commit c18486621d2df774f270f8bc1dc602d6487681aa
Author: Bryn M. Reeves <bmr@redhat.com>
Date: Thu Aug 1 16:43:43 2013 +0100
Split kerberos data collection into separate plug-in
The krb5 data collection in the samba plug-in is misplaced. Since
this is collecting information about the system keytab move it
to its own plug-in that can be activated on any kerberos enabled
system.
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
diff --git a/sos/plugins/krb5.py b/sos/plugins/krb5.py
new file mode 100644
index 0000000..d9dca89
--- /dev/null
+++ b/sos/plugins/krb5.py
@@ -0,0 +1,29 @@
+## Copyright (C) 2013 Red Hat, Inc., Bryn M. Reeves <bmr@redhat.com>
+
+### This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin
+
+class Krb5(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
+ """Kerberos related information
+ """
+ packages = ('krb5-libs', 'krb5-user')
+ plugin_name = 'krb5'
+
+ def setup(self):
+ self.add_copy_specs([
+ "/etc/krb5.conf",
+ "/etc/krb5.keytab"])
+
diff --git a/sos/plugins/samba.py b/sos/plugins/samba.py
index f3a44b7..f3dc862 100644
--- a/sos/plugins/samba.py
+++ b/sos/plugins/samba.py
@@ -14,9 +14,10 @@
from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin
-class Samba(Plugin):
+class Samba(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
"""Samba related information
"""
+ packages = ('samba-common',)
plugin_name = "samba"
def setup(self):
@@ -27,19 +28,3 @@ class Samba(Plugin):
self.add_cmd_output("wbinfo --domain='.' -u")
self.add_cmd_output("testparm -s -v")
-
-class RedHatSamba(Samba, RedHatPlugin):
- """Samba related information for RedHat based distributions
- """
- def setup(self):
- super(RedHatSamba, self).setup()
- # FIXME: krb5 specific
- self.add_copy_specs([
- "/etc/krb5.conf",
- "/etc/krb5.keytab"])
-
-class DebianSamba(Samba, DebianPlugin, UbuntuPlugin):
- """Samba related information for Debian based distributions
- """
- def setup(self):
- super(DebianSamba, self).setup()
commit 54eb134fb78a64782560df8f0aa2f5e51c6ae410
Author: Bryn M. Reeves <bmr@redhat.com>
Date: Thu Aug 1 16:48:19 2013 +0100
Do not collect krb5.keytab
Avoid collecting kerberos keytabs to prevent unintended
information disclosures. Instead retrieve a list using the klist
command.
Also remove the duplicative collection of this information from
the ipa plug-in (which should only be collecting non-system
keytabs that are specific to the IPA tools).
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py
index 3244f34..0061659 100644
--- a/sos/plugins/ipa.py
+++ b/sos/plugins/ipa.py
@@ -73,7 +73,6 @@ class Ipa(Plugin, RedHatPlugin):
self.add_cmd_output("klist -ket /etc/dirsrv/ds.keytab")
self.add_cmd_output("klist -ket /etc/httpd/conf/ipa.keytab")
- self.add_cmd_output("klist -ket /etc/krb5.keytab")
return
diff --git a/sos/plugins/krb5.py b/sos/plugins/krb5.py
index d9dca89..0d33094 100644
--- a/sos/plugins/krb5.py
+++ b/sos/plugins/krb5.py
@@ -23,7 +23,6 @@ class Krb5(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
plugin_name = 'krb5'
def setup(self):
- self.add_copy_specs([
- "/etc/krb5.conf",
- "/etc/krb5.keytab"])
+ self.add_copy_spec("/etc/krb5.conf")
+ self.add_cmd_output("klist -ket /etc/krb5.keytab")