a =*f;-@sxdZdZdZddlZddlZddlZddlZddlmZddl m Z m Z m Z m Z dd lm Z e eZGd d d eZdS) z.Cyril Jaquier, Lee Clemens, Yaroslav HalchenkozPCopyright (c) 2004 Cyril Jaquier, 2011-2012 Lee Clemens, 2012 Yaroslav HalchenkoZGPLN)Actions) getLogger_as_boolextractOptionsMyTime)rc@seZdZdZgdZd5ddZddZd d Zd d Zd dZ ddZ e ddZ e ddZ e jddZ e ddZe ddZe ddZejddZd6ddZe d d!Zd"d#Zd$d%Zd&d'Zd7d(d)Zd*d+Zd8d-d.Zd/d0Zd9d1d2Zd3d4ZdS):JailagFail2Ban jail, which manages a filter and associated actions. The class handles the initialisation of a filter, and actions. It's role is then to act as an interface between the filter and actions, passing bans detected by the filter, for the actions to then act upon. Parameters ---------- name : str Name assigned to the jail. backend : str Backend to be used for filter. "auto" will attempt to pick the most preferred backend method. Default: "auto" db : Fail2BanDb Fail2Ban persistent database instance. Default: `None` Attributes ---------- name database filter actions idle status )Z pyinotifyZpollingZsystemdautoNcCsp||_t|dkr td|||_t|_d|_i|_ t d|j d|_ |durf| ||_ ||_dS)Nz]Jail name %r might be too long and some commands might not function correctly. Please shortenzCreating new jail '%s') _Jail__dblenlogSyswarning _Jail__namequeueZQueue _Jail__queue _Jail__filter _banExtrainfoname _realBackend _setBackendbackend)selfrrZdbr8/usr/lib/python3.9/site-packages/fail2ban/server/jail.py__init__Gs   z Jail.__init__cCsd|jj|jfS)Nz%s(%r)) __class____name__rrrrr__repr__Ysz Jail.__repr__c Cs>t|\}}|}|j}|dkr`||jvrNtd||ftd||f|||d}|D]}t|d|}zT|fi||dkr||krt d||fnt d|t ||_ |WSt y}z0t|dkrtjntjd||fWYd}~qdd}~00qdtd|jtd|jdS)Nr z.Unknown backend %s. Must be among %s or 'auto'z_init%sz9Could only initiated %r backend whenever %r was requestedzInitiated %r backendz)Backend %r failed to initialize due to %sz,Failed to initialize any backend for Jail %r)rlower _BACKENDSrerror ValueErrorindexgetattr capitalizerrr_Jail__actions ImportErrorlogloggingDEBUGZERRORr RuntimeError)rrZbeArgsZbackendsbZ initmethoderrrr\sD     zJail._setBackendcKs6ddlm}td|j|f||fi||_dS)Nr) FilterPollzJail '%s' uses poller %r)Z filterpollr1rrrr)rkwargsr1rrr _initPollings zJail._initPollingcKs6ddlm}td|j|f||fi||_dS)Nr)FilterPyinotifyzJail '%s' uses pyinotify %r)Zfilterpyinotifyr4rrrr)rr2r4rrr_initPyinotifys zJail._initPyinotifycKs6ddlm}td|j|f||fi||_dS)Nr) FilterSystemdzJail '%s' uses systemd %r)Z filtersystemdr6rrrr)rr2r6rrr _initSystemds zJail._initSystemdcCs|jS)zName of jail. )rr rrrrsz Jail.namecCs|jS)z;The database used to store persistent data for the jail. r r rrrdatabasesz Jail.databasecCs ||_dSNr8rvaluerrrr9scCs|jS)z;The filter which the jail is using to monitor log files. )rr rrrfiltersz Jail.filtercCs|jS)z2Actions object used to manage actions for jail. )r)r rrractionssz Jail.actionscCs|jjp|jjS)z-A boolean indicating whether jail is idle. r=idler>r rrrr@sz Jail.idlecCs||j_||j_dSr:r?r;rrrr@sbasiccCs^|jj|d}|jj|d}|dkrNt|jjdd}|jpF|j||gSd|fd|fgS)zThe status of the jail. )flavorZstatsZFilterr) r=statusr>typerreplacer"rr)rrBfstatZastatrrrrrDsz Jail.statuscCs |j S)z-Retrieve whether queue has tickets to ban. )remptyr rrrhasFailTicketsszJail.hasFailTicketscCs|j|dS)zQAdd a fail ticket to the jail. Used by filter to add a failure for banning. N)rZputrticketrrr putFailTicketszJail.putFailTicketcCs.z|jd}|WStjy(YdS0dS)zTGet a fail ticket from the jail. Used by actions to get a failure for banning. FN)rgetrZEmptyrJrrr getFailTickets  zJail.getFailTicketcs|j}|dkrd}|dur$|||<n||vr2||=td|||dkrrt|||<||rr|jdurrtd|dvr|durt|||<|dvs|dddur|dkrd d |dur|dkr| d ngD|d <|d gt |d d}t r|ffdd }n&|dd}t |dd}||fdd}|dddurf|d|ffdd }|dddur|d|ffdd }||d<dS)NrCzSet banTime.%s = %s incrementzDban time increment is not available as long jail database is not set)maxtimerndtime)formulafactorrPrQ multipliers evformularTcSsg|] }t|qSr)int).0irrr z(Jail.setBanTimeExtra.. Z evmultipliersrS1cs&|j||jtkr|jndS)N)TimeZCountr )ban banFactor)rTrrsz&Jail.setBanTimeExtra..rRz?ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactorz~inline-conf-expr~evalcSst|jt|Sr:)maxr^rb)r_r`rRrrrrarZrPcst||Sr:)minr_rU)rPrrrarZrQcs||tSr:)randomre)rQrrra rZ) rrrrrMr9rrZ str2secondssplitrbr compile)roptr<ber`rUrRr)rPrTrQrsetBanTimeExtras@   ,    zJail.setBanTimeExtracCs|dur|j|dS|jSr:)rrM)rrirrrgetBanTimeExtraszJail.getBanTimeExtracCs$|jdr|jddS|jS)z)Returns max possible ban-time of jail. rOrPr])rrMr> getBanTimer rrr getMaxBanTimes zJail.getMaxBanTimeTc CsRz |jdur |jdr.d}|r8|}n |j}|jj||||jjj dD]}zpd|_ |j | |rtWqR||}t |}|dkr|dkr||8}|dkr|dkrWqR||WqRty}z&tjd|ttjkdWYd}~qRd}~00qRWn@tyL}z&tjd |ttjkdWYd}~n d}~00dS) z5Restore any previous valid bans from the database. NrO)Zjail forbantimecorrectBanTimeZ maxmatchesTr]rzRestore ticket failed: %sexc_infozRestore bans failed: %s)r9rrMrnr>rmZgetCurrentBansr=Z failManagerZ maxMatchesZrestoredZ_inIgnoreIPListZgetIDrtimeZgetTimerL Exceptionrr$getEffectiveLevelr,r-)rrprorKZbtmZdiftmr0rrrrestoreCurrentBanss8        " zJail.restoreCurrentBanscCs<td|j|j|j|td|jdS)zStart the jail, by starting filter and actions threads. Once stated, also queries the persistent database to reinstate any valid bans. zStarting jail %rzJail %r startedN)rdebugrr=startr>rvrr rrrrx=s   z Jail.startc Cs|rtd|j|j|jfD]f}z|r0||r<|Wqty}z,tjd||j|t t j kdWYd}~qd}~00q|rt d|jdS)z9Stop the jail, by stopping filter and actions threads. zStopping jail %rzStop %r of jail %r failed: %srqNzJail %r stopped) rrwrr=r>stopjoinrtr$rur,r-r)rryrzobjr0rrrryIs  z Jail.stopcCs|jp|jS)z?Check jail "isAlive" by checking filter and actions threads. )r=isAliver>r rrrr|\sz Jail.isAlive)r N)rA)N)T)TT)r __module__ __qualname____doc__r#rr!rr3r5r7propertyrr9setterr=r>r@rDrIrLrNrkrlrnrvrxryr|rrrrr 'sD &           -  $ r ) __author__Z __copyright__Z __license__r,Zmathrfrr>rZhelpersrrrrZmytimerrobjectr rrrrs