관리-도구

편집 파일: ipa.cpython-39.opt-1.pyc

a ����-�_gK����������������������@���s6���d�d
l�m�Z�
�d�dl
mZmZmZ
�G�dd��dee�ZdS�)�����)
�glob)�Plugin�RedHatPlugin�SoSPredicatec�������������������@���sh���e�Z
d�Zd
ZdZdZdZdZdZdZ dZ dZdZdZ dd ��Zd d��Zdd ��Zdd��Zdd��Zdd��ZdS�)�IpazIdentity, policy, auditZipa)�identityZapacheF)
z/etc/ipa)� ipa-serverz ipa-client�freeipa-serverzfreeipa-clientNc
�����������
������C���s>���|���d
�
s|��
d�
s|��
d�
r"dS�|���d�
s6|��
d�
r:dS�dS�) z Get IPA server version z pki-serverz/var/lib/pkiz/usr/share/doc/ipa-server-4.2.0�v4z pki-commonz/var/lib/pki-ca/�v3N)�is_installed�path_exists�
�self��r����:/usr/lib/python3.9/site-packages/sos/report/plugins/ipa.py�check_ipa_server_version!���s����
��

�
zIpa.check_ipa_server_versionc
�����������
���������s*���t���f
d
d���j
��d���j��d�fD��
�
S�)z Check if any CA is installed c
�����������������3���s���|�]}
����|
�
V�
�qd�S��
N)
r ���)�.0�pathr���r���r���� <genexpr>/���s���
z#Ipa.ca_installed.<locals>.<genexpr>z/conf/ca/CS.cfgz/conf/CS.cfg)�any�pki_tomcat_dir_v4�pki_tomcat_dir_v3r���r���r���r����ca_installed,���s ����
��zIpa.ca_installedc
�����������
���������s���t���f
d
d�dD��
�
S�)z" Check if IPA server is installed c
�����������������3���s���|�]}
����|
�
V�
�qd�S�r���)
r���)r����pkgr���r���r���r���8���s���
z+Ipa.ipa_server_installed.<locals>.<genexpr>)r���r ���)
r���r���r���r���r����ipa_server_installed6���s����
�zIpa.ipa_server_installedc�����������������C���s2���|
d
kr|���g�d�
�

�n|
dkr.|���g�d�
�

�dS�)z Collect PKI logs r ���) z!/var/log/pki/pki-tomcat/ca/debug*z!/var/log/pki/pki-tomcat/ca/systemz'/var/log/pki/pki-tomcat/ca/transactionsz(/var/log/pki/pki-tomcat/ca/selftests.logz"/var/log/pki/pki-tomcat/catalina.*�/var/log/pki/pki-ca-spawn.*z"/var/log/pki/pki-tomcat/kra/debug*z"/var/log/pki/pki-tomcat/kra/systemz(/var/log/pki/pki-tomcat/kra/transactionsz/var/log/pki/pki-kra-spawn.*r���)z/var/log/pki-ca/debugz/var/log/pki-ca/systemz/var/log/pki-ca/transactionsz/var/log/pki-ca/selftests.logz/var/log/pki-ca/catalina.*r���N)
� add_copy_spec)r����ipa_versionr���r���r����collect_pki_logs<���s����

zIpa.collect_pki_logsc
�����������������C���s\
��d
|�_�d|�_
d|�_d|�_|����}
|����rR|��d�

�|��d|
��d��

�|��g�d�
�

�|����rn|��d �

�|�� |
�

�|��g�d �
�

�|
dkr�|�j�}|�j}n|�j
}|�j}|�� d|��d ��

�|��|��d��

�|��ddddddddd|��d�|��d�|��d�g�

�|�� g�d�
�

�|��d�

�t |�dg
d�}|�j d|d d!�
�td"�
D�]}|�� d|����

��
q2|��d#d$i
�

�d�S�)%Nz/var/lib/pki/pki-tomcatz/var/lib/pki-caz/etc/pki/pki-tomcat/caz/etc/pki-cazIPA server install detectedzIPA version is [�
])z/var/log/ipaserver-install.logz"/var/log/ipaserver-kra-install.logz!/var/log/ipaserver-enable-sid.logz/var/log/ipareplica-install.logz"/var/log/ipareplica-ca-install.logz/var/log/ipa-custodia.audit.logz$CA is installed: retrieving PKI logs)z/var/log/ipaclient-install.logz/var/log/ipaupgrade.logz/var/log/krb5kdc.logz#/var/log/dirsrv/slapd-*/logs/accessz#/var/log/dirsrv/slapd-*/logs/errorsz/etc/dirsrv/slapd-*/dse.ldifz&/etc/dirsrv/slapd-*/schema/99user.ldifz /etc/hostsz/etc/httpd/alias/*z/etc/named.*z/etc/ipa/ca.crtz/etc/ipa/default.confz/etc/ipa/kdcproxy/kdcproxy.confz$/etc/ipa/kdcproxy/ipa-kdc-proxy.confz/etc/ipa/kdcproxy.confz/root/.ipa/log/cli.log�#/var/lib/certmonger/requests/[0-9]*z/var/lib/certmonger/cas/[0-9]*z/var/lib/ipa/ra-agent.pemz/var/lib/ipa/certs/httpd.crtz/var/kerberos/krb5kdc/kdc.crtz(/var/lib/ipa/sysrestore/sysrestore.statez)/var/log/ipa/healthcheck/healthcheck.log*z/var/log/ipaepn.log*r ���zcertutil -L -d z/aliasz/CS.cfgz/etc/pki/nssdb/key*z/etc/dirsrv/slapd-*/key*z/etc/dirsrv/slapd-*/pin.txtz/etc/dirsrv/slapd-*/pwdfile.txtz/etc/httpd/alias/ipasession.keyz/etc/httpd/alias/key*z/etc/httpd/alias/pin.txtz/etc/httpd/alias/pwdfile.txtz/etc/named.keytabz/alias/key*z /flatfile.txtz/password.conf)z certutil -L -d /etc/httpd/alias/zpki-server cert-find --show-allz%pki-server subsystem-cert-validate caz klist -ket /etc/dirsrv/ds.keytabz%klist -ket /etc/httpd/conf/ipa.keytabz,klist -ket /var/lib/ipa/gssproxy/http.keytabz/etc/dirsrv/slapd-*/schema/Z certmonger)
Zservices�getcert listZgetcert_list)Zpred�tagsz/etc/dirsrv/slapd-*/z(/var/log/ipa/healthcheck/healthcheck.logZfreeipa_healthcheck_log)r���r����pki_tomcat_conf_dir_v4�pki_tomcat_conf_dir_v3r���r���Z _log_debugr���r���r ���Zadd_cmd_outputZadd_forbidden_pathZadd_dir_listingr���r���Z add_file_tags)r���r���Zpki_tomcat_dirZpki_tomcat_conf_dirZgetcert_predZcertdb_directoryr���r���r����setupU���s`����



 

















� 
�
�


�z Ipa.setupc
�����������������C���sH���d
}
d}|���d|
|�
�|��
ddd�
�d}t|�
D�]}|���|dd �
�q0d�S�) Nz(\s*arg \"password )[^\"]*z \1********z/etc/named.confr#���z (pin=)'(\d+)'z\1'***'r"���z(key_pin=)(\d+)z\1***)Zdo_file_subZdo_cmd_output_subr���)r����match�substZrequest_logsZrequest_logr���r���r����postproc����s����




�



�zIpa.postproc)�__name__� __module__�__qualname__Z short_descZplugin_nameZprofilesZ ipa_serverZ ipa_client�filesZpackagesr���r���r%���r&���r���r���r���r ���r'���r*���r���r���r���r���r������s"���





 jr���N)r���Zsos.report.pluginsr���r���r���r���r���r���r���r����<module>���s���