-_gK<ddlmZddlmZmZmZGddeeZy))glob)Plugin RedHatPlugin SoSPredicatec\eZdZdZdZdZdZdZdZdZ dZ dZ dZ dZ dZd Zd Zd Zd Zd Zy)IpazIdentity, policy, auditipa)identityapacheF)z/etc/ipa) ipa-serverz ipa-clientfreeipa-serverzfreeipa-clientNc|jds"|jds|jdry|jds|jdryy) z Get IPA server version z pki-serverz /var/lib/pkiz/usr/share/doc/ipa-server-4.2.0v4z pki-commonz/var/lib/pki-ca/v3N) is_installed path_existsselfs 8/usr/lib/python3/dist-packages/sos/report/plugins/ipa.pycheck_ipa_server_versionzIpa.check_ipa_server_version!sS   \ *##N3##$EF   \ *##$67cdtfdjdjdfDS)z Check if any CA is installed c3@K|]}j|ywN)r).0pathrs r z#Ipa.ca_installed../s! '+D  T " z/conf/ca/CS.cfgz /conf/CS.cfg)anypki_tomcat_dir_v4pki_tomcat_dir_v3rs`r ca_installedzIpa.ca_installed,sC ))*/:))*,70   rc,tfddDS)z" Check if IPA server is installed c3@K|]}j|ywr)r)rpkgrs rrz+Ipa.ipa_server_installed..8s! '*D  c " r)r r )rrs`ripa_server_installedzIpa.ipa_server_installed6s .N   rch|dk(r|jgdy|dk(r|jgdyy)z Collect PKI logs r) z!/var/log/pki/pki-tomcat/ca/debug*z!/var/log/pki/pki-tomcat/ca/systemz'/var/log/pki/pki-tomcat/ca/transactionsz(/var/log/pki/pki-tomcat/ca/selftests.logz"/var/log/pki/pki-tomcat/catalina.*/var/log/pki/pki-ca-spawn.*z"/var/log/pki/pki-tomcat/kra/debug*z"/var/log/pki/pki-tomcat/kra/systemz(/var/log/pki/pki-tomcat/kra/transactionsz/var/log/pki/pki-kra-spawn.*r)z/var/log/pki-ca/debugz/var/log/pki-ca/systemz/var/log/pki-ca/transactionsz/var/log/pki-ca/selftests.logz/var/log/pki-ca/catalina.*r(N) add_copy_spec)r ipa_versions rcollect_pki_logszIpa.collect_pki_logs<s? $      D     !rc|d|_d|_d|_d|_|j }|j r9|j d|j d|d|jgd|jr"|j d |j||jgd |d k(r|j}|j}n|j}|j}|jd |d |j|d|jddddddddd|d|d|dg |jgd|jdt|dg}|jd|d !td"D]}|jd ||jd#d$iy)%Nz/var/lib/pki/pki-tomcatz/var/lib/pki-caz/etc/pki/pki-tomcat/caz /etc/pki-cazIPA server install detectedzIPA version is [])z/var/log/ipaserver-install.logz"/var/log/ipaserver-kra-install.logz!/var/log/ipaserver-enable-sid.logz/var/log/ipareplica-install.logz"/var/log/ipareplica-ca-install.logz/var/log/ipa-custodia.audit.logz$CA is installed: retrieving PKI logs)z/var/log/ipaclient-install.logz/var/log/ipaupgrade.logz/var/log/krb5kdc.logz#/var/log/dirsrv/slapd-*/logs/accessz#/var/log/dirsrv/slapd-*/logs/errorsz/etc/dirsrv/slapd-*/dse.ldifz&/etc/dirsrv/slapd-*/schema/99user.ldifz /etc/hostsz/etc/httpd/alias/*z /etc/named.*z/etc/ipa/ca.crtz/etc/ipa/default.confz/etc/ipa/kdcproxy/kdcproxy.confz$/etc/ipa/kdcproxy/ipa-kdc-proxy.confz/etc/ipa/kdcproxy.confz/root/.ipa/log/cli.log#/var/lib/certmonger/requests/[0-9]*z/var/lib/certmonger/cas/[0-9]*z/var/lib/ipa/ra-agent.pemz/var/lib/ipa/certs/httpd.crtz/var/kerberos/krb5kdc/kdc.crtz(/var/lib/ipa/sysrestore/sysrestore.statez)/var/log/ipa/healthcheck/healthcheck.log*z/var/log/ipaepn.log*rzcertutil -L -d z/aliasz/CS.cfgz/etc/pki/nssdb/key*z/etc/dirsrv/slapd-*/key*z/etc/dirsrv/slapd-*/pin.txtz/etc/dirsrv/slapd-*/pwdfile.txtz/etc/httpd/alias/ipasession.keyz/etc/httpd/alias/key*z/etc/httpd/alias/pin.txtz/etc/httpd/alias/pwdfile.txtz/etc/named.keytabz /alias/key*z /flatfile.txtz/password.conf)z certutil -L -d /etc/httpd/alias/zpki-server cert-find --show-allz%pki-server subsystem-cert-validate caz klist -ket /etc/dirsrv/ds.keytabz%klist -ket /etc/httpd/conf/ipa.keytabz,klist -ket /var/lib/ipa/gssproxy/http.keytabz/etc/dirsrv/slapd-*/schema/ certmonger)services getcert list getcert_list)predtagsz/etc/dirsrv/slapd-*/z(/var/log/ipa/healthcheck/healthcheck.logfreeipa_healthcheck_log)r r!pki_tomcat_conf_dir_v4pki_tomcat_conf_dir_v3rr& _log_debugr)r"r+add_cmd_outputadd_forbidden_pathadd_dir_listingrr add_file_tags)rr*pki_tomcat_dirpki_tomcat_conf_dir getcert_predcertdb_directorys rsetupz Ipa.setupUs!:!2&>#&3#335  $ $ & OO9 : OO.{m1= >          OOB C  ! !+ .   8 $ !33N"&"="= !33N"&"="=  on-=VDE 12':;  ! & ) - - # & * k *"#= 1"#> 2 !     :;#D.:^=  N!/  1!%%; < F    /2B1C D E F  6)  rcd}d}|jd|||jdddd}t|D]}|j|dd y) Nz(\s*arg \"password )[^\"]*z \1********z/etc/named.confr1z (pin=)'(\d+)'z\1'***'r.z(key_pin=)(\d+)z\1***) do_file_subdo_cmd_output_subr)rmatchsubst request_logs request_logs rpostprocz Ipa.postprocsf- *E59 ~/) +=  - 'K   [/% ' 'r)__name__ __module__ __qualname__ short_desc plugin_nameprofiles ipa_server ipa_clientfilespackagesr r!r6r7rr"r&r+rArIrrrrs]*JK%HJJ EOH!!   2h T 'rrN)rsos.report.pluginsrrrrrTrrrVs AA}'&,}'r