a G%@iëã@s>ddlZddlmZddlmZmZmZGdd„deeƒZdS)éN©Úglob)ÚPluginÚIndependentPluginÚ PluginOptc@s@eZdZdZdZdZeddddgZdd „Zd d „Z d d „Z dS)ÚSshzSecure shell serviceZssh)ZservicesZsecurityÚsystemÚidentityÚ userconfsFz5Changes whether module will collect user .ssh configs)ÚdefaultZdesccCsL| dddœ¡gd¢}| |¡| |¡| d¡r>| ¡| d¡dS)NZ sshd_configZ ssh_config)z/etc/ssh/sshd_config$z/etc/ssh/ssh_config$)z/etc/ssh/ssh_configz/etc/ssh/sshd_configz/etc/ssh/sshd_config.d/*r zsshd -T)Z add_file_tagsÚ add_copy_specÚincluded_configsZ get_optionÚuser_ssh_files_permissionsZadd_cmd_output)ÚselfÚsshcfgs©rú:/usr/lib/python3.9/site-packages/sos/report/plugins/ssh.pyÚsetupsþ   z Ssh.setupc CsÎz¶dd„dd„|DƒDƒ}|D]”}| d¡d}t| |¡ddd^}|D]H}t| ¡ƒd ksJ| d ¡rjqJ| ¡ d ¡rJ| ¡}|j|d |d qJWdƒq1s¨0YqWntyÈYn0dS)z Include subconfig files cSsg|]}|D]}|‘q qSrr)Ú.0ÚfilesÚfrrrÚ :sþz(Ssh.included_configs..cSsg|]}t|dd‘qS)T)Ú recursiver)rZcopyspecrrrr;sú/éÿÿÿÿÚrúUTF-8©Úencodingrú#Zincludeé)ÚtagsN)ÚsplitÚopenÚ path_joinÚlenÚ startswithÚlowerr Ú Exception)rrZcfgfilesZsshcfgÚtagZcfgfileÚlineZconfargrrrr 6s(ÿÿ ÿ8 zSsh.included_configsc Csàt ¡}i}zXtdddd6}|D] }| ¡dd…\}}|||<q"Wdƒn1sX0YWnty‚| d¡YdS0hd £}|D]J}|j|vrÂ||j|vrÂ| d |j›d ¡q| |jd ¡} |  | ¡qdS) z  Iterate over .ssh folders in user homes to see their permissions. Bad permissions can prevent SSH from allowing access to given user. z /proc/mountsrrrr éNzCouldn't read /proc/mounts>ZautofsÚnfsZnfs4zSkipping capture in z because it's a remote directoryz.ssh) ÚpwdÚgetpwallr#r"r(Z _log_errorÚpw_dirZ _log_infor$Zadd_dir_listing) rZ users_dataZ fs_mount_infoZ mounts_filer*Zfs_fileZ fs_vstypeZ non_local_fsÚuserZhome_dirrrrrNs*,    ÿ ÿzSsh.user_ssh_files_permissionsN) Ú__name__Ú __module__Ú __qualname__Z short_descZ plugin_nameZprofilesrZ option_listrr rrrrrrsÿÿr)r-rZsos.report.pluginsrrrrrrrrÚ s