o ;s*b@@sdZdZdZddlZddlZddlZddlmZddlm Z e e Z d d Z dd d Z GdddZGdddeZedde_dS)zJFail2Ban Developers, Alexander Koeppe, Serg G. Brester, Yaroslav Halchenkoz+Copyright (c) 2004-2016 Fail2ban DevelopersGPLN)Utils) getLoggercCst|tr|St|S)z8A little helper to guarantee ip being an IPAddr instance isinstanceIPAddr)ipr 7/usr/lib/python3/dist-packages/fail2ban/server/ipdns.pyasip's r c Csz7|pt}ddt|ddtjdtjD}|r6|d}d}|D]}||r.|WS|s2|}q"|WSWn tjyAYnwt|S)zGet fully-qualified hostname of given host, thereby resolve of an external IPs and name will be preferred before the local domain (or a loopback), see gh-2438 css |] }|dr|dVqdS)Nr ).0air r r 3s zgetfqdn..Nr.)socket gethostname getaddrinfo SOCK_DGRAM AI_CANONNAME startswitherrorgetfqdn)namenamespreffirstrr r r r-s*     rc@s~eZdZejdddZejdddZeddZeddZ edd Z edd d Z ed dZ eddZ eddZdS)DNSUtilsi,maxCountmaxTimec Cstj|}|dur |St}d}tjtjftjtj ffD]G\}}z/t |d|dtj D]"}t |dks:t |ds;q,tt |dd|}|jrN||q,Wqtyd}z|}WYd}~qd}~ww|sp|rptd||tj|||S)z_ Convert a DNS into an IP address using the Python socket module. Thanks to Kevin Drapel. Nrz4Unable to find a corresponding IP address for %s: %s)r CACHE_nameToIpgetsetrAF_INETr FAM_IPv4AF_INET6FAM_IPv6r IPPROTO_TCPlenstrisValidadd ExceptionlogSyswarning)dnsipssaveerrfamipfamresultr er r r dnsToIpSs,   zDNSUtils.dnsToIpc Csxtj|d}|dkr |Sz t|d}Wntjy2}ztd||d}WYd}~nd}~wwtj|||S)Nr rz'Unable to find a name for the IP %s: %s) r CACHE_ipToNamer'r gethostbyaddrrr3debugr()r vr;r r r ipToNameqszDNSUtils.ipToNamecCsnt}t|}|durt|}|jr|||dvr5|s5t|}|||r5|dkr5t d|||S)z/ Return the IP of DNS found in a given text. N)yeswarnrCz'Determined IP using DNS Lookup: %s = %s) r(r searchIPr0r1r r<updater3r4)textuseDnsipListplainIPr r r r textToIps      zDNSUtils.textToIpTc Csdd|f}tj|}|dur>d}|rttjfntjtfD] }z|}Wnty=}z td|WYd}~qd}~wwtj |||S)z;Get short hostname or fully-qualified hostname of host selfselfhostnameNrz#Retrieving own hostnames failed: %s) r r=r'rrrr2r3r4r()fqdnkeyrrLr;r r r getHostnames  zDNSUtils.getHostnamecCsNd}tj|}|durtdtdtdgtdg}tj|||S)zGet own host names of self)rKr5N localhostFTr)r r=r'r(rO)rNrr r r getSelfNamess zDNSUtils.getSelfNamesc Csd}tj|}|dur;t}tD]'}z |tt|dO}Wqty:}z td||WYd}~qd}~wwtj|||S)zGet own IP addresses of self)rKr6NrBz#Retrieving own IPs of %s failed: %s) r r&r'r(rQrJr2r3r4)rNr6rLr;r r r getSelfIPss  zDNSUtils.getSelfIPscCstddtDS)Ncss|]}d|jvVqdS):N)ntoa)rr r r r rsz)DNSUtils.IPv6IsAllowed..)anyr rRr r r r IPv6IsAllowedszDNSUtils.IPv6IsAllowedN)T)__name__ __module__ __qualname__rCacher&r= staticmethodr<rArJrOrQrRrVr r r r r Ms"      r cseZdZdZdZdZedeefZdZ dZ e j ddd Z d Zd ZeejZeejZeffd d ZeddZefddZddZddZddZeddZeddZejdejdiZeddZ ed d!Z!ed"d#Z"ed$d%Z#ed&d'Z$d(d)Z%d*d+Z&d,d-Z'd.d/Z(d0d1Z)d2d3Z*ed4d5Z+ed6d7Z,dLd8d9Z-d:d;Z.edd?Z0d@dAZ1dBdCZ2dDdEZ3e3Z4edFdGZ5edHdIZ6edJdKZ7Z8S)Mr z7Encapsulate functionality for IPv4 and IPv6 addresses z(?:\d{1,3}\.){3}\d{1,3}z;(?:[0-9a-fA-F]{1,4}::?|::){1,7}(?:[0-9a-fA-F]{1,4}|(?<=:):)z%^(?:(?P%s)|\[?(?P%s)\]?)$N)_family_addr_plen _maskplen_rawi'r!r"cs|tjkrtt||}||||S||f}tj|}|dur%|S|tjkrFt|\}}||f}|tjkrFtj|}|durF|Stt||}||||j tjkratj |||SN) r CIDR_RAWsuper__new__ _IPAddr__init CACHE_OBJr' CIDR_UNSPEC_IPAddr__wrap_ipstrr\r()clsipstrcidrr args __class__r r rfs(        zIPAddr.__new__cCst|dkr|ddkr|ddkr|dd}d|vr!|tjfS|dd}t|dkr4td|fd |dvs@d |dvrIt|d|d<t|d|d<|S) Nrr[rb]r/z.invalid ipstr %r, too many plen representationrrS)r.r risplit ValueError masktoplenint)rlsr r r __wrap_ipstrs$    zIPAddr.__wrap_ipstrc Cstj|_d|_d|_d|_||_|tjkr|dur%|tjkr%tj|g}ntj tj g}|D]}z t ||}||_Wn tj yEYq-w|jtj krtt d|\|_d|_|durp|dkrrd|?}|j|M_||_dSdSdS|jtj krt d|\}}|d>|B|_d|_|dur|dkrd |?}|j|M_||_dS|tjr|d@|_tj |_d|_dSdSdStj|_dS) zP initialize IP object by converting IP address string to binary to integer rN!L !QQ@ )r AF_UNSPECr\r]r^r_r`r rdr)r+ inet_ptonrstructunpackisInNet IP6_4COMPAT)rKrlrmfamilybinarymaskhilor r r __initsP             z IPAddr.__initcC t|jSrc)reprrTrKr r r __repr__P zIPAddr.__repr__cCst|jtr |jSt|jSrc)rrTr/rr r r __str__SszIPAddr.__str__cCs t|jffS)zIPAddr pickle-handler, that simply wraps IPAddr to the str Returns a string as instance to be pickled, because fail2ban-client can't unserialize IPAddr objects )r/rTrr r r __reduce__Vs zIPAddr.__reduce__cC|jSrc)r]rr r r addr^z IPAddr.addrcCrrc)r\rr r r rbrz IPAddr.familyinet4inet6cCstj|jSrc)r FAM2STRr'r\rr r r familyStrgszIPAddr.familyStrcCrrc)r^rr r r plenkrz IPAddr.plencCr)zlThe raw address Should only be set to a non-empty string if prior address conversion wasn't possible )r`rr r r rawosz IPAddr.rawcCs |jtjkS)z6Either the object corresponds to a valid IP address )r\rrrr r r r0x zIPAddr.isValidcCs |jtjdtjdi|jdkS)zIReturns whether the object is a single IP address (not DNS and subnet) r{ri)r^rr)r+r'r\rr r r isSingle~s zIPAddr.isSinglecCs~|jtjkrt|ts|j|kSt|ts|durdSt|}|j|jkr'dS|jtjkr3|j|jkS|j|jko>|j|jkSNF) r\r rdrr`rrr]r^rKotherr r r __eq__s       z IPAddr.__eq__cCs ||k Srcr rr r r __ne__rz IPAddr.__ne__cCsV|jtjkrt|ts|j|kSt|ts|durdSt|}|j|jkp*|j|jkSr)r\r rdrr`r]rr r r __lt__s    z IPAddr.__lt__cCst|ts t|}d||fSNz%s%srrr r r __add__  zIPAddr.__add__cCst|ts t|}d||fSrrrr r r __radd__rzIPAddr.__radd__cCrrc)hashrTrr r r __hash__s zIPAddr.__hash__cCs0|jtjkr d|jS|jtjkrd|jSdS)zd}d}|d|dddi}d}tddD]}|d|>O}|dkr+d||||A<d||||A<q|S)Nrrr|r{r)range)m6m4mmapmir r r __getMaskMaps  zIPAddr.__getMaskMapcCsFd}|jdur |jStj|j}|durtdt|f||_|S)Nrz'invalid mask %r, no plen representation)r_r MAP_ADDR2MASKPLENr'r]rur/)rKmplenr r r maskplens zIPAddr.maskplencCs t|jS)zIConvert mask string to prefix length To be used only for IPv4 masks )r r)rr r r rv's zIPAddr.masktoplencCs4tj|}|s dS|d}|dkr|S|dS)zBSearch if text is an IP address, and return it if so, else None NIPv4rIPv6)r IP_4_6_CREmatchgroup)rFrrlr r r rD/s   zIPAddr.searchIPrc)9rWrXrY__doc__IP_4_REIP_6_RErecompilerr __slots__rrZrhrdrirr)r*r+r,rfr[rjrgrrrpropertyrrrrrrr0rrrrrrrrrTrrrrrr_IPAddr__getMaskMaprrrvrD __classcell__r r ror r s|     7               r z ::ffff:0:0`)r) __author__ __copyright__ __license__rrrutilsrhelpersrrWr3r rr objectr rr r r r s"     g