X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-si%2Fgosa-si-client;h=7e38a20830fc145430a63727192149d14df85b35;hb=7a2821ea86076ebecd8fbea137a9c9901073412b;hp=63567e52a06ff56b44e192d3d695ce6ea8bfb1c2;hpb=9c9b83c9c0ff7cbca710a3267890a21a647d2108;p=gosa.git diff --git a/gosa-si/gosa-si-client b/gosa-si/gosa-si-client index 63567e52a..7e38a2083 100755 --- a/gosa-si/gosa-si-client +++ b/gosa-si/gosa-si-client @@ -18,6 +18,8 @@ # REVISION: --- #=============================================================================== +my $client_version = '$HeadURL$:$Rev$'; + use strict; use warnings; use Getopt::Long; @@ -25,56 +27,92 @@ use Config::IniFiles; use POSIX; use Time::HiRes qw( gettimeofday ); -use POE qw(Component::Server::TCP); +use POE qw(Component::Server::TCP Wheel::FollowTail Wheel::Run); use IO::Socket::INET; use NetAddr::IP; -use Data::Dumper; use Crypt::Rijndael; use GOSA::GosaSupportDaemon; use Digest::MD5 qw(md5_hex md5 md5_base64); use MIME::Base64; use XML::Simple; -use Net::DNS; +use File::Basename; +use File::Spec; +use Fcntl; + +# Workaround: need pure perl to make it work with UTF-8 :-( +$XML::Simple::PREFERRED_PARSER= "XML::SAX::PurePerl"; +my $client_headURL; +my $client_revision; +my $client_status; my $event_dir = "/usr/lib/gosa-si/client/events"; use lib "/usr/lib/gosa-si/client/events"; -my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $opts_file, $procid, $pid, $log_file, $fai_logpath); -my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain, $server_key_lifetime); -my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config); +my (%cfg_defaults, $foreground, $verbose, $pid_file, $procid, $pid, $log_file, $fai_logpath); +my ($server_ip, $server_port, $server_timeout, $server_domain, $server_key_lifetime); +my ($client_port, $ldap_enabled, $ldap_config, $pam_config, $nss_config); +my ($root_uid, $adm_gid); my $xml; -my $default_server_key; my $event_hash; +my $default_server_key; my @servers; my $gotoHardwareChecksum; +my $system_com; $verbose= 1; # globalise variables which are used in imported events +our $global_kernel; our $cfg_file; +our $opts_file; our $server_address; our $client_address; +our $client_ip; +our $client_mac_address; +our $client_dnsname; +our $client_force_hostname; our $server_key; +our $terminal_server_hash; # default variables our $REGISTERED = 0; -my $try_to_register = 0; + +# path to fifo for non-gosa-si-client messages to gosa-si-server +my $fai_com_fifo = "/var/run/gosa-si-client.socket"; +my $system_com_fifo = "/var/run/gosa-si-client-system-com.socket"; +my %files_to_watch = (fai_fifo => $fai_com_fifo, system_fifo => $system_com_fifo); + +# in function register_at_gosa_si_server, after which period of seconds a new registration should be tried if a registration was +# not successful until now +my $delay_set_time = 10; +our $prg= basename($0); + +# all n seconds the client reports logged_in users to gosa-si-server +my $trigger_logged_in_users_report_delay = 600; + +# all n seconds the client reports messages seen by user +my $trigger_seen_messages_delay = 30; + +# directory where all log files from installation are stored +my $fai_log_dir = "/var/log/fai"; %cfg_defaults = ( "general" => - {"log-file" => [\$log_file, "/var/run/".$0.".log"], - "pid-file" => [\$pid_file, "/var/run/".$0.".pid"], - "opts-file" => [\$opts_file, "/var/run/".$0.".opts"], + {"log-file" => [\$log_file, "/var/run/".$prg.".log"], + "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"], + "opts-file" => [\$opts_file, "/var/run/".$prg.".opts"], }, "client" => {"port" => [\$client_port, "20083"], "ip" => [\$client_ip, "0.0.0.0"], "mac-address" => [\$client_mac_address, "00:00:00:00:00:00"], - "server-domain" => [\$server_domain, ""], + "server-domain" => [\$server_domain, ""], "ldap" => [\$ldap_enabled, 1], "ldap-config" => [\$ldap_config, "/etc/ldap/ldap.conf"], "pam-config" => [\$pam_config, "/etc/pam_ldap.conf"], - "nss-config" => [\$nss_config, "/etc/libnss_ldap.conf"], - "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"], + "nss-config" => [\$nss_config, "/etc/libnss-ldap.conf"], + "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"], + "force-hostname" => [\$client_force_hostname, "false"], + "system-com" => [\$system_com, "disabled"], }, "server" => { "ip" => [\$server_ip, "127.0.0.1"], @@ -89,6 +127,19 @@ my $try_to_register = 0; #=== FUNCTIONS = functions ===================================================== +sub usage { + print STDERR << "EOF" ; +usage: $prg [-hvf] [-c config] + + -h : this (help) message + -c : config file + -f : foreground, process will not be forked to background + -v : be verbose (multiple to increase verbosity) + +EOF + print "\n" ; +} + #=== FUNCTION ================================================================ # NAME: check_cmdline_param # PARAMETERS: @@ -114,33 +165,6 @@ sub check_cmdline_param () { } -#=== FUNCTION ================================================================ -# NAME: read_configfile -# PARAMETERS: cfg_file - string - -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub read_configfile { - my ($cfg_file, %cfg_defaults) = @_ ; - my $cfg; - if( defined( $cfg_file) && ( length($cfg_file) > 0 )) { - if( -r $cfg_file ) { - $cfg = Config::IniFiles->new( -file => $cfg_file ); - } else { - print STDERR "Couldn't read config file!"; - } - } else { - $cfg = Config::IniFiles->new() ; - } - foreach my $section (keys %cfg_defaults) { - foreach my $param (keys %{$cfg_defaults{ $section }}) { - my $pinfo = $cfg_defaults{ $section }{ $param }; - ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] ); - } - } -} - - #=== FUNCTION ================================================================ # NAME: check_pid # PARAMETERS: @@ -190,6 +214,15 @@ sub check_pid { } +sub sig_int_handler { + my ($signal) = @_; + + daemon_log("shutting down gosa-si-client", 1); + system("kill `ps -C gosa-si-client -o pid=`"); +} +$SIG{INT} = \&sig_int_handler; + + #=== FUNCTION ================================================================ # NAME: logging # PARAMETERS: level - string - default 'info' @@ -199,80 +232,45 @@ sub check_pid { # DESCRIPTION: #=============================================================================== sub daemon_log { - # log into log_file +# log into log_file my( $msg, $level ) = @_; if(not defined $msg) { return } if(not defined $level) { $level = 1 } if(defined $log_file){ - open(LOG_HANDLE, ">>$log_file"); - if(not defined open( LOG_HANDLE, ">>$log_file" )) { - print STDERR "cannot open $log_file: $!"; - return } - chomp($msg); - if($level <= $verbose){ - my ($seconds, $minutes, $hours, $monthday, $month, - $year, $weekday, $yearday, $sommertime) = localtime(time); - $hours = $hours < 10 ? $hours = "0".$hours : $hours; - $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes; - $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds; - my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"); - $month = $monthnames[$month]; - $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday; - $year+=1900; - my $name = $0; - $name =~ s/\.\///; - - my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n"; - print LOG_HANDLE $log_msg; - if( $foreground ) { - print STDERR $log_msg; - } + my $open_log_fh = sysopen(LOG_HANDLE, $log_file, O_WRONLY | O_CREAT | O_APPEND , 0440); + if(not $open_log_fh) { + print STDERR "cannot open $log_file: $!"; + return; + } + # check owner and group of log_file and update settings if necessary + my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $mtime, $ctime, $blksize, $blocks) = stat($log_file); + if((not $uid eq $root_uid) || (not $gid eq $adm_gid)) { + chown($root_uid, $adm_gid, $log_file); + } + + chomp($msg); + if($level <= $verbose){ + my ($seconds, $minutes, $hours, $monthday, $month, + $year, $weekday, $yearday, $sommertime) = localtime(time); + $hours = $hours < 10 ? $hours = "0".$hours : $hours; + $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes; + $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds; + my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"); + $month = $monthnames[$month]; + $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday; + $year+=1900; + + my $log_msg = "$month $monthday $hours:$minutes:$seconds $prg $msg\n"; + print LOG_HANDLE $log_msg; + if( $foreground ) { + print STDERR $log_msg; } + } close( LOG_HANDLE ); } -#log into syslog -# my ($msg, $level, $facility) = @_; -# if(not defined $msg) {return} -# if(not defined $level) {$level = "info"} -# if(not defined $facility) {$facility = "LOG_DAEMON"} -# openlog($0, "pid,cons,", $facility); -# syslog($level, $msg); -# closelog; -# return; } -#=== FUNCTION ================================================================ -# NAME: get_interfaces -# PARAMETERS: none -# RETURNS: (list of interfaces) -# DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces. -#=============================================================================== -sub get_interfaces { - my @result; - my $PROC_NET_DEV= ('/proc/net/dev'); - - open(PROC_NET_DEV, "<$PROC_NET_DEV") - or die "Could not open $PROC_NET_DEV"; - - my @ifs = ; - - close(PROC_NET_DEV); - - # Eat first two line - shift @ifs; - shift @ifs; - - chomp @ifs; - foreach my $line(@ifs) { - my $if= (split /:/, $line)[0]; - $if =~ s/^\s+//; - push @result, $if; - } - - return @result; -} - #=== FUNCTION ================================================================ # NAME: get_mac # PARAMETERS: interface name (i.e. eth0) @@ -320,61 +318,6 @@ sub get_mac { } -#=== FUNCTION ================================================================ -# NAME: get_interface_for_ip -# PARAMETERS: ip address (i.e. 192.168.0.1) -# RETURNS: array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else -# DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces. -#=============================================================================== -sub get_interface_for_ip { - my $result; - my $ip= shift; - if ($ip && length($ip) > 0) { - my @ifs= &get_interfaces(); - if($ip eq "0.0.0.0") { - $result = "all"; - } else { - foreach (@ifs) { - my $if=$_; - if(get_ip($if) eq $ip) { - $result = $if; - last; - } - } - } - } - return $result; -} - - -#=== FUNCTION ================================================================ -# NAME: get_ip -# PARAMETERS: interface name (i.e. eth0) -# RETURNS: (ip address) -# DESCRIPTION: Uses ioctl to get ip address directly from system. -#=============================================================================== -sub get_ip { - my $ifreq= shift; - my $result= ""; - my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list - my $proto= getprotobyname('ip'); - - socket SOCKET, PF_INET, SOCK_DGRAM, $proto - or die "socket: $!"; - - if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) { - my ($if, $sin) = unpack 'a16 a16', $ifreq; - my ($port, $addr) = sockaddr_in $sin; - my $ip = inet_ntoa $addr; - - if ($ip && length($ip) > 0) { - $result = $ip; - } - } - - return $result; -} - #=== FUNCTION ================================================================ # NAME: get_local_mac_for_remote_ip @@ -387,6 +330,14 @@ sub get_local_mac_for_remote_ip { my $server_ip= shift; my $result= "00:00:00:00:00:00"; + if($server_ip =~ /^[a-z][a-z0-9\.]+/i) { + my $ip_address = inet_ntoa(scalar gethostbyname($server_ip)); + if(defined($ip_address) && $ip_address =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/) { + # Write ip address to $server_ip variable + $server_ip = $ip_address; + } + } + if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) { my $PROC_NET_ROUTE= ('/proc/net/route'); @@ -420,330 +371,63 @@ sub get_local_mac_for_remote_ip { return $result; } -sub get_local_ip_for_remote_ip { - my $server_ip= shift; - my $result="0.0.0.0"; - - if($server_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) { - if($server_ip eq "127.0.0.1") { - $result="127.0.0.1"; - } else { - my $PROC_NET_ROUTE= ('/proc/net/route'); - - open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE") - or die "Could not open $PROC_NET_ROUTE"; - - my @ifs = ; - - close(PROC_NET_ROUTE); - - # Eat header line - shift @ifs; - chomp @ifs; - foreach my $line(@ifs) { - my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line); - my $destination; - my $mask; - my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination); - $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); - ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask); - $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); - if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) { - # destination matches route, save mac and exit - $result= &get_ip($Iface); - last; - } - } - } - } else { - daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $server_ip", 1); - } - return $result; -} - -sub new_ldap_config { - my ($msg_hash) = @_ ; - my $element; - my @ldap_uris; - my $ldap_base; - my @ldap_options; - my @pam_options; - my @nss_options; - my $goto_admin; - my $goto_secret; - my $admin_base= ""; - my $department= ""; - my $release= ""; - my $unit_tag; - - # Transform input into array - while ( my ($key, $value) = each(%$msg_hash) ) { - if ($key =~ /^(source|target|header)$/) { - next; - } - - foreach $element (@$value) { - if ($key =~ /^ldap_uri$/) { - push (@ldap_uris, $element); - next; - } - if ($key =~ /^ldap_base$/) { - $ldap_base= $element; - next; - } - if ($key =~ /^goto_admin$/) { - $goto_admin= $element; - next; - } - if ($key =~ /^goto_secret$/) { - $goto_secret= $element; - next; - } - if ($key =~ /^ldap_cfg$/) { - push (@ldap_options, "$element"); - next; - } - if ($key =~ /^pam_cfg$/) { - push (@pam_options, "$element"); - next; - } - if ($key =~ /^nss_cfg$/) { - push (@nss_options, "$element"); - next; - } - if ($key =~ /^admin_base$/) { - $admin_base= $element; - next; - } - if ($key =~ /^department$/) { - $department= $element; - next; - } - if ($key =~ /^unit_tag$/) { - $unit_tag= $element; - next; - } - if ($key =~ /^release$/) { - $release= $element; - next; - } - } - } - - # Unit tagging enabled? - if (defined $unit_tag){ - push (@pam_options, "pam_filter gosaUnitTag=$unit_tag"); - push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag"); - push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag"); - } - - # Setup ldap.conf - my $file1; - my $file2; - open(file1, "> $ldap_config"); - print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n"; - print file1 "URI"; - foreach $element (@ldap_uris) { - print file1 " $element"; - } - print file1 "\nBASE $ldap_base\n"; - foreach $element (@ldap_options) { - print file1 "$element\n"; - } - close (file1); - daemon_log("wrote $ldap_config", 5); - - # Setup pam_ldap.conf / libnss_ldap.conf - open(file1, "> $pam_config"); - open(file2, "> $nss_config"); - print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n"; - print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n"; - print file1 "uri"; - print file2 "uri"; - foreach $element (@ldap_uris) { - print file1 " $element"; - print file2 " $element"; - } - print file1 "\nbase $ldap_base\n"; - print file2 "\nbase $ldap_base\n"; - foreach $element (@pam_options) { - print file1 "$element\n"; - } - foreach $element (@nss_options) { - print file2 "$element\n"; - } - close (file2); - daemon_log("wrote $nss_config", 5); - close (file1); - daemon_log("wrote $pam_config", 5); - - # Create goto.secrets if told so - for compatibility reasons - if (defined $goto_admin){ - open(file1, "> /etc/goto/secret"); - close(file1); - chown(0,0, "/etc/goto/secret"); - chmod(0600, "/etc/goto/secret"); - open(file1, "> /etc/goto/secret"); - print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n"; - close(file1); - daemon_log("wrote /etc/goto/secret", 5); - } - - - - # Write shell based config - my $cfg_name= dirname($ldap_config)."/ldap-shell.conf"; - open(file1, "> $cfg_name"); - print file1 "LDAP_BASE=\"$ldap_base\"\n"; - print file1 "ADMIN_BASE=\"$admin_base\"\n"; - print file1 "DEPARTMENT=\"$department\"\n"; - print file1 "RELEASE=\"$release\"\n"; - print file1 "UNIT_TAG=\"".(defined $unit_tag ? "$unit_tag" : "")."\"\n"; - print file1 "UNIT_TAG_FILTER=\"".(defined $unit_tag ? "(gosaUnitTag=$unit_tag)" : "")."\"\n"; - close(file1); - daemon_log("wrote $cfg_name", 5); - - return; - -} - sub generate_hw_digest { my $hw_data; foreach my $line (split /\n/, `cat /proc/bus/pci/devices`) { $hw_data.= sprintf "%s", $line =~ /[^\s]+\s([^\s]+)\s.*/; } + # linux-vserver has no /proc/bus/pci/devices + if ( !$hw_data ) { + foreach my $line (split /\n/, `ifconfig | grep HWaddr`) { + $hw_data.= sprintf "%s", $line =~ /[^\s]+\s([^\s]+)\s.*/; + } + } return(md5_base64($hw_data)); } -sub create_passwd { - my $new_passwd = ""; - for(my $i=0; $i<31; $i++) { - $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))] - } - - return $new_passwd; +sub create_ciphering { + my ($passwd) = @_; + if((!defined($passwd)) || length($passwd)==0) { + $passwd = ""; + } + $passwd = substr(md5_hex("$passwd") x 32, 0, 32); + my $iv = substr(md5_hex('GONICUS GmbH'),0, 16); + my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC()); + $my_cipher->set_iv($iv); + return $my_cipher; } -sub get_server_addresses { - my $domain= shift; - my @result; - - my $error = 0; - my $res = Net::DNS::Resolver->new; - my $query = $res->send("_gosad._tcp.".$domain, "SRV"); - my @hits; - - if ($query) { - foreach my $rr ($query->answer) { - push(@hits, $rr->target.":".$rr->port); - } - } - else { - #warn "query failed: ", $res->errorstring, "\n"; - $error++; +sub encrypt_msg { + my ($msg, $key) = @_; + my $my_cipher = &create_ciphering($key); + my $len; + { + use bytes; + $len= 16-length($msg)%16; } + $msg = "\0"x($len).$msg; + $msg = $my_cipher->encrypt($msg); + chomp($msg = &encode_base64($msg)); + # there are no newlines allowed inside msg + $msg=~ s/\n//g; + return $msg; +} - if( $error == 0 ) { - foreach my $hit (@hits) { - my ($hit_name, $hit_port) = split(/:/, $hit); - my $address_query = $res->send($hit_name); - if( 1 == length($address_query->answer) ) { - foreach my $rr ($address_query->answer) { - push(@result, $rr->address.":".$hit_port); - } - } - } - } +sub decrypt_msg { -# my $dig_cmd= 'dig +nocomments srv _gosad._tcp.'.$domain; -# -# my $output= `$dig_cmd 2>&1`; -# open (PIPE, "$dig_cmd 2>&1 |"); -# while() { -# chomp $_; -# # If it's not a comment -# if($_ =~ m/^[^;]/) { -# my @matches= split /\s+/; -# -# # Push hostname with port -# if($matches[3] eq 'SRV') { -# push @result, $matches[7].':'.$matches[6]; -# } elsif ($matches[3] eq 'A') { -# my $i=0; -# -# # Substitute the hostname with the ip address of the matching A record -# foreach my $host (@result) { -# if ((split /\:/, $host)[0] eq $matches[0]) { -# $result[$i]= $matches[4].':'.(split /\:/, $host)[1]; -# } -# $i++; -# } -# } -# } -# } -# close(PIPE); - return @result; + my ($msg, $key) = @_ ; + $msg = &decode_base64($msg); + my $my_cipher = &create_ciphering($key); + $msg = $my_cipher->decrypt($msg); + $msg =~ s/\0*//g; + return $msg; } -##=== FUNCTION ================================================================ -## NAME: create_ciphering -## PARAMETERS: passwd - string - used to create ciphering -## RETURNS: cipher - object -## DESCRIPTION: creates a Crypt::Rijndael::MODE_CBC object with passwd as key -##=============================================================================== -#sub create_ciphering { -# my ($passwd) = @_; -# $passwd = substr(md5_hex("$passwd") x 32, 0, 32); -# my $iv = substr(md5_hex('GONICUS GmbH'),0, 16); -# -# #daemon_log("iv: $iv", 7); -# #daemon_log("key: $passwd", 7); -# my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC()); -# $my_cipher->set_iv($iv); -# return $my_cipher; -#} -# -# -#sub create_ciphering { -# my ($passwd) = @_; -# $passwd = substr(md5_hex("$passwd") x 32, 0, 32); -# my $iv = substr(md5_hex('GONICUS GmbH'),0, 16); -# my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC()); -# $my_cipher->set_iv($iv); -# return $my_cipher; -#} -# -# -#sub encrypt_msg { -# my ($msg, $key) = @_; -# my $my_cipher = &create_ciphering($key); -# { -# use bytes; -# $msg = "\0"x(16-length($msg)%16).$msg; -# } -# $msg = $my_cipher->encrypt($msg); -# chomp($msg = &encode_base64($msg)); -# # there are no newlines allowed inside msg -# $msg=~ s/\n//g; -# return $msg; -#} -# -# -#sub decrypt_msg { -# my ($msg, $key) = @_ ; -# $msg = &decode_base64($msg); -# my $my_cipher = &create_ciphering($key); -# $msg = $my_cipher->decrypt($msg); -# $msg =~ s/\0*//g; -# return $msg; -#} - - #=== FUNCTION ================================================================ # NAME: send_msg_hash_to_target # PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash @@ -766,12 +450,12 @@ sub send_msg_to_target { my ($msg, $address, $encrypt_key, $msg_header) = @_ ; my $error = 0; - if( $msg_header ) { - $msg_header = "'$msg_header'-"; - } - else { - $msg_header = ""; - } + if( $msg_header ) { $msg_header = "'$msg_header'-"; } + else { $msg_header = ""; } + + # Memorize own source address + $msg =~ /(\S+)<\/source>/; + my $own_source_address = $1; # encrypt xml msg my $crypted_msg = &encrypt_msg($msg, $encrypt_key); @@ -779,17 +463,21 @@ sub send_msg_to_target { # opensocket my $socket = &open_socket($address); if( !$socket ) { - daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1); + daemon_log("WARNING: cannot send ".$msg_header."msg to '$address', host not reachable", 3); + if ($REGISTERED == 1) { + $REGISTERED = 0; # if server is not available, cause reregistering + daemon_log("INFO: cause reregistering at gosa-si-server", 5); + $global_kernel->yield('register_at_gosa_si_server'); + + } $error++; } + # send xml msg if( $error == 0 ) { - # send xml msg - print $socket $crypted_msg."\n"; - - daemon_log("send ".$msg_header."msg to $address", 1); - daemon_log("message:\n$msg", 8); - + print $socket $crypted_msg.";$own_source_address\n"; + daemon_log("INFO: send ".$msg_header."msg to $address", 5); + daemon_log("DEBUG: message:\n$msg", 9); } # close socket in any case @@ -806,11 +494,11 @@ sub write_to_file { my $error = 0; if( not defined $file || not -f $file ) { - &main::daemon_log("ERROR: $0: check '-f file' failed: $file", 1); + &main::daemon_log("ERROR: $prg: check '-f file' failed: $file", 1); $error++; } if( not defined $string || 0 == length($string)) { - &main::daemon_log("ERROR: $0: empty string to write to file '$file'", 1); + &main::daemon_log("ERROR: $prg: empty string to write to file '$file'", 1); $error++; } @@ -818,9 +506,10 @@ sub write_to_file { chomp($string); - open(FILE, ">> $file"); - print FILE $string."\n"; - close(FILE); + if (open(FILE, ">> $file")){ + print FILE $string."\n"; + close(FILE); + } } return; @@ -841,7 +530,7 @@ sub open_socket { if(not defined $socket) { return; } - &daemon_log("open_socket: $PeerAddr", 7); + &daemon_log("DEBUG: open_socket: $PeerAddr", 7); return $socket; } @@ -853,93 +542,131 @@ sub open_socket { # DESCRIPTION: #=============================================================================== sub register_at_gosa_si_server { - my ($kernel) = $_[KERNEL]; - - if( not $REGISTERED ) { - $try_to_register++; - if( $try_to_register > 1 ) { - &write_to_file("gosa-si-no-server-available", $fai_logpath); - } + my ($kernel) = $_[KERNEL]; + my $try_to_register = 0; + + # if client is already registered, stop registration process + if ($REGISTERED) { + $kernel->delay('register_at_gosa_si_server'); + + # client is not registered, start registration process + } else { + # clear all other triggered events and wait till registration was successful + $kernel->delay('trigger_new_key'); - # create new passwd and ciphering object for client-server communication - $server_key = &create_passwd(); + # create new passwd and ciphering object for client-server communication + $server_key = &create_passwd(); - my $events = join( ", ", keys %{$event_hash} ); + my $events = join( ",", keys %{$event_hash} ); + while(1) { + $try_to_register++; - while(1) { + # after one complete round through all server, stop trying to register + if( $try_to_register > @servers ) { last; } # fetch first gosa-si-server from @servers + # append shifted gosa-si-server at the end of @servers, so looking for servers never stop if + # a registration never occured my $server = shift(@servers); - - # append shifted gosa-si-server at the end of @servers, so looking for servers never stop push( @servers, $server ); - - # Check if our ip is resolvable - if not: don't try to register - my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/)); - my $resolver= Net::DNS::Resolver->new; - my $dnsresult= $resolver->search($ip); - if(!defined($dnsresult)) { - &write_to_file("goto-dns-error:Could not resolve hostname for ip $ip", $fai_logpath); - exit(1); + + # Check if our ip is resolvable - if not: don't try to register + if(!(defined($server) && $server =~ m/^[0-9\.]*?:.*$/)) { + &main::daemon_log("ERROR: Server with address '".defined($server)?$server:""."' is invalid!", 1); + if (length(@servers) == 1) { + &main::daemon_log("ERROR: No valid servers found!", 1); + exit(1); + } } - # create registration msg - my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/)); - my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/)); - my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server); - &add_content2xml_hash($register_hash, "new_passwd", $server_key); + # Check if our ip is resolvable - if not: don't try to register + my $ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/)); + my $dnsname= gethostbyaddr(inet_aton($ip), AF_INET); + if(!defined($dnsname)) { + if( defined($client_force_hostname) && $client_force_hostname eq "true") { + $dnsname = `hostname`; + } else { + &write_to_file("goto-error-dns:$ip", $fai_logpath); + &main::daemon_log("ERROR: ip is not resolvable, no registration possible. Write 'goto-error-dns:$ip' to $fai_logpath", 1); + exit(1); + } + } + + # create registration msg + my $local_ip = &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/)); + my $local_mac = &get_local_mac_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/)); + my $register_hash = &create_xml_hash("here_i_am", $local_ip.":".$client_port, $server); + &add_content2xml_hash($register_hash, "new_passwd", $server_key); &add_content2xml_hash($register_hash, "mac_address", $local_mac); - &add_content2xml_hash($register_hash, "events", $events); - &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum); + &add_content2xml_hash($register_hash, "events", $events); + &add_content2xml_hash($register_hash, "client_status", $client_status); + &add_content2xml_hash($register_hash, "client_revision", $client_revision); + &add_content2xml_hash($register_hash, "gotoHardwareChecksum", $gotoHardwareChecksum); + &add_content2xml_hash($register_hash, "key_lifetime", $server_key_lifetime); + + # Add $HOSTNAME from ENV if force-hostname is set + if( defined($client_force_hostname) && $client_force_hostname eq "true") { + if(defined($ENV{HOSTNAME}) && length($ENV{HOSTNAME}) >0 ) { + &add_content2xml_hash($register_hash, "force-hostname", $ENV{HOSTNAME}); + } else { + &main::daemon_log("force-hostname was set to true, but no \$HOSTNAME was found in Environment!",0); + } + } + + # send xml hash to server with general server passwd + my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key); + + # if delivery of registration msg succeed + if($res eq "0") { + # reset try_to_register + $try_to_register = 0; - # send xml hash to server with general server passwd - my $res = &send_msg_hash_to_target($register_hash, $server, $default_server_key); - if($res == 0) { - # Set fixed client address + # Set fixed client address and mac address $client_ip= &get_local_ip_for_remote_ip(sprintf("%s", $server =~ /^([0-9\.]*?):.*$/)); $client_address= "$client_ip:$client_port"; + $client_mac_address = $local_mac; + $client_dnsname = $dnsname; + last; - # Write the MAC address to file - if(stat($opts_file)) { - unlink($opts_file); - } - my $opts_file_FH; - open($opts_file_FH, ">$opts_file"); - print $opts_file_FH "MAC=\"$local_mac\""; - close($opts_file_FH); - last; + # delivery of registration msg failed } else { - # wait 1 sec until trying to register again - sleep(1); + # wait 1 sec until trying to register again + sleep(1); next; } - } - + } # end of while + # one circle through all servers finished and no registration succeed + if ( $try_to_register >= @servers ) { + &write_to_file("gosa-si-no-server-available", $fai_logpath); + $kernel->delay_set('register_at_gosa_si_server', $delay_set_time); + + # delivery of registraion msg succeed, waiting for server response + } else { + daemon_log("INFO: waiting for msg 'register_at_gosa_si_server'",5); + $kernel->delay_set('register_at_gosa_si_server', $delay_set_time); + # clear old settings and set it again + $kernel->delay('trigger_new_key'); + $kernel->delay_set('trigger_new_key', $server_key_lifetime); + } - daemon_log("waiting for msg 'register_at_gosa_si_server'",1); -# $kernel->delay_set('register_at_gosa_si_server', 180); - $kernel->delay_set('register_at_gosa_si_server', 5); - # clear old settings and set it again - $kernel->delay_set('trigger_new_key', $server_key_lifetime); - } - return; + } + return; } sub check_key_and_xml_validity { my ($crypted_msg, $module_key) = @_; -#print STDERR "crypted_msg:$crypted_msg\n"; -#print STDERR "modul_key:$module_key\n"; my $msg; my $msg_hash; eval{ $msg = &decrypt_msg($crypted_msg, $module_key); - &main::daemon_log("decrypted_msg: \n$msg", 8); + &main::daemon_log("decrypted_msg: \n$msg", 9); $msg_hash = $xml->XMLin($msg, ForceArray=>1); + ############## # check header my $header_l = $msg_hash->{'header'}; if( 1 != @{$header_l} ) { @@ -950,63 +677,102 @@ sub check_key_and_xml_validity { die 'header has length 0'; } + ############## # check source my $source_l = $msg_hash->{'source'}; if( 1 != @{$source_l} ) { - die 'no or more sources specified'; + die 'no or more than 1 sources specified'; } my $source = @{$source_l}[0]; if( 0 == length $source) { die 'source has length 0'; } - - # check target + unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) { + die "source '$source' is neither a complete ip-address with port nor 'GOSA'"; + } + + ############## + # check target my $target_l = $msg_hash->{'target'}; if( 1 != @{$target_l} ) { - die 'no or more targets specified '; + die 'no or more than 1 targets specified '; } my $target = @{$target_l}[0]; if( 0 == length $target) { die 'target has length 0 '; } - + unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ){ + die "source is neither a complete ip-address with port nor 'GOSA'"; + } }; if($@) { &main::daemon_log("WARNING: do not understand the message or msg is not gosa-si envelope conform:", 5); &main::daemon_log("$@", 8); + $msg = undef; + $msg_hash = undef; } return ($msg, $msg_hash); } -sub import_events { +sub check_outgoing_xml_validity { + my ($msg) = @_; - if (not -e $event_dir) { - daemon_log("ERROR: cannot find directory or directory is not readable: $event_dir", 1); - } - opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n"; - - while (defined (my $event = readdir (DIR))) { - if( $event eq "." || $event eq ".." ) { next; } + my $msg_hash; + eval{ + $msg_hash = $xml->XMLin($msg, ForceArray=>1); - eval{ require $event; }; - if( $@ ) { - daemon_log("ERROR: import of event module '$event' failed", 1); - daemon_log("$@", 8); - next; + ############## + # check header + my $header_l = $msg_hash->{'header'}; + if( 1 != @{$header_l} ) { + die 'no or more than one headers specified'; } - - $event =~ /(\S*?).pm$/; - my $event_module = $1; - my $events_l = eval( $1."::get_events()") ; - foreach my $event_name (@{$events_l}) { - $event_hash->{$event_name} = $event_module; + my $header = @{$header_l}[0]; + if( 0 == length $header) { + die 'header has length 0'; } + ############## + # check source + my $source_l = $msg_hash->{'source'}; + if( 1 != @{$source_l} ) { + die 'no or more than 1 sources specified'; + } + my $source = @{$source_l}[0]; + if( 0 == length $source) { + die 'source has length 0'; + } + unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ || + $source =~ /^GOSA$/i ) { + die "source '$source' is neither a complete ip-address with port"; + } + + ############## + # check target + my $target_l = $msg_hash->{'target'}; + if( 1 != @{$target_l} ) { + die "no or more than one targets specified"; + } + foreach my $target (@$target_l) { + if( 0 == length $target) { + die "target has length 0"; + } + unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) { + die "target '$target' is not a complete ip-address with port or a valid target name"; + } + } + }; + if($@) { + daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5); + daemon_log("$@ $msg", 8); + $msg_hash = undef; } + return ($msg_hash); } + sub trigger_new_key { my ($kernel) = $_[KERNEL] ; @@ -1014,27 +780,307 @@ sub trigger_new_key { &send_msg_to_target($msg, $client_address, $server_key, 'new_key'); $kernel->delay_set('trigger_new_key', $server_key_lifetime); +} + +sub trigger_logged_in_users_report { + my ($kernel) = $_[KERNEL] ; + + # just do if client is registered already + if( $REGISTERED ) { + my $result = qx(/usr/bin/users); + my @logged_in_user_list; + if( defined $result ) { + chomp($result); + @logged_in_user_list = split(/\s/, $result); + } + + system("echo 'CURRENTLY_LOGGED_IN ".join(" ", @logged_in_user_list)."' > /var/run/gosa-si-client.socket"); + $kernel->delay_set('trigger_logged_in_users_report', $trigger_logged_in_users_report_delay); + } else { + # try it in 10 sec again + $kernel->delay_set('trigger_logged_in_users_report', 10); + } +} + +sub trigger_set_terminal_server +{ + # Function is defined in load_reporter.pm + if (exists $event_hash->{set_terminal_server}) + { + no strict 'refs'; + &{$event_hash->{set_terminal_server}."::set_terminal_server"}; + } + else + { + &daemon_log("0 ERROR: load_reporter.pm needs function set_terminal_server to write terminal server load information to client. Processing aborted!", 1); + } + return; +} + +sub trigger_seen_messages { + my ($kernel) = $_[KERNEL] ; + + # Select all files under /tmp with prefix 'goto_notify' + my $goto_dir = "/tmp"; + opendir(DIR, $goto_dir); + my @goto_files = grep { /.+\.goto_notify$/ && -f "$goto_dir/$_" } readdir(DIR); + closedir DIR; + + # Check if file has 'seen' tag + foreach my $goto_file (@goto_files) { + open(FILE, "$goto_dir/$goto_file"); + my @lines = ; + close FILE; + + my $source; + my $target; + my $usr; + my $subject; + my $message; + my $seen = 0; + chomp(@lines); + foreach my $line (@lines) { + if ($line =~ /^source:([\S\s]*)$/) { + $source = $1 + } + if ($line =~ /^target:([\S\s]*)$/) { + $target = $1; + } + if ($line =~ /^usr:([\S\s]*)$/) { + $usr = $1; + } + if ($line =~ /^subject:([\S\s]*)$/) { + $subject = $1; + } + if ($line =~ /^message:([\S\s]*)$/) { + $message = $1; + } + if ($line =~ /^seen$/) { + $seen++; + } + } + + # Send 'confirm_usr_msg' back to msg-hosting server + if ($seen) { + my %data = ('usr'=>$usr, 'subject'=>$subject, 'message'=>$message); + my $confirm_msg = &build_msg("confirm_usr_msg", $target, $source, \%data); + my $send_error = &send_msg_to_target($confirm_msg, $server_address, $server_key); + + # Delete file + if (not $send_error) { + system("rm $goto_dir/$goto_file"); + } + } + } + + $kernel->delay_set('trigger_seen_messages', $trigger_seen_messages_delay); + + return; +} + + +sub generic_file_error { + my ( $heap, $operation, $errno, $error_string, $wheel_id ) = + @_[ HEAP, ARG0, ARG1, ARG2, ARG3 ]; + + my $service = $heap->{services}->{$wheel_id}; + daemon_log("ERROR: '$service' watcher $operation error $errno: $error_string", 1); + daemon_log("ERROR: shutting down '$service' file watcher", 1); + + delete $heap->{services}->{$wheel_id}; + delete $heap->{watchers}->{$wheel_id}; + return; +} + + +sub fai_fifo_got_record { + my $file_record = $_[ARG0]; + my $header; + my $content = ""; + daemon_log("DEBUG: fifo got record: $file_record", 7); + + $file_record =~ /^(\S+)[ ]?([\s\S]+)?$/; + if( defined $1 ) { + $header = $1; + } else { + return; + } + + if( defined $2 ) { + $content = $2; + } + + my $clmsg_hash = &create_xml_hash("CLMSG_$header", $client_address, $server_address, $content); + &add_content2xml_hash($clmsg_hash, "macaddress", $client_mac_address); + my $utc_ts = &main::get_utc_time(); + &add_content2xml_hash($clmsg_hash, "timestamp", $utc_ts); + my $clmsg = &create_xml_string($clmsg_hash); + &send_msg_to_target($clmsg, $server_address, $server_key, "CLMSG_$header"); + + # if installation finished, save all log files + if ($file_record eq "TASKBEGIN finish") { + &save_fai_log($fai_log_dir); + } + + return; +} + + +sub system_fifo_got_record { + my ($kernel, $socket_com_record) = @_[KERNEL, ARG0]; + $socket_com_record =~ /^(\S+)\s?([\s\S]*)$/; + my $function = $1; + my $content = $2; + + if( exists $event_hash->{$function} ) + { + # a event exists with the header as name + daemon_log("INFO: found event '$function' at event-module '".$event_hash->{$function}."'", 5); + no strict 'refs'; + my $answer = &{$event_hash->{$function}."::$function"}($content, $kernel); + &post_processing_and_sending($answer) + } + else + { + daemon_log("ERROR: Got input '$socket_com_record' from socket '$system_com_fifo'", 1); + daemon_log("ERROR: No event '$function' found in event modules under '$event_dir'.", 1); + } + +# # Sanity check of fifo record +# +# # Create record message +# my $lr_msg_hash = &create_xml_hash("load_report", $client_address, $server_address, $file_record); +# &add_content2xml_hash($lr_msg_hash, "macaddress", $client_mac_address); +# my $utc_ts = &main::get_utc_time(); +# &add_content2xml_hash($lr_msg_hash, "timestamp", $utc_ts); +# my $lr_msg = &create_xml_string($lr_msg_hash); +# +# # Report message to si-server +# &send_msg_to_target($lr_msg, $server_address, $server_key, "load_report"); + + return; +} + + +sub save_fai_log { + my ($fai_log_dir) = @_ ; + my $FAI_DIR; + + # Directory for log files after a softupdate + my $log_dir = File::Spec->catdir($fai_log_dir, "localhost/last"); + + if (not -d $log_dir) { + # Directory for log files after a new installation + $log_dir = "/tmp/fai"; + if (not -d $log_dir) { + daemon_log("ERROR: cannot open directory $log_dir", 1); + return; + } + } + + opendir($FAI_DIR, "$log_dir"); + my @log_files = readdir($FAI_DIR); + closedir($FAI_DIR); + + my @log_list; + foreach my $log_file (@log_files) { + if( $log_file eq "." || $log_file eq ".." ) { next; } + + my $log = "log_file:$log_file:"; + $log_file = File::Spec->catfile( $log_dir, $log_file ); + + if (not -f $log_file) { + daemon_log("ERROR: cannot read $log_file", 1); + next; + } + + open(FILE, "<$log_file"); + my @lines = ; + close (FILE); + my $log_string = join("", @lines); + $log .= &encode_base64($log_string); + push(@log_list, $log); + } + + my $all_log_string = join("\n", @log_list); + my $msg_hash = &create_xml_hash("CLMSG_save_fai_log", $client_address, $server_address, $all_log_string); + &add_content2xml_hash($msg_hash, "macaddress", $client_mac_address); + my $msg = &create_xml_string($msg_hash); + &send_msg_to_target($msg, $server_address, $server_key, "CLMSG_save_fai_log"); + +} + + +sub sig_handler { + my ($kernel, $signal) = @_[KERNEL, ARG0] ; + daemon_log("0 INFO got signal '$signal'", 1); + $kernel->sig_handled(); + return; } sub _start { - my ($kernel) = $_[KERNEL]; + my ($kernel, $heap) = @_[KERNEL, HEAP]; $kernel->alias_set('client_session'); + $global_kernel = $kernel; # this is used to throw events at each point of the skript + + $kernel->sig(USR1 => "sig_handler"); + + # force a registration at a gosa-si-server $kernel->yield('register_at_gosa_si_server'); + + # install all file watcher defined + while( my($name, $file) = each %files_to_watch ) { + my $watcher = POE::Wheel::FollowTail->new( + Filename => $file, + InputEvent => $name."_record", + ErrorEvent => "file_error", + ); + $heap->{services}->{ $watcher->ID } = $name; + $heap->{watchers}->{ $watcher->ID } = $watcher; + } + $kernel->yield('trigger_logged_in_users_report'); + $kernel->yield('trigger_seen_messages'); +} + + +sub _default { + daemon_log("ERROR: can not handle incoming msg with header '$_[ARG0]'", 1); + return; } sub server_input { my ($kernel, $heap, $input, $wheel) = @_[KERNEL, HEAP, ARG0, ARG1]; + my $remote_ip = $heap->{'remote_ip'}, my $error = 0; my $answer; - daemon_log("Incoming msg:\n$input\n", 8); + daemon_log("INFO: Incoming msg from '$remote_ip'", 5); + daemon_log("DEBUG: Incoming msg:\n$input\n", 9); - my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $server_key); + # Cut of ip and port from msgs tail + my ($encrypted_msg, $msg_source) = split(/;/, $input); + + my ($msg, $msg_hash) = &check_key_and_xml_validity($encrypted_msg, $server_key); if( (!$msg) || (!$msg_hash) ) { - daemon_log("Deciphering of incoming msg failed", 5); + daemon_log("WARNING: Deciphering of incoming msg failed", 3); + if($server_address =~ /$remote_ip/) { + # got a msg from gosa-si-server which can not be decrypted, may the secrete not up-to-date + # cause a reregistering with a new secrete handshake + daemon_log("WARNING: Message from gosa-si-server could not be understood, cause reregistering at server", 3); + + # if client is alread in a registration process, that means not registered, do nothing + # if not, cause re-registration +# TODO : This if-else can cause a registration deadlock. Currently I can not reproduce the deadlock and don't have a clue what is the reason for the deadlock + if (not $REGISTERED) { + &daemon_log("WARNING: gosa-si-client is already in a registration process so ignore this message", 3); + } else { + $REGISTERED = 0; + $kernel->post('client_session', 'register_at_gosa_si_server'); + } + } $error++; } @@ -1046,39 +1092,63 @@ sub server_input { my $source = @{$msg_hash->{source}}[0]; if( exists $event_hash->{$header} ) { + # a event exists with the header as name - daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5); + daemon_log("INFO: found event '$header' at event-module '".$event_hash->{$header}."'", 5); no strict 'refs'; $answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash); } else { - daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 1); + daemon_log("WARNING: no event '$header' found in event modules under $event_dir", 3); } } ######## # answer - if( $answer ) { - # preprocessing - if( $answer =~ "
registered
") { - # set registered flag to true to stop sending further registered msgs - $REGISTERED = 1; - } - else { - &send_msg_to_target($answer, $server_address, $server_key); - } - # postprocessing - if( $answer =~ "
new_key
") { - # set new key to global variable - $answer =~ /(\S*?)<\/new_key>/; - my $new_key = $1; - $server_key = $new_key; - } - } + &post_processing_and_sending($answer); return; } +sub post_processing_and_sending +{ + my ($answer) = @_ ; + + # Do nothing if answer does not exists + if (not defined $answer) { return; } + + # Check gosa-si envelope validity + my $answer_hash = &check_outgoing_xml_validity($answer); + + if( $answer_hash ) + { + # Answer is valid + # Pre-sending + if( $answer =~ "
registered
") + { + # Set registered flag to true to stop sending further registered msgs + $REGISTERED = 1; + } + else + { + $answer =~ /
(\S+)<\/header>/; + &send_msg_to_target($answer, $server_address, $server_key, $1); + } + + # Post-sending + if( $answer =~ "
new_key
") + { + # Set new key to global variable + $answer =~ /(\S*?)<\/new_key>/; + my $new_key = $1; + $server_key = $new_key; + } + } + + return; +} + + #==== MAIN = main ============================================================== # parse commandline options Getopt::Long::Configure( "bundling" ); @@ -1096,9 +1166,9 @@ GetOptions("h|help" => \&usage, # forward error messages to logfile if ( ! $foreground ) { - open STDIN, '/dev/null' or die "Can’t read /dev/null: $!"; - open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!"; - open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!"; + open( STDIN, '+>/dev/null' ); + open( STDOUT, '+>&STDIN' ); + open( STDERR, '+>&STDIN' ); } # Just fork, if we are not in foreground mode @@ -1107,8 +1177,7 @@ if( ! $foreground ) { $pid = fork; setsid or die "Can't start a new session: $!"; umask 0; -} -else { +} else { $pid = $$; } @@ -1122,8 +1191,29 @@ if( 0 != $pid ) { }; } +# parse head url and revision from svn +my $client_status_hash = { 'developmental'=>'revision', 'stable'=>'release'}; +$client_version =~ /^\$HeadURL: (\S+) \$:\$Rev: (\d+) \$$/; +$client_headURL = defined $1 ? $1 : 'unknown' ; +$client_revision = defined $2 ? $2 : 'unknown' ; +if ($client_headURL =~ /\/tag\// || + $client_headURL =~ /\/branches\// ) { + $client_status = "stable"; +} else { + $client_status = "developmental" ; +} + +# Determine root uid and adm gid, used for creating log files +$root_uid = getpwnam('root'); +$adm_gid = getgrnam('adm'); +if(not defined $adm_gid){ + $adm_gid = getgrnam('root'); +} + daemon_log(" ", 1); -daemon_log("$0 started!", 1); +daemon_log("$prg started!", 1); +daemon_log("INFO: status: $client_status", 1); +daemon_log("INFO: ".$client_status_hash->{$client_status}.": $client_revision", 1); # delete old DBsqlite lock files system('rm -f /tmp/gosa_si_lock*gosa-si-client*'); @@ -1132,17 +1222,30 @@ system('rm -f /tmp/gosa_si_lock*gosa-si-client*'); $client_address = $client_ip.":".$client_port; my $network_interface= &get_interface_for_ip($client_ip); $client_mac_address= &get_mac($network_interface); -daemon_log("gosa-si-client ip address detected: $client_ip", 1); -daemon_log("gosa-si-client mac address detected: $client_mac_address", 1); +daemon_log("INFO: ip address detected: $client_ip", 1); +daemon_log("INFO: gosa-si-client mac address detected: $client_mac_address", 1); # import events -&import_events(); +my ($error, $result, $tmp_hash) = &import_events($event_dir); +while (my ($module, $mod_event_hash) = each %$tmp_hash) { + while (my ($event_name, $nothing) = each %$mod_event_hash) { + $event_hash->{$event_name} = $module; + } +} + +foreach my $log_line (@$result) { + if ($log_line =~ / succeed: /) { + &main::daemon_log("0 DEBUG: $log_line", 7); + } else { + &main::daemon_log("0 ERROR: $log_line", 1); + } +} # compute hardware checksum $gotoHardwareChecksum= &generate_hw_digest(); -daemon_log("gosa-si-client gotoHardwareChecksum detected: $gotoHardwareChecksum", 1); +daemon_log("INFO: gotoHardwareChecksum detected: $gotoHardwareChecksum", 1); # create socket for incoming xml messages @@ -1151,44 +1254,99 @@ POE::Component::Server::TCP->new( Port => $client_port, ClientInput => \&server_input, ); -daemon_log("start socket for incoming xml messages at port '$client_port' ", 1); +daemon_log("INFO: start socket for incoming xml messages at port '$client_port' ", 1); # prepare variables +if( inet_aton($server_ip) ){ $server_ip = inet_ntoa(inet_aton($server_ip)); } if (defined $server_ip && defined $server_port) { $server_address = $server_ip.":".$server_port; } $xml = new XML::Simple(); $default_server_key = $server_key; - # add gosa-si-server address from config file at first position of server list -if (defined $server_address) { - unshift(@servers, $server_address); - my $servers_string = join(", ", @servers); - daemon_log("found servers in configuration file: $servers_string", 5); -} -else { - if ( !$server_domain) { - daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1); - exit( 1 ); - } - my @tmp_servers = &get_server_addresses($server_domain); - foreach my $server (@tmp_servers) { - unshift(@servers, $server); - } - my $servers_string = join(", ", @servers); - daemon_log("found servers in DNS: $servers_string", 5); +my $server_check_cfg = Config::IniFiles->new( -file => $cfg_file ); +my $server_check = (defined($server_check_cfg))?$server_check_cfg->val( "server", "ip"):undef; +if( defined $server_check ) { + unshift(@servers, $server_address); + my $servers_string = join(", ", @servers); + daemon_log("INFO: found servers in configuration file: $servers_string", 1); +} else { + my @tmp_servers; + if ( !$server_domain) { + # Try our DNS Searchlist + my @domain_list = &get_dns_domains(); + my $tmp_domains; + my $error_string; + for my $domain (@domain_list) { + chomp($domain); + ($tmp_domains, $error_string) = &get_server_addresses($domain); + if(@$tmp_domains) { + for my $tmp_server(@$tmp_domains) { + push @tmp_servers, $tmp_server; + } + } + } + if (0 == @tmp_servers) { + my $log_string = "no gosa-si-server found in DNS for domain: ".join(", ", @domain_list) if (@domain_list); + my $log_string2 = "server addresses in domain: ".join(", ",@$tmp_domains) if (defined($tmp_domains)); + daemon_log("ERROR: $log_string", 1) if (defined($log_string)); + daemon_log("ERROR: $log_string2", 1) if (defined($log_string2)); + daemon_log("ERROR: $error_string", 1) if (defined($error_string)); + daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1); + kill 2, $$; + } + } else { + @tmp_servers = &get_server_addresses($server_domain); + if( 0 == @tmp_servers ) { + daemon_log("ERROR: no gosa-si-server found in DNS for domain '$server_domain'",1); + daemon_log("ERROR: please specify a gosa-si-server address or a domain in config file", 1); + kill 2, $$; + } + } + + foreach my $server (@tmp_servers) { + unshift(@servers, $server); + } + my $servers_string = join(", ", @servers); + daemon_log("INFO: found servers in DNS: $servers_string", 1); } +# Open a new fifo for FAI messages to gosa-si-server +if (-p $fai_com_fifo) { unlink $fai_com_fifo } +POSIX::mkfifo("$fai_com_fifo", 0600); +# Open a new fifo for system communication, +if (-p $system_com_fifo) { unlink $system_com_fifo } +if ($system_com eq "enabled") +{ + POSIX::mkfifo("$system_com_fifo", 0600); +} POE::Session->create( inline_states => { _start => \&_start, + _default => \&_default, + sig_handler => \&sig_handler, register_at_gosa_si_server => \®ister_at_gosa_si_server, + + # trigger periodical tasks trigger_new_key => \&trigger_new_key, + trigger_logged_in_users_report => \&trigger_logged_in_users_report, + trigger_seen_messages => \&trigger_seen_messages, + + # trigger non periodical tasks + trigger_set_terminal_server => \&trigger_set_terminal_server, + + # handle records from each defined file differently + fai_fifo_record => \&fai_fifo_got_record, + system_fifo_record => \&system_fifo_got_record, + + # handle file resets and errors the same way for each file + file_reset => \&generic_file_reset, + file_error => \&generic_file_error, } );