From: rettenbe Date: Mon, 4 Feb 2008 14:53:53 +0000 (+0000) Subject: seperate gosa-si-core functions in importable modules X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=fea919dade32d26cedd58a29584dbe23612ca140;p=gosa.git seperate gosa-si-core functions in importable modules git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@8741 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/gosa-si/client.conf b/gosa-si/client.conf index 6827a7c8d..5359d59cd 100644 --- a/gosa-si/client.conf +++ b/gosa-si/client.conf @@ -5,6 +5,7 @@ pid_file = /var/run/gosa-si-client.pid [client] client_ip = 10.89.1.31 client_port = 20083 +client_mac_address = 00:01:6c:9d:b9:fa [server] server_ip = 127.0.0.1 diff --git a/gosa-si/client/events/corefunctions.pm b/gosa-si/client/events/corefunctions.pm new file mode 100644 index 000000000..babe60030 --- /dev/null +++ b/gosa-si/client/events/corefunctions.pm @@ -0,0 +1,390 @@ +package corefunctions; +use Exporter; +@ISA = qw(Exporter); +my @events = qw(get_events registered set_activated_for_installation new_ldap_config new_key generate_hw_digest detect_hardware); +@EXPORT = @events; + +use strict; +use warnings; +use Data::Dumper; +use Fcntl; +use GOSA::GosaSupportDaemon; +use File::Basename; + + +my ($ldap_enabled, $ldap_config, $pam_config, $nss_config); + + +my %cfg_defaults = ( + "client" => { + "ldap" => [\$ldap_enabled, 1], + "ldap_config" => [\$ldap_config, "/etc/ldap/ldap.conf"], + "pam_config" => [\$pam_config, "/etc/pam_ldap.conf"], + "nss_config" => [\$nss_config, "/etc/libnss_ldap.conf"], + }, +); + +BEGIN {} + +END {} + +### Start ###################################################################### + +&main::read_configfile($main::cfg_file, %cfg_defaults); + + +my $server_address = $main::server_address; +my $server_key = $main::server_key; +my $client_address = $main::client_address; +my $client_mac_address = $main::client_mac_address; + +sub get_events { + return \@events; +} + +sub daemon_log { + my ($msg, $level) = @_ ; + &main::daemon_log($msg, $level); + return; +} + + + +sub registered { + my ($msg, $msg_hash) = @_ ; + my $header = @{$msg_hash->{'header'}}[0]; + + if( $header eq "registered" ) { + my $source = @{$msg_hash->{'source'}}[0]; + &main::daemon_log("registration at $source",1); + } + + # set registration_flag to true + my $out_hash = &create_xml_hash("registered", $main::client_address, $main::server_address); + my $out_msg = &create_xml_string($out_hash); + return $out_msg; + +} + + +sub set_activated_for_installation { + my ($msg, $msg_hash) = @_ ; + my $header = @{$msg_hash->{'header'}}[0]; + my $target = @{$msg_hash->{'target'}}[0]; + my $source = @{$msg_hash->{'source'}}[0]; + + my $Datei = "/tmp/set_activated_for_installation"; + open(DATEI, ">$Datei"); + print DATEI "set_activated_for_installation\n"; + close DATEI; + + return; +} + + +sub server_leaving { + my ($msg_hash) = @_ ; + my $source = @{$msg_hash->{'source'}}[0]; + my $header = @{$msg_hash->{'header'}}[0]; + + daemon_log("gosa-si-server $source is going down, cause registration procedure", 1); + $main::server_address = "none"; + $main::server_key = "none"; + + # reinitialization of default values in config file + &main::read_configfile; + + # registrated at new daemon + &main::register_at_server(); + + return; +} + + +sub new_ldap_config { + my ($msg, $msg_hash) = @_ ; + + if( $ldap_enabled != 1 ) { + return; + } + + my $element; + my @ldap_uris; + my $ldap_base; + my @ldap_options; + my @pam_options; + my @nss_options; + my $goto_admin; + my $goto_secret; + my $admin_base= ""; + my $department= ""; + my $unit_tag; + + # Transform input into array + while ( my ($key, $value) = each(%$msg_hash) ) { + if ($key =~ /^(source|target|header)$/) { + next; + } + + foreach $element (@$value) { + if ($key =~ /^ldap_uri$/) { + push (@ldap_uris, $element); + next; + } + if ($key =~ /^ldap_base$/) { + $ldap_base= $element; + next; + } + if ($key =~ /^goto_admin$/) { + $goto_admin= $element; + next; + } + if ($key =~ /^goto_secret$/) { + $goto_secret= $element; + next; + } + if ($key =~ /^ldap_cfg$/) { + push (@ldap_options, "$element"); + next; + } + if ($key =~ /^pam_cfg$/) { + push (@pam_options, "$element"); + next; + } + if ($key =~ /^nss_cfg$/) { + push (@nss_options, "$element"); + next; + } + if ($key =~ /^admin_base$/) { + $admin_base= $element; + next; + } + if ($key =~ /^department$/) { + $department= $element; + next; + } + if ($key =~ /^unit_tag$/) { + $unit_tag= $element; + next; + } + } + } + + # Unit tagging enabled? + if (defined $unit_tag){ + push (@pam_options, "pam_filter gosaUnitTag=$unit_tag"); + push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag"); + push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag"); + } + + # Setup ldap.conf + my $file1; + my $file2; + open(file1, "> $ldap_config"); + print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n"; + print file1 "URI"; + foreach $element (@ldap_uris) { + print file1 " $element"; + } + print file1 "\nBASE $ldap_base\n"; + foreach $element (@ldap_options) { + print file1 "$element\n"; + } + close (file1); + daemon_log("wrote $ldap_config", 5); + + # Setup pam_ldap.conf / libnss_ldap.conf + open(file1, "> $pam_config"); + open(file2, "> $nss_config"); + print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n"; + print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n"; + print file1 "uri"; + print file2 "uri"; + foreach $element (@ldap_uris) { + print file1 " $element"; + print file2 " $element"; + } + print file1 "\nbase $ldap_base\n"; + print file2 "\nbase $ldap_base\n"; + foreach $element (@pam_options) { + print file1 "$element\n"; + } + foreach $element (@nss_options) { + print file2 "$element\n"; + } + close (file2); + daemon_log("wrote $nss_config", 5); + close (file1); + daemon_log("wrote $pam_config", 5); + + # Create goto.secrets if told so - for compatibility reasons + if (defined $goto_admin){ + open(file1, "> /etc/goto/secret"); + close(file1); + chown(0,0, "/etc/goto/secret"); + chmod(0600, "/etc/goto/secret"); + open(file1, "> /etc/goto/secret"); + print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n"; + close(file1); + daemon_log("wrote /etc/goto/secret", 5); + } + + + + # Write shell based config + my $cfg_name= dirname($ldap_config)."/ldap-shell.conf"; + open(file1, "> $cfg_name"); + print file1 "LDAP_BASE=\"$ldap_base\"\n"; + print file1 "ADMIN_BASE=\"$admin_base\"\n"; + print file1 "DEPARTMENT=\"$department\"\n"; + print file1 "UNIT_TAG=\"".(defined $unit_tag ? "$unit_tag" : "")."\"\n"; + print file1 "UNIT_TAG_FILTER=\"".(defined $unit_tag ? "(gosaUnitTag=$unit_tag)" : "")."\"\n"; + close(file1); + daemon_log("wrote $cfg_name", 5); + + return; + +} + +sub new_key { + # my ($msg_hash) = @_ ; + my $new_server_key = &create_passwd(); + + my $out_hash = &create_xml_hash("new_passwd", $client_address, $server_address, $new_server_key); + my $out_msg = &create_xml_string($out_hash); + #&send_msg_hash2address($out_hash, $server_address, $main::server_key); + $main::server_key = $new_server_key; + return $out_msg; +} + + + +sub detect_hardware { + my $hwinfo= `which hwinfo`; + chomp $hwinfo; + + if (!(defined($hwinfo) && length($hwinfo) > 0)) { + &main::daemon_log("ERROR: hwinfo was not found in \$PATH! Hardware detection will not work!", 1); + return; + } + + my $result= { + macAddress => $client_mac_address, + gotoXMonitor => "", + gotoXDriver => "", + gotoXMouseType => "", + gotoXMouseport => "", + gotoXkbModel => "", + gotoXHsync => "", + gotoXVsync => "", + gotoXResolution => "", + ghUsbSupport => "", + gotoSndModule => "", + ghGfxAdapter => "", + ghNetNic => "", + ghSoundAdapter => "", + ghMemSize => "", + ghCpuType => "", + gotoModules => [], + ghIdeDev => [], + ghScsiDev => [], + }; + + &main::daemon_log("Starting hardware detection", 4); + my $gfxcard= `$hwinfo --gfxcard`; + my $primary_adapter= $1 if $gfxcard =~ /^Primary display adapter:\s#(\d+)\n/m; + if(defined($primary_adapter)) { + ($result->{ghGfxAdapter}, $result->{gotoXDriver}) = ($1,$2) if + $gfxcard =~ /$primary_adapter:.*?Model:\s\"([^\"]*)\".*?Server Module:\s(\w*).*?\n\n/s; + } + my $monitor= `$hwinfo --monitor`; + my $primary_monitor= $1 if $monitor =~ /^(\d*):.*/m; + if(defined($primary_monitor)) { + ($result->{gotoXMonitor}, $result->{gotoXResolution}, $result->{gotoXVsync}, $result->{gotoXHsync})= ($1,$2,$3,$4) if + $monitor =~ /$primary_monitor:\s.*?Model:\s\"(.*?)\".*?Max\.\sResolution:\s([0-9x]*).*?Vert\.\sSync\sRange:\s([\d\-]*)\sHz.*?Hor\.\sSync\sRange:\s([\d\-]*)\skHz.*/s; + } + + if(length($result->{gotoXHsync}) == 0) { + # set default values + $result->{gotoXHsync} = "30+50"; + $result->{gotoXVsync} = "30+90"; + } + + my $mouse= `$hwinfo --mouse`; + my $primary_mouse= $1 if $mouse =~ /^(\d*):.*/m; + if(defined($primary_mouse)) { + ($result->{gotoXMouseport}, $result->{gotoXMouseType}) = ($1,$2) if + $mouse =~ /$primary_mouse:\s.*?Device\sFile:\s(.*?)\s.*?XFree86\sProtocol:\s(.*?)\n.*?/s; + } + + my $sound= `$hwinfo --sound`; + my $primary_sound= $1 if $sound =~ /^(\d*):.*/m; + if(defined($primary_sound)) { + ($result->{ghSoundAdapter}, $result->{gotoSndModule})= ($1,$2) if + $sound =~ /$primary_sound:\s.*?Model:\s\"(.*?)\".*?Driver\sModules:\s\"(.*?)\".*/s; + } + + my $netcard= `hwinfo --netcard`; + my $primary_netcard= $1 if $netcard =~ /^(\d*):.*/m; + if(defined($primary_netcard)) { + $result->{ghNetNic}= $1 if $netcard =~ /$primary_netcard:\s.*?Model:\s\"(.*?)\".*/s; + } + + my $keyboard= `hwinfo --keyboard`; + my $primary_keyboard= $1 if $keyboard =~ /^(\d*):.*/m; + if(defined($primary_keyboard)) { + $result->{gotoXkbModel}= $1 if $keyboard =~ /$primary_keyboard:\s.*?XkbModel:\s(.*?)\n.*/s; + } + + $result->{ghCpuType}= sprintf "%s / %s - %s", + `cat /proc/cpuinfo` =~ /.*?vendor_id\s+:\s(.*?)\n.*?model\sname\s+:\s(.*?)\n.*?cpu\sMHz\s+:\s(.*?)\n.*/s; + $result->{ghMemSize}= $1 if `cat /proc/meminfo` =~ /^MemTotal:\s+(.*?)\skB.*/s; + + my @gotoModules=(); + for my $line(`lsmod`) { + if (($line =~ /^Module.*$/) or ($line =~ /^snd.*$/)) { + next; + } else { + push @gotoModules, $1 if $line =~ /^(\w*).*$/ + } + } + my %seen = (); + + # Remove duplicates and save + push @{$result->{gotoModules}}, grep { ! $seen{$_} ++ } @gotoModules; + + $result->{ghUsbSupport} = (-d "/proc/bus/usb")?"true":"false"; + + foreach my $device(`hwinfo --ide` =~ /^.*?Model:\s\"(.*?)\".*$/mg) { + push @{$result->{ghIdeDev}}, $device; + } + + foreach my $device(`hwinfo --scsi` =~ /^.*?Model:\s\"(.*?)\".*$/mg) { + push @{$result->{ghScsiDev}}, $device; + } + + &main::daemon_log("Hardware detection done!", 4); + + return &send_msg_hash2address( + &create_xml_hash("detected_hardware", $client_address, $server_address, $result), + $server_address, + $server_key, + ); +} + + +sub ping { + my ($msg, $msg_hash) = @_ ; + my $header = @{$msg_hash->{'header'}}[0]; + my $source = @{$msg_hash->{'source'}}[0]; + my $target = @{$msg_hash->{'target'}}[0]; + + # switch target and source and send msg back + my $out_hash = &create_xml_hash("got_ping", $target, $source); + my $out_msg = &create_xml_string($out_hash); + return $out_msg; + +} + + +1; diff --git a/gosa-si/client/events/registered.pm b/gosa-si/client/events/registered.pm index fb3e751e2..d51d25194 100644 --- a/gosa-si/client/events/registered.pm +++ b/gosa-si/client/events/registered.pm @@ -38,6 +38,9 @@ sub registered { sub set_activated_for_installation { my ($msg, $msg_hash) = @_ ; + my $header = @{$msg_hash->{'header'}}[0]; + my $target = @{$msg_hash->{'target'}}[0]; + my $source = @{$msg_hash->{'source'}}[0]; my $Datei = "/tmp/set_activated_for_installation"; open(DATEI, ">$Datei"); diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server index 8280d8ad5..10e7d3ae3 100755 --- a/gosa-si/gosa-si-server +++ b/gosa-si/gosa-si-server @@ -734,6 +734,8 @@ sub client_input { } if( !$answer_l ) { $error++ }; + ######## + # answer if( $error == 0 ) { # for each answer in answer list diff --git a/gosa-si/new-gosa-si-client b/gosa-si/new-gosa-si-client deleted file mode 100755 index 1adf7dc88..000000000 --- a/gosa-si/new-gosa-si-client +++ /dev/null @@ -1,1124 +0,0 @@ -#!/usr/bin/perl -#=============================================================================== -# -# FILE: gosa-server -# -# USAGE: gosa-si-client -# -# DESCRIPTION: -# -# OPTIONS: --- -# REQUIREMENTS: libnetaddr-ip-perl -# BUGS: --- -# NOTES: -# AUTHOR: (Andreas Rettenberger), -# COMPANY: -# VERSION: 1.0 -# CREATED: 12.09.2007 08:54:41 CEST -# REVISION: --- -#=============================================================================== - -use strict; -use warnings; -use Getopt::Long; -use Config::IniFiles; -use POSIX; - -use POE qw(Component::Server::TCP); -use IO::Socket::INET; -use NetAddr::IP; -use Data::Dumper; -use Crypt::Rijndael; -use GOSA::GosaSupportDaemon; -use Digest::MD5 qw(md5_hex); -use MIME::Base64; -use XML::Simple; -#use Fcntl; -#use Sys::Syslog qw( :DEFAULT setlogsock); -#use File::Spec; -#use Cwd; - -my $event_dir = "/usr/lib/gosa-si/client/events"; -use lib "/usr/lib/gosa-si/client/events"; - -my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $procid, $pid, $log_file); -my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain); -my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config); -my $xml; -my $default_server_key; -my $event_hash; -my @servers; - -# globalise variables which are used in imported events -our $cfg_file; -our $server_address; -our $client_address; -our $server_key; - -# default variables -our $REGISTERED_FLAG = 1; - -%cfg_defaults = ( -"general" => - {"log_file" => [\$log_file, "/var/run/".$0.".log"], - "pid_file" => [\$pid_file, "/var/run/".$0.".pid"], - }, -"client" => - {"client_port" => [\$client_port, "20083"], - "client_ip" => [\$client_ip, "0.0.0.0"], - "client_mac_address" => [\$client_mac_address, "00:00:00:00:00:00:00"], - "ldap" => [\$ldap_enabled, 1], - "ldap_config" => [\$ldap_config, "/etc/ldap/ldap.conf"], - "pam_config" => [\$pam_config, "/etc/pam_ldap.conf"], - "nss_config" => [\$nss_config, "/etc/libnss_ldap.conf"], - }, -"server" => - {"server_ip" => [\$server_ip, "127.0.0.1"], - "server_port" => [\$server_port, "20081"], - "server_key" => [\$server_key, ""], - "server_timeout" => [\$server_timeout, 10], - "server_domain" => [\$server_domain, ""], - }, - -); - - -#=== FUNCTIONS = functions ===================================================== - -#=== FUNCTION ================================================================ -# NAME: check_cmdline_param -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub check_cmdline_param () { - my $err_config; - my $err_counter = 0; - if(not defined($cfg_file)) { - $cfg_file = "/etc/gosa-si/client.conf"; - if(! -r $cfg_file) { - $err_config = "please specify a config file"; - $err_counter += 1; - } - } - if( $err_counter > 0 ) { - &usage( "", 1 ); - if( defined( $err_config)) { print STDERR "$err_config\n"} - print STDERR "\n"; - exit( -1 ); - } -} - - -#=== FUNCTION ================================================================ -# NAME: read_configfile -# PARAMETERS: cfg_file - string - -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub read_configfile { - my ($cfg_file, %cfg_defaults) = @_ ; - my $cfg; - if( defined( $cfg_file) && ( length($cfg_file) > 0 )) { - if( -r $cfg_file ) { - $cfg = Config::IniFiles->new( -file => $cfg_file ); - } else { - print STDERR "Couldn't read config file!"; - } - } else { - $cfg = Config::IniFiles->new() ; - } - foreach my $section (keys %cfg_defaults) { - foreach my $param (keys %{$cfg_defaults{ $section }}) { - my $pinfo = $cfg_defaults{ $section }{ $param }; - ${@$pinfo[ 0 ]} = $cfg->val( $section, $param, @$pinfo[ 1 ] ); - } - } -} - - -#=== FUNCTION ================================================================ -# NAME: check_pid -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub check_pid { - $pid = -1; - # Check, if we are already running - if( open(LOCK_FILE, "<$pid_file") ) { - $pid = ; - if( defined $pid ) { - chomp( $pid ); - if( -f "/proc/$pid/stat" ) { - my($stat) = `cat /proc/$pid/stat` =~ m/$pid \((.+)\).*/; - if( $0 eq $stat ) { - close( LOCK_FILE ); - exit -1; - } - } - } - close( LOCK_FILE ); - unlink( $pid_file ); - } - - # create a syslog msg if it is not to possible to open PID file - if (not sysopen(LOCK_FILE, $pid_file, O_WRONLY|O_CREAT|O_EXCL, 0644)) { - my($msg) = "Couldn't obtain lockfile '$pid_file' "; - if (open(LOCK_FILE, '<', $pid_file) - && ($pid = )) - { - chomp($pid); - $msg .= "(PID $pid)\n"; - } else { - $msg .= "(unable to read PID)\n"; - } - if( ! ($foreground) ) { - openlog( $0, "cons,pid", "daemon" ); - syslog( "warning", $msg ); - closelog(); - } - else { - print( STDERR " $msg " ); - } - exit( -1 ); - } -} - - -#=== FUNCTION ================================================================ -# NAME: logging -# PARAMETERS: level - string - default 'info' -# msg - string - -# facility - string - default 'LOG_DAEMON' -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub daemon_log { - # log into log_file - my( $msg, $level ) = @_; - if(not defined $msg) { return } - if(not defined $level) { $level = 1 } - if(defined $log_file){ - open(LOG_HANDLE, ">>$log_file"); - if(not defined open( LOG_HANDLE, ">>$log_file" )) { - print STDERR "cannot open $log_file: $!"; - return } - chomp($msg); - if($level <= $verbose){ - my ($seconds, $minutes, $hours, $monthday, $month, - $year, $weekday, $yearday, $sommertime) = localtime(time); - $hours = $hours < 10 ? $hours = "0".$hours : $hours; - $minutes = $minutes < 10 ? $minutes = "0".$minutes : $minutes; - $seconds = $seconds < 10 ? $seconds = "0".$seconds : $seconds; - my @monthnames = ("Jan", "Feb", "Mar", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"); - $month = $monthnames[$month]; - $monthday = $monthday < 10 ? $monthday = "0".$monthday : $monthday; - $year+=1900; - my $name = $0; - $name =~ s/\.\///; - - my $log_msg = "$month $monthday $hours:$minutes:$seconds $name $msg\n"; - print LOG_HANDLE $log_msg; - if( $foreground ) { - print STDERR $log_msg; - } - } - close( LOG_HANDLE ); - } -#log into syslog -# my ($msg, $level, $facility) = @_; -# if(not defined $msg) {return} -# if(not defined $level) {$level = "info"} -# if(not defined $facility) {$facility = "LOG_DAEMON"} -# openlog($0, "pid,cons,", $facility); -# syslog($level, $msg); -# closelog; -# return; -} - - -#=== FUNCTION ================================================================ -# NAME: get_interfaces -# PARAMETERS: none -# RETURNS: (list of interfaces) -# DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces. -#=============================================================================== -sub get_interfaces { - my @result; - my $PROC_NET_DEV= ('/proc/net/dev'); - - open(PROC_NET_DEV, "<$PROC_NET_DEV") - or die "Could not open $PROC_NET_DEV"; - - my @ifs = ; - - close(PROC_NET_DEV); - - # Eat first two line - shift @ifs; - shift @ifs; - - chomp @ifs; - foreach my $line(@ifs) { - my $if= (split /:/, $line)[0]; - $if =~ s/^\s+//; - push @result, $if; - } - - return @result; -} - -#=== FUNCTION ================================================================ -# NAME: get_mac -# PARAMETERS: interface name (i.e. eth0) -# RETURNS: (mac address) -# DESCRIPTION: Uses ioctl to get mac address directly from system. -#=============================================================================== -sub get_mac { - my $ifreq= shift; - my $result; - if ($ifreq && length($ifreq) > 0) { - if($ifreq eq "all") { - if(defined($server_ip)) { - $result = &get_local_mac_for_remote_ip($server_ip); - } - elsif ($client_mac_address && length($client_mac_address) > 0){ - $result = &client_mac_address; - } - else { - $result = "00:00:00:00:00:00"; - } - } else { - my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list - - # A configured MAC Address should always override a guessed value - if ($client_mac_address and length($client_mac_address) > 0) { - $result= $client_mac_address; - } - else { - socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip') - or die "socket: $!"; - - if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) { - my ($if, $mac)= unpack 'h36 H12', $ifreq; - - if (length($mac) > 0) { - $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/; - $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6); - $result = $mac; - } - } - } - } - } - return $result; -} - - -#=== FUNCTION ================================================================ -# NAME: get_interface_for_ip -# PARAMETERS: ip address (i.e. 192.168.0.1) -# RETURNS: array: list of interfaces if ip=0.0.0.0, matching interface if found, undef else -# DESCRIPTION: Uses proc fs (/proc/net/dev) to get list of interfaces. -#=============================================================================== -sub get_interface_for_ip { - my $result; - my $ip= shift; - if ($ip && length($ip) > 0) { - my @ifs= &get_interfaces(); - if($ip eq "0.0.0.0") { - $result = "all"; - } else { - foreach (@ifs) { - my $if=$_; - if(get_ip($if) eq $ip) { - $result = $if; - last; - } - } - } - } - return $result; -} - - -#=== FUNCTION ================================================================ -# NAME: get_ip -# PARAMETERS: interface name (i.e. eth0) -# RETURNS: (ip address) -# DESCRIPTION: Uses ioctl to get ip address directly from system. -#=============================================================================== -sub get_ip { - my $ifreq= shift; - my $result= ""; - my $SIOCGIFADDR= 0x8915; # man 2 ioctl_list - my $proto= getprotobyname('ip'); - - socket SOCKET, PF_INET, SOCK_DGRAM, $proto - or die "socket: $!"; - - if(ioctl SOCKET, $SIOCGIFADDR, $ifreq) { - my ($if, $sin) = unpack 'a16 a16', $ifreq; - my ($port, $addr) = sockaddr_in $sin; - my $ip = inet_ntoa $addr; - - if ($ip && length($ip) > 0) { - $result = $ip; - } - } - - return $result; -} - - -#=== FUNCTION ================================================================ -# NAME: get_local_mac_for_remote_ip -# PARAMETERS: none (takes server_ip from global variable) -# RETURNS: (ip address from interface that is used for communication) -# DESCRIPTION: Uses ioctl to get routing table from system, checks which entry -# matches (defaultroute last). -#=============================================================================== -sub get_local_mac_for_remote_ip { - my $ifreq= shift; - my $result= "00:00:00:00:00:00"; - my $PROC_NET_ROUTE= ('/proc/net/route'); - - open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE") - or die "Could not open $PROC_NET_ROUTE"; - - my @ifs = ; - - close(PROC_NET_ROUTE); - - # Eat header line - shift @ifs; - chomp @ifs; - foreach my $line(@ifs) { - my ($Iface,$Destination,$Gateway,$Flags,$RefCnt,$Use,$Metric,$Mask,$MTU,$Window,$IRTT)=split(/\s/, $line); - my $destination; - my $mask; - my ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Destination); - $destination= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); - ($d,$c,$b,$a)=unpack('a2 a2 a2 a2', $Mask); - $mask= sprintf("%d.%d.%d.%d", hex($a), hex($b), hex($c), hex($d)); - if(new NetAddr::IP($server_ip)->within(new NetAddr::IP($destination, $mask))) { - # destination matches route, save mac and exit - $result= &get_mac($Iface); - last; - } - } - - - return $result; -} - - -sub new_ldap_config { - my ($msg_hash) = @_ ; - my $element; - my @ldap_uris; - my $ldap_base; - my @ldap_options; - my @pam_options; - my @nss_options; - my $goto_admin; - my $goto_secret; - my $admin_base= ""; - my $department= ""; - my $unit_tag; - - # Transform input into array - while ( my ($key, $value) = each(%$msg_hash) ) { - if ($key =~ /^(source|target|header)$/) { - next; - } - - foreach $element (@$value) { - if ($key =~ /^ldap_uri$/) { - push (@ldap_uris, $element); - next; - } - if ($key =~ /^ldap_base$/) { - $ldap_base= $element; - next; - } - if ($key =~ /^goto_admin$/) { - $goto_admin= $element; - next; - } - if ($key =~ /^goto_secret$/) { - $goto_secret= $element; - next; - } - if ($key =~ /^ldap_cfg$/) { - push (@ldap_options, "$element"); - next; - } - if ($key =~ /^pam_cfg$/) { - push (@pam_options, "$element"); - next; - } - if ($key =~ /^nss_cfg$/) { - push (@nss_options, "$element"); - next; - } - if ($key =~ /^admin_base$/) { - $admin_base= $element; - next; - } - if ($key =~ /^department$/) { - $department= $element; - next; - } - if ($key =~ /^unit_tag$/) { - $unit_tag= $element; - next; - } - } - } - - # Unit tagging enabled? - if (defined $unit_tag){ - push (@pam_options, "pam_filter gosaUnitTag=$unit_tag"); - push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag"); - push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag"); - } - - # Setup ldap.conf - my $file1; - my $file2; - open(file1, "> $ldap_config"); - print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n"; - print file1 "URI"; - foreach $element (@ldap_uris) { - print file1 " $element"; - } - print file1 "\nBASE $ldap_base\n"; - foreach $element (@ldap_options) { - print file1 "$element\n"; - } - close (file1); - daemon_log("wrote $ldap_config", 5); - - # Setup pam_ldap.conf / libnss_ldap.conf - open(file1, "> $pam_config"); - open(file2, "> $nss_config"); - print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n"; - print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n"; - print file1 "uri"; - print file2 "uri"; - foreach $element (@ldap_uris) { - print file1 " $element"; - print file2 " $element"; - } - print file1 "\nbase $ldap_base\n"; - print file2 "\nbase $ldap_base\n"; - foreach $element (@pam_options) { - print file1 "$element\n"; - } - foreach $element (@nss_options) { - print file2 "$element\n"; - } - close (file2); - daemon_log("wrote $nss_config", 5); - close (file1); - daemon_log("wrote $pam_config", 5); - - # Create goto.secrets if told so - for compatibility reasons - if (defined $goto_admin){ - open(file1, "> /etc/goto/secret"); - close(file1); - chown(0,0, "/etc/goto/secret"); - chmod(0600, "/etc/goto/secret"); - open(file1, "> /etc/goto/secret"); - print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n"; - close(file1); - daemon_log("wrote /etc/goto/secret", 5); - } - - - - # Write shell based config - my $cfg_name= dirname($ldap_config)."/ldap-shell.conf"; - open(file1, "> $cfg_name"); - print file1 "LDAP_BASE=\"$ldap_base\"\n"; - print file1 "ADMIN_BASE=\"$admin_base\"\n"; - print file1 "DEPARTMENT=\"$department\"\n"; - print file1 "UNIT_TAG=\"".(defined $unit_tag ? "$unit_tag" : "")."\"\n"; - print file1 "UNIT_TAG_FILTER=\"".(defined $unit_tag ? "(gosaUnitTag=$unit_tag)" : "")."\"\n"; - close(file1); - daemon_log("wrote $cfg_name", 5); - - return; - -} - - -sub create_passwd { - my $new_passwd = ""; - for(my $i=0; $i<31; $i++) { - $new_passwd .= ("a".."z","A".."Z",0..9)[int(rand(62))] - } - - return $new_passwd; -} - - -sub get_server_addresses { - my $domain= shift; - my @result; - my $dig_cmd= 'dig +nocomments srv _gosad._tcp.'.$domain; - - my $output= `$dig_cmd 2>&1`; - open (PIPE, "$dig_cmd 2>&1 |"); - while() { - chomp $_; - # If it's not a comment - if($_ =~ m/^[^;]/) { - my @matches= split /\s+/; - - # Push hostname with port - if($matches[3] eq 'SRV') { - push @result, $matches[7].':'.$matches[6]; - } elsif ($matches[3] eq 'A') { - my $i=0; - - # Substitute the hostname with the ip address of the matching A record - foreach my $host (@result) { - if ((split /\:/, $host)[0] eq $matches[0]) { - $result[$i]= $matches[4].':'.(split /\:/, $host)[1]; - } - $i++; - } - } - } - } - close(PIPE); - return @result; -} - - -##=== FUNCTION ================================================================ -## NAME: create_ciphering -## PARAMETERS: passwd - string - used to create ciphering -## RETURNS: cipher - object -## DESCRIPTION: creates a Crypt::Rijndael::MODE_CBC object with passwd as key -##=============================================================================== -#sub create_ciphering { -# my ($passwd) = @_; -# $passwd = substr(md5_hex("$passwd") x 32, 0, 32); -# my $iv = substr(md5_hex('GONICUS GmbH'),0, 16); -# -# #daemon_log("iv: $iv", 7); -# #daemon_log("key: $passwd", 7); -# my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC()); -# $my_cipher->set_iv($iv); -# return $my_cipher; -#} -# -# -#sub create_ciphering { -# my ($passwd) = @_; -# $passwd = substr(md5_hex("$passwd") x 32, 0, 32); -# my $iv = substr(md5_hex('GONICUS GmbH'),0, 16); -# my $my_cipher = Crypt::Rijndael->new($passwd , Crypt::Rijndael::MODE_CBC()); -# $my_cipher->set_iv($iv); -# return $my_cipher; -#} -# -# -#sub encrypt_msg { -# my ($msg, $key) = @_; -# my $my_cipher = &create_ciphering($key); -# { -# use bytes; -# $msg = "\0"x(16-length($msg)%16).$msg; -# } -# $msg = $my_cipher->encrypt($msg); -# chomp($msg = &encode_base64($msg)); -# # there are no newlines allowed inside msg -# $msg=~ s/\n//g; -# return $msg; -#} -# -# -#sub decrypt_msg { -# my ($msg, $key) = @_ ; -# $msg = &decode_base64($msg); -# my $my_cipher = &create_ciphering($key); -# $msg = $my_cipher->decrypt($msg); -# $msg =~ s/\0*//g; -# return $msg; -#} - - -#=== FUNCTION ================================================================ -# NAME: send_msg_hash2address -# PARAMETERS: msg_hash - hash - xml_hash created with function create_xml_hash -# PeerAddr string - socket address to send msg -# PeerPort string - socket port, if not included in socket address -# RETURNS: nothing -# DESCRIPTION: ???? -#=============================================================================== -sub send_msg_hash2address { - my ($msg_hash, $address, $passwd) = @_ ; - - # fetch header for logging - my $header = @{$msg_hash->{header}}[0]; - - # generate xml string - my $msg_xml = &create_xml_string($msg_hash); - - # encrypt xml msg - my $crypted_msg = &encrypt_msg($msg_xml, $passwd); - - # opensocket - my $socket = &open_socket($address); - if(not defined $socket){ - daemon_log("cannot send '$header'-msg to $address , server not reachable", 5); - return 1; - } - - # send xml msg - print $socket $crypted_msg."\n"; - - close $socket; - - daemon_log("send '$header'-msg to $address", 1); - daemon_log("message:\n$msg_xml", 8); - return 0; -} - - -sub send_msg_to_target { - my ($msg, $address, $encrypt_key, $msg_header) = @_ ; - my $error = 0; - - if( $msg_header ) { - $msg_header = "'$msg_header'-"; - } - else { - $msg_header = ""; - } - - # encrypt xml msg - my $crypted_msg = &encrypt_msg($msg, $encrypt_key); - - # opensocket - my $socket = &open_socket($address); - if( !$socket ) { - daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1); - $error++; - } - - if( $error == 0 ) { - # send xml msg - print $socket $crypted_msg."\n"; - - daemon_log("send ".$msg_header."msg to $address", 1); - daemon_log("message:\n$msg", 8); - - } - - # close socket in any case - if( $socket ) { - close $socket; - } - - return; -} - - -sub open_socket { - my ($PeerAddr, $PeerPort) = @_ ; - if(defined($PeerPort)){ - $PeerAddr = $PeerAddr.":".$PeerPort; - } - my $socket; - $socket = new IO::Socket::INET(PeerAddr => $PeerAddr, - Porto => "tcp", - Type => SOCK_STREAM, - Timeout => 5, - ); - if(not defined $socket) { - return; - } - &daemon_log("open_socket: $PeerAddr", 7); - return $socket; -} - - -#=== FUNCTION ================================================================ -# NAME: register_at_server -# PARAMETERS: -# RETURNS: -# DESCRIPTION: -#=============================================================================== -sub register_at_gosa_si_server { - my ($kernel) = $_[KERNEL]; - - if( $REGISTERED_FLAG == 1 ) { - - # create new passwd and ciphering object for client-server communication - $server_key = &create_passwd(); - - my $events = join( ", ", keys %{$event_hash} ); - - while(1) { - - # fetch first gosa-si-server from @servers - my $server = shift(@servers); - - if( !$server ) { - daemon_log("no gosa-si-server left in list of servers", 1); - daemon_log("unable to register at a gosa-si-server, force shutdown", 1); - exit(1); - } - - # create registration msg - my $register_hash = &create_xml_hash("here_i_am", $client_address, $server); - &add_content2xml_hash($register_hash, "new_passwd", $server_key); - &add_content2xml_hash($register_hash, "mac_address", $client_mac_address); - &add_content2xml_hash($register_hash, "events", $events); - - # send xml hash to server with general server passwd - my $res = &send_msg_hash2address($register_hash, $server, $default_server_key); -# if( $res == 1 ) { -# next; -# } -# - last; - } - daemon_log("waiting for msg 'register_at_gosa_si_server'",1); - $kernel->delay_set('register_at_gosa_si_server',2); - } - return; -} - - -# my ($rout, $wout, $reg_server); -# foreach my $server (@servers) { -# -# # create msg hash -# my $register_hash = &create_xml_hash("here_i_am", $client_address, $server); -# &add_content2xml_hash($register_hash, "new_passwd", $new_server_key); -# &add_content2xml_hash($register_hash, "mac_address", $client_mac_address); -# &add_content2xml_hash($register_hash, "events", $events); -# -# # send xml hash to server with general server passwd -# my $answer = &send_msg_hash2address($register_hash, $server, $server_passwd); -# -# if ($answer != 0) { next; } -# -# # waiting for response -# daemon_log("waiting for response...\n", 5); -# my $nf = select($rout=$rbits, $wout=$wbits, undef, $server_timeout); -# -# # something is coming in -# if(vec $rout, fileno $input_socket, 1) { -# my $crypted_msg; -# my $client = $input_socket->accept(); -# my $other_end = getpeername($client); -# if(not defined $other_end) { -# daemon_log("client cannot be identified: $!\n"); -# } else { -# my ($port, $iaddr) = unpack_sockaddr_in($other_end); -# my $actual_ip = inet_ntoa($iaddr); -# daemon_log("\naccept client from $actual_ip\n", 5); -# my $in_msg = &read_from_socket($client); -# if(defined $in_msg){ -# chomp($in_msg); -# $crypted_msg = $in_msg; -# } else { -# daemon_log("cannot read from $actual_ip\n", 5); -# } -# } -# close($client); -# -# # validate acknowledge msg from server -# $new_server_cipher = &create_ciphering($new_server_passwd); -# my $msg_hash; -# eval { -# my $decrypted_msg = &decrypt_msg($crypted_msg, $new_server_cipher); -# daemon_log("decrypted register msg: $decrypted_msg", 5); -# $msg_hash = $xml->XMLin($decrypted_msg, ForceArray=>1); -# }; -# if($@) { -# daemon_log("ERROR: do not understand the incoming message:" , 5); -# daemon_log("$@", 7); -# } else { -# my $header = @{$msg_hash->{header}}[0]; -# if($header eq "registered") { -# $reg_server = $server; -# last; -# } elsif($header eq "denied") { -# my $reason = (&get_content_from_xml_hash($msg_hash, "denied"))[0]; -# daemon_log("registration at $server denied: $reason", 1); -# } else { -# daemon_log("cannot register at $server", 1); -# } -# } -# } -# # if no answer arrive, try next server in list -# -# } -# -# if(defined $reg_server) { -# daemon_log("registered at $reg_server", 1); -# } else { -# daemon_log("cannot register at any server", 1); -# daemon_log("exiting!!!", 1); -# exit(1); -# } -# -# # update the global available variables -# $server_address = $reg_server; -# $server_passwd = $new_server_passwd; -# $server_cipher = $new_server_cipher; - - -# return; -#} - - - -sub check_key_and_xml_validity { - my ($crypted_msg, $module_key) = @_; -#print STDERR "crypted_msg:$crypted_msg\n"; -#print STDERR "modul_key:$module_key\n"; - - my $msg; - my $msg_hash; - eval{ - $msg = &decrypt_msg($crypted_msg, $module_key); - &main::daemon_log("decrypted_msg: \n$msg", 8); - - $msg_hash = $xml->XMLin($msg, ForceArray=>1); - - # check header - my $header_l = $msg_hash->{'header'}; - if( 1 != @{$header_l} ) { - die 'no or more headers specified'; - } - my $header = @{$header_l}[0]; - if( 0 == length $header) { - die 'header has length 0'; - } - - # check source - my $source_l = $msg_hash->{'source'}; - if( 1 != @{$source_l} ) { - die 'no or more sources specified'; - } - my $source = @{$source_l}[0]; - if( 0 == length $source) { - die 'source has length 0'; - } - - # check target - my $target_l = $msg_hash->{'target'}; - if( 1 != @{$target_l} ) { - die 'no or more targets specified '; - } - my $target = @{$target_l}[0]; - if( 0 == length $target) { - die 'target has length 0 '; - } - - }; - if($@) { - &main::daemon_log("WARNING: do not understand the message or msg is not gosa-si envelope conform:", 5); - &main::daemon_log("$@", 8); - } - - return ($msg, $msg_hash); -} - - -sub import_events { - - if (not -e $event_dir) { - daemon_log("ERROR: cannot find directory or directory is not readable: $event_dir", 1); - } - opendir (DIR, $event_dir) or die "ERROR while loading gosa-si-events from directory $event_dir : $!\n"; - - while (defined (my $event = readdir (DIR))) { - if( $event eq "." || $event eq ".." ) { next; } - - eval{ require $event; }; - if( $@ ) { - daemon_log("import of event module '$event' failed", 1); - daemon_log("$@", 8); - next; - } - - $event =~ /(\S*?).pm$/; - my $event_module = $1; - my $events_l = eval( $1."::get_events()") ; - foreach my $event_name (@{$events_l}) { - $event_hash->{$event_name} = $event_module; - } - - } -} - - -sub server_input { - my ($heap,$input,$wheel) = @_[HEAP, ARG0, ARG1]; - my $error = 0; - my $answer; - - daemon_log("Incoming msg:\n$input\n", 8); - - my ($msg, $msg_hash) = &check_key_and_xml_validity($input, $server_key); - if( (!$msg) || (!$msg_hash) ) { - daemon_log("Deciphering of incoming msg failed", 5); - $error++; - } - - ###################### - # process incoming msg - if( $error == 0 ) { - my $header = @{$msg_hash->{header}}[0]; - my $source = @{$msg_hash->{source}}[0]; - - if( exists $event_hash->{$header} ) { - # a event exists with the header as name - daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5); - no strict 'refs'; - $answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash); - } -# else { -# # maybe header is a core function -# daemon_log("WARNING: no event assigned to msg $header", 5); -# if ($header eq 'new_ldap_config') { if ($ldap_enabled == 1) {&new_ldap_config($msg_hash)}} -# elsif ($header eq 'ping') { &got_ping($msg_hash) } -# elsif ($header eq 'wake_up') { &execute_event($msg_hash)} -# elsif ($header eq 'new_passwd') { &new_passwd()} -# elsif ($header eq 'compute_hardware') { &compute_hardware() } -# else { daemon_log("ERROR: no core function assigned to msg $header", 5) } -# } - } - - ######## - # answer - if( $answer ) { - if( $answer =~ "
registered
") { - $REGISTERED_FLAG = 0; - } - else { - &send_msg_to_address($answer, $server_address, $server_key); - } - } - - return; -} - -#==== MAIN = main ============================================================== -# parse commandline options -Getopt::Long::Configure( "bundling" ); -GetOptions("h|help" => \&usage, - "c|config=s" => \$cfg_file, - "f|foreground" => \$foreground, - "v|verbose+" => \$verbose, - ); - -# read and set config parameters -&check_cmdline_param ; -&read_configfile($cfg_file, %cfg_defaults); -&check_pid; - - -# forward error messages to logfile -if ( ! $foreground ) { - open STDIN, '/dev/null' or die "Can’t read /dev/null: $!"; - open STDOUT, '>>/dev/null' or die "Can't write to /dev/null: $!"; - open STDERR, '>>/dev/null' or die "Can't write to /dev/null: $!"; -} - -# Just fork, if we are not in foreground mode -if( ! $foreground ) { - chdir '/' or die "Can't chdir to /: $!"; - $pid = fork; - setsid or die "Can't start a new session: $!"; - umask 0; -} -else { - $pid = $$; -} - -# Do something useful - put our PID into the pid_file -if( 0 != $pid ) { - open( LOCK_FILE, ">$pid_file" ); - print LOCK_FILE "$pid\n"; - close( LOCK_FILE ); - if( !$foreground ) { - exit( 0 ) - }; -} - -daemon_log(" ", 1); -daemon_log("$0 started!", 1); - -# delete old DBsqlite lock files -system('rm -f /tmp/gosa_si_lock*gosa-si-client*'); - - -# complete client_address -$client_address = $client_ip.":".$client_port; - - -# detect own ip and mac address -my $network_interface= &get_interface_for_ip($client_ip); -$client_mac_address= &get_mac($network_interface); -daemon_log("gosa-si-client ip address detected: $client_ip", 1); -daemon_log("gosa-si-client mac address detected: $client_mac_address", 1); - - -# import events -&import_events(); - - -# create socket for incoming xml messages -POE::Component::Server::TCP->new( - Alias => 'gosa-si-client', - Port => $client_port, - ClientInput => \&server_input, -); -daemon_log("start socket for incoming xml messages at port '$client_port' ", 1); - - -# prepare variables -if (defined $server_ip && defined $server_port) { - $server_address = $server_ip.":".$server_port; -} -$xml = new XML::Simple(); -$default_server_key = $server_key; - - -# find all possible gosa-si-servers in DNS -if (defined $server_domain) { - my @tmp_servers = &get_server_addresses($server_domain); - foreach my $server (@tmp_servers) { - unshift(@servers, $server); - } -} -# add gosa-si-server address from config file at first position of server list -if (defined $server_address) { - unshift(@servers, $server_address); -} -my $servers_string = join(", ", @servers); -daemon_log("found servers in configuration file and via DNS: $servers_string", 5); - - -POE::Session->create( - inline_states => { - _start => \®ister_at_gosa_si_server , - register_at_gosa_si_server => \®ister_at_gosa_si_server, - } -); - -POE::Kernel->run(); -exit; - diff --git a/gosa-si/server.conf b/gosa-si/server.conf index 1e0113660..5f22d234c 100644 --- a/gosa-si/server.conf +++ b/gosa-si/server.conf @@ -19,9 +19,9 @@ SIPackages_key = secret-server-password max_clients = 5 server_event_dir = /usr/lib/gosa-si/server/events ldap_uri = ldap://10.89.1.30 -ldap_base = dc=example,dc=com -ldap_admin_dn = cn=ldapadmin,dc=example,dc=com -ldap_admin_password = secret +ldap_base = o=Landeshauptstadt München,c=de +ldap_admin_dn = cn=ldapadmin,o=Landeshauptstadt München,c=de +ldap_admin_password = tester [arp] arp_activ = on