[postfix] Exclude password files

Changed to sosreport exclude files set by following options. - `lmtp_sasl_password_maps` - `smtp_sasl_password_maps` - `postscreen_dnsbl_reply_map` - `smtp_sasl_auth_cache_name` Resolvs : #3073 Signed-off-by: Iwao Miyake <miyake.iwao@fujitsu.com>
author: Iwao Miyake <miyake.iwao@fujitsu.com> 2022-11-22 09:14:35 +0900
committer: Jake Hunsaker <jhunsake@redhat.com> 2022-11-30 13:25:31 -0500
commit: 54f3e7e0279029cfe980dd92baf64def7bb7cb36 (patch)
tree: 06265e4457d1b0792e110436b42a37d13e4edd70
parent: 532e33506c8aec7c0cc7cf2a3c26a2cb601db9c6 (diff)
download: sos-54f3e7e0279029cfe980dd92baf64def7bb7cb36.tar.gz
1 files changed, 39 insertions, 0 deletions
diff --git a/sos/report/plugins/postfix.py b/sos/report/plugins/postfix.py
index 3ca0c4ad..0cef0cd5 100644
--- a/sos/report/plugins/postfix.py
+++ b/sos/report/plugins/postfix.py
@@ -8,6 +8,8 @@
 
 from sos.report.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin
 
+import re
+
 
 class Postfix(Plugin):
 
@@ -52,6 +54,42 @@ class Postfix(Plugin):
         finally:
             return fp
 
+    def forbidden_password_files(self):
+        forbid_attributes = (
+            "lmtp_sasl_password_maps",
+            "smtp_sasl_password_maps",
+            "postscreen_dnsbl_reply_map",
+            "smtp_sasl_auth_cache_name",
+        )
+        fp = []
+        prefix = 'hash:'
+        option_format = re.compile(r"^(.*)=(.*)")
+        try:
+            with open(self.path_join('/etc/postfix/main.cf'), 'r') as cffile:
+                for line in cffile.readlines():
+                    # ignore comment and check option format
+                    line = re.sub('#.*', '', line)
+                    option = option_format.match(line)
+                    if option is None:
+                        continue
+
+                    # sieving
+                    attribute = option.group(1).strip()
+                    if attribute in forbid_attributes:
+                        filepath = option.group(2).strip()
+                        # ignore no filepath
+                        if len(filepath) == 0:
+                            continue
+                        # remove prefix
+                        if filepath.startswith(prefix):
+                            filepath = filepath[len(prefix):]
+                        fp.append(filepath)
+        except Exception as e:
+            # error log
+            msg = f"Error parsing main.cf: {e.args[0]}"
+            self._log_error(msg)
+        return fp
+
     def setup(self):
         self.add_copy_spec([
             "/etc/postfix/",
@@ -67,6 +105,7 @@ class Postfix(Plugin):
             "/etc/postfix/ssl/",
         ])
         self.add_forbidden_path(self.forbidden_ssl_keys_files())
+        self.add_forbidden_path(self.forbidden_password_files())
 
 
 class RedHatPostfix(Postfix, RedHatPlugin):
author	Iwao Miyake <miyake.iwao@fujitsu.com>	2022-11-22 09:14:35 +0900
committer	Jake Hunsaker <jhunsake@redhat.com>	2022-11-30 13:25:31 -0500
commit	54f3e7e0279029cfe980dd92baf64def7bb7cb36 (patch)
tree	06265e4457d1b0792e110436b42a37d13e4edd70
parent	532e33506c8aec7c0cc7cf2a3c26a2cb601db9c6 (diff)
download	sos-54f3e7e0279029cfe980dd92baf64def7bb7cb36.tar.gz