a =*f[@sdZdZdZddlZddlZddlZddlmZddlm Z e e Z d d Z dd d Z GdddZGdddeZedde_GdddeZdddZeee_dS)zJFail2Ban Developers, Alexander Koeppe, Serg G. Brester, Yaroslav Halchenkoz+Copyright (c) 2004-2016 Fail2ban DevelopersZGPLN)Utils) getLoggercCst|tr|St|S)z8A little helper to guarantee ip being an IPAddr instance isinstanceIPAddripr 9/usr/lib/python3.9/site-packages/fail2ban/server/ipdns.pyasip's r c Cszn|p t}ddt|ddtjdtjD}|rl|d}d}|D] }||r\|WS|sD|}qD|WSWntjyYn0t|S)zGet fully-qualified hostname of given host, thereby resolve of an external IPs and name will be preferred before the local domain (or a loopback), see gh-2438 css|]}|dr|dVqdS)Nr ).0air r r 3szgetfqdn..Nr.)socket gethostname getaddrinfoZ SOCK_DGRAMZ AI_CANONNAME startswitherrorgetfqdn)namenamesZpreffirstrr r r r-s$     rc@seZdZejdddZejdddZeddZeddZ edd Z edd d Z d Z eddZ dZeddZdZeddZdZeddZeddZdZeddZdS)DNSUtilsi,ZmaxCountZmaxTimec Cstj|}|dur|St}d}tr6tjtjfntjfD]}zdt|d|dtj D]J}t |dksXt |dsvqXt t |ddt |}|jrX||qXWq>ty}z|}WYd}~q>d}~00q>|s|rtd||tj|||S)z_ Convert a DNS into an IP address using the Python socket module. Thanks to Kevin Drapel. Nrz4Unable to find a corresponding IP address for %s: %s)rCACHE_nameToIpgetset IPv6IsAllowedrAF_INETAF_INET6rZ IPPROTO_TCPlenrstr_AF2FAMisValidadd ExceptionlogSyswarning)dnsipsZsaveerrfamresultr er r r dnsToIpSs$  zDNSUtils.dnsToIpc Csxtj|d}|dkr|Szt|d}Wn8tjyd}ztd||d}WYd}~n d}~00tj|||S)Nr rz'Unable to find a name for the IP %s: %s) rCACHE_ipToNamer"rZ gethostbyaddrrr-debugr#)r vr3r r r ipToNameqszDNSUtils.ipToNamecCsnt}t|}|dur0t|}|jr0|||dvrj|sjt|}|||rj|dkrjt d|||S)z/ Return the IP of DNS found in a given text. N)Zyeswarnr9z'Determined IP using DNS Lookup: %s = %s) r#rsearchIPr*r+rr4updater-r.)textZuseDnsZipListZplainIPr r r r textToIps      zDNSUtils.textToIpTc Csdd|f}tj|}|dur"|Sd}|r4ttjfntjtfD]F}z|}WqWq>ty}ztd|WYd}~q>d}~00q>tj |||S)z;Get short hostname or fully-qualified hostname of host selfselfhostnameNrz#Retrieving own hostnames failed: %s) rr5r"rrrr,r-r.r#)Zfqdnkeyrr?r3r r r getHostnames   $zDNSUtils.getHostname)r>r/cCsRtjtj}|dur|Stdtdtdgtdg}tjtj||S)zGet own host names of selfNZ localhostFTr)rr5r"_getSelfNames_keyr#rA)rr r r getSelfNamesszDNSUtils.getSelfNames)Znetintrfr0cCs\tjtj}|dur|SztddtD}Wnt}Yn0tjtj||S)Get own IP addresses of selfNcSsg|] \}}|qSr r )rZniar r r z+DNSUtils.getNetIntrfIPs..)rr!r"_getNetIntrfIPs_key IPAddrSet_NetworkInterfacesAddrsr#)r0r r r getNetIntrfIPss zDNSUtils.getNetIntrfIPs)r>r0c Cstjtj}|dur|Stt}tD]N}z|tt|O}Wq.tyz}zt d||WYd}~q.d}~00q.tj tj||S)rDNz#Retrieving own IPs of %s failed: %s) rr!r"_getSelfIPs_keyrIrKrCr4r,r-r.r#)r0r?r3r r r getSelfIPss  &zDNSUtils.getSelfIPsNc CsVtjs dSz>tdd }t| WdWS1s<0YWn Yn0d}zz.ttjtj}|dWW|r|dSt y.}zt |drddl }|j dks|j |j |j fvrWYd}~W|r|dS|j |j|jfvrWYd}~W|r|dSWYd}~n d}~00W|rR|n|rP|0dS)NFz(/proc/sys/net/ipv6/conf/all/disable_ipv6rb)rrTerrnor)rZhas_ipv6openintreadr&Z SOCK_STREAMZbindcloser,hasattrrOZ EADDRNOTAVAILZ EAFNOSUPPORTZ EADDRINUSEZEACCES)fsr3rOr r r _IPv6IsSupportedBySystems6 2       z!DNSUtils._IPv6IsSupportedBySystemcCs*|t_td|dur |rdq"dnd|S)Nz IPv6 is %sZonZoffauto)r_IPv6IsAllowedr-r6)valuer r r setIPv6IsAllowed s zDNSUtils.setIPv6IsAllowed)r>z ipv6-allowedcCstjdurtjStjtj}|dur*|St}|durzt}|shdt_zt}Wdt_ndt_0tdd|D}tj tj||S)NTcss|]}d|jvVqdS):N)ntoa)rr r r r r$rGz)DNSUtils.IPv6IsAllowed..) rrYr!r"_IPv6IsAllowed_keyrWrKrManyr#)r7r0r r r r$s   zDNSUtils.IPv6IsAllowed)T)__name__ __module__ __qualname__rCacher!r5 staticmethodr4r8r=rArBrCrHrKrLrMrYrWr[r^r$r r r r rMs6         rcseZdZdZdZdZedeefZedeeeefZ dZ dZ e j dd d Zd Zd ZeejZeejZed dZeffdd ZeddZefddZddZddZddZeddZeddZ ejdejd iZ!ed!d"Z"ed#d$Z#ed%d&Z$ed'd(Z%ed)d*Z&d+d,Z'd-d.Z(d/d0Z)d1d2Z*d3d4Z+d5d6Z,ed7d8Z-ed9d:Z.dQd;d<Z/d=d>Z0ed?d@Z1edAdBZ2dCdDZ3dEdFZ4dGdHZ5dIdJZ6e6Z7edKdLZ8edMdNZ9edOdPZ:Z;S)Rrz7Encapsulate functionality for IPv4 and IPv6 addresses z(?:\d{1,3}\.){3}\d{1,3}z:(?:[0-9a-fA-F]{1,4}::?|:){1,7}(?:[0-9a-fA-F]{1,4}|(?<=:):)z%^(?:(?P%s)|\[?(?P%s)\]?)$z^(%s|%s)/(?:(\d+)|(%s|%s))$N)_family_addr_plen _maskplen_rawi'rrcCs tj|SN)rCIDR_RAW)r7r r r r)EszIPAddr._AF2FAMcs|tjkrt|ttfrtj}|tjkrHtt||}||||S||f}tj |}|durh|S|tjkrt |\}}||f}|tjkrtj |}|dur|Stt||}||||j tjkrtj |||Srl)r CIDR_UNSPECrtuplelistrmsuper__new__ _IPAddr__init CACHE_OBJr"_IPAddr__wrap_ipstrrer#)clsipstrcidrr args __class__r r rrIs,        zIPAddr.__new__cCst|dkr0|ddkr0|ddkr0|dd}d|vrB|tjfStj|}|dur`|tjfSt|}|drt|d|d<|d=zt|d|d<Wnt y|tjfYS0|S)Nrr[rk]r/) r'rrn IP_W_CIDR_CREmatchrpgroups masktoplenrQ ValueError)rwrVr r r Z __wrap_ipstrds $      zIPAddr.__wrap_ipstrc Cstj|_d|_d|_d|_||_|tjkrx|durL|tjkrLtj|g}n tj tj g}|D]:}zt ||}||_WqWq\tj yYq\Yq\0q\|jtj krt d|\|_d|_|dur|dkrd|?}|j|M_||_n|jtj krt d|\}}|d>|B|_d|_|durP|dkrPd |?}|j|M_||_n&|tjr|d@|_tj |_d|_ntj|_dS) zP initialize IP object by converting IP address string to binary to integer rN!L !QQ@ )r AF_UNSPECrerfrgrhrirrmr%r&Z inet_ptonrstructunpackisInNet IP6_4COMPAT)r>rwrxfamilybinarymaskhilor r r Z__initzsH         z IPAddr.__initcCs t|jSrl)reprr]r>r r r __repr__szIPAddr.__repr__cCst|jtr|jSt|jSrl)rr]r(rr r r __str__szIPAddr.__str__cCs t|jffS)zIPAddr pickle-handler, that simply wraps IPAddr to the str Returns a string as instance to be pickled, because fail2ban-client can't unserialize IPAddr objects )r(r]rr r r __reduce__szIPAddr.__reduce__cCs|jSrl)rfrr r r addrsz IPAddr.addrcCs|jSrl)rerr r r rsz IPAddr.familyZinet4Zinet6cCstj|jSrl)rFAM2STRr"rerr r r familyStrszIPAddr.familyStrcCs|jSrl)rgrr r r plensz IPAddr.plencCs|jS)zlThe raw address Should only be set to a non-empty string if prior address conversion wasn't possible )rirr r r rawsz IPAddr.rawcCs |jtjkS)z6Either the object corresponds to a valid IP address )rerrrr r r r*szIPAddr.isValidcCs |jtjdtjdi|jdkS)zIReturns whether the object is a single IP address (not DNS and subnet) rri)rgrr%r&r"rerr r r isSingleszIPAddr.isSinglecCs~|jtjkr t|ts |j|kSt|ts>|dur6dSt|}|j|jkrNdS|jtjkrf|j|jkS|j|jko||j|jkSNF) rerrmrrirrrfrgr>otherr r r __eq__s       z IPAddr.__eq__cCs ||k Srlr rr r r __ne__sz IPAddr.__ne__cCsV|jtjkr t|ts |j|kSt|ts>|dur6dSt|}|j|jkpT|j|jkSr)rerrmrrirfrr r r __lt__s    z IPAddr.__lt__cCst|tst|}d||fSNz%s%srrr r r __add__s zIPAddr.__add__cCst|tst|}d||fSrrrr r r __radd__s zIPAddr.__radd__cCs t|jSrl)hashr]rr r r __hash__szIPAddr.__hash__cCs4|jtjkrd|jS|jtjkr,d|jSdSdS)zr+rrrr r r r]s    z IPAddr.ntoacCsT|jr |jd}|dur>d}n|jr:|j}|dur>d}ndSddt||fS)a return the DNS PTR string of the provided IP address object If "suffix" is provided it will be appended as the second and top level reverse domain. If omitted it is implicitly set to the second and top level reverse domain of the according IP address family rNz in-addr.arpa.z ip6.arpa.rz%s.%s)rr]splitrrjoinreversed)r>suffixZ exploded_ipr r r getPTR0s z IPAddr.getPTRcCs t|jS)z?Return the host name (DNS) of the provided IP address object )rr8r]rr r r getHostEszIPAddr.getHostcCs |jtjkS)z4Either the IP object is of address family AF_INET )rrr%rr r r rJsz IPAddr.isIPv4cCs |jtjkS)z5Either the IP object is of address family AF_INET6 )rrr&rr r r rPsz IPAddr.isIPv6cCsl|js |jdkr |t|jvS|j|jkr0dS|jrDd|j?}n|jrXd|j?}ndS|j|@|jkS)z9Return either the IP object is in the provided network rFrr) r*rrr4rrrrr)r>netrr r r rVs zIPAddr.isInNetcCst|to||kp||S)z;Return whether the object (as network) contains given IP )rrrr>r r r r containsiszIPAddr.containscCs ||Srlrrr r r __contains__nszIPAddr.__contains__cCsldd>d}d}|d|dddi}d}tddD]8}|d|>O}|dkrVd||||A<d||||A<q.|S)Nrrrrr)range)Zm6Zm4Zmmapmir r r Z __getMaskMaprs  zIPAddr.__getMaskMapcCsFd}|jdur|jStj|j}|durZmplenr r r maskplens zIPAddr.maskplencCs t|jS)zIConvert mask string to prefix length To be used only for IPv4 masks )rr)rr r r rszIPAddr.masktoplencCs<tj|}|sdS|d}|dur2|dkr2|S|dS)zBSearch if text is an IP address, and return it if so, else None NZIPv4rZIPv6)r IP_4_6_CRErgroup)r<rrwr r r r:s  zIPAddr.searchIP)N)r0Zips2r r r r rs  zIPAddrSet.__init__cCs4t|tst|}|j|j O_t||dSrl)rrrrr#r+rr r r r+sz IPAddrSet.addcs:ttstt|p8|jo8tfdd|DS)Nc3s|]}|VqdSrlr)rnr r r rrGz)IPAddrSet.__contains__..)rrr#rrr_rr r r rszIPAddrSet.__contains__N)r`rarbrrr+rr r r r rIs rIFc sz^ddlm}m}mm mmmmm }m }m }m }m mddl}ddl}Gfddd| Gfddd|Gfddd|G fd d d |}Gd d d | d fd|fd|fd fd fd|fd|fg _||jdpd js&tddd d fdd d  fdd } Wn:ty} z t| fdd} WYd} ~ n d} ~ 00t| t_| |S)!Nr) StructureUnionPOINTERpointer get_errnocastc_ushortc_bytec_void_pc_char_pc_uintc_intc_uint16c_uint32cs eZdZdfddfgZdS)z0_NetworkInterfacesAddrs..struct_sockaddr sa_familyZsa_dataNr`rarb_fields_r )rrr r struct_sockaddrs rcs&eZdZdfdfddfgZdS)z3_NetworkInterfacesAddrs..struct_sockaddr_inZ sin_familyZsin_portsin_addrr Nrr )rrrr r struct_sockaddr_ins rcs2eZdZdfdfdfddfdfgZdS)z4_NetworkInterfacesAddrs..struct_sockaddr_in6Z sin6_familyZ sin6_portZ sin6_flowinfo sin6_addrZ sin6_scope_idNrr )rrrrr r struct_sockaddr_in6s  rcs$eZdZdfdfgZdS)z._NetworkInterfacesAddrs..union_ifa_ifuZ ifu_broadaddrZ ifu_dstaddrNrr )rrr r union_ifa_ifus  rc@s eZdZdS)z/_NetworkInterfacesAddrs..struct_ifaddrsN)r`rarbr r r r struct_ifaddrssrifa_nextifa_nameZ ifa_flagsifa_addr ifa_netmaskZifa_ifuZifa_datacrz libc.getifaddrs is not availablecss"|j}|V|jsq|jj}qdSrl)contentsr)ifapifar r r ifap_iters z*_NetworkInterfacesAddrs..ifap_iterFcs|jj}|j}|tjkr|j}t||j}|r|jj}|dur|jtjkr|j}|dt||j7}t|S|tj kr|j}t||j }|r |jj}|dur |jtj kr |j}|dt||j 7}t|SdS)Nr~) rrrrr%rrrrr&r)rwithMaskZsar1rZnm)rrrrrr r getfamaddrs*  z+_NetworkInterfacesAddrs..getfamaddrc 3s~}|}|dkr*t~z@|D](}|jd}||}|r6||fVq6W|n |0dS)NrzUTF-8) getifaddrsOSErrorrdecodeZ freeifaddrs)rrr2rrr)rrrrlibcrrr r rJs     z8_NetworkInterfacesAddrs.._NetworkInterfacesAddrscsdSrlr r ) _init_errorr r rJs)F)F)ctypesrrrrrrrrrrrrrrZ ctypes.utilrZCDLLutilZ find_libraryrNotImplementedErrorr,rdrrJ) rrrrrrrrrrJr3r )rrrrrrrrrrrrrrrrr rJs8@    " rJ)r)F) __author__Z __copyright__Z __license__rrrZutilsrZhelpersrr`r-r rrobjectrrr#rIrJrdr r r r s&   bu  j