shell bypass 403

Cubjrnet7 Shell

: /lib/python3.9/site-packages/cloudinit/__pycache__/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : ssh_util.cpython-39.pyc
a

puh�X�@slddlZddlZddlZddlmZddlmZmZmZddl	m
Z
mZmZe�
e�ZdZdZdZdee�d	ZGd
d�d�ZGdd
�d
�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zefdd�Zd7dd�ZGdd�d�Zeed �d!d"�Z eed �d#d$�Z!d%d&�Z"ee#d'�d(d)�Z$d*d+�Z%efd,d-�Z&d.d/�Z'efeeeefd0�d1d2�Z(d3d4�Z)d5d6�Z*dS)8�N)�suppress)�List�Sequence�Tuple)�	lifecycle�subp�utilz/etc/ssh/sshd_config)ZrsaZecdsaZed25519z([email protected]ecdsa-sha2-nistp256z([email protected]ecdsa-sha2-nistp384z([email protected]ecdsa-sha2-nistp521z+sk-ecdsa-sha2-nistp256-cert-v01@openssh.comz"[email protected]#[email protected][email protected] [email protected]ssh-ed25519z[email protected]ssh-rsaz[email protected][email protected]�z�no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10;exit �"c@s&eZdZddd�Zdd�Zdd�ZdS)	�AuthKeyLineNcCs"||_||_||_||_||_dS�N)�base64�comment�options�keytype�source)�selfrrr
rr�r�6/usr/lib/python3.9/site-packages/cloudinit/ssh_util.py�__init__Es
zAuthKeyLine.__init__cCs|jo
|jSr)r
r�rrrr�validNszAuthKeyLine.validcCsdg}|jr|�|j�|jr(|�|j�|jr:|�|j�|jrL|�|j�|sV|jSd�|�SdS�N� )r�appendrr
rr�join)r�toksrrr�__str__QszAuthKeyLine.__str__)NNNN)�__name__�
__module__�__qualname__rrrrrrrrDs�
	rc@s"eZdZdZdd�Zddd�ZdS)�AuthKeyLineParserau
    AUTHORIZED_KEYS FILE FORMAT
     AuthorizedKeysFile specifies the file containing public keys for public
     key authentication; if none is specified, the default is
     ~/.ssh/authorized_keys.  Each line of the file contains one key (empty
     (because of the size of the public key encoding) up to a limit of 8 kilo-
     bytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
     kilobits.  You don't want to type them in; instead, copy the
     identity.pub or the id_rsa.pub file and edit it.

     sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
     2 keys of 768 bits.

     The options (if present) consist of comma-separated option specifica-
     tions.  No spaces are permitted, except within double quotes.  The fol-
     lowing option specifications are supported (note that option keywords are
     case-insensitive):
    cCs�d}d}|t|�kr�|s$||dvr�||}|dt|�krF|d}q�||d}|dkrl|dkrl|d}n|dkrz|}|d}q|d|�}||d���}||fS)z�
        The options (if present) consist of comma-separated option specifica-
         tions.  No spaces are permitted, except within double quotes.
         Note that option keywords are case-insensitive.
        Fr)r�	��\r
N)�len�lstrip)r�entZquoted�iZcurcZnextcr�remainrrr�_extract_optionsus 

z"AuthKeyLineParser._extract_optionsNcCs�|�d�}|�d�s |��dkr(t|�Sdd�}|��}z||�\}}}Wn^ty�|�|�\}	}
|durr|	}z||
�\}}}Wnty�t|�YYS0Yn0t|||||d�S)Nz
�#�cSs^|�dd�}t|�dkr(tdt|���|dtvrDtd|d��t|�dkrZ|�d�|S)N�zTo few fields: %srzInvalid keytype %sr,)�splitr%�	TypeError�VALID_KEY_TYPESr)r'rrrr�
parse_ssh_key�s
z.AuthKeyLineParser.parse.<locals>.parse_ssh_key)rr
rr)�rstrip�
startswith�striprr/r*)rZsrc_liner�liner1r'rr
rZkeyoptsr)rrr�parse�s,
�zAuthKeyLineParser.parse)N)rrr �__doc__r*r6rrrrr!asr!c
Cszg}t�}g}|D]b}z8tj�|�rLt�|���}|D]}|�|�|��q6Wqt	t
fyrt�td|�Yq0q|S)NzError reading lines from %s)
r!�os�path�isfiler�load_text_file�
splitlinesrr6�IOError�OSError�logexc�LOG)�fnames�lines�parser�contents�fnamer5rrr�parse_authorized_keys�srFcCs�tdd�|D��}tt|��D]J}||}|��s4q|D]&}|j|jkr8|}||vr8|�|�q8|||<q|D]}|�|�qndd�|D�}|�d�d�|�S)NcSsg|]}|��r|�qSr)r��.0�krrr�
<listcomp>��z*update_authorized_keys.<locals>.<listcomp>cSsg|]}t|��qSr��str)rH�brrrrJ�rKr,�
)�list�ranger%rr
�removerr)Zold_entries�keysZto_addr(r'rI�keyrBrrr�update_authorized_keys�s 

rUcCs4t�|�}|r|js td|��tj�|jd�|fS)Nz"Unable to get SSH info for user %rz.ssh)�pwd�getpwnam�pw_dir�RuntimeErrorr8r9r)�username�pw_entrrr�users_ssh_info�s

r\c	Cspd|fd|fdf}|sd}|��}g}|D]@}|D]\}}|�||�}q2|�d�s`tj�||�}|�|�q*|S)N�%h�%u)z%%�%�%h/.ssh/authorized_keys�/)r.�replacer3r8r9rr)	�value�homedirrZZmacros�pathsZrenderedr9ZmacroZfieldrrr�render_authorizedkeysfile_paths�s
rfc
Cs�d}|rd}t�|�}|r@||kr@|dkr@t�d||||�dSt�|�}||kr\|dM}n.t�|�}t�|�}	||	vr�|dM}n|dM}||@d	kr�t�d
|||�dS|r�|d@d	kr�t�d||�dSd
S)aVCheck if the file/folder in @current_path has the right permissions.

    We need to check that:
    1. If StrictMode is enabled, the owner is either root or the user
    2. the user can access the file/folder, otherwise ssh won't use it
    3. If StrictMode is enabled, no write permission is given to group
       and world users (022)
    i�i��rootzXPath %s in %s must be own by user %s or by root, but instead is own by %s. Ignoring key.F��8�rzBPath %s in %s must be accessible by user %s, check its permissions�zRPath %s in %s must not give writepermission to group or world users. Ignoring key.T)rZ	get_ownerr@�debugZget_permissionsZ	get_groupZget_user_groups)
rZZcurrent_path�	full_path�is_file�strictmodesZminimal_permissions�ownerZparent_permissionZgroup_ownerZuser_groupsrrr�check_permissionssJ
�




��rqc
Cst|�d}td�d}�z�|�d�dd�}d}tj�|j�}|D�]}|d|7}tj�|�rvt�d|�WdStj�	|�r�t�d|�WdS|�
|�sD||jkr�qDtj�|��s0t�
|��Zd	}	|j}
|j}|�
|j�r�d
}	|j}
|j}tj||	dd�t�||
|�Wd�n1�s&0Yt|||d|�}|sDWdSqDtj�|��sjtj�|��r|t�d
|�WdStj�|��s�tj|dddd�t�||j|j�t|||d|�}|�s�WdSWn<ttf�y}
zt�tt|
��WYd}
~
dSd}
~
00dS)Nr#rgra���r,z-Invalid directory. Symlink exists in path: %sFz*Invalid directory. File exists in path: %s��rhT)�mode�exist_okz%s is not a file!�)rtZensure_dir_exists)r\r.r8r9�dirnamerX�islinkr@rlr:r3�existsr�SeLinuxGuard�pw_uid�pw_gid�makedirsZ	chownbyidrq�isdir�
write_filer=r>r?rM)rZ�filenameroZ
user_pwentZ
root_pwentZdirectoriesZ
parent_folderZhome_folderZ	directoryrt�uid�gidZpermissions�errr�check_create_pathGsn
����.
�

�
r�c
Cs4t|�\}}tj�|d�}|}g}tj|dd��vz2t|�}|�dd�}|�dd�}	t||j	|�}Wn2t
tfy�||d<t�t
d	t|d�Yn0Wd�n1s�0Yt|��|�D]J\}
}td
|
vd|
v|�d�|j	��g�r�t|||	dk�}|r�|}�qq�||k�r&t
�d
|�|t|g�fS)NZauthorized_keysT��	recursiveZauthorizedkeysfiler`roZyesrzhFailed extracting 'AuthorizedKeysFile' in SSH config from %r, using 'AuthorizedKeysFile' file %r insteadr^r]z{}/zAAuthorizedKeysFile has an user-specific authorized_keys, using %s)r\r8r9rrrz�parse_ssh_config_map�getrfrXr=r>r?r@�DEF_SSHD_CFG�zipr.�anyr3�formatr�rlrF)
rZZ
sshd_cfg_file�ssh_dirr[Zdefault_authorizedkeys_fileZuser_authorizedkeys_fileZauth_key_fnsZssh_cfgZ	key_pathsroZkey_path�auth_key_fnZpermissions_okrrr�extract_authorized_keys�sV���(
��
�
��r�c
Cs�t�}g}|D]}|�|jt|�|d��qt|�\}}tj�|�}tj	|dd��*t
||�}	tj||	dd�Wd�n1s�0YdS)N)rTr���
preserve_mode)r!rr6rMr�r8r9rwrrzrUr)
rSrZrrCZkey_entriesrIr�Zauth_key_entriesr��contentrrr�setup_user_keys�s
r�c@s*eZdZddd�Zedd��Zdd�ZdS)	�SshdConfigLineNcCs||_||_||_dSr)r5�_keyrc)rr5rI�vrrrr�szSshdConfigLine.__init__cCs|jdurdS|j��Sr)r��lowerrrrrrT�s
zSshdConfigLine.keycCs>|jdurt|j�St|j�}|jr6|dt|j�7}|SdSr)r�rMr5rc)rr�rrrr�s


zSshdConfigLine.__str__)NN)rrr r�propertyrTrrrrrr��s

r�)�returncCs"tj�|�sgStt�|����Sr)r8r9r:�parse_ssh_config_linesrr;r<�rErrr�parse_ssh_config�sr�cCs�g}|D]�}|��}|r"|�d�r2|�t|��qz|�dd�\}}WnLty�z|�dd�\}}Wn$ty�t�d|�YYqYn0Yn0|�t|||��q|S)Nr+r#�=z;sshd_config: option "%s" has no key/value pair, skipping it)r4r3rr�r.�
ValueErrorr@rl)rB�retr5rT�valrrrr��s&�r�cCs6t|�}|siSi}|D]}|js$q|j||j<q|Sr)r�rTrc)rErBr�r5rrrr�sr�)rEr�cCs@tj�|�sdSt�|���D]}|�d|�d��rdSqdS)NFzInclude z	.d/*.confT)r8r9r:rr;r<r3)rEr5rrr�_includes_dconf"sr�cCs^t|�rZtj�|�d��s.tj|�d�dd�tj�|�d�d�}tj�|�sZt�|d�|S)Nz.drs)rtz50-cloud-init.confrv)	r�r8r9r~rZ
ensure_dirrr:Zensure_filer�rrr�"_ensure_cloud_init_ssh_config_file+sr�cCsPt|�}t|�}t||d�}|rDtj|d�dd�|D��ddd�t|�dkS)z�Read fname, and update if changes are necessary.

    @param updates: dictionary of desired values {Option: value}
    @return: boolean indicating if an update was done.)rB�updatesrOcSsg|]}t|��qSrrL)rHr5rrrrJArKz%update_ssh_config.<locals>.<listcomp>Tr�r)r�r��update_ssh_config_linesrrrr%)r�rErB�changedrrr�update_ssh_config6s�r�c	Cst�}g}tdd�|��D��}t|dd�D]v\}}|js<q,|j|vr,||j}||}|�|�|j|kr~t�d|||�q,|�	|�t�d|||j|�||_q,t
|�t
|�k�r|��D]B\}}||vr�q�|�	|�|�	td||��t�dt
|�||�q�|S)	z�Update the SSH config lines per updates.

    @param lines: array of SshdConfigLine.  This array is updated in place.
    @param updates: dictionary of desired values {Option: value}
    @return: A list of keys in updates that were changed.cSsg|]}|��|f�qSr)r�rGrrrrJQrKz+update_ssh_config_lines.<locals>.<listcomp>r#)�startz$line %d: option %s already set to %sz#line %d: option %s updated %s -> %sr,z line %d: option %s added with %s)
�set�dictrS�	enumeraterT�addrcr@rlrr%�itemsr�)	rBr��foundr�Zcasemapr(r5rTrcrrrr�GsB



�
�
�r�)rBcCs>|sdSt|�}dd�|D�}tj|d�|�dddd�dS)Ncss |]\}}|�d|��VqdS)rNr)rHrIr�rrr�	<genexpr>yrKz$append_ssh_config.<locals>.<genexpr>rO�abT)Zomoder�)r�rrr)rBrEr�rrr�append_ssh_configus�r�cCs�d}ttj��*tjddgddgd�\}}Wd�n1s>0Yd}|�d	�D](}|�|�rV|t|�|�d
��SqVdS)z�Get the full version of the OpenSSH sshd daemon on the system.

    On an ubuntu system, this would look something like:
    1.2p1 Ubuntu-1ubuntu0.1

    If we can't find `sshd` or parse the version number, return None.
    r,Zsshdz-Vrr#)ZrcsNZOpenSSH_rO�,)rrZProcessExecutionErrorr.r3r%�find)�err�_�prefixr5rrr�get_opensshd_version�s
8
r�c	Cs�d}t�}|durtj�|�Sd|vr:|d|�d��}n d|vrV|d|�d��}n|}ztj�|�}|WSttfy�t�d|�Yn0dS)z�Get the upstream version of the OpenSSH sshd daemon on the system.

    This will NOT include the portable number, so if the Ubuntu version looks
    like `1.2p1 Ubuntu-1ubuntu0.1`, then this function would return
    `1.2`
    z9.0N�prz Could not parse sshd version: %s)	r�rZVersionZfrom_strr�r�r/r@Zwarning)Zupstream_versionZfull_versionrrr�get_opensshd_upstream_version�sr�)N)+Zloggingr8rV�
contextlibr�typingrrrZ	cloudinitrrrZ	getLoggerrr@r�r0Z_DISABLE_USER_SSH_EXITrMZDISABLE_USER_OPTSrr!rFrUr\rfrqr�r�r�r�r�r�r��boolr�r�r�r�r�r�r�rrrr�<module>	sH
���YEO9
	.


© 2025 Cubjrnet7