PNG  IHDR* pHYs+ IDATx]n#; cdLb Ǚ[at¤_:uP}>!Usă cag޿ ֵNu`ݼTâabO7uL&y^wFٝA"l[|ŲHLN밪4*sG3|Dv}?+y߉{OuOAt4Jj.u]Gz*҉sP'VQKbA1u\`& Af;HWj hsO;ogTu uj7S3/QzUr&wS`M$X_L7r2;aE+ώ%vikDA:dR+%KzƉo>eOth$z%: :{WwaQ:wz%4foɹE[9<]#ERINƻv溂E%P1i01 |Jvҗ&{b?9g=^wζXn/lK::90KwrюO\!ջ3uzuGv^;騢wq<Iatv09:tt~hEG`v;3@MNZD.1]L:{ծI3`L(÷ba")Y.iljCɄae#I"1 `3*Bdz>j<fU40⨬%O$3cGt]j%Fߠ_twJ;ABU8vP3uEԑwQ V:h%))LfraqX-ۿX]v-\9I gl8tzX ]ecm)-cgʒ#Uw=Wlێn(0hPP/ӨtQ“&J35 $=]r1{tLuǮ*i0_;NƝ8;-vݏr8+U-kruȕYr0RnC]*ެ(M:]gE;{]tg(#ZJ9y>utRDRMdr9㪩̞zֹb<ģ&wzJM"iI( .ꮅX)Qw:9,i좜\Ԛi7&N0:asϓc];=ΗOӣ APqz93 y $)A*kVHZwBƺnWNaby>XMN*45~ղM6Nvm;A=jֲ.~1}(9`KJ/V F9[=`~[;sRuk]rєT!)iQO)Y$V ی ۤmzWz5IM Zb )ˆC`6 rRa}qNmUfDsWuˤV{ Pݝ'=Kֳbg,UҘVz2ﴻnjNgBb{? ߮tcsͻQuxVCIY۠:(V뺕 ٥2;t`@Fo{Z9`;]wMzU~%UA蛚dI vGq\r82iu +St`cR.6U/M9IENDB`#!/usr/local/cpanel/3rdparty/bin/perl # cpanel - scripts/updatesupportauthorizations Copyright 2022 cPanel, L.L.C. # All rights reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited use strict; use Cpanel::SSH (); use Cpanel::Sys::Escalate (); use Whostmgr::ACLS (); use Whostmgr::TicketSupport::DataStore (); # verify we're root # die 'You must run this script as root!' if $> != 0; # we need to override these for this to work # sub hasfeature { return 1; } no warnings 'redefine'; local *Whostmgr::ACLS::hasroot = sub { return 1; }; # load and seed the storable with a sane list of users # my $ds = Whostmgr::TicketSupport::DataStore->new(); print "Enumerating all the su and sudo users on the system...\n"; # figure out all the users to search (THIS IS VERY INEFFECIENT BECAUSE USERS MUST BE IN-ORDER!!!) # my @users = ('root'); { my $sudo_users = Cpanel::Sys::Escalate::get_list_of_sudo_users(); push @users, grep { my $sudo_user = $_; !grep { $_ eq $sudo_user } @users } @{$sudo_users}; } { my $su_users = Cpanel::Sys::Escalate::get_list_of_su_users(); push @users, grep { my $su_user = $_; !grep { $_ eq $su_user } @users } @{$su_users}; } print "Scanning home directories for recognized cPanel Support SSH public keys...\n"; # enumerate and rebuild the cached list of users # my ( %checked_homedirs, @users_detected ); foreach my $user (@users) { # prevent checking duplicate users # my $user_homedir = Cpanel::SSH::_getsshdir( $user, { skip_create => 1 } ); next if !$user_homedir || defined $checked_homedirs{$user_homedir} || !-d $user_homedir; $checked_homedirs{$user_homedir} = 1; # find all relevant keys # my ( $keys, $warnings ) = Cpanel::SSH::_listkeys( 'user' => $user, 'private' => 0, 'public' => 1 ); foreach my $key ( @{$keys} ) { # make sure we can parse the key text # next if $key->{'text'} !~ m/\s+(\w{3,64})_server_(\w{1,64})\@cpanel.net_\d+/; # add to our list... # push @users_detected, $user; # we only need one key match # last; } } print "Writing out the support authorizations users cache...\n"; # ONLY update the list of users # $ds->set( 'users', \@users_detected ); # write and we're done # $ds->cleanup(); print "Done!\n";