| Server IP : 23.254.227.96 / Your IP : 216.73.216.7 Web Server : Apache/2.4.62 (Unix) OpenSSL/1.1.1k System : Linux hwsrv-1277026.hostwindsdns.com 4.18.0-477.13.1.el8_8.x86_64 #1 SMP Tue May 30 14:53:41 EDT 2023 x86_64 User : viralblo ( 1001) PHP Version : 8.1.31 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /lib/python3.6/site-packages/cloudinit/__pycache__/ |
Upload File : |
3
?q,d�N������������������@���s����d�dl�Z�d�dlZd�dlmZ�d�dlmZ�eje�ZdZ d>Z
dZ
d
e
e
��d
�Z
G�d
d ��d e�ZG�d d!��d!e�Zd"d#��Zd$d%��Zd&d'��Zd(d)��Zd*d+��Zd,d-��Ze fd.d/�Zd?d0d1�ZG�d2d3��d3e�Zd4d5��Zd6d7��Zd8d9��Z
e fd:d;�Z
d<d=��Z
dS�)@�����N)�log)�utilz/etc/ssh/sshd_config�dsa�rsa�ecdsa�ed25519�(ecdsa-sha2-nistp256-cert-v01@openssh.com�ecdsa-sha2-nistp256�(ecdsa-sha2-nistp384-cert-v01@openssh.com�ecdsa-sha2-nistp384�(ecdsa-sha2-nistp521-cert-v01@openssh.com�ecdsa-sha2-nistp521�+sk-ecdsa-sha2-nistp256-cert-v01@openssh.com�"sk-ecdsa-sha2-nistp256@openssh.com�#sk-ssh-ed25519-cert-v01@openssh.com�sk-ssh-ed25519@openssh.com�
ssh-dss-cert-v01@openssh.com�ssh-dss� ssh-ed25519-cert-v01@openssh.com�
ssh-ed25519�
ssh-rsa-cert-v01@openssh.com�ssh-rsa�
ssh-xmss-cert-v01@openssh.com�ssh-xmss@openssh.com����z�no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10;exit �"c���������������@���s&���e�Zd�Zddd�Zdd��Zdd��ZdS�) �
AuthKeyLineNc�������������C���s"���||�_�||�_||�_||�_||�_d�S�)N)�base64�comment�options�keytype�source)�selfr!���r ���r
���r
���r �����r#����
/usr/lib/python3.6/ssh_util.py�__init__F���s
����zAuthKeyLine.__init__c�������������C���s
���|�j�o
|�jS�)N)r
���r ���)r"���r#���r#���r$����validO���s����zAuthKeyLine.validc�������������C���sd���g�}|�j�r|j|�j���|�jr(|j|�j��|�jr:|j|�j��|�jrL|j|�j��|sV|�jS�dj|�S�d�S�)N� )r ����appendr ���r
���r
���r!����join)r"����toksr#���r#���r$����__str__R���s����
zAuthKeyLine.__str__)NNNN)�__name__�
__module__�
__qualname__r%���r&���r+���r#���r#���r#���r$���r
���E���s���
r
���c���������������@���s"���e�Zd�ZdZdd��Zddd�ZdS�)�AuthKeyLineParsera���
AUTHORIZED_KEYS FILE FORMAT
AuthorizedKeysFile specifies the file containing public keys for public
key authentication; if none is specified, the default is
~/.ssh/authorized_keys. Each line of the file contains one key (empty
(because of the size of the public key encoding) up to a limit of 8 kilo-
bytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
kilobits. You don't want to type them in; instead, copy the
identity.pub, id_dsa.pub, or the id_rsa.pub file and edit it.
sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
2 keys of 768 bits.
The options (if present) consist of comma-separated option specifica-
tions. No spaces are permitted, except within double quotes. The fol-
lowing option specifications are supported (note that option keywords are
case-insensitive):
c�������������C���s����d}d}x~|t�|�k�r�|s&||�d kr�||�}|d�t�|�krH|d�}P�||d��}|dkrn|dkrn|d�}n|dkr||
�}|d�}q
W�|d|��}||d��j��}||fS�)
z�
The options (if present) consist of comma-separated option specifica-
tions. No spaces are permitted, except within double quotes.
Note that option keywords are case-insensitive.
Fr���r'���� �����\r���N)r'���r0���)�len�lstrip)r"����entZquoted�iZcurcZnextcr ����remainr#���r#���r$����_extract_optionsv���s ����
z"AuthKeyLineParser._extract_optionsNc�������
������C���s����|j�d�}|jd�s |j��dkr(t|�S�dd��}|j��}y||�\}}}W�nZ�tk
r����|�j|�\} }
|d�krt| }y||
�\}}}W�n�tk
r����t|�S�X�Y�nX�t|||||d�S�)Nz
�#��c�������������S���s^���|�j�d�d�}t|�dk�r(tdt|����|d�tkrDtd|d����t|�dkrZ|jd��|S�)N����zTo few fields: %sr���zInvalid keytype %sr:���)�splitr3���� TypeError�VALID_KEY_TYPESr(���)r5���r*���r#���r#���r$����
parse_ssh_key����s����
z.AuthKeyLineParser.parse.<locals>.parse_ssh_key)r ���r
���r
���r ���)�rstrip�
startswith�stripr
���r=���r8���)
r"���Zsrc_liner ����liner?���r5���r ���r
���r
���Zkeyoptsr7���r#���r#���r$����parse����s*����
zAuthKeyLineParser.parse)N)r,���r-���r.����__doc__r8���rD���r#���r#���r#���r$���r/���b���s���r/���c����������
���C���s����g�}t���}g�}xp|�D�]h}y<tjj|�rRtj|�j��}x
|D�]}|j|j|���q:W�W�q�t t
fk
rz���tj
t
d|��Y�qX�qW�|S�)NzError reading lines from %s)
r/����os�path�isfiler���� load_file�
splitlinesr(���rD����IOError�OSError�logexc�LOG)�fnames�lines�parser�contents�fnamerC���r#���r#���r$����parse_authorized_keys����s����
rT���c�������������C���s����t�dd��|D���}x`tdt|���D�]N}|�|�}|j��s8q"x.|D�]&}|j|jkr>|}||kr>|j|��q>W�||�|<�q"W�x|D�]}|�j|��qzW�dd��|�D��}|jd��dj|�S�)Nc�������������S���s���g�|�]}|j���r|�qS�r#���)r&���)�.0�kr#���r#���r$����
<listcomp>����s����z*update_authorized_keys.<locals>.<listcomp>r���c�������������S���s���g�|�]
}t�|��qS�r#���)�str)rU����br#���r#���r$���rW�������s����r:����
)�list�ranger3���r&���r
����remover(���r)���)Z
old_entries�keysZto_addr6���r5���rV����keyrP���r#���r#���r$����update_authorized_keys����s ����
r`���c�������������C���s8���t�j|��}|
�s|j
�r$td|����tjj|jd�|fS�)Nz"Unable to get SSH info for user %rz.ssh)�pwd�getpwnam�pw_dir�
RuntimeErrorrF���rG���r)���)�username�pw_entr#���r#���r$����users_ssh_info����s����
rg���c������� ������C���sx���d|fd|fdf}|�sd}�|�j���}g�}xL|D�]D}x
|D�]\}}|j||�}q6W�|jd�sftjj||�}|j|��q,W�|S�)Nz%hz%u�%%�%z%h/.ssh/authorized_keys�/)rh���ri���)r<����replacerA���rF���rG���r)���r(���) �valueZhomedirre���Zmacros�pathsZrenderedrG���ZmacroZfieldr#���r#���r$���� render_authorizedkeysfile_paths����s����
rn���c�������
������C���s����d}|r
d}t�j|�}|r@||�kr@|dkr@tjd|||�|��dS�t�j|�}||�kr\|dM�}n.t�j|�}t�j|��} || kr�|dM�}n|dM�}||@�d kr�tjd
|||���dS�|r�|d
@�d kr�tjd
||��dS�d
S�)aV��Check if the file/folder in @current_path has the right permissions.
We need to check that:
1. If StrictMode is enabled, the owner is either root or the user
2. the user can access the file/folder, otherwise ssh won't use it
3. If StrictMode is enabled, no write permission is given to group
and world users (022)
i���i����rootzXPath %s in %s must be own by user %s or by root, but instead is own by %s. Ignoring key.Fi����8�������r���zBPath %s in %s must be accessible by user %s, check its permissions����zRPath %s in %s must not give writepermission to group or world users. Ignoring key.T)r���Z get_ownerrN����debugZget_permissionsZ get_groupZget_user_groups)
re���Z
current_path� full_path�is_file�
strictmodesZminimal_permissions�ownerZparent_permissionZ
group_ownerZ
user_groupsr#���r#���r$����check_permissions��sD����
rx���c�������������C���s���t�|��d�}t�d�d�}�y�|jd�dd��}d}tjj|j�}x�|D�]�}|d|�7�}tjj|�rrtjd|��dS�tjj |�r�tjd|��dS�|j
|�sF||jkr�qFtjj
|��st
j
|��P�d} |j}
|j}
|j
|j�r�d } |j}
|j}
tj|| d
d
��t
j||
|
��W�d�Q�R�X�t|�||d|�}
|
sFdS�qFW�tjj|��sJtjj|��rZtjd
|��dS�tjj
|��s�t
j|dd
d
d��t
j||j|j��t|�||d
|�}
|
�s�dS�W�n6�ttfk
�r��}
�zt
jtt|
���dS�d�}
~
X�nX�d
S�)Nr1���ro���rj���r:���z-Invalid directory. Symlink exists in path: %sFz*Invalid directory. File exists in path: %si���i���T)�mode�exist_okz%s is not a file!i���)ry���Zensure_dir_exists���)rg���r<���rF���rG����dirnamerc����islinkrN���rs���rH���rA����existsr����
SeLinuxGuardZpw_uidZpw_gid�makedirsZ chownbyidrx����isdir�
write_filerK���rL���rM���rX���)re����filenamerv���Z
user_pwentZ
root_pwentZ
directoriesZ
parent_folderZ
home_folderZ directoryry���Zuid�gidZ
permissions�er#���r#���r$����check_create_pathH��sb����
r����c�������
������C���s"��t�|��\}}tjj|d�}|}g�}tj|dd��n�y2t|�}|jdd�}|jdd�} t||j |��}W�n4�t
t
fk
r����||d<�tj
t
d t|d���Y�nX�W�d�Q�R�X�xXt|j��|�D�]F\}
}
td
|
kd
|
k|
jd
j|j ��g�r�t|�|
| dk�}
|
r�|
}P�q�W�||k�rt
jd
|��|t|g�fS�)NZauthorized_keysT)� recursiveZauthorizedkeysfilez%h/.ssh/authorized_keysrv����yesr���zhFailed extracting 'AuthorizedKeysFile' in SSH config from %r, using 'AuthorizedKeysFile' file %r insteadz%uz%hz{}/zAAuthorizedKeysFile has an user-specific authorized_keys, using %s)rg���rF���rG���r)���r���r����parse_ssh_config_map�getrn���rc���rK���rL���rM���rN����
DEF_SSHD_CFG�zipr<����anyrA����formatr����rs���rT���)
re���Z
sshd_cfg_file�ssh_dirrf���Zdefault_authorizedkeys_fileZuser_authorizedkeys_fileZ
auth_key_fnsZssh_cfgZ key_pathsrv���Zkey_path�
auth_key_fnZpermissions_okr#���r#���r$����extract_authorized_keys���sF����
r����c�������
���
���C���s����t���}g�}x$|�D�]
}|j|jt|�|d���qW�t|�\}}tjj|�}tj |dd�� �t
||�} tj
|| dd��W�d�Q�R�X�d�S�)N)r ���T)r����)�
preserve_mode)
r/���r(���rD���rX���r����rF���rG���r|���r���r���r`���r����)
r^���re���r ���rQ���Z
key_entriesrV���r����Zauth_key_entriesr����Zcontentr#���r#���r$����setup_user_keys���s����
r����c���������������@���s*���e�Zd�Zddd�Zedd���Zdd��ZdS�) �SshdConfigLineNc�������������C���s���||�_�||�_||�_d�S�)N)rC����_keyrl���)r"���rC���rV����vr#���r#���r$���r%������s����zSshdConfigLine.__init__c�������������C���s���|�j�d�krd�S�|�j�j��S�)N)r�����lower)r"���r#���r#���r$���r_������s����
zSshdConfigLine.keyc�������������C���s>���|�j�d�krt|�j�S�t|�j��}|�jr6|dt|�j��7�}|S�d�S�)Nr'���)r����rX���rC���rl���)r"���r����r#���r#���r$���r+������s
����
zSshdConfigLine.__str__)NN)r,���r-���r.���r%����propertyr_���r+���r#���r#���r#���r$���r�������s���
r����c�������������C���s"���t�jj|��sg�S�ttj|��j���S�)N)rF���rG���rH����parse_ssh_config_linesr���rI���rJ���)rS���r#���r#���r$����parse_ssh_config���s����
r����c�������������C���s����g�}x�|�D�]�}|j���}|
�s&|jd�r6|jt|���q
y|jd�d�\}}W�nL�tk
r����y|jdd�\}}W�n"�tk
r����tjd|��w
Y�nX�Y�nX�|jt|||���q
W�|S�)Nr9���r1����=z;sshd_config: option "%s" has no key/value pair, skipping it)rB���rA���r(���r����r<����
ValueErrorrN���rs���)rP����retrC���r_����valr#���r#���r$���r�������s$����
r����c�������������C���s:���t�|��}|si�S�i�}x |D�]}|js&q|j||j<�qW�|S�)N)r����r_���rl���)rS���rP���r����rC���r#���r#���r$���r������s����
r����c�������������C���sH���t�|�}t||�d�}|r<tj|djdd��|D���d�dd��t|�dkS�)z�Read fname, and update if changes are necessary.
@param updates: dictionary of desired values {Option: value}
@return: boolean indicating if an update was done.)rP����updatesrZ���c�������������S���s���g�|�]
}t�|��qS�r#���)rX���)rU���rC���r#���r#���r$���rW���-��s����z%update_ssh_config.<locals>.<listcomp>T)r����r���)r�����update_ssh_config_linesr���r����r)���r3���)r����rS���rP����changedr#���r#���r$����update_ssh_config#��s����
r����c������� ������C���s��t���}g�}tdd��|j��D���}x�t|�dd�D�]v\}}|js>q.|j|kr.||j�}||�}|j|��|j|kr�tjd|||��q.|j |��tjd|||j|��||_q.W�t
|�t
|�k�r
xN|j
��D�]B\}}||kr�q�|j |��|�j t
d||���tjdt
|��||��q�W�|S�) z�Update the SSH config lines per updates.
@param lines: array of SshdConfigLine. This array is updated in place.
@param updates: dictionary of desired values {Option: value}
@return: A list of keys in updates that were changed.c�������������S���s���g�|�]}|j���|f�qS�r#���)r����)rU���rV���r#���r#���r$���rW���=��s����z+update_ssh_config_lines.<locals>.<listcomp>r1���)�startz$line %d: option %s already set to %sz#line %d: option %s updated %s -> %sr:���z line %d: option %s added with %s)
�set�dictr^���� enumerater_����addrl���rN���rs���r(���r3����itemsr����) rP���r�����foundr����Zcasemapr6���rC���r_���rl���r#���r#���r$���r����3��s<����
r����)r���r���r���r���r���r ���r
���r
���r
���r
���r���r���r���r���r���r���r���r���r���r���r���r���)N) rF���ra���Z cloudinitr���Zloggingr���Z getLoggerr,���rN���r����r>���Z_DISABLE_USER_SSH_EXITrX���ZDISABLE_USER_OPTS�objectr
���r/���rT���r`���rg���rn���rx���r����r����r����r����r����r����r����r����r����r#���r#���r#���r$����<module> ���sZ���
���������������������
Y
EO
9