HEX
Server: Apache
System: Linux scp1.abinfocom.com 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: confeduphaar (1010)
PHP: 8.1.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /proc/self/root/usr/lib/python3/dist-packages/ufw/__pycache__/
Upload Files
File: //proc/self/root/usr/lib/python3/dist-packages/ufw/__pycache__/util.cpython-38.pyc
U

�L�d`�@sVdZddlmZddlZddlZddlZddlZddlZddlZddl	Z	ddl
Z
ddlZddlZddl
Z
ddlZddlZddlmZddlmZmZdZdZddd	d
ddd
gZd	d
ddd
gZd	dgZdd�Zdd�Zdd�Zdd�Zdd�Zdkdd�Zdd�Z dd�Z!dd �Z"d!d"�Z#dld$d%�Z$d&d'�Z%d(d)�Z&d*d+�Z'dmd,d-�Z(d.d/�Z)ej*d#fd0d1�Z+d2d3�Z,d4d5�Z-d6d7�Z.d8d9�Z/e	�0�fd:d;�Z1e	�0�fd<d=�Z2d>d?�Z3d@dA�Z4dBdC�Z5dDdE�Z6dFdG�Z7dHdI�Z8dJdK�Z9dLdM�Z:dndNdO�Z;dodPdQ�Z<dRdS�Z=dpdTdU�Z>dVdW�Z?dXdY�Z@dZd[�ZAd\d]�ZBd^d_�ZCd`da�ZDdbdc�ZEddde�ZFdqdgdh�ZGdidj�ZHdS)rz"util.py: utility functions for ufw�)�print_functionN)�reduce)�mkstemp�mktempF�tcp�udpZipv6ZespZahZigmpZgrecCs�d}zt�|�Wntk
r(�YnXzt�|d�d}Wntk
rRYnXz"t�|d�|dkrpd}nd}Wntk
r�YnX|S)z8Get the protocol for a specified port from /etc/services�rr�any)�socketZ
getservbyname�	Exception)�port�proto�r�*/usr/lib/python3/dist-packages/ufw/util.py�get_services_proto.s$rcCs~d}d}|�d�}t|�dkr,|d}d}nJt|�dkrf|d}|d}|tkrvtd|�}t|��ntd�}t|��||fS)	zParse port or port and protocolr�/�rr	�zInvalid port with protocol '%s'zBad port)�split�len�portless_protocols�_�
ValueError)Zp_strrr
�tmp�err_msgrrr�parse_port_protoHs

rcCs�tjstd�dSt|�dks*t�d|�s.dS|�d�}zt�tj|d�Wnt	k
rdYdSXt|�dkrvdSt|�dkr�t
|dd	�s�dSd	S)
zVerifies if valid IPv6 addressz"python does not have IPv6 support.F�+z^[a-fA-F0-9:\./]+$rrrrT)r
Zhas_ipv6�warnr�re�matchr�	inet_pton�AF_INET6r�_valid_cidr_netmask��addr�netrrr�valid_address6\s 
r&cCs�t|�dkst�d|�sdS|�d�}z*t�tj|d�t|dd�sNWdSWntk
rfYdSXt|�dkrxdSt|�dkr�t	|dd�s�dSdS)	zVerifies if valid IPv4 address�z^[0-9\./]+$FrrrrT)
rrrrr
r �AF_INET�_valid_dotted_quadsr�
valid_netmaskr#rrr�valid_address4vs

r+cCst||�pt||�S)z(Verifies if valid cidr or dotted netmask)r"r))�nm�v6rrrr*�sr*r	cCs@|dkrt|�S|dkr t|�S|dkr8t|�p6t|�St�dS)zValidate IP addresses�6�4r	N)r&r+r)r$�versionrrr�
valid_address�sr1c	Cshg}d}d}tj}|r d}tj}d|krn|�d�}|rJ|ddkrJ|d=qx|sx|ddksf|ddkrx|d=n
|�|�|s�t|�d	kr�t|d|�r�zt|d|�|d<Wntk
r�YnX|d
}t�	|t�
||��}||d
kr�d}t|�d	k�r@|d|d7}|�s@t|�}||k�r@d||f}t|�|}d}t
||��s`d
|}t|�t�||fS)z�Convert address to standard form. Use no netmask for IP addresses. If
       netmask is specified and not all 1's, for IPv4 use cidr if possible,
       otherwise dotted netmask and for IPv6, use cidr.
    Fr/r.rrZ128Z32z255.255.255.255rrTzUsing '%s' for address '%s'zInvalid address '%s')r
r(r!r�appendrr)�_dotted_netmask_to_cidrr�	inet_ntopr �_address4_to_network�debugr1r)	�origr-r%Zchangedr0Zs_typer$�networkZdbg_msgrrr�normalize_address�sJ


r9cCs*zt|d�}Wntk
r$�YnX|S)z"Opens the specified file read-only�r)�openr)�fnr7rrr�open_file_read�s
r=cCs`zt|�}Wntk
r"�YnXzt�\}}Wntk
rP|���YnX||||d�S)z=Opens the specified file read-only and a tempfile read-write.)r7�orignamer�tmpname)r=rr�close)r<r7rr?rrr�
open_files�srAcCs�|dkrdS|sttjd��tr<|tj��kr<t�|�dSd}tjddkrbt	�|t
|d��}nt	�||�}|dkr�ttjd��dS)	z~Write to the file descriptor and error out of 0 bytes written. Intended
       to be used with open_files() and close_files().rNzNot a valid file descriptor���r��asciiz"Could not write to file descriptor)�OSError�errno�ENOENT�
msg_output�sys�stdout�fileno�write�version_info�os�bytesZEIO)�fd�out�rcrrr�
write_to_file�s
rSTcCs�|d��t�|d�|rbz,t�|d|d�t�|d|d�Wntk
r`�YnXzt�|d�Wntk
r��YnXdS)zuCloses the specified files (as returned by open_files), and update
       original file with the temporary file.
    r7rr>r?N)r@rN�shutilZcopystat�copyr�unlinkrE)Zfns�updaterrr�close_filessrXc
Cspt|�ztj|tjtjdd�}Wn2tk
rT}zdt|�gWY�Sd}~XYnX|��d}|jt|�gS)z!Try to execute the given command.T)rJ�stderrZuniversal_newlines�Nr)	r6�
subprocess�Popen�PIPEZSTDOUTrE�str�communicate�
returncode)ZcommandZsp�exrQrrr�cmd$s
�
"rbc
Csrz$tj|tjd�}tj||jd�}Wn2tk
rV}zdt|�gWY�Sd}~XYnX|��d}|jt|�gS)z#Try to pipe command1 into command2.)rJ)�stdinrZNr)r[r\r]rJrEr^r_r`)Zcommand1Zcommand2Zsp1Zsp2rarQrrr�cmd_pipe2s"rdcCs�z
|j}Wntk
r"|}YnXz|�dd�}Wntk
rL|}YnXtrjt�tj�rj|�|�n|�t	|��|�
�dS)zQImplement our own print statement that will output utf-8 when
       appropriate.�utf-8�ignoreN)�bufferr�encoderH�inspectZisclass�io�StringIOrLrO�flush)�output�s�writerrQrrr�_print@s


rpcCs<zttjd|�Wntk
r(YnX|r8t�d�dS)zPrint error message and exitz
ERROR: %s
rN)rprIrY�IOError�exit)rQZdo_exitrrr�errorUsrscCs.zttjd|�Wntk
r(YnXdS)zPrint warning messagez	WARN: %s
N)rprIrYrq�rQrrrr`srcCsRtr|tjkrt}z&|r(t|d|�nt|d|�Wntk
rLYnXdS)z
Print messagez%s
z%sN)rHrIrJrprq)rQrm�newlinerrr�msghsrvcCs2tr.zttjd|�Wntk
r,YnXdS)zPrint debug messagez
DEBUG: %s
N)�	DEBUGGINGrprIrYrqrtrrrr6vs
r6cCst|fdd�|�d��S)z�
    A word-wrap function that preserves existing line breaks
    and most spaces in the text. Expects that existing line
    breaks are posix newlines (
).
    c	Ss<d|dt|�|�d�dt|�dd�d�|k|fS)Nz%s%s%sz 
�
rr)r�rfindr)�lineZword�widthrrr�<lambda>�s����zword_wrap.<locals>.<lambda>� )rr)�textr{rrr�	word_wraps�rcCs
t|d�S)zWord wrap to a specific width�K)r)r~rrr�	wrap_text�sr�cs dd��|j�fdd�d�dS)a$Sorts list of strings into numeric order, with text case-insensitive.
       Modifies list in place.

       Eg:
       [ '80', 'a222', 'a32', 'a2', 'b1', '443', 'telnet', '3', 'http', 'ZZZ']

       sorts to:
       ['3', '80', '443', 'a2', 'a32', 'a222', 'b1', 'http', 'telnet', 'ZZZ']
    cSs|��rt|�S|��S)N)�isdigit�int�lower)�trrrr|��zhuman_sort.<locals>.<lambda>cs�fdd�t�d|�D�S)Ncsg|]}�|��qSrr)�.0�c�Znormrr�
<listcomp>�sz0human_sort.<locals>.<lambda>.<locals>.<listcomp>z([0-9]+))rr)�kr�rrr|�r�)�keyN)�sort)�lstrr�r�
human_sort�s
r�cCs�zt|�}Wntk
r(td��YnXtj�dt|�d�}tj�|�sVtd|��z(t	|��
�d�dd�d��d}Wntk
r��YnXt|�S)zdFinds parent process id for pid based on /proc/<pid>/stat. See
       'man 5 proc' for details.
    zpid must be an integer�/proc�stat�Couldn't find '%s'r�)r)
r�rrrN�path�joinr^�isfilerqr;�	readlines�rsplitr)Zmypid�pid�name�ppidrrr�get_ppid�s(r�cCszt|�}WnPtk
r2td�}t|�YdStk
r\td�t|�}t|��YnX|dksn|dkrrdStj�	dt|�d�}tj�
|�s�td�|}t|��zt|���d�
�d}Wn(tk
r�td	�|}t|��YnXtd
|�|dk�rdSt|�Sd
S)z1Determine if current process is running under sshz%Couldn't find pid (is /proc mounted?)Fz!Couldn't find parent pid for '%s'rr�r�r�rz"Could not find executable for '%s'zunder_ssh: exe is '%s'z(sshd)TN)r�rqrrrr^rrNr�r�r�r;r�rr6�	under_ssh)r�r��warn_msgrr��exerrrr��s0
r�cCs8d}|rd}t�d|�r0t|�dks0t|�|kr4dSdS)zVerifies cidr netmasks� ��^[0-9]+$rFT)rrr�)r,r-�numrrrr"�s$r"cCsf|rdSt�d|�r^t�d|�}t|�dkr0dS|D]&}|rTt|�dksTt|�dkr4dSq4ndSdS)z.Verifies dotted quad ip addresses and netmasksFz^[0-9]+\.[0-9\.]+$z\.�r�T)rrrrr�)r,r-Zquads�qrrrr)�s
r)c
Cs�d}|rt�n�t||�st�d}ztt�dt�|��d�}Wn.tk
rltt�dt�|��d�}YnXd}t	d�D]0}||?d@dkr�d}qz|r�d}q�qz|d7}qz|dkr�|dkr�t
d|�}t||�s�t�|S)	z@Convert netmask to cidr. IPv6 dotted netmasks are not supported.rr�>LFr�rTrB)rr)�long�struct�unpackr
�	inet_aton�	NameErrorr��ranger^r")r,r-�cidrZmbits�bitsZ	found_one�nrrrr3s.
 

r3cCs�d}|rt�npt||�st�ztd�}Wntk
r@d}YnXtd�D] }|t|�krJ|dd|>O}qJt�t�	d|��}t
||�s�t�|S)z<Convert cidr to netmask. IPv6 dotted netmasks not supported.rrr�rr'r�)rr"r�r�r�r�r
�	inet_ntoar��packr))r�r-r,r�r�rrr�_cidr_to_dotted_netmask5s 


r�c	
Csd|krtd�|S|�d�}t|�dks8t|dd�s<t�|d}|d}|}t|d�rdt|d�}z8tt�	dt
�|��d�}tt�	dt
�|��d�}WnHtk
r�t
t�	dt
�|��d�}t
t�	dt
�|��d�}YnX||@}t
�t�d|��}d||fS)	z8Convert an IPv4 address and netmask to a network addressrz8_address4_to_network: skipping address without a netmaskrrFrr��%s/%s)r6rrr)rr"r�r�r�r�r
r�r�r�r�r�)	r$rZhostZorig_nmr,�	host_bits�nm_bitsZnetwork_bitsr8rrrr5Rs(


 r5cCs�dd�}d|krtd�|S|�d�}t|�dks@t|dd�sDt�|d}|d}t�d	t�tj	|��}zt
d�}Wntk
r�d}YnXtd
�D]D}|||d�}td�D](}	|dt
||	�@d|	|d>O}q�q�zt
d�}
Wntk
�rd}
YnXtd
�D]$}|t
|�k�r|
dd|>O}
�q||
@}g}td
�D]0}|�t
||d
�|d|dd�d���qHt�tj	t�d	|d|d|d|d|d|d|d|d�	�}
d|
|fS)z8Convert an IPv6 address and netmask to a network addresscs$d��fdd�t|ddd�D��S)zDecimal to binaryrcsg|]}t�|?d@��qS)r)r^)r��y�r�rrr�ysz9_address6_to_network.<locals>.dec2bin.<locals>.<listcomp>rrB)r�r�)r��countrr�r�dec2binwsz%_address6_to_network.<locals>.dec2binrz8_address6_to_network: skipping address without a netmaskrrTrz>8H��rZr�rCr����r�)r6rrr*rr�r�r
r r!r�r�r�r�r2r4r�)r$r�r�	orig_host�netmaskZunpackedr��ir��jr�r%r�r8rrr�_address6_to_networkusT
�
(
.��r�c	CsZ|�d�}t|�dks$t|d|�s(t�|d}|d}|dksH|dkrLdS|}d|kr�|�d�}t|�dks|t|d|�s�t�|d}|dks�|dkr�dS|r�t|�r�t|�s�t�nt|�r�t|�s�t�t||�r�|s�t||�}|�rtd||f��d�d}td||f��d�d}n4t	d||f��d�d}t	d||f��d�d}||kS)	z&Determine if address x is in network yrrrrz0.0.0.0z::Tr�)
rrr*rr&r+r"r�r�r5)	Z
tested_addZ
tested_netr-rr�r�ZaddressZorig_networkr8rrr�
in_network�sh


������������r�cCsJd}dD](}tj�|d�}tj�|�r,q2qd}q|dkrFttjd��|S)Nr)z/sbinz/binz	/usr/sbinz/usr/binz/usr/local/sbinz/usr/local/binZiptableszCould not find iptables)rNr�r��existsrErFrG)r��drrr�_find_system_iptables�sr�cCsT|dkrt�}t|dg�\}}|dkr6ttjd|��t�d|�}t�dd|d�S)	zReturn iptables versionNz-VrzError running '%s'z\sz^vrr)r�rbrErFrGrr�sub)r�rRrQrrrr�get_iptables_version�sr�cCsdd�}|r$t��dkr$ttjd��|dkr2t�}g}d}|�d�rHd}|td	d	d
�7}t|d|g�\}}|dkr~ttj	|��|||dd
dddddg�r�|�
d�|||dd
dddddddddg�r�|�
d�t|d|g�t|d|g�\}}|dk�rttj	|��|S)z[Return capabilities set for netfilter to support new features. Callers
       must be root.cSs*|d|g}t||�\}}|dkr&dSdS)Nz-ArTF)rb)r��chainZrule�argsrRrQrrr�test_caps

z,get_netfilter_capabilities.<locals>.test_caprzMust be rootNz
ufw-caps-testZ	ip6tableszufw6-caps-testr)�prefix�dirz-Nz-mZ	conntrackz	--ctstateZNEWZrecentz--setz
recent-setz--updatez	--secondsZ30z
--hitcountr.z
recent-updatez-Fz-X)rN�getuidrErFZEPERMr��endswithrrbrGr2)r�Z	do_checksr�Zcapsr�rRrQrrr�get_netfilter_capabilities�sD
�
�

r�cCst|�}t�}|��D�]}|�d�s2|�d�s2q|��}|d}|d�d�d}t�}d�|d�d�dd��|d<|d	|d
<|d�d�d|d
<|d
dkr�|d
|d<n|d�d�d|d<||kr�t�||<g|||<n|||k�rg|||<|||�|�q|S)z:Get and parse netstat the output from get_netstat_output()rrrr�:rBN�laddrrC�uidr�rr��-r�)�get_netstat_output�dict�
splitlines�
startswithrr�r2)r-Znetstat_outputr�rzrr
r�itemrrr�parse_netstat_output8s, 
r�cs,d}|r�d}tj�|�s(ttjd|��t|���D]j}|���|�dkr4d�	�fdd�t
dt�d�d	�D��}�d
��dkr4d|t
�d
��d
�f}q4|dkr�ttjd��nht�tjtj�}z4t�t�|��dt�d|dd���dd��}Wn"tk
�rttjd��YnXt||�dS)zGet IP address for interfacer�/proc/net/if_inet6�'%s' does not existr�r�cs g|]}�d||d��qS�rr�r�r�r��rrrr�lsz"get_ip_from_if.<locals>.<listcomp>rr�r�80r�r��No such devicei�Z256sN���)rNr�r�rErFrGr;r�rr�r�rr�r�rq�ENODEVr
r(Z
SOCK_DGRAMr��fcntlZioctlrKr�r�rr9)�ifnamer-r$�procrzrnrr�r�get_ip_from_if^s4 ���r�c	s`d}d}t|�rd}d}nt|�s.ttjd��tj�|�sJttj	d|��d}|r�t
|���D]�}|����d�
�}d	��fd
d�tdt�d�d
�D��}�d��dkr�d|t�d��d�f}||ks�d|kr^t||d�r^|}q�q^nlt
|���D]^}d	|k�rq�|�d	�d�
�}zt|d�}Wntk
�rFYq�YnX||kr�|}�q\q�|S)zGet interface for IP addressFz
/proc/net/devTr�r�r�rr�r�cs g|]}�d||d��qSr�rr�r�rrr��sz"get_if_from_ip.<locals>.<listcomp>rr�rr�r�r�r)r&r+rqrFr�rNr�r�rErGr;r�r�stripr�r�rr�r�r�r�)r$r-r�Zmatchedrzr�Ztmp_addrZiprr�r�get_if_from_ip~sL ��
�

r�c	
Cst�d�}|��t�d�}t�}|D]�}|�|�s6q&tj�d|d�}t�	|tj
tjB�s\q&d}zt�tj�d|d��}Wnt
k
r�YnXzt�|�}Wnt
k
r�Yq&YnX|D]R}zt�tj�||��d}Wnt
k
r�Yq�YnXd|tj�|�f||<q�q&|S)zGet inodes of files in /procr�r�rPr�r�rr�)rN�listdirr�r�compiler�rr�r��access�F_OK�R_OK�readlinkrr��basename)	Z
proc_filesZpat�inodesr�Zfd_pathZexe_path�dirsr��inoderrr�_get_proc_inodes�s4




r�cCsddddddddd	d
dd�}d
dddd�}tj�d|�}t�|tjtjB�sPt�g}d}t|���}|D]�}|�	�}|s~d}qh|t
||dd�}	|�d�r�d}	n|�d�r�|	d
kr�qh||d�	d�\}
}||d}||d}
|�|
t
|d�||
|	f�qh|S)z=Read /proc/net/(tcp|udp)[6] file and return a list of tuples ZESTABLISHEDZSYN_SENTZSYN_RECVZ	FIN_WAIT1Z	FIN_WAIT2Z	TIME_WAITZCLOSEZ
CLOSE_WAITZLAST_ACKZLISTENZCLOSING)rrrCr�r�r�r�r��	�
�rrCr�r�)�
local_addr�stater�r�z	/proc/netFTr�r�rZNArr�r�r�r�)
rNr�r�r�r�r�rr;r�rr�r�r2)ZprotocolZ
tcp_statesZproc_net_fieldsr<r�Z
skipped_first�linesrzZfieldsr�r�rr�r�rrr�_read_proc_net_protocol�sL�
�
r�c	s�d}t��dkr~d�tddd�D],}�d��fdd�t|d|d�D��7�q td��fd	d�tdt��d
�D��d�d}nLg��fdd�tddd�D�D]}��tt|d
���q�td���d�d}|S)zDConvert an address from /proc/net/(tcp|udp)* to a normalized addressrr�rr�csg|]}�|d|��qS�rr�r�r���paddrrrr�sz(convert_proc_address.<locals>.<listcomp>���r�cs g|]}�||d����qS)r�)r�rr�rrr�	sr�Tcsg|]}�|d|��qSrrrrrrr�
sr��.F)rr�r�r9r2r^r�)rZ	convertedr�r)rrr�convert_proc_addresss"*���rc
Cs�t�}ddg}|r|ddg7}|D]B}zt|�||<Wq"tk
rbtd|�}t|�Yq"Yq"Xq"t�}t|���}|��d}|D]`}||D]R\}}	}
}}t	|�}
d}t
|�|kr�|t
|�}|d|d	|
|	f||
||f7}q�q�|S)
z5netstat-style output, without IPv6 address truncationrrZtcp6Zudp6z!Could not get statistics for '%s'rr�z%-5s %-46s %-11s %-5s %-11s %s
z%s:%s)r�r�rrrr��list�keysr�rr�)r-Z
proc_net_datar
�pr�r�Z	protocolsrnr�rr�r�r�r$r�rrrr�s:
�r�cCsR|dkr|S|�d�r@t|�dkr(|}qNtj�||dd��}ntj�||�}|S)zAdd prefix to dirNrrr)r�rrNr�r�)r�r�Znewdirrrr�	_findpath7s
r
cCs4tjddkrt�|d�St�|jddd���d�S)z,Take a string and convert it to a hex stringrrC�hexrerf)�errorsrD)rIrM�codecsrh�binasciiZhexlify�decode)rnrrr�
hex_encodeEsrcCs0tjddkr |jdd��d�St�|��d�S)z,Take a hex string and convert it to a stringrrCr)�encodingre)rIrMrrZ	unhexlify)�hrrr�
hex_decodeNsr�
/run/ufw.lockcCs$d}|s t|d�}t�|tj�|S)zCreate a blocking lockfileN�w)r;r��lockfZLOCK_EX)ZlockfileZdryrun�lockrrr�create_lockUs

rcCs@|dkrdSzt�|tj�|��Wntk
r:YnXdS)z(Free lockfile created with create_lock()N)r�rZLOCK_UNr@r)rrrr�release_lock^sr)r	)T)T)N)NT)F)rF)I�__doc__Z
__future__rrr
rFr�rjrirNrrTr
r�r[rI�	functoolsrZtempfilerrrwrHZsupported_protocolsrZipv4_only_protocolsrrr&r+r*r1r9r=rArSrXrbrdrprsrrJrvr6rr�r��getpidr�r�r"r)r3r�r5r�r�r�r�r�r�r�r�r�r�rr�r
rrrrrrrr�<module>s�
7


	'.#:4

9&
 /%/#	
@ Telegram