o * bGã@s6ddlmZmZmZddlmZGdd„deeƒZdS)é)ÚPluginÚ RedHatPluginÚ SoSPredicate)Úglobc@sXeZdZdZdZdZdZdZdZdZ dd„Z d d „Z d d „Z d d„Z dd„Zdd„ZdS)ÚIpazIdentity, policy, auditZipa)ÚidentityZapacheF)z/etc/ipa)ú ipa-serverz ipa-clientúfreeipa-serverzfreeipa-clientcCs>| d¡s| d¡s| d¡rdS| d¡s| d¡rdSdS)Nz pki-serverz /var/lib/pkiz/usr/share/doc/ipa-server-4.2.0Úv4z pki-commonz/var/lib/pki-ca/Úv3)Ú is_installedÚ path_exists©Úself©rú8/usr/lib/python3/dist-packages/sos/report/plugins/ipa.pyÚcheck_ipa_server_versions ÿþ ÿzIpa.check_ipa_server_versioncCs(| d|j¡s| d|j¡rdSdS)Nz%s/conf/ca/CS.cfgz%s/conf/CS.cfgT)r Úpki_tomcat_dir_v4Úpki_tomcat_dir_v3rrrrÚ ca_installed&s ÿþzIpa.ca_installedcCs| d¡s | d¡r dSdS)Nrr T)r rrrrÚipa_server_installed,s ÿþzIpa.ipa_server_installedcCs8|dkr | gd¢¡dS|dkr| gd¢¡dSdS)Nr ) z!/var/log/pki/pki-tomcat/ca/debug*z!/var/log/pki/pki-tomcat/ca/systemz'/var/log/pki/pki-tomcat/ca/transactionsz(/var/log/pki/pki-tomcat/ca/selftests.logz"/var/log/pki/pki-tomcat/catalina.*ú/var/log/pki/pki-ca-spawn.*z"/var/log/pki/pki-tomcat/kra/debug*z"/var/log/pki/pki-tomcat/kra/systemz(/var/log/pki/pki-tomcat/kra/transactionsz/var/log/pki/pki-kra-spawn.*r )z/var/log/pki-ca/debugz/var/log/pki-ca/systemz/var/log/pki-ca/transactionsz/var/log/pki-ca/selftests.logz/var/log/pki-ca/catalina.*r)Ú add_copy_spec)rÚ ipa_versionrrrÚretrieve_pki_logs1s  ÿzIpa.retrieve_pki_logscCs@d|_d|_d|_d|_| ¡}| ¡r'| d¡| d|¡| gd¢¡| ¡r5| d¡|  |¡| gd ¢¡|d krI|j|_ |j|_ n|j|_ |j|_ |  d |j ¡| d |j ¡|  d ddddddddd|j d|j d|j g ¡|  gd¢¡t|dgd}|j d|dtdƒD] }|  d|¡q”dS) Nz/var/lib/pki/pki-tomcatz/var/lib/pki-caz/etc/pki/pki-tomcat/caz /etc/pki-cazIPA server install detectedzIPA version is [%s])z/var/log/ipaserver-install.logz"/var/log/ipaserver-kra-install.logz/var/log/ipareplica-install.logz"/var/log/ipareplica-ca-install.logz/var/log/ipa-custodia.audit.logz$CA is installed: retrieving PKI logs)z/var/log/ipaclient-install.logz/var/log/ipaupgrade.logz/var/log/krb5kdc.logz#/var/log/dirsrv/slapd-*/logs/accessz#/var/log/dirsrv/slapd-*/logs/errorsz/etc/dirsrv/slapd-*/dse.ldifz&/etc/dirsrv/slapd-*/schema/99user.ldifz /etc/hostsz/etc/httpd/alias/*z /etc/named.*z/etc/ipa/ca.crtz/etc/ipa/default.confz/etc/ipa/kdcproxy/kdcproxy.confz$/etc/ipa/kdcproxy/ipa-kdc-proxy.confz/etc/ipa/kdcproxy.confz/root/.ipa/log/cli.logú#/var/lib/certmonger/requests/[0-9]*z/var/lib/certmonger/cas/[0-9]*z/var/lib/ipa/ra-agent.pemz/var/lib/ipa/certs/httpd.crtz/var/kerberos/krb5kdc/kdc.crtz(/var/lib/ipa/sysrestore/sysrestore.statez)/var/log/ipa/healthcheck/healthcheck.log*r zcertutil -L -d %s/aliasz %s/CS.cfgz/etc/pki/nssdb/key*z/etc/dirsrv/slapd-*/key*z/etc/dirsrv/slapd-*/pin.txtz/etc/dirsrv/slapd-*/pwdfile.txtz/etc/httpd/alias/ipasession.keyz/etc/httpd/alias/key*z/etc/httpd/alias/pin.txtz/etc/httpd/alias/pwdfile.txtz/etc/named.keytabz %s/alias/key*z%s/flatfile.txtz%s/password.conf)z"ls -la /etc/dirsrv/slapd-*/schema/z certutil -L -d /etc/httpd/alias/zpki-server cert-find --show-allz%pki-server subsystem-cert-validate caz klist -ket /etc/dirsrv/ds.keytabz%klist -ket /etc/httpd/conf/ipa.keytabz,klist -ket /var/lib/ipa/gssproxy/http.keytabZ certmonger)Úservicesú getcert list)Zpredz/etc/dirsrv/slapd-*/zcertutil -L -d %s)rrZpki_tomcat_conf_dir_v4Zpki_tomcat_conf_dir_v3rrZ _log_debugrrrZpki_tomcat_dirZpki_tomcat_conf_dirZadd_cmd_outputZadd_forbidden_pathrr)rrZ getcert_predZcertdb_directoryrrrÚsetupIsT    ô ÿ z Ipa.setupcCsHd}d}| d||¡| ddd¡d}t|ƒD] }| |dd ¡qdS) Nz(\s*arg \"password )[^\"]*z \1********z/etc/named.confrz (pin=)'(\d+)'z\1'***'rz(key_pin=)(\d+)z\1***)Z do_file_subZdo_cmd_output_subr)rÚmatchÚsubstZ request_logsZ request_logrrrÚpostproc«sþ þÿz Ipa.postprocN)Ú__name__Ú __module__Ú __qualname__Z short_descZ plugin_nameZprofilesZ ipa_serverZ ipa_clientÚfilesZpackagesrrrrrr!rrrrrs  brN)Zsos.report.pluginsrrrrrrrrrÚs