403Webshell
Server IP : 172.64.80.1  /  Your IP : 216.73.216.175
Web Server : LiteSpeed
System : Linux srv13.swhc.ca 4.18.0-553.126.2.lve.el8.x86_64 #1 SMP Thu May 28 14:12:30 UTC 2026 x86_64
User : hongluck ( 2522)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /lib/python3.6/site-packages/sos/report/plugins/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /lib/python3.6/site-packages/sos/report/plugins/subscription_manager.py
# This file is part of the sos project: https://github.com/sosreport/sos
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# version 2 of the GNU General Public License.
#
# See the LICENSE file in the source distribution for further information.

from configparser import NoOptionError, NoSectionError
import glob
from os import remove
from sos.report.plugins import Plugin, RedHatPlugin
from sos.utilities import sos_parse_version


class SubscriptionManager(Plugin, RedHatPlugin):

    short_desc = 'subscription-manager information'

    plugin_name = 'subscription_manager'
    profiles = ('system', 'packagemanager', 'sysmgmt')

    files = ('/etc/rhsm/rhsm.conf',)
    packages = ('subscription-manager',)

    curl_config = 'rhsm_curl_cfg'

    def get_proxy_string(self, config):
        """ return curl options --proxy[-user] per RHSM config """
        proxy = ""
        proxy_hostname = config.get('server', 'proxy_hostname')
        if proxy_hostname:
            proxy_scheme = config.get('server', 'proxy_scheme')
            proxy_port = config.get('server', 'proxy_port')
            if proxy_port:
                proxy_port = ":" + proxy_port
            proxy = f"--proxy {proxy_scheme}://{proxy_hostname}{proxy_port}"
        proxy_user = config.get('server', 'proxy_user')
        if proxy and proxy_user:
            proxy_pass = config.get('server', 'proxy_password')
            if proxy_pass:
                self._curl_cfg_fname = self.archive.dest_path(self.curl_config)
                with open(self._curl_cfg_fname, 'w', encoding='utf-8') as _f:
                    _f.write(
                        f"--proxy-user {proxy_user}:{proxy_pass}"
                    )  # codeql[py/clear-text-storage-sensitive-data]
                proxy += f" --config {self._curl_cfg_fname}"
            else:
                proxy += f" --proxy-user {proxy_user}"
        return proxy

    def get_server_url(self, config):
        """ return URL per RHSM config for curl command """
        secure = "s" if config.get('server', 'insecure') != '1' else ""
        port = config.get('server', 'port')
        # if port is set, prepend it by ':' separating it from hostname
        if len(port) > 0:
            port = ":" + port
        return (f"http{secure}://{config.get('server', 'hostname')}{port}"
                f"{config.get('server', 'prefix')}")

    def setup(self):
        # rhsm config and logs
        self.add_copy_spec([
            "/etc/rhsm/",
            "/var/lib/rhsm/",
            "/var/log/rhsm/rhsm.log",
            "/var/log/rhsm/rhsmcertd.log"])
        self.add_cmd_output("subscription-manager identity",
                            tags="subscription_manager_id")
        self.add_cmd_output("subscription-manager list --installed",
                            tags="subscription_manager_installed")
        self.add_cmd_output([
            "subscription-manager release --show",
            "subscription-manager release --list",
            "syspurpose show",
            "subscription-manager syspurpose --show",
            "subscription-manager status",
            "subscription-manager facts",
        ], cmd_as_tag=True)
        # Deprecated options in RHEL 10, that throw errors when run
        smpkg = self.policy.package_manager.pkg_by_name('subscription-manager')
        if smpkg is not None:
            sm_version = '.'.join(smpkg['version'])
            if sos_parse_version(sm_version) < sos_parse_version('1.30.3-1'):
                self.add_cmd_output([
                                "subscription-manager list --available",
                                "subscription-manager list --all --available",
                                "subscription-manager list --consumed",
                ], cmd_as_tag=True)
        self.add_cmd_output("rhsm-debug system --sos --no-archive "
                            "--no-subscriptions --destination "
                            f"{self.get_cmd_output_path()}")

        certs = glob.glob('/etc/pki/product-default/*.pem')
        self.add_cmd_output([f"rct cat-cert {cert}" for cert in certs],
                            tags='subscription_manager_installed_product_ids')

        # try curl to the RHSM server for potential certificate/proxy issue
        curlcmd = "curl -vv --cacert /etc/rhsm/ca/redhat-uep.pem " \
                  "https://subscription.rhsm.redhat.com:443/subscription"
        env = None  # for no_proxy
        self._curl_cfg_fname = None
        try:
            from rhsm.config import get_config_parser  # pylint: disable=C0415
            config = get_config_parser()
            proxy = self.get_proxy_string(config)
            server_url = self.get_server_url(config)
            curlcmd = (f"curl -vv {server_url} --cacert "
                       f"{config.get('rhsm', 'repo_ca_cert')} {proxy}")
            # honour os.environ no_proxy, if set
            no_proxy = config.get('server', 'no_proxy')
            if no_proxy:
                env = {'NO_PROXY': no_proxy}
        except (ModuleNotFoundError, ImportError, NoOptionError,
                NoSectionError) as err:
            self._log_debug(f"Error checking for RHSM cert/proxy issue: {err}")
        self.add_cmd_output(curlcmd, env=env, timeout=30)

    def postproc(self):
        passwdreg = r"(proxy_password(\s)*=(\s)*)(\S+)\n"
        repl = r"\1********\n"
        self.do_path_regex_sub("/etc/rhsm/rhsm.conf", passwdreg, repl)
        # Scrub passwords in repositories
        # Example of scrubbing:
        #
        #   password=hackme
        # To:
        #   password=********
        #
        # Whitespace around '=' is allowed.
        regexp = r"(password(\s)*=(\s)*)(\S+)\n"
        repl = r"\1********\n"
        self.do_path_regex_sub("/var/lib/rhsm/repo_server_val/*", regexp, repl)
        # if curl used config file to hide proxy password, remove the file
        if self._curl_cfg_fname:
            remove(self._curl_cfg_fname)
        # Remove proxy information from curl command
        http_proxy_regexp = r"(http(s)?://)\S+:\S+(@.*)"
        http_proxy_repl = r"\1******:******\3"
        self.do_cmd_output_sub('*curl*', http_proxy_regexp, http_proxy_repl)

# vim: et ts=4 sw=4

Youez - 2016 - github.com/yon3zu
LinuXploit