X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-si%2Fgosa-si-server;h=1ca28e06e044bcbdc85ec89bef5f0cf7b7c69264;hb=f7d8477176df472071cdd840b90e38d0b37862c6;hp=aa8590f954ff932dd183b1bb0c6bb90aae0616e2;hpb=d9062c4b34dc5a7bb1258bba8404dd7f7fac976d;p=gosa.git diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server index aa8590f95..1ca28e06e 100755 --- a/gosa-si/gosa-si-server +++ b/gosa-si/gosa-si-server @@ -78,9 +78,10 @@ my $max_clients; my %repo_files=(); my $repo_path; my %repo_dirs=(); -# variables declared in config file are always set to 'our' + +# Variables declared in config file are always set to 'our' our (%cfg_defaults, $log_file, $pid_file, - $server_ip, $server_port, $ClientPackages_key, + $server_ip, $server_port, $ClientPackages_key, $dns_lookup, $arp_activ, $gosa_unit_tag, $GosaPackages_key, $gosa_timeout, $foreign_server_string, $server_domain, $ServerPackages_key, $foreign_servers_register_delay, @@ -100,6 +101,9 @@ our $forground; our $cfg_file; our ($ldap_uri, $ldap_base, $ldap_admin_dn, $ldap_admin_password, $ldap_server_dn); our $known_modules; +our $root_uid; +our $adm_gid; + # specifies the verbosity of the daemon_log $verbose = 0 ; @@ -222,26 +226,26 @@ our $logged_in_user_date_of_expiry = 600; "pid-file" => [\$pid_file, "/var/run/".$prg.".pid"], }, "server" => { - "ip" => [\$server_ip, "0.0.0.0"], - "port" => [\$server_port, "20081"], - "known-clients" => [\$known_clients_file_name, '/var/lib/gosa-si/clients.db' ], - "known-servers" => [\$known_server_file_name, '/var/lib/gosa-si/servers.db'], - "incoming" => [\$incoming_file_name, '/var/lib/gosa-si/incoming.db'], - "login-users" => [\$login_users_file_name, '/var/lib/gosa-si/users.db'], - "fai-server" => [\$fai_server_file_name, '/var/lib/gosa-si/fai_server.db'], - "fai-release" => [\$fai_release_file_name, '/var/lib/gosa-si/fai_release.db'], - "packages-list" => [\$packages_list_file_name, '/var/lib/gosa-si/packages.db'], - "messaging" => [\$messaging_file_name, '/var/lib/gosa-si/messaging.db'], - "foreign-clients" => [\$foreign_clients_file_name, '/var/lib/gosa-si/foreign_clients.db'], - "source-list" => [\$sources_list, '/etc/apt/sources.list'], - "repo-path" => [\$repo_path, '/srv/www/repository'], - "ldap-uri" => [\$ldap_uri, ""], - "ldap-base" => [\$ldap_base, ""], - "ldap-admin-dn" => [\$ldap_admin_dn, ""], - "ldap-admin-password" => [\$ldap_admin_password, ""], - "gosa-unit-tag" => [\$gosa_unit_tag, ""], - "max-clients" => [\$max_clients, 10], - "wol-password" => [\$wake_on_lan_passwd, ""], + "ip" => [\$server_ip, "0.0.0.0"], + "port" => [\$server_port, "20081"], + "known-clients" => [\$known_clients_file_name, '/var/lib/gosa-si/clients.db' ], + "known-servers" => [\$known_server_file_name, '/var/lib/gosa-si/servers.db'], + "incoming" => [\$incoming_file_name, '/var/lib/gosa-si/incoming.db'], + "login-users" => [\$login_users_file_name, '/var/lib/gosa-si/users.db'], + "fai-server" => [\$fai_server_file_name, '/var/lib/gosa-si/fai_server.db'], + "fai-release" => [\$fai_release_file_name, '/var/lib/gosa-si/fai_release.db'], + "packages-list" => [\$packages_list_file_name, '/var/lib/gosa-si/packages.db'], + "messaging" => [\$messaging_file_name, '/var/lib/gosa-si/messaging.db'], + "foreign-clients" => [\$foreign_clients_file_name, '/var/lib/gosa-si/foreign_clients.db'], + "source-list" => [\$sources_list, '/etc/apt/sources.list'], + "repo-path" => [\$repo_path, '/srv/www/repository'], + "ldap-uri" => [\$ldap_uri, ""], + "ldap-base" => [\$ldap_base, ""], + "ldap-admin-dn" => [\$ldap_admin_dn, ""], + "ldap-admin-password" => [\$ldap_admin_password, ""], + "gosa-unit-tag" => [\$gosa_unit_tag, ""], + "max-clients" => [\$max_clients, 10], + "wol-password" => [\$wake_on_lan_passwd, ""], }, "GOsaPackages" => { "job-queue" => [\$job_queue_file_name, '/var/lib/gosa-si/jobs.db'], @@ -256,6 +260,7 @@ our $logged_in_user_date_of_expiry = 600; }, "ServerPackages"=> { "address" => [\$foreign_server_string, ""], + "dns-lookup" => [\$dns_lookup, "true"], "domain" => [\$server_domain, ""], "key" => [\$ServerPackages_key, "none"], "key-lifetime" => [\$foreign_servers_register_delay, 120], @@ -312,7 +317,6 @@ sub daemon_log { if(not defined $level) { $level = 1 } if(defined $log_file){ open(LOG_HANDLE, ">>$log_file"); - chmod 0600, $log_file; if(not defined open( LOG_HANDLE, ">>$log_file" )) { print STDERR "cannot open $log_file: $!"; return @@ -696,42 +700,41 @@ sub input_from_known_client { sub input_from_unknown_host { - no strict "refs"; - my ($input, $session_id) = @_ ; - my ($msg, $msg_hash, $module); - my $error_string; - + no strict "refs"; + my ($input, $session_id) = @_ ; + my ($msg, $msg_hash, $module); + my $error_string; + my %act_modules = %$known_modules; - - while( my ($mod, $info) = each(%act_modules)) { - # check a key exists for this module - my $module_key = ${$mod."_key"}; - if( not defined $module_key ) { - if( $mod eq 'ArpHandler' ) { - next; - } - daemon_log("$session_id ERROR: no key specified in config file for $mod", 1); - next; - } - daemon_log("$session_id DEBUG: $mod: $module_key", 7); + while( my ($mod, $info) = each(%act_modules)) { - # check if module can open msg envelope with module key - ($msg, $msg_hash) = &check_key_and_xml_validity($input, $module_key, $session_id); - if( (not defined $msg) || (not defined $msg_hash) ) { - next; - } - else { - $module = $mod; - last; - } - } + # check a key exists for this module + my $module_key = ${$mod."_key"}; + if( not defined $module_key ) { + if( $mod eq 'ArpHandler' ) { + next; + } + daemon_log("$session_id ERROR: no key specified in config file for $mod", 1); + next; + } + daemon_log("$session_id DEBUG: $mod: $module_key", 7); - if( (!$msg) || (!$msg_hash) || (!$module)) { - daemon_log("$session_id DEBUG: Incoming message is not from an unknown host", 7); - } + # check if module can open msg envelope with module key + ($msg, $msg_hash) = &check_key_and_xml_validity($input, $module_key, $session_id); + if( (not defined $msg) || (not defined $msg_hash) ) { + next; + } else { + $module = $mod; + last; + } + } - return ($msg, $msg_hash, $module); + if( (!$msg) || (!$msg_hash) || (!$module)) { + daemon_log("$session_id DEBUG: Incoming message is not from an unknown host", 7); + } + + return ($msg, $msg_hash, $module); } @@ -1086,6 +1089,7 @@ sub msg_to_decrypt { if (not $done) { if ($target eq "GOSA" && $source eq "GOSA") { $done = 1; + &daemon_log("$session_id DEBUG: target and source is 'GOSA' -> process here", 7); } } @@ -1097,7 +1101,7 @@ sub msg_to_decrypt { if ($source eq "GOSA") { $msg =~ s/<\/xml>/$local_address,$session_id<\/forward_to_gosa><\/xml>/; } - #print STDERR "target is own address without forward_to_gosa-tag -> process here\n"; + &daemon_log("$session_id DEBUG: target is own address without forward_to_gosa-tag -> process here", 7); } } @@ -1109,11 +1113,11 @@ sub msg_to_decrypt { $done = 1; my $hostname = $res->{1}->{'hostname'}; $msg =~ s/$target<\/target>/$hostname<\/target>/; - #print STDERR "target is a client address in known_clients -> process here\n"; my $local_address = &get_local_ip_for_remote_ip($target_ip).":$server_port"; if ($source eq "GOSA") { $msg =~ s/<\/xml>/$local_address,$session_id<\/forward_to_gosa><\/xml>/; } + &daemon_log("$session_id DEBUG: target is a client address in known_clients -> process here", 7); } else { $not_found_in_known_clients_db = 1; @@ -1129,7 +1133,7 @@ sub msg_to_decrypt { my ($gosa_at, $gosa_session_id) = split(/,/, $forward_to_gosa); if ($gosa_at ne $local_address) { $done = 1; - #print STDERR "target is own address with forward_to_gosa-tag not pointing to myself -> process here\n"; + &daemon_log("$session_id DEBUG: target is own address with forward_to_gosa-tag not pointing to myself -> process here", 7); } } } @@ -1171,7 +1175,7 @@ sub msg_to_decrypt { &daemon_log("$session_id INFO: incoming '$header' message forwarded to GOsa", 5); } $done = 1; - #print STDERR "target is own address with forward_to_gosa-tag pointing at myself -> forward to gosa\n"; + &daemon_log("$session_id DEBUG: target is own address with forward_to_gosa-tag pointing at myself -> forward to gosa", 7); } } @@ -1198,7 +1202,7 @@ sub msg_to_decrypt { &send_msg_to_target($msg, $regserver, $regserver_key, $header, $session_id); } $done = 1; - #print STDERR "target is a client address in foreign_clients -> forward to registration server\n"; + &daemon_log("$session_id DEBUG: target is a client address in foreign_clients -> forward to registration server", 7); } else { $not_found_in_foreign_clients_db = 1; } @@ -1219,6 +1223,7 @@ sub msg_to_decrypt { &send_msg_to_target($msg, $target, $hostkey, $header, $session_id); $done = 1; + &daemon_log("$session_id DEBUG: target is a server address -> forward to server", 7); } else { $not_found_in_known_server_db = 1; } @@ -1239,6 +1244,7 @@ sub msg_to_decrypt { sessionid=>$session_id, } ); $done = 1; + &daemon_log("$session_id DEBUG: target is not in foreign_clients_db, known_server_db or known_clients_db, maybe it is a complete new one -> process here", 7); } @@ -1718,16 +1724,17 @@ sub watch_for_new_jobs { # Skip new jobs for host if there is a processing job if(defined($res) and defined @{$res}[0]) { # Prevent race condition if there is a trigger_activate job waiting and a goto-activation job processing - if(@{$res}[5] eq 'goto-activation') { + my $row = @{$res}[0] if (ref $res eq 'ARRAY'); + if(@{$row}[5] eq 'trigger_action_reinstall') { my $sql_statement_2 = "SELECT * FROM $job_queue_tn WHERE macaddress LIKE '$macaddress' AND status='waiting' AND headertag = 'trigger_activate_new'"; my $res_2 = $job_db->exec_statement( $sql_statement_2 ); - if(defined($res_2) and defined @{$res}[0]) { + if(defined($res_2) and defined @{$res_2}[0]) { # Set status from goto-activation to 'waiting' and update timestamp - $job_db->exec_statement = "UPDATE $job_queue_tn SET status='waiting' WHERE macaddress LIKE '$macaddress' AND headertag = 'trigger_action_reinstall'"; - $job_db->exec_statement = "UPDATE $job_queue_tn SET timestamp='".&get_time(30)."' WHERE macaddress LIKE '$macaddress' AND headertag = 'trigger_action_reinstall'"; - next; + $job_db->exec_statement("UPDATE $job_queue_tn SET status='waiting' WHERE macaddress LIKE '$macaddress' AND headertag = 'trigger_action_reinstall'"); + $job_db->exec_statement("UPDATE $job_queue_tn SET timestamp='".&get_time(30)."' WHERE macaddress LIKE '$macaddress' AND headertag = 'trigger_action_reinstall'"); } } + next; } foreach my $jobdb_headertag (keys %{$hits->{$macaddress}}) { @@ -3130,6 +3137,12 @@ if ($server_headURL =~ /\/tag\// || $server_status = "developmental" ; } +# Prepare log file +$root_uid = getpwnam('root'); +$adm_gid = getgrnam('adm'); +chmod(0640, $log_file); +chown($root_uid, $adm_gid, $log_file); +chown($root_uid, $adm_gid, "/var/lib/gosa-si"); daemon_log(" ", 1); daemon_log("$0 started!", 1); @@ -3144,42 +3157,61 @@ $incoming_db->create_table($incoming_tn, \@incoming_col_names); # connect to gosa-si job queue $job_db = GOSA::DBsqlite->new($job_queue_file_name); $job_db->create_table($job_queue_tn, \@job_queue_col_names); +chmod(0660, $job_queue_file_name); +chown($root_uid, $adm_gid, $job_queue_file_name); + # connect to known_clients_db $known_clients_db = GOSA::DBsqlite->new($known_clients_file_name); $known_clients_db->create_table($known_clients_tn, \@known_clients_col_names); +chmod(0660, $known_clients_file_name); +chown($root_uid, $adm_gid, $known_clients_file_name); # connect to foreign_clients_db $foreign_clients_db = GOSA::DBsqlite->new($foreign_clients_file_name); $foreign_clients_db->create_table($foreign_clients_tn, \@foreign_clients_col_names); +chmod(0660, $foreign_clients_file_name); +chown($root_uid, $adm_gid, $foreign_clients_file_name); # connect to known_server_db unlink($known_server_file_name); $known_server_db = GOSA::DBsqlite->new($known_server_file_name); $known_server_db->create_table($known_server_tn, \@known_server_col_names); +chmod(0660, $known_server_file_name); +chown($root_uid, $adm_gid, $known_server_file_name); # connect to login_usr_db $login_users_db = GOSA::DBsqlite->new($login_users_file_name); $login_users_db->create_table($login_users_tn, \@login_users_col_names); +chmod(0660, $login_users_file_name); +chown($root_uid, $adm_gid, $login_users_file_name); # connect to fai_server_db and fai_release_db unlink($fai_server_file_name); $fai_server_db = GOSA::DBsqlite->new($fai_server_file_name); $fai_server_db->create_table($fai_server_tn, \@fai_server_col_names); +chmod(0660, $fai_server_file_name); +chown($root_uid, $adm_gid, $fai_server_file_name); unlink($fai_release_file_name); $fai_release_db = GOSA::DBsqlite->new($fai_release_file_name); $fai_release_db->create_table($fai_release_tn, \@fai_release_col_names); +chmod(0660, $fai_release_file_name); +chown($root_uid, $adm_gid, $fai_release_file_name); # connect to packages_list_db #unlink($packages_list_file_name); unlink($packages_list_under_construction); $packages_list_db = GOSA::DBsqlite->new($packages_list_file_name); $packages_list_db->create_table($packages_list_tn, \@packages_list_col_names); +chmod(0660, $packages_list_file_name); +chown($root_uid, $adm_gid, $packages_list_file_name); # connect to messaging_db $messaging_db = GOSA::DBsqlite->new($messaging_file_name); $messaging_db->create_table($messaging_tn, \@messaging_col_names); +chmod(0660, $messaging_file_name); +chown($root_uid, $adm_gid, $messaging_file_name); # create xml object used for en/decrypting @@ -3195,37 +3227,49 @@ if ($foreign_server_string ne "") { foreach my $foreign_server (@cfg_foreign_server_list) { push(@foreign_server_list, $foreign_server); } -} -# add foreign server from dns -my @tmp_servers; -if ( !$server_domain) { - # Try our DNS Searchlist - for my $domain(get_dns_domains()) { - chomp($domain); - my ($tmp_domains, $error_string) = &get_server_addresses($domain); - if(@$tmp_domains) { - for my $tmp_server(@$tmp_domains) { - push @tmp_servers, $tmp_server; + daemon_log("0 INFO: found foreign server in config file: ".join(", ", @foreign_server_list), 5); +} + +# Perform a DNS lookup for server registration if flag is true +if ($dns_lookup eq "true") { + # Add foreign server from dns + my @tmp_servers; + if (not $server_domain) { + # Try our DNS Searchlist + for my $domain(get_dns_domains()) { + chomp($domain); + my ($tmp_domains, $error_string) = &get_server_addresses($domain); + if(@$tmp_domains) { + for my $tmp_server(@$tmp_domains) { + push @tmp_servers, $tmp_server; + } } } + if(@tmp_servers && length(@tmp_servers)==0) { + daemon_log("0 WARNING: no foreign gosa-si-server found in DNS for domain '$server_domain'", 3); + } + } else { + @tmp_servers = &get_server_addresses($server_domain); + if( 0 == @tmp_servers ) { + daemon_log("0 WARNING: no foreign gosa-si-server found in DNS for domain '$server_domain'", 3); + } } - if(@tmp_servers && length(@tmp_servers)==0) { - daemon_log("0 WARNING: no foreign gosa-si-server found in DNS for domain '$server_domain'", 3); + + daemon_log("0 INFO: found foreign server via DNS ".join(", ", @tmp_servers), 5); + + foreach my $server (@tmp_servers) { + unshift(@foreign_server_list, $server); } } else { - @tmp_servers = &get_server_addresses($server_domain); - if( 0 == @tmp_servers ) { - daemon_log("0 WARNING: no foreign gosa-si-server found in DNS for domain '$server_domain'", 3); - } -} -foreach my $server (@tmp_servers) { - unshift(@foreign_server_list, $server); + daemon_log("0 INFO: DNS lookup for server registration is disabled", 5); } + + # eliminate duplicate entries @foreign_server_list = &del_doubles(@foreign_server_list); my $all_foreign_server = join(", ", @foreign_server_list); -daemon_log("0 INFO: found foreign server in config file and DNS: $all_foreign_server", 5); +daemon_log("0 INFO: found foreign server in config file and DNS: '$all_foreign_server'", 5); # add all found foreign servers to known_server my $act_timestamp = &get_time();