X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-si%2Fgosa-si-server;h=a46f68c2e7897aa48e57e2d903f3dcad5bd07949;hb=e20a7e3220c94e64cafd8912b48ef1ae1c8eb113;hp=a3764f4cdedf481179965270c7f6985acd88669c;hpb=d9eeaa2981dd62dc189e9172339f3ef2ef0d58e6;p=gosa.git diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server index a3764f4cd..a46f68c2e 100755 --- a/gosa-si/gosa-si-server +++ b/gosa-si/gosa-si-server @@ -47,21 +47,18 @@ use lib "/usr/lib/gosa-si/modules"; my (%cfg_defaults, $foreground, $verbose, $ping_timeout); my ($bus, $msg_to_bus, $bus_cipher); -my ($server, $server_mac_address, $server_events); +my ($server, $server_mac_address); my ($gosa_server, $job_queue_timeout, $job_queue_table_name, $job_queue_file_name,$job_queue_loop_delay); my ($known_modules, $known_clients_file_name, $known_server_file_name); -my ($max_clients); my ($pid_file, $procid, $pid, $log_file); -my (%free_child, %busy_child, $child_max, $child_min, %child_alive_time, $child_timeout); -my ($arp_activ, $arp_fifo, $arp_fifo_path); +my ($arp_activ, $arp_fifo); my ($xml); # variables declared in config file are always set to 'our' our (%cfg_defaults, $log_file, $pid_file, - $bus_activ, $bus_key, $bus_ip, $bus_port, - $server_activ, $server_ip, $server_port, $SIPackages_key, $max_clients, - $arp_activ, $arp_fifo_path, - $gosa_activ, $GosaPackages_key, $gosa_ip, $gosa_port, $gosa_timeout, + $server_ip, $server_port, $SIPackages_key, + $arp_activ, + $GosaPackages_key, $gosa_ip, $gosa_port, $gosa_timeout, ); # additional variable which should be globaly accessable @@ -97,43 +94,28 @@ our $known_server_db; # holds all registrated clients our $known_clients_db; -%cfg_defaults = -("general" => - {"log_file" => [\$log_file, "/var/run/".$0.".log"], - "pid_file" => [\$pid_file, "/var/run/".$0.".pid"], - "child_max" => [\$child_max, 10], - "child_min" => [\$child_min, 3], - "child_timeout" => [\$child_timeout, 180], - "job_queue_timeout" => [\$job_queue_timeout, undef], - "job_queue_file_name" => [\$job_queue_file_name, '/var/lib/gosa-si/gosa-si-server_jobs.db'], - "job_queue_loop_delay" => [\$job_queue_loop_delay, 3], - "known_clients_file_name" => [\$known_clients_file_name, '/var/lib/gosa-si/gosa-si-server_known_clients.db' ], - "known_server_file_name" => [\$known_server_file_name, '/var/lib/gosa-si/gosa-si-server_known_server.db'], - }, -"bus" => - {"bus_activ" => [\$bus_activ, "on"], - "bus_passwd" => [\$bus_key, ""], - "bus_ip" => [\$bus_ip, "0.0.0.0"], - "bus_port" => [\$bus_port, "20080"], +%cfg_defaults = ( +"general" => { + "log-file" => [\$log_file, "/var/run/".$0.".log"], + "pid-file" => [\$pid_file, "/var/run/".$0.".pid"], }, -"server" => - {"server_activ" => [\$server_activ, "on"], - "server_ip" => [\$server_ip, "0.0.0.0"], - "server_port" => [\$server_port, "20081"], - "SIPackages_key" => [\$SIPackages_key, "none"], - "max_clients" => [\$max_clients, 100], +"server" => { +# "ip" => [\$server_ip, "0.0.0.0"], + "port" => [\$server_port, "20081"], + "known-clients" => [\$known_clients_file_name, '/var/lib/gosa-si/clients.db' ], + "known-servers" => [\$known_server_file_name, '/var/lib/gosa-si/servers.db'], }, -"arp" => - {"arp_activ" => [\$arp_activ, "on"], - "arp_fifo_path" => [\$arp_fifo_path, "/var/run/gosa-si/arp-notify"], +"GOsaPackages" => { + "ip" => [\$gosa_ip, "0.0.0.0"], + "port" => [\$gosa_port, "20082"], + "job-queue" => [\$job_queue_file_name, '/var/lib/gosa-si/jobs.db'], + "job-queue-loop-delay" => [\$job_queue_loop_delay, 3], + "key" => [\$GosaPackages_key, "none"], }, -"gosa" => - {"gosa_activ" => [\$gosa_activ, "on"], - "gosa_ip" => [\$gosa_ip, "0.0.0.0"], - "gosa_port" => [\$gosa_port, "20082"], - "GosaPackages_key" => [\$GosaPackages_key, "none"], +"SIPackages" => { + "key" => [\$SIPackages_key, "none"], }, - ); +); #=== FUNCTION ================================================================ @@ -431,7 +413,7 @@ sub check_key_and_xml_validity { }; if($@) { - &main::daemon_log("WARNING: do not understand the message:", 5); + &main::daemon_log("WARNING: do not understand the message", 5); &main::daemon_log("$@", 8); } @@ -524,6 +506,11 @@ sub input_from_unknown_host { while( my ($mod, $info) = each(%act_modules)) { # check a key exists for this module + + +print STDERR "SIPackages_key:$SIPackages_key\n"; + + my $module_key = ${$mod."_key"}; if( ! $module_key ) { daemon_log("ERROR: no key specified in config file for $mod", 1); @@ -534,7 +521,7 @@ sub input_from_unknown_host { # check if module can open msg envelope with module key ($msg, $msg_hash) = &check_key_and_xml_validity($input, $module_key); if( (!$msg) || (!$msg_hash) ) { - daemon_log("$mod: deciphering failed", 5); + #daemon_log("$mod: deciphering failed", 5); next; } else { @@ -544,7 +531,7 @@ sub input_from_unknown_host { } if( (!$msg) || (!$msg_hash) || (!$module)) { - daemon_log("Incoming message is not from a unknown host", 3); + daemon_log("Incoming message is not from a unknown host", 5); } return ($msg, $msg_hash, $module); @@ -552,6 +539,9 @@ sub input_from_unknown_host { sub create_ciphering { my ($passwd) = @_; + if((!defined($passwd)) || length($passwd)==0) { + $passwd = ""; + } $passwd = substr(md5_hex("$passwd") x 32, 0, 32); my $iv = substr(md5_hex('GONICUS GmbH'),0, 16); my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC()); @@ -649,24 +639,103 @@ sub open_socket { } +#=== FUNCTION ================================================================ +# NAME: get_ip +# PARAMETERS: interface name (i.e. eth0) +# RETURNS: (ip address) +# DESCRIPTION: Uses ioctl to get ip address directly from system. +#=============================================================================== +sub get_ip { + my $ifreq= shift; + my $result= ""; + my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list + my $proto= getprotobyname('ip'); + + socket SOCKET, PF_INET, SOCK_DGRAM, $proto + or die "socket: $!"; + + if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) { + my ($if, $sin) = unpack 'a16 a16', $ifreq; + my ($port, $addr) = sockaddr_in $sin; + my $ip = inet_ntoa $addr; + + if ($ip && length($ip) > 0) { + $result = $ip; + } + } + + return $result; +} + +sub get_local_ip_for_remote_ip { + my $remote_ip= shift; + my $result="0.0.0.0"; + + if($remote_ip =~ /^(\d\d?\d?\.){3}\d\d?\d?$/) { + if($remote_ip eq "127.0.0.1") { + $result = "127.0.0.1"; + } else { + my $PROC_NET_ROUTE= ('/proc/net/route'); + + open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE") + or die "Could not open $PROC_NET_ROUTE"; + + my @ifs = ; + + close(PROC_NET_ROUTE); + + # Eat header line + shift @ifs; + chomp @ifs; + foreach my $line(@ifs) { + my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line); + my $destination; + my $mask; + my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination); + $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); + ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask); + $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); + if(new NetAddr::IP($remote_ip)->within(new NetAddr::IP($destination, $mask))) { + # destination matches route, save mac and exit + $result= &get_ip($Iface); + last; + } + } + } + } else { + daemon_log("get_local_ip_for_remote_ip was called with a non-ip parameter: $remote_ip", 1); + } + return $result; +} + sub send_msg_to_target { my ($msg, $address, $encrypt_key, $msg_header) = @_ ; my $error = 0; - + my $header; + my $new_status; + my $act_status; + my ($sql_statement, $res); + if( $msg_header ) { - $msg_header = "'$msg_header'-"; + $header = "'$msg_header'-"; } else { - $msg_header = ""; + $header = ""; } + # Patch the source ip + if($msg =~ /0\.0\.0\.0:\d*?<\/source>/) { + my $remote_ip = &get_local_ip_for_remote_ip(sprintf("%s", $address =~ /^([0-9\.]*?):.*$/)); + $msg =~ s/(0\.0\.0\.0):(\d*?)<\/source>/$remote_ip:$2<\/source>/s; + } + # encrypt xml msg my $crypted_msg = &encrypt_msg($msg, $encrypt_key); # opensocket my $socket = &open_socket($address); if( !$socket ) { - daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1); + daemon_log("cannot send ".$header."msg to $address , host not reachable", 1); $error++; } @@ -674,9 +743,9 @@ sub send_msg_to_target { # send xml msg print $socket $crypted_msg."\n"; - daemon_log("send ".$msg_header."msg to $address", 1); + daemon_log("send ".$header."msg to $address", 1); daemon_log("message:\n$msg", 8); - + } # close socket in any case @@ -684,7 +753,55 @@ sub send_msg_to_target { close $socket; } - return; + if( $error > 0 ) { $new_status = "down"; } + else { $new_status = $msg_header; } + + + # known_clients + $sql_statement = "SELECT * FROM known_clients WHERE hostname='$address'"; + $res = $known_clients_db->select_dbentry($sql_statement); + if( keys(%$res) > 0) { + $act_status = $res->{1}->{'status'}; + if( $act_status eq "down" ) { + $sql_statement = "DELETE FROM known_clients WHERE hostname='$address'"; + $res = $known_clients_db->del_dbentry($sql_statement); + daemon_log("WARNING: failed 2x to send msg to host '$address', delete host from known_clients", 3); + } + else { + $sql_statement = "UPDATE known_clients SET status='$new_status' WHERE hostname='$address'"; + $res = $known_clients_db->update_dbentry($sql_statement); + if($new_status eq "down"){ + daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3); + } + else { + daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5); + } + } + } + + # known_server + $sql_statement = "SELECT * FROM known_server WHERE hostname='$address'"; + $res = $known_server_db->select_dbentry($sql_statement); + if( keys(%$res) > 0 ) { + $act_status = $res->{1}->{'status'}; + if( $act_status eq "down" ) { + $sql_statement = "DELETE FROM known_server WHERE hostname='$address'"; + $res = $known_clients_db->del_dbentry($sql_statement); + daemon_log("WARNING: failed 2x to a send msg to host '$address', delete host from known_server", 3); + } + else { + $sql_statement = "UPDATE known_server SET status='$new_status' WHERE hostname='$address'"; + $res = $known_server_db->update_dbentry($sql_statement); + if($new_status eq "down"){ + daemon_log("WARNING: set '$address' from status '$act_status' to '$new_status'", 3); + } + else { + daemon_log("INFO: set '$address' from status '$act_status' to '$new_status'", 5); + } + } + } + + return; } @@ -727,7 +844,7 @@ sub client_input { ###################### # process incoming msg if( $error == 0) { - daemon_log("Processing module ".$module, 3); + daemon_log("Processing module ".$module, 5); $answer_l = &{ $module."::process_incoming_msg" }($msg, $msg_hash, $heap->{'remote_ip'}); if ( 0 > @{$answer_l} ) { @@ -744,35 +861,33 @@ sub client_input { # for each answer in answer list foreach my $answer ( @{$answer_l} ) { - - - - - my $error = 0; - # check answer if gosa-si envelope conform - my $answer_hash = $xml->XMLin($answer, ForceArray=>1); - $answer_header = @{$answer_hash->{'header'}}[0]; - @answer_target_l = @{$answer_hash->{'target'}}; - $answer_source = @{$answer_hash->{'source'}}[0]; - if( !$answer_header ) { - daemon_log('ERROR: module answer is not gosa-si envelope conform: no header', 1); - daemon_log("\n$answer", 8); - $error++; - } - if( 0 == length @answer_target_l ) { - daemon_log('ERROR: module answer is not gosa-si envelope conform: no targets', 1); - daemon_log("\n$answer", 8); - $error++; - } - if( !$answer_source ) { - daemon_log('ERROR: module answer is not gosa-si envelope conform: no source', 1); - daemon_log("\n$answer", 8); - $error++; - } - - if( $error != 0 ) { - next; - } + my $error = 0; + # check answer if gosa-si envelope conform + if(defined($answer)) { + my $answer_hash = $xml->XMLin($answer, ForceArray=>1); + $answer_header = @{$answer_hash->{'header'}}[0]; + @answer_target_l = @{$answer_hash->{'target'}}; + $answer_source = @{$answer_hash->{'source'}}[0]; + if( !$answer_header ) { + daemon_log('ERROR: module answer is not gosa-si envelope conform: no header', 1); + daemon_log("\n$answer", 8); + $error++; + } + if( 0 == length @answer_target_l ) { + daemon_log('ERROR: module answer is not gosa-si envelope conform: no targets', 1); + daemon_log("\n$answer", 8); + $error++; + } + if( !$answer_source ) { + daemon_log('ERROR: module answer is not gosa-si envelope conform: no source', 1); + daemon_log("\n$answer", 8); + $error++; + } + + if( $error != 0 ) { + next; + } + } # deliver msg to all targets foreach my $answer_target ( @answer_target_l ) { @@ -784,7 +899,7 @@ sub client_input { my $host_name = $hit->{hostname}; my $host_key = $hit->{hostkey}; &send_msg_to_target($answer, $host_name, $host_key, $answer_header); - } + } } elsif( $answer_target eq "GOSA" ) { # answer is for GOSA and has to returned to connected client @@ -802,13 +917,43 @@ sub client_input { &send_msg_to_target($answer, $host_name, $host_key, $answer_header); } } + elsif( $answer_target =~ /([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})/ ) { + daemon_log("target is mac address '$answer_target', looking for host in known_clients", 3); + my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$answer_target'"; + my $query_res = $known_clients_db->select_dbentry( $sql_statement ); + my $found_ip_flag = 0; + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $host_name = $hit->{hostname}; + my $host_key = $hit->{hostkey}; + $answer =~ s/$answer_target/$host_name/g; + daemon_log("found host '$host_name', assoziated to '$answer_target'", 3); + &send_msg_to_target($answer, $host_name, $host_key, $answer_header); + $found_ip_flag++ ; + } + if( $found_ip_flag == 0) { + daemon_log("WARNING: no host found in known_clients with mac address '$answer_target', forward msg to bus", 1); + my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'"; + my $query_res = $known_server_db->select_dbentry( $sql_statement ); + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $bus_address = $hit->{hostname}; + my $bus_key = $hit->{hostkey}; + &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header); + last; + } + + } + } else { # answer is for one specific host # get encrypt_key my $encrypt_key = &get_encrypt_key($answer_target); if( !$encrypt_key ) { - daemon_log("ERROR: no encrypt key found for answer target '$answer_target'", 1); - daemon_log("\n$answer", 8); + # unknown target, forward msg to bus + daemon_log("WARNING: unknown target '$answer_target', forward msg to bus", 3); + my $sql_statement = "SELECT * FROM known_server WHERE hostname='$bus_address'"; + my $query_res = $known_server_db->select_dbentry( $sql_statement ); + my $bus_key = $query_res->{1}->{hostkey}; + &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header); next; } # send_msg @@ -830,7 +975,7 @@ sub client_input { sub trigger_db_loop { # my ($kernel) = $_[KERNEL]; my ($kernel) = @_ ; - $kernel->delay_set('watch_for_new_jobs',3); + $kernel->delay_set('watch_for_new_jobs', $job_queue_loop_delay); } @@ -954,7 +1099,7 @@ daemon_log("$0 started!", 1); system('rm -f /tmp/gosa_si_lock*gosa-si-server*'); # connect to gosa-si job queue -my @job_col_names = ("id", "timestamp", "status", "result", "headertag", "targettag", "xmlmessage", "macaddress"); +my @job_col_names = ("id INTEGER", "timestamp", "status", "result", "headertag", "targettag", "xmlmessage", "macaddress"); $job_db = GOSA::DBsqlite->new($job_queue_file_name); $job_db->create_table('jobs', \@job_col_names);