�

�ogf����*�dZd
Z
dZddlZddlZddlZddlZddlZddlZddl	Z	ddl
mZm
Z
mZmZmZ
ddlmZ
ddlmZ
dd	lmZmZmZ
dd
lmZ
ddlmZmZmZ
ddl m!Z!mZ"
dd
l#m$Z$
ddl%m%Z%
ddl&m'Z'
ddl(m)Z)
ddl*m+Z+m,Z-m.Z.m/Z/m0Z0m1Z1m2Z3m4Z4m5Z5
ddl6m7Z7
e7e8�
Z,dZ9dZ:ee!jv��
Z<e	jzj}e	jzj~�
Z?e	jzj}e	jzj��
Z@e?dz
e_?e,x
e_,x
e_,e_,e%j�ZBe%j�ZDd�ZEeEx
e_Fx
e_Fx
e_Fe$_Fd�ZGe%j�ZHd�ZIe@f
d�
ZJGd�dej��ZKGd�dej��ZLeKZMeLZNgaOd�ZPePe_Qdx
e_Re_Re+j�ZTd �ZUd!�ZV			d.d"�
ZWd#�ZXd$�ZYd%�ZZd&�Z[if
d'�
Z\Gd(�d)e+�Z]Gd*�d+e]�Z^Gd,�d-e]�Z_y)/zSerg BresterzICopyright (c) 2014- Serg G. Brester (sebres), 2008- Fail2Ban Contributors�GPL�N)�join�isdir�isfile�exists�dirname�
�wraps)
�Thread�)�fail2banclient�fail2banserver�fail2bancmdline)
�Fail2banCmdLine)�exec_command_line�CSocket�
VisualWait)�Fail2banServerr)
�protocol)
�server)
�MyTime)
�Utils�
)	�LogCaptureTestCase�logSys�with_tmpdir�shutil�logging�STOCK�
CONFIG_DIR�TEST_NOW�tearDownMyTime)
�	getLoggerzfail2ban-clientzfail2ban-serverc�4�tj|d
�

y�Nr)r�info�
�argss
 �G/usr/lib/python3/dist-packages/fail2ban/tests/fail2banclienttestcase.py�_test_outputr*Js��
���T�!�W�
�c
��tjd
|�
tjtj�|dzz�

y)Nz===>>> time shift + %s min�<)r�debugr�setTime�time)
�shifts
 r)�_time_shiftr2Qs,��
���*�E�
2�
������
��b��(�
)r+c��tj�Jtjjt�

tjj	tdz�

y
y
)z$Helper to wait observer becomes idleN�)�	Observers�Main�
wait_empty�MID_WAITTIME�	wait_idle�r+r)�_observer_wait_idler;Ys:��
�N�N���.�.���L�)��.�.���<�!�+�,�r+c���
��tj�7tjj����
fd�}|tj_y
y
)zOHelper to block observer before increase bantime until some condition gets trueNc����tj_tj	d
�

tj���
tj	d�

�|i|
�
�

y)Nz4  [Observer::banFound] *** observer blocked for testz.  [Observer::banFound] +++ observer runs again)r5r6�banFoundrr.r�wait_for)r(�kwargs�
_obs_banFound�cond�timeouts  ���r)�	_banFoundz0_observer_wait_before_incrban.<locals>._banFounddsD���*�9�>�>��	�<�<�F�G��>�>�$�� �	�<�<�@�A��$�!�&�!r+)r5r6r>)rBrCrDrAs`` @r)�_observer_wait_before_incrbanrE_s4���
�N�N���.�.�)�)�-�"�&�)�.�.��r+c
��eZ
dZd
Zy)�
ExitExceptionzException upon a normal exitN��__name__�
__module__�__qualname__�__doc__r:r+r)rGrGt���
#�
r+rGc
��eZ
dZd
Zy)�FailExitExceptionzException upon abnormal exitNrHr:r+r)rOrOyrMr+rOc�L�t
t�
rtjd
�
Sy)Nr�exit)�len�INTERACT�popr's
 r)�_test_input_commandrU�s����M�	���a���	r+Fc��t
||
�}|jd
j|�
|rd
n
dz�

|j�
y)N�

�)�open�writer�close)�fn�mode�lines�
fs    r)�_write_filer`�s4��	�"�d�^��
������5�	�5�4�b�	1�
2�
���r+c
��d}
	t
|�
}
|
j�|
�|
j�
SS#|
�|
j�
wwxYw
�
N)rY�readr[)r\r_s  r)�
_read_filerd�sE��	��
�
�2�h�!�	
�����]��7�7�9���Q�]��7�7�9��s	�2�Ac�f�t
|d
�}|dk(rt
|d�}d}	|
�
rt�
rd�}
tjt||
��
|�Jdt|�
z��
|�d}t
jd	�
}tjt
|d
�d��D]1}|jd
�
}|j|�
rd}t|�

�3t
jd�
}tjt
|d�d��D]1}|jd
�
}|j|�
rd}t|�

�3|rdn
d}	nftj|�

tt
|d
�dddd|j!dd�zddt
|d�zdt
|d�zdd|zdd d�

|	r"tt
||	�dgd!dd"d#|zdf|z�
��
|rtt
|d$�dg|�
��
t"j$j&t(j*kr]t-t
|d
��

t-t
|d��

|rt-t
|d$��

|	r|	dk7rt-t
||	��

|rXtrR|D]M}
tj.tj0j3t
t|
��
t
||
��
�O|r|D]}
t|
d%|i
zd�
�d&\}}t"j$j&t(j4krat7t"j$j&�
}t"j$j8d'kDr!d(d)t"j$j8zzf
}|d*|fz}d+|d,t
|d�d-t
|d�d.|f|zd/dd0t7t:j<�
fzS)1N�config�autozf2b-db.sqlite3�	jail.confc	�X�|
D�cgc]}t
t||��
s
�|��c}Sc
c}w)
z?Filters list of 'files' to contain only directories (under dir))r�pjoin)�dir�filesr_s   r)�ig_dirsz_start_params.<locals>.ig_dirs�s#���
4��u�U�3�
�]�3�1�
4�4��
4s�'�')
�ignorez?We are about to overload use_stock_cfg from the one provided %s)�action.dzfilter.dz^dbfile\s*=z
fail2ban.confT)
�inplacerWzdbfile = :memory:z^backend\s*=�backend = pollingz
jail.localrX�
w�[Definition]zloglevel = INFOzlogtarget = �
%z%%zsyslogsocket = autoz	socket = �f2b.sockz
pidfile = �f2b.pidz	dbfile = zdbmaxmatches = 100zdbpurgeage = 1d�
[INCLUDES]�	[DEFAULT]ztmp = zfail2ban.local�tmp)r:�INFOr�
-�
vz
--loglevel�-c�-sz-p�--logtargetz--syslogsocketz	--timeout)rjrr�copytree�STOCK_CONF_DIR�repr�re�compile�	fileinput�input�rstrip�match�print�os�mkdirr`�replace�unittest�F2B�	log_levelr�DEBUG�	_out_file�symlink�path�abspathrz�str�	verbosityr�MAX_WAITTIME)ry�	use_stock�
use_stock_cfg�	logtarget�db�	f2b_local�jails�create_before_start�cfg�j_confrm�
r�line�
n�vvv�llevs                r)�
_start_paramsr��sw��
�S�(����&�L��S�"�#�"�
��
�%�5�	�/�/�.�#�g�6�	�	�
[
�D�t�M�GZ�Z�
[
�	���,D�M��j�j�� �!��o�o�e�C��9�4�H��d�
�+�+�d�
�4��g�g�d�m��D���;�	�	�j�j��!�!��o�o�e�C��5�t�D��d�
�+�+�d�
�4��g�g�d�m��D���;�	�!�<�b�&��(�(�3�-�
�e�C��)�3����I�%�%�c�4�0�0����s�J�'�'��%��Y�'�'����������
�e�C�� �#���"��(�S�.�"������
�e�C�)�*�C�<�)�<��L�L���W�]�]�*��E�#��'�(��E�#�{�#�$���U�3�(�
)�*���+�%��U�3��
� ��e��
H
�a��:�:�b�g�g�o�o�e�N�A�6�7��s�A��G�
H
���
&�a��q�E�3�<���%�
&����d��L�L���W�\�\�)�	�X�\�\�
#�
#�	$�$�
�\�\���a��

��H�L�L�*�*�*�
*�	,�3��|�T�"�"����T�5��j�)�4��s�I�1F���	�#�	$�'7��
�s�?�/�/�0�'�	�r+c
�V�	||j
d
�
dzdk(S#t$r
YywxYw
)Nrr�	INHERITEDF)�index�
ValueError�
�startparamss
 r)�_inherited_logr��s9���	�[�&�&�}�5�a�7�	8�K�	G�G���
�	�
�s��	(�
(c
���d}
	t
|�
}
tjd
|
�j�}
t	|
�
S#t
$r }tj|�

Yd}~|
Sd}~w
wxYw
)Nz\S+)rdr�r��group�int�	Exceptionrr.)�pidfile�pid�
es   r)�_get_pid_from_filer��sZ������7��#�
������#�#�%�#�	�S��/���
��,�,�q�/�/����
�s�9>�	A'�A"�"A'c
� ��tjd
|t|�
f�
t|�
r%|}
t|
d�}t	|�
st|
d�}t
jjtjkr:t
d�}t	|�
rt|�

ntjdd|�
t	|�
stjd
�
ytjd	|�
t|�
���
y
	tjd��
�dks�tj�k(rtd
��
d|�
d��
�
t!j"��
s
ytj$�t&j(�
t!j*�f
d�d�s$tj$�t&j,�
tjd�

t!j"��
S#t.$r}tj1|�

Yd}~yd}~w
wxYw
)Nzcleanup: %rrvzfail2ban.pid�f2b.logr4z
no logfile %rzcleanup: no pidfile for %rTzcleanup pidfile: %rFzcleanup pid: %rrzpid z of z is invalidc�0�
�t
j��
Srb)r�
pid_exists)
r�s
�r)�<lambda>z_kill_srv.<locals>.<lambda>+
s���E�$4�$4�S�$9� 9�r+r�cleanup: kill ready)rr.rrjrr�r�r�rr�r��logr�r��getpidr�rr��kill�signal�SIGTERMr?�SIGKILLr��	exception)r��piddir�logfiler�r�s    @r)�	_kill_srvr�	
s�
���
���m�g�u�W�~�6�
7�	�'�N��&��&�)�$�'�	���
�6�>�
*�7�
�L�L���W�]�]�*��&�)�$�'��G�_��W��	�:�:�a��'�*��w���,�,�+�V�4�	
�
���#�W�
-��'�"���K�	���,�,� �#�&��A�X���	�	��#�	��g�>�	?�?�	�	�	�#�	�
��'�'�#�v�~�~��	���9�1�	=��7�7�3������,�,�$�%�
�
�
�c�
"�	"�"���
����1�����
�s �?AG%�BG%�%	H
�.H�H
c
�.��t
��
�f
d
��}
|
S)z�Helper to decorate tests which receive in the last argument tmpdir to pass to kill_srv

	To be used in tandem with @with_tmpdir
	c
�X�
�|
d
}	�|g
|
�
��t
|�

S#t
|�

wxYw
)N���)
r�)�selfr(r�r_s   �r)�wrapperzwith_kill_srv.<locals>.wrapper:
s-�����H�'��
�D�.�4�.��W���9�W��s��
)r	)r_r�s` r)�
with_kill_srvr�5
s"���
�
�(����	�r+c
����f
d
�}
|
S)z}Helper to decorate tests uses foreground server (as thread), started directly in test-cases

	To be used only in subclasses
	c
�D�
��tt��
��fd
���}
|
S)Nc����
��	�d}t
��	t�
f
d
di
��
�
�	td�j�
�	�f��}d|_|j�
ttff
���	�
fd�	}|�_tj�f
d�t�
�j�jdd��

�j�
d�	��	�
tj d
�

�j#�
�
��
�	g|�
�i|�
�
|rWtj d�

�j#�
�j�
�jdd�r|j%�
t'�
S#t($rD}t+d
|z�

�j-�}|rt+d|z�

�j#�
�d}~w
wxYw
#|rWtj d�

�j#�
�j�
�jdd�r|j%�
t'�
wxYw
)Nr�r��_TestCaseWorker��name�targetr(Tc
��
��t
�
�
jd
d�sFtjj	t�d��
st
j�
f
d�t�
�
jd
d�sj�j|�d�
t
j�
f
d�t�
�j�
jd
d��

�jdddt�	�
d
��_
y)N�endrvc�,�
��j
d
d�du
S�Nr��
�get�
�phases
�r)r�zywith_foreground_server_thread.<locals>._deco_wrapper.<locals>.wrapper.<locals>._stopAndWaitForServerEnd.<locals>.<lambda>_
����U�Y�Y�u�d�3�4�?�r+�stopc�,�
��j
d
d�du
Sr�r�r�s
�r)r�zywith_foreground_server_thread.<locals>._deco_wrapper.<locals>.wrapper.<locals>._stopAndWaitForServerEnd.<locals>.<lambda>d
r�r+�Shutdown successfulzExiting Fail2banT��all�waitc��yrbr:)r(r@s  r)r�zywith_foreground_server_thread.<locals>._deco_wrapper.<locals>.wrapper.<locals>._stopAndWaitForServerEnd.<locals>.<lambda>h
��r+)r"r�r�r�rrjrr?r8�execCmdr��
assertTrue�assertLogged�stopAndWaitForServerEnd)�coder�r�r�rys ����r)�_stopAndWaitForServerEndzgwith_foreground_server_thread.<locals>._deco_wrapper.<locals>.wrapper.<locals>._stopAndWaitForServerEnd[
s�������I�I�e�T�"�2�7�7�>�>�%��Y�:O�+P��n�n�?��N��I�I�e�T�"�
�l�l�4��f�-��n�n�?��N�
�o�o�e�i�i��t�,�-�
���-�/A�t�R^��_�$@�T�!r+c�,�
��j
d
d�du
S)N�startr�r�s
�r)r�zWwith_foreground_server_thread.<locals>._deco_wrapper.<locals>.wrapper.<locals>.<lambda>k
s���5�9�9�W�d�3�4�?�r+r�)r�r�z=== within server: begin ===z=== within server: end.  ===r�z=== Catch an exception: %sz#=== Error of server, log: ===
%s===)�dictr�r�_testStartForeground�daemonr��SUCCESS�FAILEDr�rr?r�r�r��
_wait_for_srv�	DefLogSysr&�pruneLogrr"r�r��getLog)r�ryr(r@�thr�r�r�r�r�r_�
startextras``      @@��r)r�zEwith_foreground_server_thread.<locals>._deco_wrapper.<locals>.wrapperI
s�
���	
�2��6�5�6���I�{�I�j�I�K�	�
��%�%���U�
#�
�B�
�B�I��H�H�J�(/��&7�
A
�
A
�$<�D� �	�N�N�?��N��O�O�E�I�I�g�t�,�-����s�D�k���G�
�N�N�1�2��M�M�O��T�3��5�d�5�f�5�
��^�^�2�3�	�]�]�_�	�!�!�#�	�	�	�%����g�g�i����#�
�	�'�!�+�-�
�+�+�-�C�
�
�2�S�8�:�	�]�]�_�	��

��
��^�^�2�3�	�]�]�_�	�!�!�#�	�	�	�%����g�g�i���s%�C E�	F$� ?F�F$�$F'�'A%H)rr
)r_r�r�s` �r)�
_deco_wrapperz4with_foreground_server_thread.<locals>._deco_wrapperH
s)������8�9���9�t

�.r+r:)r�r�s` r)�with_foreground_server_threadr�C
s���
=�|
	�
r+c��eZ
dZejZd
�Zd�Zd�Ze	dd�
�Z
dd�
Zd�Zd�Z
d	�Zed
di
��
d
��Zeed���Zy)�Fail2banClientServerBasec
��yrbr:)r�r(r@s   r)�_setLogLevelz%Fail2banClientServerBase._setLogLevel�
s��r+c
��t
j|�

d
t_tj
t_t|j�
t_
y)zCall before every test case.r�N)r�setUpr�
DEF_LOGTARGETr��level�DEF_LOGLEVEL�staticmethod�
_test_exitr�_exit�
r�s
 r)r�zFail2banClientServerBase.setUp�
s5�����4� �$�&��!���&��&�t���7�/�r+c
��|jt_tt_tt_tj|�

t�
y
)zCall after every test case.N)�
_orig_exitrr
�SRV_DEF_LOGTARGETrr��SRV_DEF_LOGLEVELr

r�tearDownr"r
s
 r)r

z!Fail2banClientServerBase.tearDown�
s2���/�/�/��*�&��(�&�����d�#��r+c
�4�|d
k(r
t
��
t��
r%)rGrO)
r�s
 r)r
z#Fail2banClientServerBase._test_exit�
s��	�Q�Y�	���	�	�r+Nc������si�	t
|
d
��tj��fd�t�}|r�j	d�
rtd|���
�
|r1tj�f
d�t�}|std��d|���
�
yy#
t
|�
r,td�j�z�

�j�
t
|
d	�}t|�
rt|�

�t
|�
stjd
|�
�xYw
)Nruc�@���j
d
�
x
s
t�
�
Sr�)r�r)r��socks��r)r�z8Fail2banClientServerBase._wait_for_srv.<locals>.<lambda>�
s����	�	�%� 0� @�F�4�L�r+r�z7Unexpected: Socket file does not exists.
Start failed: c�(�
�d
�j
�vS)N�Server ready)
r�r
s
�r)r�z8Fail2banClientServerBase._wait_for_srv.<locals>.<lambda>�
s����4�;�;�=�!@�r+z.Unexpected: Server ready was not found, phase z.
Start failed: z,=== Error by wait fot server, log: ===
%s===r�z*No log file %s to examine details of error)rjrr?r�r�r�r�r�r�r�rr�rr.)r�ry�readyr�r��retr�r
s`   `  @r)r�z&Fail2banClientServerBase._wait_for_srv�
s����	���	�
��Z�
 �4�	���@�,�	O�3�

����5�!�
��
����
�.�.�@�,�
O�C���	��
������		��[�!�	�:�T�[�[�]�J�L��M�M�O�	�s�I�	�3��S�k�
�c�N�	�
�;�'�
�L�L�=�s�C��s
�A=B�A>Dc�j�|j
|
|jd
|jdd|z|z�
y)Nrr)�assertRaisesr)r��exitTyper�r(s    r)r�z Fail2banClientServerBase.execCmd�
s9�����H�d�4�4�Q�7����1�2���,�t�3�
6r+c��|
|
j
d
�
dz}t|�
}	|j|�
|j�
S#|j�
wxYw
)Nr~r)r�r�sendr[)r�r�r(r
�
ss     r)�
execCmdDirectz&Fail2banClientServerBase.execCmdDirect�
sH��	�[�&�&�t�,�Q�.�	/�$�
�d�m�!�
�
�&�&��,��7�7�9��1�7�7�9�s�A�Ac���tjd
�

d|d<	|jtd|zd�
d|d<d|d<tjd�

y#d|d<d|d<tjd�

wxYw
)Nzstart of test workerTr��
z-fFr�zend of test worker)rr.r�r�)r�ryr�r�s    r)r�z-Fail2banClientServerBase._testStartForeground�
sv���,�,�%�&��%��.�&��<�<���;�.��8��5��>��5��<�	�<�<�$�%���5��>��5��<�	�<�<�$�%�s�A�!A7r�)z[Thread]zstacksize = 128�
r�c�
�|j
�
|jt|d
d�
|jd�

|jt|d�
|jt|d�
|jt|dd�
y)Nr��threadz{'stacksize': 128}�ping�~~unknown~cmd~failed~~�echo�	TEST-ECHO)r�r�r�r�r��r�ryr�s   r)�testStartForegroundz,Fail2banClientServerBase.testStartForeground�
sa���-�-�/��,�,�w��U�H�5����(�)��,�,�w��V�,��,�,�v�{�$<�=��,�,�w��V�[�9r+c�2��tjstjd
�
�
t	|
d�}t
j|�
}|j
j
�}|jd�

|j�
t|
|d��}ddi
}�f
d�}td	|||f�
�}|j�
	�jtd|zd�
d
|d<|j�
�jddd��
y#d
|d<|j�
wxYw
)NzSkip test because no databaseztmp.dbz#UPDATE fail2banDb SET version = 555r�)r�r�r�Tc�h�
�
�t
j�
f
d
�t�s�j|d�
yy)Nc��
��d
S)Nr�r:r�s
�r)r�z[Fail2banClientServerBase.testStartFailsInForeground.<locals>._stopTimeout.<locals>.<lambda>�
s���U�6�]�!2�r+r�)rr?r�r
)r�r�r�s `�r)�_stopTimeoutzIFail2banClientServerBase.testStartFailsInForeground.<locals>._stopTimeout�
s(���
�.�.�2�L�
A����{�F�+�B
r+r�r�r
r�Fz/Attempt to travel to future version of database�Exit with code 255�
r�)r�
Fail2BanDbr��SkipTestrj�_db�cursor�
executescriptr[r�rr�r�r�rr�)	r�ry�dbnamer��curr�r�r(
r�s	`        r)�testStartFailsInForegroundz3Fail2banClientServerBase.testStartFailsInForeground�
s

���
�	�	�	�	�	�:�	;�;���X��&�
���� �"�
���
�
��#����9�:��)�)�+��c�f��D�+��4�.�%�,���
�	�e���"�
�(�(�*�
��<�<���+�-�w�7��5��=��7�7�9����E��T��
#���5��=��7�7�9�s�;C?�?D)
r)TNN)rIrJrKrr
r
r�r�r

r
r
r�r�r
r�r�r$
rr�r2
r:r+r)r�r��
s����#�#��
�8������	�<6�
�
&� �K�9�,��
:��
:���#���#r+r�c��eZ
dZeefZd
�Zd�Zed��Z	ee
d���Zee
d���Zee
d���Z
ed��Zd�Zy	)
�Fail2banClientTestc
��|j
tttt��
�

|j
tttt
��
�

yrb)r�rrj�BIN�CLIENT�SERVERr
s
 r)�testConsistencyz"Fail2banClientTest.testConsistencys2���/�/�&��s�F�+�,�-��/�/�&��s�F�+�,�-r+c
��|j
td
d�
|jdtz�

|jd�

|j	�
|j
td
d�
|jtj��

|j	�
|j
td
dd�
|jdt
jz�

|j	�
|j
td
d	d
�
|jd�

y)Nr:�-h�Usage: �Report bugs to z-Vz-vqz	--versionz
Fail2Ban vz	--str2sec�1d12h30m�131400)r�r�r�r7
r�r�normVersion�versionr
s
 r)�testClientUsagez"Fail2banClientTest.testClientUsages����,�,�w��D�!����I��&�'����%�&��-�-�/��,�,�w��D�!����O�/�/�1�2��-�-�/��,�,�w��E�;�/����L�?�#:�#:�:�;��-�-�/��,�,�w��K��4����H�r+c��t
|
d
�}|jt|d�
|jd�

|jd�

|j	�
|jt|d�
|jd�

y)NTz-vvdz
Loading filesz['set', 'logtarget',z--dp)r�r�r�r�r�r#
s   r)�testClientDumpz!Fail2banClientTest.testClientDump(se���c�4�(�+��,�,�w��V�,����O�$����*�+��-�-�/��,�,�w��V�,����*�+r+c�R�t
|
d
�}|jtd|zd�
|j|
d
|��
|j	d�

|j	d�

	|jt|dd�
|jt
|d	�
|j
�
|jt
d|zd�
|j	d
�

|j
�
|jt|d�
|j	d�

|j	d�

|j
�
|jt
|d�
|j	d
�

|j	d�

y#|j
�
|jt|d�
|j	d�

|j	d�

wxYw
)NT�
z-br�r�r
�Exit with code 0r!
r"
r 
zServer already runningr�r�zFailed to access socket pathzIs fail2ban running?)r�r�r�r�r�r�r�r#
s   r)�testClientStartBackgroundInsidez2Fail2banClientTest.testClientStartBackgroundInside4sU
���c�4�(�+��,�,�w��+�-�w�7����S�$�K��8����N�#����&�'�)��<�<���f�k�:��<�<���%=�>��=�=�?��<�<���+�-�w�7����-�.��=�=�?��<�<���f�-����*�+����'�(��-�-�/��,�,�v�{�F�+����2�3����*�+���=�=�?��<�<���f�-����*�+����'�(�s�A*E�AF&c�.	�t
|
t|
d
���}tjjr|jt|dz�
n�tjttt�f}tjd|�
||zdz}tj|tdd��}|j!t#|�
x
r
|d	�

|j%|
d|�
�
|j'd�

|j)�
	|jt|dd
�
|j'd
�

|j'd�

|j)�
|jt|dd�
|j'd�

|j)�
t+t|
d��
}	t-j.|t0j2�
t5j6tj8�

|jt:|dd�
t-j.|t0j<�
|j'd�

|j)�
	d	dl}tDgd�
z
a"|jt|d�
|j'd�

|j'dd�
|j'd�

|j)�
tDgd�
z
a"|jt|d�
|j'd�

|j'd�

|j'd�

|j'd�

|j)�
tDddgz
a"|jt|d�
|j'd �

|j)�
|jt:|d!d"�
|j'd �

|j'd#�

|j)�
|j)�
|jt|d$�
|j'd�

|j'd�

y#t-j.|t0j<�
wxYw
#t@$r}tjBd|z�
�
d}~w
wxYw
#|j)�
|jt|d$�
|j'd�

|j'd�

wxYw
)%Nr��
r�)
r��Start %s ...)�--asyncr�FT�rC�shell�outputrr�r
r!
r"
rG
r
z0.1zServer replied: pongrvz1e-10z	timed outz%Skip test because of import error: %s)zecho INTERACT-ECHO�statusrQz-iz
INTERACT-ECHO�StatuszNumber of jail:)�reload�restartrQzReading config files:r�zreload ~~unknown~jail~fail~~rQz@Failed during configuration: No section: '~~unknown~jail~fail~~'rR
z~~unknown~jail~fail~~r)
r�)#r�rjr�r��fastr�r��sys�
executabler6
r7
rr.r�
executeCmdr�r�rRr�r�r�r�r�r�r��SIGSTOPr0�sleep�DEFAULT_SHORT_INTERVALr��SIGCONT�readline�ImportErrorr,
rS)r�ryr��cmdr
r�r\
r�s        r)�testClientStartBackgroundCallz0Fail2banClientTest.testClientStartBackgroundCallSs����c�U�3�	�-B�C�+�
�\�\����<�<���z�1�2��.�.�%��V�,�	-�3�	�<�<���$�	�{�	�2�	2�3�	�	�	�#�|�5��	N�3��?�?�3�s�8�&��A��'����c�4�S��1����N�#��-�-�/�F
)��<�<���f�k�:����[�!����'�(��=�=�?��<�<���f�e�4����+�,��=�=�?�
�E�#�y�1�	2�3�!��G�G�C���� ��J�J�u�+�+�,��L�L���f�g�6��G�G�C���� ����[�!��=�=�?�I
�����8�
�<�<���d�+����_�%����X�0�1����'�(��=�=�?����8�
�<�<���d�+����,�-����*�+����^�$����'�(��=�=�?��"�
���8��<�<���d�+����W�X��=�=�?��<�<���X�/F�G����W�X����)�*��=�=�?��=�=�?��<�<���f�-����*�+����'�(��c
�G�G�C���� ���
I
�
�
�
�C�a�G�
H�H��
I
��N
�=�=�?��<�<���f�-����*�+����'�(�sM�BQ	�AO7�:AQ	�P �E)Q	�7&P�Q	� 	Q�)Q
�
Q�Q	�	ARc��t
|
d
��}|jtdddt|
d�d�
|j	dt|
d�zd	z�

|j�
|jtddt|
d
�dt|
d�d
�
|j	d�

|j�
t
t|
d�d�j�
|jtdddt|
d
�dt|
d�d�
|j	d�

|j�
tjt|
d��

|jtdd�
|j	d�

|j�
y)Nr�rJ
r:rL
r}�missr��Base configuration directory � does not existrfr~rurR
�Could not find server�
a�LFail2ban seems to be in unexpected state (not running but the socket exists)r<
�
r�r�r�rjr�r�rYr[r��remover#
s   r)�testClientFailStartz&Fail2banClientTest.testClientFailStart�s<
���c�[�9�+��,�,�v�r��d�E�#�v�&��
1����3�e�C��6H�H�K\�\�]��-�-�/��,�,�v�r���s�H�	�t�U�3�
�%;�X�
G
����+�,��-�-�/��u�S�*��s�#�)�)�+��,�,�v�r��d�E�#�x�(�$��c�:�0F��
Q
����b�c��-�-�/��)�)�E�#�z�"�#��,�,�v�r�4� ����I���-�-�/r+c�
�t
|
d
��}|jt|dd�
|jd�

|j	�
|jt|dddd�
|jd�

|j	�
y)	Nr�rJ
rR
�jailrd
rL
z--xxxz"Unexpected argument(s) for reload:)r�r�r�r�r�r#
s   r)�testClientFailCommandsz)Fail2banClientTest.testClientFailCommands�sr���c�[�9�+��,�,�v�{��V�
����+�,��-�-�/��,�,�v�{��h���
)����8�9��-�-�/r+c
���d
}
dD]d}d}t
|d�5}|rI|j�
|r/tjjstj|
�

|dz}|r
�Iddd�
�fy#1s
w
Y

�qxYw
)Ng�Q���?)rr�r4r)r�	heartbeatr�r�rT
r0rY
)r��	sleeptime�verbose�cntr�viss     r)�testVisualWaitz!Fail2banClientTest.testVisualWait�sv���)���g�
�4��7�A���#�
��]�]�_�����)�)�
�j�j���	�Q�Y�T�	������s�AA-�-A6	N)rIrJrK�_exec_clientr7
rr9
rB
rrD
r�rH
r_
ri
rl
rt
r:r+r)r4
r4
s���"�F�,�
�.���	,��	,���,���,�:��W
)���W
)�r������:����"	r+r4
c�~
�eZ
dZeefZd
�Zeed���Z	eed���Z
eed���Zed��Ze
ddi
��
d	��Zej j#d
��
e
dd
dd���
d���Zej j#d��
e
ddddd���
d���Ze
�d��Zy)�Fail2banServerTestc
��|j
td
d�
|jdtz�

|jd�

y)Nr:r;
r<
r=
)r�r�r�r8
r
s
 r)�testServerUsagez"Fail2banServerTest.testServerUsage�s4���,�,�w��D�!����I��&�'����%�&r+c�*�t
|
t|
d
���}tjttt
�f}tjd|�
||zdz}tj|tdd��}|jt|�
x
r
|d�

|j|
d|�	�
|jd
�

|j�
	|j!t"|dd�
|j!t$|d
�
|j�
|j!t"|d�
|jd�

|jd�

y#|j�
|j!t"|d�
|jd�

|jd�

wxYw
)Nr�rJ
rK
rF
FTrM
rr�r
r!
r"
r 
r�r�rG
)r�rjrU
rV
r6
r8
rr.rrW
r�r�rRr�r�r�r�r�r��r�ryr�r^
r
s     r)�testServerStartBackgroundz,Fail2banServerTest.testServerStartBackground�s>
���c�U�3�	�-B�C�+�	����s�F�+�,�#��,�,�~�s�#��k��G�#�#�
����l�%��M�#��/�/�#�c�(�%�s�1�v�&����S�$�C��0����N�#��-�-�/�)��<�<���f�k�:��<�<���%=�>��=�=�?��<�<���f�-����*�+����'�(��	�=�=�?��<�<���f�-����*�+����'�(�s
�/E�AFc��
�t
|
d
��}|jtddt|
d��
|j	dt|
d�zdz�

|j�
t
t|
d�d	�j�
|jtddt|
d
�dt|
d��
|j	d�

|j�
tjt|
d��

y)
Nr�rJ
r:r}ra
rb
rc
rure
rfr~rf
rg
r#
s   r)�testServerFailStartz&Fail2banServerTest.testServerFailStart
s����c�[�9�+��,�,�v�r���s�F�	�
����3�e�C��6H�H�K\�\�]��-�-�/��u�S�*��s�#�)�)�+��,�,�v�r���s�H�	�t�U�3�
�%;�
=����b�c��-�-�/��)�)�E�#�z�"�#r+c	��
�t
|
d
��}t|
d�}|jd�

|jt|d�
|jd�

t
t|d�dd	d
d	dd�
|jd
�

|jt|d�
|jdddd��
|jd�

|jt|dd�
|jdddd��
y)Nr�rJ
rfz[test-phase 0]z--testz$OK: configuration test is successfulrhre
rX�
[broken-jail]�filter = broken-jail-filter�enabled = truez[test-phase 0a]�.Unable to read the filter 'broken-jail-filter'zErrors in jail 'broken-jail'.z ERROR: test configuration failedTr*
z[test-phase 0b]z-tr�)r�rjr�r�r�r�r`r�)r�ryr�r�s    r)�testServerTestFailStartz*Fail2banServerTest.testServerTestFailStart!s����c�[�9�+�
�c�8��#��-�-� �!��,�,�w��X�.����:�;��e�C��%�s�B���$�&6�
8��-�-�!�"��,�,�v�{�H�-����D�"�%�4��1�
�-�-�!�"��,�,�v�{�D�'�2����D�"�%�4��1r+c�X�
�	t
�
t�
d
���}tjttt
�f}tjd|�
||zdz}tj|tdd��}|jt|�
x
r
|d�

|j�
d|�	�
|jd
�

|j�
tjd�
�
|jt!�
�
�

tj"�
f
d�t�
|j%t't�
d
��
�

|jd�

|j�
|jt!�
�
�

|jd�

y#|jt!�
�
�

wxYw
)NzGf2b.log[format="SRV: %(relativeCreated)3d | %(message)s", datetime=off]rJ
rK
rF
FTrM
rr�r
zKill server ... %sc�0�
�t
t�d
��
S)Nrv)rrj)
rys
�r)r�z7Fail2banServerTest.testKillAfterStart.<locals>.<lambda>Ss���V�E�#�y�$9�:�:�r+rvr�zcleanup: no pidfile for)r�rjrU
rV
r6
r8
rr.rrW
r�r�rRr�r�r�r�r?�assertFalserr{
s `   r)�testKillAfterStartz%Fail2banServerTest.testKillAfterStart?sD
���#��s�e�C�M�
/O
�
P
�;��.�.�%��V�,�	-�3�	�<�<���$�	�{�	�W�	$�3�	�	�	�#�|�5��	N�3��?�?�3�s�8�&��A��'����c�4�S��1����^�$��=�=�?�	�<�<�$�c�*��?�?�9�S�>�"��.�.�:�L�I����6�%��Y�/�0�1����)�*��-�-�/��/�/�)�C�.�!����-�.���?�?�9�S�>�"�s�C"F
�
F)r�rgr
c������t
|
d
��t
|
d��t
|
d��t
|
d��tjt
�d��

		dÈf
d	�	}dĈ���fd
�	}|d��

|d��

|d
g
gd�
��
tt
�d�dddddd�
t�dgt	tt
j��
�
dzf
dz�
��
t�d�
t�d�
|jd�

tjjtjkrt��

|jt |d�
|j#dddt$��
|j#d�z�

|j#d�

|j#dd d�!�
|j#d"d#dt$��
|j#d$d%d&d�!�
|jd'�

|d
d(g�)�

tjjtjkrt��

|jt |d�
|j#dt$�*�
|j'd+dd�!�
|j#d�zd�zd�!�
|j#d,d-d�!�
|j#d.d/d�!�
|j#d0d1d�!�
|j'd2�

|jd3�

|d
g
�)�

|dd4dzd5dzd6dz�7�
|jt |d�
|j#dt$�*�
|j'd+dd�!�
|j'd8�

|j#d,d9d�!�
|j#d:�

|j#d;�

|j'd<�

|dd=�>�
|d(dg�)�

|jd?�

t�d@gt	tt
j��
�
dAzf
dzt	tt
j��
�
dBzf
dzzt	tt
j��
�
dCzf
dzzt	tt
j��
�
dDzf
dzz�
��
tjjtjkrt��

|j#dEdFdt$��
|jt |dGdHdIdJ�
|j#dKt$�*�
|j#dLdMdNdOdPdQdRd�!�
|j'dSdTdUdVd�!�
t)�
|j+|j-|dW�dXdYgdZ�
i
dHgd[�
i
gf�
|j+|j-|dWd\d]d^�dXdYg
dYdHgggf�
|j+|j-|d_dYdW�d
gdZ�
�
|j+|j-|d_dHdW�d
gd[�
�
|j/|j-|d_dYdWd`�d
d
�
|j/|j-|d_dYdWdJ�d
dX�
|j/|j-|d_dYdWd`dJ�d
d
dXg�
|jda�

|jt |dbdH�
|j#ddcdKdt$��
|j#dddedfdgd/dhdidjd�!�	
|j#dkdldt$��
|j'dmdnd�!�
|jdo�

|jt |dGdHdIdp�
|jt |dGdHdIdq�
|j#drdsdt$��
t)�
|jdt�

|jt |d_dHdIdu�
|j#d]dvdpdqdt$��
|jdw�

|jt |d_dYdI�
|j#d\dxd`d]dvdt$��
|jdy�

|jt |dbdzdH�
|j#dd/dt$��
|j#dgd/dddedfd�!�
|j#d{d|d�!�
|j#d}�

|j'd~dd�!�
|j'dPdQd�!�
|dd=�>�
|g�)�

|jd��

|jt |ddY�
|j#dt$�*�
|j#d�d�d�!�
|j'd�d�d�d�!�
|jd��

|d
g
���

|jt |d�
|j#dt$�*�
|j#d��

|j#d�dgd�!�
|j#d��zd��zd�!�
|jd��

t�d@gt	tt
j��
�
d�zf
dzt	tt
j��
�
d�zf
dzzt	tt
j��
�
d�zf
dzz�
��
tjjtjkrt��

|j#d�d�dt$��
|j#d�d�d�d�d�!�
|j'd��

|jd��

|jt |d�d�d�d��
|j#d�d�dt$��
|jd��

|jt |d�d�d��
|j#d�d�dt$��
|jt |d�d�d�d��
|j#d�d�dt$��
|jd��

|jt |d�dGdYdId�d��
|j#d�d�dt$��
|jt |d�dGdYd�d��
|j#d�d�dt$��
|jd��

|jt |ddz�
|j#dt$�*�
|j#d�d+d�d�!�
|j'd�d�ddNd�!�
|jd��

|jt |d�d�d��
|j#d�d�d�!�
|jd��

|d
g
d����
|jt0|d�
|j#dt$�*�
|j#d�d�d�!�
|jd��

|d
g
���

|jt |d�
|j#dt$�*�
|jd��

|jt0|d�ddH�
|j#dt$�*�
|j#d��

|j�
|jt |d�dd�dH�
|j#dt$�*�
|j'd.d/d�!�
|jd��

|jt |d�dd�d��
|j#dt$�*�
|j#d�d�dt$��
|jd��

|jt |d�dGdYd�d�d��
|jt |d�d_dYd«
|j#d�d�d�!�
y)�Nrf�	test1.logz	test2.logz	test3.logro�test-action1TrXc�
�
�t
�d
d|z�}|
stj|�

yt|ddddddd	d
dd|d
|d|d|d|�
tj
jtjkrt|�

yy)Nro�%s.confrrrxz_exec_once = 0rXrsznorestored = %(_exec_once)sz
restore = zinfo = z<_use_flush_ = echo '[%(name)s] %(actname)s: -- flushing IPs'z6actionstart =  echo '[%(name)s] %(actname)s: ** start'z7actionreload = echo '[%(name)s] %(actname)s: .. reload'zMactionban =    echo '[%(name)s] %(actname)s: ++ ban <ip> %(restore)s%(info)s'z;actionunban =  echo '[%(name)s] %(actname)s: -- unban <ip>'z5actionstop =   echo '[%(name)s] %(actname)s: __ stop')
rjr�rh
r`r�r�r�rr�r�)	�actname�allowr�rR
�ban�unbanr�r\r�s	        �r)�_write_action_cfgzBFail2banServerTest.testServerReloadTest.<locals>._write_action_cfgks����
�c�:�y�7�2�3�2�
��I�I�b�M�
��r�3�����!��
�B�<�e�=�v�S�UX�A�5�;�T���l�l����
�
�-�
�b�M�.r+c��
��t
gt�d
��
d�
d�
d�
d�
d�
d�
d�
d�
d	�
d
�
d�
d�
d�
d
|z�
d�
d�
d|
vrdn
d�
d|
vrdn
d�
d|
vrdn
d�
d�z�
d|vrd�zn
d�
d|vrd�zn
d�
d	�
d|vrdn
d�
d|vrdn
d�
d�
d�
d
|z�
d�
d�
d|
vrdn
d�
d|
vrdn
d�
d�z�
d|vrdn
d�
��
tjjt
jkrtt�d
��

yy)NrhrrrwrXrx�usedns = no�maxretry = 3zfindtime = 10mzBfailregex = ^\s*failure <F-ERRCODE>401|403</F-ERRCODE> from <HOST>�datepattern = {^LN-BEG}EPOCHzignoreip = 127.0.0.1/8 ::1�[test-jail1]�
backend = �filter =z	action = rz*         test-action1[name='%(__name__)s']rzj         test-action2[name='%(__name__)s', restore='restored: <restored>', info=', err-code: <F-ERRCODE>']�z�         test-action2[name='%(__name__)s', actname=test-action3, _exec_once=1, restore='restored: <restored>', actionflush=<_use_flush_>]�
logpath = z
          z@            ^\s*error <F-ERRCODE>401|403</F-ERRCODE> from <HOST>r�
z[test-jail2]�r`rjr�r�r�rr�r�)�enabled�actions�backendr��test1log�test2log�test3logs   ����r)�_write_jail_cfgz@Fail2banServerTest.testServerReloadTest.<locals>._write_jail_cfg�s"����$�u�S�+�&�$��$��$��$��$��$��$��	$�
�$�J
�
$�#�$�!�$��$��$�!�7�*�$�-7�$��$�	
�W��1��$�	
�W��q
��$�$	
�W��
(��%$�&�8��'$�( !�G�|�L�8���)$�* !�G�|�L�8���+$�,J
�-$�0	
�W��H
��1$�2�W���"�3$�4�5$�6�7$�6!�7�*�7$�6-7�7$�8�9$�<	
�W��q
��=$�B
	
�W��
(��C
$�D
�8��E
$�F
�W���"�G
$�J
�l�l����
�
�-�
�e�C��%�&�.r+)
r�
�test-action2r)rrr�
)r�
r�
rhre
r�
r�
r�
rrz# failure 401 from 192.0.2.1: test 1r�
z[test-phase 1a]rR
�Reload finished.z1 ticket(s) in 'test-jail1r�zAdded logfile: %rz[test-jail1] Ban 192.0.2.1z-stdout: '[test-jail1] test-action1: ** start'z-stdout: '[test-jail1] test-action2: ** start'r*
zPstdout: '[test-jail1] test-action2: ++ ban 192.0.2.1 restored: 0, err-code: 401'zAstdout: '[test-jail1] test-action3: ++ ban 192.0.2.1 restored: 0'r�
z)Errors in jail 'broken-jail'. Skipping...z:Jail 'broken-jail' skipped, because of wrong configurationz[test-phase 1b]r)
r�
�
r�z[test-jail1] Unban 192.0.2.1z.stdout: '[test-jail1] test-action1: .. reload'z.stdout: '[test-jail1] test-action2: .. reload'zCreating new jail 'test-jail2'zJail 'test-jail2' startedz4stdout: '[test-jail1] test-action3: -- flushing IPs'z,stdout: '[test-jail1] test-action3: __ stop'z7stdout: '[test-jail1] test-action3: -- unban 192.0.2.1'z[test-phase 2a]z+               echo '[<name>] %s: started.'z,               echo '[<name>] %s: reloaded.'z+               echo '[<name>] %s: stopped.')r�
r�rR
r�zAdded logfile:z.stdout: '[test-jail1] test-action1: reloaded.'z7stdout: '[test-jail1] test-action2: -- unban 192.0.2.1'z,stdout: '[test-jail1] test-action2: __ stop'z7stdout: '[test-jail1] test-action1: -- unban 192.0.2.1'F)r�
r�
z[test-phase 2b]�a+z#   error 403 from 192.0.2.2: test 2z#   error 403 from 192.0.2.3: test 2z# failure 401 from 192.0.2.4: test 2z# failure 401 from 192.0.2.8: test 2z2 ticket(s) in 'test-jail2z5 ticket(s) in 'test-jail1�setz
test-jail2�banip�	192.0.2.9z3 ticket(s) in 'test-jail2z[test-jail1] Ban 192.0.2.2z[test-jail1] Ban 192.0.2.3z[test-jail1] Ban 192.0.2.4z[test-jail1] Ban 192.0.2.8z[test-jail2] Ban 192.0.2.4z[test-jail2] Ban 192.0.2.8z[test-jail2] Ban 192.0.2.9z[test-jail2] Found 192.0.2.2z[test-jail2] Ban 192.0.2.2z[test-jail2] Found 192.0.2.3z[test-jail2] Ban 192.0.2.3�bannedr�
test-jail1)�	192.0.2.4�	192.0.2.1�	192.0.2.8�	192.0.2.3�	192.0.2.2)r�
r�
r�
r�
r�
z192.0.2.222r�r�
z[test-phase 2c]rS
zRestore Banz[test-jail2] Unban 192.0.2.4z[test-jail2] Unban 192.0.2.8z[test-jail2] Unban 192.0.2.9zJail 'test-jail2' stoppedz"[test-jail2] Restore Ban 192.0.2.4z"[test-jail2] Restore Ban 192.0.2.8z"[test-jail2] Restore Ban 192.0.2.9zPstdout: '[test-jail2] test-action2: ++ ban 192.0.2.4 restored: 1, err-code: 401'zPstdout: '[test-jail2] test-action2: ++ ban 192.0.2.8 restored: 1, err-code: 401'zAstdout: '[test-jail2] test-action3: ++ ban 192.0.2.4 restored: 1'zAstdout: '[test-jail2] test-action3: ++ ban 192.0.2.8 restored: 1'z[test-phase 2d]z
192.0.2.21z
192.0.2.22z5stdout: '[test-jail2] test-action3: ++ ban 192.0.2.22z6stdout: '[test-jail2] test-action3: ++ ban 192.0.2.22 z[test-phase 2d.1]rWr�
z[test-phase 2d.2]r�
z[test-phase 2e]z--unbanz7stdout: '[test-jail2] test-action2: -- unban 192.0.2.21z8stdout: '[test-jail2] test-action2: -- unban 192.0.2.22'z4stdout: '[test-jail2] test-action3: -- flushing IPs'z8stdout: '[test-jail2] test-action3: -- unban 192.0.2.21'z8stdout: '[test-jail2] test-action3: -- unban 192.0.2.22'z[test-phase 3]zReload jail 'test-jail1'zJail 'test-jail1' reloadedzReload jail 'test-jail2'zJail 'test-jail2' reloadedzJail 'test-jail1' startedz[test-phase 4])
r�
zStopping jail 'test-jail2'zRemoved logfile: %rz[test-phase 5]z# failure 401 from 192.0.2.1: test 5z#   error 403 from 192.0.2.5: test 5z# failure 401 from 192.0.2.6: test 5z6 ticket(s) in 'test-jail1z%[test-jail1] 192.0.2.1 already bannedz[test-jail1] Found 192.0.2.1z[test-jail1] Found 192.0.2.6z[test-jail1] Ban 192.0.2.6z[test-jail1] Found 192.0.2.5z[test-phase 6a]rL
r�
z	192.0.2.5z	192.0.2.6z192.0.2.5 is not bannedz[test-jail1] Unban 192.0.2.6z[test-phase 6b]z192.0.2.2/31z[test-jail1] Unban 192.0.2.2z[test-jail1] Unban 192.0.2.3z192.0.2.8/31z192.0.2.100/31z[test-jail1] Unban 192.0.2.8z192.0.2.100/31 is not bannedz[test-phase 6c]z
192.0.2.96/28z192.0.2.112/28z[test-jail1] Ban 192.0.2.96/28z[test-jail1] Ban 192.0.2.112/28�unbanipz
192.0.2.64/26z [test-jail1] Unban 192.0.2.96/28z![test-jail1] Unban 192.0.2.112/28z[test-phase 7]z[test-jail1] Unban 192.0.2.4zJail 'test-jail1' stoppedz[test-phase 7b]�--allzFlush ban listz'Unbanned 0, 0 ticket(s) in 'test-jail1'z[test-phase 8a]zxxx-unknown-backend-zzz)r�
r�
z0Restart jail 'test-jail1' (reason: 'polling' != zUnknown backend z[test-phase 8b]z[test-phase end-1]z$the jail 'test-jail2' does not existz--if-existsz[test-phase end-2]�	--restartz[test-phase end-3]�addignoreipz192.0.2.1/32z2001:DB8::1/96�ignoreip)r�
TrXrXrXrXrX))rrr:�polling)rjr�r�r`r�r�rr0r�r�r�r�rr�r�r�r�r�r8�assertNotLoggedr;�assertSortedEqualr
�assertEqualr�)	r�ryr�r�
r�
r�r�
r�
r�
s	     @@@@r)�testServerReloadTestz'Fail2banServerTest.testServerReloadTest[s2���	�c�8��#�
�3��
$�(�
�3��
$�(�
�3��
$�(��(�(�5��j�!�"�6:�/1��0''�''�T
�N�+��N�+��1�#�w�/�
�e�C��%�s�B���$�&6�
8��h��g��C����
�$6� 7�:_� _�a�de�e�g�
�h���
�h����-�-�!�"�
�\�\���g�m�m�+��X���,�,�w��X�.������T���>����'�(�2�3����0�1����2�2���>����U�F��,�� ����3�.�?�T��K
��-�-�!�"��1�Q�%� �
�\�\���g�m�m�+��X���,�,�w��X�.����&�\��:����!��T��+������!���!�t��-����3�3���?����#��D��*����9�1�t��=����<�
>��-�-�!�"��1�#���N�
7�.�
H�
8�>�
I�
7�.�
H�J
��,�,�w��X�.����&�\��:����!��T��+����'�(����3�3���?����<�
>����1�
3����<�
>��N�%�8��1�Q�%� ��-�-�!�"�
�h�����F�K�K�M���C�C�E�
�I���V�[�[�]�	��D�D�F��J�
K
���V�[�[�]�	��D�D�F��J�K
�	��V�[�[�]�	��D�D�F��J�K
���\�\���g�m�m�+��X�������T���>��,�,�w���,���
.�����l��
4�����������T��+����!��!����
�������+�+�K��

���T�U��:�;��������+�+�K��[�+�}�
6�89��^�l�L�1�2�<�8��
����+�+�K��,��
"�"#�
%�
'E
�F
�����+�+�K��,��
"�"#�
%�
'+�,����4�%�%�k��,��+�
/�/0�
2�45�
7����4�%�%�k��,��+�
/�/0�
2�45�
7����4�%�%�k��,��+�{�
<�<=�
?�BC�Q��
I
��-�-�!�"��,�,�w���l�
�������T���>�
���!�!�!���'�'�'�T��	����U�U��,�� �
���F�F���
��-�-�!�"��,�,�w���,���
/��,�,�w���,���
/����:�;��L��Z
�
���-�-�#�$��,�,�w��U�L�'�4�H������\�<�T���
V
��-�-�#�$��,�,�w��U�L�'�B������[�+�{��S_��
a
��-�-�!�"��,�,�w���i��
'������D�|��=������!�!�!�t������<�=�4��I
����9�
;����=�=�4��I
������T����N�%�8��"���-�-� �!��,�,�w��X�|�<����&�\��:������T��+�������D����-�-� �!��1�#���,�,�w��X�.����&�\��:�����
������D��*�����8�#��8�#���/�
�-�-� �!�
�h�����F�K�K�M���C�C�E�
�I���F�K�K�M���C�C�E�
�I�
J
���F�K�K�M���C�C�E�
�I�J
��
�\�\���g�m�m�+��X������*��<��I
����!�!�*��T�	�+����5�6��-�-�!�"��,�,�w���g�{�K�
1�����!�t�,���
�-�-�!�"��,�,�w���g�~�
'����!�!�t�,����,�,�w���g�~�'7�
9����!�!�t�,��@
�
�-�-�!�"��,�,�w���e�\�7�O�=M�
O
����#�$�$�\����,�,�w���e�\�9�o�
?����%�&�D�|����-�-� �!��,�,�w���Y�
����&�\��:�����!�!�t����������T�	���-�-�!�"��,�,�w���g�w�
 �����,�$��8�
�-�-�!�"��1�#�'@�A��,�,�v�{�H�-����&�\��:����5��4��!��-�-�!�"��1�#���,�,�w��X�.����&�\��:��-�-�$�%��,�,�v�{��h��
&����&�\��:����:�;��-�-�/��,�,�w���h�
�|�
5����&�\��:����#��D��*�
�-�-�$�%��,�,�w���h��W�
.����&�\��:������D�|��=�
�-�-�$�%��,�,�w���e�\�=�.�BR�
T
��,�,�w���e�\�:�
/����N�$4�$��?r+znginx-block-map)
�action)
�%(tmp)s/blck-failures.log)
ro)z[nginx-blck-lst]rqr�
z#logpath = %(tmp)s/blck-failures.logzoaction = nginx-block-map[srv_cmd="echo nginx", srv_pid="%(tmp)s/f2b.pid", blck_lst_file="%(tmp)s/blck-lst.map"]z�         blocklist_de[actionban='curl() { echo "*** curl" "$*";}; <Definition/actionban>', email="Fail2Ban <fail2ban@localhost>", apikey="TEST-API-KEY", agent="fail2ban-test-agent", service=<name>]r�
�datepattern = ^Epochz3failregex = ^ failure "<F-ID>[^"]+</F-ID>" - <ADDR>zmaxretry = 1r�
)r�r�r�c��t
|
d
�}dd|
i
z}dd|
i
z}t|dttt	j
��
�
dzttt	j
��
�
dzttt	j
��
�
dzttt	j
��
�
d	zttt	j
��
�
d
z�
|j
ddd
ddddt��
t|�

t|�
}|jd|�
|jd|�
|jd|�
|jd|�
|jd|�
|j
ddd��
|j
dddt��
|jt|dddd �
t|�

t|�
}|jd|�
|jd|�
|jd|�
|jd|�
|jd|�
|jt�

|j
d!�

t|�

t|�
}|j|d"�
y)#Nrfr�
ryz%(tmp)s/blck-lst.map�w+z" failure "125-000-001" - 192.0.2.1z" failure "125-000-002" - 192.0.2.1u1 failure "125-000-003" - 192.0.2.1 (òðåòèé)u1 failure "125-000-004" - 192.0.2.1 (òðåòèé)z" failure "125-000-005" - 192.0.2.1z [nginx-blck-lst] Ban 125-000-001z [nginx-blck-lst] Ban 125-000-002z [nginx-blck-lst] Ban 125-000-003z [nginx-blck-lst] Ban 125-000-004z [nginx-blck-lst] Ban 125-000-005z5 ticket(s)Tr�z\125-000-001 1;
z\125-000-002 1;
z\125-000-003 1;
z\125-000-004 1;
z\125-000-005 1;
zstdout: 'nginx -qt'zstdout: 'nginx -s reload'r*
z�stdout: '*** curl --fail --data-urlencode server=Fail2Ban <fail2ban@localhost> --data apikey=TEST-API-KEY --data service=nginx-blck-lst z=stdout: ' --data format=text --user-agent fail2ban-test-agentr�
z125-000-001z125-000-002z125-000-005z5[nginx-blck-lst] Flush ticket(s) with nginx-block-maprX)rjr`r�r�rr0r�r8r�rd�assertInr�r��assertNotInr�r�
)r�ryr�r��lgfn�mpfn�mps       r)�testServerActions_NginxBlockMapz2Fail2banServerTest.testServerActions_NginxBlockMapGs5��.	�c�8��#�	$��s�|�	3�$�	�5�#�,�	.�$�
�d�D��s�6�;�;�=���A�A��s�6�;�;�=���A�A��s�6�;�;�=���\�\��s�6�;�;�=���\�\��s�6�;�;�=���A�A�����%�%�%�%�%���,����D�/��$��"��-�-�$�b�)��-�-�$�b�)��-�-�$�b�)��-�-�$�b�)��-�-�$�b�)����)�+F�D��Q����
Q
�B��,�	���,�,�w��W�m�]�M�Z��D�/��$��"����'��,����'��,����'��,��-�-�$�b�)��-�-�$�b�)����w�'����K�L��D�/��$��"����2�r�r+z
sendmail-auth)
�filter)
�%(tmp)s/test.logT)rxzdbmaxmatches = 1)a�
test_action = dummy[actionstart_on_demand=1, init="start: %(__name__)s", target="%(tmp)s/test.txt",
      actionban='<known/actionban>; echo "found: <jail.found> / <jail.found_total>, banned: <jail.banned> / <jail.banned_total>"
        echo "<matches>"; printf "=====\n%%b\n=====\n\n" "<matches>" >> <target>',
      actionstop='<known/actionstop>; echo "stats <name> - found: <jail.found_total>, banned: <jail.banned_total>"']z[sendmail-auth]rqr�
�logpath = %(tmp)s/test.log�action = %(test_action)sz%filter = sendmail-auth[logtype=short]r�
r�
zmaxmatches = 2r�
z[sendmail-reject]rqr�
r�
r�
z'filter = sendmail-reject[logtype=short]r�
r�
r�
)r�r�r�r�c	��t
|
d
�}dd|
i
z}dd|
i
z}tttj��
�
dztttj��
�
dztttj��
�
dzf}tttj��
�
dztttj��
�
d	ztttj��
�
d
zf}|jd�

t
|dg|�
��
|jd
dddt��
t|�

t|�
}|d}	|j|	|�
|ddD]}	|j|	|�
�|jd�

t
|dg|�
��
|jddddt��
t|�

t|�
}|D]}	|j|	|�
�|jd�

|jt|ddd�
|jddddddt��
t|�
}|d }	|j|	�

|j|	|�
|dd D]%}	|j|	�

|j|	|�
�'|jd!ddt��
t|�
}|d }	|j|	�

|j|	|�
|dd D]%}	|j|	�

|j|	|�
�'|jd"�

|j!t�

|j#t%|�
�

y)#Nrfr�
ryz%(tmp)s/test.txtz] smtp1 sm-mta[5133]: s1000000000001: [192.0.2.1]: possible SMTP attack: command=AUTH, count=1z] smtp1 sm-mta[5133]: s1000000000002: [192.0.2.1]: possible SMTP attack: command=AUTH, count=2z] smtp1 sm-mta[5133]: s1000000000003: [192.0.2.1]: possible SMTP attack: command=AUTH, count=3z� smtp1 sm-mta[21134]: s2000000000001: ruleset=check_rcpt, arg1=<123@example.com>, relay=xxx.dynamic.example.com [192.0.2.2], reject=550 5.7.1 <123@example.com>... Relaying denied. Proper authentication required.z� smtp1 sm-mta[21134]: s2000000000002: ruleset=check_rcpt, arg1=<345@example.com>, relay=xxx.dynamic.example.com [192.0.2.2], reject=550 5.7.1 <345@example.com>... Relaying denied. Proper authentication required.z� smtp1 sm-mta[21134]: s3000000000003: ruleset=check_rcpt, arg1=<567@example.com>, relay=xxx.dynamic.example.com [192.0.2.2], reject=550 5.7.1 <567@example.com>... Relaying denied. Proper authentication required.z[test-phase sendmail-auth]r�
z[sendmail-auth] Ban 192.0.2.1z%stdout: 'found: 0 / 3, banned: 1 / 1'z1 ticket(s) in 'sendmail-auth'Tr�rrz[test-phase sendmail-reject]r�
z[sendmail-reject] Ban 192.0.2.2z 1 ticket(s) in 'sendmail-reject'z[test-phase restart sendmail-*]rR
r�
r�
r�
z3stdout: 'stats sendmail-auth - found: 3, banned: 1'z5stdout: 'stats sendmail-reject - found: 3, banned: 1'z%[sendmail-auth] Restore Ban 192.0.2.1r�z'[sendmail-reject] Restore Ban 192.0.2.2z[test-phase stop server])rjr�r�rr0r�r`r�r8r�rdr�
r�
r�r�r�
r�r�
r)
r�ryr�r�r�
�tofn�	smaut_msg�	smrej_msg�td�
ms
          r)�testServerJails_Sendmailz+Fail2banServerTest.testServerJails_Sendmail�sN��R
	�c�8��#�	�u�c�l�	*�$�	�u�c�l�	*�$��s�6�;�;�=���|�|��s�6�;�;�=���|�|��s�6�;�;�=���|�|��)��s�6�;�;�=���s�s��s�6�;�;�=���s�s��s�6�;�;�=���s�s��)��-�-�,�-�
�d�D�%�9�%����"�%L�#��L��B
��D�/��$��"��
�l�!����1�b���Q�R�=�
�a��=�=��B��
��-�-�.�/�
�d�D�%�9�%����$�&M�%�4�l��D
��D�/��$��"��
�a��=�=��B��
��-�-�1�2��,�,�w���[�'�
#�����8�:�*�,L�RV�]i�	�k
��$��"���m�!����A���-�-�
�2���Q�r�?��a����
�����A�r������,�.P�VZ�am��
o
��$��"���m�!����A���-�-�
�2���Q�r�?��a����
�����A�r����-�-�*�+����w�'����6�$�<� r+c	����	�
���t
|
d
��t
|
d��tjt
�d��

d8�f
d�	}d9��fd�	}|dd�	�
|d
d�	�
|�
t�d�
|j	d�

|jt|d
�
t�dgtttj��
�
dzf
dz�
��
t�
|jdddt��
t�
|j	d�

td�

t�
|jddddt��
t�
|j	d�

d�t�f
d��

t�dgtttj��
�
dzf
dz�
��
|jdddt��
|j	d �

|jt|d!d"d#d$�
|jd%d&dt��
d�t�
|j	d'�

td(�

t�
|jd)dt��
t�
|j	d*�

|jt|d!d"d#d$�
|jd%d+dt��
|j	d,�

t!�
d-d.i
�t"j$�	��	fd/�}�	j'd0|�
�	j'd0d1��
t)j*�f
d2�t,�
�	j.�
t0j2j4rd3n
d4df�
f
d5�	}|�	_|j7t�

|j9d6�

|j;�	j<�

|j?�	j@d�
d�d-<|jd6d�7�
�	jC�
y):Nrfr�
ror�
Tc
��
�t
�d
d|z�}t|ddddd|
rdn
dd	�
tjjt
jkrt|�

yy)
Nror�
rrrxrXrszeactionban =     printf %%s "[%(name)s] %(actname)s: ++ ban <ip> -c <bancount> -t <bantime> : <F-MSG>"ziactionprolong = printf %%s "[%(name)s] %(actname)s: ++ prolong <ip> -c <bancount> -t <bantime> : <F-MSG>"zBactionunban =   printf %%b '[%(name)s] %(actname)s: -- unban <ip>')rjr`r�r�r�rr�r�)r�
�prolongr\r�s   �r)r�
z@Fail2banServerTest.testServerObserver.<locals>._write_action_cfgsa���
�c�:�y�7�2�3�2��r�3����m��r
��H���l�l����
�
�-�
�b�M�.r+c
����t
t�
d
�ddddddddd	d
dddd
|zdddd�zddd�
tjjt
jkrtt�
d
��

yy)NrhrrrwrXrxr�
r�
z
findtime = 1mzbantime = 5mzbantime.increment = truer�
r�
r�
r�
z*action = test-action1[name='%(__name__)s']z*         test-action2[name='%(__name__)s']r�
zXfailregex = ^\s*failure <F-ERRCODE>401|403</F-ERRCODE> from <HOST>:\s*<F-MSG>.*</F-MSG>$r�
r�
)r�
r�r�
s ��r)r�
z>Fail2banServerTest.testServerObserver.<locals>._write_jail_cfg%s�����u�S�+�&���"��������"���L�7�*�J�0�0��8��_���!�$�l�l����
�
�-�
�e�C��%�&�.r+F)r�
r�
r�
rrz[test-phase 0) time-0]rR
r�
z> failure 401 from 192.0.2.11: I'm bad "hacker" `` $(echo test)r�
zDstdout: '[test-jail1] test-action1: ++ ban 192.0.2.11 -c 1 -t 300 : zDstdout: '[test-jail1] test-action2: ++ ban 192.0.2.11 -c 1 -t 300 : r�z[test-phase 1) time+10m]�
z7stdout: '[test-jail1] test-action1: -- unban 192.0.2.11z7stdout: '[test-jail1] test-action2: -- unban 192.0.2.11z0 ticket(s) in 'test-jail1'z[test-phase 2) time+10m]c
��
��Srbr:)
�wakeObss
�r)r�z7Fail2banServerTest.testServerObserver.<locals>.<lambda>`s����r+r�
zC failure 401 from 192.0.2.11: I'm very bad "hacker" `` $(echo test)rzDstdout: '[test-jail1] test-action1: ++ ban 192.0.2.11 -c 2 -t 300 : zDstdout: '[test-jail1] test-action2: ++ ban 192.0.2.11 -c 2 -t 300 : z"[test-phase 2) time+10m - get-ips]r�r�
r�
z--with-timez
192.0.2.11z+ 300 =z[test-phase 2) time+11m]rzHstdout: '[test-jail1] test-action2: ++ prolong 192.0.2.11 -c 2 -t 600 : z"[test-phase 2) time+11m - get-ips]z+ 600 =z'[test-phase end) stop on busy observer]�staterc���tjd
�

d�d<tj�f
d�t�
�
j�
tjd�

y)Nz!++ observer enters busy state ...rr�
c��
��d
dk(S)Nr�
rr:�
re
s
�r)r�zMFail2banServerTest.testServerObserver.<locals>._long_action.<locals>.<lambda>�s���!�G�*�
�/�r+z-- observer leaves busy state.)rr&rr?r��db_purge)re
�obsMains��r)�_long_actionz;Fail2banServerTest.testServerObserver.<locals>._long_action�sA���	�;�;�2�3��1�W�:��>�>�)�<�8�
����	�;�;�/�0r+�callc��yrbr:r:r+r)r�z7Fail2banServerTest.testServerObserver.<locals>.<lambda>�r�r+c��
��d
dk(S)Nr�
rr:r�
s
�r)r�z7Fail2banServerTest.testServerObserver.<locals>.<lambda>�s����7��q��r+g{�G�z�?g�������?c��
��||
�Srbr:)�wtime�	forceQuit�obsMain_stops  �r)�_stopz4Fail2banServerTest.testServerObserver.<locals>._stop�s���
�u�i�
(�(r+zobserver leaves busy stater�
)r�
T)
r�
)"rjr�r�r`r�r�r�r�r�rr0r;r�r8r2rEr"r5r6�addrr?r�r�r�r�rT
r�r�
r�
�idler�
�_ObserverThread__dbr)
r�ryr�r�
r�
r�
r�
re
r�r�
r�
r�
r�
s
       @@@@@@r)�testServerObserverz%Fail2banServerTest.testServerObserversD���
�c�8��#�
�3��
$�(��(�(�5��j�!�"��'�.�N�E�:��N�D�9���
�h����-�-�(�)��,�,�w��X�.�
�h�����V�[�[�]�	��a�a�c�fg�g�������I�I��,�� �
���-�-�*�+�
�b�/������<�<� ��,�	� �
���-�-�*�+�
�'���0�
�h�����V�[�[�]�	��f�f�h�kl�l�����I�I��,�� �
�-�-�4�5��,�,�w��U�L�'�=�Q�������<��
9�
�'����-�-�*�+�
�a�.������M��,�� �
���-�-�4�5��,�,�w��U�L�'�=�Q�������<��
9��-�-�9�:����
�l�!��N�N�'�1�
�+�+�f�l�#�	�+�+�f�l�#��.�.�(�,�7����,�#�<�<�,�,�4�#�$�
)��'�,����w�'����3�4����7�<�<� ����7�.�.��5��!�G�*����0�t��<�	�,�,�.r+N)rIrJrK�_exec_serverr8
rry
rr�r|
r~
r�
r�
r�r�
r�r��skip_if_cfg_missingr�
r�
r�
�_testServerStartStop�testServerStartStopr:r+r)rw
rw
�sN
��"�F�,�
�'�
��)���)�.��$���$�$��1���1�8�/��/�6 �D�&�>�:�h@
�;�h@
�V�,�,�"�"�*;�"�<��7� �
�
,��*:�+�=�,:�x
�,�,�"�"�/�"�:��.���
�&,�&�N
N
!�O
&�;�P
N
!�` �!�O�"�O�d
r+rw
)FNz	/dev/nullz:memory:r:)
rXN)`�
__author__�
__copyright__�__license__r�r�r�rU
r0r�r��os.pathrrjrrrr�	functoolsr
�	threadingr�clientr
rr�client.fail2bancmdliner�client.fail2banclientrru
rr�client.fail2banserverrr�
rXrr�
server.mytimer�server.utilsr�utilsrrr�rrrrr r�r!r"�helpersr#rIr7
r8
�
getServerPathr6
r��maxWaitTimer�r8r�r
r

r	
r*rO
r2r5r;rErGrOr�r�rSrU�
input_command�
PRODUCTION�dumpFiler�r`rdr�r�r�r�r�r�r�r4
rw
r:r+r)�<module>r
s8�


�,�
�[�
����	�	�
��
��A�A���D�D�4�Z�Z�U���"� �

?�

?�

?�
 �
�8�	��	��	��
�*�n�*�*�,�-���|�|�'�'����(A�(A�B���|�|�'�'����(A�(A�B�� ,�a�/����
���
������(�(���&�&��

�
�
���
���
�����
*�
���	�
-�1=�
&�*
�O�1�1�
�

��5�5�
�
��	��
��
� 3���"�

"������'�'�	�
�


�7;�;@��U

�n
�
�)

�X

�.0�C

�LF
#�1�F
#�RV
�1�V
�rA
 �1�A
 r+