HEX
Server: Apache
System: Linux scp1.abinfocom.com 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: confeduphaar (1010)
PHP: 8.1.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /usr/libexec/kcare/python/kcarectl/__pycache__/
Upload Files
File: //usr/libexec/kcare/python/kcarectl/__pycache__/libcare.cpython-38.pyc
U

n�hYF�@s�ddlZddlZddlZddlZddlZddlmZmZmZm	Z	m
Z
mZmZm
Z
mZmZmZmZmZddlmZmZmZdZdZdZdZd	Zd
d
d
ddd�Zd
ddgddgddddgd�Z dd�Z!dd�Z"Gdd�de#�Z$dd�Z%dNdd �Z&d!d"�Z'd#d$�Z(d%d&�Z)dOd(d)�Z*d*d+�Z+d,d-�Z,e"d.d/��Z-e"d0d1��Z.d2d3�Z/d4d5�Z0d6d7�Z1d8d9�Z2d:d;�Z3d<d=�Z4e"e%d>d?���Z5ej6e"e%e
j7dfd@dA����Z8e"dBdC��Z9dDdE�Z:dFdG�Z;dPdHdI�Z<dJdK�Z=dLdM�Z>dS)Q�N�)
�auth�capabilities�config�config_handlers�	constants�errors�fetch�	log_utils�
process_utils�selinux�server_info�update_utils�utils)�	HTTPError�json_loads_nstr�urlquotez!/usr/libexec/kcare/libcare-client)z/run/libcare/libcare.sockz/var/run/libcare.sockz /var/cache/kcare/libcare_patchesz /var/cache/kcare/libcare_cvelistz&/etc/sysconfig/kcare/libcare.logrotate�db�qemu)�mysqld�mariadbd�postgres�qemu-kvm�qemu-system-x86_64rrrrr�libcZlibsslZnscdZlibm)rr�libscGstjjtjd|f|��S)N�	userspace)�os�path�joinr�PATCH_CACHE)�libname�parts�r#�-/usr/libexec/kcare/python/kcarectl/libcare.py�get_userspace_cache_path0sr%cs�fdd�}|S)NcsZz�||�W�Sztd�Wn6tk
rR}ztjd�|�dd�W5d}~XYnXXdS)N�
clearcachez$Libcare cache clearing failed: '{0}'F��	print_msg)�libcare_client�	Exceptionr
�logerror�format)�args�kwargs�err��clblr#r$�wrapper5sz$clear_libcare_cache.<locals>.wrapperr#�r1r2r#r0r$�clear_libcare_cache4s
r4cs0eZdZd�fdd�	Zd	dd�Zdd�Z�ZS)
�UserspacePatchLevelNcst||��||�S�N)�super�__new__)�clsr!�buildid�level�baseurl��	__class__r#r$r8CszUserspacePatchLevel.__new__cCs||_||_||_||_dSr6)r;r!r:r<)�selfr!r:r;r<r#r#r$�__init__FszUserspacePatchLevel.__init__cGst|j|jt|�f|��Sr6)r%r!r:�str)r?r"r#r#r$�
cache_pathLszUserspacePatchLevel.cache_path)N)N)�__name__�
__module__�__qualname__r8r@rB�
__classcell__r#r#r=r$r5Bs
r5csdd����fdd�}|S)NcSs�d\}}z�|dkrt�}i}g}t|�D]<}|�dd�||�d�<|�dg�D]}|�|�d	��qNq(d
�dd�|�	�D��}d
�|�}W5tjt|dd�tjt|dd�XdS)
z(KPT-1543 Save info about applyed patches)�rGT)�
ensure_dirN�latest-versionrG�package�patchesZcve�
cSsg|]}d�|��qS)� �r)�.0�recr#r#r$�
<listcomp>]szLrefresh_applied_patches_list.<locals>.save_current_state.<locals>.<listcomp>)
r�atomic_write�LIBCARE_PATCHES�LIBCARE_CVE_LIST�
_libcare_info�_get_patches_info�get�appendr�items)�infoZversionsZcvesZpackagesZ	cves_listrP�patchr#r#r$�save_current_stateQsz8refresh_applied_patches_list.<locals>.save_current_statecs&d}z�||�}|W�S�|�XdSr6r#)r-r.rZ�r1r\r#r$r2cs

z-refresh_applied_patches_list.<locals>.wrapperr#r3r#r]r$�refresh_applied_patches_listPsr^c
Cs@tjpd}t|�}t|���}t�t�|d�|||d�}|dt�	d|�7}t�|d�}zt
�tj
�|dd�}Wn,tjk
r�tjt||�d	d
��YnXt�|j�tt�|����}|�dg�}t�|�s�t�d�|���t|||d
|�d��}	t|d
�}
t|||
d�}tj �!|��r4tj �"|�dk�r�t�|d�}zt
j#||tj$t
�%|	�d�Wn<t&k
�r�}z|j'dk�r�t�(d���W5d}~XYnXt|||
�}
dd|d|
dg}t)j*|d	d	d�\}}}|�r�t�+d�|||���t||d�}tj �,|��stj �-|��rt�|�t�.|
|d�t�/|d|�dS)N�main�uz	latest.v1z?info=�updaterF)�
check_licenseT)�
ignore_errorsrzkLatest LibCare patchset for {0} is incompatible with the current kernecare package version, please upgrade.r;r<zpatch.tar.gzrZ	patch_url)�check_signature�hash_checker)i�i�zKC+ licence is required�tarZxfz-Cz--no-same-owner��catch_stdout�catch_stderrz(Patches unpacking error: '{0}' '{1}' {2}�latestz.tmp)0r�PREFIXr�stripr�get_patch_server_url�LIBNAME_MAPrWr
Zencoded_server_lib_infor	�wrap_with_cache_keyr�urlopen_authr�NotFound�shutil�rmtreer%r�set_config_from_patchserver�headersr�nstr�readr�has_lc_capabilities�CapabilitiesMismatchr,r5rArr�exists�getsize�	fetch_url�
USE_SIGNATURE�get_hash_checkerr�code�NoLibcareLicenseExceptionr�run_command�
KcareError�islink�isdir�symlink�rename)r!�build_id�patch_level�prefix�url�	cache_dst�response�meta�required_capabilitiesr;�plevelZ
patch_path�ex�dst�cmdr�stdout�stderrZ	link_namer#r#r$�fetch_userspace_patchnsR

�� 

r�cCsL|t_|st�tj|rdndd�|r0t�tj�d|r@dnd�dS)N�FALSE�YES)�LIBCARE_DISABLEDzlibcare service is �enabled�disabled)	rr��libcare_server_stopr�
update_config�libcare_server_startr
�kcarelogrZ)r�r#r#r$�set_libcare_status�sr�cCs<zt�dd�ddg}Wntk
r,YdSXt�|�dS)N�service�z
/usr/sbin/z/sbin/�libcare�stop�r�find_cmdr*r��r�r#r#r$r��s
r�cCsvtjstj�tj�r:t�tjddg�t�tjddg�n8zt�dd�ddg}Wnt	k
rfYdSXt�|�dS)Nzreset-failedr�Zrestartzlibcare.socketr�r��start)
r�SKIP_SYSTEMCTL_CHECKrrrz�	SYSTEMCTLrr�r�r*r�r#r#r$r��sr�Tc
s�d�dd�t|pg�D��}ddg}�s6|dd|g7}zt|�}Wn2tk
rt}zt�d�|���W5d}~XYnXg}|�d	�D]2}|r�z|�t	�
|��Wq�tk
r�Yq�Xq�d
d�|D�}|D]&}t�fdd�|d
�
�D��|d
<q�|S)N�|css|]}d�|�VqdS)z({0})N)r,)rO�procr#r#r$�	<genexpr>�sz _libcare_info.<locals>.<genexpr>rZz-jz-lz-rz/Gathering userspace libraries info error: '{0}'rLcSs$g|]}|�d�|�d�|d��qS)�comm�pid)r�r�r)�pop)rO�liner#r#r$rQ�sz!_libcare_info.<locals>.<listcomp>c3s&|]\}}d|ks�s||fVqdS)�patchlvlNr#)rO�k�v��patchedr#r$r��sr)r�sortedr)r*rr�r,�splitrX�json�loads�
ValueError�dictrY)r��limitZregexpr��linesr/�resultr�r#r�r$rU�s&"$rUcCs�t�}|D]0}|d��D]\}}|�|d|df�qq
g}tD]V}|D]L\}}t||t|�d�}	tj�|	�rLt	|	d��}
|�
t�|
��W5QRXqLqD|S)Nrr:r�z	info.json�r)
�setrY�add�
USERSPACE_MAPr%rArr�isfile�openrXr��load)rZrKrP�_�datar�r�r�r�Zpatch_info_filename�fdr#r#r$rV�srVcCs
tt��Sr6)rVrUr#r#r#r$�libcare_patch_info_basic�sr�cCs"t�}|st�d�t�d|i�S�NzNo patched processes.r�)r�r
r+r��dumps�r�r#r#r$�libcare_patch_info�s
r�cCs"t�}|st�d�t�d|i�Sr�)rUr
r+r�r�r�r#r#r$�libcare_info�s
r�cCs*i}t�D]}|�dd�||�d�<q
|S)NrIrGrJ)r�rW)r�rPr#r#r$�_libcare_versions
r�cCs*t���D]\}}|�|�r
|Sq
dS)NrG)r�rY�
startswith)r!rJ�versionr#r#r$�libcare_version
s

r�cCsd�dd�|D��dS)N�css|]}t�|�dVqdS)�N)r�bstr)rO�pr#r#r$r�sz(libcare_client_format.<locals>.<genexpr>r�rN)�paramsr#r#r$�libcare_client_formatsr�cCs,tD]}tj�|�r|Sqt�d��dS)NzLibcare socket is not found.)�LIBCARE_SOCKETrrrzrr�)Zlibcare_socketr#r#r$�get_available_libcare_sockets
r�cGs�tjrt�d��t�tjtjd�}|�d�d}z||�	t
��|�tj�t|�}t
�dj|d��|�|�|�d�}|s~q�||7}qn|�dd	�}t
�d
j|d��|W�S|��XdS)NzLibcare is disabled.r�
r�zLibcare socket send: {cmd}r�izutf-8�replacez!Libcare socket recieved: {result}r�)rr�rr��socket�AF_UNIX�SOCK_STREAM�
settimeout�close�connectr��LIBCARE_SOCKET_TIMEOUTr�r
�logdebugr,�sendall�recv�decode)r��sock�resr�r�r�r#r#r$r)s&




r)cCs�|D]�}ztdt|��Wn2tk
rL}zt�d�|���W5d}~XYnXztd�Wqtk
r�}zt�d�|���W5d}~XYqXqdS)NZstoragez(Userspace storage switching error: '{0}'raz%Userspace patch applying error: '{0}')r)r%r*rr�r,)r�r�r/r#r#r$�libcare_patch_apply4s"r�c
CsDztd�Wn2tk
r>}zt�d�|���W5d}~XYnXdS)N�unloadz&Userspace patch unloading error: '{0}')r)r*rr�r,)r/r#r#r$�libcare_unloadAsr�c
Cs�t��t�|tjkr"tjs"dS|dkr6tt�	��}g}|D]}|�
t�|g��q>|snt�
d�|��dSt|d�\}}}}|r�t�d��|s�t�
d�dSt�tj�tjd��t�zt|�Wn>tjk
�r}zt�t|��t�d��W5d}~XYnXt�}	t|	�}
ttdd	�|	D����s2dSt�d
j|d��t�dj|
d
��tdd	�|
� �D��}tdd	�|� �D��}||}
t!dd	�|
� �D��}t�
djt"|
�|d��|
�#�D] \}}t�
d�|t"|����q�|	S)z0Patch userspace processes to the latest version.NzNo such userspace patches: {0}�r�z:There was an errors while patches downloading (unpacking).zNo patches were found.rz+There was an errors while patches applying.css|]}|dVqdS)rNr#)rO�itemr#r#r$r�|sz&do_userspace_update.<locals>.<genexpr>zPatched before: {before})�beforezPatched after: {after})�aftercss|]}|D]
}|Vq
qdSr6r#�rOrYr�r#r#r$r��scss|]}|D]
}|Vq
qdSr6r#r�r#r#r$r��scss|]}t|�VqdSr6)�len)rOr�r#r#r$r��sz�The patches have been successfully applied to {count} newly discovered processes. The overall amount of applied patches is {overall}.)�count�overallz*Object `{0}` is patched for {1} processes.)$r�log_all_parent_processes�rotate_libcare_logsr�UPDATE_MODE_AUTOr�LIB_AUTO_UPDATE�listr��keys�extendrWr
�loginfor,�check_userspace_updatesrr�r�restore_selinux_contextrrrr r�r+rArU�_get_userspace_procs�anyr�r��values�sumr�rY)�moder�Zprocess_filterZuserspace_patch�failed�something_foundr�r�r�Z
data_afterr�Zuniq_procs_afterZuniq_procs_beforeZdiffr�r�r�r#r#r$�do_userspace_updateJsX

��rcCsPzt�\}}}}Wntjk
r*YdSX|r4dS|r<dStjdd�rLdSdS)N�r�.libcarestatus��filename�r)r�rr�r�status_gap_passed)rr��libs_not_patchedr#r#r$�get_userspace_update_status�srcCs\i}|D]N}|d��D]<\}}|�d�r||kr:g||<||�|d|df�qq|S)Nrr�r�r�)rYrWrX�rZr�r�r!rPr#r#r$r��s
r�c
CsFt�}|D]6}|d��D]$\}}|�||d|�dd�f�qq
|S)Nrr:r�r)r�rYr�rWrr#r#r$�_get_userspace_libs�s
 rcs,�sg��fdd�t��D�td�d�}t|�}d}}d}t|�D]�}|\}}}	z t|||	�d}|	dkrrd}WqFtjk
r�}
zd}t�	t
|
��W5d}
~
XYqFtjtjfk
r�YqFtj
k
r��YqFtjk
�r}zd}t�t
|��W5d}~XYqFXqFtjdd�||||fS)	Ncsg|]}��|��qSr#)r�)rOrr�r#r$rQ�sz+check_userspace_updates.<locals>.<listcomp>F)r�r�Trrr	)r�rrUr�rr�rryr
�logwarnrArqr��AlreadyTrialedExceptionr�r+r�touch_status_gap_file)r�Zdata_beforer�rrr
rPr!r�r��er�r#r�r$r��s4
"r�c
s^d}d}tjddd�}|r�ztj|tgdd�\}}}Wn.tk
rd}zd}t|�}W5d}~XYnX|r�tjd	�|�dd
�ntj	ddd
�d�t
j���s�dSt
jd
}z�t
���}t�d����fdd�|D�}dd�|D�}|jdd�d}	|D]8\}}
|	t
j�|
�7}	|	|kr�t
�|
�tj�d|
�q�Wn$tk
�rXtjddd
�YnXdS)NrrGZ	logrotateF)�	raise_excT)rirz5failed to run logrotate for libcare logs, stderr: {0}r'zlogrotate utility wasn't foundz/var/log/libcare/iz^\d+\.log.*cs$g|]}��|�rtj��|��qSr#)�matchrrr)rO�fn�Zlibcare_log_directoryZ	pidlog_rer#r$rQ�s
z'rotate_libcare_logs.<locals>.<listcomp>cSsg|]}tj�|�|f�qSr#)rr�getctime)rO�fpr#r#r$rQ�s)�reversez%Removed %s because of logs size limitz)Failed to cleanup libcare server logfiles)rr�r��LIBCARE_LOGROTATE_CONFIGr*rAr
r+r,rrrr�r�!LIBCARE_PIDLOGS_MAX_TOTAL_SIZE_MB�listdir�re�compile�sortr{�remover�rZ�logexc)�rcr�Zlogrotate_pathr�rZmax_total_sizeZ	log_filesZpidlog_filesZpidlog_files_with_ctZ
total_size�filepathr#rr$r��s<



r�cCsLzt�dd�ddg}Wntk
r,YdSXtj|ddd�\}}}|dkS)	zKAssume that whenever the service is not running, we did not patch anything.r�r�r��statusFTrgrr�)r�rr�r#r#r$�libcare_server_startedsr')N)TN)N)?r�rrrrr�rGrrrrrrr	r
rrr
rr�py23rrr�Dict�List�TupleZLIBCARE_CLIENTr�rSrTrrnr�r%r4�intr5r^r�r�r�r�rUrVr�r�r�r�r�r�r�r)r�r��skip_if_no_selinux_module�UPDATE_MODE_MANUALrrr�rr�r�r'r#r#r#r$�<module>sf<
�
3




G

"*
@ Telegram