HEX
Server: Apache
System: Linux 162-240-236-42.bluehost.com 3.10.0-1160.114.2.el7.x86_64 #1 SMP Wed Mar 20 15:54:52 UTC 2024 x86_64
User: bt667 (1004)
PHP: 8.2.29
Disabled: NONE
$ pwd: /usr/libexec/kcare/python/kcarectl/
Upload Files
File: //usr/libexec/kcare/python/kcarectl/__init__.pyc
�
��	ic@s�ddlmZddlZddlZddlZddlZddlZddlZddlZddl	Z	ddl
Z
ddlZddlZddl
Z
ddlZddlZddlZddlmZddlmZddlmZddlmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*ddlm+Z+m,Z,m-Z-dd	l.m/Z/m0Z0m1Z1m2Z2m3Z3d
Z4dZ5dxZ6dZ7dZ8dyZ9dZ:dZ;ej<dej=�Z>ej<d�Z?ej@jAd�r6ej@jBdd�nejCddeD�eEr�ddlFmGZGmHZHmIZImJZJmKZKmLZLne#jMjNejO�d�ZPd�ZQd�ZRd �ZSd!�ZTdd"�ZVd#�ZWd$�ZXd%�ZYd&�ZZd'�Z[d(�Z\d)e]fd*��YZ^d+e+fd,��YZ_d-e+fd.��YZ`d/e+fd0��YZad1�Zbed2��Zcdd3�Zdd4�Zed5�ZfiZgd6�Zhehe1ji_jeked7d�spyRddllZmddlnZoemjpjqeojr�emjpjqd8�kresd9��nWnesk
r"qpXd:�Zte1juZvd;ewfd<��YZxd=e1jufd>��YZyeye1_und?�Zzej{d@�Z|dA�Z}dB�Z~dCewfdD��YZdE�Z�dF�Z�eEdG�Z�dH�Z�dI�Z�eEdJ�Z�dK�Z�dL�Z�dM�Z�dN�Z�dO�Z�dP�Z�dQ�Z�dR�Z�dS�Z�dT�Z�dU�Z�dV�Z�dW�Z�dX�Z�dY�Z�dZ�Z�dd[�Z�d\�Z�d]�Z�d^�Z�d_�Z�d`eEda�Z�db�Z�dc�Z�dd�Z�de�Z�d`eEdf�Z�dg�Z�dh�Z�didzdj��YZ�dk�Z�dl�Z�dm�Z�dn�Z�ej�ej{do�Z�dp�Z�ej�dq�Z�dr�Z�ds�Z�dt�Z�ddu�Z�dv�Z�dw�Z�dS({i����(tprint_functionN(tArgumentParser(tcontextmanager(tdatetimei(tanomalytauthtcapabilitiestconfigtconfig_handlerst	constantsterrorstfetcht
http_utilstipv6_supporttkcaretlibcaret	log_utilstplatform_utilst
process_utilstselinuxtserver_infotserveridtupdate_utilstutils(t
KcareErrortNotFoundtSafeExceptionWrapper(t	HTTPErrortURLErrorthttplibtjson_loads_nstrt	urlencodeictv3t12ht24ht48httests./etc/sysconfig/kcare/freezer.modules.blacklists/usr/libexec/kcare/kcdoctor.shs	latest.v3s	latest.v2s /etc/sysconfig/kcare/sysctl.confi
s$==BLACKLIST==
(.*)==END BLACKLIST==
s'(kpatch.*|ksplice.*|kpatch_livepatch.*)s/usr/libexec/kcare/pythonitignoretcategory(tAnytDicttOptionaltSettTupletUnioncCs_t�}tjjt�r[ttd�}x!|D]}|j|j��q1W|j�n|S(Ntr(	tsettostpathtisfiletFREEZER_BLACKLISTtopentaddtrstriptclose(tresulttftline((s./usr/libexec/kcare/python/kcarectl/__init__.pytget_freezer_blacklistRs	

cCsY|jd�}|r8dj|d||dg�}ndj|d|dg�}|S(Nt.ii����(tsplittjoin(tptypetfilenamet
name_parts((s./usr/libexec/kcare/python/kcarectl/__init__.pyt_apply_ptype\s
#cCsmt|tj�t_t|tj�t_t|tj�t_t|tj�t_t|tj�t_dS(N(RARt	PATCH_BINt
PATCH_INFOtBLACKLIST_FILEtFIXUPS_FILEt
PATCH_DONE(R>((s./usr/libexec/kcare/python/kcarectl/__init__.pytapply_ptypees
c
Cs�tj�\}}}d}t|t�r�t|t�r�y)d|jtj|j�|jf}Wq�t	t
fk
r|q�Xnut|tt
tf�r�t|t�r�d|}n@t|t
�r�|jp�t|j�}|jp�d|j}ntj�}itjd6tj�d6|dd6|dd	6t|d
t|��d6|d6djtj|d
��d6t|dd�d6S(Nts[Errno %i] %s: '%s's%st
agent_versiontpython_versionitdistroitdistro_versiont__name__terrortdetailsidt	tracebacktattempts(tsystexc_infot
isinstancetOSErrorRterrnoR/tstrerrorR?tAttributeErrort	TypeErrortKeyErrortIOErrorRtetypettypetinnerRORt
get_distroR	tVERSIONtget_python_versiontgetattrtstrR=RPt	format_tb(R\tvaluettbtdetails_sanitizedRK((s./usr/libexec/kcare/python/kcarectl/__init__.pyt format_exception_without_detailsms,)(


cCs�tjr
dStjt��}tjtjtj	|���}tj
d�d|}tj|t
j��}ytj|�Wntk
r�nXdS(Ns/api/kcarectl-traces?trace=(RtUPDATE_FROM_LOCALtjsontdumpsRhRtnstrtbase64turlsafe_b64encodetbstrtget_patch_server_urlRthttp_requestRtget_http_auth_stringturlopen_baset	Exception(ttracet
encoded_traceturltrequest((s./usr/libexec/kcare/python/kcarectl/__init__.pytsend_exc�s	!
cCstj�}|dkr,tj|d�dStj�tj�}|dkr^tjd�ntjd�ttjd��3}tj	|j
�d�tj	|j
�d�WdQX|r�tj|�ny|�Wn.t
k
rtjjd�tjd�nXtjd�dS(s�
    Run func in a fork in an own process group
    (will stay alive after kcarectl process death).
    :param func: function to execute
    :return:
    iNtaiisWait exception(R/tforktwaitpidtsetsidt_exitR6R3R	tLOG_FILEtdup2tfilenottimetsleepRtRtkcarelogt	exception(tfuncR�tpidtfd((s./usr/libexec/kcare/python/kcarectl/__init__.pyt
nohup_fork�s(


c	Cs�tjjtjd�}tjj|�r�t|d��\}yAt|j��}|t	j
tj�kr|t||��nWnt
k
r�nXWdQXntj|tj��dS(sCheck the fact that there was a failed patching attempt.
    If anchor file not exists we should create an anchor with
    timestamp and schedule its deletion at $timeout.

    If anchor exists and its timestamp more than $timeout from now
    we should raise an error.
    s.kcareprev.lockR-N(R/R0R=R	tPATCH_CACHER1R3tinttreadRtSUCCESS_TIMEOUTR�tPreviousPatchFailedExceptiont
ValueErrorRtatomic_writet
timestamp_str(tanchor_filepathtafilet	timestamp((s./usr/libexec/kcare/python/kcarectl/__init__.pyttouch_anchor�s

cCs�y#tjtjjtjd��Wntk
r6nXtd|�tj	j
�ytdd�Wn!tk
r�t
jjd�nXdS(s�
    See touch_anchor() for detailed explanation of anchor mechanics.
    See KPT-730 for details about action registration.
    :param state_data: dict with current level, kernel_id etc.
    s.kcareprev.locktdonetreasonsCannot send update info!N(R/tremoveR0R=R	R�RUtregister_actionRtget_loaded_modulestcleartget_latest_patch_levelRtRR�R�(t
state_data((s./usr/libexec/kcare/python/kcarectl/__init__.pyt
commit_update�s#



cCs8tjtjjtjd�dtj||d��dS(Ntpatchestexclude_pathRH(	Rtclean_directoryR/R0R=R	R�Rtget_cache_path(tkhashtplevel((s./usr/libexec/kcare/python/kcarectl/__init__.pytclear_cache�scCs\tjpd}dj||g�}tjd|f}|rL||f7}ntjj|�S(Ntnonet-tmodules(RtPREFIXR=R	R�R/R0(R�tfnametprefixt
module_dirR7((s./usr/libexec/kcare/python/kcarectl/__init__.pytget_current_level_path�scCs)tjt|d�t|�dt�dS(Ntlatestt
ensure_dir(RR�R�RctTrue(R�tpatch_level((s./usr/libexec/kcare/python/kcarectl/__init__.pytsave_cache_latest�scCswt|d�}tjj|�rsy5tt|d�j�j��}tj	||�SWqst
tfk
roqsXndS(NR�R-(
R�R/R0R1R�R3R�tstripRtLegacyKernelPatchLevelR�RYtNone(R�tpath_with_latesttpl((s./usr/libexec/kcare/python/kcarectl/__init__.pytget_cache_latest�s!tCertificateErrorcBseZRS((RMt
__module__(((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�stUnknownKernelExceptioncBseZd�ZRS(cCs9tj|djtj�dtj�tj���dS(NsLNew kernel detected ({0} {1} {2}).
There are no updates for this kernel yet.i(	Rtt__init__tformatRR_tplatformtreleaseRtget_kernel_hash(tself((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�s(RMR�R�(((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�stApplyPatchErrorcBseZd�Zd�ZRS(cOsctt|�j||�||_||_||_||_tj�d|_	t
j�|_dS(Ni(tsuperR�R�tcodet
freezer_styletlevelt
patch_fileRR_RKR�R�(R�R�R�R�R�targstkwargs((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�s				cCsPdj|j|j|j|j|jdjg|jD]}t|�^q4��S(Ns0Unable to apply patch ({0} {1} {2} {3} {4}, {5})s, (	R�R�R�R�RKR�R=R�Rc(R�ti((s./usr/libexec/kcare/python/kcarectl/__init__.pyt__str__#s(RMR�R�R�(((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�s		R�cBseZd�Zd�ZRS(cOs/tt|�j||�||_||_dS(N(R�R�R�R�tanchor(R�R�R�R�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�0s	cCsd}|j|j|j�S(Ns�It seems, the latest patch, applying at {0}, crashed, and further attempts will be suspended. To force patch applying, remove `{1}` file(R�R�R�(R�tmessage((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�5s(RMR�R�R�(((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�/s	cCs�tj�dj|�}y�tj|�}tjtj|j���}t	|d�}|dkrutj
d�nN|dkr�tj
d�n2|dkr�tj
d�ntj
d	j|��|SWn#tk
r�}tj
||�nXd
S(Ns"/nagios/register_key.plain?key={0}R�isKey successfully registeredisWrong key format or sizeis!No KernelCare license for that IPsUnknown error {0}i����(R
tget_registration_urlR�RturlopenRtdata_as_dictRlR�R�t
print_wrapperRRtprint_cln_http_error(tkeyRwtresponsetresR�te((s./usr/libexec/kcare/python/kcarectl/__init__.pyt!set_monitoring_key_for_ip_license>s ccsUtjr"tjtjdt�nz	dVWdtjrPtjtjdt�nXdS(Ntshell(RtBEFORE_UPDATE_COMMANDRtrun_commandR�tAFTER_UPDATE_COMMAND(((s./usr/libexec/kcare/python/kcarectl/__init__.pyt
execute_hooksRs			cCsBt�}|j}|j}tj�}|dkr�it|�d6tjd6tj	�d6t
j�d6|d6tt
j��d6|d6}tjd	�tjtj|��n�tjd	�tjt|��tjd
t|��tjtj�tjtj	��tjt
j��tj|�tjt
j��dS(s1
    The output will consist of:
    Ignore output up to the line with "--START--"
    Line 1: show if update is needed:
        0 - updated to latest,
        1 - update available,
        2 - unknown kernel
        3 - kernel doesn't need patches
        4 - no license, cannot determine
    Line 2: licensing message (can be skipped, can be more then one line)
    Line 3: LICENSE: CODE: 1: license present, 2: trial license present, 0: no license
    Line 4: Update mode (True - auto-update, False, no auto update)
    Line 5: Effective kernel version
    Line 6: Real kernel version
    Line 7: Patchset Installed # --> If None, no patchset installed
    Line 8: Uptime (in seconds)

    If *format* is 'json' return the results in JSON format.

    Any other output means error retrieving info
    :return:
    Rjt
updateCodet
autoUpdateteffectiveKernelt
realKerneltloadedPatchLeveltuptimetlicenses	--START--s	LICENSE: N(t_patch_level_infoR�tapplied_lvlRtlicense_infoRcRtAUTO_UPDATERtkcare_unameR�R�R�Rt
get_uptimeRR�RjRk(tfmttplitupdate_codet	loaded_pltlicense_info_resulttresults((s./usr/libexec/kcare/python/kcarectl/__init__.pytplugin_info^s.			







cCsutj�}ytdd�}Wntk
r@tjr<dSdSX|dkrQdS||kradStj�rqdSdS(NR�tinfoiiii(	Rtloaded_patch_levelR�R�RtIGNORE_UNKNOWN_KERNELR�Rtstatus_gap_passed(t
current_leveltlatest_patch_level((s./usr/libexec/kcare/python/kcarectl/__init__.pytget_update_status�s
cCs=tj�d \}}|dkr5|jd�r5dSdSdS(Nit
CloudLinuxs7.textraRH(RR_t
startswith(RKtversion((s./usr/libexec/kcare/python/kcarectl/__init__.pytedf_fallback_ptype�scCs�|j|jf}tj||�}tj||j�|_|jjtj	tj
d�|tkr~|jj�d t|<n|jr�|j
�ndS(s�Function remembers IP address of host connected to
    and uses it for later connections.

    Replaces stdlib version of httplib.HTTPConnection.connect
    iiN(thosttporttCONNECTION_STICKY_MAPtgettsockettcreate_connectionttimeouttsockt
setsockopttIPPROTO_TCPtTCP_NODELAYtgetpeernamet_tunnel_hostt_tunnel(R�taddrt
resolved_addr((s./usr/libexec/kcare/python/kcarectl/__init__.pytsticky_connect�s	tHAS_SNIs0.13s%No pyOpenSSL module with SNI ability.cGstS(N(R�(R�((s./usr/libexec/kcare/python/kcarectl/__init__.pytdummy_verify_callback�stSSLSockcBs,eZd�Zd�Zd�Zd�ZRS(cCs||_d|_dS(Ni(t	_ssl_connt_makefile_refs(R�R((s./usr/libexec/kcare/python/kcarectl/__init__.pyR��s	cGs(|jd7_tj|jdt|�S(NiR6(RRt_fileobjectRR�(R�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pytmakefile�scCs0|jr,|jr,|jj�d|_ndS(N(RRR6R�(R�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR6�s
cGs|jj|�S(N(Rtsendall(R�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�s(RMR�R�RR6R(((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�s			tPyOpenSSLHTTPSConnectioncBseZd�ZRS(cCs
tjj|�tjjtjj�}|jtjjtjj	B�t
jrg|jtjj
t�n|jtjjt�|j�tjj||j�}|j�|jp�|j}|j|j��|j�t
jr�t|j�|�nt|�|_dS(N(RtHTTPConnectiontconnecttOpenSSLtSSLtContextt
SSLv23_METHODtset_optionstOP_NO_SSLv2tOP_NO_SSLv3RtCHECK_SSL_CERTSt
set_verifytVERIFY_PEERRtVERIFY_NONEtset_default_verify_pathst
ConnectionRtset_connect_stateR	R�tset_tlsext_host_nametencodetdo_handshaketmatch_hostnametget_peer_certificateR(R�tctxtconntserver_host((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�s	


	(RMR�R(((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�sc
CsHtjr7tj||�}tjtj�|dt�S|dk}tj	oO|}x�t
|ft|fttfgD]�\}}tj|d|d|�}	tj|	d|�}
|r�dj
|
�}
ntj|t||��d|
}d	}|s�|r7t|�|kr7|rd
nd}tjd|�qtny�tjtj�|dt�}
tjr�tj|	�r�tj|	�}tj|�}|r�tjd
j
|�dt�ntjddt�|r�|j�q�n|
SWqttk
r?}|s�|r9|jdks|jdkr9tjdj
|��qtn�qtXqtWdS(Nt
check_licenses	latest.v1s	latest.v2tsecure_boot_infotperf_metricstb64_encodingsinfo={0}t?iXssecure boot infosperf metricss.Check-in URL param is too large, discarding %ss:Automatic kernel anomaly report uploaded successfully: {0}t	print_msgs$Failed to send kernel anomaly reporti�i�i�sCCheck-in request failed with error: {0}, retrying with reduced info(s	latest.v1s	latest.v2(i�i�(RRiRtget_kernel_prefixed_urlRtwrap_with_cache_keyRturlopen_authtFalsetSEND_PERF_METRICSR�Rtencode_checkin_payloadR�tstickyfytlenRtlogwarntKERNEL_ANOMALY_REPORT_ENABLERtdetect_anomalytprepare_kernel_anomaly_reporttsend_data_packagetloginfotremove_archiveRR�(R�R�R�tmodeRwR2tperf_enabledR0R1tsinfot
request_paramtmax_url_lengthtdiscard_infoR7tdata_packagetupload_nametex((s./usr/libexec/kcare/python/kcarectl/__init__.pyt_fetch_patch_level_request	sB	.#*c	Cs�tj�}tjdk	r4tj|ttj��SxKtD]C}y�t||||�}t	j
|j�t�t
j|j��j�}tjdj||�dt�|r |jd�r t|�}|jdg�}tj|�s�tjd��ntj||d|d|d�Stj|t|��SWq;tk
rJq;tk
r}}|jdkrwt d��n�q;Xq;Wt!��dS(
Ns;fetch patch level, reason: {0}, kernel latest response: {1}R4t{RseLatest KernelCare patchset is incompatible with the current kernecare package version, please upgradeR�tbaseurlR�i�i�sKC licence is required(i�i�("RR�RtPATCH_LEVELR�R�R�tPATCH_LATESTRMRtset_feature_flags_from_headerstheaderstupdate_all_kmod_paramsRRlR�R�RRBR�R8R�RRRthas_kc_capabilitiesR
tCapabilitiesMismatchtKernelPatchLevelRRR�RR�(	R�RDR�R�R�R�tlatest_infotrequired_capabilitiesRL((s./usr/libexec/kcare/python/kcarectl/__init__.pytfetch_patch_level6s2
"
cCso|jt|tj��}tjjdj|��y!tj	|dt
dd�tSWn_tk
r�tjjdj|��t
St
k
r�}tjjdj|t|���nX|jt|tj�tj�}tjjdj|��ytj	|dt
�Wn_tk
r6tjjdj|��t
Stk
rj}tjjdj|t|���nXtS(NsProbing patch URL: {0}R/tmethodtHEADs{0} is not available: 404sFHEAD request for {0} raised an error, fallback to the GET request: {1}s{0} is not available: {1}(tfile_urlRARRBRR�R�R�RR7R8R�RRttdebugRcR	tSIGR(R�R>tbin_urlRLRw((s./usr/libexec/kcare/python/kcarectl/__init__.pytprobe_patchWs(
&"
&cCsg|tjkr$|jtj�}n|j|�}|j|�}tj||tjdtj	|��S(Nthash_checker(
R	tKMOD_BINtkmod_urlR]t
cache_pathRt	fetch_urlRt
USE_SIGNATUREtget_hash_checker(R�tnameRwtdst((s./usr/libexec/kcare/python/kcarectl/__init__.pytfetch_and_verify_kernel_fileps
tPatchFetchercBsAeZdd�Zd�Zd�Zd�Zd�Zd�ZRS(cCs
||_dS(N(R�(R�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�{scCst|j|�S(N(RkR�(R�Ri((s./usr/libexec/kcare/python/kcarectl/__init__.pyt_fetch~scCs�|jjtj�}|jjtj�}|jjtj�}|jjtj�}td�||||fD��o�t	j
j|�dko�t	j
j|�dkS(Ncss!|]}tjj|�VqdS(N(R/R0R1(t.0R0((s./usr/libexec/kcare/python/kcarectl/__init__.pys	<genexpr>�si(R�ReRRFRBRCR	RctallR/R0tgetsize(R�tpatch_done_pathtpatch_bin_pathtpatch_info_patht
kmod_bin_path((s./usr/libexec/kcare/python/kcarectl/__init__.pytis_patch_fetched�s"cCs�|jdkrtd��n|js.|jS|j�rNtjd�|jStjd�t|jtj�r�y(t	j
|jjtj
�dd�}Wntk
r�q�X|jjdd�}|r�|jjtj|��|_q�ny|jtj
�Wn5tk
r6tdj|jtjp*d���nX|jtj�|jtj�|j�tj|jjtj�d	d
d�tj tj!�|jS(Ns+Cannot fetch patch as no patch level is setsUpdates already downloadedsDownloading updatesR[R\sKC-Base-UrlsfThe `{0}` patch level is not found for `{1}` patch type. Please select valid patch type or patch leveltdefaultRHRDtwb("R�R�R�RuRRBRTRR�RR7R]RRBRRSRtupgradeRRlRmRR�t
PATCH_TYPERCR	Rctextract_blacklistR�ReRFRtrestore_selinux_contextR�(R�trespRO((s./usr/libexec/kcare/python/kcarectl/__init__.pytfetch_patch�s8	

(
$

%cCsqt|jjtj�d�j�}|rmtj|�}|rmtj	|jjtj
�|jd��qmndS(NR-i(R3R�ReRRCR�tBLACKLIST_REtsearchRR�RDtgroup(R�tbuftmo((s./usr/libexec/kcare/python/kcarectl/__init__.pyRz�s
$cCs�|dkrdSyt|tj�}Wntk
r:dSX|jjdd�}|rq|jtj	|��}n|j
tj�}t|d��2}tg|j
�D]}|j�^q��}WdQXx|D]}t||�q�Wtjtj�dS(s�
        Download fixup files for defined patch level
        :param level: download fixups for this patch level (usually it's a level of loaded patch)
        :return: None
        NsKC-Base-UrlR-(R�RkRRERRSRRxRRlReR3R.t	readlinesR�RR{R	R�(R�R�R|ROtfixups_fnameR8tfixuptfixups((s./usr/libexec/kcare/python/kcarectl/__init__.pytfetch_fixups�s
1
N(	RMR�R�R�RmRuR}RzR�(((s./usr/libexec/kcare/python/kcarectl/__init__.pyRlys			(	cCsLt�}tj|j�|jtjkr;tjd�n
tjd�dS(Nii(	R�RR�tmsgR�tPLItPATCH_NEED_UPDATERRtexit(R�((s./usr/libexec/kcare/python/kcarectl/__init__.pytkcare_check�s
	c	Cs�t�}t|�}ytj�}Wntk
r>i}nXtj�}d}|dk	r|tj	|d�j
d�}ntj�}t|j
dg��}td�|D��}tj�}|s�tjd�n
tjd�tjdj|��tjd	j|��|d
kr6tjdj|��n|d
kr[tjdj|��n||d
kr{tjd
�ntjd�dS(NtUnknownttss%Y-%m-%dR�css'|]}t|jdg��VqdS(R�N(R<R(Rntrec((s./usr/libexec/kcare/python/kcarectl/__init__.pys	<genexpr>�ss$KernelCare live patching is disableds"KernelCare live patching is actives - Last updated on {0}s - Effective kernel version {0}is* - {0} kernel vulnerabilities live patcheds- - {0} userspace vulnerabilities live patcheds% - This system has no applied patchess(Type kcarectl --patch-info to learn more(R�t_kcare_patch_info_jsonRtlibcare_patch_info_basicRRt	get_stateR�Rt
fromtimestamptstrftimeR�R<RtsumR�RR�R�(	R�t
kcare_infotlibcare_infotstatet
latest_updateteffective_versiontkernel_vulnerabilitiestuserspace_vulnerabilitiesR�((s./usr/libexec/kcare/python/kcarectl/__init__.pytshow_generic_info�s4	


c	Cs:y�tdddtj�}|s*t�n|jtj�}tjt	j
|�j��}|r�gi}}xU|jd�D]D}tj
|�}|r�d|kr�|j|�q}|j|�q}W||d<tj|�}ntj|�WnDtk
r}tj||j�dStk
r5tjd�nXd	S(
s�
    Retrieve and output to STDOUT latest patch info, so it is easy to get
    list of CVEs in use. More info at
    https://cloudlinux.atlassian.net/browse/KCARE-952
    :return: None
    R�R�tpolicys

skpatch-nameR�isNo patches availablei(R�R	t
POLICY_REMOTER�R]RRCRRlRR7R�R<R�tappendtupdateRjRkR�RRR�Rw(	tis_jsonR�Rwt
patch_infoR�R7tchunktdataR�((s./usr/libexec/kcare/python/kcarectl/__init__.pytkcare_latest_patch_infos,	


cCs�i|jd6}|jdk	r�t|�}g}xU|jd�D]D}tj|�}|rxd|krx|j|�qA|j|�qAW||d<t	j
�}|r�|dnd|d<n|S(NR�s

skpatch-nameR�R�tunknown(R�R�R�t_kcare_patch_infoR<RR�R�R�Rtread_dumped_kernel_patch_level(R�R7R�R�R�R�tsaved_patch_level((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�&s
cCs|tj�}tj||jtj�}tjj|�sHt	d��nt
|d�j�}|rxtj
d|�}n|S(NsvCan't find information due to the absent patch information file. Please, run /usr/bin/kcarectl --update and try again.R-RH(RR�R�R�RRCR/R0R1RR3R�R~tsub(R�R�ReR�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�:scCs�t�}|sZ|jdkr1tj|j�n|jdkrDdStjt|��n"tjtj	t
|�dt��dS(Nit	sort_keys(R�R�RR�R�R�R�R�RjRkR�R�(R�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�Hs	cCsUtjd|g}tj|�}tj�}d}tj||�tj||�kS(Ns	file-infoskpatch-build-time(R	t
KPATCH_CTLRtcheck_outputRt_patch_infotget_patch_value(tnew_patch_fileR�tnew_patch_infotcurrent_patch_infotbuild_time_label((s./usr/libexec/kcare/python/kcarectl/__init__.pyt
is_same_patchTs
cCsh|dkrtS|r&||kr&tS||kr6tStjtj�|tj�}t|�sdtStS(Ni(R8R�RR�R�RRBR�(t
applied_levelt	new_levelR�((s./usr/libexec/kcare/python/kcarectl/__init__.pytkcare_need_update\scCs�tjr�tjjt�o-tjttj�sMtj	j
djt��dStj
dddtgdt�\}}}|dkr�tj	j
dj|��q�ndS(Ns-File {0} does not exist or has no read accesss/sbin/sysctls-qs-ptcatch_stdoutis%Unable to load kcare sysctl.conf: {0}(RtUPDATE_SYSCTL_CONFIGR/R0R1t
SYSCTL_CONFIGtaccesstR_OKRR�twarningR�RR�R�(R�t_((s./usr/libexec/kcare/python/kcarectl/__init__.pyt
update_sysctlns	'*cs�tjjt�s(ttd�j�ntjttj�sZtj	j
djt��dSttd���}|j�}|j
d�x:|D]2�t�fd�|D��s�|j��q�q�Wx|D]}|j|d�q�W|j�WdQXdS(s*Update SYSCTL_CONFIG accordingly the editsRzsFile {0} has no read accessNsr+ic3s|]}�j|�VqdS(N(R�(RnR-(R9(s./usr/libexec/kcare/python/kcarectl/__init__.pys	<genexpr>�ss
(R/R0R1R�R3R6R�R�RR�R�R�R�tseektanytwritettruncate(R�R�tsysctltlinesRz((R9s./usr/libexec/kcare/python/kcarectl/__init__.pytedit_sysctl_confys


cCs<x5|D]-}tj|�rtdj|���qqWdS(NsDDetected '{0}' kernel module loaded. Please unload that module first(tCONFLICTING_MODULES_REtmatchRR�(R�tmodule((s./usr/libexec/kcare/python/kcarectl/__init__.pytdetect_conflicting_modules�s
cCsdjtj��S(Ns/lib/modules/{0}/extra/kcare.ko(R�Rtget_system_uname(((s./usr/libexec/kcare/python/kcarectl/__init__.pytget_kcare_kmod_link�scCsstdd�}tjtj�|tj�}tjj|�sCdSt
|d��}|j�ddkSWdQXdS(NR�R�trbi��s~Module signature appended~
(R�RR�R�R	RcR/R0R1R�R3R�(R�t	kmod_filetvfd((s./usr/libexec/kcare/python/kcarectl/__init__.pytkmod_is_signed�scsEtjd���dkrdSddg}t�fd�|D��S(Ns
/proc/keyst(12ff0613c0f80cfba3b2f8eba71ebc27c5a76170t(69a6d9eed3f620d5c2e13a1d211c46510a5ad9f5c3s|]}|�kVqdS(N((RnR�(tsystem_keys(s./usr/libexec/kcare/python/kcarectl/__init__.pys	<genexpr>�s(Rttry_to_readR�R�(t
kcare_keys((R�s./usr/libexec/kcare/python/kcarectl/__init__.pytkcare_certs_enrolled�s	cKs�d|g}x3|j�D]%\}}|jdj||��qWtj|dt�\}}}|dkr�tdj||���ndS(Ns/sbin/insmods{0}={1}R�isLUnable to load kmod ({0} {1}). Try to run with `--check-compatibility` flag.(titemsR�R�RR�R�R(tkmodR�tcmdR�ReR�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pyt	load_kmod�scCs�tj�rKt�tkr*td��nt�tkrKtd��qKntj�sotj�sotj�r~td��ndS(Ns4Secure boot is enabled. Not supported by KernelCare.s<Secure boot is enabled. No KernelCare certificates enrolled.sWYou are running inside a container. Kernelcare should be executed on host side instead.(	Rtis_secure_bootR�R8RR�tinside_vz_containertinside_lxc_containertinside_docker_container(((s./usr/libexec/kcare/python/kcarectl/__init__.pytcheck_compatibility�s$cCsvtjd�}tj|dgdtdt�ddk}|rr|d
krrtjdj|��tjd	�ndS(NtmodinfotkmodlveR�tcatch_stderritfreeR�s3{0} patch type conflicts with kmodlve kernel modulei(R�sextra(	Rtfind_cmdR�R�RtlogerrorR�RRR�(R>R�thas_kmodlve((s./usr/libexec/kcare/python/kcarectl/__init__.pytcheck_patch_type_compatibility�s
+cCsstjddd|g�}g}xK|jd�D]:}|j�r1|jd�\}}}|j|�q1q1W|S(Ns
/sbin/modinfos-Ftparms
t:(RR�R<R�t	partitionR�(t
kcare_linktstdouttavailable_paramsR9t
param_nameR�((s./usr/libexec/kcare/python/kcarectl/__init__.pytget_kmod_available_params�scCs�itjrdndd6tjr(dndd6tjrAtjndd6ttjt�rctjndd6tjrydndd6S(	Niitkpatch_debugtkmsg_outputtkcore_outputRHt
kdumps_dirtenable_crashreporter(	RtKPATCH_DEBUGtKMSG_OUTPUTtKCORE_OUTPUTtKCORE_OUTPUT_SIZERTt
KDUMPS_DIRRctENABLE_CRASHREPORTER(((s./usr/libexec/kcare/python/kcarectl/__init__.pytmake_kmod_new_params�s"cCsctjr2tjjtj�r2tjtj�nx*t�j�D]\}}t||�qBWdS(N(	RR�R/R0texiststmakedirsR�R�tupdate_kmod_param(tparamtval((s./usr/libexec/kcare/python/kcarectl/__init__.pyRT�scCs�d}tjj||�}tjj|�s1dSy/t|d��}|jt|��WdQXWn'tk
r�tj	j
d||�nXdS(Ns/sys/module/kcare/parameterstws!failed to set %s kmod param to %s(R/R0R=R�R3R�RcRtRR�RN(tkmod_param_nametparam_valuetparams_roott
param_pathR8((s./usr/libexec/kcare/python/kcarectl/__init__.pyR��s
cs�t�}tj||tj�}ytj||�Wntk
rN|}nXtj	r�t
jjtj	�r�t
j
tj	�nt�}t|��t�fd�|j�D��}t||�t�dS(Nc3s-|]#\}}|�kr||fVqdS(N((Rntktv(tavailable_kmod_params(s./usr/libexec/kcare/python/kcarectl/__init__.pys	<genexpr>	s(R�RR�R	RctshutiltcopyRtRR�R/R0R�R�R�R�tdictR�R�t
update_depmod(R�R�R�t
kcare_filetkmod_params((R	s./usr/libexec/kcare/python/kcarectl/__init__.pytload_kcare_kmod�s	

	"
cCs�dg}|dk	r+|jd|g�ntj|dtdt�\}}}|r�tjdjdj|�||�dt	�ndS(Ns/sbin/depmods-aR�R�s%Running of `{0}` failed with {1}: {2}t R4(
R�textendRR�R�RR�R�R=R8(tunameR�R�R�tstderr((s./usr/libexec/kcare/python/kcarectl/__init__.pyR
s	$cCsOtjd|gdt�\}}}|dkrKtdj||���ndS(Ns/sbin/rmmodR�isUnable to unload {0} kmod {1}(RR�R�RR�(tmodnameR�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pytunload_kmods$cCsug}xhdg|D]Y}tj||dj|��}tjj|�rt|�|jdj|��qqW|S(Ntvmlinuxsfixup_{0}.kos	fixup_{0}(RR�R�R/R0R�R�R�(R�R�R�tloadedtmodtmodpath((s./usr/libexec/kcare/python/kcarectl/__init__.pytapply_fixups!s
cCsKxD|D]<}yt|�Wqtk
rBtjjd|�qXqWdS(Ns$Exception while unloading module %s.(RRtRR�R�(R�R((s./usr/libexec/kcare/python/kcarectl/__init__.pyt
remove_fixups+s


cCs�|r|}nMtjr$tj}n8t�j|�rId|tjtfSd|tjtfSidd6dd6dd6dd6dd	6}|j�}||kr�||}n!td
j||tjt���||tjtfS(Ntfreeze_conflictRvtfreeze_nonetNONEtNOFREEZEt
freeze_alltFULLtFREEZEtSMARTs3Unable to detect freezer style ({0}, {1}, {2}, {3})(	RtPATCH_METHODR:tintersectionR�R8tupperRR�(tfreezerR�R[tpatch_method_map((s./usr/libexec/kcare/python/kcarectl/__init__.pytget_freezer_style3s$		

!RHc	sZi|d6|d6|d6�td��tj�}tj�}t|�t||�}tj||tj�}t	||�dj
|tjtj
�tj|��}	d|k}
|
o�tj||�}|dk	}|o�t|�o�tj|	�}
�ji|d6|d6�|
r+td	��dS|r�td
��t|||�}td��t|�td��t|�n|r�td
��td�t}
n|
s�td��t||�n|r�t�ntd��t||||	|�t�tjdj
|tj���t j!�td��t"�fd�dtj#�dS(NR�tfutureRDtstarts{0}-{1}:{2};{3}Rtcurrenttkmod_changedR�tfxptunpatchtunfxptunloadtloadtpatchs5Patch level {0} applied. Effective kernel version {1}twaitcs
t��S(N(R�((R�(s./usr/libexec/kcare/python/kcarectl/__init__.pyt<lambda>�sR�($R�RR�R�R�R*R�RRBR�R�RyRR�tparse_unametis_kmod_version_changedR�R�tkcare_update_effective_versionR�Rtkpatch_ctl_unpatchRRR8RR�tkpatch_ctl_patchR�RRBR�Rttouch_status_gap_fileR�R�(R�R�RDR(t
use_anchorR�R�R�R�tdescriptiontkmod_loadedR.tpatch_loadedt
same_patchR�((R�s./usr/libexec/kcare/python/kcarectl/__init__.pyt
kcare_loadRsR


$!







	




c	Cs�tjg}tj||tj�}tjj|�rL|j	d|g�n|j	dd|g�|j	d|dg�|j
|�tj|dt
�\}}}|dkr�t||||��ndS(Ns-bR4s-ds-miR�(R	R�RR�RRDR/R0R�RR�RR�R�R�(	R�R�R�R>R�R�tblacklist_fileR�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR;�s
cCs�tjtjdd|dgdtdt�\}}}|dkr�tjdj||�dt�t	dj|t
|����ndS(	NR0s-miR�R�s4Error unpatching, kpatch_ctl stdout:
{0}
stderr:
{1}R4sError unpatching [{0}] {1}(RR�R	R�R�RR�R�R8RRc(R�R�R�R((s./usr/libexec/kcare/python/kcarectl/__init__.pyR:�s
1cCsL||d<ttj��|d<tjtjjtjd�t	|��dS(NtactionR�skcare.state(
R�R�RR�R/R0R=R	R�Rc(RDR�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR��s
cCs�d}tjj|�sdSxtj|�D]n}tjj||dd�}tjj|�seq,ntj|�}||kr,tj|�t|�q,q,WdS(Ns/usr/lib/modules/sweak-updatesskcare.ko(	R/R0tisdirtlistdirR=tislinktreadlinktunlinkR
(t	kmod_linktmodules_pathtentryt
sym_link_pathttarget_path((s./usr/libexec/kcare/python/kcarectl/__init__.pytupdate_weak_modules�s
c

Cs�tj�}t�}y|j|�Wn1tk
rY}|sZtdj|���qZnXtj�}t||�}t	��1d|krv|dk	}|rEttj�||�}t
jtjdd|dgdtdt�\}	}
}t|�|	dkrEtjdj|
|�d	t�td
j|	t|����qEntjtjt�ddd
t�t�d�nt�}tjj |�r�tj!|�nt"|�WdQXdS(Ns�Unable to retrieve fixups: '{0}'. The unloading of patches has been interrupted. To proceed without fixups, use the --force flag.RR0s-miR�R�s4Error unpatching, kpatch_ctl stdout:
{0}
stderr:
{1}R4sError unpatching [{0}] {1}tcountitdelay(#RR�RlR�RtRR�R�R*R�R�RR�RR�R	R�R�RRR�R8RcRtretryR
t	check_exctUNLOAD_RETRY_DELAYRR�R/R0R1RIRO(
R(tforceR�tpfterrR�R�tneed_unpatchR�R�R�RRJ((s./usr/libexec/kcare/python/kcarectl/__init__.pytkcare_unload�s8	
1
$1	cCsLt�}|rt|�S|jdkr/|jS|jdk	rHtj�SdS(Ni(R�t_kcare_info_jsonR�R�R�R�RR�(R�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR��s	
cCswi|jd6}|jdk	r]|jtjtj���|jtj|j	d���n|j
|d<tj|�S(NR�skpatch-descriptionskpatch-state(
R�R�R�R�RR�RR�tparse_patch_descriptionRR�RjRk(R�R7((s./usr/libexec/kcare/python/kcarectl/__init__.pyRZ�s"
R�cBs)eZdZdZdZdZd�ZRS(iiiicCs1||_||_||_||_||_dS(N(R�R�t
remote_lvlR�R�(R�R�R�R\R�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�s
				(RMR�RQR�tPATCH_UNAVALIABLEtPATCH_NOT_NEEDEDR�(((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�s
cCsUtj�}y�tdd�}|rgt||�rMtjdd}}}q�tjdd}}}n=|dkr�tjdd}}}ntjd	d}}}t|||||�}Wn�tk
rPtj	}t
jr
d
jt
jt
j�dtj��}n+djt
j�dtj�tj��}t||ddd�}nX|S(
NR�R�s*Update available, run 'kcarectl --update'.tappliedsThe latest patch is applied.is(This kernel doesn't require any patches.tunsetsDNo patches applied, but some are available, run 'kcarectl --update'.suInvalid sticky patch tag {0} for kernel ({1} {2}). Please check /etc/sysconfig/kcare/kcare.conf STICKY_PATCH settingssLNew kernel detected ({0} {1} {2}).
There are no updates for this kernel yet.tunavailable(RR�R�R�R�R�RQR^R�R]RtSTICKY_PATCHR�RR_R�R�R�R�(tcurrent_patch_leveltnew_patch_levelR�R�R�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�s8
		%%c	Cs�d	}y�tj�}td|fd|fg�}tj�dj|�}tj|�}t	j
t	j|j���}t
|d�SWnptk
r�}tj||�dStk
r�}tj||�dStk
r�}tjdj|��dSXd	S(
s�
    Request to tag server from ePortal. See KCARE-947 for more info

    :param tag: String used to tag the server
    :return: 0 on success, -1 on wrong server id, other values otherwise
    t	server_idttags/tag_server.plain?{0}R�i����i����sInternal Error {0}i����N(R�Rtget_serveridRR
R�R�RR�RR�RlR�R�RRR�RRtR�(	RfRwRetqueryR�R�R�tuetee((s./usr/libexec/kcare/python/kcarectl/__init__.pyt
tag_serverBs"c	Cstjd�}tjdj|��t}tj���}yQtj	||j
�}tjtj
|�|j
�tj|j
|�|j
}Wn)tk
r�}tjdj|��nXtjd|tj�gdt�\}}}|rtdj||���nWdQXdS(Ns	doctor.shs#Requesting doctor script from `{0}`s3Kcare doctor error: {0}. Fallback to the local one.tbashR�sScript failed with '{0}' {1}(RRpRtlogdebugR�tKCDOCTORttempfiletNamedTemporaryFileRtfetch_signatureRitsave_to_fileRR�tcheck_gpg_signatureRtR�RR�R
tget_patch_serverR�R(t
doctor_urltdoctor_filenamet
doctor_dstt	signatureRWR�R�R((s./usr/libexec/kcare/python/kcarectl/__init__.pytkcdoctor]s
-cCsOtjdjt��}ytj|�Wntk
r=tSXtj	d�t
S(Ns{0}-new-versionswA new version of the KernelCare package is available. To continue to get kernel updates, please install the new version(RRpR�tEFFECTIVE_LATESTRR�RR8RRBR�(Rw((s./usr/libexec/kcare/python/kcarectl/__init__.pytcheck_new_kc_versionns
c
CsYtj�}t|�}|tjkp?|tjko?|dk}yt||�}Wn�tj	k
r�}|dkr|�nt
jt|��t
jd�tj
}n8tk
r�}|r��q�t
jjdj|��nX|tjkr�|}	n]|}	|dkrU|tj
kr.tj|d�}	qU|tjkrF|}	qUtd��n|	S(s�
    Get patch level to apply.
    :param reason: what was the source of request (update, info etc.)
    :param policy: REMOTE -- get latest patch_level from patchserver,
                   LOCAL -- use cached latest,
                   LOCAL_FIRST -- if cached level is None get latest from patchserver, use cache otherwise
    :param mode: constants.UPDATE_MODE_MANUAL, constants.UPDATE_MODE_AUTO or constants.UPDATE_MODE_SMART
    :return: patch_level string
    s#Using previously downloaded patchessUnable to send data: {0}is9Unknown policy, choose one of: REMOTE, LOCAL, LOCAL_FIRSTN(RR�R�R	R�tPOLICY_LOCAL_FIRSTR�RZR
RVRR=RctPOLICY_LOCALRtR�R�R�R�R(
R�R�RDR�tcached_leveltconsider_remote_extremote_levelR�RLR�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR�{s2*
		cCs�|dkrdS|dkr"dn|t_ttdd�tj�r�tjdtj�tjdkr�tj�r�tjp�t	}t
dddj|�f�ntj
d
j|��ntdj|���dS(NtedfRvRHR�tprobeRyR�R�sfs.enforce_symlinksifownersfs.symlinkown_gidsfs.enforce_symlinksifowner=1sfs.symlinkown_gid={0}s'{0}' patch type selecteds/'{0}' patch type is unavailable for your kernel(sfreesextra(sfs.enforce_symlinksifownersfs.symlinkown_gid(RRyRaRZRt
update_configRt	is_cpanelt	FORCE_GIDt
CPANEL_GIDR�R�RRBR(R>tgid((s./usr/libexec/kcare/python/kcarectl/__init__.pytupdate_patch_type�sc	Cs�tj�ttj�|tjkr0t�nytddd|d|�}WnWt	k
r�}|tj
tjfkr�tjr�t
|�}tjj|�dS�nXtj�}t|�}|j�td|d|�s�tjd�dSy<tjtjd	d
dd�tjtjd	d
dd
�Wn!tk
rPtjjd�nXtj�}|tj
ksutjr�t��4|j|�t ||||d|tjk�WdQXntj!|�t"||�dS(sx
    :param mode: constants.UPDATE_MODE_MANUAL, constants.UPDATE_MODE_AUTO or constants.UPDATE_MODE_SMART
    :param policy: REMOTE -- download latest and patches from patchserver,
                   LOCAL -- use cached files,
                   LOCAL_FIRST -- download latest and patches if cached level is None, use cache in other cases
    :param freezer: freezer mode
    R�R�R�RDNR�R�s%No updates are needed for this kerneltkeep_nitpatternskcore*.dumps	kmsg*.logs#Error during crash reporter cleanupR=(#Rtlog_all_parent_processesR�RRyR	R�R{R�R�tUPDATE_MODE_AUTOtUPDATE_MODE_SMARTR�RcRR�R�RR�RlR}R�RBRR�R�RtR�R�R�R�R�RBtdump_kernel_patch_levelR�(	R(RDR�R�R�R�R�RVR�((s./usr/libexec/kcare/python/kcarectl/__init__.pyt	do_update�s<


!

 


+
cCs�tttj�ttjp!tj�ttjp6tj�f�}|dkr]td��ntjrmtjS|t	j
kr�tjp�tj}tjp�tj}ntj}tj}|r�|S|r�d|SdS(Nis�Invalid configuration: conflicting settings STICKY_PATCH, [AUTO_]UPDATE_DELAY or [AUTO_]STICKY_PATCHSET. There should be only one of themsrelease-(R�tboolRRbtUPDATE_DELAYtAUTO_UPDATE_DELAYtSTICKY_PATCHSETtAUTO_STICKY_PATCHSETRR	tUPDATE_MODE_MANUAL(RDRPRQtpatchset((s./usr/libexec/kcare/python/kcarectl/__init__.pyt
get_sticky�s$			cCs|d|S(NR;((R�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pyt	_stickyfyscCsmt|�}|s|S|dkr/t||�Stj�}|satjjd�tjd�ny&t	j
tj�dj
|��}Wn3tk
r�}tj||j�tjd�nXtjtj|j���}t|d�}|dkrt|d|�S|d	kr|S|d
krDtjjd�tjd�ntjjd
|d�tjd�dS(s�
    Used to add sticky prefix to satisfy KCARE-953
    :param file: name of the file to stickify
    :return: stickified file.
    tKEYsHPatch set to STICKY_PATCH=KEY, but server is not registered with the keyi����s!/sticky_patch.plain?server_id={0}i����R�iR�iisEServer ID is not recognized. Please check if the server is registeredi����sError: R�i����N(R�R�RRgRR�R�RRR�RR�R
R�R�RR�RwRR�RlR�R�(tfileRDtsReR�R�R�R�((s./usr/libexec/kcare/python/kcarectl/__init__.pyR;s2
&c
CsRg}|stS|jd�}|d}|d}|jd�}||krgtdt|���n|s�|j�|j�kS|dkr�|jd�nY|jd�s�|jd�r�|jtj	|��n"|jtj	|�j
dd	��x$|D]}|jtj	|��q�Wtjd
dj|�dtj
�}	|	j|�S(
shMatching according to RFC 6125, section 6.4.3

    http://tools.ietf.org/html/rfc6125#section-6.4.3
    R;iit*s,too many wildcards in certificate DNS name: s[^.]+sxn--s\*s[^.]*s\As\.s\Z(R8R<RPR�treprtlowerR�R�tretescapetreplacetcompileR=t
IGNORECASER�(
tdnthostnamet
max_wildcardstpatstpiecestleftmostt	remaindert	wildcardstfragtpat((s./usr/libexec/kcare/python/kcarectl/__init__.pyt_dnsname_matchEs(

"
&c
Cs�g}xxt|j��D]d}|j|�}|j�dkrgt|�jd�D]}|j�jdd�^qV}qqW|s�td��ng}xC|D];\}}|dkr�t||�r�dS|j	|�q�q�W|s|j
�j}	t|	|�r
dS|j	|�nt|�dkrYt
dj|djtt|�����n=t|�dkr�t
d	j||d
���nt
d��dS(NtsubjectAltNamet,R�istempty or no certificate, match_hostname needs a SSL socket or SSL context with either CERT_OPTIONAL or CERT_REQUIREDtDNSs(hostname {0} doesn't match either of {1}s, shostname {0} doesn't match {1}is=no appropriate commonName or subjectAltName fields were found(trangetget_extension_countt
get_extensiontget_short_nameRcR<R�R�R�R�tget_subjectt
commonNameR<R�R�R=tmapR�(
tcertR�tsanR�R�tittdnsnamesR�Retcn((s./usr/libexec/kcare/python/kcarectl/__init__.pyR*xs0A-cCsXtdddd�}|jddddd	�|jd
ddddd	�|jd
dddd	�|jdddddd	�|jddddd	�|jddddd	�|jddddd	�|jddddd�|jddddd	�|jddddd �|jd!dd"dd	�|jd#dd$dd	�|jd%dd&dd	�|jd'dd(dd	�|jd)dd*dd+�|jd,dd-dd	�|jd.dd/dd	�|jd0dd1dd	�|jd2dd3dd	�|jd4dd5dd	�|jd6dd7dd8�|jd9dd:dd;�|jd<dd=dd	�|jd>dd?dd+�|jd@ddAdd	�|jdBddCdd	�|jdDddEdd	dFdG�|jdHddIdd	�|jdJddKdd	�|jdLddMdd	�|jdNddOdd	�|jdPddQdd	�|jdRddSdd	�|jdTddUdd	�|jdVddWdd	�|jdXddYdd	�|jdZdd[dd\d]td^dd_t�|jd`ddadd	�|jdbddcdd	�|j�}|jddddedd\�|jdfddgdd	�|jdhddidd	�|jdjddkdd\d^dd_t�|jdldmddndd	d_t�|jdoddp�|jdqddrdd	�|jdsddtdduddv�tjs:|jdwddxdFdyddzd{t�|jd|dd}dFdyddzd{t�|jd~dddd	�|jd�d�dd�dd	�|jd�dddd	�|jd�d�dd�dd	�|jd�d�dd�dd	�|jd�d�dd�dd��|jd�dd�d�d�d{ddd��|jd�dd�dd	�|jd�dd�dd	�n|j	�}t
j�tjsntjd�g7_n|j
dk	r�ttd|j
jd����jtj�r�d�Sd�Sn|js�|jr�tjr�tjt_qtjt_n|jrtjt_n|js;tj�d�kr;td�d�tj �d�Snt!j"}|jrYt!j#}n|jrnt!j$}nt%j&|�tj's�t
j(�n|j)r�t*j+�n|j,r|j,d�kr�t-|j,�t_.t
j/d�tj.�qdt_.t
j/d�d�n|j0dk	r4t
j/d�|j0�|j0t_1n|j2rItt_3n|j4r^tt_5n|j6rstt_7n|j8r�t8�n|j9r�t:j;d�t<�nN|j=r�tj>d�kr�tj?d�kr�dntj?p�d^|_@t|_Aq�n|jBr	|jBt_Cn|jDr-	t:j;d�t<�d�t_CntjCjEd��t_CtjCr�	tjCtFkr�	t%jGjHd�jItjCd�jJtF���n|jKr�	tt_Ld�|jKt_Mn|j@r�	tN|j@�ntj>d�kr
tO�t_>t:j;d�jItj>p�	d^�t<�n|jPr,
t*jQtRjPd�|jS��dS|jTrm
tTjTd�d�d�td�t�}t*jQtSjU|��dStVtj>�|jWr�
tX�dS|jYrYtZj[tTjTd�d�d�td�t��}d�jI|j\�}|j]r�
t*jQ|�qYtZj^|�}|rt%j_d�jI|��nt%j`d�d�t�|jarCt*jQ|�qY|rY|jb�qYn|jcr�|jSr{tcd�d��ntc�dS|jdr�t
j/d�d��dS|jer�t
j/d�d��dS|jfr�t
jg|jf�dS|jhr�ti|jh�S|jjr	tkjj�n|jlrJtj>d�kr4t
j/d�d��ntkjl|jl|jm�S|jnrptkjn�d�krid�Sd�Sn|jodk	r�tp|jo�S|jqr�t*jQtjr�nts|dyd�dk	r�ttju|jv�d�Stjs�|jwr�ttjx�S|jyr
ttjz�dk	r
t%j_d��q
n|j{r=
ttjzd�tj|�n#|j}r`
ttj~�t%j_d��n|jr
t*jQttj���n|j�r�
t*jQttj���n|j�r�
ttj��r�
t*jQttj�|j���n|j�dk	rp|j�dkrtj�pt�ttj�j���}n1g|j�jd��D]}	|	jE�j��^q!}ttjzd�t�|��dk	rpt%j_d��qpn|j�r�ttjzd�tj|d�d�q�n|j�r�t*jQt�d�|jS��nd}
|j�r�t:j;d�t<�d�}
n|j�r�|j�}
n|j�r"t�|
d�tj�d�tj��n|jArNt�|
d�tj��t%j_d��n|jrmt*jQt�j���n|j�r�t�|
d�|j��t%j_d��n|jr�tt_�t�j�t�j�d�d���t�|
d�tj|�n|j�r�t�d�|jS�n|j�rt��S|j�r"t�d�|jS�n|j�r5t��nt�tj��d�krTt��ndS(�NtprogtkcarectlR>s)Manage KernelCare patches for your kernels--debugthelpRHRDt
store_trues-is--infos]Display information about KernelCare. Use with --json parameter to get result in JSON format.s
--app-infoscDisplay information about KernelCare agent. Use with --json parameter to get result in JSON format.s-us--updates<Download latest patches and apply them to the current kernels--unloadsUnload patchess--smart-updates,Patch kernel based on UPDATE POLICY settingss
--auto-updates-Check if update is available, if so -- updates--localsNUpdate from a server local directory; accepts a path where patches are locatedtmetavartPATHs--patch-infos"Return the list of applied patchess	--freezers)Freezer type: full (default), smart, noneR(s
--nofreezes/[deprecated] Don't freeze tasks before patchings--unamesReturn safe kernel versions--license-infosReturn current license infos--statussReturn status of updatess
--registersRegister using KernelCare KeyR�s--register-autoretrys=Retry registering indefinitely if failed on the first attempts--unregisters7Unregister from KernelCare (for key-based servers only)s--checksCheck if new update availables--latest-patch-infosiReturn patch info for the latest available patch. Use with --json parameter to get result in JSON format.s--tests&[deprecated] Use --prefix=test insteads--tags7Tag server with custom metadata, for ePortal users onlytTAGs--prefixspPatch source prefix used to test different builds by downloading builds from different locations based on prefixR�s
--nosignaturesDo not check signatures--set-monitoring-keysPSet monitoring key for IP based licenses. 16 to 32 characters, alphanumeric onlys--doctors@Submits a vitals report to CloudLinux for analysis and bug-fixess--kernel-anomaly-reportsHSubmits a kernel anomaly report to CloudLinux for analysis and bug-fixess	--no-sendsSkip sending artifactstdestt	save_onlys--keep-locals:Don't delete generated kernel anomaly report after sendings--enable-auto-updatesEnable auto updatess--disable-auto-updatesDisable auto updatess
--plugin-infosProvides the information shown in control panel plugins for KernelCare. Use with --json parameter to get result in JSON format.s
--server-infos3Provides information about the host in JSON format.s--jsonsoReturn '--plugin-info', '--latest-patch-info', '--patch-info', '--app-info' and '--info' results in JSON formats	--versions(Return the current version of KernelCares--kpatch-debugsEnable the debug modes--no-check-certs2Disable the patch server SSL certificates checkings--set-patch-levelsBSet patch level to be applied. To select latest patch level set -1tstoreR]Rvtrequireds--check-compatibilitysCheck compatibility.s
--clear-cachesClear all cached filess--set-patch-types@Set patch type feed. To select default feed use 'default' options
--edf-enableds"Enable exploit detection frameworks--edf-disableds#Disable exploit detection frameworks--set-sticky-patchsjSet patch to stick to date in DDMMYY format, or retrieve it from KEY if set to KEY. Leave empty to unsticks-qs--quiets=Suppress messages, provide only errors and warnings to stderrs--has-flagssCheck agent featuress--forces-Force action and ignore several restristions.s--set-configsChange configuration optionR�s	KEY=VALUEs--disable-libcaresDisable libcare servicestenable_libcaretstore_consttconsts--enable-libcaresEnable libcare servicess--lib-updatesIDownload latest patches and apply them to the current userspace librariess--lib-unloads--userspace-unloadsUnload userspace patchess--lib-auto-updates
--lib-infos--userspace-infos&Display information about KernelCare+.s--lib-patch-infos--userspace-patch-infos,Return the list of applied userspace patchess
--lib-versions--userspace-versionsReturn safe package versiontPACKAGENAMEs--userspace-updatetUSERSPACE_PATCHEStnargsR3sODownload latest patches and apply them to the corresponding userspace processess--userspace-auto-updates--userspace-statuss"Return status of userspace updatesslibcare-enabledR�iisPlease run as rootR�RPRbsTFlag --edf-enabled has been deprecated and will be not available in future releases.R�sMFlag --test has been deprecated and will be not available in future releases.R$t/s(Prefix `{0}` is not in expected one {1}.Rsfile:s+edf patches are deprecated. Fallback to {0}R�R�R^R0R1s)Kernel anomaly report file generated: {0}s0Kernel anomaly report uploaded successfully: {0}s$Failed to send kernel anomaly reportR4R�RjR�tYEStNOR�RyR�sUserspace patches are applied.RDsUserspace patches are unloaded.tlimitsQFlag --nofreeze has been deprecated and will be not available in future releases.R�R�sKernel is safeRUs=KernelCare protection disabled. Your kernel might not be safei<(�Rtadd_argumentR�R�R8tadd_mutually_exclusive_groupRtLIBCARE_DISABLEDR�t
parse_argsRtset_settings_from_config_filetFLAGSt	has_flagsR.tfilterR<tissubsettquiettauto_updatetSILENCE_ERRORSR	tPRINT_CRITICALtPRINT_LEVELtPRINT_ERRORR^tPRINT_DEBUGRR/tgetuidtprintRRRtloggingtINFOtWARNINGtDEBUGRtinitialize_loggingtIGNORE_FEATURE_FLAGStset_feature_flags_from_cacheR�Rtclear_all_cachetset_patch_levelRcRPR�tset_sticky_patchRbtnosignatureRgt
no_check_certR R�R�R�tedf_enabledtwarningstwarntDeprecationWarningtedf_disabledRytPREV_PATCH_TYPEtset_patch_typeR�R�R�R$R�tEXPECTED_PREFIXR�R�R�R=tlocalRitPATCH_SERVERR�R�tapp_infoR�RRjRRkRGtdoctorRytkernel_anomaly_reportRR@tarchive_pathR�RARBR=t
keep_localRCR�tenable_auto_updatetdisable_auto_updatet
set_configtupdate_config_from_argstset_monitoring_keyR�t
unregisterRtregistertregister_autoretryR�RfRkR�R`RbRtset_libcare_statusR�tuserspace_statustget_userspace_update_statust
lib_updatetdo_userspace_updatetlib_auto_updateR�t
lib_unloadtlibcare_unloadtlib_infoR�tlib_patch_infotlibcare_patch_infotlib_versiontlibcare_server_startedtlibcare_versiontuserspace_updateR�tlistt
USERSPACE_MAPtkeysR�tsortedtuserspace_auto_updateR�R�tnofreezeR(tsmart_updateR�R�t
UPDATE_POLICYR�RR�R2RYRUtCHECK_CLN_LICENSE_STATUSR�R�trandomtuniformR�tstatusR�tlatest_patch_infoR�tcheckR�R<targvR�(tparsertexclusive_groupR�R�R�RJtlocal_path_messageRKR�tptchR(((s./usr/libexec/kcare/python/kcarectl/__init__.pytmain�sP	
	-						
	
	
						
		'		+			%		
		!								
	
		
			
			
		!1															
(R!R"R#stest(s	latest.v3s	latest.v2((�t
__future__RRmRjR�R/R�R R�R
RtsslRRRoR�RPR�targparseRt
contextlibRRRHRRRRRR	R
RRR
RRRRRRRRRRRRRtpy23RRRRRR�RzR�R2RnRQR�RTR�tDOTALLR~R�R0REtinserttfilterwarningsR�R8ttypingR'R(R)R*R+R,R�tsetLevelR�R:RARGRhRyR�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R
RRRbtdistutils.versiont	distutilstOpenSSL.SSLRR�t
StrictVersiont__version__tImportErrorRtHTTPSConnectiontPureHTTPSConnectiontobjectRRRMR�RZRaRkRlR�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�RTR�RR
RRRR*RBR;R:R�RORYR�RZR�R�RkRyR{R�R�R�R�R�R�R;R�R*R*(((s./usr/libexec/kcare/python/kcarectl/__init__.pyt<module>s�(1	
					&							

	4		
	'
			-!			a			# 														
		
	
					
		?	
	
		,			2			
.	7			,3	)
@ Telegram