dissect.target 3.19.dev12__py3-none-any.whl → 3.19.dev13__py3-none-any.whl

dissect/target/plugins/os/unix/_os.py

@@ -40,12 +40,18 @@ class UnixPlugin(OSPlugin):
     @export(record=UnixUserRecord)
     @arg("--sessions", action="store_true", help="Parse syslog for recent user sessions")
     def users(self, sessions: bool = False) -> Iterator[UnixUserRecord]:
-        """Recover users from /etc/passwd, /etc/master.passwd or /var/log/syslog session logins."""
+        """Yield unix user records from passwd files or syslog session logins.
+
+        Resources:
+            - https://manpages.ubuntu.com/manpages/oracular/en/man5/passwd.5.html
+        """
+
+        PASSWD_FILES = ["/etc/passwd", "/etc/passwd-", "/etc/master.passwd"]
 
         seen_users = set()
 
         # Yield users found in passwd files.
-        for passwd_file in ["/etc/passwd", "/etc/master.passwd"]:
+        for passwd_file in PASSWD_FILES:
             if (path := self.target.fs.path(passwd_file)).exists():
                 for line in path.open("rt"):
                     line = line.strip()
@@ -53,7 +59,12 @@ class UnixPlugin(OSPlugin):
                         continue
 
                     pwent = dict(enumerate(line.split(":")))
-                    seen_users.add((pwent.get(0), pwent.get(5), pwent.get(6)))
+
+                    current_user = (pwent.get(0), pwent.get(5), pwent.get(6))
+                    if current_user in seen_users:
+                        continue
+
+                    seen_users.add(current_user)
                     yield UnixUserRecord(
                         name=pwent.get(0),
                         passwd=pwent.get(1),

dissect/target/plugins/os/unix/shadow.py

@@ -29,39 +29,55 @@ class ShadowPlugin(Plugin):
         if not self.target.fs.path("/etc/shadow").exists():
             raise UnsupportedPluginError("No shadow file found")
 
+    SHADOW_FILES = ["/etc/shadow", "/etc/shadow-"]
+
     @export(record=UnixShadowRecord)
     def passwords(self) -> Iterator[UnixShadowRecord]:
-        """Recover shadow records from /etc/shadow files."""
-
-        if (path := self.target.fs.path("/etc/shadow")).exists():
-            for line in path.open("rt"):
-                line = line.strip()
-                if line == "" or line.startswith("#"):
-                    continue
-
-                shent = dict(enumerate(line.split(":")))
-                crypt = extract_crypt_details(shent)
-
-                # do not return a shadow record if we have no hash
-                if crypt.get("hash") is None or crypt.get("hash") == "":
-                    continue
-
-                yield UnixShadowRecord(
-                    name=shent.get(0),
-                    crypt=shent.get(1),
-                    algorithm=crypt.get("algo"),
-                    crypt_param=crypt.get("param"),
-                    salt=crypt.get("salt"),
-                    hash=crypt.get("hash"),
-                    last_change=shent.get(2),
-                    min_age=shent.get(3),
-                    max_age=shent.get(4),
-                    warning_period=shent.get(5),
-                    inactivity_period=shent.get(6),
-                    expiration_date=shent.get(7),
-                    unused_field=shent.get(8),
-                    _target=self.target,
-                )
+        """Yield shadow records from /etc/shadow files.
+
+        Resources:
+            - https://manpages.ubuntu.com/manpages/oracular/en/man5/passwd.5.html#file:/etc/shadow
+        """
+
+        seen_hashes = set()
+
+        for shadow_file in self.SHADOW_FILES:
+            if (path := self.target.fs.path(shadow_file)).exists():
+                for line in path.open("rt"):
+                    line = line.strip()
+                    if line == "" or line.startswith("#"):
+                        continue
+
+                    shent = dict(enumerate(line.split(":")))
+                    crypt = extract_crypt_details(shent)
+
+                    # do not return a shadow record if we have no hash
+                    if crypt.get("hash") is None or crypt.get("hash") == "":
+                        continue
+
+                    # prevent duplicate user hashes
+                    current_hash = (shent.get(0), crypt.get("hash"))
+                    if current_hash in seen_hashes:
+                        continue
+
+                    seen_hashes.add(current_hash)
+
+                    yield UnixShadowRecord(
+                        name=shent.get(0),
+                        crypt=shent.get(1),
+                        algorithm=crypt.get("algo"),
+                        crypt_param=crypt.get("param"),
+                        salt=crypt.get("salt"),
+                        hash=crypt.get("hash"),
+                        last_change=shent.get(2),
+                        min_age=shent.get(3),
+                        max_age=shent.get(4),
+                        warning_period=shent.get(5),
+                        inactivity_period=shent.get(6),
+                        expiration_date=shent.get(7),
+                        unused_field=shent.get(8),
+                        _target=self.target,
+                    )
 
 
 def extract_crypt_details(shent: dict) -> dict:

{dissect.target-3.19.dev12.dist-info → dissect.target-3.19.dev13.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.19.dev12
+Version: 3.19.dev13
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.19.dev12.dist-info → dissect.target-3.19.dev13.dist-info}/RECORD

@@ -183,7 +183,7 @@ dissect/target/plugins/general/scrape.py,sha256=Fz7BNXflvuxlnVulyyDhLpyU8D_hJdH6
 dissect/target/plugins/general/users.py,sha256=cQXPQ2XbkPjckCPHYTUW4JEhYN0_CT8JI8hJPZn3qSs,3030
 dissect/target/plugins/os/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/unix/_os.py,sha256=VQHx8PDhJ0NHzNuo3RIN3DGXkLqpGXbQe8M5ZbtI5nM,14277
+dissect/target/plugins/os/unix/_os.py,sha256=GcbP8HbK1XtwYFGbl8x0BdfoLAC2ROv9xieeFGI5dWM,14557
 dissect/target/plugins/os/unix/cronjobs.py,sha256=2ssj97UVJueyATVl7NMJmqd9uHflQ2tXUqdOCFIEje8,3182
 dissect/target/plugins/os/unix/datetime.py,sha256=gKfBdPyUirt3qmVYfOJ1oZXRPn8wRzssbZxR_ARrtk8,1518
 dissect/target/plugins/os/unix/etc.py,sha256=HoPEC1hxqurSnAXQAK-jf_HxdBIDe-1z_qSw_n-ViI4,258
@@ -191,7 +191,7 @@ dissect/target/plugins/os/unix/generic.py,sha256=6_MJrV1LbIxNQJwAZR0HEQljoxwF5BP
 dissect/target/plugins/os/unix/history.py,sha256=ptNGHkHOLJ5bE4r1PqtkQFcQHqzS6-qe5ms1tTGOJp8,6620
 dissect/target/plugins/os/unix/locale.py,sha256=V3R7mEyrH3f-h7SGAucByaYYDA2SIil9Qb-s3dPmDEA,3961
 dissect/target/plugins/os/unix/packagemanager.py,sha256=Wm2AAJOD_B3FAcZNXgWtSm_YwbvrHBYOP8bPmOXNjG4,2427
-dissect/target/plugins/os/unix/shadow.py,sha256=TvN04uzFnUttNMZAa6_1XdXSP-8V6ztbZNoetDvfD0w,3535
+dissect/target/plugins/os/unix/shadow.py,sha256=W6W6rMru7IVnuBc6sl5wsRWTOrJdS1s7_2_q7QRf7Is,4148
 dissect/target/plugins/os/unix/bsd/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/bsd/_os.py,sha256=e5rttTOFOmd7e2HqP9ZZFMEiPLBr-8rfH0XH1IIeroQ,1372
 dissect/target/plugins/os/unix/bsd/citrix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -344,10 +344,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.19.dev12.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.19.dev12.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.19.dev12.dist-info/METADATA,sha256=UR_OR6Mke9csuzDPtguApwOU8mClzRRkkWmmiqNv364,12719
-dissect.target-3.19.dev12.dist-info/WHEEL,sha256=Wyh-_nZ0DJYolHNn1_hMa4lM7uDedD_RGVwbmTjyItk,91
-dissect.target-3.19.dev12.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.19.dev12.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.19.dev12.dist-info/RECORD,,
+dissect.target-3.19.dev13.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.19.dev13.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.19.dev13.dist-info/METADATA,sha256=oFZiiry3QZEqrgYijsGOlPjZn1DfUM3GBMdf8WZaIFc,12719
+dissect.target-3.19.dev13.dist-info/WHEEL,sha256=Wyh-_nZ0DJYolHNn1_hMa4lM7uDedD_RGVwbmTjyItk,91
+dissect.target-3.19.dev13.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.19.dev13.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.19.dev13.dist-info/RECORD,,