관리-도구

편집 파일: access_control.cpython-39.pyc

a ����U+el����������������������@���s����d�Z�d
dl
Z
d
dlZd
dlZd
dlmZ
�d
dlmZ
�dg
Z z ej Z W�n��ey�
�
�
�d
dlZd
dl Z e���d�Ze �de�r�dZ n^e �d e�r�dZ nLe �d e�r�dZ n:e �de�r�d Z n(e �de�r�dZ ne �de�r�dZ ndZ Y�n0�G�dd��d�ZdS�)z�Access control for setroubleshoot. For now this is only used for determining which users are allowed to connect to the server: see UserServerAccess for more information.�����N)
� get_config)
�syslog_trace�ServerAccess����z^i\d86����z^x86_64z^(ppc|powerpc)����z ^(alpha|mips)����z^sparc�@���z^parisci@��c�������������������@���sZ���e�Z
d�Zd
Zddi
ddi
d�Zdd��Zdd ��Zd d��Zdd ��Zdd��Z dd��Z dd��ZdS�)r���zg Determine if a user should be given access to the server based on the configuration file. �wildcardTF)ZclientZfix_cmdc
�����������������C���s.���i�|�_�t
tj�����
D�]}
|��|
�
|�j�|
<�qd�S�)
N)� privileges�listr����keys�init_privilege��self� privilege��r����A/usr/lib/python3.9/site-packages/setroubleshoot/access_control.py�__init__L���s����

zServerAccess.__init__c�����������������C���s"���d
d��t�dd|
���
d�
D��
}|S�)Nc
�����������������S���s���g�|�]}
|
�����qS�r���)
�strip)�.0�namer���r���r���� <listcomp>X��������z/ServerAccess.init_privilege.<locals>.<listcomp>�accessz%s_users�
,)r����split)r���r���Z cfg_namesr���r���r���r���W���s����

�zServerAccess.init_privilegec�����������������C���s(���|
t�j
v�}|rd
S�t�tjd|
��
�dS�)NTzunknown access privilege (%s)F)r���r����syslog�LOG_ERR)r���r���Zvalidr���r���r����valid_privilege\���s ����




zServerAccess.valid_privilegec�����������������C���s.���|���|
�
sd
S�t
j|
�d�s d
S�d|�j|
�v�S�)NFr ����
*)r���r���r���r���r���r���r����unrestricted_privilegec���s ����



z#ServerAccess.unrestricted_privilegec�����������������C���s6���|���|
�
sd
S�|��
|
�
rdS�||�j|
�v�r.dS�d
S�dS�)z� Determine if the given user name is allowed access. Returns True if access should be given, False if not. FTN)r���r!���r���)r���r����userr���r���r����user_allowedk���s����



zServerAccess.user_allowedc�����������������C���sX���|���|
�
sd
S�|��
|
�
rdS�zddl}|�|�
}W�n�tyF
�
�
�Y�d
S�0�|��|
|d��S�)z� Determine if the given uid is allowed access. No error is returned if the uid is invalid (False is returned). Returns True if access should be given, False if not. FTr
���N)r���r!����pwd�getpwuid�KeyErrorr#���)r���r����uidr$���Z pwd_entryr���r���r����uid_allowedz���s����





zServerAccess.uid_allowedc�������������� ���C���s����d
�}�}}z|
j�}|t
jkr(||fW�S�W�n�ty<
�
�
�Y�n0�d}t�|�
}zJ|
�t
jt|�}t� ||�\}}}|dkr|d
}|dkr�d
}|dkr�d
}W�nV�t y�
�}
�z>d
�}�}}dd
l} t| � ���

�t�tjd| ��
�W�Y�d
} ~ n d
} ~ 0�0�||fS�)z�Obtain the effective user and group IDs of the process on the other end of a socket. SO_PEERCRED is used so the information returned is generally trustworthy (though root processes can impersonate any uid/gid).NZIII���r
���zget_credentials(): %s)�family�SocketZAF_UNIX�AttributeError�struct�calcsizeZ getsockoptZ SOL_SOCKET�SO_PEERCRED�unpack� Exception� tracebackr���� format_excr���r���)r���Zsock�pidr'����gidr*���Zformat_ucredZsizeof_ucredZucred�
er2���r���r���r����get_credentials����s0����

















(zServerAccess.get_credentialsN)�__name__� __module__�__qualname__�__doc__r���r���r���r���r!���r#���r(���r7���r���r���r���r���r���B���s���

�)r;���r-���Zsocketr+���r���Zsetroubleshoot.configr���Zsetroubleshoot.utilr����__all__r/���r,����os�re�uname�machine�searchr���r���r���r���r����<module>���s6���


�