HEX
Server: Apache/2.4.65 (Debian)
System: Linux kubikelcreative 5.10.0-35-amd64 #1 SMP Debian 5.10.237-1 (2025-05-19) x86_64
User: www-data (33)
PHP: 8.4.13
Disabled: NONE
$ pwd: /usr/lib/python3/dist-packages/cloudinit/__pycache__/
Upload Files
File: //usr/lib/python3/dist-packages/cloudinit/__pycache__/ssh_util.cpython-39.pyc
a

��`{5�@s�ddlZddlZddlmZddlmZe�e�ZdZ	dZ
dZdee�dZ
Gd	d
�d
e�ZGdd�de�Zd
d�Zdd�Zdd�Zdd�Ze	fdd�Zd%dd�ZGdd�de�Zdd�Zdd�Zdd �Ze	fd!d"�Zd#d$�ZdS)&�N)�log)�utilz/etc/ssh/sshd_config)Zdsa�rsaZecdsaZed25519z(ecdsa-sha2-nistp256-cert-v01@openssh.comzecdsa-sha2-nistp256z(ecdsa-sha2-nistp384-cert-v01@openssh.comzecdsa-sha2-nistp384z(ecdsa-sha2-nistp521-cert-v01@openssh.comzecdsa-sha2-nistp521z+sk-ecdsa-sha2-nistp256-cert-v01@openssh.comz"sk-ecdsa-sha2-nistp256@openssh.comz#sk-ssh-ed25519-cert-v01@openssh.comzsk-ssh-ed25519@openssh.comzssh-dss-cert-v01@openssh.comzssh-dssz ssh-ed25519-cert-v01@openssh.comzssh-ed25519zssh-rsa-cert-v01@openssh.comzssh-rsazssh-xmss-cert-v01@openssh.comzssh-xmss@openssh.com�z�no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10;exit �"c@s&eZdZddd�Zdd�Zdd�ZdS)	�AuthKeyLineNcCs"||_||_||_||_||_dS�N)�base64�comment�options�keytype�source)�selfr
rr	r
r�r�4/usr/lib/python3/dist-packages/cloudinit/ssh_util.py�__init__Es
zAuthKeyLine.__init__cCs|jo
|jSr)r	r�rrrr�validMszAuthKeyLine.validcCsdg}|jr|�|j�|jr(|�|j�|jr:|�|j�|jrL|�|j�|sV|jSd�|�SdS�N� )r�appendrr	r
r
�join)r�toksrrr�__str__PszAuthKeyLine.__str__)NNNN)�__name__�
__module__�__qualname__rrrrrrrrDs
�
rc@s"eZdZdZdd�Zddd�ZdS)�AuthKeyLineParsera�
    AUTHORIZED_KEYS FILE FORMAT
     AuthorizedKeysFile specifies the file containing public keys for public
     key authentication; if none is specified, the default is
     ~/.ssh/authorized_keys.  Each line of the file contains one key (empty
     (because of the size of the public key encoding) up to a limit of 8 kilo-
     bytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
     kilobits.  You don't want to type them in; instead, copy the
     identity.pub, id_dsa.pub, or the id_rsa.pub file and edit it.

     sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
     2 keys of 768 bits.

     The options (if present) consist of comma-separated option specifica-
     tions.  No spaces are permitted, except within double quotes.  The fol-
     lowing option specifications are supported (note that option keywords are
     case-insensitive):
    cCs�d}d}|t|�kr�|s$||dvr�||}|dt|�krF|d}q�||d}|dkrl|dkrl|d}n|dkrz|}|d}q|d|�}||d���}||fS)z�
        The options (if present) consist of comma-separated option specifica-
         tions.  No spaces are permitted, except within double quotes.
         Note that option keywords are case-insensitive.
        Fr)r�	��\rN)�len�lstrip)r�ent�quoted�iZcurcZnextcr�remainrrr�_extract_optionsts(�
�

z"AuthKeyLineParser._extract_optionsNcCs�|�d�}|�d�s |��dkr(t|�Sdd�}|��}z||�\}}}Wn^ty�|�|�\}	}
|durr|	}z||
�\}}}Wnty�t|�YYS0Yn0t|||||d�S)Nz
�#�cSs^|�dd�}t|�dkr(tdt|���|dtvrDtd|d��t|�dkrZ|�d�|S)N�zTo few fields: %srzInvalid keytype %sr))�splitr!�	TypeError�VALID_KEY_TYPESr)r#rrrr�
parse_ssh_key�s
z.AuthKeyLineParser.parse.<locals>.parse_ssh_key)rr	r
r)�rstrip�
startswith�striprr,r')rZsrc_liner�liner.r#rr	r
Zkeyoptsr&rrr�parse�s$
�zAuthKeyLineParser.parse)N)rrr�__doc__r'r3rrrrr`src
Cszg}t�}g}|D]b}z8tj�|�rLt�|���}|D]}|�|�|��q6Wqt	t
fyrt�td|�Yq0q|S)NzError reading lines from %s)
r�os�path�isfiler�	load_file�
splitlinesrr3�IOError�OSError�logexc�LOG)�fnames�lines�parser�contents�fnamer2rrr�parse_authorized_keys�srCcCs�tdd�|D��}tdt|��D]J}||}|��s6q |D]&}|j|jkr:|}||vr:|�|�q:|||<q |D]}|�|�qpdd�|D�}|�d�d�|�S)NcSsg|]}|��r|�qSr)r��.0�krrr�
<listcomp>��z*update_authorized_keys.<locals>.<listcomp>rcSsg|]}t|��qSr��str)rE�brrrrG�rHr)�
)�list�ranger!rr	�removerr)Zold_entries�keysZto_addr%r#rF�keyr?rrr�update_authorized_keys�s 

rRcCs4t�|�}|r|js td|��tj�|jd�|fS)Nz"Unable to get SSH info for user %rz.ssh)�pwd�getpwnam�pw_dir�RuntimeErrorr5r6r)�username�pw_entrrr�users_ssh_info�s

rYc	Cspd|fd|fdf}|sd}|��}g}|D]@}|D]\}}|�||�}q2|�d�s`tj�||�}|�|�q*|S)Nz%hz%u)z%%�%�%h/.ssh/authorized_keys�/)r+�replacer0r5r6rr)	�value�homedirrWZmacros�paths�renderedr6�macro�fieldrrr�render_authorizedkeysfile_paths�s
rdcCs�t|�\}}tj�|d�}g}tj|dd��fz"t|�}t|�dd�|j	|�}Wn2t
tfy�||d<t�t
dt|d�Yn0Wd�n1s�0Y|t|�fS)NZauthorized_keysT��	recursiveZauthorizedkeysfiler[rzhFailed extracting 'AuthorizedKeysFile' in SSH config from %r, using 'AuthorizedKeysFile' file %r instead)rYr5r6rr�SeLinuxGuard�parse_ssh_config_maprd�getrUr:r;r<r=�DEF_SSHD_CFGrC)rWZ
sshd_cfg_file�ssh_dirrXZdefault_authorizedkeys_fileZauth_key_fnsZssh_cfgrrr�extract_authorized_keys�s 
��(rlcCs�t|�\}}tj�|�s8tj|dd�t�||j|j�t	�}g}|D]}|�
|jt|�|d��qFt
|�\}}	tj|dd��Rt|	|�}
tjtj�|�dd�tj||
dd�t�||j|j�Wd�n1s�0YdS)Ni�)�mode)rTrei�)rYr5r6�isdirr�
ensure_dir�	chownbyid�pw_uid�pw_gidrrr3rJrlrgrR�dirname�
write_file)rPrWrrk�pwentr@Zkey_entriesrFZauth_key_fnZauth_key_entries�contentrrr�setup_user_keyss
rwc@s*eZdZddd�Zedd��Zdd�ZdS)	�SshdConfigLineNcCs||_||_||_dSr)r2�_keyr^)rr2rF�vrrrr)szSshdConfigLine.__init__cCs|jdurdS|j��Sr)ry�lowerrrrrrQ.s
zSshdConfigLine.keycCs>|jdurt|j�St|j�}|jr6|dt|j�7}|SdSr)ryrJr2r^)rrzrrrr5s


zSshdConfigLine.__str__)NN)rrrr�propertyrQrrrrrrx(s

rxcCs"tj�|�sgStt�|����Sr)r5r6r7�parse_ssh_config_linesrr8r9)rBrrr�parse_ssh_config?sr~c	Cs�g}|D]t}|��}|r"|�d�r2|�t|��qz|�dd�\}}Wn"tyh|�dd�\}}Yn0|�t|||��q|S)Nr(r�=)r1r0rrxr+�
ValueError)r?�retr2rQ�valrrrr}Esr}cCs6t|�}|siSi}|D]}|js$q|j||j<q|Sr)r~rQr^)rBr?r�r2rrrrhXsrhcCsHt|�}t||d�}|r<tj|d�dd�|D��ddd�t|�dkS)z�Read fname, and update if changes are necessary.

    @param updates: dictionary of desired values {Option: value}
    @return: boolean indicating if an update was done.)r?�updatesrLcSsg|]}t|��qSrrI)rEr2rrrrGnrHz%update_ssh_config.<locals>.<listcomp>T)�
preserve_moder)r~�update_ssh_config_linesrrtrr!)r�rBr?�changedrrr�update_ssh_configds���r�c	Cst�}g}tdd�|��D��}t|dd�D]v\}}|js<q,|j|vr,||j}||}|�|�|j|kr~t�d|||�q,|�	|�t�d|||j|�||_q,t
|�t
|�k�r|��D]B\}}||vr�q�|�	|�|�	td||��t�dt
|�||�q�|S)	z�Update the SSH config lines per updates.

    @param lines: array of SshdConfigLine.  This array is updated in place.
    @param updates: dictionary of desired values {Option: value}
    @return: A list of keys in updates that were changed.cSsg|]}|��|f�qSr)r{rDrrrrG}rHz+update_ssh_config_lines.<locals>.<listcomp>r)�startz$line %d: option %s already set to %sz#line %d: option %s updated %s -> %sr)z line %d: option %s added with %s)
�set�dictrP�	enumeraterQ�addr^r=�debugrr!�itemsrx)	r?r��foundr�Zcasemapr%r2rQr^rrrr�ss:



�
�

�r�)N)r5rS�	cloudinitr�loggingr�	getLoggerrr=rjr-Z_DISABLE_USER_SSH_EXITrJ�DISABLE_USER_OPTS�objectrrrCrRrYrdrlrwrxr~r}rhr�r�rrrr�<module>	s6
���U

@ Telegram