $client_ip.":".$client_port;
my $network_interface= &get_interface_for_ip($client_ip);
$client_mac_address= &get_mac($network_interface);
-daemon_log("gosa-si-client ip address detected: $client_ip", 1);
-daemon_log("gosa-si-client mac address detected: $client_mac_address", 1);
+daemon_log("INFO: ip address detected: $client_ip", 1);
+daemon_log("INFO: gosa-si-client mac address detected: $client_mac_address", 1);
# import events
-&import_events();
+my ($error, $result, $tmp_hash) = &import_events($event_dir);
+$event_hash = $tmp_hash;
+
+foreach my $log_line (@$result) {
+ if ($log_line =~ / succeed: /) {
+ &main::daemon_log("0 DEBUG: $log_line", 7);
+ } else {
+ &main::daemon_log("0 ERROR: $log_line", 1);
+ }
+}
# compute hardware checksum
$gotoHardwareChecksum= &generate_hw_digest();
-daemon_log("gosa-si-client gotoHardwareChecksum detected: $gotoHardwareChecksum", 1);
+daemon_log("INFO: gotoHardwareChecksum detected: $gotoHardwareChecksum", 1);
# create socket for incoming xml messages
Port => $client_port,
ClientInput => \&server_input,
);
-daemon_log("start socket for incoming xml messages at port '$client_port' ", 1);
+daemon_log("INFO: start socket for incoming xml messages at port '$client_port' ", 1);
# prepare variables
+if( inet_aton($server_ip) ){ $server_ip = inet_ntoa(inet_aton($server_ip)); }
if (defined $server_ip && defined $server_port) {
$server_address = $server_ip.":".$server_port;
}
# add gosa-si-server address from config file at first position of server list
-if (defined $server_address) {
- unshift(@servers, $server_address);
- my $servers_string = join(", ", @servers);
- daemon_log("found servers in configuration file: $servers_string", 5);
-}
-else {
- if ( !$server_domain) {
- daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
- exit( 1 );
- }
- my @tmp_servers = &get_server_addresses($server_domain);
+my $server_check_cfg = Config::IniFiles->new( -file => $cfg_file );
+my $server_check = (defined($server_check_cfg))?$server_check_cfg->val( "server", "ip"):undef;
+if( defined $server_check ) {
+ unshift(@servers, $server_address);
+ my $servers_string = join(", ", @servers);
+ daemon_log("INFO: found servers in configuration file: $servers_string", 5);
+} else {
+ my @tmp_servers;
+ if ( !$server_domain) {
+ # Try our DNS Searchlist
+ for my $domain(get_dns_domains()) {
+ chomp($domain);
+ my @tmp_domains= &get_server_addresses($domain);
+ if(@tmp_domains) {
+ for my $tmp_server(@tmp_domains) {
+ push @tmp_servers, $tmp_server;
+ }
+ }
+ }
+ if(@tmp_servers && length(@tmp_servers)==0) {
+ daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
+ kill 2, $$;
+ }
+ } else {
+ @tmp_servers = &get_server_addresses($server_domain);
+ if( 0 == @tmp_servers ) {
+ daemon_log("ERROR: no gosa-si-server found in DNS for domain '$server_domain'",1);
+ daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1);
+ kill 2, $$;
+ }
+ }
+
foreach my $server (@tmp_servers) {
unshift(@servers, $server);
}
my $servers_string = join(", ", @servers);
- daemon_log("found servers in DNS: $servers_string", 5);
+ daemon_log("INFO: found servers in DNS: $servers_string", 5);
}
+# open fifo for non-gosa-si-client-msgs to gosa-si-server
+POSIX::mkfifo("$gosa_si_client_fifo", "0600");
POE::Session->create(
inline_states => {
_start => \&_start,
+ _default => \&_default,
+ sig_handler => \&sig_handler,
register_at_gosa_si_server => \®ister_at_gosa_si_server,
+
+ # trigger periodical tasks
trigger_new_key => \&trigger_new_key,
+ trigger_logged_in_users_report => \&trigger_logged_in_users_report,
+
+ # handle records from each defined file differently
+ fifo_record => \&fifo_got_record,
+
+ # handle file resets and errors the same way for each file
+ file_reset => \&generic_file_reset,
+ file_error => \&generic_file_error,
}
);