dddlZddlZddlmZmZddlmcmZddlmcmZddl m Z m Z ddl m Z ddlmZddlmZddlmZddlmZmZd Zd Zd Zd Zd ZdZdZGddeZy)N)datetime timedelta) add_eventWALAEventOperation)ustr) get_osutil)textutil) CryptUtil) AGENT_NAMECURRENT_VERSIONz%a, %d %b %Y %H:%M:%S %Zz%Y-%m-%dzTransportPrivate.pem JIT_Accountct|SN)RemoteAccessHandler)protocols A/usr/lib/python3/dist-packages/azurelinuxagent/ga/remoteaccess.pyget_remote_access_handlerr)s x ((c@eZdZdZdZdZdZedZdZ dZ y) rct|_||_tt j |_d|_d|_y)NT) r_os_util _protocolr confget_openssl_cmd _cryptUtil_remote_access_check_existing_jit_users)selfrs r__init__zRemoteAccessHandler.__init__.s7"  !#D$8$8$:;")-&rcf |jjr:|jjj |_|j yy#t$rT}djtj|}ttttjd|Yd}~yd}~wwxYw)Nzz>RemoteAccessHandler._get_existing_jit_users..Es&FAd.?.?!.E1Q4Fs' ')r get_usersset)r all_userss` r_get_existing_jit_usersz+RemoteAccessHandler._get_existing_jit_usersCs&MM++- FFFFrc |jctjdd|_|j }t d|jj jD}|jj jD]} |j}tj|t}tj}|j|vr-||kr(|j|j|j|nN|j|vr@||kDr;tjd|j|j!|j|D]} ||vr|j!|y|jrKtjd|j }d} |D]} |j!|| sd|_yyy#t"$r5}tj$d|jt'|Yd}~xd}~wwxYw#t"$r*}tj$d|t'|Yd}~d}~wwxYw#t"$r,}tj$d|t'|d} Yd}~d}~wwxYw) Nz-Processing remote access users in goal state.Tc34K|]}|jywr)name)r6r7s rr8z.Ns"Wa166"Wsz!Remote access user '{0}' expired.z/Error processing remote access user '{0}' - {1}z-Error removing remote access user '{0}' - {1}z)Looking for existing remote access users.F)rloggerinforr<r: user_listusers expirationrstrptimeREMOTE_USR_EXPIRATION_FORMATutcnowr? _add_userencrypted_password _remove_userr+errorr) r existing_jit_usersgoal_state_usersaccraw_expirationaccount_expirationnowr/userremove_user_errorss rr*z)RemoteAccessHandler._handle_remote_accessGs>    * KKG H-1D *!%!=!=!? ""W43F3F3P3P3V3V"WW **44:: g g%(^^N)1):):>Kg)h&"//+Cxx'99cDV>Vsxx1G1GI[\%77CBTrsc( (**..F.41<F9 / -)g,&g,r