a =Æ*f:=ã@södZdZdZddlZddlZddlZddlZddlZddlZddl Z ddl m Z ddlmZdd lm Z dd lmZddlmZmZmZmZmZmZddlmZd Zdd„Zdd„ZGdd„dee ƒZGdd„dƒZGdd„dƒZdd„Zdd„Z dS)zFail2Ban Developersz^Copyright (c) 2004-2008 Cyril Jaquier, 2012-2014 Yaroslav Halchenko, 2014-2016 Serg G. BresterZGPLéN)ÚThreadé)Úversioné)ÚCSocket)Ú Beautifier)ÚFail2banCmdLineÚServerExecutionExceptionÚ ExitExceptionÚlogSysÚexitÚoutput)ÚUtilsz fail2ban> cCst ¡jjS©N)Ú threadingÚcurrent_threadÚ __class__Ú__name__©rrúB/usr/lib/python3.9/site-packages/fail2ban/client/fail2banclient.pyÚ_thread_name,srcCsttƒSr)ÚinputÚPROMPTrrrrÚ input_command/src@s”eZdZdd„Zdd„Zdd„Zd%dd „Zed d„ƒZd&dd„Z d'dd„Z dd„Zdd„Zd(dd„Z d)dd„Zdd„Zdd „Zd*d!d"„Zd#d$„ZdS)+ÚFail2banClientcCs*t |¡t |¡d|_d|_d|_dS)NT)rÚ__init__rÚ_aliveÚ_serverÚ_beautifier©Úselfrrrr8s zFail2banClient.__init__cCs$tdtdƒtdƒtdƒdS)Nz Fail2Ban vz5 reads log file that contains password failure reportz=and bans the corresponding IP addresses using firewall rules.Ú)r rrrrrÚdispInteractive?szFail2banClient.dispInteractivecCs"tdƒt d|¡tdƒdS)Nr!zCaught signal %d. Exitingéÿ)r rZwarningr)r ZsignumÚframerrrZ__sigTERMhandlerDszFail2banClient.__sigTERMhandlerçš™™™™™¹?cCs&|jdg|dkr|gnggd|dS)NÚpingéÿÿÿÿF©Útimeout)Ú_Fail2banClient__processCmd)r r)rrrZ__pingJsÿzFail2banClient.__pingcCs|jr|jStƒ|_|jSr)rrrrrrÚ beautifierNszFail2banClient.beautifierTr'c Csºd}z4|j}d}|D]¦}| |¡zÂ|s@t|jd|d}n|dkrR| |¡|jddkrnt dd|¡| |¡}|d d krºt dd |d¡|s¦|d dvræt| |d¡ƒn,t d |dj¡|rât| |d¡ƒd}Wqt j yÞ} zÚ|s|jddkrL|s&|d dkr<| | |d dk¡nt dd|| ¡WYd} ~ W|r´z| ¡WnFty²} z,|s”|jddkržt | ¡WYd} ~ n d} ~ 00|sÈ|d dvrÒtj ¡dSd} ~ 0ty¼} zÆ|s|jddkr*|jddkr t | ¡n t | ¡WYd} ~ W|r’z| ¡WnFty} z,|sr|jddkr|t | ¡WYd} ~ n d} ~ 00|s¦|d dvr°tj ¡dSd} ~ 00qW|rz| ¡WnFty} z,|sü|jddkrt | ¡WYd} ~ n d} ~ 00|s0|d dvr¶tj ¡nz|r–z| ¡WnFty”} z,|sv|jddkr€t | ¡WYd} ~ n d} ~ 00|sª|d dvr´tj ¡0|S)NTÚsocketr(r'ÚverboserézCMD: %rrzOK : %rr)Zechoú server-statuszNOK: %rFr&z -- %s failed -- %r)r+ZsetInputCmdrÚ_confZ settimeoutrÚlogÚsendr ZbeautifyÚerrorÚargsZ beautifyErrorr,Ú_Fail2banClient__logSocketErrorÚcloseÚ ExceptionÚdebugÚsysÚstdoutÚflushÚ exception) r ÚcmdZshowRetr)Úclientr+Z streamRetÚcÚretÚerrrZ__processCmdUsŠ ï ö ù zFail2banClient.__processCmdr!Fc CsÂz|t |jdtj¡rht |jdtj¡rT|r:t |¡qft d|rLd|nd¡qzt d|jd¡nt d|jd¡Wn@ty¼}z(t d|jd¡t |¡WYd}~n d}~00dS)Nr,z*%sUnable to contact server. Is it running?z[%s] r!z3Permission denied to socket: %s, (you must be root)z6Failed to access socket path: %s. Is fail2ban running?z*Exception while checking socket access: %s)ÚosÚaccessr0ÚF_OKÚW_OKrr3r7)r Z prevErrorZ errorOnlyrArrrZ__logSocketError‡s&ÿÿþÿzFail2banClient.__logSocketErrorcCsb| ¡rt d¡dS| ¡\}}|s*dS|jdsTtj |jd¡rTt d¡dSd|gdggS)NzServer already runningÚforcer,zLFail2ban seems to be in unexpected state (not running but the socket exists)z server-streamr/)Ú_Fail2banClient__pingrr3Ú readConfigr0rBÚpathÚexists)r r@ÚstreamrrrZ__prepareStartServer s z#Fail2banClient.__prepareStartServercCs ||_dSr)r©r ÚsrrrÚ_set_server²szFail2banClient._set_serverc Cs$ddlm}| ¡}d|_|s"dSz€|rH| |j¡| |d¡s WdSnXtƒ}|j||dd|_ | |jd|j¡|_| dd¡s |jr˜|j ¡d|_tdƒWn|ty¶‚Ynjty}zPtdƒt d |rÜd nd¡|jddkrþt |¡n t |¡WYd}~dSd}~00dS) Nr)ÚFail2banServerTF)ÚphaserKÚdoner#r!z Exception while starting server Ú backgroundZ foregroundr-)Zfail2banserverrOÚ#_Fail2banClient__prepareStartServerrZstartServerAsyncr0Ú,_Fail2banClient__processStartStreamAfterWaitÚdictÚconfigureServerÚdaemonZstartServerDirectrNrÚgetÚquitrr r7r rr3r<)r rRrOrKrPrArrrZ __startServer¶s: zFail2banClient.__startServerNcs^|r˜ˆdur"‡fdd„}||jd<ttj|dˆ|fd}d|_| ¡|dur”ˆdur”t ‡fdd„|jd d ¡t ddˆ¡ˆ d d¡s”tdƒ‚dSˆdur¶dˆd <t ddˆ¡|durÆ| ¡}ˆdurô|rÖdndˆd<ˆd <t ddˆ¡|südSˆdur._server_readyZonstartF)Útargetr4Tcsˆ dd¡duS)NÚready©rXrr\rrÚðóz0Fail2banClient.configureServer..r)gü©ñÒMbP?r.r[Ústartz$Async configuration of server failedz client phase %sr_csˆ dd¡duS)NrZr`rr\rrrarbçà?Z configurerQ)r0rrrVrWrcrÚwait_forrr1rXr rSrT)r ZnonsyncrPrKr]Úthr@rr\rrVàs> zFail2banClient.configureServercCszt|tƒst|ƒ}t|ƒdkrF|ddkrF| |jd¡}|sBdS|St|ƒdkr|ddkrt|ƒdkrˆddg|dd…<| |¡S|j d d¡ržtd ƒ| dg¡| d¡sÂt d¡dS|j d d¡røtd ƒ| ¡| |j ¡}|durø|S|j d d¡rtdƒ| dg¡St|ƒdkr6|ddkr6g}t|ƒdkrœ|ddvrn| |d¡|d=n*t|ƒdkrœt d|dd…¡dSqœq<|jddr&t|ƒdksÆ|ddkrØd}| ¡\}}n|d}| |¡\}}|sødS|j d d¡rtdƒ| d|||ggd¡St d¡dSn@t|ƒdkrj|ddkrj|j|gt|dƒdS| |g¡SdS)NrrrcrRFZrestartÚreloadú --restartÚinteractivez ## stop ... ÚstopzCould not stop serverz ## load configuration ... z ## start ... r)rhz--unbanz--if-existsz%Unexpected argument(s) for reload: %rr'r(z--allz ## reload ... TzCould not find serverr&)Ú isinstanceÚlistÚlenÚ_Fail2banClient__startServerr0Ú_Fail2banClient__processCommandrXr Ú_Fail2banClient__waitOnServerrr3Z resetConfÚinitCmdLineÚ_argvÚappendrGrHr*Úfloat)r r=r@ZoptsZjailrKrrrZ__processCommandsh zFail2banClient.__processCommandc Gsžd}z&| ¡st d¡WdS|j|Ž}WnTty~}z<|jddkrRt |¡t d|jdd¡WYd}~n d}~00|sš|jrš|j ¡d|_|S)NFz%Could not find server, waiting failedr-rzQCould not start server. Maybe an old socket file is still present. Try to remove r,zR. If you used fail2ban-client to start the server, adding the -x option will do it) rprr3r*r r0r<rrY)r r4r@rArrrZ__processStartStreamAfterWaitZs$ þþ z,Fail2banClient.__processStartStreamAfterWaitcsô|durˆjd}t ¡}t dd||f¡d‰‡‡fdd„}tˆjdƒ”}ˆjrÒ|ƒ}||krrWdƒdSt ¡|}t dd |¡|d krœ| ¡||kr¬tdƒ‚tˆd|d krÀdndƒ‰t ˆ¡qNWdƒn1sæ0YdS)Nr)r.z__waitOnServer: %rgš™™™™™y?cstj ˆjd¡oˆjˆdS)Nr,r()rBrIrJr0rGr©r Zsltimerrraxrbz/Fail2banClient.__waitOnServer..r-Tz wait-time: %srzFailed to start serverrgš™™™™™É?rdr%F) r0Útimerr1Ú VisualWaitrÚ heartbeatr ÚminÚsleep)r ÚaliveZmaxtimeZ starttimeÚtestZvisZrunfÚwaittimerrurZ__waitOnServerqs( *zFail2banClient.__waitOnServerc CsJi}tƒdkrrrrÚexec_command_lineüs r¢)!Ú __author__Z __copyright__Z__license__rBrŠr€r,r9rvrrrZcsocketrr+rZfail2bancmdlinerr r rrr Zserver.utilsrrrrrr“r rwr¢rrrrÚs4