X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-si%2Fgosa-si-server;h=bc7d4f52f3576d1f2ce6305491252ac8e8015f43;hb=ee958167924985074693316ab1ebc3f50012c9db;hp=1db1836ec1bd29611d6f3437530349d496603519;hpb=e77f0cc20085d48f417817d32cdd288ff3e7f1c7;p=gosa.git diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server index 1db1836ec..bc7d4f52f 100755 --- a/gosa-si/gosa-si-server +++ b/gosa-si/gosa-si-server @@ -25,7 +25,6 @@ use warnings; use Getopt::Long; use Config::IniFiles; use POSIX; -use Time::HiRes qw( gettimeofday ); use Fcntl; use IO::Socket::INET; @@ -59,7 +58,7 @@ my ($xml); # variables declared in config file are always set to 'our' our (%cfg_defaults, $log_file, $pid_file, - $bus_activ, $bus_passwd, $bus_ip, $bus_port, + $bus_activ, $bus_key, $bus_ip, $bus_port, $server_activ, $server_ip, $server_port, $SIPackages_key, $max_clients, $arp_activ, $arp_fifo_path, $gosa_activ, $GosaPackages_key, $gosa_ip, $gosa_port, $gosa_timeout, @@ -106,14 +105,14 @@ our $known_clients_db; "child_min" => [\$child_min, 3], "child_timeout" => [\$child_timeout, 180], "job_queue_timeout" => [\$job_queue_timeout, undef], - "job_queue_file_name" => [\$job_queue_file_name, '/var/lib/gosa-si/jobs.db'], + "job_queue_file_name" => [\$job_queue_file_name, '/var/lib/gosa-si/gosa-si-server_jobs.db'], "job_queue_loop_delay" => [\$job_queue_loop_delay, 3], - "known_clients_file_name" => [\$known_clients_file_name, '/var/lib/gosa-si/known_clients.db' ], - "known_server_file_name" => [\$known_server_file_name, '/var/lib/gosa-si/known_server.db'], + "known_clients_file_name" => [\$known_clients_file_name, '/var/lib/gosa-si/gosa-si-server_known_clients.db' ], + "known_server_file_name" => [\$known_server_file_name, '/var/lib/gosa-si/gosa-si-server_known_server.db'], }, "bus" => {"bus_activ" => [\$bus_activ, "on"], - "bus_passwd" => [\$bus_passwd, ""], + "bus_passwd" => [\$bus_key, ""], "bus_ip" => [\$bus_ip, "0.0.0.0"], "bus_port" => [\$bus_port, "20080"], }, @@ -210,7 +209,7 @@ sub daemon_log { $hours = $hours < 10 ? $hours = "0".$hours : $hours; $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes; $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds; - my @monthnames = ("Jan", "Feb", "Mar", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"); + my @monthnames = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"); $month = $monthnames[$month]; $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday; $year+=1900; @@ -360,7 +359,7 @@ sub import_modules { } else { my $info = eval($mod_name.'::get_module_info()'); # Only load module if get_module_info() returns a non-null object - if(defined($info)) { + if( $info ) { my ($input_address, $input_key, $input, $input_active, $input_type) = @{$info}; $known_modules->{$mod_name} = $info; daemon_log("module $mod_name loaded", 1); @@ -390,7 +389,6 @@ $SIG{INT} = \&sig_int_handler; sub check_key_and_xml_validity { my ($crypted_msg, $module_key) = @_; #print STDERR "crypted_msg:$crypted_msg\n"; -#print STDERR "modul:$module\n"; #print STDERR "modul_key:$module_key\n"; my $msg; @@ -445,27 +443,29 @@ sub input_from_known_server { my ($input, $remote_ip) = @_ ; my ($msg, $msg_hash, $module); - my $sql_statement= "SELECT * FROM known_server"; my $query_res = $known_server_db->select_dbentry( $sql_statement ); + while( my ($hit_num, $hit) = each %{ $query_res } ) { my $host_name = $hit->{hostname}; if( not $host_name =~ "^$remote_ip") { next; } my $host_key = $hit->{hostkey}; - daemon_log("ServerPackages: host_name: $host_name", 7); - daemon_log("ServerPackages: host_key: $host_key", 7); + daemon_log("SIPackages: known_server host_name: $host_name", 7); + daemon_log("SIPackages: known_server host_key: $host_key", 7); # check if module can open msg envelope with module key - my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $host_key); - if( (!$msg) || (!$msg_hash) ) { - daemon_log("ServerPackages: deciphering raise error", 7); + my ($tmp_msg, $tmp_msg_hash) = &check_key_and_xml_validity($input, $host_key); + if( (!$tmp_msg) || (!$tmp_msg_hash) ) { + daemon_log("SIPackages: deciphering raise error", 7); daemon_log("$@", 8); next; } else { - $module = "ServerPackages"; + $msg = $tmp_msg; + $msg_hash = $tmp_msg_hash; + $module = "SIPackages"; last; } } @@ -486,28 +486,29 @@ sub input_from_known_client { my $query_res = $known_clients_db->select_dbentry( $sql_statement ); while( my ($hit_num, $hit) = each %{ $query_res } ) { my $host_name = $hit->{hostname}; - if( not $host_name =~ "^$remote_ip") { + if( not $host_name =~ /^$remote_ip:\d*$/) { next; - } + } my $host_key = $hit->{hostkey}; - daemon_log("ServerPackages: host_name: $host_name", 7); - daemon_log("ServerPackages: host_key: $host_key", 7); + &daemon_log("SIPackages: known_client host_name: $host_name", 7); + &daemon_log("SIPackages: known_client host_key: $host_key", 7); # check if module can open msg envelope with module key - my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $host_key); + ($msg, $msg_hash) = &check_key_and_xml_validity($input, $host_key); + if( (!$msg) || (!$msg_hash) ) { - daemon_log("ServerPackages: deciphering raise error", 7); - daemon_log("$@", 8); + &daemon_log("SIPackages: deciphering raise error", 7); + &daemon_log("$@", 8); next; } else { - $module = "ServerPackages"; + $module = "SIPackages"; last; } } if( (!$msg) || (!$msg_hash) || (!$module) ) { - daemon_log("Incoming message is not from a known client", 3); + &daemon_log("Incoming message is not from a known client", 3); } return ($msg, $msg_hash, $module); @@ -543,7 +544,7 @@ sub input_from_unknown_host { } if( (!$msg) || (!$msg_hash) || (!$module)) { - daemon_log("Incoming message is not from a unknown host", 3); + daemon_log("Incoming message is not from a unknown host", 5); } return ($msg, $msg_hash, $module); @@ -591,14 +592,14 @@ sub get_encrypt_key { # target can be in known_server if( !$encrypt_key ) { - my $sql_statement= "SELECT * FROM known_server"; + my $sql_statement= "SELECT * FROM known_server WHERE hostname='$target'"; my $query_res = $known_server_db->select_dbentry( $sql_statement ); while( my ($hit_num, $hit) = each %{ $query_res } ) { my $host_name = $hit->{hostname}; if( $host_name ne $target ) { next; } - my $host_key = $hit->{hostkey}; + $encrypt_key = $hit->{hostkey}; last; } } @@ -606,7 +607,7 @@ sub get_encrypt_key { # target can be in known_client if( !$encrypt_key ) { - my $sql_statement= "SELECT * FROM known_clients"; + my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$target'"; my $query_res = $known_clients_db->select_dbentry( $sql_statement ); while( my ($hit_num, $hit) = each %{ $query_res } ) { my $host_name = $hit->{hostname}; @@ -652,7 +653,10 @@ sub send_msg_to_target { my ($msg, $address, $encrypt_key, $msg_header) = @_ ; my $error = 0; - if( !$msg_header ) { + if( $msg_header ) { + $msg_header = "'$msg_header'-"; + } + else { $msg_header = ""; } @@ -661,27 +665,35 @@ sub send_msg_to_target { # opensocket my $socket = &open_socket($address); - if(not defined $socket){ - daemon_log("cannot send $msg_header msg to $address , host not reachable", 1); + if( !$socket ) { + daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1); $error++; } if( $error == 0 ) { - # send xml msg print $socket $crypted_msg."\n"; - close $socket; - - daemon_log("send msg to $address", 1); + daemon_log("send ".$msg_header."msg to $address", 1); daemon_log("message:\n$msg", 8); } + # close socket in any case + if( $socket ) { + close $socket; + } + return; } +sub _start { + my ($kernel) = $_[KERNEL]; + &trigger_db_loop($kernel); +} + + sub client_input { no strict "refs"; my ($heap,$input,$wheel) = @_[HEAP, ARG0, ARG1]; @@ -691,7 +703,8 @@ sub client_input { my ($answer_header, @answer_target_l, $answer_source); my $client_answer; - daemon_log("Incoming msg:\n$input\n", 8); + daemon_log("Incoming msg from '".$heap->{'remote_ip'}."'", 7); + daemon_log("\n$input", 8); # msg is from a new client or gosa ($msg, $msg_hash, $module) = &input_from_unknown_host($input); @@ -703,7 +716,7 @@ sub client_input { # msg is from a gosa-si-client if(( !$msg ) || ( !$msg_hash ) || ( !$module )){ - ($msg, $msg_hash, $module) = &input_from_known_client($input); + ($msg, $msg_hash, $module) = &input_from_known_client($input, $heap->{'remote_ip'}); } # an error occurred @@ -714,8 +727,8 @@ sub client_input { ###################### # process incoming msg if( $error == 0) { - daemon_log("Processing module ".$module, 3); - $answer_l = &{ $module."::process_incoming_msg" }($msg, $msg_hash); + daemon_log("Processing module ".$module, 5); + $answer_l = &{ $module."::process_incoming_msg" }($msg, $msg_hash, $heap->{'remote_ip'}); if ( 0 > @{$answer_l} ) { my $answer_str = join("\n", @{$answer_l}); @@ -724,56 +737,112 @@ sub client_input { } if( !$answer_l ) { $error++ }; - # for each answer in answer list - foreach my $answer ( @{$answer_l} ) { - - # check answer if gosa-si envelope conform - if( $error == 0 ) { - my $answer_hash = $xml->XMLin($answer, ForceArray=>1); - $answer_header = @{$answer_hash->{'header'}}[0]; - @answer_target_l = @{$answer_hash->{'target'}}; - $answer_source = @{$answer_hash->{'source'}}[0]; - if( !$answer_header ) { - daemon_log('ERROR: module answer is not gosa-si envelope conform: no header', 1); - $error++; - } - if( 0 == length @answer_target_l ) { - daemon_log('ERROR: module answer is not gosa-si envelope conform: no targets', 1); - $error++; - } - if( !$answer_source ) { - daemon_log('ERROR: module answer is not gosa-si envelope conform: no source', 1); - $error++; - } - } + ######## + # answer + if( $error == 0 ) { - # deliver msg to all targets - foreach my $answer_target ( @answer_target_l ) { - if( $answer_target eq "*" ) { - # answer is for all clients - my $sql_statement= "SELECT * FROM known_clients"; - my $query_res = $known_clients_db->select_dbentry( $sql_statement ); - while( my ($hit_num, $hit) = each %{ $query_res } ) { - my $host_name = $hit->{hostname}; - my $host_key = $hit->{hostkey}; - &send_msg_to_target($answer, $host_name, $host_key); + # for each answer in answer list + foreach my $answer ( @{$answer_l} ) { + + my $error = 0; + # check answer if gosa-si envelope conform + if(defined($answer)) { + my $answer_hash = $xml->XMLin($answer, ForceArray=>1); + $answer_header = @{$answer_hash->{'header'}}[0]; + @answer_target_l = @{$answer_hash->{'target'}}; + $answer_source = @{$answer_hash->{'source'}}[0]; + if( !$answer_header ) { + daemon_log('ERROR: module answer is not gosa-si envelope conform: no header', 1); + daemon_log("\n$answer", 8); + $error++; + } + if( 0 == length @answer_target_l ) { + daemon_log('ERROR: module answer is not gosa-si envelope conform: no targets', 1); + daemon_log("\n$answer", 8); + $error++; + } + if( !$answer_source ) { + daemon_log('ERROR: module answer is not gosa-si envelope conform: no source', 1); + daemon_log("\n$answer", 8); + $error++; + } + + if( $error != 0 ) { + next; + } + } + + # deliver msg to all targets + foreach my $answer_target ( @answer_target_l ) { + if( $answer_target eq "*" ) { + # answer is for all clients + my $sql_statement= "SELECT * FROM known_clients"; + my $query_res = $known_clients_db->select_dbentry( $sql_statement ); + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $host_name = $hit->{hostname}; + my $host_key = $hit->{hostkey}; + &send_msg_to_target($answer, $host_name, $host_key, $answer_header); + } } - } - elsif( $answer_target eq "GOSA" ) { - # answer is for GOSA and has to returned to connected client - my $gosa_answer = &encrypt_msg($answer, $GosaPackages_key); - $client_answer = $gosa_answer; - } - else { - # answer is for one specific host - # get encrypt_key - my $encrypt_key = &get_encrypt_key($answer_target); - if( !$encrypt_key ) { - daemon_log("ERROR: no encrypt key found for answer target '$answer_target'", 1); - next; + elsif( $answer_target eq "GOSA" ) { + # answer is for GOSA and has to returned to connected client + my $gosa_answer = &encrypt_msg($answer, $GosaPackages_key); + $client_answer = $gosa_answer; + } + elsif( $answer_target eq "KNOWN_SERVER" ) { + # answer is for all server in known_server + my $sql_statement= "SELECT * FROM known_server"; + my $query_res = $known_server_db->select_dbentry( $sql_statement ); + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $host_name = $hit->{hostname}; + my $host_key = $hit->{hostkey}; + $answer =~ s/KNOWN_SERVER/$host_name/g; + &send_msg_to_target($answer, $host_name, $host_key, $answer_header); + } + } + elsif( $answer_target =~ /([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})/ ) { + daemon_log("target is mac address '$answer_target', looking for host in known_clients", 3); + my $sql_statement = "SELECT * FROM known_clients WHERE macaddress='$answer_target'"; + my $query_res = $known_clients_db->select_dbentry( $sql_statement ); + my $found_ip_flag = 0; + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $host_name = $hit->{hostname}; + my $host_key = $hit->{hostkey}; + $answer =~ s/$answer_target/$host_name/g; + daemon_log("found host '$host_name', assoziated to '$answer_target'", 3); + &send_msg_to_target($answer, $host_name, $host_key, $answer_header); + $found_ip_flag++ ; + } + if( $found_ip_flag == 0) { + daemon_log("WARNING: no host found in known_clients with mac address '$answer_target', forward msg to bus", 1); + my $sql_statement = "SELECT * FROM known_server WHERE status='bus'"; + my $query_res = $known_server_db->select_dbentry( $sql_statement ); + while( my ($hit_num, $hit) = each %{ $query_res } ) { + my $bus_address = $hit->{hostname}; + my $bus_key = $hit->{hostkey}; + &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header); + last; + } + + } + } + else { + # answer is for one specific host + # get encrypt_key + my $encrypt_key = &get_encrypt_key($answer_target); + if( !$encrypt_key ) { + # unknown target, forward msg to bus + daemon_log("WARNING: unknown target '$answer_target', forward msg to bus", 3); + my $sql_statement = "SELECT * FROM known_server WHERE status='bus'"; + my $query_res = $known_server_db->select_dbentry( $sql_statement ); + my $bus_address = $query_res->{1}->{hostname}; + my $bus_key = $query_res->{1}->{hostkey}; + &send_msg_to_target($answer, $bus_address, $bus_key, $answer_header); + next; + } + # send_msg + &send_msg_to_target($answer, $answer_target, $encrypt_key, $answer_header); } - # send_msg - &send_msg_to_target($answer, $answer_target, $encrypt_key); } } } @@ -786,8 +855,10 @@ sub client_input { } + sub trigger_db_loop { - my ($kernel) = $_[KERNEL]; +# my ($kernel) = $_[KERNEL]; + my ($kernel) = @_ ; $kernel->delay_set('watch_for_new_jobs',3); } @@ -909,7 +980,7 @@ daemon_log(" ", 1); daemon_log("$0 started!", 1); # delete old DBsqlite lock files -system('rm -f /tmp/gosa_si_lock*'); +system('rm -f /tmp/gosa_si_lock*gosa-si-server*'); # connect to gosa-si job queue my @job_col_names = ("id", "timestamp", "status", "result", "headertag", "targettag", "xmlmessage", "macaddress"); @@ -926,28 +997,29 @@ my @server_col_names = ('hostname', 'status', 'hostkey', 'timestamp'); $known_server_db = GOSA::DBsqlite->new($known_server_file_name); $known_server_db->create_table('known_server', \@server_col_names); -# import all modules -&import_modules; - -# check wether all modules are gosa-si valid passwd check - # create xml object used for en/decrypting $xml = new XML::Simple(); +# create socket for incoming xml messages +POE::Component::Server::TCP->new( + Port => $server_port, + ClientInput => \&client_input, +); +daemon_log("start socket for incoming xml messages at port '$server_port' ", 1); + # create session for repeatedly checking the job queue for jobs POE::Session->create( inline_states => { - _start => \&trigger_db_loop, + _start => \&_start, watch_for_new_jobs => \&watch_for_new_jobs, } ); -# create socket for incoming xml messages -POE::Component::Server::TCP->new( - Port => $server_port, - ClientInput => \&client_input, -); -daemon_log("start socket for incoming xml messages at port '$server_port' ", 1); + +# import all modules +&import_modules; + +# check wether all modules are gosa-si valid passwd check POE::Kernel->run(); exit;