o ;s*b9@sdZdZdZddlZddlZddlZddlZddlZddlZddl Z ddl m Z ddl m Z dd l m Z dd lmZdd lmZmZmZmZmZmZdd lmZd ZddZddZGdddee ZGdddZGdddZddZddZ dS)zFail2Ban Developersz^Copyright (c) 2004-2008 Cyril Jaquier, 2012-2014 Yaroslav Halchenko, 2014-2016 Serg G. BresterGPLN)Thread)version)CSocket) Beautifier)Fail2banCmdLineServerExecutionException ExitExceptionlogSysexitoutput)Utilsz fail2ban> cCs tjjSN) threadingcurrent_thread __class____name__rr@/usr/lib/python3/dist-packages/fail2ban/client/fail2banclient.py _thread_name,s rcCsttSr)inputPROMPTrrrr input_command/src@seZdZddZddZddZd#dd Zed d Zd$ddZ d%ddZ ddZ d&ddZ d'ddZ ddZddZd'dd Zd!d"ZdS)(Fail2banClientcCs*t|t|d|_d|_d|_dS)NT)r __init__r_alive_server _beautifierselfrrrr8s   zFail2banClient.__init__cCs$tdtdtdtddS)Nz Fail2Ban vz5 reads log file that contains password failure reportz=and bans the corresponding IP addresses using firewall rules.)rrr rrrdispInteractive?s zFail2banClient.dispInteractivecCs"tdtd|tddS)Nr"zCaught signal %d. Exiting)rr warningr )r!signumframerrr__sigTERMhandlerDs zFail2banClient.__sigTERMhandler皙?cCs&|jdg|dkr |gnggd|dS)NpingFtimeout)_Fail2banClient__processCmd)r!r-rrr__pingJszFail2banClient.__pingcCs|jr|jSt|_|jSr)rrr rrr beautifierNszFail2banClient.beautifierTr+c Csd}z|j}d}|D]J}||za|s t|jd|d}n |dkr)|||jddkr7tdd|||}|d d kr]tdd |d |sS|d d vr\t| |d nt d |d j |rqt| |d d}Wq t j y} ze|s|jdd kr|s|d dkr|| |d dkntdd|| WYd} ~ W|rz|Wn ty} z|s|jdd krt| WYd} ~ nd} ~ ww|s|d d vrtjdSdSd} ~ wtyV} zd|s|jdd kr |jdd krt| nt | WYd} ~ W|r?z|Wn#ty>} z|s/|jdd kr4t| WYd} ~ nd} ~ ww|sI|d d vrPtjdSdSd} ~ wwW|rz|Wn#ty} z|su|jdd krzt| WYd} ~ nd} ~ ww|s|d d vrtj|S|rz|Wn#ty} z|s|jdd krt| WYd} ~ nd} ~ ww|s|d d vrtjww)NTsocketr,r+verboserzCMD: %rrzOK : %rr)echo server-statuszNOK: %rFr*z -- %s failed -- %r)r0 setInputCmdr_conf settimeoutr logsendrbeautifyerrorargs beautifyErrorr1_Fail2banClient__logSocketErrorclose Exceptiondebugsysstdoutflush exception) r!cmdshowRetr-clientr0 streamRetcreterrr __processCmdUs            #      zFail2banClient.__processCmdr"Fc CszEt|jdtjr:t|jdtjr.|rt|WdStd|r(d|ndWdStd|jdWdStd|jdWdStyf}ztd|jdt|WYd}~dSd}~ww)Nr1z*%sUnable to contact server. Is it running?z[%s] r"z3Permission denied to socket: %s, (you must be root)z6Failed to access socket path: %s. Is fail2ban running?z*Exception while checking socket access: %s)osaccessr7F_OKW_OKr r<rA)r! prevError errorOnlyrMrrr__logSocketErrors*   zFail2banClient.__logSocketErrorcCsb|r tddS|\}}|sdS|jds*tj|jdr*tddSd|gdggS)NzServer already runningforcer1zLFail2ban seems to be in unexpected state (not running but the socket exists)z server-streamr5)_Fail2banClient__pingr r< readConfigr7rOpathexists)r!rLstreamrrr__prepareStartServers   z#Fail2banClient.__prepareStartServerc Csddlm}|}d|_|sdSz5|r&||j||ds#WdSWdSttj||dfd}d|_ | | d| |jd|_ WdStyPYdSty}z(tdtd|rbdnd |jd dkrst|nt|WYd}~dSd}~ww) Nr)Fail2banServerTFtargetr=r"z Exception while starting server background foregroundr2)fail2banserverr]#_Fail2banClient__prepareStartServerrstartServerAsyncr7,_Fail2banClient__processStartStreamAfterWaitrrdaemonstart setDaemonstartServerDirectrr rArr r<rF)r!r`r]r[thrMrrr __startServers<        zFail2banClient.__startServerNcs|rttj|dfd}d|_|Sdur"dd<tdd|}dur=|r.dndd<d<tdd|sAdSdur_t fdd d d |rTdndd <tdd| |d}durm|d <|S)NFr^Trgr3z client phase %sreadycsddduS)Nz start-ready)getrphaserrsz0Fail2banClient.configureServer..?gMbP? configuredone) rrconfigureServerrfrgr r9rcrwait_forre)r!nonsyncrorjr[rLrrnrrts* zFail2banClient.configureServercCsht|ts t|}t|dkr#|ddkr#||jd}|s!dS|St|dkr|ddkrt|dkrBddg|dd<||S|jd drMtd |d g|ds_t d dS|jd drztd | | |j }|durz|S|jd drtd|dgSt|dkr|ddkrg}t|dkr|ddvr||d|d=nt|dkrt d|dddSnt|dks|jddr t|dks|ddkrd}|\}}n |d}||\}}|sdS|jd drtd|d|||ggdSt ddSt|dkr.|ddkr.|j|gt|ddS||gS)Nrrrgr`Frestartreload --restart interactivez ## stop ... stopzCould not stop serverz ## load configuration ... z ## start ... r)ryz--unbanz --if-existsz%Unexpected argument(s) for reload: %rr+r,z--allz ## reload ... TzCould not find serverr*) isinstancelistlen_Fail2banClient__startServerr7_Fail2banClient__processCommandrmr_Fail2banClient__waitOnServerr r< resetConf initCmdLine_argvappendrWrXr.float)r!rGrLoptsjailr[rrr__processCommandsj               zFail2banClient.__processCommandc Gsz|s tdWdS|j|WdStyG}z'|jddkr(t|td|jdd|jr<|jWYd}~dSd}~ww) Nz%Could not find server, waiting failedFr2rzQCould not start server. Maybe an old socket file is still present. Try to remove r1zR. If you used fail2ban-client to start the server, adding the -x option will do itT) rr r<r.r r7rFrquit)r!r=rMrrr__processStartStreamAfterWaitCs&     z,Fail2banClient.__processStartStreamAfterWaitcs |dur jd}t}tdd||fdfdd}tjdV}jrt|}||kr: WddSt|}tdd ||d krO|||krWtd td |d kradndt js*WddSWddS1swYdS)Nr-r3z__waitOnServer: %rgy?cstjjdojdS)Nr1r,)rOrYrZr7rWrr!sltimerrrp_sz/Fail2banClient.__waitOnServer..r2Tz wait-time: %srzFailed to start serverrg?rqr)F) r7timer r9 VisualWaitr heartbeatr minsleep)r!alivemaxtime starttimetestvisrunfwaittimerrr__waitOnServerXs8     zFail2banClient.__waitOnServerc Cs(i}tdkrtjtjfD]}t|||<t||jq z`z |jdurL||}|durL|rHWWd|_| D] \}}t||q;dSt d|j }|j ddrzddl}Wn tygt dwzzd}t|dkrv||}|r|d| t}|d ks|d krWWWd|_| D] \}}t||qdS|d kr|n3|d ksz |t|Wn$ty} z|j d dkrt| nt| WYd} ~ nd} ~ wwqWnJttfytd wt|dkr|WWd|_| D] \}}t||qdS||WWd|_| D] \}}t||q SWn;tyi} z.|j d dkrEt| nt| WYd} ~ Wd|_| D] \}}t||qWdSd} ~ wwWd|_| D] \}}t||qrdSd|_| D] \}}t||qw)N _MainThreadFTzInit of command line failedrzrzReadline not availablez tab: completer rhelpr"r2r)rsignalSIGTERMSIGINT getsignal_Fail2banClient__sigTERMhandlerrrritemsr _argsr7rmreadline ImportErrorr~rparse_and_bindr#r dispUsageshlexsplitrAr rFr<EOFErrorKeyboardInterruptr) r!argv _prev_signalssrLshr=rrGrMrrrrgrs   2             "zFail2banClient.start)r))Tr+)r"F)T)TN)r __module__ __qualname__rr#rrWpropertyr0r.r?rcrrtrrerrgrrrrr6s     2  &!I  rc@s:eZdZdZdZdZdddZddZd d Zd d Z d S) _VisualWaitzJSmall progress indication (as "wonderful visual") during waiting process rr cCs ||_dSr)maxpos)r!rrrrrs z_VisualWait.__init__cC|Srrr rrr __enter__z_VisualWait.__enter__cGs6|jrtjddd|jdtjdSdS)N  #)posrCrDwriterrEr!r=rrr__exit__sz_VisualWait.__exit__cCs|jstjdd|jd|j|j7_|jdkr'|jdkr$dnd}nd}tj|tj|j|jkr?d |_d S|jd krId|_d Sd S) z&Show or step for progress indicator z INFO [#rz] Waiting on the server... rrz #z# z # r+rN)rrCrDrrdeltarE)r!rrrrrs       z_VisualWait.heartbeatN)r) rrr__doc__rrrrrrrrrrrs  rc@s(eZdZdZddZddZddZdS) _NotVisualWaitz8Mockup for invisible progress indication (not verbose) cCrrrr rrrrrz_NotVisualWait.__enter__cGdSrrrrrrrrz_NotVisualWait.__exit__cCrrrr rrrrrz_NotVisualWait.heartbeatN)rrrrrrrrrrrrs  rcOs|dkr t|i|StS)z3Wonderful visual progress indication (if verbose) r)rr)r2r=kwargsrrrrsrcCs(t}||rtddStddS)Nrr$)rrgr )rrIrrrexec_command_lines   r)! __author__ __copyright__ __license__rOrrr1rCrrrrcsocketrr0rfail2bancmdliner r r r r r server.utilsrrrrrrrrrrrrrs6