ܜ^c@sdZdZdZddlZddlZddlZddlmZddlm Z e e Z d Z d d Z d fd YZdefdYZedde_dS(sJFail2Ban Developers, Alexander Koeppe, Serg G. Brester, Yaroslav Halchenkos+Copyright (c) 2004-2016 Fail2ban DeveloperstGPLiNi(tUtilsi(t getLoggercCst|tr|St|S(s8A little helper to guarantee ip being an IPAddr instance(t isinstancetIPAddr(tip((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pytasip'stc Csy|ptj}dtj|ddtjdtjD}|r|d}d}x0|D](}|j|ry|S|s`|}q`q`W|SWntjk rnXtj|S(sGet fully-qualified hostname of given host, thereby resolve of an external IPs and name will be preferred before the local domain (or a loopback), see gh-2438 css#|]}|dr|dVqdS(iN((t.0tai((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pys 4sit.N( tsockett gethostnamet getaddrinfotNonet SOCK_DGRAMt AI_CANONNAMEt startswithterrortgetfqdn(tnametnamestpreftfirstR ((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyR-s  "   tDNSUtilscBseZejdddd Zejdddd ZedZedZedZ ee dZ ed Z ed Z ed ZRS(tmaxCountitmaxTimeii<cCsHtjj|}|dk r"|St}d}xtjtjftj tj ffD]\}}yxtj |d|dtj D]e}t |dkst |d rqntt|dd|}|jr|j|qqWWqVtk r }|}qVXqVW| r1|r1tjd||ntjj|||S(s_ Convert a DNS into an IP address using the Python socket module. Thanks to Kevin Drapel. iis4Unable to find a corresponding IP address for %s: %sN(RtCACHE_nameToIptgetRtsetR tAF_INETRtFAM_IPv4tAF_INET6tFAM_IPv6R t IPPROTO_TCPtlentstrtisValidtaddt ExceptiontlogSystwarning(tdnstipstsaveerrtfamtipfamtresultRte((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pytdnsToIpSs&  1%#  cCstjj|d}|dkr%|Sytj|d}Wn/tjk rm}tjd||d}nXtjj |||S(Nis'Unable to find a name for the IP %s: %s((( RtCACHE_ipToNameRR t gethostbyaddrRR(tdebugRR(RtvR0((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pytipToNameqs  cCst}tj|}|dk rLt|}|jrL|j|qLn|dkr| rtj|}|j||r|dkrt j d||qn|S(s/ Return the IP of DNS found in a given text. tyestwarns'Determined IP using DNS Lookup: %s = %sN(syesswarn( RRtsearchIPRR%R&RR1tupdateR(R)(ttexttuseDnstipListtplainIPR((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyttextToIps      cCsdd|f}tjj|}|dkrd}xc|rKttjfn tjtfD]:}y|}PWqXtk r}tj d|qXXqXWntjj |||S(s;Get short hostname or fully-qualified hostname of host selftselfthostnameRs#Retrieving own hostnames failed: %sN( RR2RRRR R R'R(R)R(tfqdntkeyRRAR0((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt getHostnames ( cCsrd}tjj|}|dkr[tdtjttjtgtdg}ntjj|||S(sGet own host names of selfR@R*t localhostR(sselfsdnsN(RR2RRRRDtFalsetTrue(RCR((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt getSelfNamess !cCsd}tjj|}|dkrt}x`tjD]O}y |ttj|dO}Wq:tk r}tj d||q:Xq:Wntjj|||S(sGet own IP addresses of selfR@R+R7s#Retrieving own IPs of %s failed: %s(sselfsipsN( RRRRRRHR?R'R(R)(RCR+RAR0((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt getSelfIPss   cCstdtjDS(Ncss|]}d|jkVqdS(t:N(tntoa(RR((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pys s(tanyRRI(((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt IPv6IsAllowedsi,i,(t__name__t __module__RtCacheRR2t staticmethodR1R6R?RGRDRHRIRM(((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyRMsRcBseZdZdZdZejdeefZd/Z d0Z e j d d d d1Z dZdZeejZeejZedZedZedZdZdZdZedZedZidej6dej6ZedZ edZ!edZ"edZ#dZ$dZ%d Z&d!Z'd"Z(d#Z)ed$Z*ed%Z+d/d&Z,d'Z-ed(Z.ed)Z/d*Z0d+Z1e1Z2ed,Z3ed-Z4ed.Z5RS(2s7Encapsulate functionality for IPv4 and IPv6 addresses s(?:\d{1,3}\.){3}\d{1,3}s;(?:[0-9a-fA-F]{1,4}::?|::){1,7}(?:[0-9a-fA-F]{1,4}|(?<=:):)s%^(?:(?P%s)|\[?(?P%s)\]?)$t_familyt_addrt_plent _maskplent_rawRi'Rii<iicCs$|tjkr;tt|j|}|j|||S||f}tjj|}|dk ri|S|tjkrtj |\}}||f}|tjkrtjj|}|dk r|Sqntt|j|}|j|||j tjkr tjj ||n|S(N( RtCIDR_RAWtsupert__new__t _IPAddr__initt CACHE_OBJRRt CIDR_UNSPECt_IPAddr__wrap_ipstrRRR(tclstipstrtcidrRtargs((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyRYs(     cCst|dkrB|ddkrB|ddkrB|dd!}nd|kr[|tjfS|jdd}t|dkrtd|fnd |dksd |dkrtj|d|dtjd|\|_d|_|d k r|dkrd|?}|j|M_||_qq |jtj kr tjd|\}}|d>|B|_d|_|d k r|dkrd|?}|j|M_||_q|jtjr|d@|_tj |_d|_qq n tj |_d S( sP initialize IP object by converting IP address string to binary to integer is!Li ls!QQi@il N(R t AF_UNSPECRRRSRTRRURVRRWRR t inet_ptonRtstructtunpacktisInNett IP6_4COMPAT(R@R_R`tfamilytbinarytmaskthitlo((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt__initsH               cCs t|jS(N(treprRK(R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt__repr__PscCs|jS(N(RK(R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt__str__SscCst|jffS(sIPAddr pickle-handler, that simply wraps IPAddr to the str Returns a string as instance to be pickled, because fail2ban-client can't unserialize IPAddr objects (R$RK(R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt __reduce__VscCs|jS(N(RS(R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pytaddr^scCs|jS(N(RR(R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyRqbstinet4tinet6cCstjj|jS(N(RtFAM2STRRRR(R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt familyStrgscCs|jS(N(RT(R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pytplenkscCs|jS(slThe raw address Should only be set to a non-empty string if prior address conversion wasn't possible (RV(R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pytrawoscCs|jtjkS(s6Either the object corresponds to a valid IP address (RRR Rk(R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyR%xscCs|jtjkr/t|t r/|j|kSt|ts]|dkrNtSt|}n|j|jkrstS|jtjkr|j|jkS|j |j ko|j |j kS(N( RRRRWRRVRRFR RkRSRT(R@tother((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt__eq__~s"  cCs ||k S(N((R@R((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt__ne__scCs|jtjkr/t|t r/|j|kSt|ts]|dkrNtSt|}n|j|jkp~|j|jkS(N(RRRRWRRVRRFRS(R@R((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt__lt__s"  cCs,t|tst|}nd||fS(Ns%s%s(RR(R@R((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt__add__scCs,t|tst|}nd||fS(Ns%s%s(RR(R@R((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt__radd__scCs t|jS(N(thashRK(R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyt__hash__scCsB|jtjkrd|jS|jtjkr:d|jSdSdS(s<Hex representation of the IP address (for debug purposes) s%08xs%032xRN(RRR RRSR (R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pythexdumps   cCsd}|jrOtjd|j}|jr|jdkrd|j}qnj|jr|jd?}|jd@}tjd||}|jr|jdkrd|j}qn|jStj|j ||S( si represent IP object as text like the deprecated C pendant inet.ntoa but address family independent Rs!Li s/%di@ls!QQi( tisIPv4RmtpackRSRTtisIPv6RVR t inet_ntopRR(R@R&RrRtRu((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyRKs    cCs~|jr3|jjd}|dkrad}qan.|jr]|j}|dkrad}qandSddjt||fS(s return the DNS PTR string of the provided IP address object If "suffix" is provided it will be appended as the second and top level reverse domain. If omitted it is implicitly set to the second and top level reverse domain of the according IP address family R s in-addr.arpa.s ip6.arpa.Rs%s.%sN(RRKReRRRtjointreversed(R@tsuffixt exploded_ip((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pytgetPTRs       cCstj|jS(s?Return the host name (DNS) of the provided IP address object (RR6RK(R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pytgetHostscCs|jtjkS(s4Either the IP object is of address family AF_INET (RqR R(R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyRscCs|jtjkS(s5Either the IP object is of address family AF_INET6 (RqR R (R@((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyRscCs|j r/|jdkr/|tj|jkS|j|jkrEtS|jr_d|j?}n|jryd|j?}ntS|j |@|j kS(s9Return either the IP object is in the provided network Rll ( R%RRR1RqRFRRRR{(R@tnetRs((s9/usr/lib/python2.7/site-packages/fail2ban/server/ipdns.pyRos  cCsd}d}id|6d|6dd6}d}xXtddD]G}|d|>O}|dkrrd ||||As      [