�&ǐk�@'bJ�h�ۊL'}T�:��'2�Z#$��n�a����>a��`��_3d�Qpt�/�P
-��#5�,�M���
�pA:©�q�����NW��ډ�A�����9nʺج����
�TSM��{J6?7��r�@�\����D����׶���s�f�TJj?"��D��`?��̒�	b�#�%�C*v�$�{�$����5Ծ�F�s��y�e/8��h-�f�̰&(����Gj�L:U�	2������v�_k����Y��gp,�k�WF�R����<Q%E�,��+׬��$�䑽�0����]q�%�ˮI�����5_�}}�c�{8�.��&���o��Ӳ�ߢ�!�2M��@��GƲz�@�Z$�b�ցK���Q��m�C���6�i����V�j|�s�y����\1�����5'?�@3�$%vP�v >��_C�R��N@���R�@�ߔ?A�w9���F("iNa-S���Q�o�3tDMLh*�#4k�T/iQ��Y*�G��m����)��8�hBm/�I�,g�ﯖ���Z��}�Cz�q@´��d.����L�ŕ�,��1�Z�܌�:̪���F+J-'��c�tvJ8��]Q-��b��y�6;*J`r_�d	��'�G ~p��)'�C,�%F��E(��2�k�����lР�z�!�=t��_�0��f7���
;�p�|�U	�%<j
��I�#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/updatesupportauthorizations     Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

use strict;

use Cpanel::SSH                        ();
use Cpanel::Sys::Escalate              ();
use Whostmgr::ACLS                     ();
use Whostmgr::TicketSupport::DataStore ();

# verify we're root #
die 'You must run this script as root!'
  if $> != 0;

# we need to override these for this to work #
sub hasfeature { return 1; }
no warnings 'redefine';
local *Whostmgr::ACLS::hasroot = sub { return 1; };

# load and seed the storable with a sane list of users #
my $ds = Whostmgr::TicketSupport::DataStore->new();

print "Enumerating all the su and sudo users on the system...\n";

# figure out all the users to search (THIS IS VERY INEFFECIENT BECAUSE USERS MUST BE IN-ORDER!!!) #
my @users = ('root');
{
    my $sudo_users = Cpanel::Sys::Escalate::get_list_of_sudo_users();
    push @users, grep {
        my $sudo_user = $_;
        !grep { $_ eq $sudo_user } @users
    } @{$sudo_users};
}
{
    my $su_users = Cpanel::Sys::Escalate::get_list_of_su_users();
    push @users, grep {
        my $su_user = $_;
        !grep { $_ eq $su_user } @users
    } @{$su_users};
}

print "Scanning home directories for recognized cPanel Support SSH public keys...\n";

# enumerate and rebuild the cached list of users #
my ( %checked_homedirs, @users_detected );
foreach my $user (@users) {

    # prevent checking duplicate users #
    my $user_homedir = Cpanel::SSH::_getsshdir( $user, { skip_create => 1 } );
    next if !$user_homedir || defined $checked_homedirs{$user_homedir} || !-d $user_homedir;
    $checked_homedirs{$user_homedir} = 1;

    # find all relevant keys #
    my ( $keys, $warnings ) = Cpanel::SSH::_listkeys( 'user' => $user, 'private' => 0, 'public' => 1 );
    foreach my $key ( @{$keys} ) {

        # make sure we can parse the key text #
        next if $key->{'text'} !~ m/\s+(\w{3,64})_server_(\w{1,64})\@cpanel.net_\d+/;

        # add to our list... #
        push @users_detected, $user;

        # we only need one key match #
        last;
    }
}

print "Writing out the support authorizations users cache...\n";

# ONLY update the list of users #
$ds->set( 'users', \@users_detected );

# write and we're done #
$ds->cleanup();

print "Done!\n";