a >h@s>ddlZddlmZddlmZmZmZGdddeeZdS)Nglob)PluginIndependentPlugin PluginOptc@s@eZdZdZdZdZeddddgZdd Zd d Z d d Z dS)SshzSecure shell serviceZssh)ZservicesZsecuritysystemidentity userconfsFz5Changes whether module will collect user .ssh configs)defaultZdesccCsL|dddgd}|||||dr>||ddS)NZ sshd_configZ ssh_config)z/etc/ssh/sshd_config$z/etc/ssh/ssh_config$)z/etc/ssh/ssh_configz/etc/ssh/sshd_configz/etc/ssh/sshd_config.d/*r zsshd -T)Z add_file_tags add_copy_specincluded_configsZ get_optionuser_ssh_files_permissionsZadd_cmd_output)selfsshcfgsr:/usr/lib/python3.9/site-packages/sos/report/plugins/ssh.pysetups   z Ssh.setupc Cszdddd|DD}|D]}|dd}t||ddd^}|D]H}t|d ksJ|d rjqJ|d rJ|}|j|d |d qJWdq1s0YqWntyYn0dS)z Include subconfig files cSsg|]}|D]}|q qSrr).0filesfrrr :sz(Ssh.included_configs..cSsg|]}t|ddqS)T) recursiver)rZcopyspecrrrr;s/rUTF-8encodingr#Zinclude)tagsN)splitopen path_joinlen startswithlowerr Exception)rrZcfgfilesZsshcfgtagZcfgfilelineZconfargrrrr 6s( 8 zSsh.included_configsc Cst}i}zXtdddd6}|D] }|dd\}}|||<q"Wdn1sX0YWnty|dYdS0hd }|D]J}|j|vr||j|vr|d |jd q||jd } | | qdS) z Iterate over .ssh folders in user homes to see their permissions. Bad permissions can prevent SSH from allowing access to given user. z /proc/mountsrrrr NzCouldn't read /proc/mounts>ZautofsnfsZnfs4zSkipping capture in z because it's a remote directoryz.ssh) pwdgetpwallr#r"r(Z _log_errorpw_dirZ _log_infor$Zadd_dir_listing) rZ users_dataZ fs_mount_infoZ mounts_filer*Zfs_fileZ fs_vstypeZ non_local_fsuserZhome_dirrrrrNs*,     zSsh.user_ssh_files_permissionsN) __name__ __module__ __qualname__Z short_descZ plugin_nameZprofilesrZ option_listrr rrrrrrsr)r-rZsos.report.pluginsrrrrrrrr s