o ;s*b\¦ã@svdZdZdZddlZddlZddlZddlZddlZddlZddl Z ddl m Z m Z m Z mZddlmZddlmZmZmZdd lmZdd lmZdd lmZmZdd lmZdd lmZddl m Z ddl!m"Z"m#Z#ej$ %ej$ &e'¡d¡Z(iZ)ddl!m*Z*e j+j,Z-ej$ %ej$ &e'¡d¡Z.iZ/Gdd„de j0ƒZ1Gdd„de"ƒZ2Gdd„de"ƒZ3Gdd„de"ƒZ4Gdd„de"ƒZ5dS)z!Cyril Jaquier, Yaroslav Halchenkoz>Copyright (c) 2004 Cyril Jaquier, 2011-2013 Yaroslav HalchenkoÚGPLéNé)Ú ConfigReaderÚConfigReaderUnsharedÚDefinitionInitConfigReaderÚNoSectionError)Úconfigparserinc)Ú JailReaderÚextractOptionsÚsplitWithOptions)Ú FilterReader)Ú JailsReader)Ú ActionReaderÚ CommandAction)Ú Configurator)ÚMyTime)Úversioné)ÚLogCaptureTestCaseÚ with_tmpdirÚfiles)Ú CONFIG_DIRÚconfigcsxeZdZ‡fdd„Zdd„Zddd„Zdd „Zdd d „Zd d„Zdd„Z dd„Z dd„Z dd„Z dd„Z dd„Z‡ZS)ÚConfigReaderTestcs.tt|ƒ ¡tjdd|_t|jd|_dS)zCall before every test case.zf2b-temp)Úprefix©ÚbasedirN)ÚsuperrÚsetUpÚtempfileÚmkdtempÚdrÚc©Úself©Ú __class__©úE/usr/lib/python3/dist-packages/fail2ban/tests/clientreadertestcase.pyr7szConfigReaderTest.setUpcCst |j¡dS)zCall after every test case.N)ÚshutilÚrmtreer!r#r'r'r(ÚtearDown=szConfigReaderTest.tearDownNcCs†tjj|vrtj |¡}tj |j|¡}tj |¡st |¡td|j|fdƒ}|dur4|  d|¡|dur=|  |¡|  ¡dS)Nú%s/%sÚwz [section] option = %s ) ÚosÚpathÚsepÚdirnameÚjoinr!ÚexistsÚmakedirsÚopenÚwriteÚclose)r$ÚfnameÚvalueÚcontentr!Úd_Úfr'r'r(Ú_writeAs    ý  zConfigReaderTest._writecCs*t d|j|f¡| |j d¡¡dS)Nr,r")r.Úunlinkr!Ú assertTruer"Úread)r$r8r'r'r(Ú_removeRszConfigReaderTest._remover"cCs&| |j |¡¡|j ddg¡dS)NÚsection)ÚintÚoptionrD)r?r"r@Ú getOptions)r$r<r'r'r(Ú _getoptionVszConfigReaderTest._getoptioncCs®|j d¡|j ddd¡|j ddd¡|j ddd¡|j dd¡}| |dd d d œ¡|j dd ¡}| |dd dd œ¡|j dd dd d œ¡}| |dd d d œ¡dS)NÚ DefinitionÚaÚ1Úbr"Útest))rCrHr)ÚboolrJr)rCr"rrTr)rHrJr"))rCrH)rLrJ)rCr")rCr)rLr)r"Ú add_sectionÚsetrEÚassertSortedEqual)r$Úoptsr'r'r(Ú testConvertZs ÿÿ ÿzConfigReaderTest.testConvertcCsxtj |jd¡}| dd¡| | d¡d¡t |d¡t |tj ¡s/|  |j   d¡¡dSddl }t d|  ¡¡‚)Nzd.confrr!z0Skipping on %s -- access rights are not enforced)r.r/r2r!r=Ú assertEqualrFÚchmodÚaccessÚR_OKÚ assertFalser"r@ÚplatformÚunittestÚSkipTest)r$r<rWr'r'r(ÚtestInaccessibleFileis  z%ConfigReaderTest.testInaccessibleFilecCsL| |j d¡¡| dd¡| | ¡d¡| dd¡| | ¡d¡| dd¡| | ¡d ¡| d d ¡| | ¡d ¡| d d ¡| | ¡d¡| dd¡| | ¡d¡| dd¡| | ¡d¡| d¡| d¡| | ¡d¡| d ¡| | ¡d ¡| d¡| | ¡d¡| d ¡| | ¡d¡dS)Nr"úc.confrIrÚ2rz c.d/98.confÚ998iæz c.d/90.confÚ990z c.d/99.confÚ999içzc.localÚ3éz c.d/1.localÚ4éiÞ)rVr"r@r=rRrFrAr#r'r'r(ÚtestOptionalDotDDirvs0            z$ConfigReaderTest.testOptionalDotDDircCsà|jdddd|jdddd|jdddd|jddd d|jd dd dGd d „d tƒ}|ddiƒ|_|j |j¡| |j ¡¡|jjidd|j ¡}|  |  d¡d¡|  |  d¡d¡|  |  d¡d¡dS)Nr[zS [INCLUDES] before = ib.conf after = ia.conf [Definition] test = %(default/test)s ©r9r:zib.confz, [DEFAULT] test = A [Definition] option = 1 zib.localz, [DEFAULT] test = B [Definition] option = 2 zia.confz, [DEFAULT] test = C [Definition] oafter = 3 zia.localz, [DEFAULT] test = D [Definition] oafter = 4 c@s$eZdZddgddgddgdœZdS)z?ConfigReaderTest.testLocalInIncludes..TestDefConfReaderrCNÚstring)rDÚoafterrK)Ú__name__Ú __module__Ú __qualname__Ú _configOptsr'r'r'r(ÚTestDefConfReader°s  ýrlr"rDT)ÚallrrgrcrKÚD) r=rr"Ú setBaseDirr!r?r@rEÚ getCombinedrRÚget)r$rlÚor'r'r(ÚtestLocalInIncludess z$ConfigReaderTest.testLocalInIncludescCs¼| |j d¡¡|jdddd| |j d¡¡| |j ¡ddg¡| |j dd¡d¡| |j dd ¡d ¡| |j dd ¡d¡| |j dd ¡d ¡| |j dd ¡d¡dS)NÚizi.confzu [DEFAULT] b = a zz = the%(__name__)s [section] y = 4%(b)s e = 5${b} z = %(__name__)s [section2] z = 3%(__name__)s rerBÚsection2ÚyÚ4aÚez5${b}ÚzÚzzÚ thesectionÚ 3section2)rVr"r@r=r?rRÚsectionsrqr#r'r'r(ÚtestInterpolationsÀs z#ConfigReaderTest.testInterpolationscCsd| |j d¡¡|jdddd| |j d¡¡| |j dd¡d¡| |j dd¡d ¡dS) NÚgúg.confz4 [DEFAULT] # A comment b = a c = d ;in line comment reÚDEFAULTrJrHr"r!)rVr"r@r=r?rRrqr#r'r'r(Ú testComments×s zConfigReaderTest.testCommentscCs<| |j d¡¡|jdddd| |j d¡¡| |j dd¡d¡| |j dd¡d ¡| |j d d¡d ¡| |j d d¡d ¡| |j d d ¡d¡| |j d d¡d¡| |j dd ¡d¡| |j dd¡d¡| |j dd ¡d¡| |j dd¡d¡| t|jjdd¡| t|jjd d¡dS)Nrr€zð [DEFAULT] a = def-a b = def-b,a:`%(a)s` c = def-c,b:"%(b)s" d = def-d-b:"%(known/b)s" [jail] a = jail-a-%(test/a)s b = jail-b-%(test/b)s y = %(test/y)s [test] a = test-a-%(default/a)s b = test-b-%(known/b)s x = %(test/x)s y = %(jail/y)s rerKrHz test-a-def-arJztest-b-def-b,a:`test-a-def-a`Újailzjail-a-test-a-def-az+jail-b-test-b-def-b,a:`jail-a-test-a-def-a`r"z5def-c,b:"jail-b-test-b-def-b,a:`jail-a-test-a-def-a`"r!z'def-d-b:"def-b,a:`jail-a-test-a-def-a`"z'def-c,b:"test-b-def-b,a:`test-a-def-a`"z def-d-b:"def-b,a:`test-a-def-a`"rzdef-c,b:"def-b,a:`def-a`"zdef-d-b:"def-b,a:`def-a`"Úxrv) rVr"r@r=r?rRrqÚ assertRaisesÚ Exceptionr#r'r'r(ÚtestTargetedSectionOptionsãsz+ConfigReaderTest.testTargetedSectionOptions)NN)r")rhrirjrr+r=rArFrQrZrdrsr~r‚r‡Ú __classcell__r'r'r%r(r5s    0 rcs˜eZdZ‡fdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„Zdd„Zedd„ƒZdd „Z‡ZS)!ÚJailReaderTestcótt|ƒj|i|¤ŽdS©N)rr‰Ú__init__©r$ÚargsÚkwargsr%r'r(rŒózJailReaderTest.__init__cCsÄdD]]}| td|fƒddg¡| td|fƒddg¡| td|fƒddg¡| td |fƒd dg¡| td |fƒd dg¡| td |fƒddg¡| td|fƒddg¡qdS)N)Ú ú ú za%sbrHrJz a[x=y]%sbza[x=y]za[x=y][z=z]%sbz a[x=y][z=z]za[x="y][z"]%sbz a[x="y][z"]z a[x="y z"]%sbz a[x="y z"]z a[x="y z"]%sbz a[x="y z"]z a[x="y z"]%sbz a[x="y z"])rRr )r$r0r'r'r(ÚtestSplitWithOptions sùz#JailReaderTest.testSplitWithOptionscCs tdttd}| t|j¡dS)NÚ XXXABSENTXXX©rÚ share_config)r rÚCONFIG_DIR_SHARE_CFGr…Ú ValueErrorr@©r$rƒr'r'r(ÚtestIncorrectJailsz JailReaderTest.testIncorrectJailcCsPtdttd}| | ¡¡| | ¡¡| | ¡¡| d¡| d¡dS)NÚ emptyactionr–z"No filter set for jail emptyactionz'No actions were defined for emptyaction)r ÚIMPERFECT_CONFIGÚIMPERFECT_CONFIG_SHARE_CFGr?r@rEÚ isEnabledÚ assertLoggedršr'r'r(ÚtestJailActionEmptys  z"JailReaderTest.testJailActionEmptycCsTtdttd}| | ¡¡| | ¡¡| | ¡¡| dt¡| d¡dS)NÚmissingbitsjailr–zJFound no accessible config files for 'filter.d/catchallthebadies' under %szUnable to read the filter© r rržr?r@rVrErŸr ršr'r'r(ÚtestJailActionFilterMissing"s z*JailReaderTest.testJailActionFilterMissingcCóFtdttd}| | ¡¡| | ¡¡| | ¡¡| d¡dS)NÚbrokenactiondefr–z$Invalid action definition 'joho[foo'r£ršr'r'r(ÚtestJailActionBrokenDef*óÿz&JailReaderTest.testJailActionBrokenDefcCsNtdttd}| | ¡¡| | ¡¡| | ¡¡| |jdd¡dS)NÚ tz_correctr–Ú logtimezoneúUTC+0200) r rržr?r@rErŸrRÚoptionsršr'r'r(ÚtestJailLogTimeZone2sÿz"JailReaderTest.testJailLogTimeZonecCr¥)NÚbrokenfilterdefr–z$Invalid filter definition 'flt[test'r£ršr'r'r(ÚtestJailFilterBrokenDef:r¨z&JailReaderTest.testJailFilterBrokenDefcCsttjjddtdttd}| | ¡¡| | ¡¡|  |  ¡¡|  |  ¡d¡|  d¡|  |  ¡d¡dS)NT©ÚstockÚsshdr–zssh-funky-blocker)rXÚF2BÚSkipIfCfgMissingr rr˜r?r@rErVrŸrRÚgetNameÚsetNameršr'r'r(ÚtestStockSSHJailBs zJailReaderTest.testStockSSHJailcCsútjjddtdttdd}| | ¡¡| | ¡¡| |  ¡¡|  ¡}|  gd¢gdd„|Dƒ¡|  gd¢gd d„|Dƒ¡|  gd ¢gd d„|Dƒ¡|  gd ¢¡}d }|D]}|  t|ƒdkom|d d¡¡|d7}||krzdSq]dS)NTr°ússhd-override-flt-opts©rr—Ú force_enable)rNr¸Ú prefregexz^TestcSó(g|]}t|ƒdkr|ddkr|‘qS)rr»©Úlen©Ú.0rrr'r'r(Ú Wó(z>JailReaderTest.testOverrideFilterOptInJail..)rNr¸Úaddjournalmatchz _COMM=testcSr¼)rrÃr½r¿r'r'r(rÁZrÂ)rNr¸ÚmaxlinesrcSr¼)rrÄr½r¿r'r'r(rÁ]rÂ)rNr¸ÚusednsÚnorrÚregexr)rXr³r´r rržr?r@rErŸÚconvertrRÚindexrVr¾Úendswith)r$rƒÚstreamÚ usednsidxrtrrr'r'r(ÚtestOverrideFilterOptInJailLs0ÿ  ÿ  ÿ  ÿ ýz*JailReaderTest.testOverrideFilterOptInJailc CsŠtjjdddD]9}dD]4}td| ¡ttdd}| | ¡¡| |  ¡¡|  ¡}|  d|  ¡dd |ggd d „|Dƒ¡q q dS) NTr°)rr)ÚJRNLÚFILEÚTESTÚINITÚ checklogtype_r¹rNÚ addfailregexz^%s failure from $cSr¼)rrÓr½r¿r'r'r(rÁsrÂz=JailReaderTest.testLogTypeOfBackendInJail..) rXr³r´r Úlowerrržr?r@rErÈrRrµ)r$rtÚpreflinerƒrËr'r'r(ÚtestLogTypeOfBackendInJailfsÿ ÿùþz)JailReaderTest.testLogTypeOfBackendInJailc Cs,d}dddif}t|ƒ}| ||¡| diftdƒ¡| ddddœftd ƒ¡| d iftd ƒ¡| d iftd ƒ¡| d d diftdƒ¡d}dif}t|ƒ}| ||¡d}dddddddddddddœ f}t|ƒ}| ||¡t| dd¡ƒ}|dtd d!„|d" ¡Dƒƒf}| ||¡dS)#Nzmail-whois[name=SSH]z mail-whoisÚnameÚSSHz mail.who_isÚcatÚdog)rHrJzmail.who_is[a=cat,b=dog]z mail--ho_iszmail--ho_is['s']ÚmailrHú,z mail[a=',']zabc[]ÚabczÑoption[opt01=abc,opt02="123",opt03="with=okay?",opt04="andwith,okay...",opt05="how about spaces",opt06="single'in'double",opt07='double"in"single', opt08= leave some space, opt09=one for luck, opt10=, opt11=]rDÚ123z with=okay?zandwith,okay...zhow about spaceszsingle'in'doublezdouble"in"singlezleave some spacez one for luckÚ) Úopt01Úopt02Úopt03Úopt04Úopt05Úopt06Úopt07Úopt08Úopt09Úopt10Úopt11ú][rcss$|] \}}|| dd¡fVqdS)rÜrëN)Úreplace)rÀÚkÚvr'r'r(Ú £s€"z1JailReaderTest.testSplitOption..r)r rRrìÚdictÚitems)r$rDÚexpectedÚresultÚ expected2r'r'r(ÚtestSplitOptionusD   õ ÿzJailReaderTest.testSplitOptioncCsätddttd}| | ¡¡| | ¡¡| |jdd¡| |jdd¡| dd „|j Dƒgd ¢d ddd d dgdd gddgggggd¢d dddd dgddgddgddgggggd¢d dddd dgddgddggggg¡dS)Nú multi-logT)rºrr—Úlogpathza.log b.log c.logÚactionzeaction[actname='ban'] action[actname='log', logpath="a.log b.log c.log d.log"] action[actname='test']cSsg|]}| ¡‘qSr')rÈ©rÀrHr'r'r(rÁ­óz6JailReaderTest.testMultiLineOption..)rNröÚ addactionÚbanú multi-setrüÚ actionbanz4echo "name: ban, ban: , logs: a.log b.log c.log"Úactnamer×)rNrörûÚlogrz:echo "name: log, ban: , logs: a.log b.log c.log d.log"za.log b.log c.log d.log)rNrörûrKrKz5echo "name: test, ban: , logs: a.log b.log c.log") r rržr?r@rErRr¬rOÚ_JailReader__actionsršr'r'r(ÚtestMultiLineOption§s,ý ýý õz"JailReaderTest.testMultiLineOptionc sZtjjddtddtd}t |d¡|j ¡}t dƒ|d<|  |  ¡¡|  ¡}g}|D]6‰t ˆƒdkr7q.ˆdd krPˆdd ksJˆd d ¡rP| ˆ¡q.ˆdd krd| ‡fd d„ˆdDƒ¡q.dt}| t |ƒd¡| |dd dddd |g¡| |dd dddd |g¡| t|ddƒ d d¡|¡| |dd dddd |g¡dS)NTr°Ú blocklisttest)rºrrƒ))rhr)Úfilterrß)Ú failregexz ^test $)Úsenderzf2b-test@example.com)Úblocklist_de_apikeyztest-key)røzƒ%(action_blocklist_de)s %(action_badips_report)s %(action_badips)s mynetwatchman[port=1234,protocol=udp,agent="%(fail2ban_agent)s"]rcrrNÚagentz badips.pyrýcs.g|]}|ddkrdgˆdd…|‘qS)rrrNrrcr'r¿©Úcmdr'r(rÁÜs.z3JailReaderTest.testVersionAgent..z Fail2Ban/%srøÚ blocklist_derÚbadipsrézraÚ mynetwatchman)rXr³r´r rrr@Ú_cfgÚ get_sectionsrðr?rErÈr¾rÊÚappendÚextendrrRÚevalrq)r$rƒr}rËÚactÚ useragentr'r r(ÚtestVersionAgent¿s,     &  €  zJailReaderTest.testVersionAgentcCs”tj |d¡}t|dƒ ¡tj |d¡}t d|¡| t tj |d¡¡|g¡| t |¡g¡|  d|¡| t tj |d¡¡g¡dS)NÚf1r-Úf2Ú nonexistingÚ*z4File %s is a dangling link, thus cannot be monitored) r.r/r2r5r7ÚsymlinkrRr Ú_globr )r$r!rrr'r'r(ÚtestGlobäs  zJailReaderTest.testGlobcCsttid}| | ¡g¡| | d¡¡| t|jdi¡| t|jd¡| t|j dd¡| t|j di¡dS)N©r—rKÚany) rrRr}rVÚ has_sectionr…rÚ merge_sectionr¬rqrE)r$r"r'r'r(ÚtestCommonFunctionõs z!JailReaderTest.testCommonFunction)rhrirjrŒr”r›r¡r¤r§r­r¯r·rÍrÖrõrrrrr"rˆr'r'r%r(r‰s$   2% r‰c@sTeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dS)ÚFilterReaderTestcCs°gd¢dddgd¢ggd¢gd¢gd¢gd ¢g}tddiƒ}| t¡| ¡| d¡| | ¡|¡tddd d ittd }| ¡| d¡d |dd<| | ¡|¡dS)N)rNÚ testcase01rÄrrýr$rÓ)zÝ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?Authentication failure for .* from \s*$zý^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?User not known to the underlying authentication module for .* from \s*$a^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?User not known to the\nunderlying authentication.+$^.+ module for .* from \s*$)rNr$Úaddignoreregexz"^.+ john from host 192.168.1.1\s*$)rNr$rÃz _COMM=sshdú+z_SYSTEMD_UNIT=sshd.servicez_UID=0)rNr$rÃzFIELD= with spaces r&zAFIELD= with + char and spaces)rNr$Ú datepatternz%Y %m %d %H:%M:%SrÄÚ5©r—rr réÿÿÿÿ)r roÚTEST_FILES_DIRr@rErOrÈÚTEST_FILES_DIR_SHARE_CFG)r$ÚoutputÚ filterReaderr'r'r(rQs&é    ÿ  zFilterReaderTest.testConvertcCsPtdddddœttd}| ¡| d¡| ¡}| |dd¡| d¡dS)Nr$zÚX)rÄrKr)rÄz6Wrong int value 'X' for 'maxlines'. Using default one:)r r,r+r@rErpÚassertNotEqualr ©r$r.rPr'r'r(ÚtestConvertOptions.sÿ z#FilterReaderTest.testConvertOptionscCsFgd¢g}tddittd}| ¡| d¡| ¡}| ||¡dS)N)rNÚjailnamerÓz to=sweet@example.com fromip=Ú substitionr3r)©r r,r+r@rErÈrO©r$r-r.r"r'r'r(Ú!testFilterReaderSubstitionDefault7s ÿ z2FilterReaderTest.testFilterReaderSubstitionDefaultcCsBtddittd}| ¡| d¡| ¡}| d|dv¡dS)NÚ testcase02r3r)r²r)r r,r+r@rErpr?r1r'r'r(ÚtestFilterReaderSubstKnown@sÿ z+FilterReaderTest.testFilterReaderSubstKnowncCsJgd¢g}tddddittd}| ¡| d¡| ¡}| ||¡dS)N)rNr3rÓzto=sour@example.com fromip=r4r3Úhoneypotzsour@example.comr)r5r6r'r'r(ÚtestFilterReaderSubstitionSetKs  ÿ z.FilterReaderTest.testFilterReaderSubstitionSetcCóRgd¢g}tdƒ\}}tdd|ttd}| ¡| d¡| ¡}| ||¡dS)N)rNr3rÓz?^to=test,sweet@example.com,test2,sweet@example.com fromip=$zusubstition[failregex="^$", honeypot=",", sweet="test,,test2"]r4r3r)©r r r,r+r@rErÈrO©r$r-Ú filterNameÚ filterOptr.r"r'r'r(ÚtestFilterReaderSubstitionKnownTó ÿÿ z0FilterReaderTest.testFilterReaderSubstitionKnowncCr<)N)rNr3rÓz)^\s*to=fail2ban@localhost fromip=\s*$zUsubstition[failregex="^\s*\s*$", honeypot=""]r4r3r)r=r>r'r'r(Ú!testFilterReaderSubstitionSection_rBz2FilterReaderTest.testFilterReaderSubstitionSectioncCsvtddddittd}| ¡| d¡| ttj|¡tdddddœttd}| ¡| d¡| ttj|¡dS)Nr4r3r:z r)z)r:Úsweet)r r,r+r@rEr…r™rÈ)r$r.r'r'r(ÚtestFilterReaderSubstitionFailjs ÿ ÿ z/FilterReaderTest.testFilterReaderSubstitionFailc Cs¾tj tj td¡¡}ttj |d¡diƒ}| | ¡tj |d¡tj |d¡g¡z| d¡|  dd¡|  dd¡|  dd¡WdSt y^}z|  d |¡WYd}~dSd}~ww) Núfilter.dztestcase01.confr$ztestcase-common.confrGÚ __prefix_linerÚ ignoreregexz)unexpected options after readexplicit: %s) r.r/Úabspathr2r+r rRÚ readexplicitrErqr†Úfail)r$Úpath_r.rxr'r'r(ÚtestFilterReaderExplicitxs ÿ   €ÿz)FilterReaderTest.testFilterReaderExplicitN) rhrirjrQr2r7r9r;rArCrErMr'r'r'r(r#s,      r#c@s*eZdZd dd„Zdd„Zedd„ƒZdS) ÚJailsReaderTestCacheFNcCsBt||d}| |¡| ¡| ¡| ¡| | d¡¡dS)N©rºr—)rroÚ readEarlyÚgetEarlyOptionsÚreadAllr?rE)r$rrºr—Ú configuratorr'r'r(Ú_readWholeConfŒs  z#JailsReaderTestCache._readWholeConfcCs4d}| ¡ d¡D]}t d||¡r|d7}q |S)Nrr‘z^\s*Reading files?: .*/r)ÚgetLogÚrsplitÚreÚmatch)r$Ú filematchÚcntÚsr'r'r(Ú_getLoggedReadCount–s €z(JailsReaderTestCache._getLoggedReadCountcCstj ¡tj}tjt_zst |¡t  t |¡t  t d|d¡t  t d|d¡t ƒ}|j ||d| d¡}| |dkd|¡|j |d |d | d ¡}| |dkd |¡| d ¡}| |dkd|¡| d¡}| |dkd|¡W|t_dS|t_w)Nz /jail.confz /jail.localz/fail2ban.confz/fail2ban.localrz jail.localrz3Unexpected count by reading of jail files, cnt = %sTrOz jail\.localz:Unexpected count by second reading of jail files, cnt = %szfilter\.d/common\.confz5Unexpected count by reading of filter files, cnt = %szaction\.d/iptables-common\.confz5Unexpected count by reading of action files, cnt = %s)rXr³Ú SkipIfFastrÚlogLevelÚloggingÚDEBUGr)r*ÚcopytreerÚcopyrðrTr\r?)r$rÚsaved_llÚ share_cfgrZr'r'r(ÚtestTestJailConfCaches(       z*JailsReaderTestCache.testTestJailConfCache)FN)rhrirjrTr\rrer'r'r'r(rNŠs   rNcs|eZdZ‡fdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z e dd„ƒZ dd„Z dd„Ze dd„ƒZ‡ZS)ÚJailsReaderTestcrŠr‹)rrfrŒrr%r'r(rŒÆrzJailsReaderTest.__init__cCs,tj d¡stdd}| t|j¡dSdS)Nz/XXXr)r.r/r3r r…r™r@)r$Úreaderr'r'r(ÚtestProvidingBadBasedirÉs  þz'JailsReaderTest.testProvidingBadBasedircCs*tttd}| | ¡¡| |jdd¡| t|j ¡|j dd}d|_ |  |gd¢gd¢dd d gd ¢gd d ggd ¢gd¢gd¢gd¢gd¢ddddddgddgddggggd¢gd¢gd¢gd¢d dgd dgd dgd dggd¢d d gd!d"gd!d#gd!d$gd!d%gg¡|  d&¡|  d'¡|  d(¡dS))Nr–F)Ú ignoreWrongT©Úallow_no_files)ÚaddrœÚauto)rlútest-known-interprmrýrnrÓ)z*failure test 1 (filter.d/test.conf) z+failure test 2 (filter.d/test.local) z"failure test 3 (jail.local) Ústart)rlÚmissinglogfilesrm)rNrprÓú)rlÚ brokenactionrm)rNrrrÓrq)rNrrrûrrrrrørþzhit with big stick rÿr×)rlúparse_to_end_of_jail.confrm)rNrsrÓrq)rNr©rÓrq)rNr©rªr«rœrprs)rlr©rmr©z config-errorzdJail 'brokenactiondef' skipped, because of wrong configuration: Invalid action definition 'joho[foo'zdJail 'brokenfilterdef' skipped, because of wrong configuration: Invalid filter definition 'flt[test'zoJail 'missingaction' skipped, because of wrong configuration: Unable to read action 'noactionfileforthisaction'zmJail 'missingbitsjail' skipped, because of wrong configuration: Unable to read the filter 'catchallthebadies'z!Errors in jail 'missingbitsjail'.z Skipping...z6No file(s) found for glob /weapons/of/mass/destruction)r rržr?r@rVrEr…r™rÈÚmaxDiffrOr ÚassertNotLogged)r$ÚjailsÚ comm_commandsr'r'r(ÚtestReadTestJailConfÎs`  ýÿÿÿÿÞÿ & z$JailsReaderTest.testReadTestJailConfc CsDtjjddt tj tdd¡¡D]}tj |¡  dd¡}t |ditd}|  |  ¡¡z|  i¡WntyS}z| d |t|ƒj|f¡WYd}~nd}~ww| d ¡sŸ|jd | ¡d |d |j |j dd¡ ¡d|d |jtjtdƒBd}|j| d¡dd|d |dvrŸ|jd| dd¡d|d qdS)NTr°úaction.dú*.confz.confrßrÐrzaction %r %s: %sz-commonrGz.Action file %r is lacking [Definition] section©Úmsgrþz#Action file %r is lacking actionban)ÚtimeoutÚbantime)Úignorer×z5Action file %r does not contains jail-name 'f2b-TEST')Úpfziptables-allportsúiptables-multiportzf2b-TESTÚ actionstartzSAction file %r: interpolation of actionstart does not contains jail-name 'f2b-TEST')rXr³r´Úglobr.r/r2rÚbasenamerìrr?r@rEr†rKÚtyperhrÊÚassertInr}Ú_optsrqÚstriprprÚ _escapedTagsrNrR)r$Ú actionConfigÚ actionNameÚ actionReaderrxrPr'r'r(ÚtestReadStockActionConfÿs<&€ÿ  ÿÿ ÿÿÿ€êz'JailsReaderTest.testReadStockActionConfc Cs¦tjjddtttd}| | ¡¡| | ¡¡|  ¡}|  |g¡t ƒ}|  ¡D]¤}|dkr3q,|  |d¡}t|ƒ\}}| |¡| t|ƒ¡t|||ttd}| | ¡d|¡| i¡| |j  dd ¡ ¡¡|  |d ¡}| t| ¡ƒ¡t|ƒD]M} t| ƒ\} } | t| ƒ¡| t| tƒ¡| d kr£| d | ¡t| |ittd} | |  ¡¡|  i¡|   ¡} | t| ƒ¡| | j  d d ¡ ¡¡q‚q,dS)NTr°r–ÚINCLUDESrr)zFailed to read filter:rrßrørÚportrþ)rXr³r´r rr˜r?r@rErÈrRrNr}rqr rlr¾r r‡rˆr Ú isinstancerðr†r)r$rvrwÚ allFiltersrƒr?r@r.ÚactionsrÚactNameÚactOptrŒÚcmdsr'r'r(ÚtestReadStockJailConfsL      ÿ     ÿ ñêz%JailsReaderTest.testReadStockJailConfc Cs²tjjddttdtd}| | ¡¡| | ¡¡t dd„t   t j   ddd¡¡Dƒƒ}t d d„|jDƒƒ}d|_| | |¡d | |¡¡| | |¡d | |¡¡dS) NTr°©rrºr—css@|]}| d¡s| d¡stj tj |¡d¡dVqdS)z common.confz-aggressive.confrrN)rÊr.r/ÚsplitextÚsplitrùr'r'r(rï_s€þ&þzBJailsReaderTest.testReadStockJailFilterComplete..rrFrzcss"|] }t|jdƒdVqdS)rrN)r r¬)rÀrƒr'r'r(rïcs€ ÿz=More filters exists than are referenced in stock jail.conf %rz2Stock jail.conf references non-existent filters %r)rXr³r´r rr˜r?r@rErNrƒr.r/r2rvrtÚissubsetÚ difference)r$rvÚfiltersÚ filters_jailr'r'r(ÚtestReadStockJailFilterCompleteYs"ÿÿ  ÿ  ÿz/JailsReaderTest.testReadStockJailFilterCompletec Cstjjddttdtd}| | ¡¡| | ¡¡|j dd}| t |ƒ¡|D] }t |ƒdkrK|d|dgdd gkrK| t   |d¡dk¡q+d D]!}|  d |gd d „|Dƒ¡|  d|ddg|¡|  d|g|¡qN| |ddd¡|jD]ˆ}|j}| ¡}|jt |ƒd|d|D]q}|  ¡}| ¡} dt|ƒvr|  d|j¡d} |d| g} |D]B}t |ƒdkrÖ|ddkrÖ|dd…| krÖddd„|dDƒv} nt |ƒdkrò|ddkrò|dd…| krò|ddkròd} | rönq´|j| d| t|ƒfdq“q}dS)NTr°r—rjrarrrNr~)r²Úrecidiverlcss4|]}t|ƒdkr|ddkr|dd…VqdS)rarrlNrr½©rÀr r'r'r(rïƒs€2zDJailsReaderTest.testReadStockJailConfForceEnabled..rÅÚwarnror*zNo actions found for jail %sr{z Ú blocktypeFrørcrýrcSsg|]}|d‘qS)rr'r r'r'r(rÁ rúzEJailsReaderTest.testReadStockJailConfForceEnabled..r zFound no %s command among %s)rXr³r´r rr˜r?r@rErÈr¾rÚ str2secondsr†rRÚ_JailsReader__jailsrrµÚstrÚ _initOpts) r$rvrwÚcommandÚjr’Ú jail_namerøÚcommandsÚ action_nameÚblocktype_presentÚtarget_commandr'r'r(Ú!testReadStockJailConfForceEnabledlsb $€  ÿ  ÿ ÿ ÿþ€î÷z1JailsReaderTest.testReadStockJailConfForceEnabledc sBtjjddtƒ}| t¡| | ¡t¡| ¡|  ¡}| |dd¡| |dd¡|  ¡|  ¡|  ¡|  ¡‰‡fdd„}| |d ƒ|d ƒkoV|d ƒkn¡| |d ƒ|d ƒk¡| |dƒ|d ƒk¡| ˆgd¢gd¢gd¢gd¢gd¢gd¢g¡|j d¡| |j ¡d¡| | ¡t¡dS)NTr°Úsocketz/var/run/fail2ban/fail2ban.sockÚpidfilez/var/run/fail2ban/fail2ban.pidcsBtˆƒD]\}}|ddkr|d|kr|Sqtd|ˆfƒ‚)NrrNrz/Did not find command 'set %s' among commands %s)Ú enumerater™)rDrtrx©rªr'r(Úfind_set½s€ÿz7JailsReaderTest.testStockConfigurator..find_setÚ syslogsocketÚloglevelÚ logtargetÚ dbpurgeageÚdbfileÚ dbmaxmatches)rNr´rm)rNrµÚINFO)rNr¶z/var/log/fail2ban.log)rNr¸z"/var/lib/fail2ban/fail2ban.sqlite3)rNr¹é )rNr·Ú1dz/tmp)rXr³r´rrorrRÚ getBaseDirrPrQrRrEÚconvertToProtocolÚgetConfigStreamr?rOÚ_Configurator__jails)r$rSrPr³r'r²r(ÚtestStockConfigurator«s:  "ÿú z%JailsReaderTest.testStockConfiguratorcCsút tj |d¡¡t tj |d¡¡ttj |dd¡dƒ ¡ttj |dd¡dƒ ¡ttj |d¡dƒ}| d¡| ¡t|id}| |  ¡¡| |  ¡¡|j d d }d d „|Dƒ}|  t td d„|Dƒƒƒd¡|  |ddd¡dS)NrFryztestaction1.confr-ztestfilter1.confú jail.confz¶ [testjail1] enabled = true action = testaction1[actname=test1] testaction1[actname=test2] testaction.py testaction.py[actname=test3] filter = testfilter1 r–TrjcSs,g|]}|dd…gd¢kr|dd…‘qS)Nra)rNÚ testjail1rûr')rÀÚcommr'r'r(rÁôs ÿz:JailsReaderTest.testMultipleSameAction..css|]}|dVqdS)rNr')rÀrør'r'r(rï÷s€z9JailsReaderTest.testMultipleSameAction..rcr*z{})r.Úmkdirr/r2r5r7r6r r?r@rErÈrRr¾rN)r$rÚjailfdrvrwÚ add_actionsr'r'r(ÚtestMultipleSameActionÞs   z&JailsReaderTest.testMultipleSameActioncCs|jtd|jdddS)Nz'Have not found any log file for .* jailÚpolling©Úbackend)ÚassertRaisesRegexr™Ú _testLogPathr#r'r'r(ÚtestLogPathFileFilterBackendüs ÿz,JailsReaderTest.testLogPathFileFilterBackendc CsPzddlm}Wnty}zt d¡‚d}~ww|jdd|jdddS)Nr)Ú FilterSystemdz&systemd python interface not availableÚsystemdrÊzsystemd[journalflags=2])Úserver.filtersystemdrÏr†rXrYrÍ)r$rÏrxr'r'r(ÚtestLogPathSystemdBackends €ÿ z)JailsReaderTest.testLogPathSystemdBackendcCs`ttj |d¡dƒ}| d||f¡| ¡t|d}| | ¡¡| |  ¡¡|  ¡dS)NrÂr-zš [testjail1] enabled = true backend = %s logpath = %s/not/exist.log /this/path/should/not/exist.log action = filter = failregex = test r) r5r.r/r2r6r7r r?r@rErÈ)r$rrËrÆrvr'r'r(rÍs ÷  zJailsReaderTest._testLogPath)rhrirjrŒrhrxrr–ržr®rÁrrÈrÎrÒrÍrˆr'r'r%r(rfÄs 1??3 rf)6Ú __author__Ú __copyright__Ú __license__rƒr_r.rWr)rrXÚclient.configreaderrrrrÚclientrÚclient.jailreaderr r r Úclient.filterreaderr Úclient.jailsreaderr Úclient.actionreaderrrÚclient.configuratorrÚ server.mytimerrÚutilsrrr/r2r1Ú__file__r+r,rr³r—r˜rržÚTestCaserr‰r#rNrfr'r'r'r(ÚsD       R{ :