ogf:=dZdZdZddlZddlZddlZddlZddlZddlZddl Z ddl m Z ddl m Z dd l m Z dd lmZdd lmZmZmZmZmZmZdd lmZd ZdZdZGddee ZGddZGddZdZdZ y)zFail2Ban Developersz^Copyright (c) 2004-2008 Cyril Jaquier, 2012-2014 Yaroslav Halchenko, 2014-2016 Serg G. BresterGPLN)Thread)version)CSocket) Beautifier)Fail2banCmdLineServerExecutionException ExitExceptionlogSysexitoutput)Utilsz fail2ban> cRtjjjSN) threadingcurrent_thread __class____name__@/usr/lib/python3/dist-packages/fail2ban/client/fail2banclient.py _thread_namer,s  ",,555rc ttSr)inputPROMPTrrr input_commandr/s  f rc|eZdZdZdZdZddZedZddZ ddZ dZ d Z dd Z dd Zd ZdZddZdZy )Fail2banClientctj|tj|d|_d|_d|_y)NT)r __init__r_alive_server _beautifierselfs rr"zFail2banClient.__init__8s24 //$$+$,$rcZtdtzdztdtdy)Nz Fail2Ban vz5 reads log file that contains password failure reportz=and bans the corresponding IP addresses using firewall rules.)rrr&s rdispInteractivezFail2banClient.dispInteractive?s% "Y YZ HI*rc`tdtjd|ztdy)Nr)zCaught signal %d. Exiting)rr warningr)r'signumframes r__sigTERMhandlerzFail2banClient.__sigTERMhandlerDs"*..,v56s)rcD|jdg|dk7r|gngzgd|S)NpingFtimeout)_Fail2banClient__processCmd)r'r5s r__pingzFail2banClient.__pingJs5  VHW] KL'  rch|jr |jSt|_|jSr)r%r r&s r beautifierzFail2banClient.beautifierNs-    \$  rcd} |j}d}|D]}|j| |st|jd|}n|dk7r|j ||jddkDrt j dd||j|}|d d k(rAt j dd |d |s|d d vrbt|j|d nDt jd |d j|rt|j|d d} |r |j|sd d vrt$j&j)|S#tj$r} |s|jdd kDr;|s|d dk7r|j| |d dk(nt j dd|| Yd} ~ |rQ |jn?#t $r3} |s|jdd kDrt j"| Yd} ~ nd} ~ wwxYw|s|d d vrt$j&j)yyd} ~ wt $r} |s|jdd kDr=|jdd kDrt j*| nt j| Yd} ~ |rQ |jn?#t $r3} |s|jdd kDrt j"| Yd} ~ nd} ~ wwxYw|s|d d vrt$j&j)yyd} ~ wwxYw#t $r4} |s|jdd kDrt j"| Yd} ~ *d} ~ wwxYw#|rQ |jn?#t $r3} |s|jdd kDrt j"| Yd} ~ nd} ~ wwxYw|sd d vrt$j&j)wwxYw)NTsocketr4r3verboserzCMD: %rrzOK : %rr)echo server-statuszNOK: %rFr2z -- %s failed -- %r)r9 setInputCmdr_conf settimeoutr logsendrbeautifyerrorargs beautifyErrorr;_Fail2banClient__logSocketErrorclose Exceptiondebugsysstdoutflush exception) r'cmdshowRetr5clientr9 streamRetcretes r __processCmdzFail2banClient.__processCmdUse &-:9  q1 tzz(+W=f R-   9! jjIq! ;;q>S A!  jjIs1v& AaD55 j!!#a&)* ll9c!fkk*  j&&s1v./i% F  \\^122JJ 1 <<4::i(1, AaDFN Q!/ zz!*Aq1   \\^ 4::i(1, ll1o122JJ3 4::i(1, I  "  ||A   \\^ 4::i(1, ll1o122JJ3 4::i(1, ll1o  \\^ 4::i(1, ll1o122JJ3s%M-C:E$$M-+L-$L*7AIM-G H()HH L*AL%$M-,J== K9)K44K9%L**M-- M*6)M%%M*-O*1NO* N> )N94O*9N>>,O*c` tj|jdtjrtj|jdtjr6|rt j |yt j d|rd|zndyt j d|jdyt j d|jdy#t$rB}t j d|jdt j |Yd}~yd}~wwxYw)Nr;z*%sUnable to contact server. Is it running?z[%s] r)z3Permission denied to socket: %s, (you must be root)z6Failed to access socket path: %s. Is fail2ban running?z*Exception while checking socket access: %s)osaccessrAF_OKW_OKr rFrK)r' prevError errorOnlyrWs r__logSocketErrorzFail2banClient.__logSocketErrorsii 8$bgg. yyH%rww/ ll9 ll? ))r3 \\ $ 8 46 LL  8  <<< zz( <<??s*A9C"<C"#C">#C"" D-+8D((D-c*|jrtjdy|j\}}|sy|jdsBt j j|jdrtjdyd|gdggS)NzServer already runningforcer;zLFail2ban seems to be in unexpected state (not running but the socket exists)z server-streamr?)_Fail2banClient__pingr rF readConfigrArZpathexists)r'rVstreams r__prepareStartServerz#Fail2banClient.__prepareStartServers| [[] <<() !+#v  G  80D!E <<^_  F #o%6 77rc||_yr)r$r'ss r _set_serverzFail2banClient._set_servers $,rcddlm}|j}d|_|sy |r.|j |j |j |dsyt}|j||d|_ |j|j d|j|_ |jdds8|jr!|jjd|_ tdy#t $rt"$rn}t%dt'j(d |rd nd z|j d dkDrt'j*|nt'j(|Yd}~yd}~wwxYw) Nr)Fail2banServerTF)phasergdoner,r)z Exception while starting server background foregroundr<)fail2banserverrn#_Fail2banClient__prepareStartServerr#startServerAsyncrA,_Fail2banClient__processStartStreamAfterWaitdictconfigureServerdaemonstartServerDirectrlr$getquitrr rKrr rFrP)r'rqrnrgrorWs r __startServerzFail2banClient.__startServers0,  $ $ &&$+  ##DJJ/  - -fe <  FEuV4DK!33DJJtGWGWXDL 99VU #  lldl #Y     ": <<2jlVbcd jja Q LLO s/C-BC--E-?A$E((E-Nc|rfd}||jd<ttj|d|f}d|_|j |][t jfd|jddtjd d jd ds td ydd <tjd d ||j}%|rdndxd<d <tjd d |sy:t jfddd|rdndd<tjd d |j|d}|d<|S)Nc>dd<tjddy)NT start-readyr= server phase %s)r rCrosr _server_readyz5Fail2banClient.configureServer.._server_readys U= ZZ&.ronstartF)targetrGTc,jddduS)Nreadyr{rsrz0Fail2banClient.configureServer..s599Wd34?rr5gMbP?r=rstartz$Async configuration of server failedz client phase %src,jddduS)Nrrrsrrz0Fail2banClient.configureServer..s%))M48Dr? configurerp)rArr rxryrrwait_forr rCr{r rtrv)r'nonsyncrorgrthrVs ` rrxzFail2banClient.configureServersb  /*DJJyn44D%PV;WX22988: n* NN?IAVX]^ JJq%u- 99We $ #$J KK  5> ::a$e, ^  % % '6 .4d%@5>E'N ::a$e,   >>Dc5Q!'U5 ::a$e, **659# 5= *rct|ts t|}t|dk(r+|ddk(r#|j|jd}|sy|St|dk\r|ddk(rt|dkDrddg|dd|j |S|jj d dr td |j d g|jdstjd y|jj d dr:td |j|j|j}||S|jj d dr td|j dgSt|dk\r|ddk(rg}t|dk\rW|ddvr|j|d|d=n)t|dkDrtjd|ddynt|dk\rW|jdrt|dk(s|ddk(rd}|j!\}}n|d}|j!|\}}|sy|jj d dr td|j#d|||ggdStjdyt|dkDr(|ddk(r |j#|gt%|dS|j#|gS)NrrrrqFrestartreload --restart interactivez ## stop ... stopzCould not stop serverz ## load configuration ... z ## start ... r)rz--unbanz --if-existsz%Unexpected argument(s) for reload: %rr3r4z--allz ## reload ... TzCould not find serverr2) isinstancelistlen_Fail2banClient__startServerrA_Fail2banClient__processCommandr{r_Fail2banClient__waitOnServerr rF resetConf initCmdLine_argvappendrcrdr6float)r'rQrVoptsjailrgs r__processCommandzFail2banClient.__processCommands C  c3X]s1v(  DJJ|4 53  : 3x1}Q9, #hl+&C!H   %% jjnn]E* &"   e $ LL()  jjnn]E* )*NN   4:: &C  Z jjnn]E*     ** 3x1}Q8+ 4 SQ 1v88 [[Q Q C1  ll:CGD   SQ kk"k 3x1}A') T??$[S& FT??4([S&   zz~~mU+    xtV<=t DD LL()  3x!|A&(   SE5Q=  99   SE ""rcd} |jstjdy|j|}|s-|jr!|jjd|_|S#t$rY}|j ddkDrtj |tjd|j dzdzYd}~d}~wwxYw)NFz%Could not find server, waiting failedr<rzQCould not start server. Maybe an old socket file is still present. Try to remove r;zR. If you used fail2ban-client to start the server, adding the -x option will do it) rr rFr6r rArPr$r|)r'rGrVrWs r__processStartStreamAfterWaitz,Fail2banClient.__processStartStreamAfterWaitZs #2     LL89    D !3 <<4< * "2 jja Q <<::h'(+11222s%A*A** C 3ACC cH|jd}tj}tjdd||fdfd}t jd5}j r|}||k(r dddytj|z }tjdd||d kDr|j ||k\r td td z|d kDrd ndtjj rdddy#1swYyxYw)Nr5r=z__waitOnServer: %rgy?ctjjjdxrj S)Nr;r4)rZrerfrArc)r'sltimesrrz/Fail2banClient.__waitOnServer..xs- 8 45U$++f+:Urr<Tz wait-time: %srzFailed to start serverrg?r皙?F) rAtimer rC VisualWaitr# heartbeatr minsleep) r'alivemaxtime starttimetestvisrunfwaittimers ` @r__waitOnServerzFail2banClient.__waitOnServerqs _ ZZ "7iik)**Q$ug&67 & U$$**Y'(C  6D u}   yy{Y&H JJq#X.!|]]_7 #$< == !HsNS  S D A  ! !$ 'c o.   _s -3&=64;##%uq" MM!R7 - r    u{{3/ 0  . 4y1} ^^ 4;##%uq" MM!R   &4;##%uq" MM!RG D4;##%uq" MM!RS > #$< ==>&  JJy !A %   1  ,,q/   ' (  BZ    jja Q LLO 4;##%uq" MM!R4;##%uq" MM!Rs.!L.3L.:J#?ALL+$J;LL.&L.#J88L.; L =LLL  LL++L.. N37=N.4N6.N33N667O-)r)Tr3)r)F)T)TNN)TN)r __module__ __qualname__r"r*rrcpropertyr9r6rIrtrlrrxrrvrrrrrr r 6sb     0d28$'T) bF#R .4Arr c2eZdZdZdZdZd dZdZdZdZ y) _VisualWaitzJSmall progress indication (as "wonderful visual") during waiting process rrc||_yr)maxpos)r'rs rr"z_VisualWait.__init__s $+rc|Srrr&s r __enter__z_VisualWait.__enter__ +rc|jrTtjjddd|jzzzdztjj yy)N  #)posrMrNwriterrOr'rGs r__exit__z_VisualWait.__exit__sG XX::D#r$++~./45::rc|js2tjjdd|jzzdz|xj|j z c_|j dkDr|jdkDrdnd}nd}tjj|tjj |j|jkDrd |_y |jd krd|_y y ) z&Show or step for progress indicator z INFO [#rz] Waiting on the server... rrz #z# z # r3rN)rrMrNrrdeltarOrjs rrz_VisualWait.heartbeats ::MS_58]]^((djj( ZZ!^hhl{ 11**1** XX 4: xx!|4:rN) ) rrr__doc__rrr"rrrrrrrrs% rrc"eZdZdZdZdZdZy)_NotVisualWaitz8Mockup for invisible progress indication (not verbose) c|Srrr&s rrz_NotVisualWait.__enter__rrcyrrrs rrz_NotVisualWait.__exit__rcyrrr&s rrz_NotVisualWait.heartbeatrrN)rrrrrrrrrrrrsrrc6|dkDr t|i|StS)z3Wonderful visual progress indication (if verbose) r)rr)r<rGkwargss rrrs")0! T$V$I9IIrcht}|j|r tdytdy)Nrr,)r rr)rrSs rexec_command_liners$   LLq's)r)! __author__ __copyright__ __license__rZrrr;rMrrrrcsocketrr9r fail2bancmdliner r r r rr server.utilsrrrrr rrrrrrrrs&# p  "! 6V_fVr :J  r