![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6d8cc67)
raw | patch | inline | side by side (parent: 6d8cc67)
| author | rettenbe <rettenbe@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Fri, 6 Mar 2009 15:13:21 +0000 (15:13 +0000) | ||
| committer | rettenbe <rettenbe@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Fri, 6 Mar 2009 15:13:21 +0000 (15:13 +0000) |
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@13507 594d385d-05f5-0310-b6e9-bd551577e9d8
index 7e19a8b18dcdbd1f0e37d3e2f8dd2b0e94cddc56..fea4ffece196dbe9b5ce87e853eece432ac55171 100644 (file)
-package corefunctions;
-use Exporter;
-@ISA = qw(Exporter);
-my @events = (
- "get_events",
- "registered",
- 'new_syslog_config',
- "new_ntp_config",
- "new_ldap_config",
- "new_key",
- "generate_hw_digest", # no implementations
- "detect_hardware",
- "confirm_new_key",
- "ping",
- "import_events", # no implementations
- );
-@EXPORT = @events;
-
-use strict;
-use warnings;
-use Data::Dumper;
-use Fcntl;
-use GOSA::GosaSupportDaemon;
-use File::Basename;
-
-my ($ldap_enabled, $offline_enabled, $ldap_config, $pam_config, $nss_config, $fai_logpath);
-
-my $chrony_file = "/etc/chrony/chrony.conf";
-my $syslog_file = "/etc/syslog.conf";
-
-my %cfg_defaults = (
- "client" => {
- "ldap" => [\$ldap_enabled, 1],
- "offline-ldap" => [\$offline_enabled, 0],
- "ldap-config" => [\$ldap_config, "/etc/ldap/ldap.conf"],
- "pam-config" => [\$pam_config, "/etc/pam_ldap.conf"],
- "nss-config" => [\$nss_config, "/etc/libnss-ldap.conf"],
- "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"],
- },
-);
-
-BEGIN {}
-
-END {}
-
-### Start ######################################################################
-
-&main::read_configfile($main::cfg_file, %cfg_defaults);
-
-
-my $server_address = $main::server_address;
-my $server_key = $main::server_key;
-my $client_mac_address = $main::client_mac_address;
-
-sub write_to_file {
- my ($string, $file) = @_;
- my $error = 0;
-
- if( not defined $file || not -f $file ) {
- &main::daemon_log("ERROR: $0: check '-f file' failed: $file", 1);
- $error++;
- }
- if( not defined $string || 0 == length($string)) {
- &main::daemon_log("ERROR: $0: empty string to write to file '$file'", 1);
- $error++;
- }
-
- if( $error == 0 ) {
-
- chomp($string);
-
- if( not -f $file ) {
- open (FILE, "$file");
- close(FILE);
- }
- open(FILE, ">> $file") or &main::daemon_log("ERROR in corefunctions.pm: can not open '$file' to write '$string'", 1);;
- print FILE $string."\n";
- close(FILE);
- }
-
- return;
-}
-
-
-sub get_events {
- return \@events;
-}
-
-sub daemon_log {
- my ($msg, $level) = @_ ;
- &main::daemon_log($msg, $level);
- return;
-}
-
-sub registered {
- my ($msg, $msg_hash) = @_ ;
-
- my $header = @{$msg_hash->{'header'}}[0];
- if( $header eq "registered" ) {
- my $source = @{$msg_hash->{'source'}}[0];
- &main::daemon_log("INFO: registration at $source", 1);
- $main::server_address = $source;
- }
-
- # set globaly variable client_address
- my $target = @{$msg_hash->{'target'}}[0];
- $main::client_address = $target;
-
- # set registration_flag to true
- my $out_hash = &create_xml_hash("registered", $main::client_address, $main::server_address);
- # Write the MAC address to file
- if(stat($main::opts_file)) {
- unlink($main::opts_file);
- }
-
- my $opts_file_FH;
- my $hostname= $main::client_dnsname;
- $hostname =~ s/\..*$//;
- $hostname =~ tr/A-Z/a-z/;
- open($opts_file_FH, ">$main::opts_file");
- print $opts_file_FH "MAC=\"$main::client_mac_address\"\n";
- print $opts_file_FH "IPADDRESS=\"$main::client_ip\"\n";
- print $opts_file_FH "HOSTNAME=\"$hostname\"\n";
- print $opts_file_FH "FQDN=\"$main::client_dnsname\"\n";
- if(defined(@{$msg_hash->{'ldap_available'}}) &&
- @{$msg_hash->{'ldap_available'}}[0] eq "true") {
- print $opts_file_FH "LDAP_AVAILABLE=\"true\"\n";
- }
- if(defined(@{$msg_hash->{'error'}})) {
- my $errormsg= @{$msg_hash->{'error'}}[0];
- print $opts_file_FH "GOSA_SI_ERROR=\"$errormsg\"\n";
- &write_to_file($errormsg, $fai_logpath);
- }
- close($opts_file_FH);
-
- my $out_msg = &create_xml_string($out_hash);
- return $out_msg;
-}
-
-sub server_leaving {
- my ($msg_hash) = @_ ;
- my $source = @{$msg_hash->{'source'}}[0];
- my $header = @{$msg_hash->{'header'}}[0];
-
- daemon_log("gosa-si-server $source is going down, cause registration procedure", 1);
- $main::server_address = "none";
- $main::server_key = "none";
-
- # reinitialization of default values in config file
- &main::read_configfile;
-
- # registrated at new daemon
- &main::register_at_server();
-
- return;
-}
-
-
-## @method new_syslog_config
-# Update or add syslog messages forwarding to specified syslog server.
-# @param msg - STRING - xml message with tag server
-# @param msg_hash - HASHREF - message information parsed into a hash
-sub new_syslog_config {
- my ($msg, $msg_hash) = @_ ;
-
- # Sanity check of incoming message
- if ((not exists $msg_hash->{'server'}) || (not @{$msg_hash->{'server'}} == 1) ) {
- &main::daemon_log("ERROR: 'new_syslog_config'-message does not contain a syslog server: $msg", 1);
- return;
- }
-
- # Fetch the new syslog server from incoming message
- my $syslog_server = @{$msg_hash->{'server'}}[0];
- &main::daemon_log("INFO: found syslog server: ".join(", ", $syslog_server), 5);
- my $found_server_flag = 0;
-
- # Sanity check of /etc/syslog.conf
- if (not -f $syslog_file) {
- &main::daemon_log("ERROR: file '$syslog_file' does not exist, cannot do syslog reconfiguration!", 1);
- return;
- }
-
- # Substitute existing server with new syslog server
- open (FILE, "<$syslog_file");
- my @file = <FILE>;
- close FILE;
- my $syslog_server_line = "*.*\t@".$syslog_server."\n";
- foreach my $line (@file) {
- if ($line =~ /^\*\.\*\s+@/) {
- $line = $syslog_server_line;
- $found_server_flag++;
- }
- }
-
- # Append new server if no old server configuration found
- if (not $found_server_flag) {
- push(@file, "\n#\n# syslog server configuration written by GOsa-si\n#\n");
- push(@file, $syslog_server_line);
- }
-
- # Write changes to file and close it
- open (FILE, "+>$syslog_file");
- print FILE join("", @file);
- close FILE;
- &main::daemon_log("INFO: wrote new configuration file: $syslog_file", 5);
-
- # Restart syslog deamon
- my $res = qx(/etc/init.d/sysklogd restart);
- &main::daemon_log("INFO: restart syslog daemon: $res", 5);
-
- return;
-}
-
-
-## @method new_ntp_config
-# Updates the server options in /etc/chrony/chrony.conf and restarts the chrony service
-# @param msg - STRING - xml message with tag server
-# @param msg_hash - HASHREF - message information parsed into a hash
-sub new_ntp_config {
- my ($msg, $msg_hash) = @_ ;
-
- # Sanity check of incoming message
- if ((not exists $msg_hash->{'server'}) || (not @{$msg_hash->{'server'}} >= 1) ) {
- &main::daemon_log("ERROR: 'new_ntp_config'-message does not contain a ntp server: $msg", 1);
- return;
- }
-
- # Fetch the new ntp server from incoming message
- my $ntp_servers = $msg_hash->{'server'};
- &main::daemon_log("INFO: found ntp server: ".join(", ", @$ntp_servers), 5);
- my $ntp_servers_string = "server\t".join("\nserver\t", @$ntp_servers)."\n";
- my $found_server_flag = 0;
-
- # Sanity check of /etc/chrony/chrony.conf
- if (not -f $chrony_file) {
- &main::daemon_log("ERROR: file '$chrony_file' does not exist, cannot do ntp reconfiguration!", 1);
- return;
- }
-
- # Substitute existing server with new ntp server
- open (FILE, "<$chrony_file");
- my @file = <FILE>;
- close FILE;
- my @new_file;
- foreach my $line (@file) {
- if ($line =~ /^server\s+/) {
- if ($found_server_flag) {
- $line =~ s/^server\s+[\S]+\s+$//;
- } else {
- $line =~ s/^server\s+[\S]+\s+$/$ntp_servers_string/;
- }
- $found_server_flag++;
- }
- push(@new_file, $line);
- }
+ package corefunctions;
+ use Exporter;
+ @ISA = qw(Exporter);
+ my @events = (
+ "get_events",
+ "registered",
+ 'new_syslog_config',
+ "new_ntp_config",
+ "new_ldap_config",
+ "new_key",
+ "generate_hw_digest", # no implementations
+ "detect_hardware",
+ "confirm_new_key",
+ "ping",
+ "import_events", # no implementations
+ );
+ @EXPORT = @events;
+
+ use strict;
+ use warnings;
+ use Data::Dumper;
+ use Fcntl;
+ use GOSA::GosaSupportDaemon;
+ use File::Basename;
+
+ my ($ldap_enabled, $offline_enabled, $ldap_config, $pam_config, $nss_config, $fai_logpath);
+
+ my $chrony_file = "/etc/chrony/chrony.conf";
+ my $syslog_file = "/etc/syslog.conf";
+
+ my %cfg_defaults = (
+ "client" => {
+ "ldap" => [\$ldap_enabled, 1],
+ "offline-ldap" => [\$offline_enabled, 0],
+ "ldap-config" => [\$ldap_config, "/etc/ldap/ldap.conf"],
+ "pam-config" => [\$pam_config, "/etc/pam_ldap.conf"],
+ "nss-config" => [\$nss_config, "/etc/libnss-ldap.conf"],
+ "fai-logpath" => [\$fai_logpath, "/var/log/fai/fai.log"],
+ },
+ );
+
+ BEGIN {}
+
+ END {}
+
+ ### Start ######################################################################
+
+ &main::read_configfile($main::cfg_file, %cfg_defaults);
+
+
+ my $server_address = $main::server_address;
+ my $server_key = $main::server_key;
+ my $client_mac_address = $main::client_mac_address;
+
+ sub write_to_file {
+ my ($string, $file) = @_;
+ my $error = 0;
+
+ if( not defined $file || not -f $file ) {
+ &main::daemon_log("ERROR: $0: check '-f file' failed: $file", 1);
+ $error++;
+ }
+ if( not defined $string || 0 == length($string)) {
+ &main::daemon_log("ERROR: $0: empty string to write to file '$file'", 1);
+ $error++;
+ }
+
+ if( $error == 0 ) {
+
+ chomp($string);
+
+ if( not -f $file ) {
+ open (FILE, "$file");
+ close(FILE);
+ }
+ open(FILE, ">> $file") or &main::daemon_log("ERROR in corefunctions.pm: can not open '$file' to write '$string'", 1);;
+ print FILE $string."\n";
+ close(FILE);
+ }
+
+ return;
+ }
- # Append new server if no old server configuration found
- if (not $found_server_flag) {
- push(@new_file, "\n# ntp server configuration written by GOsa-si\n");
- push(@new_file, $ntp_servers_string);
- }
- # Write changes to file and close it
- open (FILE, ">$chrony_file");
- print FILE join("", @new_file);
- close FILE;
- &main::daemon_log("INFO: wrote new configuration file: $chrony_file", 5);
+ sub get_events {
+ return \@events;
+ }
- # Restart chrony deamon
- my $res = qx(/etc/init.d/chrony force-reload);
- &main::daemon_log("INFO: restart chrony daemon: $res", 5);
+ sub daemon_log {
+ my ($msg, $level) = @_ ;
+ &main::daemon_log($msg, $level);
+ return;
+ }
- return;
-}
+ sub registered {
+ my ($msg, $msg_hash) = @_ ;
+
+ my $header = @{$msg_hash->{'header'}}[0];
+ if( $header eq "registered" ) {
+ my $source = @{$msg_hash->{'source'}}[0];
+ &main::daemon_log("INFO: registration at $source", 1);
+ $main::server_address = $source;
+ }
+
+ # set globaly variable client_address
+ my $target = @{$msg_hash->{'target'}}[0];
+ $main::client_address = $target;
+
+ # set registration_flag to true
+ my $out_hash = &create_xml_hash("registered", $main::client_address, $main::server_address);
+ # Write the MAC address to file
+ if(stat($main::opts_file)) {
+ unlink($main::opts_file);
+ }
+
+ my $opts_file_FH;
+ my $hostname= $main::client_dnsname;
+ $hostname =~ s/\..*$//;
+ $hostname =~ tr/A-Z/a-z/;
+ sysopen($opts_file_FH, $main::opts_file, O_RDWR | O_CREAT | O_TRUNC , 0644);
+ print $opts_file_FH "MAC=\"$main::client_mac_address\"\n";
+ print $opts_file_FH "IPADDRESS=\"$main::client_ip\"\n";
+ print $opts_file_FH "HOSTNAME=\"$hostname\"\n";
+ print $opts_file_FH "FQDN=\"$main::client_dnsname\"\n";
+ if(defined(@{$msg_hash->{'ldap_available'}}) &&
+ @{$msg_hash->{'ldap_available'}}[0] eq "true") {
+ print $opts_file_FH "LDAP_AVAILABLE=\"true\"\n";
+ }
+ if(defined(@{$msg_hash->{'error'}})) {
+ my $errormsg= @{$msg_hash->{'error'}}[0];
+ print $opts_file_FH "GOSA_SI_ERROR=\"$errormsg\"\n";
+ &write_to_file($errormsg, $fai_logpath);
+ }
+ close($opts_file_FH);
+
+ my $out_msg = &create_xml_string($out_hash);
+ return $out_msg;
+ }
+ sub server_leaving {
+ my ($msg_hash) = @_ ;
+ my $source = @{$msg_hash->{'source'}}[0];
+ my $header = @{$msg_hash->{'header'}}[0];
+
+ daemon_log("gosa-si-server $source is going down, cause registration procedure", 1);
+ $main::server_address = "none";
+ $main::server_key = "none";
+
+ # reinitialization of default values in config file
+ &main::read_configfile;
+
+ # registrated at new daemon
+ &main::register_at_server();
+
+ return;
+ }
-sub new_ldap_config {
- my ($msg, $msg_hash) = @_ ;
- if( $ldap_enabled != 1 ) {
- return;
- }
+ ## @method new_syslog_config
+ # Update or add syslog messages forwarding to specified syslog server.
+ # @param msg - STRING - xml message with tag server
+ # @param msg_hash - HASHREF - message information parsed into a hash
+ sub new_syslog_config {
+ my ($msg, $msg_hash) = @_ ;
+
+ # Sanity check of incoming message
+ if ((not exists $msg_hash->{'server'}) || (not @{$msg_hash->{'server'}} == 1) ) {
+ &main::daemon_log("ERROR: 'new_syslog_config'-message does not contain a syslog server: $msg", 1);
+ return;
+ }
+
+ # Fetch the new syslog server from incoming message
+ my $syslog_server = @{$msg_hash->{'server'}}[0];
+ &main::daemon_log("INFO: found syslog server: ".join(", ", $syslog_server), 5);
+ my $found_server_flag = 0;
+
+ # Sanity check of /etc/syslog.conf
+ if (not -f $syslog_file) {
+ &main::daemon_log("ERROR: file '$syslog_file' does not exist, cannot do syslog reconfiguration!", 1);
+ return;
+ }
+
+ # Substitute existing server with new syslog server
+ open (FILE, "<$syslog_file");
+ my @file = <FILE>;
+ close FILE;
+ my $syslog_server_line = "*.*\t@".$syslog_server."\n";
+ foreach my $line (@file) {
+ if ($line =~ /^\*\.\*\s+@/) {
+ $line = $syslog_server_line;
+ $found_server_flag++;
+ }
+ }
+
+ # Append new server if no old server configuration found
+ if (not $found_server_flag) {
+ push(@file, "\n#\n# syslog server configuration written by GOsa-si\n#\n");
+ push(@file, $syslog_server_line);
+ }
+
+ # Write changes to file and close it
+ open (FILE, "+>$syslog_file");
+ print FILE join("", @file);
+ close FILE;
+ &main::daemon_log("INFO: wrote new configuration file: $syslog_file", 5);
+
+ # Restart syslog deamon
+ my $res = qx(/etc/init.d/sysklogd restart);
+ &main::daemon_log("INFO: restart syslog daemon: $res", 5);
+
+ return;
+ }
- my $element;
- my @ldap_uris;
- my $ldap_base;
- my @ldap_options;
- my @pam_options;
- my @nss_options;
- my $goto_admin;
- my $goto_secret;
- my $admin_base= "";
- my $department= "";
- my $release= "";
- my $unit_tag;
-
- # Transform input into array
- while ( my ($key, $value) = each(%$msg_hash) ) {
- if ($key =~ /^(source|target|header)$/) {
- next;
- }
-
- foreach $element (@$value) {
- if ($key =~ /^ldap_uri$/) {
- push (@ldap_uris, $element);
- next;
- }
- if ($key =~ /^ldap_base$/) {
- $ldap_base= $element;
- next;
- }
- if ($key =~ /^goto_admin$/) {
- $goto_admin= $element;
- next;
- }
- if ($key =~ /^goto_secret$/) {
- $goto_secret= $element;
- next;
- }
- if ($key =~ /^ldap_cfg$/) {
- push (@ldap_options, "$element");
- next;
- }
- if ($key =~ /^pam_cfg$/) {
- push (@pam_options, "$element");
- next;
- }
- if ($key =~ /^nss_cfg$/) {
- push (@nss_options, "$element");
- next;
- }
- if ($key =~ /^admin_base$/) {
- $admin_base= $element;
- next;
- }
- if ($key =~ /^department$/) {
- $department= $element;
- next;
- }
- if ($key =~ /^unit_tag$/) {
- $unit_tag= $element;
- next;
- }
- if ($key =~ /^release$/) {
- $release= $element;
- next;
- }
- }
- }
- # Unit tagging enabled?
- if (defined $unit_tag){
- push (@pam_options, "pam_filter gosaUnitTag=$unit_tag");
- push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag");
- push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag");
- }
+ ## @method new_ntp_config
+ # Updates the server options in /etc/chrony/chrony.conf and restarts the chrony service
+ # @param msg - STRING - xml message with tag server
+ # @param msg_hash - HASHREF - message information parsed into a hash
+ sub new_ntp_config {
+ my ($msg, $msg_hash) = @_ ;
+
+ # Sanity check of incoming message
+ if ((not exists $msg_hash->{'server'}) || (not @{$msg_hash->{'server'}} >= 1) ) {
+ &main::daemon_log("ERROR: 'new_ntp_config'-message does not contain a ntp server: $msg", 1);
+ return;
+ }
+
+ # Fetch the new ntp server from incoming message
+ my $ntp_servers = $msg_hash->{'server'};
+ &main::daemon_log("INFO: found ntp server: ".join(", ", @$ntp_servers), 5);
+ my $ntp_servers_string = "server\t".join("\nserver\t", @$ntp_servers)."\n";
+ my $found_server_flag = 0;
+
+ # Sanity check of /etc/chrony/chrony.conf
+ if (not -f $chrony_file) {
+ &main::daemon_log("ERROR: file '$chrony_file' does not exist, cannot do ntp reconfiguration!", 1);
+ return;
+ }
+
+ # Substitute existing server with new ntp server
+ open (FILE, "<$chrony_file");
+ my @file = <FILE>;
+ close FILE;
+ my @new_file;
+ foreach my $line (@file) {
+ if ($line =~ /^server\s+/) {
+ if ($found_server_flag) {
+ $line =~ s/^server\s+[\S]+\s+$//;
+ } else {
+ $line =~ s/^server\s+[\S]+\s+$/$ntp_servers_string/;
+ }
+ $found_server_flag++;
+ }
+ push(@new_file, $line);
+ }
+
+ # Append new server if no old server configuration found
+ if (not $found_server_flag) {
+ push(@new_file, "\n# ntp server configuration written by GOsa-si\n");
+ push(@new_file, $ntp_servers_string);
+ }
+
+ # Write changes to file and close it
+ open (FILE, ">$chrony_file");
+ print FILE join("", @new_file);
+ close FILE;
+ &main::daemon_log("INFO: wrote new configuration file: $chrony_file", 5);
+
+ # Restart chrony deamon
+ my $res = qx(/etc/init.d/chrony force-reload);
+ &main::daemon_log("INFO: restart chrony daemon: $res", 5);
+
+ return;
+ }
- # Setup ldap.conf
- my $file1;
- my $file2;
- open(file1, "> $ldap_config");
- print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
- print file1 "URI";
- foreach $element (@ldap_uris) {
- print file1 " $element";
- }
- print file1 "\nBASE $ldap_base\n";
- foreach $element (@ldap_options) {
- print file1 "$element\n";
- }
- close (file1);
- daemon_log("wrote $ldap_config", 5);
-
- # Setup pam_ldap.conf / libnss-ldap.conf
- open(file1, "> $pam_config");
- open(file2, "> $nss_config");
- print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
- print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n";
- print file1 "uri";
- print file2 "uri";
- foreach $element (@ldap_uris) {
- print file1 " $element";
- print file2 " $element";
- }
- print file1 "\nbase $ldap_base\n";
- print file2 "\nbase $ldap_base\n";
- foreach $element (@pam_options) {
- print file1 "$element\n";
- }
- foreach $element (@nss_options) {
- print file2 "$element\n";
- }
- close (file2);
- daemon_log("wrote $nss_config", 5);
- close (file1);
- daemon_log("wrote $pam_config", 5);
-
- # Create goto.secrets if told so - for compatibility reasons
- if (defined $goto_admin){
- open(file1, "> /etc/goto/secret");
- close(file1);
- chown(0,0, "/etc/goto/secret");
- chmod(0600, "/etc/goto/secret");
- open(file1, "> /etc/goto/secret");
- print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n";
- close(file1);
- daemon_log("wrote /etc/goto/secret", 5);
- }
- # Write shell based config
- my $cfg_name= "/etc/ldap/ldap-shell.conf";
+ sub new_ldap_config {
+ my ($msg, $msg_hash) = @_ ;
+
+ if( $ldap_enabled != 1 ) {
+ return;
+ }
+
+ my $element;
+ my @ldap_uris;
+ my $ldap_base;
+ my @ldap_options;
+ my @pam_options;
+ my @nss_options;
+ my $goto_admin;
+ my $goto_secret;
+ my $admin_base= "";
+ my $department= "";
+ my $release= "";
+ my $unit_tag;
+
+ # Transform input into array
+ while ( my ($key, $value) = each(%$msg_hash) ) {
+ if ($key =~ /^(source|target|header)$/) {
+ next;
+ }
+
+ foreach $element (@$value) {
+ if ($key =~ /^ldap_uri$/) {
+ push (@ldap_uris, $element);
+ next;
+ }
+ if ($key =~ /^ldap_base$/) {
+ $ldap_base= $element;
+ next;
+ }
+ if ($key =~ /^goto_admin$/) {
+ $goto_admin= $element;
+ next;
+ }
+ if ($key =~ /^goto_secret$/) {
+ $goto_secret= $element;
+ next;
+ }
+ if ($key =~ /^ldap_cfg$/) {
+ push (@ldap_options, "$element");
+ next;
+ }
+ if ($key =~ /^pam_cfg$/) {
+ push (@pam_options, "$element");
+ next;
+ }
+ if ($key =~ /^nss_cfg$/) {
+ push (@nss_options, "$element");
+ next;
+ }
+ if ($key =~ /^admin_base$/) {
+ $admin_base= $element;
+ next;
+ }
+ if ($key =~ /^department$/) {
+ $department= $element;
+ next;
+ }
+ if ($key =~ /^unit_tag$/) {
+ $unit_tag= $element;
+ next;
+ }
+ if ($key =~ /^release$/) {
+ $release= $element;
+ next;
+ }
+ }
+ }
+
+ # Unit tagging enabled?
+ if (defined $unit_tag){
+ push (@pam_options, "pam_filter gosaUnitTag=$unit_tag");
+ push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag");
+ push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag");
+ }
+
+ # Setup ldap.conf
+ my $file1;
+ my $file2;
+ open(file1, "> $ldap_config");
+ print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
+ print file1 "URI";
+ foreach $element (@ldap_uris) {
+ print file1 " $element";
+ }
+ print file1 "\nBASE $ldap_base\n";
+ foreach $element (@ldap_options) {
+ print file1 "$element\n";
+ }
+ close (file1);
+ daemon_log("wrote $ldap_config", 5);
+
+ # Setup pam_ldap.conf / libnss-ldap.conf
+ open(file1, "> $pam_config");
+ open(file2, "> $nss_config");
+ print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
+ print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n";
+ print file1 "uri";
+ print file2 "uri";
+ foreach $element (@ldap_uris) {
+ print file1 " $element";
+ print file2 " $element";
+ }
+ print file1 "\nbase $ldap_base\n";
+ print file2 "\nbase $ldap_base\n";
+ foreach $element (@pam_options) {
+ print file1 "$element\n";
+ }
+ foreach $element (@nss_options) {
+ print file2 "$element\n";
+ }
+ close (file2);
+ daemon_log("wrote $nss_config", 5);
+ close (file1);
+ daemon_log("wrote $pam_config", 5);
+
+ # Create goto.secrets if told so - for compatibility reasons
+ if (defined $goto_admin){
+ open(file1, "> /etc/goto/secret");
+ close(file1);
+ chown(0,0, "/etc/goto/secret");
+ chmod(0600, "/etc/goto/secret");
+ open(file1, "> /etc/goto/secret");
+ print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n";
+ close(file1);
+ daemon_log("wrote /etc/goto/secret", 5);
+ }
+
+ # Write shell based config
+ my $cfg_name= "/etc/ldap/ldap-shell.conf";
# Get first LDAP server
my $ldap_server= $ldap_uris[0];
daemon_log("wrote $cfg_name", 5);
}
+ # Set permissions and ownership structure of
+ chown(0, 0, $cfg_name);
+ chmod(0600, $cfg_name);
+
return;
}
diff --git a/gosa-si/gosa-si-client b/gosa-si/gosa-si-client
index 94b7c66f1cdad922a9a26c0df970debf0206259d..cf352ac42c86df9398af9bbd960aa18c2cfed2e2 100755 (executable)
--- a/gosa-si/gosa-si-client
+++ b/gosa-si/gosa-si-client
use XML::Simple;
use File::Basename;
use File::Spec;
+use Fcntl;
# Workaround: need pure perl to make it work with UTF-8 :-(
$XML::Simple::PREFERRED_PARSER= "XML::SAX::PurePerl";
my (%cfg_defaults, $foreground, $verbose, $pid_file, $procid, $pid, $log_file, $fai_logpath);
my ($server_ip, $server_port, $server_timeout, $server_domain, $server_key_lifetime);
my ($client_port, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
+my ($root_uid, $adm_gid);
my $xml;
my $event_hash;
my $default_server_key;
if(not defined $msg) { return }
if(not defined $level) { $level = 1 }
if(defined $log_file){
- open(LOG_HANDLE, ">>$log_file");
- if(not defined open( LOG_HANDLE, ">>$log_file" )) {
- print STDERR "cannot open $log_file: $!";
- return
- }
+ my $open_log_fh = sysopen(LOG_HANDLE, $log_file, O_WRONLY | O_CREAT | O_APPEND , 0440);
+ if(not $open_log_fh) {
+ print STDERR "cannot open $log_file: $!";
+ return;
+ }
+ # check owner and group of log_file and update settings if necessary
+ my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $mtime, $ctime, $blksize, $blocks) = stat($log_file);
+ if((not $uid eq $root_uid) || (not $gid eq $adm_gid)) {
+ chown($root_uid, $adm_gid, $log_file);
+ }
+
chomp($msg);
if($level <= $verbose){
my ($seconds, $minutes, $hours, $monthday, $month,
$client_status = "developmental" ;
}
-# Prepare log file
-my $root_uid = getpwnam('root');
-my $adm_gid = getgrnam('adm');
-chmod(0640, $log_file);
-chown($root_uid, $adm_gid, $log_file);
-
+# Determine root uid and adm gid, used for creating log files
+$root_uid = getpwnam('root');
+$adm_gid = getgrnam('adm');
+if(not defined $adm_gid){
+ $adm_gid = getgrnam('root');
+}
daemon_log(" ", 1);
daemon_log("$prg started!", 1);
diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server
index 3864ad237190ee8cdae34703979ba68da9d3d4fc..8043358cc1c25082903f00971639b0754a96b1ab 100755 (executable)
--- a/gosa-si/gosa-si-server
+++ b/gosa-si/gosa-si-server
if(not defined $msg) { return }
if(not defined $level) { $level = 1 }
if(defined $log_file){
- open(LOG_HANDLE, ">>$log_file");
- if(not defined open( LOG_HANDLE, ">>$log_file" )) {
+ my $open_log_fh = sysopen(LOG_HANDLE, $log_file, O_WRONLY | O_CREAT | O_APPEND , 0440);
+ if(not $open_log_fh) {
print STDERR "cannot open $log_file: $!";
- return
+ return;
+ }
+ # check owner and group of log_file and update settings if necessary
+ my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $mtime, $ctime, $blksize, $blocks) = stat($log_file);
+ if((not $uid eq $root_uid) || (not $gid eq $adm_gid)) {
+ chown($root_uid, $adm_gid, $log_file);
}
+
chomp($msg);
#$msg =~s/\n//g; # no newlines are allowed in log messages, this is important for later log parsing
if($level <= $verbose){
} else {
$server_status = "developmental" ;
}
-
-# Prepare log file
+# Prepare log file and set permissions
$root_uid = getpwnam('root');
$adm_gid = getgrnam('adm');
-chmod(0640, $log_file);
+open(FH, ">>$log_file");
+close FH;
+chmod(0440, $log_file);
chown($root_uid, $adm_gid, $log_file);
chown($root_uid, $adm_gid, "/var/lib/gosa-si");
# connect to gosa-si job queue
unlink($job_queue_file_name); ## just for debugging
$job_db = GOSA::DBsqlite->new($job_queue_file_name);
- chmod(0660, $job_queue_file_name);
+ chmod(0640, $job_queue_file_name);
chown($root_uid, $adm_gid, $job_queue_file_name);
# connect to known_clients_db
unlink($known_clients_file_name); ## just for debugging
$known_clients_db = GOSA::DBsqlite->new($known_clients_file_name);
- chmod(0660, $known_clients_file_name);
+ chmod(0640, $known_clients_file_name);
chown($root_uid, $adm_gid, $known_clients_file_name);
# connect to foreign_clients_db
unlink($foreign_clients_file_name);
$foreign_clients_db = GOSA::DBsqlite->new($foreign_clients_file_name);
- chmod(0660, $foreign_clients_file_name);
+ chmod(0640, $foreign_clients_file_name);
chown($root_uid, $adm_gid, $foreign_clients_file_name);
# connect to known_server_db
unlink($known_server_file_name);
$known_server_db = GOSA::DBsqlite->new($known_server_file_name);
- chmod(0660, $known_server_file_name);
+ chmod(0640, $known_server_file_name);
chown($root_uid, $adm_gid, $known_server_file_name);
# connect to login_usr_db
unlink($login_users_file_name);
$login_users_db = GOSA::DBsqlite->new($login_users_file_name);
- chmod(0660, $login_users_file_name);
+ chmod(0640, $login_users_file_name);
chown($root_uid, $adm_gid, $login_users_file_name);
# connect to fai_server_db
unlink($fai_server_file_name);
$fai_server_db = GOSA::DBsqlite->new($fai_server_file_name);
- chmod(0660, $fai_server_file_name);
+ chmod(0640, $fai_server_file_name);
chown($root_uid, $adm_gid, $fai_server_file_name);
# connect to fai_release_db
unlink($fai_release_file_name);
$fai_release_db = GOSA::DBsqlite->new($fai_release_file_name);
- chmod(0660, $fai_release_file_name);
+ chmod(0640, $fai_release_file_name);
chown($root_uid, $adm_gid, $fai_release_file_name);
# connect to packages_list_db
#unlink($packages_list_file_name);
unlink($packages_list_under_construction);
$packages_list_db = GOSA::DBsqlite->new($packages_list_file_name);
- chmod(0660, $packages_list_file_name);
+ chmod(0640, $packages_list_file_name);
chown($root_uid, $adm_gid, $packages_list_file_name);
# connect to messaging_db
unlink($messaging_file_name);
$messaging_db = GOSA::DBsqlite->new($messaging_file_name);
- chmod(0660, $messaging_file_name);
+ chmod(0640, $messaging_file_name);
chown($root_uid, $adm_gid, $messaging_file_name);
}
}
index c9ebc440f562bc4d91405895236e40f4125f6e9c..3751116584aa8f8a63a9bd4ed2bf6c6fa93f3a77 100644 (file)
open($self->{db_lock_handle}, ">>".($self->{db_lock})) unless ref $self->{db_lock_handle};
flock($self->{db_lock_handle},LOCK_EX);
seek($self->{db_lock_handle}, 0, 2);
+ chown($main::root_uid, $main::adm_gid, $self->{db_lock_handle});
+ chmod(0640, $self->{db_lock_handle});
}
index 0d3344db5034c95c7fadfd4ec247595c2c1e1073..8e230173842a89cc22199e23a55b7f18dd822cfe 100644 (file)
my ($log_file, $log_string) = split(":", $log);
my $client_fai_log_file = File::Spec->catfile( $client_fai_log_dir, $log_file);
- open(my $LOG_FILE, ">$client_fai_log_file");
- print $LOG_FILE &decode_base64($log_string);
- close($LOG_FILE);
+ open(my $LOG_FILE, ">$client_fai_log_file");
+ print $LOG_FILE &decode_base64($log_string);
+ close($LOG_FILE);
+ chown($main::root_uid, $main::adm_gid, $client_fai_log_file);
+ chmod(0440, $client_fai_log_file);
}
return;