7}OdFdZddlZddlZddlmZddlmZddlmZddl m Z m Z ddl m Z mZddlmZmZejeZGd d e ZdS) zgPAM module management plugin. Changes PAM module state (enabled/disabled) to match imunify360 config. N)config) SystemConfig) MessageType) MessageSinkexpect)recurring_checksafe_cancel_task)ossecpamcneZdZdZejddZejddZejddZejddZ dZ dd Z dd Z dd Z d ejdedefdZdZeddZeedZeejdejfdZd S) PAMManageriPAMenableexim_dovecot_protectionexim_dovecot_nativeftp_protectioncRg|_tj|_d|_dSN)_tasksasyncioEvent_status_check_required_loopselfs N/opt/imunify360/venv/lib/python3.11/site-packages/im360/plugins/pam_manager.py__init__zPAMManager.__init__s" &-moo# returnNcK||_|j|||j||dSr)rrappend create_task_status_checker_initiate_status_check)rloops r create_sinkzPAMManager.create_sink ss  4++D,@,@,B,BCCDDD 4++D,G,G,I,IJJKKKKKrcLK|jD]}|t|d{VdSr)rr )rtasks rshutdownzPAMManager.shutdown%sHK - -D&t,,,,,,,,, - -rcKtjd{V}||jstjjn(|jstjjntjj|d{V| |j |tj j d{V| |j |tj jd{Vttjd{V}|tj j|tj jcxkrtjjkrnntjjntjj|t*j<|tj j=|tj j= t+j|d{VdS#t*j$r&}t2d|Yd}~dSd}~wwxYw)N)desired_dovecot_status pam_statusz(Failed to update OSSEC configuration: %s)r get_status_ensure_status_for_dovecot_DOVECOT_PROTECTION_ENABLED DovecotStatusDISABLED_DOVECOT_NATIVE_ENABLEDrNATIVE_ensure_status_for_service _FTP_ENABLED PamServiceFTP _SSHD_ENABLEDSSHDdictDOVECOT_NATIVE DOVECOT_PAMPamServiceStatusValuedisabledenabledr DOVECOTconfigure_for_pamOssecRulesErrorloggererror)rstatusexcs r_ensure_statuszPAMManager._ensure_status*s`~''''''''--3$*3#4#=#=/*"&&") .         --  vs~'9         --  (;         CN,,,,,,,,--cn34cn012222(122222  % . .*2 u} 3>0 1 3>- . J)&11 1 1 1 1 1 1 1 1 1$ J J J LLCS I I I I I I I I I JsF99G.G))G.r+r,cK|tjjur|tjj|tjjcxkrtjjksEntjtjjd{Vt dn|tjj ur|tjjtjj krG|tjjtjj krt d|ntjj}tj|d{Vt d|dS|tjjur|tjjtjj krF|tjjtjj krt d|nRtjj}tj|d{Vt d|dSJddS) zEnsure pam status corresponds to the desired dovecot status. Special handling for 3 states. Return whether pam/native modules were enabled. Nz(PAM module has been disabled for dovecotz=Unexpected PAM state: both pam/native are enabled. Status: %s"PAM module has been enabled for %sTrz can't happenF)r r0r1r6r;r<r=r>disablerCinforr?rDrr3)rr+r, pam_services rr.z%PAMManager._ensure_status_for_dovecotNs+ "S%6%? ? ?3>89cn896666,56666 k#."?@@@@@@@@@ FGGG #s'8'< < <3>56,455s~<=0899LL&" "n8 j--------- @+NNNt #s'8'? ? ?3>89,455s~9:0899LL&" "n; j--------- @+NNNt $n $ $1urcFK|rtjjntjj}|||krn|r7tj|d{Vt d|dStj|d{Vt d|dS)NrITz#PAM module has been disabled for %sF)r r=r?r>rrCrKrJ)rshould_be_enabledrErLexpected_service_statuss rr4z%PAMManager._ensure_status_for_services ! 4C % - -*3 #f[&9 9 9  j--------- @+NNNt+k** * * * * * * * KK={ K K KurrcK|jd{V|j|d{VdSr)rwaitclearrGrs rr#zPAMManager._status_checkersl)..000000000 #))+++!!###########rc<K|jdSr)rsetrs rr$z!PAMManager._initiate_status_checks! #'')))))rmessagecvKt|dtr|jdSdS)Nconf) isinstancerrrT)rrUs ron_config_updatezPAMManager.on_config_updatesA gfo| 4 4 .  ' + + - - - - - . .r)rN)__name__ __module__ __qualname___CONFIG_PERIODIC_CHECKr FromConfigr8r/r2r5rr&r)rGr r0r:boolr.r4rr#r$rr ConfigUpdaterYrrr r s!%F%eX66M"3&"3 (##0f/7LMM$6$U,<==L LLLL ---- "J"J"J"JH=&)&7=EI= ====~"_Q$$$ _+,,**-,* VK $%%.k.F...&%...rr )__doc__rloggingdefence360agent.contractsr defence360agent.contracts.configr"defence360agent.contracts.messagesr!defence360agent.contracts.pluginsrrdefence360agent.utilsrr im360.subsysr r getLoggerrZrCr rarrrks,,,,,,999999::::::AAAAAAAACCCCCCCC########  8 $ $Y.Y.Y.Y.Y.Y.Y.Y.Y.Y.r