X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-si%2Fmodules%2FSIPackages.pm;h=4f7bd8611dedec2cd1dae64768424fa369a409f7;hb=1bf6d6303fb62f5b51b9ebff12524f7631a02bc7;hp=c273341cffe41d23de65814f51ad22c8c971ebf5;hpb=e77f0cc20085d48f417817d32cdd288ff3e7f1c7;p=gosa.git diff --git a/gosa-si/modules/SIPackages.pm b/gosa-si/modules/SIPackages.pm index c273341cf..4f7bd8611 100644 --- a/gosa-si/modules/SIPackages.pm +++ b/gosa-si/modules/SIPackages.pm @@ -12,40 +12,45 @@ use GOSA::GosaSupportDaemon; use IO::Socket::INET; use XML::Simple; use Data::Dumper; +use NetAddr::IP; use Net::LDAP; -use Socket qw/PF_INET SOCK_DGRAM inet_ntoa sockaddr_in/; +use Socket; +use Net::hostent; + +my $event_dir = "/usr/lib/gosa-si/server/events"; +use lib "/usr/lib/gosa-si/server/events"; BEGIN{} END {} -my ($known_clients_file_name); -my ($server_activ, $server_ip, $server_mac_address, $server_port, $server_passwd, $max_clients, $ldap_uri, $ldap_base, $ldap_admin_dn, $ldap_admin_password); -my ($bus_activ, $bus_passwd, $bus_ip, $bus_port); +my ($server_ip, $server_port, $SIPackages_key, $max_clients, $ldap_uri, $ldap_base, $ldap_admin_dn, $ldap_admin_password, $server_interface); +my ($bus_activ, $bus_key, $bus_ip, $bus_port); my $server; +my $event_hash; my $network_interface; my $no_bus; my (@ldap_cfg, @pam_cfg, @nss_cfg, $goto_admin, $goto_secret); - - -my %cfg_defaults = -( -"server" => - {"server_activ" => [\$server_activ, "on"], - "server_ip" => [\$server_ip, "0.0.0.0"], - "server_mac_address" => [\$server_mac_address, ""], - "server_port" => [\$server_port, "20081"], - "server_passwd" => [\$server_passwd, ""], - "max_clients" => [\$max_clients, 100], - "ldap_uri" => [\$ldap_uri, ""], - "ldap_base" => [\$ldap_base, ""], - "ldap_admin_dn" => [\$ldap_admin_dn, ""], - "ldap_admin_password" => [\$ldap_admin_password, ""], +my $mesg; + +my %cfg_defaults = ( +"bus" => { + "activ" => [\$bus_activ, "on"], + "key" => [\$bus_key, ""], + "ip" => [\$bus_ip, ""], + "port" => [\$bus_port, "20080"], }, -"bus" => - {"bus_activ" => [\$bus_activ, "on"], - "bus_passwd" => [\$bus_passwd, ""], - "bus_ip" => [\$bus_ip, ""], - "bus_port" => [\$bus_port, "20080"], +"server" => { + "ip" => [\$server_ip, "0.0.0.0"], + "mac-address" => [\$main::server_mac_address, "00:00:00:00:00"], + "port" => [\$server_port, "20081"], + "ldap-uri" => [\$ldap_uri, ""], + "ldap-base" => [\$ldap_base, ""], + "ldap-admin-dn" => [\$ldap_admin_dn, ""], + "ldap-admin-password" => [\$ldap_admin_password, ""], + "max-clients" => [\$max_clients, 100], + }, +"SIPackages" => { + "key" => [\$SIPackages_key, ""], }, ); @@ -54,16 +59,97 @@ my %cfg_defaults = # read configfile and import variables &read_configfile(); -# detect interfaces and mac address + +# if server_ip is not an ip address but a name +if( inet_aton($server_ip) ){ $server_ip = inet_ntoa(inet_aton($server_ip)); } $network_interface= &get_interface_for_ip($server_ip); -$server_mac_address= &get_mac($network_interface); +$main::server_mac_address= &get_mac($network_interface); -# complete addresses -if( $server_ip eq "0.0.0.0" ) { - $server_ip = "127.0.0.1"; +&import_events(); + +# Unit tag can be defined in config +if((not defined($main::gosa_unit_tag)) || length($main::gosa_unit_tag) == 0) { + # Read gosaUnitTag from LDAP + + my $ldap_handle = &main::get_ldap_handle(); + if( defined($ldap_handle) ) { + &main::daemon_log("INFO: Searching for servers gosaUnitTag with mac address $main::server_mac_address",5); + # Perform search for Unit Tag + $mesg = $ldap_handle->search( + base => $ldap_base, + scope => 'sub', + attrs => ['gosaUnitTag'], + filter => "(macaddress=$main::server_mac_address)" + ); + + if ($mesg->count == 1) { + my $entry= $mesg->entry(0); + my $unit_tag= $entry->get_value("gosaUnitTag"); + $main::ldap_server_dn= $mesg->entry(0)->dn; + if(defined($unit_tag) && length($unit_tag) > 0) { + &main::daemon_log("INFO: Detected gosaUnitTag $unit_tag for creating entries", 5); + $main::gosa_unit_tag= $unit_tag; + } + } else { + # Perform another search for Unit Tag + my $hostname= `hostname -f`; + chomp($hostname); + &main::daemon_log("INFO: Searching for servers gosaUnitTag with hostname $hostname",5); + $mesg = $ldap_handle->search( + base => $ldap_base, + scope => 'sub', + attrs => ['gosaUnitTag'], + filter => "(&(cn=$hostname)(objectClass=goServer))" + ); + if ($mesg->count == 1) { + my $entry= $mesg->entry(0); + my $unit_tag= $entry->get_value("gosaUnitTag"); + $main::ldap_server_dn= $mesg->entry(0)->dn; + if(defined($unit_tag) && length($unit_tag) > 0) { + &main::daemon_log("INFO: Detected gosaUnitTag $unit_tag for creating entries", 5); + $main::gosa_unit_tag= $unit_tag; + } + } else { + # Perform another search for Unit Tag + $hostname= `hostname -s`; + chomp($hostname); + &main::daemon_log("INFO: Searching for servers gosaUnitTag with hostname $hostname",5); + $mesg = $ldap_handle->search( + base => $ldap_base, + scope => 'sub', + attrs => ['gosaUnitTag'], + filter => "(&(cn=$hostname)(objectClass=goServer))" + ); + if ($mesg->count == 1) { + my $entry= $mesg->entry(0); + my $unit_tag= $entry->get_value("gosaUnitTag"); + $main::ldap_server_dn= $mesg->entry(0)->dn; + if(defined($unit_tag) && length($unit_tag) > 0) { + &main::daemon_log("INFO: Detected gosaUnitTag $unit_tag for creating entries", 5); + $main::gosa_unit_tag= $unit_tag; + } + } else { + &main::daemon_log("WARNING: No gosaUnitTag detected. Not using gosaUnitTag", 3); + } + } + } + } else { + &main::daemon_log("INFO: Using gosaUnitTag from config-file: $main::gosa_unit_tag",5); + } } + + my $server_address = "$server_ip:$server_port"; +$main::server_address = $server_address; + + +if( inet_aton($bus_ip) ){ $bus_ip = inet_ntoa(inet_aton($bus_ip)); } +###################################################### +# to change +if( $bus_ip eq "127.0.1.1" ) { $bus_ip = "127.0.0.1" } +###################################################### my $bus_address = "$bus_ip:$bus_port"; +$main::bus_address = $bus_address; # create general settings for this module my $xml = new XML::Simple(); @@ -76,15 +162,23 @@ if($bus_activ eq "on") { ®ister_at_bus(); } +# add myself to known_server_db +my $res = $main::known_server_db->add_dbentry( {table=>'known_server', + primkey=>['hostname'], + hostname=>$server_address, + status=>'myself', + hostkey=>$SIPackages_key, + timestamp=>&get_time, + } ); + + + ### functions ################################################################# sub get_module_info { my @info = ($server_address, - $server_passwd, - $server, - $server_activ, - "socket", + $SIPackages_key, ); return \@info; } @@ -157,7 +251,7 @@ sub get_interface_for_ip { } else { foreach (@ifs) { my $if=$_; - if(get_ip($if) eq $ip) { + if(&main::get_ip($if) eq $ip) { $result = $if; } } @@ -213,8 +307,8 @@ sub get_mac { my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list # A configured MAC Address should always override a guessed value - if ($server_mac_address and length($server_mac_address) > 0) { - $result= $server_mac_address; + if ($main::server_mac_address and length($main::server_mac_address) > 0) { + $result= $main::server_mac_address; } socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip') @@ -234,34 +328,6 @@ sub get_mac { return $result; } -#=== FUNCTION ================================================================ -# NAME: get_ip -# PARAMETERS: interface name (i.e. eth0) -# RETURNS: (ip address) -# DESCRIPTION: Uses ioctl to get ip address directly from system. -#=============================================================================== -sub get_ip { - my $ifreq= shift; - my $result= ""; - my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list - my $proto= getprotobyname('ip'); - - socket SOCKET, PF_INET, SOCK_DGRAM, $proto - or die "socket: $!"; - - if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) { - my ($if, $sin) = unpack 'a16 a16', $ifreq; - my ($port, $addr) = sockaddr_in $sin; - my $ip = inet_ntoa $addr; - - if ($ip && length($ip) > 0) { - $result = $ip; - } - } - - return $result; -} - #=== FUNCTION ================================================================ # NAME: register_at_bus @@ -273,21 +339,46 @@ sub register_at_bus { # add bus to known_server_db my $res = $main::known_server_db->add_dbentry( {table=>'known_server', - primkey=>'hostname', + primkey=>['hostname'], hostname=>$bus_address, status=>'bus', - hostkey=>$bus_passwd, + hostkey=>$bus_key, timestamp=>&get_time, } ); my $msg_hash = &create_xml_hash("here_i_am", $server_address, $bus_address); - my $answer = ""; - $answer = &send_msg_hash2address($msg_hash, $bus_address, $bus_passwd); - if ($answer == 0) { - &main::daemon_log("register at bus: $bus_address", 1); - } else { - &main::daemon_log("unable to send 'register'-msg to bus '$bus_address': $answer", 1); + my $msg = &create_xml_string($msg_hash); + + &main::send_msg_to_target($msg, $bus_address, $bus_key, "here_i_am"); + return $msg; +} + + +sub import_events { + if (not -e $event_dir) { + &main::daemon_log("S ERROR: cannot find directory or directory is not readable: $event_dir", 1); + } + opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n"; + + while (defined (my $event = readdir (DIR))) { + if( $event eq "." || $event eq ".." ) { next; } + if( $event eq "gosaTriggered.pm" ) { next; } # only GOsa specific events + + eval{ require $event; }; + if( $@ ) { + &main::daemon_log("import of event module '$event' failed", 1); + &main::daemon_log("$@", 8); + next; + } + + $event =~ /(\S*?).pm$/; + my $event_module = $1; + my $events_l = eval( $1."::get_events()") ; + foreach my $event_name (@{$events_l}) { + $event_hash->{$event_name} = $event_module; + } + my $events_string = join( ", ", @{$events_l}); + &main::daemon_log("S DEBUG: SIPackages imported events $events_string", 8); } - return; } @@ -298,91 +389,76 @@ sub register_at_bus { # DESCRIPTION: handels the proceeded distribution to the appropriated functions #=============================================================================== sub process_incoming_msg { - my ($msg, $msg_hash) = @_ ; + my ($msg, $msg_hash, $session_id) = @_ ; my $error = 0; my $host_name; my $host_key; - my @out_msg_l; + my @out_msg_l = ("nohandler"); # process incoming msg my $header = @{$msg_hash->{header}}[0]; - my $source = @{$msg_hash->{source}}[0]; my @target_l = @{$msg_hash->{target}}; - &main::daemon_log("SIPackages: msg to process: $header", 3); - &main::daemon_log("$msg", 8); + # skip PREFIX + $header =~ s/^CLMSG_//; + + &main::daemon_log("$session_id DEBUG: SIPackages: msg to process: $header", 7); if( 0 == length @target_l){ - &main::daemon_log("ERROR: no target specified for msg $header", 1); + &main::daemon_log("$session_id ERROR: no target specified for msg $header", 1); $error++; } if( 1 == length @target_l) { my $target = $target_l[0]; - if( $target eq $server_address ) { - if ($header eq 'new_passwd') { @out_msg_l = &new_passwd($msg_hash) } - elsif ($header eq 'here_i_am') { @out_msg_l = &here_i_am($msg_hash) } - elsif ($header eq 'who_has') { @out_msg_l = &who_has($msg_hash) } - elsif ($header eq 'who_has_i_do') { @out_msg_l = &who_has_i_do($msg_hash) } - elsif ($header eq 'got_ping') { @out_msg_l = &got_ping($msg_hash)} - elsif ($header eq 'get_load') { @out_msg_l = &execute_actions($msg_hash)} - else { - &main::daemon_log("ERROR: $header is an unknown core funktion", 1); - $error++; + if(&server_matches($target)) { + + + if ($header eq 'new_key') { + @out_msg_l = &new_key($msg_hash) + } elsif ($header eq 'here_i_am') { + @out_msg_l = &here_i_am($msg, $msg_hash, $session_id) + } else { + if( exists $event_hash->{$header} ) { + # a event exists with the header as name + &main::daemon_log("$session_id INFO: found event '$header' at event-module '".$event_hash->{$header}."'", 5); + no strict 'refs'; + @out_msg_l = &{$event_hash->{$header}."::$header"}($msg, $msg_hash, $session_id); + } } + + # if delivery not possible raise error and return + if( not defined $out_msg_l[0] ) { + @out_msg_l = (); + } elsif( $out_msg_l[0] eq 'nohandler') { + &main::daemon_log("$session_id ERROR: SIPackages: no event handler or core function defined for '$header'", 1); + @out_msg_l = (); + } + } else { - &main::daemon_log("msg is not for gosa-si-server '$server_address', deliver it to target '$target'", 5); + &main::daemon_log("INFO: msg is not for gosa-si-server '$server_address', deliver it to target '$target'", 5); push(@out_msg_l, $msg); } } - if( $error == 0) { - if( 0 == @out_msg_l ) { - push(@out_msg_l, $msg); - } - } - return \@out_msg_l; } -#=== FUNCTION ================================================================ -# NAME: got_ping -# PARAMETERS: msg_hash - hash - hash from function create_xml_hash -# RETURNS: nothing -# DESCRIPTION: process this incoming message -#=============================================================================== -sub got_ping { - my ($msg_hash) = @_; - - my $source = @{$msg_hash->{source}}[0]; - my $target = @{$msg_hash->{target}}[0]; - my $header = @{$msg_hash->{header}}[0]; - - if(exists $main::known_daemons->{$source}) { - &main::add_content2known_daemons(hostname=>$source, status=>$header); - } else { - &main::add_content2known_clients(hostname=>$source, status=>$header); - } - - return; -} - - #=== FUNCTION ================================================================ # NAME: new_passwd # PARAMETERS: msg_hash - ref - hash from function create_xml_hash # RETURNS: nothing # DESCRIPTION: process this incoming message #=============================================================================== -sub new_passwd { +sub new_key { my ($msg_hash) = @_; my @out_msg_l; my $header = @{$msg_hash->{header}}[0]; my $source_name = @{$msg_hash->{source}}[0]; - my $source_key = @{$msg_hash->{new_passwd}}[0]; + my $source_key = @{$msg_hash->{new_key}}[0]; my $query_res; # check known_clients_db @@ -394,8 +470,7 @@ sub new_passwd { "SET hostkey='$source_key', timestamp='$act_time' ". "WHERE hostname='$source_name'"; my $res = $main::known_clients_db->update_dbentry( $sql_statement ); - - my $hash = &create_xml_hash("confirm_new_passwd", $server_address, $source_name); + my $hash = &create_xml_hash("confirm_new_key", $server_address, $source_name); my $out_msg = &create_xml_string($hash); push(@out_msg_l, $out_msg); } @@ -412,7 +487,7 @@ sub new_passwd { "WHERE hostname='$source_name'"; my $res = $main::known_server_db->update_dbentry( $sql_statement ); - my $hash = &create_xml_hash("confirm_new_passwd", $server_address, $source_name); + my $hash = &create_xml_hash("confirm_new_key", $server_address, $source_name); my $out_msg = &create_xml_string($hash); push(@out_msg_l, $out_msg); } @@ -429,12 +504,13 @@ sub new_passwd { # DESCRIPTION: process this incoming message #=============================================================================== sub here_i_am { - my ($msg_hash) = @_; + my ($msg, $msg_hash, $session_id) = @_; my @out_msg_l; my $out_hash; my $source = @{$msg_hash->{source}}[0]; my $mac_address = @{$msg_hash->{mac_address}}[0]; + my $gotoHardwareChecksum = @{$msg_hash->{gotoHardwareChecksum}}[0]; # number of known clients my $nu_clients= $main::known_clients_db->count_dbentries('known_clients'); @@ -444,16 +520,16 @@ sub here_i_am { my $db_res= $main::known_clients_db->select_dbentry( $sql_statement ); if ( 1 == keys %{$db_res} ) { - &main::daemon_log("WARNING: $source is already known as a client", 1); - &main::daemon_log("WARNING: values for $source are being overwritten", 1); + &main::daemon_log("$session_id WARNING: $source is already known as a client", 1); + &main::daemon_log("$session_id WARNING: values for $source are being overwritten", 1); $nu_clients --; } # number of actual activ clients my $act_nu_clients = $nu_clients; - &main::daemon_log("number of actual activ clients: $act_nu_clients", 5); - &main::daemon_log("number of maximal allowed clients: $max_clients", 5); + &main::daemon_log("$session_id INFO: number of actual activ clients: $act_nu_clients", 5); + &main::daemon_log("$session_id INFO: number of maximal allowed clients: $max_clients", 5); if($max_clients <= $act_nu_clients) { my $out_hash = &create_xml_hash("denied", $server_address, $source); @@ -471,25 +547,24 @@ sub here_i_am { # add entry to known_clients_db + my $act_timestamp = &get_time; my $res = $main::known_clients_db->add_dbentry( {table=>'known_clients', - primkey=>'hostname', + primkey=>['hostname'], hostname=>$source, events=>$events, macaddress=>$mac_address, status=>'registered', hostkey=>$new_passwd, - timestamp=>&get_time, + timestamp=>$act_timestamp, } ); if ($res != 0) { - &main::daemon_log("ERROR: cannot add entry to known_clients: $res"); + &main::daemon_log("$session_id ERROR: cannot add entry to known_clients: $res"); return; } # return acknowledgement to client $out_hash = &create_xml_hash("registered", $server_address, $source); - my $register_out = &create_xml_string($out_hash); - push(@out_msg_l, $register_out); # notify registered client to bus if( $bus_activ eq "on") { @@ -500,17 +575,39 @@ sub here_i_am { # send update msg to bus $out_hash = &create_xml_hash("new_client", $server_address, $bus_address, $source); + &add_content2xml_hash($out_hash, "macaddress", $mac_address); + &add_content2xml_hash($out_hash, "timestamp", $act_timestamp); my $new_client_out = &create_xml_string($out_hash); push(@out_msg_l, $new_client_out); - &main::daemon_log("send bus msg that client '$source' has registerd at server '$server_address'", 3); + &main::daemon_log("$session_id INFO: send bus msg that client '$source' has registered at server '$server_address'", 5); } # give the new client his ldap config - my $new_ldap_config_out = &new_ldap_config($source); - if( $new_ldap_config_out ) { - push(@out_msg_l, $new_ldap_config_out); + # Workaround: Send within the registration response, if the client will get an ldap config later + my $new_ldap_config_out = &new_ldap_config($source, $session_id); + if($new_ldap_config_out && (!($new_ldap_config_out =~ /error/))) { + &add_content2xml_hash($out_hash, "ldap_available", "true"); + } elsif($new_ldap_config_out && $new_ldap_config_out =~ /error/){ + &add_content2xml_hash($out_hash, "error", $new_ldap_config_out); + + my $sql_statement = "UPDATE $main::job_queue_tn ". + "SET status='error', result='$new_ldap_config_out' ". + "WHERE status='processing' AND macaddress LIKE '$mac_address'"; + my $res = $main::job_db->update_dbentry($sql_statement); + &main::daemon_log("$session_id DEBUG: $sql_statement RESULT: $res", 7); + } + my $register_out = &create_xml_string($out_hash); + push(@out_msg_l, $register_out); + + # Really send the ldap config + if( $new_ldap_config_out && (!($new_ldap_config_out =~ /error/))) { + push(@out_msg_l, $new_ldap_config_out); } + my $hardware_config_out = &hardware_config($msg, $msg_hash, $session_id); + if( $hardware_config_out ) { + push(@out_msg_l, $hardware_config_out); + } return @out_msg_l; } @@ -524,6 +621,7 @@ sub here_i_am { #=============================================================================== sub who_has { my ($msg_hash) = @_ ; + my @out_msg_l; # what is your search pattern my $search_pattern = @{$msg_hash->{who_has}}[0]; @@ -545,11 +643,12 @@ sub who_has { # search was successful if (defined $host_address) { my $source = @{$msg_hash->{source}}[0]; - my $out_msg = &create_xml_hash("who_has_i_do", $server_address, $source, "mac_address"); - &add_content2xml_hash($out_msg, "mac_address", $search_element); - &send_msg_hash2address($out_msg, $bus_address); + my $out_hash = &create_xml_hash("who_has_i_do", $server_address, $source, "mac_address"); + &add_content2xml_hash($out_hash, "mac_address", $search_element); + my $out_msg = &create_xml_string($out_hash); + push(@out_msg_l, $out_msg); } - return; + return @out_msg_l; } @@ -566,159 +665,301 @@ sub who_has_i_do { #=== FUNCTION ================================================================ # NAME: new_ldap_config # PARAMETERS: address - string - ip address and port of a host -# RETURNS: nothing +# RETURNS: gosa-si conform message # DESCRIPTION: send to address the ldap configuration found for dn gotoLdapServer #=============================================================================== sub new_ldap_config { - my ($address) = @_ ; - - my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$address'"; - my $res = $main::known_clients_db->select_dbentry( $sql_statement ); + my ($address, $session_id) = @_ ; - # check hit - my $hit_counter = keys %{$res}; - if( not $hit_counter == 1 ) { - &main::daemon_log("ERROR: more or no hit found in known_clients_db by query by '$address'", 1); - } + my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$address' OR macaddress LIKE '$address'"; + my $res = $main::known_clients_db->select_dbentry( $sql_statement ); - my $macaddress = $res->{1}->{macaddress}; - my $hostkey = $res->{1}->{hostkey}; + # check hit + my $hit_counter = keys %{$res}; + if( not $hit_counter == 1 ) { + &main::daemon_log("$session_id ERROR: more or no hit found in known_clients_db by query by '$address'", 1); + } - if (not defined $macaddress) { - &main::daemon_log("ERROR: no mac address found for client $address", 1); - return; - } + $address = $res->{1}->{hostname}; + my $macaddress = $res->{1}->{macaddress}; + my $hostkey = $res->{1}->{hostkey}; - # Build LDAP connection - my $ldap = Net::LDAP->new($ldap_uri); - if( not defined $ldap ) { - &main::daemon_log("ERROR: cannot connect to ldap: $ldap_uri", 1); - return; - } - - - # Bind to a directory with dn and password - my $mesg= $ldap->bind($ldap_admin_dn, $ldap_admin_password); - - # Perform search - $mesg = $ldap->search( base => $ldap_base, - scope => 'sub', - attrs => ['dn', 'gotoLdapServer'], - filter => "(&(objectClass=GOhard)(macaddress=$macaddress))"); - $mesg->code && die $mesg->error; - - # Sanity check - if ($mesg->count != 1) { - &main::daemon_log("WARNING: client mac address $macaddress not found/not unique in ldap search", 1); - &main::daemon_log("\tbase: $ldap_base", 1); - &main::daemon_log("\tscope: sub", 1); - &main::daemon_log("\tattrs: dn, gotoLdapServer", 1); - &main::daemon_log("\tfilter: (&(objectClass=GOhard)(macaddress=$macaddress))", 1); - return; - } + if (not defined $macaddress) { + &main::daemon_log("$session_id ERROR: no mac address found for client $address", 1); + return; + } - my $entry= $mesg->entry(0); - my $dn= $entry->dn; - my @servers= $entry->get_value("gotoLdapServer"); - my @ldap_uris; - my $server; - my $base; - - # Do we need to look at an object class? - if (length(@servers) < 1){ - $mesg = $ldap->search( base => $ldap_base, - scope => 'sub', - attrs => ['dn', 'gotoLdapServer'], - filter => "(&(objectClass=gosaGroupOfNames)(member=$dn))"); - $mesg->code && die $mesg->error; - - # Sanity check - if ($mesg->count != 1) { - &main::daemon_log("WARNING: no LDAP information found for client mac $macaddress", 1); - return; - } - - $entry= $mesg->entry(0); - $dn= $entry->dn; - @servers= $entry->get_value("gotoLdapServer"); - } + # Build LDAP connection + my $ldap_handle = &main::get_ldap_handle($session_id); + if( not defined $ldap_handle ) { + &main::daemon_log("$session_id ERROR: cannot connect to ldap: $ldap_uri", 1); + return; + } + + # Perform search + $mesg = $ldap_handle->search( base => $ldap_base, + scope => 'sub', + attrs => ['dn', 'gotoLdapServer', 'gosaUnitTag', 'FAIclass'], + filter => "(&(objectClass=GOhard)(macaddress=$macaddress)(gotoLdapServer=*))"); + #$mesg->code && die $mesg->error; + if($mesg->code) { + &main::daemon_log("$session_id ".$mesg->error, 1); + return; + } - @servers= sort (@servers); + # Sanity check + if ($mesg->count != 1) { + &main::daemon_log("$session_id WARNING: client with mac address $macaddress not found/unique/active - not sending ldap config". + "\n\tbase: $ldap_base". + "\n\tscope: sub". + "\n\tattrs: dn, gotoLdapServer". + "\n\tfilter: (&(objectClass=GOhard)(macaddress=$macaddress)(gotoLdapServer=*))", 1); + return; + } - foreach $server (@servers){ - $base= $server; - $server =~ s%^[^:]+:[^:]+:(ldap.*://[^/]+)/.*$%$1%; - $base =~ s%^[^:]+:[^:]+:ldap.*://[^/]+/(.*)$%$1%; - push (@ldap_uris, $server); - } + my $entry= $mesg->entry(0); + my $dn= $entry->dn; + my @servers= $entry->get_value("gotoLdapServer"); + my $unit_tag= $entry->get_value("gosaUnitTag"); + my @ldap_uris; + my $server; + my $base; + my $release; + + # Fill release if available + my $FAIclass= $entry->get_value("FAIclass"); + if (defined $FAIclass && $FAIclass =~ /^.* :([A-Za-z0-9\/.]+).*$/) { + $release= $1; + } - # Unbind - $mesg = $ldap->unbind; + # Do we need to look at an object class? + if (length(@servers) < 1){ + $mesg = $ldap_handle->search( base => $ldap_base, + scope => 'sub', + attrs => ['dn', 'gotoLdapServer', 'FAIclass'], + filter => "(&(objectClass=gosaGroupOfNames)(member=$dn))"); + #$mesg->code && die $mesg->error; + if($mesg->code) { + &main::daemon_log("$session_id ".$mesg->error, 1); + return; + } - # Assemble data package - my %data = ( 'ldap_uri' => \@ldap_uris, 'ldap_base' => $base, - 'ldap_cfg' => \@ldap_cfg, 'pam_cfg' => \@pam_cfg,'nss_cfg' => \@nss_cfg ); + # Sanity check + if ($mesg->count != 1) { + &main::daemon_log("$session_id WARNING: no LDAP information found for client mac $macaddress", 1); + return; + } - # Need to append GOto settings? - if (defined $goto_admin and defined $goto_secret){ - $data{'goto_admin'}= $goto_admin; - $data{'goto_secret'}= $goto_secret; - } + $entry= $mesg->entry(0); + $dn= $entry->dn; + @servers= $entry->get_value("gotoLdapServer"); + + if (not defined $release){ + $FAIclass= $entry->get_value("FAIclass"); + if (defined $FAIclass && $FAIclass =~ /^.* :([A-Za-z0-9\/.]+).*$/) { + $release= $1; + } + } + } + + @servers= sort (@servers); + + foreach $server (@servers){ + # Conversation for backward compatibility + if (not $server =~ /^\d+:[^:]+:ldap[^:]*:\/\// ) { + if ($server =~ /^([^:]+):([^:]+)$/ ) { + $server= "1:dummy:ldap://$1/$2"; + } elsif ($server =~ /^(\d+):([^:]+):(.*)$/ ) { + $server= "$1:dummy:ldap://$2/$3"; + } + } + + $base= $server; + $server =~ s%^[^:]+:[^:]+:(ldap.*://[^/]+)/.*$%$1%; + $base =~ s%^[^:]+:[^:]+:ldap.*://[^/]+/(.*)$%$1%; + push (@ldap_uris, $server); + } - # Send information - return send_msg("new_ldap_config", $server_address, $address, \%data, $hostkey); + # Assemble data package + my %data = ( 'ldap_uri' => \@ldap_uris, 'ldap_base' => $base, + 'ldap_cfg' => \@ldap_cfg, 'pam_cfg' => \@pam_cfg,'nss_cfg' => \@nss_cfg ); + if (defined $release){ + $data{'release'}= $release; + } + + # Need to append GOto settings? + if (defined $goto_admin and defined $goto_secret){ + $data{'goto_admin'}= $goto_admin; + $data{'goto_secret'}= $goto_secret; + } + + # Append unit tag if needed + if (defined $unit_tag){ + + # Find admin base and department name + $mesg = $ldap_handle->search( base => $ldap_base, + scope => 'sub', + attrs => ['dn', 'ou'], + filter => "(&(objectClass=gosaAdministrativeUnit)(gosaUnitTag=$unit_tag))"); + #$mesg->code && die $mesg->error; + if($mesg->code) { + &main::daemon_log($mesg->error, 1); + return "error-unit-tag-count-0"; + } + + # Sanity check + if ($mesg->count != 1) { + &main::daemon_log("WARNING: cannot find administrative unit for client with tag $unit_tag", 1); + return "error-unit-tag-count-".$mesg->count; + } + + $entry= $mesg->entry(0); + $data{'admin_base'}= $entry->dn; + $data{'department'}= $entry->get_value("ou"); + + # Append unit Tag + $data{'unit_tag'}= $unit_tag; + } + + # Send information + return &build_msg("new_ldap_config", $server_address, $address, \%data); } #=== FUNCTION ================================================================ -# NAME: execute_actions -# PARAMETERS: msg_hash - hash - hash from function create_xml_hash -# RETURNS: nothing -# DESCRIPTION: invokes the script specified in msg_hash which is located under -# /etc/gosad/actions +# NAME: hardware_config +# PARAMETERS: address - string - ip address and port of a host +# RETURNS: +# DESCRIPTION: #=============================================================================== -sub execute_actions { - my ($msg_hash) = @_ ; - my $configdir= '/etc/gosad/actions/'; - my $result; +sub hardware_config { + my ($msg, $msg_hash, $session_id) = @_ ; + my $address = @{$msg_hash->{source}}[0]; + my $header = @{$msg_hash->{header}}[0]; + my $gotoHardwareChecksum = @{$msg_hash->{gotoHardwareChecksum}}[0]; + + my $sql_statement= "SELECT * FROM known_clients WHERE hostname='$address'"; + my $res = $main::known_clients_db->select_dbentry( $sql_statement ); + + # check hit + my $hit_counter = keys %{$res}; + if( not $hit_counter == 1 ) { + &main::daemon_log("$session_id ERROR: more or no hit found in known_clients_db by query by '$address'", 1); + } + my $macaddress = $res->{1}->{macaddress}; + my $hostkey = $res->{1}->{hostkey}; - my $header = @{$msg_hash->{header}}[0]; - my $source = @{$msg_hash->{source}}[0]; - my $target = @{$msg_hash->{target}}[0]; - - if((not defined $source) - && (not defined $target) - && (not defined $header)) { - &main::daemon_log("ERROR: Entries missing in XML msg for gosad actions under /etc/gosad/actions"); - } else { - my $parameters=""; - my @params = @{$msg_hash->{$header}}; - my $params = join(", ", @params); - &main::daemon_log("execute_actions: got parameters: $params", 5); - - if (@params) { - foreach my $param (@params) { - my $param_value = (&get_content_from_xml_hash($msg_hash, $param))[0]; - &main::daemon_log("execute_actions: parameter -> value: $param -> $param_value", 7); - $parameters.= " ".$param_value; - } - } + if (not defined $macaddress) { + &main::daemon_log("$session_id ERROR: no mac address found for client $address", 1); + return; + } - my $cmd= $configdir.$header."$parameters"; - &main::daemon_log("execute_actions: executing cmd: $cmd", 7); - $result= ""; - open(PIPE, "$cmd 2>&1 |"); - while() { - $result.=$_; - } - close(PIPE); - } + # Build LDAP connection + my $ldap_handle = &main::get_ldap_handle($session_id); + if( not defined $ldap_handle ) { + &main::daemon_log("$session_id ERROR: cannot connect to ldap: $ldap_uri", 1); + return; + } + + # Perform search + $mesg = $ldap_handle->search( + base => $ldap_base, + scope => 'sub', + filter => "(&(objectClass=GOhard)(|(macAddress=$macaddress)(dhcpHWaddress=ethernet $macaddress)))" + ); + + if($mesg->count() == 0) { + &main::daemon_log("Host was not found in LDAP!", 1); + + # set status = hardware_detection at jobqueue if entry exists + my $func_dic = {table=>$main::job_queue_tn, + primkey=>['id'], + timestamp=>&get_time, + status=>'processing', + result=>'none', + progress=>'hardware-detection', + headertag=>'trigger_action_reinstall', + targettag=>$address, + xmlmessage=>'none', + macaddress=>$macaddress, + }; + my $hd_res = $main::job_db->add_dbentry($func_dic); + &main::daemon_log("$session_id INFO: add '$macaddress' to job queue as an installing job", 5); + + } else { + my $entry= $mesg->entry(0); + my $dn= $entry->dn; + if (defined($entry->get_value("gotoHardwareChecksum"))) { + if (! $entry->get_value("gotoHardwareChecksum") eq $gotoHardwareChecksum) { + $entry->replace(gotoHardwareChecksum => $gotoHardwareChecksum); + if($entry->update($ldap_handle)) { + &main::daemon_log("$session_id INFO: Hardware changed! Detection triggered.", 5); + } + } else { + # Nothing to do + return; + } + } + } - # process the event result + # Assemble data package + my %data = (); + # Need to append GOto settings? + if (defined $goto_admin and defined $goto_secret){ + $data{'goto_admin'}= $goto_admin; + $data{'goto_secret'}= $goto_secret; + } - return; + # Send information + return &build_msg("detect_hardware", $server_address, $address, \%data); } +sub server_matches { + my $target = shift; + my $target_ip = sprintf("%s", $target =~ /^([0-9\.]*?):.*$/); + my $result = 0; + + if($server_ip eq $target_ip) { + $result= 1; + } elsif ($target_ip eq "0.0.0.0") { + $result= 1; + } elsif ($server_ip eq "0.0.0.0") { + if ($target_ip eq "127.0.0.1") { + $result= 1; + } else { + my $PROC_NET_ROUTE= ('/proc/net/route'); + + open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE") + or die "Could not open $PROC_NET_ROUTE"; + + my @ifs = ; + + close(PROC_NET_ROUTE); + + # Eat header line + shift @ifs; + chomp @ifs; + foreach my $line(@ifs) { + my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line); + my $destination; + my $mask; + my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination); + $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); + ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask); + $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); + if(new NetAddr::IP($target_ip)->within(new NetAddr::IP($destination, $mask))) { + # destination matches route, save mac and exit + $result= 1; + last; + } + } + } + } else { + &main::daemon_log("Target ip $target_ip does not match Server ip $server_ip",1); + } + + return $result; +} 1;