HEX
Server: Apache
System: Linux pdx1-shared-a1-38 6.6.104-grsec-jammy+ #3 SMP Tue Sep 16 00:28:11 UTC 2025 x86_64
User: mmickelson (3396398)
PHP: 8.1.31
Disabled: NONE
Upload Files
File: //lib/python3/dist-packages/fail2ban/tests/__pycache__/clientreadertestcase.cpython-310.pyc
o

;s*b\��@svdZdZdZddlZddlZddlZddlZddlZddlZddl	Z	ddl
mZmZm
Z
mZddlmZddlmZmZmZdd	lmZdd
lmZddlmZmZddlmZdd
lmZddl m Z ddl!m"Z"m#Z#ej$�%ej$�&e'�d�Z(iZ)ddl!m*Z*e	j+j,Z-ej$�%ej$�&e'�d�Z.iZ/Gdd�de	j0�Z1Gdd�de"�Z2Gdd�de"�Z3Gdd�de"�Z4Gdd�de"�Z5dS)z!Cyril Jaquier, Yaroslav Halchenkoz>Copyright (c) 2004 Cyril Jaquier, 2011-2013 Yaroslav Halchenko�GPL�N�)�ConfigReader�ConfigReaderUnshared�DefinitionInitConfigReader�NoSectionError)�configparserinc)�
JailReader�extractOptions�splitWithOptions)�FilterReader)�JailsReader)�ActionReader�
CommandAction)�Configurator)�MyTime)�version�)�LogCaptureTestCase�with_tmpdir�files)�
CONFIG_DIR�configcsxeZdZ�fdd�Zdd�Zddd�Zdd	�Zddd�Zd
d�Zdd�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Z�ZS)�ConfigReaderTestcs.tt|���tjdd�|_t|jd�|_dS)zCall before every test case.zf2b-temp)�prefix��basedirN)�superr�setUp�tempfile�mkdtemp�dr�c��self��	__class__��E/usr/lib/python3/dist-packages/fail2ban/tests/clientreadertestcase.pyr7szConfigReaderTest.setUpcCst�|j�dS)zCall after every test case.N)�shutil�rmtreer!r#r'r'r(�tearDown=szConfigReaderTest.tearDownNcCs�tjj|vrtj�|�}tj�|j|�}tj�|�st�|�td|j|fd�}|dur4|�	d|�|dur=|�	|�|�
�dS)N�%s/%s�wz
[section]
option = %s
	)�os�path�sep�dirname�joinr!�exists�makedirs�open�write�close)r$�fname�value�contentr!�d_�fr'r'r(�_writeAs
�
zConfigReaderTest._writecCs*t�d|j|f�|�|j�d��dS)Nr,r")r.�unlinkr!�
assertTruer"�read)r$r8r'r'r(�_removeRszConfigReaderTest._remover"cCs&|�|j�|��|j�ddg�dS)N�section)�int�optionrD)r?r"r@�
getOptions)r$r<r'r'r(�
_getoptionVszConfigReaderTest._getoptioncCs�|j�d�|j�ddd�|j�ddd�|j�ddd�|j�dd�}|�|dd	d
d��|j�dd�}|�|dd	dd��|j�dd
dd
d��}|�|dd	d
d��dS)N�
Definition�a�1�br"�test))rCrHr)�boolrJr)rCr"rrTr)rHrJr"))rCrH)rLrJ)rCr")rCr)rLr)r"�add_section�setrE�assertSortedEqual)r$�optsr'r'r(�testConvertZs ��
�zConfigReaderTest.testConvertcCsxtj�|jd�}|�dd�|�|�d�d�t�|d�t�|tj	�s/|�
|j�d��dSddl
}t�d|�
���)Nzd.confrr!z0Skipping on %s -- access rights are not enforced)r.r/r2r!r=�assertEqualrF�chmod�access�R_OK�assertFalser"r@�platform�unittest�SkipTest)r$r<rWr'r'r(�testInaccessibleFileisz%ConfigReaderTest.testInaccessibleFilecCsL|�|j�d��|�dd�|�|��d�|�dd�|�|��d�|�dd�|�|��d	�|�d
d�|�|��d	�|�dd
�|�|��d�|�dd�|�|��d�|�dd�|�|��d�|�d�|�d�|�|��d�|�d�|�|��d	�|�d�|�|��d�|�d
�|�|��d�dS)Nr"�c.confrIr�2rzc.d/98.conf�998i�zc.d/90.conf�990zc.d/99.conf�999i�zc.local�3�zc.d/1.local�4�i�)rVr"r@r=rRrFrAr#r'r'r(�testOptionalDotDDirvs0




z$ConfigReaderTest.testOptionalDotDDircCs�|jdddd�|jdddd�|jdddd�|jddd	d�|jd
ddd�Gdd
�d
t�}|ddi�|_|j�|j�|�|j���|jjidd�|j��}|�	|�
d�d�|�	|�
d�d�|�	|�
d�d�dS)Nr[zS
[INCLUDES]
before = ib.conf
after  = ia.conf
[Definition]
test = %(default/test)s
�r9r:zib.confz,
[DEFAULT]
test = A
[Definition]
option = 1
zib.localz,
[DEFAULT]
test = B
[Definition]
option = 2
zia.confz,
[DEFAULT]
test = C
[Definition]
oafter = 3
zia.localz,
[DEFAULT]
test = D
[Definition]
oafter = 4
c@s$eZdZddgddgddgd�ZdS)z?ConfigReaderTest.testLocalInIncludes.<locals>.TestDefConfReaderrCN�string)rD�oafterrK)�__name__�
__module__�__qualname__�_configOptsr'r'r'r(�TestDefConfReader�s

�rlr"rDT)�allrrgrcrK�D)r=rr"�
setBaseDirr!r?r@rE�getCombinedrR�get)r$rl�or'r'r(�testLocalInIncludes�s
z$ConfigReaderTest.testLocalInIncludescCs�|�|j�d��|jdddd�|�|j�d��|�|j��ddg�|�|j�dd�d�|�|j�dd	�d
�|�|j�dd�d�|�|j�dd�d
�|�|j�dd�d�dS)N�izi.confzu
[DEFAULT]
b = a
zz = the%(__name__)s

[section]
y = 4%(b)s
e = 5${b}
z = %(__name__)s

[section2]
z = 3%(__name__)s
rerB�section2�y�4a�ez5${b}�z�zz�
thesection�	3section2)rVr"r@r=r?rR�sectionsrqr#r'r'r(�testInterpolations�s
z#ConfigReaderTest.testInterpolationscCsd|�|j�d��|jdddd�|�|j�d��|�|j�dd�d�|�|j�dd�d	�dS)
N�g�g.confz4
[DEFAULT]
# A comment
b = a
c = d ;in line comment
re�DEFAULTrJrHr"r!)rVr"r@r=r?rRrqr#r'r'r(�testComments�s
zConfigReaderTest.testCommentscCs<|�|j�d��|jdddd�|�|j�d��|�|j�dd�d�|�|j�dd�d	�|�|j�d
d�d�|�|j�d
d�d�|�|j�d
d
�d�|�|j�d
d�d�|�|j�dd
�d�|�|j�dd�d�|�|j�dd
�d�|�|j�dd�d�|�t|jjdd�|�t|jjd
d�dS)Nrr�z�
[DEFAULT]
a = def-a
b = def-b,a:`%(a)s`
c = def-c,b:"%(b)s"
d = def-d-b:"%(known/b)s"

[jail]
a = jail-a-%(test/a)s
b = jail-b-%(test/b)s
y = %(test/y)s

[test]
a = test-a-%(default/a)s
b = test-b-%(known/b)s
x = %(test/x)s
y = %(jail/y)s
rerKrHztest-a-def-arJztest-b-def-b,a:`test-a-def-a`�jailzjail-a-test-a-def-az+jail-b-test-b-def-b,a:`jail-a-test-a-def-a`r"z5def-c,b:"jail-b-test-b-def-b,a:`jail-a-test-a-def-a`"r!z'def-d-b:"def-b,a:`jail-a-test-a-def-a`"z'def-c,b:"test-b-def-b,a:`test-a-def-a`"z def-d-b:"def-b,a:`test-a-def-a`"r�zdef-c,b:"def-b,a:`def-a`"zdef-d-b:"def-b,a:`def-a`"�xrv)	rVr"r@r=r?rRrq�assertRaises�	Exceptionr#r'r'r(�testTargetedSectionOptions�sz+ConfigReaderTest.testTargetedSectionOptions)NN)r")rhrirjrr+r=rArFrQrZrdrsr~r�r��
__classcell__r'r'r%r(r5s


0rcs�eZdZ�fdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
d�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zedd��Zdd �Z�ZS)!�JailReaderTestc�tt|�j|i|��dS�N)rr��__init__�r$�args�kwargsr%r'r(r��zJailReaderTest.__init__cCs�dD]]}|�td|f�ddg�|�td|f�ddg�|�td|f�ddg�|�td	|f�d
dg�|�td|f�ddg�|�td
|f�ddg�|�td|f�ddg�qdS)N)�
�	� za%sbrHrJz	a[x=y]%sbza[x=y]za[x=y][z=z]%sbza[x=y][z=z]za[x="y][z"]%sbza[x="y][z"]z
a[x="y z"]%sbz
a[x="y z"]z
a[x="y	z"]%sbz
a[x="y	z"]z
a[x="y
z"]%sbz
a[x="y
z"])rRr)r$r0r'r'r(�testSplitWithOptionss�z#JailReaderTest.testSplitWithOptionscCs tdttd�}|�t|j�dS)N�XXXABSENTXXX�r�share_config)r	r�CONFIG_DIR_SHARE_CFGr��
ValueErrorr@�r$r�r'r'r(�testIncorrectJailsz JailReaderTest.testIncorrectJailcCsPtdttd�}|�|���|�|���|�|���|�d�|�d�dS)N�emptyactionr�z"No filter set for jail emptyactionz'No actions were defined for emptyaction)r	�IMPERFECT_CONFIG�IMPERFECT_CONFIG_SHARE_CFGr?r@rE�	isEnabled�assertLoggedr�r'r'r(�testJailActionEmptys
z"JailReaderTest.testJailActionEmptycCsTtdttd�}|�|���|�|���|�|���|�dt�|�d�dS)N�missingbitsjailr�zJFound no accessible config files for 'filter.d/catchallthebadies' under %szUnable to read the filter�	r	r�r�r?r@rVrEr�r�r�r'r'r(�testJailActionFilterMissing"sz*JailReaderTest.testJailActionFilterMissingcC�Ftdttd�}|�|���|�|���|�|���|�d�dS)N�brokenactiondefr�z$Invalid action definition 'joho[foo'r�r�r'r'r(�testJailActionBrokenDef*��z&JailReaderTest.testJailActionBrokenDefcCsNtdttd�}|�|���|�|���|�|���|�|jdd�dS)N�
tz_correctr��logtimezone�UTC+0200)	r	r�r�r?r@rEr�rR�optionsr�r'r'r(�testJailLogTimeZone2s�z"JailReaderTest.testJailLogTimeZonecCr�)N�brokenfilterdefr�z$Invalid filter definition 'flt[test'r�r�r'r'r(�testJailFilterBrokenDef:r�z&JailReaderTest.testJailFilterBrokenDefcCsttjjdd�tdttd�}|�|���|�|���|�	|�
��|�|��d�|�
d�|�|��d�dS)NT��stock�sshdr�zssh-funky-blocker)rX�F2B�SkipIfCfgMissingr	rr�r?r@rErVr�rR�getName�setNamer�r'r'r(�testStockSSHJailBs
zJailReaderTest.testStockSSHJailcCs�tjjdd�tdttdd�}|�|���|�|���|�|�	��|�
�}|�gd�gdd�|D��|�gd�gd	d�|D��|�gd
�gdd�|D��|�gd��}d
}|D]}|�
t|�dkom|d�d��|d7}||krzdSq]dS)NTr��sshd-override-flt-opts�rr��force_enable)rNr��	prefregexz^TestcS�(g|]}t|�dkr|ddkr|�qS)rr���len��.0rrr'r'r(�
<listcomp>W�(z>JailReaderTest.testOverrideFilterOptInJail.<locals>.<listcomp>)rNr��addjournalmatchz
_COMM=testcSr�)rr�r�r�r'r'r(r�Zr�)rNr��maxlinesrcSr�)rr�r�r�r'r'r(r�]r�)rNr��usedns�norr�regexr)rXr�r�r	r�r�r?r@rEr��convertrR�indexrVr��endswith)r$r��stream�	usednsidxrtrrr'r'r(�testOverrideFilterOptInJailLs0���� �z*JailReaderTest.testOverrideFilterOptInJailc	Cs�tjjdd�dD]9}dD]4}td|��ttdd�}|�|���|�|�	��|�
�}|�d|��dd	|ggd
d�|D��q
q	dS)NTr�)rr)�JRNL�FILE�TEST�INIT�
checklogtype_r�rN�addfailregexz^%s failure from <HOST>$cSr�)rr�r�r�r'r'r(r�sr�z=JailReaderTest.testLogTypeOfBackendInJail.<locals>.<listcomp>)
rXr�r�r	�lowerr�r�r?r@rEr�rRr�)r$rt�prefliner�r�r'r'r(�testLogTypeOfBackendInJailfs����z)JailReaderTest.testLogTypeOfBackendInJailc
Cs,d}dddif}t|�}|�||�|�diftd��|�dddd�ftd	��|�d
iftd
��|�d
iftd��|�dd
diftd��d}dif}t|�}|�||�d}ddddddddddddd�f}t|�}|�||�t|�dd��}|dtd d!�|d"��D��f}|�||�dS)#Nzmail-whois[name=SSH]z
mail-whois�name�SSHzmail.who_is�cat�dog)rHrJzmail.who_is[a=cat,b=dog]zmail--ho_iszmail--ho_is['s']�mailrH�,zmail[a=',']zabc[]�abcz�option[opt01=abc,opt02="123",opt03="with=okay?",opt04="andwith,okay...",opt05="how about spaces",opt06="single'in'double",opt07='double"in"single',  opt08= leave some space, opt09=one for luck, opt10=, opt11=]rD�123z
with=okay?zandwith,okay...zhow about spaceszsingle'in'doublezdouble"in"singlezleave some spacezone for luck�)�opt01�opt02�opt03�opt04�opt05�opt06�opt07�opt08�opt09�opt10�opt11�][rcss$�|]
\}}||�dd�fVqdS)r�r�N)�replace)r��k�vr'r'r(�	<genexpr>�s�"z1JailReaderTest.testSplitOption.<locals>.<genexpr>r)r
rRr��dict�items)r$rD�expected�result�	expected2r'r'r(�testSplitOptionusD�
�zJailReaderTest.testSplitOptioncCs�tddttd�}|�|���|�|���|�|jdd�|�|jdd�|�dd	�|j	D�gd
�ddddd
dgddgddgggggd�ddddd
dgddgddgddgggggd�ddddd
dgddgddggggg�dS)N�	multi-logT)r�rr��logpathza.log
b.log
c.log�actionzeaction[actname='ban']
action[actname='log', logpath="a.log
b.log
c.log
d.log"]
action[actname='test']cSsg|]}|���qSr')r��r�rHr'r'r(r���z6JailReaderTest.testMultiLineOption.<locals>.<listcomp>)rNr��	addaction�ban�	multi-setr��	actionbanz4echo "name: ban, ban: <ip>, logs: a.log
b.log
c.log"�actnamer�)rNr�r��logrz:echo "name: log, ban: <ip>, logs: a.log
b.log
c.log
d.log"za.log
b.log
c.log
d.log)rNr�r�rKrKz5echo "name: test, ban: <ip>, logs: a.log
b.log
c.log")
r	r�r�r?r@rErRr�rO�_JailReader__actionsr�r'r'r(�testMultiLineOption�s,���
�z"JailReaderTest.testMultiLineOptionc	sZtjjdd�tddtd�}t�|d�|j��}t	d�|d<|�
|���|��}g}|D]6�t
��dkr7q.�dd	krP�dd
ksJ�d�d�rP|���q.�ddkrd|��fd
d��dD��q.dt}|�t
|�d�|�|dd	dddd
|g�|�|dd	dddd
|g�|�t|dd��d
d�|�|�|dd	dddd
|g�dS)NTr��
blocklisttest)r�rr�))rhr)�filterr�)�	failregexz
^test <HOST>$)�senderzf2b-test@example.com)�blocklist_de_apikeyztest-key)r�z�%(action_blocklist_de)s
%(action_badips_report)s
%(action_badips)s
mynetwatchman[port=1234,protocol=udp,agent="%(fail2ban_agent)s"]rcrrN�agentz	badips.pyr�cs.g|]}|ddkrdg�dd�|�qS)rrrNrrcr'r���cmdr'r(r��s.z3JailReaderTest.testVersionAgent.<locals>.<listcomp>zFail2Ban/%sr��blocklist_der�badipsr�z<wrong>ra�
mynetwatchman)rXr�r�r	rrr@�_cfg�get_sectionsr�r?rEr�r�r��append�extendrrR�evalrq)r$r�r}r��act�	useragentr'r	r(�testVersionAgent�s,
&�  zJailReaderTest.testVersionAgentcCs�tj�|d�}t|d���tj�|d�}t�d|�|�t�tj�|d��|g�|�t�|�g�|�	d|�|�t�tj�|d��g�dS)N�f1r-�f2�nonexisting�*z4File %s is a dangling link, thus cannot be monitored)
r.r/r2r5r7�symlinkrRr	�_globr�)r$r!rrr'r'r(�testGlob�s zJailReaderTest.testGlobcCsttid�}|�|��g�|�|�d��|�t|jdi�|�t|jd�|�t|j	dd�|�t|j
di�dS)N�r�rK�any)rrRr}rV�has_sectionr�r�
merge_sectionr�rqrE)r$r"r'r'r(�testCommonFunction�s
z!JailReaderTest.testCommonFunction)rhrirjr�r�r�r�r�r�r�r�r�r�r�r�rrrrr"r�r'r'r%r(r�s$
2%
r�c@sTeZdZdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
d�Z	dd�Z
dd�ZdS)�FilterReaderTestcCs�gd�dddgd�ggd�gd�gd�gd	�g}tddi�}|�t�|��|�d�|�|��|�tddd
dittd�}|��|�d�d
|dd<|�|��|�dS)N)rN�
testcase01r�rr�r$r�)z�^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$z�^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$a^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?User not known to the\nunderlying authentication.+$<SKIPLINES>^.+ module for .* from <HOST>\s*$)rNr$�addignoreregexz"^.+ john from host 192.168.1.1\s*$)rNr$r�z
_COMM=sshd�+z_SYSTEMD_UNIT=sshd.servicez_UID=0)rNr$r�zFIELD= with spaces r&zAFIELD= with + char and spaces)rNr$�datepatternz%Y %m %d %H:%M:%Sr��5�r�rr
r���)rro�TEST_FILES_DIRr@rErOr��TEST_FILES_DIR_SHARE_CFG)r$�output�filterReaderr'r'r(rQs&�

�
zFilterReaderTest.testConvertcCsPtddddd�ttd�}|��|�d�|��}|�|dd�|�d�dS)Nr$z<test>�X)r�rKr)r�z6Wrong int value 'X' for 'maxlines'. Using default one:)rr,r+r@rErp�assertNotEqualr��r$r.rPr'r'r(�testConvertOptions.s�
z#FilterReaderTest.testConvertOptionscCsFgd�g}tddittd�}|��|�d�|��}|�||�dS)N)rN�jailnamer�z to=sweet@example.com fromip=<IP>�
substitionr3r)�rr,r+r@rEr�rO�r$r-r.r"r'r'r(�!testFilterReaderSubstitionDefault7s
�
z2FilterReaderTest.testFilterReaderSubstitionDefaultcCsBtddittd�}|��|�d�|��}|�d|dv�dS)N�
testcase02r3r)r�r)rr,r+r@rErpr?r1r'r'r(�testFilterReaderSubstKnown@s�
z+FilterReaderTest.testFilterReaderSubstKnowncCsJgd�g}tddddittd�}|��|�d�|��}|�||�dS)N)rNr3r�zto=sour@example.com fromip=<IP>r4r3�honeypotzsour@example.comr)r5r6r'r'r(�testFilterReaderSubstitionSetKs
�
z.FilterReaderTest.testFilterReaderSubstitionSetcC�Rgd�g}td�\}}tdd|ttd�}|��|�d�|��}|�||�dS)N)rNr3r�z?^to=test,sweet@example.com,test2,sweet@example.com fromip=<IP>$zusubstition[failregex="^<known/failregex>$", honeypot="<sweet>,<known/honeypot>", sweet="test,<known/honeypot>,test2"]r4r3r)�r
rr,r+r@rEr�rO�r$r-�
filterName�	filterOptr.r"r'r'r(�testFilterReaderSubstitionKnownT�
��
z0FilterReaderTest.testFilterReaderSubstitionKnowncCr<)N)rNr3r�z)^\s*to=fail2ban@localhost fromip=<IP>\s*$zUsubstition[failregex="^\s*<Definition/failregex>\s*$", honeypot="<default/honeypot>"]r4r3r)r=r>r'r'r(�!testFilterReaderSubstitionSection_rBz2FilterReaderTest.testFilterReaderSubstitionSectioncCsvtddddittd�}|��|�d�|�ttj|�tddddd�ttd�}|��|�d�|�ttj|�dS)Nr4r3r:z
<honeypot>r)z<sweet>)r:�sweet)rr,r+r@rEr�r�r�)r$r.r'r'r(�testFilterReaderSubstitionFailjs�
�
z/FilterReaderTest.testFilterReaderSubstitionFailc
Cs�tj�tj�td��}ttj�|d�di�}|�|��tj�|d�tj�|d�g�z|�d�|�	dd�|�	dd�|�	dd�WdSt
y^}z|�d	|�WYd}~dSd}~ww)
N�filter.dztestcase01.confr$ztestcase-common.confrG�
__prefix_liner�ignoreregexz)unexpected options after readexplicit: %s)r.r/�abspathr2r+rrR�readexplicitrErqr��fail)r$�path_r.rxr'r'r(�testFilterReaderExplicitxs
�
��z)FilterReaderTest.testFilterReaderExplicitN)rhrirjrQr2r7r9r;rArCrErMr'r'r'r(r#s,			r#c@s*eZdZd	dd�Zdd�Zedd��ZdS)
�JailsReaderTestCacheFNcCsBt||d�}|�|�|��|��|��|�|�d��dS)N�r�r�)rro�	readEarly�getEarlyOptions�readAllr?rE)r$rr�r��configuratorr'r'r(�_readWholeConf�s
z#JailsReaderTestCache._readWholeConfcCs4d}|���d�D]}t�d||�r|d7}q	|S)Nrr�z^\s*Reading files?: .*/r)�getLog�rsplit�re�match)r$�	filematch�cnt�sr'r'r(�_getLoggedReadCount�s�z(JailsReaderTestCache._getLoggedReadCountcCstj��tj}tjt_zst�|�t�	t
|�t�t
d|d�t�t
d|d�t�}|j
||d�|�d�}|�|dkd|�|j
|d	|d
�|�d�}|�|dkd|�|�d
�}|�|dkd|�|�d�}|�|dkd|�W|t_dS|t_w)Nz
/jail.confz/jail.localz/fail2ban.confz/fail2ban.localrz
jail.localrz3Unexpected count by reading of jail files, cnt = %sTrOzjail\.localz:Unexpected count by second reading of jail files, cnt = %szfilter\.d/common\.confz5Unexpected count by reading of filter files, cnt = %szaction\.d/iptables-common\.confz5Unexpected count by reading of action files, cnt = %s)rXr��
SkipIfFastr�logLevel�logging�DEBUGr)r*�copytreer�copyr�rTr\r?)r$r�saved_ll�	share_cfgrZr'r'r(�testTestJailConfCache�s(





z*JailsReaderTestCache.testTestJailConfCache)FN)rhrirjrTr\rrer'r'r'r(rN�s


rNcs|eZdZ�fdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
d�Z	dd�Z
edd��Zdd�Z
dd�Zedd��Z�ZS)�JailsReaderTestcr�r�)rrfr�r�r%r'r(r��r�zJailsReaderTest.__init__cCs,tj�d�stdd�}|�t|j�dSdS)Nz/XXXr)r.r/r3r
r�r�r@)r$�readerr'r'r(�testProvidingBadBasedir�s
�z'JailsReaderTest.testProvidingBadBasedircCs*tttd�}|�|���|�|jdd��|�t|j	�|j	dd�}d|_
|�|gd�gd�dd	d
gd�gdd	ggd
�gd�gd�gd�gd�ddddddgddgddggggd�gd�gd�gd�ddgddgddgddggd�dd gd!d"gd!d#gd!d$gd!d%gg�|�d&�|�
d'�|�d(�dS))Nr�F)�ignoreWrongT��allow_no_files)�addr��auto)rl�test-known-interprmr�rnr�)z*failure test 1 (filter.d/test.conf) <HOST>z+failure test 2 (filter.d/test.local) <HOST>z"failure test 3 (jail.local) <HOST>�start)rl�missinglogfilesrm)rNrpr��<IP>)rl�brokenactionrm)rNrrr�rq)rNrrr�rrrrr�r�zhit with big stick <ip>r�r�)rl�parse_to_end_of_jail.confrm)rNrsr�rq)rNr�r�rq)rNr�r�r�r�rprs)rlr�rmr�zconfig-errorzdJail 'brokenactiondef' skipped, because of wrong configuration: Invalid action definition 'joho[foo'zdJail 'brokenfilterdef' skipped, because of wrong configuration: Invalid filter definition 'flt[test'zoJail 'missingaction' skipped, because of wrong configuration: Unable to read action 'noactionfileforthisaction'zmJail 'missingbitsjail' skipped, because of wrong configuration: Unable to read the filter 'catchallthebadies'z!Errors in jail 'missingbitsjail'.zSkipping...z6No file(s) found for glob /weapons/of/mass/destruction)r
r�r�r?r@rVrEr�r�r��maxDiffrOr��assertNotLogged)r$�jails�
comm_commandsr'r'r(�testReadTestJailConf�s`�������
&
z$JailsReaderTest.testReadTestJailConfcCsDtjjdd�t�tj�tdd��D]�}tj�|��	dd�}t
|ditd�}|�|���z|�
i�WntyS}z|�d	|t|�j|f�WYd}~nd}~ww|�d
�s�|jd|��d|d
�|j|j�dd���d|d
�|jtjtd�Bd�}|j|�d�dd|d
�|dvr�|jd|�dd�d|d
�qdS)NTr��action.d�*.confz.confr�r�rzaction %r
%s: %sz-commonrGz.Action file %r is lacking [Definition] section��msgr�z#Action file %r is lacking actionban)�timeout�bantime)�ignorer�z5Action file %r does not contains jail-name 'f2b-TEST')�pfziptables-allports�iptables-multiportzf2b-TEST�actionstartzSAction file %r: interpolation of actionstart does not contains jail-name 'f2b-TEST')rXr�r��globr.r/r2r�basenamer�rr?r@rEr�rK�typerhr��assertInr}�_optsrq�striprpr�_escapedTagsrNrR)r$�actionConfig�
actionName�actionReaderrxrPr'r'r(�testReadStockActionConf�s<&��
�������z'JailsReaderTest.testReadStockActionConfc	Cs�tjjdd�tttd�}|�|���|�|���|�	�}|�
|g�t�}|��D]�}|dkr3q,|�
|d�}t|�\}}|�|�|�t|��t|||ttd�}|�|��d|�|�i�|�|j�
dd	����|�
|d
�}|�t|����t|�D]M}	t|	�\}
}|�t|
��|�t|t��|
dkr�|�d|�t|
|ittd�}|�|���|�i�|�	�}
|�t|
��|�|j�
d
d	����q�q,dS)NTr�r��INCLUDESrr)zFailed to read filter:rr�r�r��portr�)rXr�r�r
rr�r?r@rEr�rRrNr}rqr
rlr�rr�r�r�
isinstancer�r�r)r$rvrw�
allFiltersr�r?r@r.�actionsr�actName�actOptr��cmdsr'r'r(�testReadStockJailConfsL
�
�
��z%JailsReaderTest.testReadStockJailConfc	Cs�tjjdd�ttdtd�}|�|���|�|���t	dd�t
�
tj�
ddd��D��}t	d	d�|jD��}d|_|�|�|�d
|�|��|�|�|�d|�|��dS)NTr��rr�r�css@�|]}|�d�s|�d�stj�tj�|�d�dVqdS)zcommon.confz-aggressive.confrrN)r�r.r/�splitext�splitr�r'r'r(r�_s��&�zBJailsReaderTest.testReadStockJailFilterComplete.<locals>.<genexpr>rrFrzcss"�|]}t|jd�dVqdS)rrN)r
r�)r�r�r'r'r(r�cs�
�z=More filters exists than are referenced in stock jail.conf %rz2Stock jail.conf references non-existent filters %r)rXr�r�r
rr�r?r@rErNr�r.r/r2rvrt�issubset�
difference)r$rv�filters�filters_jailr'r'r(�testReadStockJailFilterCompleteYs"����z/JailsReaderTest.testReadStockJailFilterCompletecCstjjdd�ttdtd�}|�|���|�|���|j	dd�}|�t
|��|D] }t
|�dkrK|d|dgdd	gkrK|�t�|d�dk�q+d
D]!}|�
d|gdd
�|D��|�
d|ddg|�|�
d|g|�qN|�|ddd�|jD]�}|j}|��}|jt
|�d|d�|D]q}|�	�}|��}	dt|�v�r|�
d|j�d}
|d|	g}|D]B}t
|�dkr�|ddkr�|dd�|kr�ddd�|dD�v}
nt
|�dkr�|ddkr�|dd�|kr�|ddkr�d}
|
r�nq�|j|
d|t|�fd�q�q}dS)NTr�r�rjrarrrNr~)r��recidiverlcss4�|]}t|�dkr|ddkr|dd�VqdS)rarrlNrr��r�r
r'r'r(r��s�2zDJailsReaderTest.testReadStockJailConfForceEnabled.<locals>.<genexpr>r��warnror*zNo actions found for jail %sr{z<blocktype>�	blocktypeFr�rcr�rcSsg|]}|d�qS)rr'r�r'r'r(r��r�zEJailsReaderTest.testReadStockJailConfForceEnabled.<locals>.<listcomp>r
zFound no %s command among %s)rXr�r�r
rr�r?r@rEr�r�r�str2secondsr�rR�_JailsReader__jailsrr��str�	_initOpts)r$rvrw�command�jr��	jail_namer��commands�action_name�blocktype_present�target_commandr'r'r(�!testReadStockJailConfForceEnabledlsb$�
�

�
�
�����z1JailsReaderTest.testReadStockJailConfForceEnabledc
sBtjjdd�t�}|�t�|�|��t�|��|�	�}|�|dd�|�|dd�|�
�|��|��|�
���fdd�}|�|d	�|d
�koV|d�kn�|�|d�|d
�k�|�|d�|d
�k�|��gd�gd�gd�gd�gd�gd�g�|j�d�|�|j��d�|�|��t�dS)NTr��socketz/var/run/fail2ban/fail2ban.sock�pidfilez/var/run/fail2ban/fail2ban.pidcsBt��D]\}}|ddkr|d|kr|Sqtd|�f��)NrrNrz/Did not find command 'set %s' among commands %s)�	enumerater�)rDrtrx�r�r'r(�find_set�s��z7JailsReaderTest.testStockConfigurator.<locals>.find_set�syslogsocket�loglevel�	logtarget�
dbpurgeage�dbfile�dbmaxmatches)rNr�rm)rNr��INFO)rNr�z/var/log/fail2ban.log)rNr�z"/var/lib/fail2ban/fail2ban.sqlite3)rNr��
)rNr��1dz/tmp)rXr�r�rrorrR�
getBaseDirrPrQrRrE�convertToProtocol�getConfigStreamr?rO�_Configurator__jails)r$rSrPr�r'r�r(�testStockConfigurator�s:
"��z%JailsReaderTest.testStockConfiguratorcCs�t�tj�|d��t�tj�|d��ttj�|dd�d���ttj�|dd�d���ttj�|d�d�}|�d�|��t|id�}|�|�	��|�|�
��|jd	d
�}dd�|D�}|�t
td
d�|D���d�|�|ddd�dS)NrFryztestaction1.confr-ztestfilter1.conf�	jail.confz�
[testjail1]
enabled = true
action = testaction1[actname=test1]
         testaction1[actname=test2]
         testaction.py
         testaction.py[actname=test3]
filter = testfilter1
r�TrjcSs,g|]}|dd�gd�kr|dd��qS)Nra)rN�	testjail1r�r')r��commr'r'r(r��s
�z:JailsReaderTest.testMultipleSameAction.<locals>.<listcomp>css�|]}|dVqdS)rNr')r�r�r'r'r(r��s�z9JailsReaderTest.testMultipleSameAction.<locals>.<genexpr>rcr*z{})r.�mkdirr/r2r5r7r6r
r?r@rEr�rRr�rN)r$r�jailfdrvrw�add_actionsr'r'r(�testMultipleSameAction�s
	z&JailsReaderTest.testMultipleSameActioncCs|jtd|jdd�dS)Nz'Have not found any log file for .* jail�polling��backend)�assertRaisesRegexr��_testLogPathr#r'r'r(�testLogPathFileFilterBackend�s
�z,JailsReaderTest.testLogPathFileFilterBackendc
CsPzddlm}Wnty}zt�d��d}~ww|jdd�|jdd�dS)Nr)�
FilterSystemdz&systemd python interface not available�systemdr�zsystemd[journalflags=2])�server.filtersystemdr�r�rXrYr�)r$r�rxr'r'r(�testLogPathSystemdBackends
��z)JailsReaderTest.testLogPathSystemdBackendcCs`ttj�|d�d�}|�d||f�|��t|d�}|�|���|�|�	��|�
�dS)Nr�r-z�
[testjail1]
enabled = true
backend = %s
logpath = %s/not/exist.log
          /this/path/should/not/exist.log
action = 
filter = 
failregex = test <HOST>
r)r5r.r/r2r6r7r
r?r@rEr�)r$rr�r�rvr'r'r(r�s	�

zJailsReaderTest._testLogPath)rhrirjr�rhrxr�r�r�r�r�rr�r�r�r�r�r'r'r%r(rf�s1??3
rf)6�
__author__�
__copyright__�__license__r�r_r.rWr)rrX�client.configreaderrrrr�clientr�client.jailreaderr	r
r�client.filterreaderr�client.jailsreaderr
�client.actionreaderrr�client.configuratorr�
server.mytimerr�utilsrrr/r2r1�__file__r+r,rr�r�r�r�r��TestCaserr�r#rNrfr'r'r'r(�<module>sDR{: