X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-si%2Fgosa-si-client;h=52ad1818a61f2e2289b3d54eb629b06ec5e2e429;hb=086d7aa447b6ead55219fd7021a7a5490b490979;hp=69a5f7ffd9049791a2a1c31fe8e09ab5f077cfdb;hpb=5b1032e073b74baac4d255a8e45761c2d1cee82d;p=gosa.git diff --git a/gosa-si/gosa-si-client b/gosa-si/gosa-si-client index 69a5f7ffd..52ad1818a 100755 --- a/gosa-si/gosa-si-client +++ b/gosa-si/gosa-si-client @@ -20,56 +20,123 @@ use strict; use warnings; +use utf8; use Getopt::Long; use Config::IniFiles; use POSIX; use Time::HiRes qw( gettimeofday ); -use Fcntl; +use POE qw(Component::Server::TCP Wheel::FollowTail); use IO::Socket::INET; +use NetAddr::IP; +use Data::Dumper; use Crypt::Rijndael; +use GOSA::GosaSupportDaemon; +use Digest::MD5 qw(md5_hex md5 md5_base64); use MIME::Base64; -use Digest::MD5 qw(md5 md5_hex md5_base64); use XML::Simple; -use Data::Dumper; -use Sys::Syslog qw( :DEFAULT setlogsock); +use Net::DNS; +use File::Basename; use File::Spec; -use Cwd; -use NetAddr::IP; -use GOSA::GosaSupportDaemon; - -my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $procid, $pid, $log_file); -my ($server_address, $server_ip, $server_port, $server_domain, $server_passwd, $server_cipher, $server_timeout); -my ($client_address, $client_ip, $client_port, $client_mac_address, $network_interface, $ldap_config, $pam_config, $nss_config); -my ($input_socket, $rbits, $wbits, $ebits, $xml, $known_hosts, $ldap_enabled); -my (@events); +my $event_dir = "/usr/lib/gosa-si/client/events"; +use lib "/usr/lib/gosa-si/client/events"; + +my (%cfg_defaults, $foreground, $verbose, $pid_file, $procid, $pid, $log_file, $fai_logpath); +my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain, $server_key_lifetime); +my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config); +my $xml; +my $default_server_key; +my $event_hash; +my @servers; +my $gotoHardwareChecksum; +my $gosa_si_client_fifo; +my %files_to_watch; +$verbose= 1; + +# globalise variables which are used in imported events +our $cfg_file; +our $opts_file; +our $server_address; +our $client_address; +our $client_ip; +our $client_mac_address; +our $client_dnsname; +our $client_force_hostname; +our $server_key; # default variables -my $event_dir = "/usr/lib/gosa-si/client/events"; -$known_hosts = {}; -$foreground = 0 ; -%cfg_defaults = -("general" => - {"log_file" => [\$log_file, "/var/run/".$0.".log"], - "pid_file" => [\$pid_file, "/var/run/".$0.".pid"], +our $REGISTERED = 0; + +# path to fifo for non-gosa-si-client messages to gosa-si-server +$gosa_si_client_fifo = "/var/run/gosa-si-client.socket"; +%files_to_watch = (fifo => $gosa_si_client_fifo); + +# in function register_at_gosa_si_server, after which period of seconds a new registration should be tried if a registration was +# not successful until now +my $delay_set_time = 5; +our $prg= basename($0); + +# all x seconds the client reports logged_in users to gosa-si-server +my $trigger_logged_in_users_report_delay = 600; + +# directory where all log files from installation are stored +my $fai_log_dir = "/tmp/fai"; + +%cfg_defaults = ( +"general" => + {"log-file" => [\$log_file, "/var/run/".$prg.".log"], + "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"], + "opts-file" => [\$opts_file, "/var/run/".$prg.".opts"], }, "client" => - {"client_port" => [\$client_port, "20083"], - "client_ip" => [\$client_ip, "0.0.0.0"], - "ldap" => [\$ldap_enabled, 1], - "ldap_config" => [\$ldap_config, "/etc/ldap/ldap.conf"], - "pam_config" => [\$pam_config, "/etc/pam_ldap.conf"], - "nss_config" => [\$nss_config, "/etc/libnss_ldap.conf"], + {"port" => [\$client_port, "20083"], + "ip" => [\$client_ip, "0.0.0.0"], + "mac-address" => [\$client_mac_address, "00:00:00:00:00:00"], + "server-domain" => [\$server_domain, ""], + "ldap" => [\$ldap_enabled, 1], + "ldap-config" => [\$ldap_config, "/etc/ldap/ldap.conf"], + "pam-config" => [\$pam_config, "/etc/pam_ldap.conf"], + "nss-config" => [\$nss_config, "/etc/libnss_ldap.conf"], + "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"], + "force-hostname" => [\$client_force_hostname, "false"], }, -"server" => - {"server_ip" => [\$server_ip, ""], - "server_port" => [\$server_port, "20081"], - "server_passwd" => [\$server_passwd, ""], - "server_timeout" => [\$server_timeout, 10], - "server_domain" => [\$server_domain, ""], +"server" => { + "ip" => [\$server_ip, "127.0.0.1"], + "port" => [\$server_port, "20081"], + "key" => [\$server_key, ""], + "timeout" => [\$server_timeout, 10], + "key-lifetime" => [\$server_key_lifetime, 600], }, - ); + +); + + +#=== FUNCTIONS = functions ===================================================== + +#=== FUNCTION ================================================================ +# NAME: check_cmdline_param +# PARAMETERS: +# RETURNS: +# DESCRIPTION: +#=============================================================================== +sub check_cmdline_param () { + my $err_config; + my $err_counter = 0; + if(not defined($cfg_file)) { + $cfg_file = "/etc/gosa-si/client.conf"; + if(! -r $cfg_file) { + $err_config = "please specify a config file"; + $err_counter += 1; + } + } + if( $err_counter > 0 ) { + &usage( "", 1 ); + if( defined( $err_config)) { print STDERR "$err_config\n"} + print STDERR "\n"; + exit( -1 ); + } +} #=== FUNCTION ================================================================ @@ -79,6 +146,7 @@ $foreground = 0 ; # DESCRIPTION: #=============================================================================== sub read_configfile { + my ($cfg_file, %cfg_defaults) = @_ ; my $cfg; if( defined( $cfg_file) && ( length($cfg_file) > 0 )) { if( -r $cfg_file ) { @@ -98,67 +166,6 @@ sub read_configfile { } -#=== FUNCTION ================================================================ -# NAME: logging -# PARAMETERS: level - string - default 'info' -# msg - string - -# facility - string - default 'LOG_DAEMON' -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub daemon_log { - my( $msg, $level ) = @_; - if(not defined $msg) { return } - if(not defined $level) { $level = 1 } - if(defined $log_file){ - open(LOG_HANDLE, ">>$log_file"); - if(not defined open( LOG_HANDLE, ">>$log_file" )) { - print STDERR "cannot open $log_file: $!"; - return } - chomp($msg); - if($level <= $verbose){ - print LOG_HANDLE $msg."\n"; - if(defined $foreground) { print $msg."\n" } - } - } - close( LOG_HANDLE ); -# my ($msg, $level, $facility) = @_; -# if(not defined $msg) {return} -# if(not defined $level) {$level = "info"} -# if(not defined $facility) {$facility = "LOG_DAEMON"} -# openlog($0, "pid,cons,", $facility); -# syslog($level, $msg); -# closelog; -# return; -} - - -#=== FUNCTION ================================================================ -# NAME: check_cmdline_param -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub check_cmdline_param () { - my $err_config; - my $err_counter = 0; - if( not defined( $cfg_file)) { - #$err_config = "please specify a config file"; - #$err_counter += 1; - my $cwd = getcwd; - my $name = "/etc/gosa-si/client.conf"; - $cfg_file = File::Spec->catfile( $cwd, $name ); - print STDERR "no conf file specified\n try to use default: $cfg_file\n"; - } - if( $err_counter > 0 ) { - &usage( "", 1 ); - if( defined( $err_config)) { print STDERR "$err_config\n"} - print STDERR "\n"; - exit( -1 ); - } -} - - #=== FUNCTION ================================================================ # NAME: check_pid # PARAMETERS: @@ -207,32 +214,57 @@ sub check_pid { } } + +sub sig_int_handler { + my ($signal) = @_; + + daemon_log("shutting down gosa-si-server", 1); + exit(1); +} +$SIG{INT} = \&sig_int_handler; + + #=== FUNCTION ================================================================ -# NAME: get_interface_for_ip -# PARAMETERS: ip address (i.e. 192.168.0.1) -# RETURNS: array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else -# DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces. +# NAME: logging +# PARAMETERS: level - string - default 'info' +# msg - string - +# facility - string - default 'LOG_DAEMON' +# RETURNS: +# DESCRIPTION: #=============================================================================== -sub get_interface_for_ip { - my $result; - my $ip= shift; - if ($ip && length($ip) > 0) { - my @ifs= &get_interfaces(); - if($ip eq "0.0.0.0") { - $result = "all"; - } else { - foreach (@ifs) { - my $if=$_; - if(get_ip($if) eq $ip) { - $result = $if; - last; - } - } +sub daemon_log { + # log into log_file + my( $msg, $level ) = @_; + if(not defined $msg) { return } + if(not defined $level) { $level = 1 } + if(defined $log_file){ + open(LOG_HANDLE, ">>$log_file"); + if(not defined open( LOG_HANDLE, ">>$log_file" )) { + print STDERR "cannot open $log_file: $!"; + return } + chomp($msg); + if($level <= $verbose){ + my ($seconds, $minutes, $hours, $monthday, $month, + $year, $weekday, $yearday, $sommertime) = localtime(time); + $hours = $hours < 10 ? $hours = "0".$hours : $hours; + $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes; + $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds; + my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"); + $month = $monthnames[$month]; + $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday; + $year+=1900; + + my $log_msg = "$month $monthday $hours:$minutes:$seconds $prg $msg\n"; + print LOG_HANDLE $log_msg; + if( $foreground ) { + print STDERR $log_msg; } - } - return $result; + } + close( LOG_HANDLE ); + } } + #=== FUNCTION ================================================================ # NAME: get_interfaces # PARAMETERS: none @@ -240,28 +272,28 @@ sub get_interface_for_ip { # DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces. #=============================================================================== sub get_interfaces { - my @result; - my $PROC_NET_DEV= ('/proc/net/dev'); + my @result; + my $PROC_NET_DEV= ('/proc/net/dev'); - open(PROC_NET_DEV, "<$PROC_NET_DEV") - or die "Could not open $PROC_NET_DEV"; + open(PROC_NET_DEV, "<$PROC_NET_DEV") + or die "Could not open $PROC_NET_DEV"; - my @ifs = ; + my @ifs = ; - close(PROC_NET_DEV); + close(PROC_NET_DEV); - # Eat first two line - shift @ifs; - shift @ifs; + # Eat first two line + shift @ifs; + shift @ifs; - chomp @ifs; - foreach my $line(@ifs) { - my $if= (split /:/, $line)[0]; - $if =~ s/^\s+//; - push @result, $if; - } + chomp @ifs; + foreach my $line(@ifs) { + my $if= (split /:/, $line)[0]; + $if =~ s/^\s+//; + push @result, $if; + } - return @result; + return @result; } #=== FUNCTION ================================================================ @@ -271,40 +303,73 @@ sub get_interfaces { # DESCRIPTION: Uses ioctl to get mac address directly from system. #=============================================================================== sub get_mac { - my $ifreq= shift; - my $result; - if ($ifreq && length($ifreq) > 0) { - if($ifreq eq "all") { + my $ifreq= shift; + my $result; + if ($ifreq && length($ifreq) > 0) { + if($ifreq eq "all") { if(defined($server_ip)) { $result = &get_local_mac_for_remote_ip($server_ip); - } else { + } + elsif ($client_mac_address && length($client_mac_address) > 0 && !($client_mac_address eq "00:00:00:00:00:00")){ + $result = &client_mac_address; + } + else { $result = "00:00:00:00:00:00"; } - } else { - my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list - - # A configured MAC Address should always override a guessed value - if ($client_mac_address and length($client_mac_address) > 0) { - $result= $client_mac_address; - } - - socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip') - or die "socket: $!"; - - if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) { - my ($if, $mac)= unpack 'h36 H12', $ifreq; - - if (length($mac) > 0) { - $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/; - $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6); - $result = $mac; - } - } + } else { + my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list + + # A configured MAC Address should always override a guessed value + if ($client_mac_address and length($client_mac_address) > 0 and not($client_mac_address eq "00:00:00:00:00:00")) { + $result= $client_mac_address; + } + else { + socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip') + or die "socket: $!"; + + if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) { + my ($if, $mac)= unpack 'h36 H12', $ifreq; + + if (length($mac) > 0) { + $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/; + $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6); + $result = $mac; + } + } + } + } + } + return $result; +} + + +#=== FUNCTION ================================================================ +# NAME: get_interface_for_ip +# PARAMETERS: ip address (i.e. 192.168.0.1) +# RETURNS: array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else +# DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces. +#=============================================================================== +sub get_interface_for_ip { + my $result; + my $ip= shift; + if ($ip && length($ip) > 0) { + my @ifs= &get_interfaces(); + if($ip eq "0.0.0.0") { + $result = "all"; + } else { + foreach (@ifs) { + my $if=$_; + if(get_ip($if) eq $ip) { + $result = $if; + last; } + } } - return $result; + } + return $result; } + #=== FUNCTION ================================================================ # NAME: get_ip # PARAMETERS: interface name (i.e. eth0) @@ -312,27 +377,28 @@ sub get_mac { # DESCRIPTION: Uses ioctl to get ip address directly from system. #=============================================================================== sub get_ip { - my $ifreq= shift; - my $result= ""; - my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list + my $ifreq= shift; + my $result= ""; + my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list my $proto= getprotobyname('ip'); - socket SOCKET, PF_INET, SOCK_DGRAM, $proto - or die "socket: $!"; + socket SOCKET, PF_INET, SOCK_DGRAM, $proto + or die "socket: $!"; - if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) { - my ($if, $sin) = unpack 'a16 a16', $ifreq; - my ($port, $addr) = sockaddr_in $sin; - my $ip = inet_ntoa $addr; + if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) { + my ($if, $sin) = unpack 'a16 a16', $ifreq; + my ($port, $addr) = sockaddr_in $sin; + my $ip = inet_ntoa $addr; - if ($ip && length($ip) > 0) { - $result = $ip; - } + if ($ip && length($ip) > 0) { + $result = $ip; } + } - return $result; + return $result; } + #=== FUNCTION ================================================================ # NAME: get_local_mac_for_remote_ip # PARAMETERS: none (takes server_ip from global variable) @@ -341,906 +407,747 @@ sub get_ip { # matches (defaultroute last). #=============================================================================== sub get_local_mac_for_remote_ip { - my $ifreq= shift; - my $result= "00:00:00:00:00:00"; - my $PROC_NET_ROUTE= ('/proc/net/route'); - - open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE") - or die "Could not open $PROC_NET_ROUTE"; - - my @ifs = ; - - close(PROC_NET_ROUTE); - - # Eat header line - shift @ifs; - chomp @ifs; - foreach my $line(@ifs) { - my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line); - my $destination; - my $mask; - my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination); - $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); - ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask); - $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); - if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) { - # destination matches route, save mac and exit - $result= &get_mac($Iface); - last; + my $server_ip= shift; + my $result= "00:00:00:00:00:00"; + + if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) { + my $PROC_NET_ROUTE= ('/proc/net/route'); + + open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE") + or die "Could not open $PROC_NET_ROUTE"; + + my @ifs = ; + + close(PROC_NET_ROUTE); + + # Eat header line + shift @ifs; + chomp @ifs; + foreach my $line(@ifs) { + my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line); + my $destination; + my $mask; + my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination); + $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); + ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask); + $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); + if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) { + # destination matches route, save mac and exit + $result= &get_mac($Iface); + last; + } } + } else { + daemon_log("get_local_mac_for_remote_ip was called with a non-ip parameter: $server_ip", 1); } + return $result; +} - - return $result; +sub get_local_ip_for_remote_ip { + my $server_ip= shift; + my $result="0.0.0.0"; + + if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) { + if($server_ip eq "127.0.0.1") { + $result="127.0.0.1"; + } else { + my $PROC_NET_ROUTE= ('/proc/net/route'); + + open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE") + or die "Could not open $PROC_NET_ROUTE"; + + my @ifs = ; + + close(PROC_NET_ROUTE); + + # Eat header line + shift @ifs; + chomp @ifs; + foreach my $line(@ifs) { + my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line); + my $destination; + my $mask; + my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination); + $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); + ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask); + $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); + if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) { + # destination matches route, save mac and exit + $result= &get_ip($Iface); + last; + } + } + } + } else { + daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $server_ip", 1); + } + return $result; } -#=== FUNCTION ================================================================ -# NAME: usage -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub usage { - my( $text, $help ) = @_; - $text = undef if( "h" eq $text ); - (defined $text) && print STDERR "\n$text\n"; - if( (defined $help && $help) || (!defined $help && !defined $text) ) { - print STDERR << "EOF" ; -usage: $0 [-hvf] [-c config] - - -h : this (help) message - -c : config file - -f : foreground, process will not be forked to background - -v : be verbose (multiple to increase verbosity) -EOF - } - print "\n" ; + +sub generate_hw_digest { + my $hw_data; + foreach my $line (split /\n/, `cat /proc/bus/pci/devices`) { + $hw_data.= sprintf "%s", $line =~ /[^\s]+\s([^\s]+)\s.*/; + } + return(md5_base64($hw_data)); } -#=== FUNCTION ================================================================ -# NAME: get_server_addresses -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub get_server_addresses { - my $domain= shift; - my @result; - my $dig_cmd= 'dig +nocomments srv _gosad._tcp.'.$domain; - - my $output= `$dig_cmd 2>&1`; - open (PIPE, "$dig_cmd 2>&1 |"); - while() { - chomp $_; - # If it's not a comment - if($_ =~ m/^[^;]/) { - my @matches= split /\s+/; - - # Push hostname with port - if($matches[3] eq 'SRV') { - push @result, $matches[7].':'.$matches[6]; - } elsif ($matches[3] eq 'A') { - my $i=0; - - # Substitute the hostname with the ip address of the matching A record - foreach my $host (@result) { - if ((split /\:/, $host)[0] eq $matches[0]) { - $result[$i]= $matches[4].':'.(split /\:/, $host)[1]; - } - $i++; - } - } - } + +sub create_passwd { + my $new_passwd = ""; + for(my $i=0; $i<31; $i++) { + $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))] } - close(PIPE); - return @result; + + return $new_passwd; } -#=== FUNCTION ================================================================ -# NAME: register_at_server -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub register_at_server { - my ($tmp) = @_; +sub create_ciphering { + my ($passwd) = @_; + if((!defined($passwd)) || length($passwd)==0) { + $passwd = ""; + } + $passwd = substr(md5_hex("$passwd") x 32, 0, 32); + my $iv = substr(md5_hex('GONICUS GmbH'),0, 16); + my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC()); + $my_cipher->set_iv($iv); + return $my_cipher; +} - # create new passwd and ciphering object for client-server communication - my $new_server_passwd = &create_passwd(); - my $new_server_cipher; - - # detect all client accepted events - opendir(DIR, $event_dir) - or daemon_log("cannot find directory $event_dir!\ngosa-si-client starts without any accepting events!", 1); - my $file_name; - my @events_list = (); - while(defined($file_name = readdir(DIR))){ - if ($file_name eq "." || $file_name eq "..") { - next; - } - push(@events_list, $file_name); - } - my $events = join(",", @events_list); - daemon_log("found events: $events", 1); - - # fill in all possible servers - my @servers; - if (defined $server_domain) { - my @tmp_servers = &get_server_addresses($server_domain); - foreach my $server (@tmp_servers) { unshift(@servers, $server); } - } - # add server address from config file at first position of server list - if (defined $server_address) { - unshift(@servers, $server_address); - } - daemon_log("found servers in configuration file and via DNS:", 5); - foreach my $server (@servers) { - daemon_log("\t$server", 5); + +sub encrypt_msg { + my ($msg, $key) = @_; + my $my_cipher = &create_ciphering($key); + my $len; + { + use bytes; + $len= 16-length($msg)%16; } + $msg = "\0"x($len).$msg; + $msg = $my_cipher->encrypt($msg); + chomp($msg = &encode_base64($msg)); + # there are no newlines allowed inside msg + $msg=~ s/\n//g; + return $msg; +} + - my ($rout, $wout, $reg_server); - foreach my $server (@servers) { +sub decrypt_msg { - # create msg hash - my $register_hash = &create_xml_hash("here_i_am", $client_address, $server); - &add_content2xml_hash($register_hash, "new_passwd", $new_server_passwd); - &add_content2xml_hash($register_hash, "mac_address", $client_mac_address); - &add_content2xml_hash($register_hash, "events", $events); + my ($msg, $key) = @_ ; + $msg = &decode_base64($msg); + my $my_cipher = &create_ciphering($key); + $msg = $my_cipher->decrypt($msg); + $msg =~ s/\0*//g; + return $msg; +} - my $tmp = print Dumper $register_hash; - # send xml hash to server with general server passwd - my $answer = &send_msg_hash2address($register_hash, $server, $server_passwd); +sub get_server_addresses { + my $domain= shift; + my @result; - if ($answer != 0) { next; } - - # waiting for response - daemon_log("waiting for response...\n", 5); - my $nf = select($rout=$rbits, $wout=$wbits, undef, $server_timeout); - - # something is coming in - if(vec $rout, fileno $input_socket, 1) { - my $crypted_msg; - my $client = $input_socket->accept(); - my $other_end = getpeername($client); - if(not defined $other_end) { - daemon_log("client cannot be identified: $!\n"); - } else { - my ($port, $iaddr) = unpack_sockaddr_in($other_end); - my $actual_ip = inet_ntoa($iaddr); - daemon_log("\naccept client from $actual_ip\n", 5); - my $in_msg = &read_from_socket($client); - if(defined $in_msg){ - chomp($in_msg); - $crypted_msg = $in_msg; - } else { - daemon_log("cannot read from $actual_ip\n", 5); - } - } - close($client); - - # validate acknowledge msg from server - $new_server_cipher = &create_ciphering($new_server_passwd); - my $msg_hash; - eval { - my $decrypted_msg = &decrypt_msg($crypted_msg, $new_server_cipher); - daemon_log("decrypted register msg: $decrypted_msg", 5); - $msg_hash = $xml->XMLin($decrypted_msg, ForceArray=>1); - }; - if($@) { - daemon_log("ERROR: do not understand the incoming message:" , 5); - daemon_log("$@", 7); - } else { - my $header = @{$msg_hash->{header}}[0]; - if($header eq "registered") { - $reg_server = $server; - last; - } elsif($header eq "denied") { - my $reason = (&get_content_from_xml_hash($msg_hash, "denied"))[0]; - daemon_log("registration at $server denied: $reason", 1); - } else { - daemon_log("cannot register at $server", 1); - } - } + my $error = 0; + my $res = Net::DNS::Resolver->new; + my $query = $res->send("_gosa-si._tcp.".$domain, "SRV"); + my @hits; + + if ($query) { + foreach my $rr ($query->answer) { + push(@hits, $rr->target.":".$rr->port); } - # if no answer arrive, try next server in list - } - - if(defined $reg_server) { - daemon_log("registered at $reg_server", 1); - } else { - daemon_log("cannot register at any server", 1); - daemon_log("exiting!!!", 1); - exit(1); + else { + #warn "query failed: ", $res->errorstring, "\n"; + $error++; } - # update the global available variables - $server_address = $reg_server; - $server_passwd = $new_server_passwd; - $server_cipher = $new_server_cipher; - return; -} + if( $error == 0 ) { + foreach my $hit (@hits) { + my ($hit_name, $hit_port) = split(/:/, $hit); + chomp($hit_name); + chomp($hit_port); + my $address_query = $res->send($hit_name); + if( 1 == length($address_query->answer) ) { + foreach my $rr ($address_query->answer) { + push(@result, $rr->address.":".$hit_port); + } + } + } + } -#=== FUNCTION ================================================================ -# NAME: create_xml_hash -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -#sub create_xml_hash { -# my ($header, $source, $target, $header_value) = @_; -# my $hash = { -# header => [$header], -# source => [$source], -# target => [$target], -# $header => [$header_value], -# }; -# daemon_log("create_xml_hash:", 7), -# chomp(my $tmp = Dumper $hash); -# daemon_log("\t$tmp\n", 7); -# return $hash -#} + return @result; +} #=== FUNCTION ================================================================ -# NAME: create_xml_string -# PARAMETERS: -# RETURNS: -# DESCRIPTION: +# NAME: send_msg_hash_to_target +# PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash +# PeerAddr string - socket address to send msg +# PeerPort string - socket port, if not included in socket address +# RETURNS: nothing +# DESCRIPTION: ???? #=============================================================================== -#sub create_xml_string { -# my ($xml_hash) = @_ ; -# my $xml_string = $xml->XMLout($xml_hash, RootName => 'xml'); -# $xml_string =~ s/[\n]+//g; -# daemon_log("create_xml_string:\n\t$xml_string\n", 7); -# return $xml_string; -#} - +sub send_msg_hash_to_target { + my ($msg_hash, $address, $encrypt_key) = @_ ; + my $msg = &create_xml_string($msg_hash); + my $header = @{$msg_hash->{'header'}}[0]; + my $error = &send_msg_to_target($msg, $address, $encrypt_key, $header); + + return $error; +} -#=== FUNCTION ================================================================ -# NAME: add_content2xml_hash -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -#sub add_content2xml_hash { -# my ($xml_ref, $element, $content) = @_; -# if(not exists $$xml_ref{$element} ) { -# $$xml_ref{$element} = []; -# } -# my $tmp = $$xml_ref{$element}; -# push(@$tmp, $content); -# return; -#} +sub send_msg_to_target { + my ($msg, $address, $encrypt_key, $msg_header) = @_ ; + my $error = 0; -#=== FUNCTION ================================================================ -# NAME: get_content_from_xml_hash -# PARAMETERS: ref : reference to the xml hash -# string: key of the value you want -# RETURNS: STRING AND ARRAY -# DESCRIPTION: if key of the hash is either 'header', 'target' or 'source' the -# function returns a string cause it is expected that these keys -# do just have one value, all other keys returns an array!!! -#=============================================================================== -#sub get_content_from_xml_hash { -# my ($xml_ref, $element) = @_; -# my $result = $xml_ref->{$element}; -# if( $element eq "header" || $element eq "target" || $element eq "source") { -# return @$result[0]; -# } -# return @$result; -#} - -# my ($xml_ref, $element) = @_; -# if (exists $xml_ref->{$element}) { -# my $result = $xml_ref->{$element}; -# if( $element eq "header" || $element eq "target" || $element eq "source") { -# return @$result[0]; -# } else { -# return @$result; -# } -# -# } else { -# my $result = (); -# return @$result; -# } -#} + if( $msg_header ) { $msg_header = "'$msg_header'-"; } + else { $msg_header = ""; } + # encrypt xml msg + my $crypted_msg = &encrypt_msg($msg, $encrypt_key); -#=== FUNCTION ================================================================ -# NAME: encrypt_msg -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -#sub encrypt_msg { -# my ($msg, $my_cipher) = @_; -# if(not defined $my_cipher) { print "no cipher object\n"; } -# $msg = "\0"x(16-length($msg)%16).$msg; -# my $crypted_msg = $my_cipher->encrypt($msg); -# chomp($crypted_msg = &encode_base64($crypted_msg)); -# return $crypted_msg; -#} + # opensocket + my $socket = &open_socket($address); + if( !$socket ) { + daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1); + $error++; + } + + # send xml msg + if( $error == 0 ) { + print $socket $crypted_msg."\n"; + daemon_log("send ".$msg_header."msg to $address", 1); + daemon_log("message:\n$msg", 8); + } + # close socket in any case + if( $socket ) { + close $socket; + } -#=== FUNCTION ================================================================ -# NAME: decrypt_msg -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -#sub decrypt_msg { -# my ($crypted_msg, $my_cipher) = @_ ; -# $crypted_msg = &decode_base64($crypted_msg); -# my $msg = $my_cipher->decrypt($crypted_msg); -# $msg =~ s/\0*//g; -# return $msg; -#} + return $error; +} -#=== FUNCTION ================================================================ -# NAME: create_ciphering -# PARAMETERS: -# RETURNS: cipher object -# DESCRIPTION: -#=============================================================================== -#sub create_ciphering { -# my ($passwd) = @_; -# $passwd = substr(md5_hex("$passwd") x 32, 0, 32); -# my $iv = substr(md5_hex('GONICUS GmbH'),0, 16); -# -# #daemon_log("iv: $iv", 7); -# #daemon_log("key: $passwd", 7); -# my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC()); -# $my_cipher->set_iv($iv); -# return $my_cipher; -#} +sub write_to_file { + my ($string, $file) = @_; + my $error = 0; + if( not defined $file || not -f $file ) { + &main::daemon_log("ERROR: $prg: check '-f file' failed: $file", 1); + $error++; + } + if( not defined $string || 0 == length($string)) { + &main::daemon_log("ERROR: $prg: empty string to write to file '$file'", 1); + $error++; + } + + if( $error == 0 ) { -#=== FUNCTION ================================================================ -# NAME: create_passwd -# PARAMETERS: -# RETURNS: cipher object -# DESCRIPTION: -#=============================================================================== -sub create_passwd { - my $new_passwd = ""; - for(my $i=0; $i<31; $i++) { - $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))] + chomp($string); + + if (open(FILE, ">> $file")){ + print FILE $string."\n"; + close(FILE); + } } - return $new_passwd; + return; } -#=== FUNCTION ================================================================ -# NAME: send_msg_hash2address -# PARAMETERS: msg string - xml message -# PeerAddr string - socket address to send msg -# PeerPort string - socket port, if not included in socket address -# RETURNS: nothing -# DESCRIPTION: ???? -#=============================================================================== -#sub send_msg_hash2address { -# my ($msg_hash, $address, $passwd) = @_ ; -# -# # fetch header for logging -# my $header = @{$msg_hash->{header}}[0]; -# -# # generiere xml string -# my $msg_xml = &create_xml_string($msg_hash); -# -# # hole das entsprechende passwd aus dem hash -# if(not defined $passwd) { -# if(exists $known_hosts->{$address}) { -# $passwd = $known_hosts->{$address}->{passwd}; -# } elsif ($address eq $server_address) { -# $passwd = $server_passwd; -# } else { -# daemon_log("$address not known, neither as server nor as client", 1); -# return "failed"; -# } -# } -# -# # erzeuge ein ciphering object -# my $act_cipher = &create_ciphering($passwd); -# -# # encrypt xml msg -# my $crypted_msg = &encrypt_msg($msg_xml, $act_cipher); -# -# # öffne socket -# my $socket = &open_socket($address); -# if(not defined $socket){ -# daemon_log("cannot open socket to $address, server not reachable", 1); -# daemon_log("cannot send '$header'-msg", 1); -# return "failed"; -# } -# -# # versende xml msg -# print $socket $crypted_msg."\n"; -# -# # schließe socket -# close $socket; -# -# daemon_log("send '$header'-msg to $address", 5); -# daemon_log("crypted_msg:\n\t$crypted_msg", 7); -# -# return "done"; -#} - - -#=== FUNCTION ================================================================ -# NAME: open_socket -# PARAMETERS: PeerAddr string something like 192.168.1.1 or 192.168.1.1:10000 -# [PeerPort] string necessary if port not appended by PeerAddr -# RETURNS: socket IO::Socket::INET -# DESCRIPTION: -#=============================================================================== sub open_socket { my ($PeerAddr, $PeerPort) = @_ ; if(defined($PeerPort)){ $PeerAddr = $PeerAddr.":".$PeerPort; } my $socket; - $socket = new IO::Socket::INET(PeerAddr => $PeerAddr , - Porto => "tcp" , + $socket = new IO::Socket::INET(PeerAddr => $PeerAddr, + Porto => "tcp", Type => SOCK_STREAM, Timeout => 5, ); if(not defined $socket) { - #daemon_log("cannot connect to socket at $PeerAddr, $@\n"); return; } - daemon_log("open_socket:\n\t$PeerAddr", 7); + &daemon_log("open_socket: $PeerAddr", 7); return $socket; } #=== FUNCTION ================================================================ -# NAME: read_from_socket -# PARAMETERS: socket fh - -# RETURNS: result string - readed characters from socket -# DESCRIPTION: reads data from socket in 16 byte steps +# NAME: register_at_server +# PARAMETERS: +# RETURNS: +# DESCRIPTION: #=============================================================================== -sub read_from_socket { - my ($socket) = @_; - my $result = ""; +sub register_at_gosa_si_server { + my ($kernel) = $_[KERNEL]; + my $try_to_register = 0; - $socket->blocking(1); - $result = <$socket>; + if( not $REGISTERED ) { + # create new passwd and ciphering object for client-server communication + $server_key = &create_passwd(); - $socket->blocking(0); - while ( my $char = <$socket> ) { - if (not defined $char) { last } - $result .= $char; - } - return $result; + my $events = join( ",", keys %{$event_hash} ); + while(1) { + if( $try_to_register >= @servers ) { + last; + } + # fetch first gosa-si-server from @servers + my $server = shift(@servers); -# my ($socket) = @_; -# my $result = ""; -# my $len = 16; -# while($len == 16){ -# my $char; -# $len = sysread($socket, $char, 16); -# if($len != 16) { last } -# if($len != 16) { last } -# $result .= $char; -# } -# return $result; -} + # append shifted gosa-si-server at the end of @servers, so looking for servers never stop if + # a registration never occured + push( @servers, $server ); + # Check if our ip is resolvable - if not: don't try to register + my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/)); + my $dnsname= gethostbyaddr(inet_aton($ip), AF_INET); + if(!defined($dnsname)) { + &write_to_file("goto-error-dns:$ip", $fai_logpath); + exit(1); + } + + # create registration msg + my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/)); + my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/)); + my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server); + &add_content2xml_hash($register_hash, "new_passwd", $server_key); + &add_content2xml_hash($register_hash, "mac_address", $local_mac); + &add_content2xml_hash($register_hash, "events", $events); + &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum); + + # Add $HOSTNAME from ENV if force-hostname is set + if( defined($client_force_hostname) && + $client_force_hostname eq "true") { + if(defined($ENV{HOSTNAME}) && + length($ENV{HOSTNAME}) >0 ) { + &add_content2xml_hash($register_hash, "force-hostname", $ENV{HOSTNAME}); + } else { + &main::daemon_log("force-hostname was set to true, but no \$HOSTNAME was found in Environment!",0); + } + } + + # send xml hash to server with general server passwd + my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key); + if($res == 0) { + # reset try_to_register + $try_to_register = 0; + + # Set fixed client address and mac address + $client_ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/)); + $client_address= "$client_ip:$client_port"; + $client_mac_address = $local_mac; + $client_dnsname = $dnsname; + + last; + } else { + $try_to_register++; + + # wait 1 sec until trying to register again + sleep(1); + next; + } + } -#=== FUNCTION ================================================================ -# NAME: print_known_hosts_hash -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub print_known_hosts_hash { - my ($tmp) = @_; - print "####################################\n"; - print "# status of known_hosts\n"; - my $hosts; - my $host_hash; - my @hosts = keys %$known_hosts; - foreach my $host (@hosts) { - #my @elements = keys %$known_hosts->{$host}; - my $status = $known_hosts->{$host}->{status} ; - my $passwd = $known_hosts->{$host}->{passwd}; - my $timestamp = $known_hosts->{$host}->{timestamp}; - print "$host\n"; - print "\t$status\n"; - print "\t$passwd\n"; - print "\t$timestamp\n"; + if( $try_to_register >= @servers ) { + &write_to_file("gosa-si-no-server-available", $fai_logpath); + $kernel->delay_set('register_at_gosa_si_server', $delay_set_time); + } + else { + daemon_log("INFO: waiting for msg 'register_at_gosa_si_server'",5); + $kernel->delay_set('register_at_gosa_si_server', $delay_set_time); + # clear old settings and set it again + $kernel->delay_set('trigger_new_key', $server_key_lifetime); } - print "####################################\n"; - return; + } + return; } + -#=== FUNCTION ================================================================ -# NAME: -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub create_known_hosts_entry { - my ($hostname) = @_; - $known_hosts->{$hostname} = {}; - $known_hosts->{$hostname}->{status} = "none"; - $known_hosts->{$hostname}->{passwd} = "none"; - $known_hosts->{$hostname}->{timestamp} = "none"; - return; -} +sub check_key_and_xml_validity { + my ($crypted_msg, $module_key) = @_; + my $msg; + my $msg_hash; + eval{ + $msg = &decrypt_msg($crypted_msg, $module_key); + &main::daemon_log("decrypted_msg: \n$msg", 8); -#=== FUNCTION ================================================================ -# NAME: -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub update_known_hosts_entry { - my ($hostname, $status, $passwd, $timestamp) = @_; - my ($seconds, $minutes, $hours, $monthday, $month, - $year, $weekday, $yearday, $sommertime) = localtime(time); - $hours = $hours < 10 ? $hours = "0".$hours : $hours; - $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes; - $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds; - $month+=1; - $month = $month < 10 ? $month = "0".$month : $month; - $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday; - $year+=1900; - my $t = "$year$month$monthday$hours$minutes$seconds"; - - if($status) { - $known_hosts->{$hostname}->{status} = $status; - } - if($passwd) { - $known_hosts->{$hostname}->{passwd} = $passwd; - } - if($timestamp) { - $t = $timestamp; - } - $known_hosts->{$hostname}->{timestamp} = $t; - return; -} + $msg_hash = $xml->XMLin($msg, ForceArray=>1); + ############## + # check header + my $header_l = $msg_hash->{'header'}; + if( 1 != @{$header_l} ) { + die 'no or more headers specified'; + } + my $header = @{$header_l}[0]; + if( 0 == length $header) { + die 'header has length 0'; + } -#=== FUNCTION ================================================================ -# NAME: -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub add_content2known_hosts { - my ($hostname, $element, $content) = @_; - my ($seconds, $minutes, $hours, $monthday, $month, - $year, $weekday, $yearday, $sommertime) = localtime(time); - $hours = $hours < 10 ? $hours = "0".$hours : $hours; - $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes; - $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds; - $month+=1; - $month = $month < 10 ? $month = "0".$month : $month; - $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday; - $year+=1900; - my $t = "$year$month$monthday$hours$minutes$seconds"; - - $known_hosts->{$hostname}->{$element} = $content; - $known_hosts->{$hostname}->{timestamp} = $t; - return; + ############## + # check source + my $source_l = $msg_hash->{'source'}; + if( 1 != @{$source_l} ) { + die 'no or more than 1 sources specified'; + } + my $source = @{$source_l}[0]; + if( 0 == length $source) { + die 'source has length 0'; + } + unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) { + die "source '$source' is neither a complete ip-address with port nor 'GOSA'"; + } + + ############## + # check target + my $target_l = $msg_hash->{'target'}; + if( 1 != @{$target_l} ) { + die 'no or more than 1 targets specified '; + } + my $target = @{$target_l}[0]; + if( 0 == length $target) { + die 'target has length 0 '; + } + unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ){ + die "source is neither a complete ip-address with port nor 'GOSA'"; + } + }; + if($@) { + &main::daemon_log("WARNING: do not understand the message or msg is not gosa-si envelope conform:", 5); + &main::daemon_log("$@", 8); + $msg = undef; + $msg_hash = undef; + } + + return ($msg, $msg_hash); } -#=== FUNCTION ================================================================ -# NAME: -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub process_incoming_msg { - my ($crypted_msg) = @_; - if(not defined $crypted_msg) { - daemon_log("function 'process_incoming_msg': got no msg", 7); - } - $crypted_msg =~ /^([\s\S]*?)\.(\d{1,3}?)\.(\d{1,3}?)\.(\d{1,3}?)\.(\d{1,3}?)$/; - $crypted_msg = $1; - my $host = sprintf("%s.%s.%s.%s", $2, $3, $4, $5); - daemon_log("msg from host:", 1); - daemon_log("\t$host", 1); - daemon_log("crypted msg:", 7); - daemon_log("\t$crypted_msg", 7); - - my $act_cipher = &create_ciphering($server_passwd); - - # try to decrypt incoming msg - my ($msg, $msg_hash); +sub check_outgoing_xml_validity { + my ($msg) = @_; + + my $msg_hash; eval{ - $msg = &decrypt_msg($crypted_msg, $act_cipher); $msg_hash = $xml->XMLin($msg, ForceArray=>1); + + ############## + # check header + my $header_l = $msg_hash->{'header'}; + if( 1 != @{$header_l} ) { + die 'no or more than one headers specified'; + } + my $header = @{$header_l}[0]; + if( 0 == length $header) { + die 'header has length 0'; + } + + ############## + # check source + my $source_l = $msg_hash->{'source'}; + if( 1 != @{$source_l} ) { + die 'no or more than 1 sources specified'; + } + my $source = @{$source_l}[0]; + if( 0 == length $source) { + die 'source has length 0'; + } + unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ || + $source =~ /^GOSA$/i ) { + die "source '$source' is neither a complete ip-address with port"; + } + + ############## + # check target + my $target_l = $msg_hash->{'target'}; + if( 1 != @{$target_l} ) { + die "no or more than one targets specified"; + } + foreach my $target (@$target_l) { + if( 0 == length $target) { + die "target has length 0"; + } + unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) { + die "target '$target' is not a complete ip-address with port or a valid target name"; + } + } }; if($@) { - daemon_log("ERROR: incoming msg cannot be decrypted with server passwd", 1); - return; - } + daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5); + daemon_log("$@ $msg", 8); + $msg_hash = undef; + } + return ($msg_hash); +} - my $header = @{$msg_hash->{header}}[0]; - - daemon_log("receive '$header' from $host", 1); -# daemon_log("header from msg:", 1); -# daemon_log("\t$header", 1); -# daemon_log("msg to process:", 7); -# daemon_log("\t$msg", 7); - - #check whether msg to process is a event - opendir(DIR, $event_dir) - or daemon_log("cannot find directory $event_dir, no events specified", 5); - my $file_name; - while(defined($file_name = readdir(DIR))){ - if ($file_name eq "." || $file_name eq "..") { + +sub import_events { + + if (not -e $event_dir) { + daemon_log("ERROR: cannot find directory or directory is not readable: $event_dir", 1); + } + opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n"; + + while (defined (my $event = readdir (DIR))) { + if( $event eq "." || $event eq ".." ) { next; } + + eval{ require $event; }; + if( $@ ) { + daemon_log("ERROR: import of event module '$event' failed", 1); + daemon_log("$@", 1); next; } - if ($file_name eq $header) { - my $cmd = "$event_dir/$file_name '$msg'"; - my $result_xml = ""; - open(PIPE, "$cmd 2>&1 |"); - while() { - $result_xml.=$_; - last; - } - close(PIPE); - my $res_hash = &transform_msg2hash($result_xml); - my $res_target = @{$res_hash->{target}}[0]; - &send_msg_hash2address($res_hash, $server_address); - - return; + + $event =~ /(\S*?).pm$/; + my $event_module = $1; + my $events_l = eval( $1."::get_events()") ; + foreach my $event_name (@{$events_l}) { + $event_hash->{$event_name} = $event_module; } + } - close(DIR); - daemon_log("could not assign the msg $header to an event", 5); - - if ($header eq 'new_ldap_config') { if ($ldap_enabled == 1) {&new_ldap_config($msg_hash)}} - elsif ($header eq 'ping') { &got_ping($msg_hash) } - elsif ($header eq 'wake_up') { &execute_event($msg_hash)} - elsif ($header eq 'new_passwd') { &new_passwd()} - else { daemon_log("ERROR: no function assigned to msg $header", 5) } - return; + my @all_events = keys %$event_hash; + my $all_events_string = join(", ", @all_events); + + daemon_log("INFO: imported events: $all_events_string", 5); } +sub trigger_new_key { + my ($kernel) = $_[KERNEL] ; -#=== FUNCTION ================================================================ -# NAME: -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub update_status { - my ($new_status) = @_ ; - my $out_hash = &create_xml_hash("update_status", $client_address, $server_address); - &add_content2xml_hash($out_hash, "update_status", $new_status); - &send_msg_hash2address($out_hash, $server_address); - return; + my $msg = "
new_key
$client_address$client_address"; + &send_msg_to_target($msg, $client_address, $server_key, 'new_key'); + + $kernel->delay_set('trigger_new_key', $server_key_lifetime); } -#=== FUNCTION ================================================================ -# NAME: -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub server_leaving { - my ($msg_hash) = @_ ; - my $source = &get_content_from_xml_hash("source"); - my $header = &get_content_from_xml_hash("header"); - - daemon_log("gosa daemon $source is going down, cause registration procedure", 1); - my $server_address = "none"; - my $server_passwd = "none"; - my $server_cipher = "none"; +sub trigger_logged_in_users_report { + my ($kernel) = $_[KERNEL] ; - # reinitialization of default values in config file - &read_configfile; - - # registrated at new daemon - ®ister_at_server(); - - return; + # just do if client is registered already + if( $REGISTERED ) { + my $result = qx(/usr/bin/w -hs); + my @res_lines; + + if( defined $result ) { + chomp($result); + @res_lines = split("\n", $result); + } + + my @logged_in_user_list; + foreach my $line (@res_lines) { + chomp($line); + my @line_parts = split(/\s+/, $line); + push(@logged_in_user_list, $line_parts[0]); + } + system("echo 'CURRENTLY_LOGGED_IN ".join(" ", @logged_in_user_list)."' > /var/run/gosa-si-client.socket"); + $kernel->delay_set('trigger_logged_in_users_report', $trigger_logged_in_users_report_delay); + } else { + # try it in 1 sec again + $kernel->delay_set('trigger_logged_in_users_report', 1); + } } -sub got_ping { - my ($msg_hash) = @_ ; +sub generic_file_reset { + my ( $heap, $wheel_id ) = @_[ HEAP, ARG0 ]; - my $source = &get_content_from_xml_hash($msg_hash, 'source'); - my $target = &get_content_from_xml_hash($msg_hash, 'target'); - my $header = &get_content_from_xml_hash($msg_hash, 'header'); - - &add_content2known_hosts(hostname=>$target, status=>$header); - - my $out_hash = &create_xml_hash("got_ping", $target, $source); - &send_msg_hash2address($out_hash, $source, $server_passwd); + my $service = $heap->{services}->{$wheel_id}; + daemon_log("INFO: '$service' watching reset", 5); + return; +} + +sub generic_file_error { + my ( $heap, $operation, $errno, $error_string, $wheel_id ) = + @_[ HEAP, ARG0, ARG1, ARG2, ARG3 ]; + + my $service = $heap->{services}->{$wheel_id}; + daemon_log("ERROR: '$service' watcher $operation error $errno: $error_string", 1); + daemon_log("ERROR: shutting down '$service' file watcher", 1); + delete $heap->{services}->{$wheel_id}; + delete $heap->{watchers}->{$wheel_id}; return; } -sub new_ldap_config { - my ($msg_hash) = @_ ; - my $element; - my @ldap_uris; - my $ldap_base; - my @ldap_options; - my @pam_options; - my @nss_options; - my $goto_admin; - my $goto_secret; - - # Transform input into array - while ( my ($key, $value) = each(%$msg_hash) ) { - if ($key =~ /^(source|target|header)$/) { - next; - } +sub fifo_got_record { + my $file_record = $_[ARG0]; + my $header; + my $content = ""; + daemon_log("DEBUG: fifo got record: $file_record", 7); - foreach $element (@$value) { - if ($key =~ /^ldap_uri$/) { - push (@ldap_uris, $element); - next; - } - if ($key =~ /^ldap_base$/) { - $ldap_base= $element; - next; - } - if ($key =~ /^goto_admin$/) { - $goto_admin= $element; - next; - } - if ($key =~ /^goto_secret$/) { - $goto_secret= $element; - next; - } - if ($key =~ /^ldap_cfg$/) { - push (@ldap_options, "$element"); - next; - } - if ($key =~ /^pam_cfg$/) { - push (@pam_options, "$element"); - next; - } - if ($key =~ /^nss_cfg$/) { - push (@nss_options, "$element"); - next; - } - } + $file_record =~ /^(\S+)[ ]?([\s\S]+)?$/; + if( defined $1 ) { + $header = $1; + } else { + return; } - # Setup ldap.conf - my $file1; - my $file2; - open(file1, "> $ldap_config"); - print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n"; - print file1 "URI"; - foreach $element (@ldap_uris) { - print file1 " $element"; - } - print file1 "\nBASE $ldap_base\n"; - foreach $element (@ldap_options) { - print file1 "$element\n"; + if( defined $2 ) { + $content = $2; } - close (file1); - daemon_log("wrote $ldap_config", 5); - - # Setup pam_ldap.conf / libnss_ldap.conf - open(file1, "> $pam_config"); - open(file2, "> $nss_config"); - print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n"; - print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n"; - print file1 "uri"; - print file2 "uri"; - foreach $element (@ldap_uris) { - print file1 " $element"; - print file2 " $element"; + + my $clmsg_hash = &create_xml_hash("CLMSG_$header", $client_address, $server_address, $content); + &add_content2xml_hash($clmsg_hash, "macaddress", $client_mac_address); + my $clmsg = &create_xml_string($clmsg_hash); + &send_msg_to_target($clmsg, $server_address, $server_key, "CLMSG_$header"); + + # if installation finished, save all log files + if ($file_record eq "TASKBEGIN finish") { + &save_fai_log($fai_log_dir); } - print file1 "\nbase $ldap_base\n"; - print file2 "\nbase $ldap_base\n"; - foreach $element (@pam_options) { - print file1 "$element\n"; + + return; +} + + +sub save_fai_log { + my ($fai_log_dir) = @_ ; + my $FAI_DIR; + + opendir($FAI_DIR, $fai_log_dir); + if (not defined $FAI_DIR) { + daemon_log("ERROR: can not open directory $fai_log_dir: $!", 1); + return; } - foreach $element (@nss_options) { - print file2 "$element\n"; + + my @log_files = readdir($FAI_DIR); + closedir($FAI_DIR); + my @log_list; + + foreach my $log_file (@log_files) { + if( $log_file eq "." || $log_file eq ".." ) { next; } + my $log = "log_file:$log_file\n"; + $log_file = File::Spec->catfile( $fai_log_dir, $log_file ); + open(my $FILE, "<$log_file"); + if (not defined $FILE ) { + daemon_log("ERROR: can not open '$log_file': $!", 1); + next; + } + my @lines = <$FILE>; + my $log_string = join("", @lines); + $log .= &encode_base64($log_string); + push(@log_list, $log); + close ($FILE); } - close (file2); - daemon_log("wrote $nss_config", 5); - close (file1); - daemon_log("wrote $pam_config", 5); - - # Create goto.secrets if told so - if (defined $goto_admin){ - open(file1, "> /etc/goto/secret"); - close(file1); - chown(0,0, "/etc/goto/secret"); - chmod(0600, "/etc/goto/secret"); - open(file1, "> /etc/goto/secret"); - print file1 $goto_admin.":".$goto_secret."\n"; - close(file1); - daemon_log("wrote /etc/goto/secret", 5); + + my $all_log_string = join("\n", @log_list); + my $msg_hash = &create_xml_hash("CLMSG_save_fai_log", $client_address, $server_address, $all_log_string); + &add_content2xml_hash($msg_hash, "macaddress", $client_mac_address); + my $msg = &create_xml_string($msg_hash); + &send_msg_to_target($msg, $server_address, $server_key, "CLMSG_save_fai_log"); + +} + + +sub _start { + my ($kernel, $heap) = @_[KERNEL, HEAP]; + $kernel->alias_set('client_session'); + + # force a registration at a gosa-si-server + $kernel->yield('register_at_gosa_si_server'); + + # install all file watcher defined + while( my($file_name, $file) = each %files_to_watch ) { + my $file_watcher = POE::Wheel::FollowTail->new( + Filename => $file, + InputEvent => $file_name."_record", + ResetEvent => "file_reset", + ErrorEvent => "file_error", + ); + $heap->{services}->{ $file_watcher->ID } = $file_name; + $heap->{watchers}->{ $file_watcher->ID } = $file_watcher; } + $kernel->yield('trigger_logged_in_users_report'); +} - return; +sub _default { + daemon_log("ERROR: can not handle incoming msg with header '$_[ARG0]'", 1); + return; } -sub execute_event { - my ($msg_hash)= @_; - my $configdir= '/etc/gosa-si/client/events/'; - my $result; +sub server_input { + my ($kernel, $heap, $input, $wheel) = @_[KERNEL, HEAP, ARG0, ARG1]; + my $error = 0; + my $answer; + + daemon_log("Incoming msg:\n$input\n", 8); - my $header = &get_content_from_xml_hash($msg_hash, 'header'); - my $source = &get_content_from_xml_hash($msg_hash, 'source'); - my $target = &get_content_from_xml_hash($msg_hash, 'target'); + my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $server_key); + if( (!$msg) || (!$msg_hash) ) { + daemon_log("Deciphering of incoming msg failed", 5); + $error++; + } - if((not defined $source) - && (not defined $target) - && (not defined $header)) { - daemon_log("ERROR: Entries missing in XML msg for gosa events under $configdir"); - } else { - my $parameters=""; - my @params = &get_content_from_xml_hash($msg_hash, $header); - my $params = join(", ", @params); - daemon_log("execute_event: got parameters: $params", 5); - - if (@params) { - foreach my $param (@params) { - my $param_value = (&get_content_from_xml_hash($msg_hash, $param))[0]; - daemon_log("execute_event: parameter -> value: $param -> $param_value", 7); - $parameters.= " ".$param_value; - } - } + ###################### + # process incoming msg + if( $error == 0 ) { + my $header = @{$msg_hash->{header}}[0]; + my $source = @{$msg_hash->{source}}[0]; - my $cmd= $configdir.$header."$parameters"; - daemon_log("execute_event: executing cmd: $cmd", 7); - $result= ""; - open(PIPE, "$cmd 2>&1 |"); - while() { - $result.=$_; + if( exists $event_hash->{$header} ) { + # a event exists with the header as name + daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5); + no strict 'refs'; + $answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash); + } + else { + daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 1); } - close(PIPE); } - # process the event result + ######## + # answer + if( $answer ) { + #check gosa-si envelope validity + my $answer_hash = &check_outgoing_xml_validity($answer); - return; -} + if( $answer_hash ) { + # answer is valid + # preprocessing + if( $answer =~ "
registered
") { + # set registered flag to true to stop sending further registered msgs + $REGISTERED = 1; + } + else { + $answer =~ /
(\S+)<\/header>/; + &send_msg_to_target($answer, $server_address, $server_key, $1); + } -sub new_passwd { - # my ($msg_hash) = @_ ; - my $new_server_passwd = &create_passwd(); - my $new_server_cipher = &create_ciphering($new_server_passwd); + # postprocessing + if( $answer =~ "
new_key
") { + # set new key to global variable + $answer =~ /(\S*?)<\/new_key>/; + my $new_key = $1; + $server_key = $new_key; + } + } - my $out_hash = &create_xml_hash("new_passwd", $client_address, $server_address, $new_server_passwd); - - &send_msg_hash2address($out_hash, $server_address, $server_passwd); + } - $server_passwd = $new_server_passwd; - $server_cipher = $new_server_cipher; - return; + return; } - - #==== MAIN = main ============================================================== - # parse commandline options Getopt::Long::Configure( "bundling" ); GetOptions("h|help" => \&usage, @@ -1251,113 +1158,147 @@ GetOptions("h|help" => \&usage, # read and set config parameters &check_cmdline_param ; -&read_configfile; +&read_configfile($cfg_file, %cfg_defaults); &check_pid; + +# forward error messages to logfile if ( ! $foreground ) { - open STDIN, '/dev/null' or die "Can’t read /dev/null: $!"; - open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!"; - open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!"; + open( STDIN, '+>/dev/null' ); + open( STDOUT, '+>&STDIN' ); + open( STDERR, '+>&STDIN' ); } - -# restart daemon log file -if(-e $log_file ) { unlink $log_file } -daemon_log(" ", 1); -daemon_log("$0 started!", 1); - -# Just fork, if we"re not in foreground mode -if( ! $foreground ) { $pid = fork(); } -else { $pid = $$; } +# Just fork, if we are not in foreground mode +if( ! $foreground ) { + chdir '/' or die "Can't chdir to /: $!"; + $pid = fork; + setsid or die "Can't start a new session: $!"; + umask 0; +} +else { + $pid = $$; +} # Do something useful - put our PID into the pid_file if( 0 != $pid ) { open( LOCK_FILE, ">$pid_file" ); print LOCK_FILE "$pid\n"; close( LOCK_FILE ); - if( !$foreground ) { exit( 0 ) }; + if( !$foreground ) { + exit( 0 ) + }; } -# detect own ip and mac address -$network_interface= &get_interface_for_ip($client_ip); +daemon_log(" ", 1); +daemon_log("$prg started!", 1); + +# delete old DBsqlite lock files +system('rm -f /tmp/gosa_si_lock*gosa-si-client*'); + +# detect ip and mac address and complete host address +$client_address = $client_ip.":".$client_port; +my $network_interface= &get_interface_for_ip($client_ip); $client_mac_address= &get_mac($network_interface); +daemon_log("gosa-si-client ip address detected: $client_ip", 1); +daemon_log("gosa-si-client mac address detected: $client_mac_address", 1); + + +# import events +&import_events(); + + +# compute hardware checksum +$gotoHardwareChecksum= &generate_hw_digest(); +daemon_log("gosa-si-client gotoHardwareChecksum detected: $gotoHardwareChecksum", 1); + + +# create socket for incoming xml messages +POE::Component::Server::TCP->new( + Alias => 'gosa-si-client', + Port => $client_port, + ClientInput => \&server_input, +); +daemon_log("start socket for incoming xml messages at port '$client_port' ", 1); -# ($client_ip, $client_mac_address) = &get_ip_and_mac(); -#if (not defined $client_ip) { -# die "EXIT: ip address of $0 could not be detected"; -#} -daemon_log("client ip address detected: $client_ip", 1); -daemon_log("client mac address detected: $client_mac_address", 1); # prepare variables +if( inet_aton($server_ip) ){ $server_ip = inet_ntoa(inet_aton($server_ip)); } +############################################################ +# to change +if( $server_ip eq "127.0.1.1" ) { $server_ip = "127.0.0.1" } +############################################################ if (defined $server_ip && defined $server_port) { $server_address = $server_ip.":".$server_port; } -$client_address = $client_ip.":".$client_port; - -# setup xml parser $xml = new XML::Simple(); +$default_server_key = $server_key; -# create input socket -daemon_log(" ", 1); -$rbits = $wbits = $ebits = ""; -$input_socket = IO::Socket::INET->new(LocalPort => $client_port, - Type => SOCK_STREAM, - Reuse => 1, - Listen => 20, - ); -if(not defined $input_socket){ - daemon_log("cannot be a tcp server at $client_port : $@\n"); + +# add gosa-si-server address from config file at first position of server list +my $server_check_cfg = Config::IniFiles->new( -file => $cfg_file ); +my $server_check = $server_check_cfg->val( "server", "ip"); +if( defined $server_check ) { + unshift(@servers, $server_address); + my $servers_string = join(", ", @servers); + daemon_log("INFO: found servers in configuration file: $servers_string", 5); } else { - daemon_log("start client at $client_address",1) ; - vec($rbits, fileno $input_socket, 1) = 1; - vec($wbits, fileno $input_socket, 1) = 1; -} + my @tmp_servers; + if ( !$server_domain) { + # Try our DNS Searchlist + for my $domain(get_dns_domains()) { + chomp($domain); + my @tmp_domains= &get_server_addresses($domain); + if(@tmp_domains) { + for my $tmp_server(@tmp_domains) { + push @tmp_servers, $tmp_server; + } + } + } + if(@tmp_servers && length(@tmp_servers)==0) { + daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1); + kill 2, $$; + } + } else { + @tmp_servers = &get_server_addresses($server_domain); + if( 0 == @tmp_servers ) { + daemon_log("ERROR: no gosa-si-server found in DNS for domain '$server_domain'",1); + daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1); + kill 2, $$; + } + } -# register at server -daemon_log(" ", 1); -®ister_at_server(); + foreach my $server (@tmp_servers) { + unshift(@servers, $server); + } + my $servers_string = join(", ", @servers); + daemon_log("INFO: found servers in DNS: $servers_string", 5); +} -############## -# Debugging -############# -#sleep(2); -#&update_status("ich_bin_ein_neuer_status"); +# open fifo for non-gosa-si-client-msgs to gosa-si-server +POSIX::mkfifo("$gosa_si_client_fifo", "0600"); -################################### -#everything ready, okay, lets start -################################### -while(1) { - my ($rout, $wout); - my $nf = select($rout=$rbits, $wout=$wbits, undef, undef); - # error handling - if($nf < 0 ) { - } +POE::Session->create( + inline_states => { + _start => \&_start, + _default => \&_default, + register_at_gosa_si_server => \®ister_at_gosa_si_server, - # something is coming in - if(vec $rout, fileno $input_socket, 1) { - my $client = $input_socket->accept(); - my $other_end = getpeername($client); + # trigger periodical tasks + trigger_new_key => \&trigger_new_key, + trigger_logged_in_users_report => \&trigger_logged_in_users_report, - if(not defined $other_end) { - daemon_log("client cannot be identified: $!"); - } else { - my ($port, $iaddr) = unpack_sockaddr_in($other_end); - my $actual_ip = inet_ntoa($iaddr); - daemon_log("accept client from $actual_ip", 5); - my $in_msg = &read_from_socket($client); - if(defined $in_msg){ - chomp($in_msg); - $in_msg = $in_msg.".".$actual_ip; - &process_incoming_msg($in_msg); - - } - } - } -} - + # handle records from each defined file differently + fifo_record => \&fifo_got_record, + # handle file resets and errors the same way for each file + file_reset => \&generic_file_reset, + file_error => \&generic_file_error, + } +); +POE::Kernel->run(); +exit;