U -_gK@s6ddlmZddlmZmZmZGdddeeZdS))glob)Plugin RedHatPlugin SoSPredicatec@sheZdZdZdZdZdZdZdZdZ dZ dZ dZ dZ dd Zd d Zd d ZddZddZddZdS)IpazIdentity, policy, auditZipa)ZidentityZapacheF)z/etc/ipa) ipa-serverz ipa-clientfreeipa-serverzfreeipa-clientNcCs>|ds|ds|dr"dS|ds6|dr:dSdS) z Get IPA server version z pki-serverz /var/lib/pkiz/usr/share/doc/ipa-server-4.2.0v4z pki-commonz/var/lib/pki-ca/v3N) is_installed path_existsselfr8/usr/lib/python3/dist-packages/sos/report/plugins/ipa.pycheck_ipa_server_version!s  zIpa.check_ipa_server_versioncs*tfddjdjdfDS)z Check if any CA is installed c3s|]}|VqdSN)r ).0pathr rr /sz#Ipa.ca_installed..z/conf/ca/CS.cfgz /conf/CS.cfg)anypki_tomcat_dir_v4pki_tomcat_dir_v3r rr r ca_installed,s    zIpa.ca_installedcstfdddDS)z" Check if IPA server is installed c3s|]}|VqdSr)r )rpkgr rrr8sz+Ipa.ipa_server_installed..)rr)rr rr ripa_server_installed6s zIpa.ipa_server_installedc CsJ|dkr(|dddddddd d d g n|d krF|d dddddgdS)z Collect PKI logs r z!/var/log/pki/pki-tomcat/ca/debug*z!/var/log/pki/pki-tomcat/ca/systemz'/var/log/pki/pki-tomcat/ca/transactionsz(/var/log/pki/pki-tomcat/ca/selftests.logz"/var/log/pki/pki-tomcat/catalina.*z/var/log/pki/pki-ca-spawn.*z"/var/log/pki/pki-tomcat/kra/debug*z"/var/log/pki/pki-tomcat/kra/systemz(/var/log/pki/pki-tomcat/kra/transactionsz/var/log/pki/pki-kra-spawn.*r z/var/log/pki-ca/debugz/var/log/pki-ca/systemz/var/log/pki-ca/transactionsz/var/log/pki-ca/selftests.logz/var/log/pki-ca/catalina.*N) add_copy_spec)r ipa_versionrrrcollect_pki_logs<s, zIpa.collect_pki_logscCsd|_d|_d|_d|_|}|rZ|d|d|d|dd d d d d g|rv|d| ||dddddddddddddddddd d!d"d#d$d%d&g|d'kr|j}|j}n |j}|j}| d(|d)||d*| d+d,d-d.d/d0d1d2d3|d4|d5|d6g | d7d8d9d:d;dgd?}|j d@|dAdBtdCD]}| d(|qn|dDdEidS)FNz/var/lib/pki/pki-tomcatz/var/lib/pki-caz/etc/pki/pki-tomcat/caz /etc/pki-cazIPA server install detectedzIPA version is []z/var/log/ipaserver-install.logz"/var/log/ipaserver-kra-install.logz!/var/log/ipaserver-enable-sid.logz/var/log/ipareplica-install.logz"/var/log/ipareplica-ca-install.logz/var/log/ipa-custodia.audit.logz$CA is installed: retrieving PKI logsz/var/log/ipaclient-install.logz/var/log/ipaupgrade.logz/var/log/krb5kdc.logz#/var/log/dirsrv/slapd-*/logs/accessz#/var/log/dirsrv/slapd-*/logs/errorsz/etc/dirsrv/slapd-*/dse.ldifz&/etc/dirsrv/slapd-*/schema/99user.ldifz /etc/hostsz/etc/httpd/alias/*z /etc/named.*z/etc/ipa/ca.crtz/etc/ipa/default.confz/etc/ipa/kdcproxy/kdcproxy.confz$/etc/ipa/kdcproxy/ipa-kdc-proxy.confz/etc/ipa/kdcproxy.confz/root/.ipa/log/cli.log#/var/lib/certmonger/requests/[0-9]*z/var/lib/certmonger/cas/[0-9]*z/var/lib/ipa/ra-agent.pemz/var/lib/ipa/certs/httpd.crtz/var/kerberos/krb5kdc/kdc.crtz(/var/lib/ipa/sysrestore/sysrestore.statez)/var/log/ipa/healthcheck/healthcheck.log*z/var/log/ipaepn.log*r zcertutil -L -d z/aliasz/CS.cfgz/etc/pki/nssdb/key*z/etc/dirsrv/slapd-*/key*z/etc/dirsrv/slapd-*/pin.txtz/etc/dirsrv/slapd-*/pwdfile.txtz/etc/httpd/alias/ipasession.keyz/etc/httpd/alias/key*z/etc/httpd/alias/pin.txtz/etc/httpd/alias/pwdfile.txtz/etc/named.keytabz /alias/key*z /flatfile.txtz/password.confz certutil -L -d /etc/httpd/alias/zpki-server cert-find --show-allz%pki-server subsystem-cert-validate caz klist -ket /etc/dirsrv/ds.keytabz%klist -ket /etc/httpd/conf/ipa.keytabz,klist -ket /var/lib/ipa/gssproxy/http.keytabz/etc/dirsrv/slapd-*/schema/Z certmonger)services getcert listZ getcert_list)ZpredZtagsz/etc/dirsrv/slapd-*/z(/var/log/ipa/healthcheck/healthcheck.logZfreeipa_healthcheck_log)rrpki_tomcat_conf_dir_v4pki_tomcat_conf_dir_v3rrZ _log_debugrrrZadd_cmd_outputZadd_forbidden_pathZadd_dir_listingrrZ add_file_tags)rrZpki_tomcat_dirZpki_tomcat_conf_dirZ getcert_predZcertdb_directoryrrrsetupUs      z Ipa.setupcCsHd}d}|d|||dddd}t|D]}||dd q0dS) Nz(\s*arg \"password )[^\"]*z \1********z/etc/named.confr"z (pin=)'(\d+)'z\1'***'r z(key_pin=)(\d+)z\1***)Z do_file_subZdo_cmd_output_subr)rmatchZsubstZ request_logsZ request_logrrrpostprocs z Ipa.postproc)__name__ __module__ __qualname__Z short_descZ plugin_nameZprofilesZ ipa_serverZ ipa_clientfilesZpackagesrrr#r$rrrrr%r'rrrrrs"  jrN)rZsos.report.pluginsrrrrrrrr s