X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-si%2Fgosa-si-server;h=10a6d118545fd228de44eec18beb9d5e20fd220b;hb=0e2de0eb04845891d90f6bf127224ac5110dcf1c;hp=027814b80a50c84c481ce95cf9e50a37a23935b9;hpb=7a175f7355bbc2dfb1b4165a5f684b4f833286c4;p=gosa.git diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server index 027814b80..10a6d1185 100755 --- a/gosa-si/gosa-si-server +++ b/gosa-si/gosa-si-server @@ -8,7 +8,9 @@ # DESCRIPTION: # # OPTIONS: --- -# REQUIREMENTS: libconfig-inifiles-perl libcrypt-rijndael-perl libxml-simple-perl libipc-shareable-perl libdata-dumper-simple-perl +# REQUIREMENTS: libconfig-inifiles-perl libcrypt-rijndael-perl libxml-simple-perl +# libdata-dumper-simple-perl libdbd-sqlite3-perl libnet-ldap-perl +# libpoe-perl # BUGS: --- # NOTES: # AUTHOR: (Andreas Rettenberger), @@ -18,16 +20,17 @@ # REVISION: --- #=============================================================================== - use strict; use warnings; use Getopt::Long; use Config::IniFiles; use POSIX; -use Time::HiRes qw( gettimeofday ); use Fcntl; use IO::Socket::INET; +use IO::Handle; +use IO::Select; +use Symbol qw(qualify_to_ref); use Crypt::Rijndael; use MIME::Base64; use Digest::MD5 qw(md5 md5_hex md5_base64); @@ -36,35 +39,39 @@ use Data::Dumper; use Sys::Syslog qw( :DEFAULT setlogsock); use Cwd; use File::Spec; -use IPC::Shareable qw( :lock); -IPC::Shareable->clean_up_all; - -use lib "/etc/gosa-si/modules"; -my $modules_path = "/etc/gosa-si/modules"; - -my ($cfg_file, %cfg_defaults, $foreground, $verbose, $ping_timeout, $no_bus); -my ($bus, $msg_to_bus, $bus_cipher); -my ($server, $server_mac_address, $server_events); -my ($gosa_server); -my ($known_daemons, $shmda, $known_clients, $shmcl, $known_modules); -my ($max_clients); +use File::Basename; +use GOSA::DBsqlite; +use GOSA::GosaSupportDaemon; +use POE qw(Component::Server::TCP); + +my $modules_path = "/usr/lib/gosa-si/modules"; +use lib "/usr/lib/gosa-si/modules"; + +my (%cfg_defaults, $foreground, $verbose, $ping_timeout); +my ($bus_activ, $bus, $msg_to_bus, $bus_cipher); +my ($server, $server_mac_address); +my ($gosa_server, $job_queue_timeout, $job_queue_table_name, $job_queue_file_name,$job_queue_loop_delay); +my ($known_modules, $known_clients_file_name, $known_server_file_name); my ($pid_file, $procid, $pid, $log_file); -my (%free_child, %busy_child, $child_max, $child_min, %child_alive_time, $child_timeout); -my ($arp_activ, $arp_fifo, $arp_fifo_path, $no_arp); +my ($arp_activ, $arp_fifo); +my ($xml); # variables declared in config file are always set to 'our' our (%cfg_defaults, $log_file, $pid_file, - $bus_activ, $bus_passwd, $bus_ip, $bus_port, - $server_activ, $server_ip, $server_port, $server_passwd, $max_clients, - $arp_activ, $arp_fifo_path, - $gosa_activ, $gosa_passwd, $gosa_ip, $gosa_port, $gosa_timeout, + $server_ip, $server_port, $SIPackages_key, + $arp_activ, $gosa_unit_tag, + $GosaPackages_key, $gosa_ip, $gosa_port, $gosa_timeout, ); # additional variable which should be globaly accessable -our $xml; our $server_address; our $bus_address; our $gosa_address; +our $no_bus; +our $no_arp; +our $verbose; +our $forground; +our $cfg_file; # specifies the verbosity of the daemon_log $verbose = 0 ; @@ -76,57 +83,47 @@ $foreground = 0 ; $ping_timeout = 5; $no_bus = 0; +$bus_activ = "true"; $no_arp = 0; +# holds all gosa jobs +our $job_db; +our $job_queue_table_name = 'jobs'; + # holds all other gosa-sd as well as the gosa-sd-bus -our $known_daemons = {}; -our $shmda = tie($known_daemons, 'IPC::Shareable', undef, {create => 1, - exclusive => 1, - mode => 0666, - destroy => 1, - }); +our $known_server_db; + # holds all registrated clients -our $known_clients = {}; -our $shmcl = tie($known_clients, 'IPC::Shareable', undef, {create => 1, - exclusive => 1, - mode => 0666, - destroy => 1, - }); - - -%cfg_defaults = -("general" => - {"log_file" => [\$log_file, "/var/run/".$0.".log"], - "pid_file" => [\$pid_file, "/var/run/".$0.".pid"], - "child_max" => [\$child_max, 10], - "child_min" => [\$child_min, 3], - "child_timeout" => [\$child_timeout, 180], - }, -"bus" => - {"bus_activ" => [\$bus_activ, "on"], - "bus_passwd" => [\$bus_passwd, ""], - "bus_ip" => [\$bus_ip, ""], - "bus_port" => [\$bus_port, "20080"], +our $known_clients_db; +our $prg= basename($0); + +%cfg_defaults = ( +"general" => { + "log-file" => [\$log_file, "/var/run/".$prg.".log"], + "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"], }, -"server" => - {"server_activ" => [\$server_activ, "on"], - "server_ip" => [\$server_ip, ""], - "server_port" => [\$server_port, "20081"], - "server_passwd" => [\$server_passwd, ""], - "max_clients" => [\$max_clients, 100], +"bus" => { + "activ" => [\$bus_activ, "true"], }, -"arp" => - {"arp_activ" => [\$arp_activ, "on"], - "arp_fifo_path" => [\$arp_fifo_path, "/var/run/gosa-si/arp-notify"], +"server" => { +# "ip" => [\$server_ip, "0.0.0.0"], + "port" => [\$server_port, "20081"], + "known-clients" => [\$known_clients_file_name, '/var/lib/gosa-si/clients.db' ], + "known-servers" => [\$known_server_file_name, '/var/lib/gosa-si/servers.db'], + "gosa-unit-tag" => [\$gosa_unit_tag, ""], }, -"gosa" => - {"gosa_activ" => [\$gosa_activ, "on"], - "gosa_ip" => [\$gosa_ip, ""], - "gosa_port" => [\$gosa_port, "20082"], - "gosa_passwd" => [\$gosa_passwd, "none"], +"GOsaPackages" => { + "ip" => [\$gosa_ip, "0.0.0.0"], + "port" => [\$gosa_port, "20082"], + "job-queue" => [\$job_queue_file_name, '/var/lib/gosa-si/jobs.db'], + "job-queue-loop-delay" => [\$job_queue_loop_delay, 3], + "key" => [\$GosaPackages_key, "none"], }, - ); +"SIPackages" => { + "key" => [\$SIPackages_key, "none"], + }, +); #=== FUNCTION ================================================================ @@ -137,12 +134,15 @@ our $shmcl = tie($known_clients, 'IPC::Shareable', undef, {create => 1, #=============================================================================== sub usage { print STDERR << "EOF" ; -usage: $0 [-hvf] [-c config] +usage: $prg [-hvf] [-c config] -h : this (help) message -c : config file -f : foreground, process will not be forked to background -v : be verbose (multiple to increase verbosity) + -no-bus : starts $prg without connection to bus + -no-arp : starts $prg without connection to arp module + EOF print "\n" ; } @@ -160,7 +160,7 @@ sub read_configfile { if( -r $cfg_file ) { $cfg = Config::IniFiles->new( -file => $cfg_file ); } else { - print STDERR "Couldn't read config file!"; + print STDERR "Couldn't read config file!\n"; } } else { $cfg = Config::IniFiles->new() ; @@ -183,7 +183,7 @@ sub read_configfile { # DESCRIPTION: function for logging #=============================================================================== sub daemon_log { -# log into log_file + # log into log_file my( $msg, $level ) = @_; if(not defined $msg) { return } if(not defined $level) { $level = 1 } @@ -194,11 +194,25 @@ sub daemon_log { return } chomp($msg); if($level <= $verbose){ - print LOG_HANDLE "$level $msg\n"; - if(defined $foreground) { print $msg."\n" } + my ($seconds, $minutes, $hours, $monthday, $month, + $year, $weekday, $yearday, $sommertime) = localtime(time); + $hours = $hours < 10 ? $hours = "0".$hours : $hours; + $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes; + $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds; + my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"); + $month = $monthnames[$month]; + $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday; + $year+=1900; + my $name = $prg; + + my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n"; + print LOG_HANDLE $log_msg; + if( $foreground ) { + print STDERR $log_msg; + } } + close( LOG_HANDLE ); } - close( LOG_HANDLE ); #log into syslog # my ($msg, $level, $facility) = @_; # if(not defined $msg) {return} @@ -220,12 +234,12 @@ sub daemon_log { sub check_cmdline_param () { my $err_config; my $err_counter = 0; - if( not defined( $cfg_file)) { - #$err_config = "please specify a config file"; - #$err_counter += 1; - my $cwd = getcwd; - my $name = "/etc/gosa-si/server.conf"; - $cfg_file = File::Spec->catfile( $cwd, $name ); + if(not defined($cfg_file)) { + $cfg_file = "/etc/gosa-si/server.conf"; + if(! -r $cfg_file) { + $err_config = "please specify a config file"; + $err_counter += 1; + } } if( $err_counter > 0 ) { &usage( "", 1 ); @@ -284,39 +298,13 @@ sub check_pid { } } - -#=== FUNCTION ================================================================ -# NAME: get_ip_and_mac -# PARAMETERS: nothing -# RETURNS: (ip, mac) -# DESCRIPTION: executes /sbin/ifconfig and parses the output, the first occurence -# of a inet address is returned as well as the mac address in the line -# above the inet address -#=============================================================================== -sub get_ip_and_mac { - my $ip = "0.0.0.0.0"; # Defualt-IP - my $mac = "00:00:00:00:00:00"; # Default-MAC - my @ifconfig = qx(/sbin/ifconfig); - foreach(@ifconfig) { - if (/Hardware Adresse (\S{2}):(\S{2}):(\S{2}):(\S{2}):(\S{2}):(\S{2})/) { - $mac = "$1:$2:$3:$4:$5:$6"; - next; - } - if (/inet Adresse:(\d+).(\d+).(\d+).(\d+)/) { - $ip = "$1.$2.$3.$4"; - last; - } - } - return ($ip, $mac); -} - - - #=== FUNCTION ================================================================ # NAME: import_modules -# PARAMETERS: module_path - string - abs. path to the directory the modules are stored +# PARAMETERS: module_path - string - abs. path to the directory the modules +# are stored # RETURNS: nothing -# DESCRIPTION: each file in module_path which ends with '.pm' is imported by "require 'file';" +# DESCRIPTION: each file in module_path which ends with '.pm' and activation +# state is on is imported by "require 'file';" #=============================================================================== sub import_modules { daemon_log(" ", 1); @@ -330,52 +318,32 @@ sub import_modules { if (not $file =~ /(\S*?).pm$/) { next; } + my $mod_name = $1; + + if( $file =~ /ArpHandler.pm/ ) { + if( $no_arp > 0 ) { + next; + } + } + eval { require $file; }; if ($@) { - daemon_log("ERROR: gosa-sd could not load module $file", 1); + daemon_log("ERROR: gosa-si-server could not load module $file", 1); daemon_log("$@", 5); - next; - } - my $mod_name = $1; - my $module_tag_hash = eval( $mod_name.'::get_module_tags()' ); - $known_modules->{$mod_name} = $module_tag_hash; - - daemon_log("load module $mod_name", 1); + } else { + my $info = eval($mod_name.'::get_module_info()'); + # Only load module if get_module_info() returns a non-null object + if( $info ) { + my ($input_address, $input_key, $input, $input_active, $input_type) = @{$info}; + $known_modules->{$mod_name} = $info; + daemon_log("module $mod_name loaded", 1); + } + } } - - # for debugging - #while ( my ($module, $tag_hash) = each(%$known_modules)) { - # print "\tmodule: $module"."\n"; - # print "\ttags: ".join(", ", keys(%$tag_hash))."\n"; - #} close (DIR); } -#=== FUNCTION ================================================================ -# NAME: register_at_bus -# PARAMETERS: nothing -# RETURNS: nothing -# DESCRIPTION: creates an entry in known_daemons and send a 'here_i_am' msg to bus -#=============================================================================== -sub register_at_bus { - - # create known_daemons entry - &create_known_daemon($bus_address); - &add_content2known_daemons(hostname=>$bus_address, status=>"register_at_bus", passwd=>$bus_passwd); - - my $msg_hash = &create_xml_hash("here_i_am", "$server_ip:$server_port", $bus_address); - my $answer = ""; - $answer = &send_msg_hash2address($msg_hash, $bus_address); - if ($answer == 0) { - daemon_log("register at bus: $bus_address", 1); - } else { - daemon_log("unable to send 'register'-msg to bus: $bus_address", 1); - } - return; -} - - #=== FUNCTION ================================================================ # NAME: sig_int_handler # PARAMETERS: signal - string - signal arose from system @@ -384,337 +352,314 @@ sub register_at_bus { #=============================================================================== sub sig_int_handler { my ($signal) = @_; - if($server){ - close($server); - daemon_log("daemon server closed", 1); - } - if( -p $arp_fifo_path ) { - close $arp_fifo ; - unlink($arp_fifo_path) ; - daemon_log("ARP_FIFO closed", 1) ; - } - - if($gosa_server){ - close($gosa_server); - daemon_log("gosa server closed", 1); - } - print STDERR "$signal\n"; - + daemon_log("shutting down gosa-si-server", 1); exit(1); } $SIG{INT} = \&sig_int_handler; -#=== FUNCTION ================================================================ -# NAME: activating_child -# PARAMETERS: msg - string - incoming message -# host - string - host from which the incomming message comes -# RETURNS: nothing -# DESCRIPTION: handels the distribution of incoming messages to working childs -#=============================================================================== -sub activating_child { - my ($msg, $host, $client) = @_; - my $child = &get_processing_child(); - my $pipe_wr = $$child{'pipe_wr'}; - my $pipe_rd = $$child{'pipe_rd'}; - $$child{client_ref} = $client; - daemon_log("activating: childpid:$$child{'pid'}", 5); - print $pipe_wr $msg.".".$host."\n"; +sub check_key_and_xml_validity { + my ($crypted_msg, $module_key) = @_; + my $msg; + my $msg_hash; + my $error_string; + eval{ + $msg = &decrypt_msg($crypted_msg, $module_key); - return; + if ($msg =~ //i){ + &main::daemon_log("decrypted_msg: \n$msg", 8); + $msg_hash = $xml->XMLin($msg, ForceArray=>1); + + ############## + # check header + if( not exists $msg_hash->{'header'} ) { die "no header specified"; } + my $header_l = $msg_hash->{'header'}; + if( 1 > @{$header_l} ) { die 'empty header tag'; } + if( 1 < @{$header_l} ) { die 'more than one header specified'; } + my $header = @{$header_l}[0]; + if( 0 == length $header) { die 'empty string in header tag'; } + + ############## + # check source + if( not exists $msg_hash->{'source'} ) { die "no source specified"; } + my $source_l = $msg_hash->{'source'}; + if( 1 > @{$source_l} ) { die 'empty source tag'; } + if( 1 < @{$source_l} ) { die 'more than one source specified'; } + my $source = @{$source_l}[0]; + if( 0 == length $source) { die 'source error'; } + + ############## + # check target + if( not exists $msg_hash->{'target'} ) { die "no target specified"; } + my $target_l = $msg_hash->{'target'}; + if( 1 > @{$target_l} ) { die 'empty target tag'; } + } + }; + if($@) { + &main::daemon_log("WARNING: do not understand the message", 5); + &main::daemon_log("$@", 8); + $msg = undef; + $msg_hash = undef; + } + + return ($msg, $msg_hash); } -#=== FUNCTION ================================================================ -# NAME: get_processing_child -# PARAMETERS: nothing -# RETURNS: child - hash - holding the process id and the references to the pipe -# handles pipe_wr and pipe_rd -# DESCRIPTION: handels the forking, reactivating and keeping alive tasks -#=============================================================================== -sub get_processing_child { - my $child; +sub check_outgoing_xml_validity { + my ($msg) = @_; + + my $msg_hash; + eval{ + $msg_hash = $xml->XMLin($msg, ForceArray=>1); - while(my ($key, $val) = each(%free_child)) { - my $exitus_pid = waitpid($key, WNOHANG); - if($exitus_pid != 0) { - delete $free_child{$key}; + ############## + # check header + my $header_l = $msg_hash->{'header'}; + if( 1 != @{$header_l} ) { + die 'no or more than one headers specified'; } - daemon_log("free child:$key", 5); - } - # check @free_child and @busy_child - my $free_len = scalar(keys(%free_child)); - my $busy_len = scalar(keys(%busy_child)); - daemon_log("free children $free_len, busy children $busy_len", 5); - - # if there is a free child, let the child work - if($free_len > 0){ - my @keys = keys(%free_child); - $child = $free_child{$keys[0]}; - if(defined $child) { - $busy_child{$$child{'pid'}} = $child ; - delete $free_child{$$child{'pid'}}; + my $header = @{$header_l}[0]; + if( 0 == length $header) { + die 'header has length 0'; + } + + ############## + # check source + my $source_l = $msg_hash->{'source'}; + if( 1 != @{$source_l} ) { + die 'no or more than 1 sources specified'; + } + my $source = @{$source_l}[0]; + if( 0 == length $source) { + die 'source has length 0'; } - return $child; + unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ || + $source =~ /^GOSA$/i ) { + die "source '$source' is neither a complete ip-address with port nor 'GOSA'"; + } + + ############## + # check target + my $target_l = $msg_hash->{'target'}; + if( 0 == @{$target_l} ) { + die "no targets specified"; + } + foreach my $target (@$target_l) { + if( 0 == length $target) { + die "target has length 0"; + } + unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ || + $target =~ /^GOSA$/i || + $target =~ /^\*$/ || + $target =~ /KNOWN_SERVER/i || + $target =~ /JOBDB/i || + $target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ){ + die "target '$target' is not a complete ip-address with port or a valid target name or a mac-address"; + } + } + }; + if($@) { + daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5); + daemon_log("$@ ".(defined($msg) && length($msg)>0)?$msg:"Empty Message", 8); + $msg_hash = undef; } - # no free child, try to fork another one - if($free_len + $busy_len < $child_max) { + return ($msg_hash); +} - daemon_log("not enough children, create a new one", 5); - # New pipes for communication - my( $PARENT_wr, $PARENT_rd ); - my( $CHILD_wr, $CHILD_rd ); - pipe( $CHILD_rd, $PARENT_wr ); - pipe( $PARENT_rd, $CHILD_wr ); - $PARENT_wr->autoflush(1); - $CHILD_wr->autoflush(1); +sub input_from_known_server { + my ($input, $remote_ip) = @_ ; + my ($msg, $msg_hash, $module); - ############ - # fork child - ############ - my $child_pid = fork(); - - #CHILD - if($child_pid == 0) { - # Close unused pipes - close( $CHILD_rd ); - close( $CHILD_wr ); - while( 1 ) { - my $rbits = ""; - vec( $rbits, fileno $PARENT_rd , 1 ) = 1; - my $nf = select($rbits, undef, undef, $child_timeout); - if($nf < 0 ) { - die "select(): $!\n"; - } elsif (! $nf) { - # if already child_min childs are alive, then leave loop - $free_len = scalar(keys(%free_child)); - $busy_len = scalar(keys(%busy_child)); - if($free_len + $busy_len >= $child_min) { - last; - } else { - redo; - } - } + my $sql_statement= "SELECT * FROM known_server"; + my $query_res = $known_server_db->select_dbentry( $sql_statement ); - # a job for a child arise - if ( vec $rbits, fileno $PARENT_rd, 1 ) { - # read everything from pipe - my $msg = ""; - $PARENT_rd->blocking(0); - while(1) { - my $read = <$PARENT_rd>; - if(not defined $read) { last} - $msg .= $read; - } + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $host_name = $hit->{hostname}; + if( not $host_name =~ "^$remote_ip") { + next; + } + my $host_key = $hit->{hostkey}; + daemon_log("SIPackages: known_server host_name: $host_name", 7); + daemon_log("SIPackages: known_server host_key: $host_key", 7); + + # check if module can open msg envelope with module key + my ($tmp_msg, $tmp_msg_hash) = &check_key_and_xml_validity($input, $host_key); + if( (!$tmp_msg) || (!$tmp_msg_hash) ) { + daemon_log("SIPackages: deciphering raise error", 7); + daemon_log("$@", 8); + next; + } + else { + $msg = $tmp_msg; + $msg_hash = $tmp_msg_hash; + $module = "SIPackages"; + last; + } + } - ###################################### - # forward msg to all imported modules - no strict "refs"; - my $answer; - while( my ($module, $tag_hash) = each(%$known_modules)) { - #if(exists $known_modules->{$module}->{server_packages}) { - my $tmp = &{ $module."::process_incoming_msg" }($msg); - if (defined $tmp) { - $answer = $tmp; - } - #} - } + if( (!$msg) || (!$msg_hash) || (!$module) ) { + daemon_log("Incoming message is not from a known server", 3); + } + + return ($msg, $msg_hash, $module); +} - #&print_known_daemons(); - #&print_known_clients(); - daemon_log("processing of msg finished", 5); +sub input_from_known_client { + my ($input, $remote_ip) = @_ ; + my ($msg, $msg_hash, $module); - if (defined $answer) { - print $PARENT_wr $answer."\n"; - daemon_log("\t$answer", 5); - daemon_log(" ", 5); - } else { - print $PARENT_wr "done"."\n"; - daemon_log(" ", 5); - } - redo; - } - } - # childs leaving the loop are allowed to die - exit(0); + my $sql_statement= "SELECT * FROM known_clients"; + my $query_res = $known_clients_db->select_dbentry( $sql_statement ); + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $host_name = $hit->{hostname}; + if( not $host_name =~ /^$remote_ip:\d*$/) { + next; + } + my $host_key = $hit->{hostkey}; + &daemon_log("SIPackages: known_client host_name: $host_name", 7); + &daemon_log("SIPackages: known_client host_key: $host_key", 7); + # check if module can open msg envelope with module key + ($msg, $msg_hash) = &check_key_and_xml_validity($input, $host_key); - #PARENT - } else { - # Close unused pipes - close( $PARENT_rd ); - close( $PARENT_wr ); - - # add child to child alive hash - my %child_hash = ( - 'pid' => $child_pid, - 'pipe_wr' => $CHILD_wr, - 'pipe_rd' => $CHILD_rd, - 'client_ref' => "", - ); - - $child = \%child_hash; - $busy_child{$$child{'pid'}} = $child; - return $child; + if( (!$msg) || (!$msg_hash) ) { + &daemon_log("SIPackages: deciphering raise error", 7); + &daemon_log("$@", 8); + next; + } + else { + $module = "SIPackages"; + last; } } + + if( (!$msg) || (!$msg_hash) || (!$module) ) { + &daemon_log("Incoming message is not from a known client", 3); + } + + return ($msg, $msg_hash, $module); } -#=== FUNCTION ================================================================ -# NAME: process_incoming_msg -# PARAMETERS: crypted_msg - string - incoming crypted message -# RETURNS: nothing -# DESCRIPTION: handels the proceeded distribution to the appropriated functions -#=============================================================================== -sub process_incoming_msg { - my ($crypted_msg) = @_; - if(not defined $crypted_msg) { - daemon_log("function 'process_incoming_msg': got no msg", 7); - } - $crypted_msg =~ /^([\s\S]*?)\.(\d{1,3}?)\.(\d{1,3}?)\.(\d{1,3}?)\.(\d{1,3}?)$/; - $crypted_msg = $1; - my $host = sprintf("%s.%s.%s.%s", $2, $3, $4, $5); - daemon_log("msg from host:", 1); - daemon_log("\t$host", 1); - #daemon_log("crypted msg:", 7); - #daemon_log("\t$crypted_msg", 7); - - # collect addresses from possible incoming clients - my @valid_keys; - my @host_keys = keys %$known_daemons; - foreach my $host_key (@host_keys) { - if($host_key =~ "^$host") { - push(@valid_keys, $host_key); +sub input_from_unknown_host { + no strict "refs"; + my ($input) = @_ ; + my ($msg, $msg_hash, $module); + my $error_string; + + my %act_modules = %$known_modules; + + while( my ($mod, $info) = each(%act_modules)) { + + # check a key exists for this module + my $module_key = ${$mod."_key"}; + if( not defined $module_key ) { + if( $mod eq 'ArpHandler' ) { + next; + } + daemon_log("ERROR: no key specified in config file for $mod", 1); + next; } - } - my @client_keys = keys %$known_clients; - foreach my $client_key (@client_keys) { - if($client_key =~ "^$host"){ - push(@valid_keys, $client_key); + daemon_log("$mod: $module_key", 5); + + # check if module can open msg envelope with module key + ($msg, $msg_hash) = &check_key_and_xml_validity($input, $module_key); + if( (not defined $msg) || (not defined $msg_hash) ) { + next; } - } - push(@valid_keys, $server_address); - - my $l = @valid_keys; - my ($msg, $msg_hash); - my $msg_flag = 0; - - # determine the correct passwd for deciphering of the incoming msgs - foreach my $host_key (@valid_keys) { - eval{ - daemon_log( "key: $host_key", 7); - my $key_passwd; - if (exists $known_daemons->{$host_key}) { - $key_passwd = $known_daemons->{$host_key}->{passwd}; - } elsif (exists $known_clients->{$host_key}) { - $key_passwd = $known_clients->{$host_key}->{passwd}; - } elsif ($host_key eq $server_address) { - $key_passwd = $server_passwd; - } - daemon_log("key_passwd: $key_passwd", 7); - my $key_cipher = &create_ciphering($key_passwd); - $msg = &decrypt_msg($crypted_msg, $key_cipher); - $msg_hash = $xml->XMLin($msg, ForceArray=>1); - }; - if($@) { - daemon_log("key raise error", 7); - $msg_flag += 1; - } else { + else { + $module = $mod; last; } - } - - if($msg_flag >= $l) { - daemon_log("ERROR: do not understand the message:", 1); - daemon_log("\t$msg", 1); - return; } - # process incoming msg - my $header = &get_content_from_xml_hash($msg_hash, "header"); - my $source = @{$msg_hash->{source}}[0]; - - daemon_log("header from msg:", 1); - daemon_log("\t$header", 1); - daemon_log("msg to process:", 5); - daemon_log("\t$msg", 5); - - my @targets = @{$msg_hash->{target}}; - my $len_targets = @targets; - if ($len_targets == 0){ - daemon_log("ERROR: no target specified for msg $header", 1); - - } elsif ($len_targets == 1){ - # we have only one target symbol - - my $target = $targets[0]; - daemon_log("msg is for:", 7); - daemon_log("\t$target", 7); - - if ($target eq $server_address) { - # msg is for server - if ($header eq 'new_passwd'){ &new_passwd($msg_hash)} - elsif ($header eq 'here_i_am') { &here_i_am($msg_hash)} - elsif ($header eq 'who_has') { &who_has($msg_hash) } - elsif ($header eq 'who_has_i_do') { &who_has_i_do($msg_hash)} - elsif ($header eq 'update_status') { &update_status($msg_hash) } - elsif ($header eq 'get_load') { &execute_actions($msg_hash)} - else { daemon_log("ERROR: no function assigned to this msg", 5) } + if( (!$msg) || (!$msg_hash) || (!$module)) { + daemon_log("Incoming message is not from a unknown host", 5); + } - - } elsif ($target eq "*") { - # msg is for all clients - - my @target_addresses = keys(%$known_clients); - foreach my $target_address (@target_addresses) { - if ($target_address eq $source) { next; } - $msg_hash->{target} = [$target_address]; - &send_msg_hash2address($msg_hash, $target_address); - } - } else { - # msg is for one client + return ($msg, $msg_hash, $module); +} - if (exists $known_clients->{$target}) { - # target is known - &send_msg_hash2address($msg_hash, $target); - } else { - # target is not known +sub create_ciphering { + my ($passwd) = @_; + if((!defined($passwd)) || length($passwd)==0) { + $passwd = ""; + } + $passwd = substr(md5_hex("$passwd") x 32, 0, 32); + my $iv = substr(md5_hex('GONICUS GmbH'),0, 16); + my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC()); + $my_cipher->set_iv($iv); + return $my_cipher; +} - daemon_log("ERROR: target $target is not known in known_clients", 1); - } - } - } else { - # we have multiple target symbols - my $target_string = join(", ", @targets); - daemon_log("msg is for:", 7); - daemon_log("\t$target_string", 7); - - my $target_address; - foreach $target_address (@targets) { - if (exists $known_clients->{$target_address}) { - # target_address is known +sub encrypt_msg { + my ($msg, $key) = @_; + my $my_cipher = &create_ciphering($key); + { + use bytes; + $msg = "\0"x(16-length($msg)%16).$msg; + } + $msg = $my_cipher->encrypt($msg); + chomp($msg = &encode_base64($msg)); + # there are no newlines allowed inside msg + $msg=~ s/\n//g; + return $msg; +} + - &send_msg_hash2address($msg_hash, $target_address); - daemon_log("server forwards msg $header to client $target_address", 3); - } else { - # target is not known +sub decrypt_msg { - daemon_log("ERROR: target $target_address is not known in known_clients", 1); + my ($msg, $key) = @_ ; + $msg = &decode_base64($msg); + my $my_cipher = &create_ciphering($key); + $msg = $my_cipher->decrypt($msg); + $msg =~ s/\0*//g; + return $msg; +} + + +sub get_encrypt_key { + my ($target) = @_ ; + my $encrypt_key; + my $error = 0; + + # target can be in known_server + if( not defined $encrypt_key ) { + my $sql_statement= "SELECT * FROM known_server WHERE hostname='$target'"; + my $query_res = $known_server_db->select_dbentry( $sql_statement ); + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $host_name = $hit->{hostname}; + if( $host_name ne $target ) { + next; } + $encrypt_key = $hit->{hostkey}; + last; } + } - + # target can be in known_client + if( not defined $encrypt_key ) { + my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$target'"; + my $query_res = $known_clients_db->select_dbentry( $sql_statement ); + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $host_name = $hit->{hostname}; + if( $host_name ne $target ) { + next; + } + $encrypt_key = $hit->{hostkey}; + last; + } } - return; + return $encrypt_key; } @@ -731,995 +676,443 @@ sub open_socket { $PeerAddr = $PeerAddr.":".$PeerPort; } my $socket; - $socket = new IO::Socket::INET(PeerAddr => $PeerAddr , - Porto => "tcp" , + $socket = new IO::Socket::INET(PeerAddr => $PeerAddr, + Porto => "tcp", Type => SOCK_STREAM, Timeout => 5, ); if(not defined $socket) { return; } - daemon_log("open_socket:", 7); - daemon_log("\t$PeerAddr", 7); + &daemon_log("open_socket: $PeerAddr", 7); return $socket; } #=== FUNCTION ================================================================ -# NAME: open_fifo -# PARAMETERS: $fifo_path -# RETURNS: 0: FIFO couldn"t be setup, 1: FIFO setup correctly -# DESCRIPTION: creates a FIFO at $fifo_path -#=============================================================================== -sub open_fifo { - my ($fifo_path) = @_ ; - if( -p $fifo_path ) { - daemon_log("FIFO at $fifo_path already exists! Is being deleted!", 1); - unlink($fifo_path); - } - POSIX::mkfifo($fifo_path, 0666) or die "can't mkfifo $fifo_path: $!"; - daemon_log( "FIFO started at $fifo_path", 1) ; - return 1; -} - - -#=== FUNCTION ================================================================ -# NAME: read_from_socket -# PARAMETERS: socket fh - -# RETURNS: result string - readed characters from socket -# DESCRIPTION: reads data from socket in 16 byte steps -#=============================================================================== -sub read_from_socket { - my ($socket) = @_; - my $result = ""; - - $socket->blocking(1); - $result = <$socket>; - - $socket->blocking(0); - while ( my $char = <$socket> ) { - if (not defined $char) { last } - $result .= $char; - } - - return $result; -} - - -#=== FUNCTION ================================================================ -# NAME: create_xml_hash -# PARAMETERS: header - string - message header (required) -# source - string - where the message come from (required) -# target - string - where the message should go to (required) -# [header_value] - string - something usefull (optional) -# RETURNS: hash - hash - nomen est omen -# DESCRIPTION: creates a key-value hash, all values are stored in a array +# NAME: get_ip +# PARAMETERS: interface name (i.e. eth0) +# RETURNS: (ip address) +# DESCRIPTION: Uses ioctl to get ip address directly from system. #=============================================================================== -sub create_xml_hash { - my ($header, $source, $target, $header_value) = @_; - my $hash = { - header => [$header], - source => [$source], - target => [$target], - $header => [$header_value], - }; - #daemon_log("create_xml_hash:", 7), - #chomp(my $tmp = Dumper $hash); - #daemon_log("\t$tmp", 7); - return $hash +sub get_ip { + my $ifreq= shift; + my $result= ""; + my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list + my $proto= getprotobyname('ip'); + + socket SOCKET, PF_INET, SOCK_DGRAM, $proto + or die "socket: $!"; + + if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) { + my ($if, $sin) = unpack 'a16 a16', $ifreq; + my ($port, $addr) = sockaddr_in $sin; + my $ip = inet_ntoa $addr; + + if ($ip && length($ip) > 0) { + $result = $ip; + } + } + + return $result; } - -#=== FUNCTION ================================================================ -# NAME: create_xml_string -# PARAMETERS: xml_hash - hash - hash from function create_xml_hash -# RETURNS: xml_string - string - xml string representation of the hash -# DESCRIPTION: transform the hash to a string using XML::Simple module -#=============================================================================== -sub create_xml_string { - my ($xml_hash) = @_ ; - my $xml_string = $xml->XMLout($xml_hash, RootName => 'xml'); - $xml_string =~ s/[\n]+//g; - #daemon_log("create_xml_string:",7); - #daemon_log("$xml_string\n", 7); - return $xml_string; +sub get_local_ip_for_remote_ip { + my $remote_ip= shift; + my $result="0.0.0.0"; + + if($remote_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) { + if($remote_ip eq "127.0.0.1") { + $result = "127.0.0.1"; + } else { + my $PROC_NET_ROUTE= ('/proc/net/route'); + + open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE") + or die "Could not open $PROC_NET_ROUTE"; + + my @ifs = ; + + close(PROC_NET_ROUTE); + + # Eat header line + shift @ifs; + chomp @ifs; + foreach my $line(@ifs) { + my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line); + my $destination; + my $mask; + my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination); + $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); + ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask); + $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); + if(new NetAddr::IP($remote_ip)->within(new NetAddr::IP($destination, $mask))) { + # destination matches route, save mac and exit + $result= &get_ip($Iface); + last; + } + } + } + } else { + daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $remote_ip", 1); + } + return $result; } - -#=== FUNCTION ================================================================ -# NAME: add_content2xml_hash -# PARAMETERS: xml_ref - ref - reference to a hash from function create_xml_hash -# element - string - key for the hash -# content - string - value for the hash -# RETURNS: nothing -# DESCRIPTION: add key-value pair to xml_ref, if key alread exists, then append value to list -#=============================================================================== -sub add_content2xml_hash { - my ($xml_ref, $element, $content) = @_; - if(not exists $$xml_ref{$element} ) { - $$xml_ref{$element} = []; +sub send_msg_to_target { + my ($msg, $address, $encrypt_key, $msg_header) = @_ ; + my $error = 0; + my $header; + my $new_status; + my $act_status; + my ($sql_statement, $res); + + if( $msg_header ) { + $header = "'$msg_header'-"; } - my $tmp = $$xml_ref{$element}; - push(@$tmp, $content); - return; -} - - -#=== FUNCTION ================================================================ -# NAME: get_content_from_xml_hash -# PARAMETERS: xml_ref - ref - reference of the xml hash -# element - string - key of the value you want -# RETURNS: value - string - if key is either header, target or source -# value - list - for all other keys in xml hash -# DESCRIPTION: -#=============================================================================== -sub get_content_from_xml_hash { - my ($xml_ref, $element) = @_ ; - my $result = $xml_ref->{$element}; - if( $element eq "header" || $element eq "target" || $element eq "source") { - return @$result[0]; + else { + $header = ""; } - return @$result; -} - - -#=== FUNCTION ================================================================ -# NAME: encrypt_msg -# PARAMETERS: msg - string - message to encrypt -# my_cipher - ref - reference to a Crypt::Rijndael object -# RETURNS: crypted_msg - string - crypted message -# DESCRIPTION: crypts the incoming message with the Crypt::Rijndael module -#=============================================================================== -sub encrypt_msg { - my ($msg, $my_cipher) = @_; - if(not defined $my_cipher) { print "no cipher object\n"; } - $msg = "\0"x(16-length($msg)%16).$msg; - my $crypted_msg = $my_cipher->encrypt($msg); - chomp($crypted_msg = &encode_base64($crypted_msg)); - return $crypted_msg; -} - - -#=== FUNCTION ================================================================ -# NAME: decrypt_msg -# PARAMETERS: crypted_msg - string - message to decrypt -# my_cipher - ref - reference to a Crypt::Rijndael object -# RETURNS: msg - string - decrypted message -# DESCRIPTION: decrypts the incoming message with the Crypt::Rijndael module -#=============================================================================== -sub decrypt_msg { - my ($crypted_msg, $my_cipher) = @_ ; - $crypted_msg = &decode_base64($crypted_msg); - my $msg = $my_cipher->decrypt($crypted_msg); - $msg =~ s/\0*//g; - return $msg; -} + # Patch the source ip + if($msg =~ /0\.0\.0\.0:\d*?<\/source>/) { + my $remote_ip = &get_local_ip_for_remote_ip(sprintf("%s", $address =~ /^([0-9\.]*?):.*$/)); + $msg =~ s/(0\.0\.0\.0):(\d*?)<\/source>/$remote_ip:$2<\/source>/s; + } -#=== FUNCTION ================================================================ -# NAME: create_ciphering -# PARAMETERS: passwd - string - used to create ciphering -# RETURNS: cipher - object -# DESCRIPTION: creates a Crypt::Rijndael::MODE_CBC object with passwd as key -#=============================================================================== -sub create_ciphering { - my ($passwd) = @_; - $passwd = substr(md5_hex("$passwd") x 32, 0, 32); - my $iv = substr(md5_hex('GONICUS GmbH'),0, 16); - - #daemon_log("iv: $iv", 7); - #daemon_log("key: $passwd", 7); - my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC()); - $my_cipher->set_iv($iv); - return $my_cipher; -} - - -#=== FUNCTION ================================================================ -# NAME: send_msg_hash2address -# PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash -# PeerAddr string - socket address to send msg -# PeerPort string - socket port, if not included in socket address -# RETURNS: nothing -# DESCRIPTION: ???? -#=============================================================================== -sub send_msg_hash2address { - my ($msg_hash, $address, $passwd) = @_ ; - - # fetch header for logging - my $header = &get_content_from_xml_hash($msg_hash, "header"); - - # generate xml string - my $msg_xml = &create_xml_string($msg_hash); - - # fetch the appropriated passwd from hash - if(not defined $passwd) { - if(exists $known_daemons->{$address}) { - $passwd = $known_daemons->{$address}->{passwd}; - } elsif(exists $known_clients->{$address}) { - $passwd = $known_clients->{$address}->{passwd}; - - } else { - daemon_log("$address not known, neither as server nor as client", 1); - return 1; - } - } - - # create ciphering object - my $act_cipher = &create_ciphering($passwd); - # encrypt xml msg - my $crypted_msg = &encrypt_msg($msg_xml, $act_cipher); - + my $crypted_msg = &encrypt_msg($msg, $encrypt_key); + # opensocket my $socket = &open_socket($address); - if(not defined $socket){ - daemon_log( "cannot send '$header'-msg to $address , server not reachable", 5); - - if (exists $known_clients->{$address}) { - if ($known_clients->{$address}->{status} eq "down") { - # if status of not reachable client is already 'down', then delete client from known_clients - &clean_up_known_clients($address); - - } else { - # update status to 'down' - &update_known_clients(hostname=>$address, status=>"down"); - - } - } - return 1; + if( !$socket ) { + daemon_log("cannot send ".$header."msg to $address , host not reachable", 1); + $error++; } - # send xml msg - print $socket $crypted_msg."\n"; - - close $socket; + if( $error == 0 ) { + # send xml msg + print $socket $crypted_msg."\n"; - daemon_log("send '$header'-msg to $address", 1); - - daemon_log("$msg_xml", 5); - - #daemon_log("crypted message:",7); - #daemon_log("\t$crypted_msg", 7); - - # update status of client in known_clients with last send msg - if(exists $known_daemons->{$address}) { - #&update_known_daemons(); - } elsif(exists $known_clients->{$address}) { - &update_known_clients(hostname=>$address, status=>$header); + daemon_log("send ".$header."msg to $address", 1); + daemon_log("message:\n$msg", 8); + } - return 0; -} - - -#=== FUNCTION ================================================================ -# NAME: send_msg_hash2bus -# PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash -# RETURNS: nothing -# DESCRIPTION: ???? -#=============================================================================== -sub send_msg_hash2bus { - my($msg_hash) = @_; - - # fetch header for logging - my $header = &get_content_from_xml_hash($msg_hash, "header"); - - # generate xml string - my $msg_xml = &create_xml_string($msg_hash); - - # encrypt xml msg - my $crypted_msg = &encrypt_msg($msg_xml, $bus_cipher); - - # open socket - my $socket = &open_socket($bus_address); - if(not defined $socket){ - daemon_log( "cannot send '$header'-msg to $bus_address , bus not reachable", 5); - return; + # close socket in any case + if( $socket ) { + close $socket; } - - # send xml msg - print $socket $crypted_msg."\n"; - - close $socket; - - - daemon_log("send '$header'-msg to bus", 1); - daemon_log("$msg_xml", 5); - #daemon_log("crypted msg:",7); - #daemon_log("\t$crypted_msg", 7); - - return; -} - - - - - - - -##=== FUNCTION ================================================================ -## NAME: new_passwd -## PARAMETERS: msg_hash - ref - hash from function create_xml_hash -## RETURNS: nothing -## DESCRIPTION: process this incoming message -##=============================================================================== -#sub new_passwd { -# my ($msg_hash) = @_; -# -# my $source = &get_content_from_xml_hash($msg_hash, "source"); -# my $passwd = (&get_content_from_xml_hash($msg_hash, "new_passwd"))[0]; -# -# if (exists $known_daemons->{$source}) { -# &add_content2known_daemons(hostname=>$source, status=>"new_passwd", passwd=>$passwd); -# $bus_cipher = &create_ciphering($passwd); -# my $hash = &create_xml_hash("confirm_new_passwd", "$server_ip:$server_port", "$source"); -# &send_msg_hash2address($hash, $source); -# -# } elsif (exists $known_clients->{$source}) { -# &add_content2known_clients(hostname=>$source, status=>"new_passwd", passwd=>$passwd); -# -# } else { -# daemon_log("ERROR: $source not known, neither in known_daemons nor in known_clients", 1) -# } -# -# return; -#} - - -##=== FUNCTION ================================================================ -## NAME: make ping -## PARAMETERS: address - string - address which should be pinged -## RETURNS: nothing -## DESCRIPTION: send ping message to address -##=============================================================================== -#sub make_ping { -# my ($msg_hash) = @_; -# -# my $source = &get_content_from_xml_hash($msg_hash, "source"); -# my $target = &get_content_from_xml_hash($msg_hash, "target"); -# -# print "make_ping:$source\n"; -# my $out_hash = &create_xml_hash("ping", $target, $source); -# &send_msg_hash2address($out_hash, $source); -# return; -#} - - -##=== FUNCTION ================================================================ -## NAME: got_ping -## PARAMETERS: msg_hash - hash - hash from function create_xml_hash -## RETURNS: nothing -## DESCRIPTION: process this incoming message -##=============================================================================== -#sub got_ping { -# my ($msg_hash) = @_; -# -# my $source = &get_content_from_xml_hash($msg_hash, 'source'); -# my $target = &get_content_from_xml_hash($msg_hash, 'target'); -# my $header = &get_content_from_xml_hash($msg_hash, 'header'); -# -# if(exists $known_daemons->{$source}) { -# &add_content2known_daemons(hostname=>$source, status=>$header); -# } else { -# &add_content2known_clients(hostname=>$source, status=>$header); -# } -# -# return; -#} - - -##=== FUNCTION ================================================================ -## NAME: here_i_am -## PARAMETERS: msg_hash - hash - hash from function create_xml_hash -## RETURNS: nothing -## DESCRIPTION: process this incoming message -##=============================================================================== -#sub here_i_am { -# my ($msg_hash) = @_; -# -# my $source = &get_content_from_xml_hash($msg_hash, "source"); -# my $mac_address = (&get_content_from_xml_hash($msg_hash, "mac_address"))[0]; -# my $out_hash; -# -# # number of known clients -# my $nu_clients = keys %$known_clients; -# -# # check wether client address or mac address is already known -# if (exists $known_clients->{$source}) { -# daemon_log("WARNING: $source is already known as a client", 1); -# daemon_log("WARNING: values for $source are being overwritten", 1); -# $nu_clients --; -# } -# -# # number of actual activ clients -# my $act_nu_clients = $nu_clients; -# -# daemon_log("number of actual activ clients: $act_nu_clients", 5); -# daemon_log("number of maximal allowed clients: $max_clients", 5); -# -# if($max_clients <= $act_nu_clients) { -# my $out_hash = &create_xml_hash("denied", $server_address, $source); -# &add_content2xml_hash($out_hash, "denied", "I_cannot_take_any_more_clients!"); -# my $passwd = (&get_content_from_xml_hash($msg_hash, "new_passwd"))[0]; -# &send_msg_hash2address($out_hash, $source, $passwd); -# return; -# } -# -# # new client accepted -# my $new_passwd = (&get_content_from_xml_hash($msg_hash, "new_passwd"))[0]; -# -# # create known_daemons entry -# my $events = (&get_content_from_xml_hash($msg_hash, "events"))[0]; -# &create_known_client($source); -# &add_content2known_clients(hostname=>$source, events=>$events, mac_address=>$mac_address, -# status=>"registered", passwd=>$new_passwd); -# -# # return acknowledgement to client -# $out_hash = &create_xml_hash("registered", $server_address, $source); -# &send_msg_hash2address($out_hash, $source); -# -# # notify registered client to bus -# $out_hash = &create_xml_hash("new_client", $server_address, $bus_address, $source); -# &send_msg_hash2bus($out_hash); -# -# # give the new client his ldap config -# &new_ldap_config($source); -# -# return; -#} - -#=== FUNCTION ================================================================ -# NAME: who_has -# PARAMETERS: msg_hash - hash - hash from function create_xml_hash -# RETURNS: nothing -# DESCRIPTION: process this incoming message -#=============================================================================== -#sub who_has { -# my ($msg_hash) = @_ ; -# -# # what is your search pattern -# my $search_pattern = (&get_content_from_xml_hash($msg_hash, "who_has"))[0]; -# my $search_element = (&get_content_from_xml_hash($msg_hash, $search_pattern))[0]; -# daemon_log("who_has-msg looking for $search_pattern $search_element", 7); -# -# # scanning known_clients for search_pattern -# my @host_addresses = keys %$known_clients; -# my $known_clients_entries = length @host_addresses; -# my $host_address; -# foreach my $host (@host_addresses) { -# my $client_element = $known_clients->{$host}->{$search_pattern}; -# if ($search_element eq $client_element) { -# $host_address = $host; -# last; -# } -# } -# -# # search was successful -# if (defined $host_address) { -# my $source = @{$msg_hash->{source}}[0]; -# my $out_msg = &create_xml_hash("who_has_i_do", $server_address, $source, "mac_address"); -# &add_content2xml_hash($out_msg, "mac_address", $search_element); -# &send_msg_hash2address($out_msg, $bus_address); -# } -# return; -#} - - -#sub who_has_i_do { -# my ($msg_hash) = @_ ; -# my $header = &get_content_from_xml_hash($msg_hash, "header"); -# my $source = &get_content_from_xml_hash($msg_hash, "source"); -# my $search_param = (&get_content_from_xml_hash($msg_hash, $header))[0]; -# my $search_value = (&get_content_from_xml_hash($msg_hash, $search_param))[0]; -# print "\ngot msg $header:\nserver $source has client with $search_param $search_value\n"; -#} - - -#=== FUNCTION ================================================================ -# NAME: update_status -# PARAMETERS: msg_hash - hash - hash from function create_xml_hash -# RETURNS: nothing -# DESCRIPTION: process this incoming message -#=============================================================================== -#sub update_status { -# my ($msg_hash) = @_; -# my $header = &get_content_from_xml_hash($msg_hash, "header"); -# my $source = &get_content_from_xml_hash($msg_hash, "source"); -# my $new_status = (&get_content_from_xml_hash($msg_hash, "update_status"))[0]; -# -# # find the source -# my $act_known_hash; -# if (exists $known_daemons->{$source}) { -# -# &add_content2known_daemons(hostname=>$source, status=>$new_status); -# } elsif (exists $known_clients->{$source}) { -# &update_known_clients(hostname=>$source, status=>$new_status); -# #&add_content2known_clients(hostname=>$source, status=>$new_status); -# } else { -# daemon_log("ERROR: got $header-msg, but cannot find $source in my hashes, unable to update status", 1); -# return; -# } -# -# return; -#} - - -##=== FUNCTION ================================================================ -## NAME: new_ldap_config -## PARAMETERS: address - string - ip address and port of a host -## RETURNS: nothing -## DESCRIPTION: send to address the ldap configuration found for dn gotoLdapServer -##=============================================================================== -#sub new_ldap_config { -# my ($address) = @_ ; -# -# if (not exists $known_clients->{$address}) { -# daemon_log("ERROR: $address does not exist in known_clients, cannot send him his ldap config", 1); -# return; -# } -# -# my $mac_address = $known_clients->{$address}->{"mac_address"}; -# if (not defined $mac_address) { -# daemon_log("ERROR: no mac address found for client $address", 1); -# return; -# } -# -# # fetch dn -# my $goHard_cmd = "ldapsearch -x '(&(objectClass=goHard)(macAddress=00:11:22:33:44:57))' dn gotoLdapServer"; -# my $dn; -# my @gotoLdapServer; -# open (PIPE, "$goHard_cmd 2>&1 |"); -# while() { -# chomp $_; -# # If it's a comment, goto next -# if ($_ =~ m/^[#]/) { next;} -# if ($_ =~ m/^dn: ([\S]+?)$/) { -# $dn = $1; -# } elsif ($_ =~ m/^gotoLdapServer: ([\S]+?)$/) { -# push(@gotoLdapServer, $1); -# } -# } -# close(PIPE); -# -# # no dn found -# if (not defined $dn) { -# daemon_log("ERROR: no dn arose from command: $goHard_cmd", 1); -# return; -# } -# -# # no gotoLdapServer found -# my $gosaGroupOfNames_cmd = "ldapsearch -x '(&(objectClass=gosaGroupOfNames)(member=$dn))' gotoLdapServer"; -# if (@gotoLdapServer == 0) { -# open (PIPE, "$gosaGroupOfNames_cmd 2>&1 |"); -# while() { -# chomp $_; -# if ($_ =~ m/^[#]/) { next; } -# if ($_ =~ m/^gotoLdapServer: ([\S]+?)$/) { -# push(@gotoLdapServer, $1); -# } -# } -# close(PIPE); -# } -# -# # still no gotoLdapServer found -# if (@gotoLdapServer == 0) { -# daemon_log("ERROR: cannot find gotoLdapServer entry in command: $gosaGroupOfNames_cmd", 1); -# return; -# } -# -# # sort @gotoLdapServer and then split of ranking -# my @sorted_gotoLdapServer = sort(@gotoLdapServer); -# @gotoLdapServer = reverse(@sorted_gotoLdapServer); -# foreach (@gotoLdapServer) { -# $_ =~ s/^\d://; -# } -# -# my $t = join(" ", @gotoLdapServer); -# -# my $out_hash = &create_xml_hash("new_ldap_config", $server_address, $address); -# map(&add_content2xml_hash($out_hash, "new_ldap_config", $_), @gotoLdapServer); -# &send_msg_hash2address($out_hash, $address); -# -# return; -#} - - -##=== FUNCTION ================================================================ -## NAME: execute_actions -## PARAMETERS: msg_hash - hash - hash from function create_xml_hash -## RETURNS: nothing -## DESCRIPTION: invokes the script specified in msg_hash which is located under -## /etc/gosad/actions -##=============================================================================== -#sub execute_actions { -# my ($msg_hash) = @_ ; -# my $configdir= '/etc/gosad/actions/'; -# my $result; -# -# my $header = &get_content_from_xml_hash($msg_hash, 'header'); -# my $source = &get_content_from_xml_hash($msg_hash, 'source'); -# my $target = &get_content_from_xml_hash($msg_hash, 'target'); -# -# -# if((not defined $source) -# && (not defined $target) -# && (not defined $header)) { -# daemon_log("ERROR: Entries missing in XML msg for gosad actions under /etc/gosad/actions"); -# } else { -# my $parameters=""; -# my @params = &get_content_from_xml_hash($msg_hash, $header); -# my $params = join(", ", @params); -# daemon_log("execute_actions: got parameters: $params", 5); -# -# if (@params) { -# foreach my $param (@params) { -# my $param_value = (&get_content_from_xml_hash($msg_hash, $param))[0]; -# daemon_log("execute_actions: parameter -> value: $param -> $param_value", 7); -# $parameters.= " ".$param_value; -# } -# } -# -# my $cmd= $configdir.$header."$parameters"; -# daemon_log("execute_actions: executing cmd: $cmd", 7); -# $result= ""; -# open(PIPE, "$cmd 2>&1 |"); -# while() { -# $result.=$_; -# } -# close(PIPE); -# } -# -# # process the event result -# -# -# return; -#} - - -#=== FUNCTION ================================================================ -# NAME: print_known_daemons -# PARAMETERS: nothing -# RETURNS: nothing -# DESCRIPTION: nomen est omen -#=============================================================================== -sub print_known_daemons { - my ($tmp) = @_ ; - print "####################################\n"; - print "# status of known_daemons\n"; - $shmda->shlock(LOCK_EX); - my @hosts = keys %$known_daemons; - foreach my $host (@hosts) { - my $status = $known_daemons->{$host}->{status} ; - my $passwd = $known_daemons->{$host}->{passwd}; - my $timestamp = $known_daemons->{$host}->{timestamp}; - print "$host\n"; - print "\tstatus: $status\n"; - print "\tpasswd: $passwd\n"; - print "\ttimestamp: $timestamp\n"; + if( $error > 0 ) { $new_status = "down"; } + else { $new_status = $msg_header; } + + + # known_clients + $sql_statement = "SELECT * FROM known_clients WHERE hostname='$address'"; + $res = $known_clients_db->select_dbentry($sql_statement); + if( keys(%$res) > 0) { + $act_status = $res->{1}->{'status'}; + if( $act_status eq "down" ) { + $sql_statement = "DELETE FROM known_clients WHERE hostname='$address'"; + $res = $known_clients_db->del_dbentry($sql_statement); + daemon_log("WARNING: failed 2x to send msg to host '$address', delete host from known_clients", 3); + } + else { + $sql_statement = "UPDATE known_clients SET status='$new_status' WHERE hostname='$address'"; + $res = $known_clients_db->update_dbentry($sql_statement); + if($new_status eq "down"){ + daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3); + } + else { + daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5); + } + } } - $shmda->shunlock(LOCK_EX); - print "####################################\n"; - return; -} + # known_server + $sql_statement = "SELECT * FROM known_server WHERE hostname='$address'"; + $res = $known_server_db->select_dbentry($sql_statement); + if( keys(%$res) > 0 ) { + $act_status = $res->{1}->{'status'}; + if( $act_status eq "down" ) { + $sql_statement = "DELETE FROM known_server WHERE hostname='$address'"; + $res = $known_server_db->del_dbentry($sql_statement); + daemon_log("WARNING: failed 2x to a send msg to host '$address', delete host from known_server", 3); + } + else { + $sql_statement = "UPDATE known_server SET status='$new_status' WHERE hostname='$address'"; + $res = $known_server_db->update_dbentry($sql_statement); + if($new_status eq "down"){ + daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3); + } + else { + daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5); + } + } + } -#=== FUNCTION ================================================================ -# NAME: create_known_daemon -# PARAMETERS: hostname - string - key for the hash known_daemons -# RETURNS: nothing -# DESCRIPTION: creates a dummy entry for hostname in known_daemons -#=============================================================================== -sub create_known_daemon { - my ($hostname) = @_; - $shmda->shlock(LOCK_EX); - $known_daemons->{$hostname} = {}; - $known_daemons->{$hostname}->{status} = "none"; - $known_daemons->{$hostname}->{passwd} = "none"; - $known_daemons->{$hostname}->{timestamp} = "none"; - $shmda->shunlock(LOCK_EX); - return; + return; } -#=== FUNCTION ================================================================ -# NAME: add_content2known_daemons -# PARAMETERS: hostname - string - ip address and port of host (required) -# status - string - (optional) -# passwd - string - (optional) -# mac_address - string - mac address of host (optional) -# RETURNS: nothing -# DESCRIPTION: nome est omen and updates each time the timestamp of hostname -#=============================================================================== -sub add_content2known_daemons { - my $arg = { - hostname => undef, status => undef, passwd => undef, - mac_address => undef, events => undef, - @_ }; - my $hostname = $arg->{hostname}; - my $status = $arg->{status}; - my $passwd = $arg->{passwd}; - my $mac_address = $arg->{mac_address}; - my $events = $arg->{events}; - - if (not defined $hostname) { - daemon_log("ERROR: function add_content2known_daemons is not invoked with requiered parameter 'hostname'", 1); - return; - } - - my ($seconds, $minutes, $hours, $monthday, $month, - $year, $weekday, $yearday, $sommertime) = localtime(time); - $hours = $hours < 10 ? $hours = "0".$hours : $hours; - $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes; - $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds; - $month+=1; - $month = $month < 10 ? $month = "0".$month : $month; - $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday; - $year+=1900; - my $t = "$year$month$monthday$hours$minutes$seconds"; - - $shmda->shlock(LOCK_EX); - if (defined $status) { - $known_daemons->{$hostname}->{status} = $status; - } - if (defined $passwd) { - $known_daemons->{$hostname}->{passwd} = $passwd; - } - if (defined $mac_address) { - $known_daemons->{$hostname}->{mac_address} = $mac_address; - } - if (defined $events) { - $known_daemons->{$hostname}->{events} = $events; - } - $known_daemons->{$hostname}->{timestamp} = $t; - $shmda->shlock(LOCK_EX); - return; +sub _start { + my ($kernel) = $_[KERNEL]; + &trigger_db_loop($kernel); } -#=== FUNCTION ================================================================ -# NAME: update_known_daemons -# PARAMETERS: hostname - string - ip address and port of host (required) -# status - string - (optional) -# passwd - string - (optional) -# client - string - ip address and port of client (optional) -# RETURNS: nothing -# DESCRIPTION: nome est omen and updates each time the timestamp of hostname -#=============================================================================== -sub update_known_daemons { - my $arg = { - hostname => undef, status => undef, passwd => undef, - @_ }; - my $hostname = $arg->{hostname}; - my $status = $arg->{status}; - my $passwd = $arg->{passwd}; - - if (not defined $hostname) { - daemon_log("ERROR: function add_content2known_daemons is not invoked with requiered parameter 'hostname'", 1); - return; +sub client_input { + no strict "refs"; + my ($kernel, $session, $heap,$input,$wheel) = @_[KERNEL, SESSION, HEAP, ARG0, ARG1]; + my $session_id = $session->ID; + my ($msg, $msg_hash, $module); + my $error = 0; + my $answer_l; + my ($answer_header, @answer_target_l, $answer_source); + my $client_answer; + + daemon_log("Incoming msg from '".$heap->{'remote_ip'}."'", 7); + daemon_log("message:\n$input", 8); + + #################### + # check incoming msg + # msg is from a new client or gosa + ($msg, $msg_hash, $module) = &input_from_unknown_host($input); + # msg is from a gosa-si-server or gosa-si-bus + if(( !$msg ) || ( !$msg_hash ) || ( !$module )){ + ($msg, $msg_hash, $module) = &input_from_known_server($input, $heap->{'remote_ip'}); } - - my ($seconds, $minutes, $hours, $monthday, $month, - $year, $weekday, $yearday, $sommertime) = localtime(time); - $hours = $hours < 10 ? $hours = "0".$hours : $hours; - $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes; - $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds; - $month+=1; - $month = $month < 10 ? $month = "0".$month : $month; - $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday; - $year+=1900; - my $t = "$year$month$monthday$hours$minutes$seconds"; - - $shmda->shlock(LOCK_EX); - if (defined $status) { - $known_daemons->{$hostname}->{status} = $status; + # msg is from a gosa-si-client + if(( !$msg ) || ( !$msg_hash ) || ( !$module )){ + ($msg, $msg_hash, $module) = &input_from_known_client($input, $heap->{'remote_ip'}); } - if (defined $passwd) { - $known_daemons->{$hostname}->{passwd} = $passwd; + # an error occurred + if(( !$msg ) || ( !$msg_hash ) || ( !$module )){ + $error++; } - $known_daemons->{$hostname}->{timestamp} = $t; - $shmda->shunlock(LOCK_EX); - return; -} + ###################### + # process incoming msg + if( $error == 0) { + daemon_log("Processing module ".$module, 5); + $answer_l = &{ $module."::process_incoming_msg" }($msg, $msg_hash, $session_id); -#=== FUNCTION ================================================================ -# NAME: print_known_clients -# PARAMETERS: nothing -# RETURNS: nothing -# DESCRIPTION: nomen est omen -#=============================================================================== -sub print_known_clients { - - print "####################################\n"; - print "# status of known_clients\n"; - $shmcl->shlock(LOCK_EX); - my @hosts = keys %$known_clients; - if (@hosts) { - foreach my $host (@hosts) { - my $status = $known_clients->{$host}->{status} ; - my $passwd = $known_clients->{$host}->{passwd}; - my $timestamp = $known_clients->{$host}->{timestamp}; - my $mac_address = $known_clients->{$host}->{mac_address}; - my $events = $known_clients->{$host}->{events}; - print "$host\n"; - print "\tstatus: $status\n"; - print "\tpasswd: $passwd\n"; - print "\ttimestamp: $timestamp\n"; - print "\tmac_address: $mac_address\n"; - print "\tevents: $events\n"; + if ( 0 > @{$answer_l} ) { + my $answer_str = join("\n", @{$answer_l}); + daemon_log("$module: Got answer from module: \n".$answer_str,8); } } - $shmcl->shunlock(LOCK_EX); - print "####################################\n"; - return; -} + if( !$answer_l ) { $error++ }; + ######## + # answer + if( $error == 0 ) { -#=== FUNCTION ================================================================ -# NAME: create_known_client -# PARAMETERS: hostname - string - key for the hash known_clients -# RETURNS: nothing -# DESCRIPTION: creates a dummy entry for hostname in known_clients -#=============================================================================== -sub create_known_client { - my ($hostname) = @_; - $shmcl->shlock(LOCK_EX); - $known_clients->{$hostname} = {}; - $known_clients->{$hostname}->{status} = "none"; - $known_clients->{$hostname}->{passwd} = "none"; - $known_clients->{$hostname}->{timestamp} = "none"; - $known_clients->{$hostname}->{mac_address} = "none"; - $known_clients->{$hostname}->{events} = "none"; - $shmcl->shunlock(LOCK_EX); - return; -} - - -#=== FUNCTION ================================================================ -# NAME: add_content2known_clients -# PARAMETERS: hostname - string - ip address and port of host (required) -# status - string - (optional) -# passwd - string - (optional) -# mac_address - string - (optional) -# events - string - event of client, executable skripts under /etc/gosac/events -# RETURNS: nothing -# DESCRIPTION: nome est omen and updates each time the timestamp of hostname -#=============================================================================== -sub add_content2known_clients { - my $arg = { - hostname => undef, status => undef, passwd => undef, - mac_address => undef, events => undef, - @_ }; - my $hostname = $arg->{hostname}; - my $status = $arg->{status}; - my $passwd = $arg->{passwd}; - my $mac_address = $arg->{mac_address}; - my $events = $arg->{events}; - - if (not defined $hostname) { - daemon_log("ERROR: function add_content2known_clients is not invoked with requiered parameter 'hostname'", 1); - return; - } - - my ($seconds, $minutes, $hours, $monthday, $month, - $year, $weekday, $yearday, $sommertime) = localtime(time); - $hours = $hours < 10 ? $hours = "0".$hours : $hours; - $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes; - $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds; - $month+=1; - $month = $month < 10 ? $month = "0".$month : $month; - $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday; - $year+=1900; - my $t = "$year$month$monthday$hours$minutes$seconds"; - - $shmcl->shlock(LOCK_EX); - if (defined $status) { - $known_clients->{$hostname}->{status} = $status; - } - if (defined $passwd) { - $known_clients->{$hostname}->{passwd} = $passwd; - } - if (defined $mac_address) { - $known_clients->{$hostname}->{mac_address} = $mac_address; - } - if (defined $events) { - $known_clients->{$hostname}->{events} = $events; - } - $known_clients->{$hostname}->{timestamp} = $t; - $shmcl->shlock(LOCK_EX); - return; -} - + foreach my $answer ( @{$answer_l} ) { + # for each answer in answer list + + # check outgoing msg to xml validity + my $answer_hash = &check_outgoing_xml_validity($answer); + if( not defined $answer_hash ) { + next; + } + + $answer_header = @{$answer_hash->{'header'}}[0]; + @answer_target_l = @{$answer_hash->{'target'}}; + $answer_source = @{$answer_hash->{'source'}}[0]; + + # deliver msg to all targets + foreach my $answer_target ( @answer_target_l ) { + + # targets of msg are all gosa-si-clients in known_clients_db + if( $answer_target eq "*" ) { + # answer is for all clients + my $sql_statement= "SELECT * FROM known_clients"; + my $query_res = $known_clients_db->select_dbentry( $sql_statement ); + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $host_name = $hit->{hostname}; + my $host_key = $hit->{hostkey}; + &send_msg_to_target($answer, $host_name, $host_key, $answer_header); + } + } -#=== FUNCTION ================================================================ -# NAME: -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub clean_up_known_clients { - my ($address) = @_ ; - - if (not exists $known_clients->{$address}) { - daemon_log("cannot prune known_clients from $address, client not known", 5); - return; - } + # targets of msg are all gosa-si-server in known_server_db + elsif( $answer_target eq "KNOWN_SERVER" ) { + # answer is for all server in known_server + my $sql_statement= "SELECT * FROM known_server"; + my $query_res = $known_server_db->select_dbentry( $sql_statement ); + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $host_name = $hit->{hostname}; + my $host_key = $hit->{hostkey}; + $answer =~ s/KNOWN_SERVER/$host_name/g; + &send_msg_to_target($answer, $host_name, $host_key, $answer_header); + } + } - delete $known_clients->{$address}; + # target of msg is GOsa + elsif( $answer_target eq "GOSA" ) { + $answer =~ /(\d+)<\/session_id>/; + my $session_id = $1; + my $add_on = ""; + if( defined $session_id ) { + $add_on = ".session_id=$session_id"; + } + # answer is for GOSA and has to returned to connected client + my $gosa_answer = &encrypt_msg($answer, $GosaPackages_key); + $client_answer = $gosa_answer.$add_on; + } - # send bus a msg that address was deleted from known_clients - my $out_hash = &create_xml_hash('delete_client', $server_address, $bus_address, $address); - &send_msg_hash2bus($out_hash); + # target of msg is job queue at this host + elsif( $answer_target eq "JOBDB") { + $answer =~ /
(\S+)<\/header>/; + my $header; + if( defined $1 ) { $header = $1; } + &send_msg_to_target($answer, $server_address, $GosaPackages_key, $header); + } - daemon_log("client $address deleted from known_clients because of multiple down time", 3); - return; -} + # target of msg is a mac address + elsif( $answer_target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ) { + daemon_log("target is mac address '$answer_target', looking for host in known_clients", 3); + my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$answer_target'"; + my $query_res = $known_clients_db->select_dbentry( $sql_statement ); + my $found_ip_flag = 0; + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $host_name = $hit->{hostname}; + my $host_key = $hit->{hostkey}; + $answer =~ s/$answer_target/$host_name/g; + daemon_log("found host '$host_name', assoziated to '$answer_target'", 3); + &send_msg_to_target($answer, $host_name, $host_key, $answer_header); + $found_ip_flag++ ; + } + if( $found_ip_flag == 0) { + daemon_log("WARNING: no host found in known_clients with mac address '$answer_target'", 3); + if( $bus_activ eq "true" ) { + daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5); + my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'"; + my $query_res = $known_server_db->select_dbentry( $sql_statement ); + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $bus_address = $hit->{hostname}; + my $bus_key = $hit->{hostkey}; + &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header); + last; + } + } + } -#=== FUNCTION ================================================================ -# NAME: update_known_clients -# PARAMETERS: hostname - string - ip address and port of host (required) -# status - string - (optional) -# passwd - string - (optional) -# client - string - ip address and port of client (optional) -# RETURNS: nothing -# DESCRIPTION: nome est omen and updates each time the timestamp of hostname -#=============================================================================== -sub update_known_clients { - my $arg = { - hostname => undef, status => undef, passwd => undef, - mac_address => undef, events => undef, - @_ }; - my $hostname = $arg->{hostname}; - my $status = $arg->{status}; - my $passwd = $arg->{passwd}; - my $mac_address = $arg->{mac_address}; - my $events = $arg->{events}; - - if (not defined $hostname) { - daemon_log("ERROR: function add_content2known_daemons is not invoked with requiered parameter 'hostname'", 1); - return; + # answer is for one specific host + } else { + # get encrypt_key + my $encrypt_key = &get_encrypt_key($answer_target); + if( not defined $encrypt_key ) { + # unknown target, forward msg to bus + daemon_log("WARNING: unknown target '$answer_target'", 3); + if( $bus_activ eq "true" ) { + daemon_log("INFO: try to forward msg '$answer_header' to bus '$bus_address'", 5); + my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'"; + my $query_res = $known_server_db->select_dbentry( $sql_statement ); + my $res_length = keys( %{$query_res} ); + if( $res_length == 0 ){ + daemon_log("WARNING: send '$answer_header' to '$bus_address' failed, no bus found in known_server", 3); + } + else { + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $bus_key = $hit->{hostkey}; + &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header); + } + } + } + next; + } + # send_msg + &send_msg_to_target($answer, $answer_target, $encrypt_key, $answer_header); + } + } + } } - my ($seconds, $minutes, $hours, $monthday, $month, - $year, $weekday, $yearday, $sommertime) = localtime(time); - $hours = $hours < 10 ? $hours = "0".$hours : $hours; - $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes; - $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds; - $month+=1; - $month = $month < 10 ? $month = "0".$month : $month; - $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday; - $year+=1900; - my $t = "$year$month$monthday$hours$minutes$seconds"; - - $shmcl->shlock(LOCK_EX); - if (defined $status) { - $known_clients->{$hostname}->{status} = $status; - } - if (defined $passwd) { - $known_clients->{$hostname}->{passwd} = $passwd; - } - if (defined $mac_address) { - $known_clients->{$hostname}->{mac_address} = $mac_address; - } - if (defined $events) { - $known_clients->{$hostname}->{events} = $events; + if( $client_answer ) { + if( $client_answer =~ s/session_id=(\d+)$// ) { + my $session_id = $1; + if( defined $session_id ) { + my $session_reference = $kernel->ID_id_to_session($session_id); + $heap = $session_reference->get_heap(); + } + } + $heap->{client}->put($client_answer); } - $known_clients->{$hostname}->{timestamp} = $t; - $shmcl->shunlock(LOCK_EX); + return; } +sub trigger_db_loop { +# my ($kernel) = $_[KERNEL]; + my ($kernel) = @_ ; + $kernel->delay_set('watch_for_new_jobs', $job_queue_loop_delay); +} +sub watch_for_new_jobs { + my ($kernel,$heap) = @_[KERNEL, HEAP]; + + # check gosa job queue for jobs with executable timestamp + my $timestamp = &get_time(); + my $sql_statement = "SELECT * FROM ".$job_queue_table_name. + " WHERE status='waiting' AND timestamp<'$timestamp'"; + my $res = $job_db->select_dbentry( $sql_statement ); + + while( my ($id, $hit) = each %{$res} ) { + my $jobdb_id = $hit->{id}; + my $macaddress = $hit->{'macaddress'}; + my $job_msg = $hit->{'xmlmessage'}; + my $header = $hit->{'headertag'}; + my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$macaddress'"; + my $res_hash = $known_clients_db->select_dbentry( $sql_statement ); + # expect macaddress is unique!!!!!! + my $target = $res_hash->{1}->{hostname}; + + if (not defined $target) { + &daemon_log("ERROR: no host found for mac address: $macaddress", 1); + &daemon_log("$hit->{xmlmessage}", 8); + my $sql_statement = "UPDATE $job_queue_table_name ". + "SET status='error', result='no host found for mac address' ". + "WHERE id='$jobdb_id'"; + my $res = $job_db->update_dbentry($sql_statement); + next; + } + + # change header + $job_msg =~ s/
job_/
gosa_/; + + # add sqlite_id + $job_msg =~ s/<\/xml>$/$jobdb_id<\/jobdb_id><\/xml>/; + + +print STDERR "=======================================================\n$job_msg\n"; + + &send_msg_to_target($job_msg, $server_address, $GosaPackages_key, $header); + +# my $error = 1; +# if ($error == 0) { +# my $sql_statement = "UPDATE $job_queue_table_name ". +# "SET status='done', targettag='$target' ". +# "WHERE id='$jobdb_id'"; +# my $res = $job_db->update_dbentry($sql_statement); +# } else { +# my $sql_statement = "UPDATE $job_queue_table_name ". +# "SET status='error' ". +# "WHERE id='$jobdb_id'"; +# my $res = $job_db->update_dbentry($sql_statement); +# } + } + + $kernel->delay_set('watch_for_new_jobs',3); +} #==== MAIN = main ============================================================== - # parse commandline options Getopt::Long::Configure( "bundling" ); GetOptions("h|help" => \&usage, @@ -1734,239 +1127,86 @@ GetOptions("h|help" => \&usage, &check_cmdline_param ; &read_configfile; &check_pid; -&import_modules; $SIG{CHLD} = 'IGNORE'; -# restart daemon log file -if(-e $log_file ) { unlink $log_file } -daemon_log(" ", 1); -daemon_log("gosa-si-server started!", 1); +# forward error messages to logfile +if( ! $foreground ) { + open(STDERR, '>>', $log_file); + open(STDOUT, '>>', $log_file); +} -# Just fork, if we"re not in foreground mode -if( ! $foreground ) { $pid = fork(); } -else { $pid = $$; } +# Just fork, if we are not in foreground mode +if( ! $foreground ) { + chdir '/' or die "Can't chdir to /: $!"; + $pid = fork; + setsid or die "Can't start a new session: $!"; + umask 0; +} else { + $pid = $$; +} # Do something useful - put our PID into the pid_file if( 0 != $pid ) { open( LOCK_FILE, ">$pid_file" ); print LOCK_FILE "$pid\n"; -close( LOCK_FILE ); - if( !$foreground ) { exit( 0 ) }; -} - -# detect own ip and mac address -($server_ip, $server_mac_address) = &get_ip_and_mac(); -if (not defined $server_ip) { - die "EXIT: ip address of $0 could not be detected"; + close( LOCK_FILE ); + if( !$foreground ) { + exit( 0 ) + }; } -daemon_log("server ip address detected: $server_ip", 1); -daemon_log("server mac address detected: $server_mac_address", 1); - -# setup xml parser -$xml = new XML::Simple(); -# create cipher object -$bus_cipher = &create_ciphering($bus_passwd); -$bus_address = "$bus_ip:$bus_port"; - -# create reading and writing vectors -my $rbits = my $wbits = my $ebits = ""; - -# open server socket -$server_address = "$server_ip:$server_port"; -if($server_activ eq "on"){ - daemon_log(" ", 1); - $server = IO::Socket::INET->new(LocalPort => $server_port, - Type => SOCK_STREAM, - Reuse => 1, - Listen => 20, - ); - if(not defined $server){ - daemon_log("cannot be a tcp server at $server_port : $@"); - } else { - daemon_log("start server: $server_address", 1); - vec($rbits, fileno $server, 1) = 1; - vec($wbits, fileno $server, 1) = 1; - } -} +daemon_log(" ", 1); +daemon_log("$0 started!", 1); -# register at bus if ($no_bus > 0) { - $bus_activ = "off" + $bus_activ = "false" } -if($bus_activ eq "on") { - daemon_log(" ", 1); - ®ister_at_bus(); -} - -# start arp fifo -if ($no_arp > 0) { - $arp_activ = "off"; -} -my $my_fifo; -if($arp_activ eq "on") { - daemon_log(" ", 1); - $my_fifo = &open_fifo($arp_fifo_path); - if($my_fifo == 0) { die "fifo file disappeared\n" } - sysopen($arp_fifo, $arp_fifo_path, O_RDWR) or die "can't read from $arp_fifo: $!" ; - - vec($rbits, fileno $arp_fifo, 1) = 1; -} -$gosa_address = "$gosa_ip:$gosa_port"; -# start gosa inferface fifos -if ($gosa_activ eq "on") { - daemon_log(" ",1); - $gosa_server = IO::Socket::INET->new(LocalPort => $gosa_port, - Type => SOCK_STREAM, - Reuse => 1, - Listen => 1, - ); - if (not defined $gosa_server) { - daemon_log("cannot start tcp server at $gosa_port for communication to gosa: $@", 1); - } else { - daemon_log("start server at for communication to gosa: $gosa_address", 1); - vec($rbits, fileno $gosa_server, 1) = 1; - - } -} +# delete old DBsqlite lock files +#unlink('/tmp/gosa_si_lock*'); -################################### -#everything ready, okay, lets start -################################### -while(1) { +# connect to gosa-si job queue +my @job_col_names = ("id INTEGER", "timestamp", "status", "result", "headertag", "targettag", "xmlmessage", "macaddress"); +$job_db = GOSA::DBsqlite->new($job_queue_file_name); +$job_db->create_table('jobs', \@job_col_names); - # add all handles from the childs - while ( my ($pid, $child_hash) = each %busy_child ) { - - # check whether process still exists - my $exitus_pid = waitpid($pid, WNOHANG); - if($exitus_pid != 0) { - delete $busy_child{$pid}; - next; - } - - # add child fhd to the listener - my $fhd = $$child_hash{'pipe_rd'}; - vec($rbits, fileno $fhd, 1) = 1; - } +# connect to known_clients_db +my @clients_col_names = ('hostname', 'status', 'hostkey', 'timestamp', 'macaddress', 'events'); +$known_clients_db = GOSA::DBsqlite->new($known_clients_file_name); +$known_clients_db->create_table('known_clients', \@clients_col_names); - my ($rout, $wout); - my $nf = select($rout=$rbits, $wout=$wbits, undef, undef); +# connect to known_server_db +my @server_col_names = ('hostname', 'status', 'hostkey', 'timestamp'); +$known_server_db = GOSA::DBsqlite->new($known_server_file_name); +$known_server_db->create_table('known_server', \@server_col_names); - # error handling - if($nf < 0 ) { - } - - # something is coming in - if($server_activ eq "on" && vec($rout, fileno $server, 1)) { - daemon_log(" ", 1); - my $client = $server->accept(); - my $other_end = getpeername($client); - if(not defined $other_end) { - daemon_log("client cannot be identified: $!"); - } else { - my ($port, $iaddr) = unpack_sockaddr_in($other_end); - my $actual_ip = inet_ntoa($iaddr); - daemon_log("accept client at daemon socket from $actual_ip", 5); - my $in_msg = &read_from_socket($client); - if(defined $in_msg){ - chomp($in_msg); - &activating_child($in_msg, $actual_ip); - } else { - daemon_log("cannot read from $actual_ip", 5); - } - } - close($client); - } - - if($arp_activ eq "on" && vec($rout, fileno $arp_fifo, 1)) { - my $in_msg = <$arp_fifo>; - chomp($in_msg); - print "arp_activ: msg: $in_msg\n"; - my $act_passwd = $known_daemons->{$bus_address}->{passwd}; - print "arp_activ: arp_passwd: $act_passwd\n"; - - my $in_msg_hash = $xml->XMLin($in_msg, ForceArray=>1); - - my $target = &get_content_from_xml_hash($in_msg_hash, 'target'); - - if ($target eq $server_address) { - print "arp_activ: forward to server\n"; - my $arp_cipher = &create_ciphering($act_passwd); - my $crypted_msg = &encrypt_msg($in_msg, $arp_cipher); - &activating_child($crypted_msg, $server_ip); - } else { - print "arp_activ: send to bus\n"; - &send_msg_hash2address($in_msg_hash, $bus_address); - } - print "\n"; - } - - if($gosa_activ eq "on" && vec($rout, fileno $gosa_server, 1)) { - daemon_log(" ", 1); - my $client = $gosa_server->accept(); - my $other_end = getpeername($client); - if(not defined $other_end) { - daemon_log("client cannot be identified: $!"); - } else { - my ($port, $iaddr) = unpack_sockaddr_in($other_end); - my $actual_ip = inet_ntoa($iaddr); - daemon_log("accept client at gosa socket from $actual_ip", 5); - my $in_msg = <$client>; - #my $in_msg = &read_from_socket($client); - - if(defined $in_msg){ - chomp($in_msg); - &activating_child($in_msg, $actual_ip, $client); - } else { - daemon_log("cannot read from $actual_ip", 5); - } - } - #close($client); - } +# create xml object used for en/decrypting +$xml = new XML::Simple(); - # check all processing childs whether they are finished ('done') or - while ( my ($pid, $child_hash) = each %busy_child ) { - my $fhd = $$child_hash{'pipe_rd'}; +# create socket for incoming xml messages +POE::Component::Server::TCP->new( + Port => $server_port, + ClientInput => \&client_input, +); +daemon_log("start socket for incoming xml messages at port '$server_port' ", 1); + +# create session for repeatedly checking the job queue for jobs +POE::Session->create( + inline_states => { + _start => \&_start, + watch_for_new_jobs => \&watch_for_new_jobs, + } +); - if (vec($rout, fileno $fhd, 1) ) { - daemon_log("process child $pid is ready to read", 5); - $fhd->blocking(1); - my $in_msg = <$fhd>; - $fhd->blocking(0); - my $part_in_msg; - while ($part_in_msg = <$fhd>) { - if (not defined $part_in_msg) { - last; - } - $in_msg .= $part_in_msg; - } - chomp($in_msg); - - daemon_log("process child read: $in_msg", 5); - if (not defined $in_msg) { - next; - } elsif ($in_msg =~ "done") { - delete $busy_child{$pid}; - $free_child{$pid} = $child_hash; - - } else { - my $act_client = $busy_child{$pid}{client_ref}; - print $act_client $in_msg."\n"; - my $act_pipe = $busy_child{$pid}{pipe_rd}; - sleep(10); - close ($act_client); - delete $busy_child{$pid}; - $free_child{$pid} = $child_hash; +# import all modules +&import_modules; - } - } - } +# check wether all modules are gosa-si valid passwd check +POE::Kernel->run(); +exit; -}