|
|
6b17e9 |
commit c18486621d2df774f270f8bc1dc602d6487681aa
|
|
|
6b17e9 |
Author: Bryn M. Reeves <bmr@redhat.com>
|
|
|
6b17e9 |
Date: Thu Aug 1 16:43:43 2013 +0100
|
|
|
6b17e9 |
|
|
|
6b17e9 |
Split kerberos data collection into separate plug-in
|
|
|
6b17e9 |
|
|
|
6b17e9 |
The krb5 data collection in the samba plug-in is misplaced. Since
|
|
|
6b17e9 |
this is collecting information about the system keytab move it
|
|
|
6b17e9 |
to its own plug-in that can be activated on any kerberos enabled
|
|
|
6b17e9 |
system.
|
|
|
6b17e9 |
|
|
|
6b17e9 |
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
6b17e9 |
|
|
|
6b17e9 |
diff --git a/sos/plugins/krb5.py b/sos/plugins/krb5.py
|
|
|
6b17e9 |
new file mode 100644
|
|
|
6b17e9 |
index 0000000..d9dca89
|
|
|
6b17e9 |
--- /dev/null
|
|
|
6b17e9 |
+++ b/sos/plugins/krb5.py
|
|
|
6b17e9 |
@@ -0,0 +1,29 @@
|
|
|
6b17e9 |
+## Copyright (C) 2013 Red Hat, Inc., Bryn M. Reeves <bmr@redhat.com>
|
|
|
6b17e9 |
+
|
|
|
6b17e9 |
+### This program is free software; you can redistribute it and/or modify
|
|
|
6b17e9 |
+## it under the terms of the GNU General Public License as published by
|
|
|
6b17e9 |
+## the Free Software Foundation; either version 2 of the License, or
|
|
|
6b17e9 |
+## (at your option) any later version.
|
|
|
6b17e9 |
+
|
|
|
6b17e9 |
+## This program is distributed in the hope that it will be useful,
|
|
|
6b17e9 |
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
6b17e9 |
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
6b17e9 |
+## GNU General Public License for more details.
|
|
|
6b17e9 |
+
|
|
|
6b17e9 |
+## You should have received a copy of the GNU General Public License
|
|
|
6b17e9 |
+## along with this program; if not, write to the Free Software
|
|
|
6b17e9 |
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
6b17e9 |
+
|
|
|
6b17e9 |
+from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin
|
|
|
6b17e9 |
+
|
|
|
6b17e9 |
+class Krb5(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
|
|
|
6b17e9 |
+ """Kerberos related information
|
|
|
6b17e9 |
+ """
|
|
|
6b17e9 |
+ packages = ('krb5-libs', 'krb5-user')
|
|
|
6b17e9 |
+ plugin_name = 'krb5'
|
|
|
6b17e9 |
+
|
|
|
6b17e9 |
+ def setup(self):
|
|
|
6b17e9 |
+ self.add_copy_specs([
|
|
|
6b17e9 |
+ "/etc/krb5.conf",
|
|
|
6b17e9 |
+ "/etc/krb5.keytab"])
|
|
|
6b17e9 |
+
|
|
|
6b17e9 |
diff --git a/sos/plugins/samba.py b/sos/plugins/samba.py
|
|
|
6b17e9 |
index f3a44b7..f3dc862 100644
|
|
|
6b17e9 |
--- a/sos/plugins/samba.py
|
|
|
6b17e9 |
+++ b/sos/plugins/samba.py
|
|
|
6b17e9 |
@@ -14,9 +14,10 @@
|
|
|
6b17e9 |
|
|
|
6b17e9 |
from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin
|
|
|
6b17e9 |
|
|
|
6b17e9 |
-class Samba(Plugin):
|
|
|
6b17e9 |
+class Samba(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
|
|
|
6b17e9 |
"""Samba related information
|
|
|
6b17e9 |
"""
|
|
|
6b17e9 |
+ packages = ('samba-common',)
|
|
|
6b17e9 |
plugin_name = "samba"
|
|
|
6b17e9 |
|
|
|
6b17e9 |
def setup(self):
|
|
|
6b17e9 |
@@ -27,19 +28,3 @@ class Samba(Plugin):
|
|
|
6b17e9 |
self.add_cmd_output("wbinfo --domain='.' -u")
|
|
|
6b17e9 |
self.add_cmd_output("testparm -s -v")
|
|
|
6b17e9 |
|
|
|
6b17e9 |
-
|
|
|
6b17e9 |
-class RedHatSamba(Samba, RedHatPlugin):
|
|
|
6b17e9 |
- """Samba related information for RedHat based distributions
|
|
|
6b17e9 |
- """
|
|
|
6b17e9 |
- def setup(self):
|
|
|
6b17e9 |
- super(RedHatSamba, self).setup()
|
|
|
6b17e9 |
- # FIXME: krb5 specific
|
|
|
6b17e9 |
- self.add_copy_specs([
|
|
|
6b17e9 |
- "/etc/krb5.conf",
|
|
|
6b17e9 |
- "/etc/krb5.keytab"])
|
|
|
6b17e9 |
-
|
|
|
6b17e9 |
-class DebianSamba(Samba, DebianPlugin, UbuntuPlugin):
|
|
|
6b17e9 |
- """Samba related information for Debian based distributions
|
|
|
6b17e9 |
- """
|
|
|
6b17e9 |
- def setup(self):
|
|
|
6b17e9 |
- super(DebianSamba, self).setup()
|
|
|
6b17e9 |
commit 54eb134fb78a64782560df8f0aa2f5e51c6ae410
|
|
|
6b17e9 |
Author: Bryn M. Reeves <bmr@redhat.com>
|
|
|
6b17e9 |
Date: Thu Aug 1 16:48:19 2013 +0100
|
|
|
6b17e9 |
|
|
|
6b17e9 |
Do not collect krb5.keytab
|
|
|
6b17e9 |
|
|
|
6b17e9 |
Avoid collecting kerberos keytabs to prevent unintended
|
|
|
6b17e9 |
information disclosures. Instead retrieve a list using the klist
|
|
|
6b17e9 |
command.
|
|
|
6b17e9 |
|
|
|
6b17e9 |
Also remove the duplicative collection of this information from
|
|
|
6b17e9 |
the ipa plug-in (which should only be collecting non-system
|
|
|
6b17e9 |
keytabs that are specific to the IPA tools).
|
|
|
6b17e9 |
|
|
|
6b17e9 |
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
6b17e9 |
|
|
|
6b17e9 |
diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py
|
|
|
6b17e9 |
index 3244f34..0061659 100644
|
|
|
6b17e9 |
--- a/sos/plugins/ipa.py
|
|
|
6b17e9 |
+++ b/sos/plugins/ipa.py
|
|
|
6b17e9 |
@@ -73,7 +73,6 @@ class Ipa(Plugin, RedHatPlugin):
|
|
|
6b17e9 |
|
|
|
6b17e9 |
self.add_cmd_output("klist -ket /etc/dirsrv/ds.keytab")
|
|
|
6b17e9 |
self.add_cmd_output("klist -ket /etc/httpd/conf/ipa.keytab")
|
|
|
6b17e9 |
- self.add_cmd_output("klist -ket /etc/krb5.keytab")
|
|
|
6b17e9 |
|
|
|
6b17e9 |
return
|
|
|
6b17e9 |
|
|
|
6b17e9 |
diff --git a/sos/plugins/krb5.py b/sos/plugins/krb5.py
|
|
|
6b17e9 |
index d9dca89..0d33094 100644
|
|
|
6b17e9 |
--- a/sos/plugins/krb5.py
|
|
|
6b17e9 |
+++ b/sos/plugins/krb5.py
|
|
|
6b17e9 |
@@ -23,7 +23,6 @@ class Krb5(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
|
|
|
6b17e9 |
plugin_name = 'krb5'
|
|
|
6b17e9 |
|
|
|
6b17e9 |
def setup(self):
|
|
|
6b17e9 |
- self.add_copy_specs([
|
|
|
6b17e9 |
- "/etc/krb5.conf",
|
|
|
6b17e9 |
- "/etc/krb5.keytab"])
|
|
|
6b17e9 |
+ self.add_copy_spec("/etc/krb5.conf")
|
|
|
6b17e9 |
+ self.add_cmd_output("klist -ket /etc/krb5.keytab")
|
|
|
6b17e9 |
|