ZHuddlZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl m Z ddlm Z ddl mZddlmZddlmZddlmZddlmZdd lmZdd lmZmZmZmZmZdd lmZdd l m!Z!dd l"m#Z#ddl$m%Z%m&Z&ddl'm(Z(m)Z)ddl*m+Z+m,Z,ddl-m.Z.dZ/dZ0eddZ1edxZ23s*edxZ23s edZ2e)e(ej4ej5Z6e)e(ej4ej5Z7Gdde8Z9GddZ:dZ;dedS)"N)suppress)JSONDecodeError)Path)TimeoutExpired)Optional)OperationalError)is_cpanel_installed)sentry)ANTIVIRUS_MODECore CustomBillingint_from_envvarlogger) HookEvent)g)get_plesk_upgrade_urls)retry_on timed_cache)HOUR rate_limit)APIError IPEchoAPI)IP IMUNIFYAVi&IMUNIFY360_CACHE_LICENSE_TOKEN_TIMEOUTiXz/opt/alt/openssl11/bin/opensslz/opt/alt/openssl/bin/opensslz/usr/bin/openssl)periodon_dropceZdZdZdS) LicenseErrorz9Used to communicate that some function requires a licenseN)__name__ __module__ __qualname____doc__V/opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/contracts/license.pyrr@sCCCCr%rceZdZdZdZeedZdZdZdZdZ dZ d Z d Z d Z gd ZiZd ZeeeddedededeeeeeffdZed6dedefdZedeeeefdeeeeffdZedZee e!j"e#dde$fdZ%edeefdZ&edZ'ed Z(ed!Z)ed7d"Z*ed7d#efd$Z+ed%Z,ed&Z-ed'Z.ed(Z/ed)Z0ed*eedeefd+Z1ed,Z2ed-Z3ed.Z4edefd/Z5edefd0Z6edefd1Z7edefd2Z8edefd3Z9ed4Z:edefd5Z;d S)8 LicenseCLN)idstatusgrouplimittoken_created_utctoken_expire_utc)r)r*r,r-r.group_id permissions)z!/usr/share/imunify360/cln-pub.key)z)/usr/share/imunify360/alt-license-pub.keyz/var/imunify360/license.jsonz!/var/imunify360/license-free.jsonz9https://cln.cloudlinux.com/console/purchase/ImunifyAvPlusz8https://www.cloudlinux.com/upgrade-imunify-{user_count}/z6../../../scripts14/purchase_imunifyavplus_init_IMUNIFYz3../../../scripts14/purchase_imunify360_init_IMUNIFY)r1Nr2) max_tries pubkey_pathcontent signaturereturnc $g}d}tjd5}|||tddd|d|jg} t j|t jt j|d }|j d krd}nb| d |j d |j d |j n4#t$r'}| d|jYd}~nd}~wwxYwdddn #1swxYwY||pdfS)zVerify that `content` is correctly signed with public key from file `pubkey_path` with resulting `signature`. Returns a tuple with (success, error_list). FT)deletedgstz-sha512z-verifyz -signature)stdoutstderrinputtimeoutrz1Signature verification failed - openssl returned z . stdout: z , stderr: z openssl command failed: missing N)tempfileNamedTemporaryFilewriteflush OPENSSL_BINname subprocessrunPIPE returncodeappendr>r?FileNotFoundErrorfilename) r6r7r8errorsresultsig_filecmdpes r&_verify_signaturezLicenseCLN._verify_signaturevs  ( 5 5 5  NN9 % % % NN    C N%?%?! <1$$!FFMMB,-LBB#$8BB78xBB % O O O MMMNNNNNNNN O)               @v~%%s;=D-Cz2LicenseCLN._get_signature_input..sH,FH"..H..r%null)VERIFY_FIELDS_MAP isinstancedictrLjoinitemsstrencode)clslicenserVpartskeyvalues r&_get_signature_inputzLicenseCLN._get_signature_inputs(1 ) )CCLE%&& ) GG05   V$$$$ SZZ((((wwu~~$$&&&r%signature_listcF g fd}|D]y\}}tj|} ||}n#t$rY>wxYw|j||r|dfcSjD]}||||r|dfccSz D]} t jd| dS)zc Verify signatures in license :return: signature, is_alternative, version cVj|i|\}}|r||SN)rUextend)argskwargssuccessrO all_errorsrgs r&verify_and_collect_errorsz=LicenseCLN._find_signature..verify_and_collect_errorss?3c3TDVDDOGV *!!&)))Nr%)rVFTz%sNF)base64 b64decoderlKeyError _PUBKEY_FILE_ALTERNATIVE_PUBKEY_FILESrwarning) rg license_tokenrmrvsignrVr8r7 alt_pubkeyerrorrus ` @r&_find_signaturezLicenseCLN._find_signatures6!#        , & &MD'(..I 22!73    )()97INN #U{"""!; & & ,,Z)LL&:%%%%%& &  ( (E N4 ' ' ' '{s? A  A c i} t|5}tj|}t|ts%t jd||cdddS||d|dgD\}}|d}|rD|||dfg\}} |%td| ddn(d|vr$| dtd |td |cdddS||d <||d <|cdddS#1swxYwYno#t$rt j d YnOttt t"t$jt(f$r} t jd| Yd} ~ nd} ~ wwxYw|S)z Load license token from file and verify signature If signature verification successful, put first valid signature to 'sign' field of license token :return: license token z2Failed to load license. Expected JSON object, got Ncg|]}|dfSr1r$)r[rs r& z*LicenseCLN._load_token..s, q r% signatures signature_v2r2z%Failed to verify license signature v2r0zdLicense missing signature_v2 but contained permissions; stripped (possible tampering or stale token)z"Failed to verify license signatureris_alternativez'Failed to load license: not registered?zFailed to load license: %s)openjsonloadrarbrrrgetthrottled_log_errorpopthrottled_log_no_v2rMinfoOSErrorrrzUnicodeDecodeErrorbinasciiError TypeError) rgpathdefaultfr~r8rv2_sign_sign_rTs r& _load_tokenzLicenseCLN._load_tokens8 :d) %q $ ! !-66#LL(=+#) %) %) %) %) %) %) %) %-0,?,?!$1$5$5lB$G$G--) >(++N;;"22%! ~  HE1}+C&))->>>"m33!%%m444'' $'(LMMM"K) %) %) %) %) %) %) %) %N)2 f%2@ ./$S) %) %) %) %) %) %) %) %) %) %) %) %) %) %) %) %) %V! C C C KA B B B B B     N   : : : L5q 9 9 9 9 9 9 9 9 :sZEAE E"C E. E; E EEEEEG ?-G ,GG )seconds)maxsizeci}tr|j|jgn|jg}|D]}||}|r|cS|S)z Get available license. In Antivirus mode, if main license is unavailable, return free license :return: license token )r _LICENSE_FILE_FREE_LICENSE_FILEr)rg lic_token license_fileslfs r& get_tokenzLicenseCLN.get_token#sr  %S  6 7 7#$    ! !B++I !     !r%cP|dS)z$ :return: server id r)rrrgs r& get_server_idzLicenseCLN.get_server_id:s }}""4(((r%cDt|S)z1 :return: bool: if we have token )boolrrs r& is_registeredzLicenseCLN.is_registeredAs CMMOO$$$r%cbto(|o| S)ze :return: Return true only if we have valid ImunifyAV+ or Imunify360 license )r is_validis_freers r&is_valid_av_pluszLicenseCLN.is_valid_av_plusHs' H#,,..H#++--6GHr%cNtsdS|tkSrw)r r AV_DEFAULT_IDrs r&rzLicenseCLN.is_freePs& 5  ""m33r%cR|p|}|sdStrF|dddo|dt jkS|ddvo6|dt jko|jdup|j|dkS) zLicense check based on license token return True - if license token is valid for this server return False - if license token is invalid Fr*rXokr.rok-trialNr,)rr r startswithtime users_countrgtokens r&rzLicenseCLN.is_validVs( 5   (B''22488=,-<  (O1 1 O()TY[[8 OD(MCOuW~,M r% permissionc|p|}|sdS||dix}vo ||dkS)zLicense check for a specific permission based on a license token return True - if license token has a given permission for this server return False - if license token does not have permission Fr0ENABLEDr)rgrrperms r&has_permissionzLicenseCLN.has_permissionmsW( 5 599]B#?#??4 @ .Z I- r%c~|}|s |d |d|d<|jdz}tjtjztjz}d}tt5tj |dddn #1swxYwYtj tj |||d5}tj ||dddn #1swxYwYtj|dd tj||j|jt%j|t%j| |||dS#t0$rYdSwxYw) zb Write new license token to file :param token: new token :return: r,Nsaved_user_limitz.tmpiwroot_imunify)userr+)rrrosO_WRONLYO_CREATO_EXCLrrMunlinkfdopenrrdumpshutilchownrename cache_clearr set_server_idrset_product_nameget_product_name renew_hookr)rgr old_token temp_fileflagsmoders r&updatezLicenseCLN.update}sMMOO  7UYYw//;(-gE$ %%.  bj(294 ' ( ( ! ! Ii  ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Yrwy%66 < <  IeQ                    YV:>>>> )S./// !!###S..00111 4 4 6 6777  NN9e , , , , ,    DD s6=BB"%B"C44C8;C8F.. F<;F<cgd}d}|}tfd|D}|r=tj||}ddlm}tj||ddSdS) N)license_expire_utcr*r,r)rchg|].}||k/Sr$r)r[elemrrs r&rz)LicenseCLN.renew_hook..s4 O O OUYYt__ d 3 3 3 O O Or%)exp_timerhr) execute_hooksT)return_exceptions) rfill_license_typeanyrLicenseReneweddefence360agent.hooks.executerasynciogather) rgrrimportant_keysr license_type conditionlicense_updatedrs `` r&rzLicenseCLN.renew_hooksHHH99122,,U33  O O O O O O O O    '6!<O D C C C C C N o..$         r%c6tt5tj|jdddn #1swxYwY|jtjdtj | dS)zY Delete license token along with old-style license data :return: N) rrMrrrrrr rrrrs r&r;zLicenseCLN.deletes ' ( ( ) ) Ic' ( ( ( ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) !!###T""" 4 4 6 677777s ;??cd|d}ddddd}||S)Nr* imunify360imunify360Trial imunifyAV imunifyAVPlus)rrok-avok-avpr)rgrrlicense_type_to_products r&rzLicenseCLN.fill_license_typesByy** ) % # #  '**<888r%c|}|dddrdSdS)Nr)rXzip-TF)rrlowerrrs r&is_ip_license_typezLicenseCLN.is_ip_license_typesI  99T2   $ $ & & 1 1% 8 8 4ur% url_templatec<|s|S|j}tjdd}|d}n|jD] }||kr|}n d}|dt |}|d|}|dt ||nd}|S) a&Format upgrade URL template with available parameters. Args: url_template: URL template string that may contain {user_count}, {iaid}, and {users} placeholders Returns: Formatted URL with placeholders replaced with actual values iaidrXNr1 unlimitedz {user_count}z{iaid}z{users})rrrVERSION_THRESHOLDSreplacere)rgrnr user_count thresholds r&format_upgrade_urlzLicenseCLN.format_upgrade_urls   OuVR   9JJ 3 ) )  >>!*JE") #++NC OOLL #++Hd;; #++ s 11155  r%c6|dkrdS|dkrdS|dkrdSdS)z1Get recommended license tier based on user count.r1z Single userr3zUp to 30 usersr4zUp to 250 userszUnlimited usersr$)rgrs r& _get_license_tier_recommendationz+LicenseCLN._get_license_tier_recommendations: ?? = 2  ## 3  $$$$r%cb| dS||}|dkrdnd}d|d|d|d S) z ? ? ?  % 5 B-1AA  r%c||o(|o| Srp)r&rr,rs r&rz(LicenseCLN.is_eligible_for_imunify_patchs; JJLL 8  855777 r%cts tjS|dd}|dkrdS|dvrdSt jd|dS) Nr*rXrz imunify.av)rrrz imunify.av+zUnknown license %szUnknown license)r r NAMErrrr)rglicense_statuss r&rzLicenseCLN.get_product_namesi 9 ,,Xr:: W $ $< ; ; ; = L-~ > > >$$r%c@tjdS)Nz/var/imunify360/demo)rrisfilers r&rzLicenseCLN.is_demosw~~4555r%ch|}|ddtkS)Nr,r)rrUNLIMITED_USERS_COUNTrs r& is_unlimitedzLicenseCLN.is_unlimiteds) yy!$$(===r%c|j|jdS|jD]*}|j|kr|j|cS+|jdS)Nr1)rr)rIM360_BUY_URL_TEMPLATEformatr)rgrs r&get_im360_buy_urlzLicenseCLN.get_im360_buy_urls ? "-444BB B/ O OI)++188I8NNNNN,)00K0HHHr%rrp)& FK Xn***)&)&#()&5:)& tXd3i(( ))&)&)&+*\)&V''C''''['"%,0sCx,A% x}d" #%%%[%NCC[CJ[#?@@@!$[&)hsm)))[) %%[% II[I44[4    [ ,       [  [B[$ 8 8[ 899[9[  hsm    [ D % %[ %  [ &ZZ[ZxDtDDD[D  d    [   d   [  % % % %[ %6666[6>>[>I#III[IIIr%r(cBtj}tjdd}t rt jtjkrt|s tj Sd}d} tj }tj |r|}ntjd|n,#t $r}tjd|Yd}~nd}~wwxYw|dkrd|}nd|}||zStd |zd |t'|zzS) NrrXz???uuG  sAA98A9)?rrxrrCrrrrHrBr contextlibrrpathlibrrtypingrpeeweer3defence360agent.application.determine_hosting_panelr defence360agent.contractsr defence360agent.contracts.configr r r rr%defence360agent.contracts.hook_eventsr&defence360agent.internals.global_scoper0defence360agent.subsys.panels.plesk.upgrade_urlsrdefence360agent.utilsrrdefence360agent.utils.commonrrdefence360agent.utils.ipechorrdefence360agent.utils.validaterrr4rErFexistsr}rrr Exceptionrr(rrerrGr$r%r&res_    %%%%%%######-,,,,,<;;;;;4444448777777799999999<<<<<<<<------ " /,   t<=== EEGG/4 >?? ?K G G I I/d-.. EjjfnEEE LFjjfnEEE L DDDDD9DDDf If If If If If If If IR555p  #  $       r%