403 Forbidden


Disable Functions:
Path : /usr/libexec/kcare/python/kcarectl/__pycache__/
File Upload :
Command :
Current File : //usr/libexec/kcare/python/kcarectl/__pycache__/libcare.cpython-36.pyc

3

o��f�D�@s"ddlZddlZddlZddlZddlZddlmZddlmZddlmZddlm	Z	ddlm
Z
ddlmZdd	lmZdd
lm
Z
ddlmZddlmZdd
lmZddlmZddlmZmZmZdZdYZdZdZdZdZdddddd�Zdddgddgdd gd!�Zd"d#�Zd$d%�ZGd&d'�d'e �Z!d(d)�Z"dZd*d+�Z#d,d-�Z$d.d/�Z%d0d1�Z&d[d3d4�Z'd5d6�Z(d7d8�Z)ed9d:��Z*ed;d<��Z+d=d>�Z,d?d@�Z-dAdB�Z.dCdD�Z/dEdF�Z0dGdH�Z1ee"dIdJ���Z2ej3ee"ej4dfdKdL����Z5edMdN��Z6dOdP�Z7dQdR�Z8d\dSdT�Z9dUdV�Z:dWdX�Z;dS)]�N�)�	constants)�config)�config_handlers)�	log_utils)�
process_utils)�utils)�auth)�errors)�selinux)�fetch)�update_utils)�server_info)�json_loads_nstr�urlquote�	HTTPErrorz!/usr/libexec/kcare/libcare-client�/run/libcare/libcare.sock�/var/run/libcare.sock�<z /var/cache/kcare/libcare_patchesz /var/cache/kcare/libcare_cvelistz&/etc/sysconfig/kcare/libcare.logrotate�db�qemu)�mysqld�mariadbd�postgreszqemu-kvmzqemu-system-x86_64rrrzqemu-kvmzqemu-system-x86_64�libcZlibssl)rr�libscGstjjtjd|f|��S)N�	userspace)�os�path�joinr�PATCH_CACHE)�libname�parts�r#�-/usr/libexec/kcare/python/kcarectl/libcare.py�get_userspace_cache_path/sr%cs�fdd�}|S)NcsVz
�||�Sytd�Wn6tk
rN}ztjdj|�dd�WYdd}~XnXXdS)N�
clearcachez$Libcare cache clearing failed: '{0}'F)�	print_msg)�libcare_client�	Exceptionr�logerror�format)�args�kwargs�err)�clblr#r$�wrapper4s
z$clear_libcare_cache.<locals>.wrapperr#)r/r0r#)r/r$�clear_libcare_cache3s
r1cs0eZdZd�fdd�	Zd	dd�Zdd�Z�ZS)
�UserspacePatchLevelNcst||�j||�S)N)�super�__new__)�clsr!�buildid�level�baseurl)�	__class__r#r$r4BszUserspacePatchLevel.__new__cCs||_||_||_||_dS)N)r7r!r6r8)�selfr!r6r7r8r#r#r$�__init__EszUserspacePatchLevel.__init__cGst|j|jt|�f|��S)N)r%r!r6�str)r:r"r#r#r$�
cache_pathKszUserspacePatchLevel.cache_path)N)N)�__name__�
__module__�__qualname__r4r;r=�
__classcell__r#r#)r9r$r2As
r2csdd����fdd�}|S)NcSs�d\}}z�|dkrt�}i}g}xLt|�D]@}|jdd�||jd�<x$|jdg�D]}|j|jd��qRWq*Wdjdd	�|j�D��}dj|�}Wdtjt|d
d�tjt	|d
d�XdS)
z(KPT-1543 Save info about applyed patches�Nzlatest-version�package�patchesZcve�
cSsg|]}dj|��qS)� )r)�.0�recr#r#r$�
<listcomp>\szLrefresh_applied_patches_list.<locals>.save_current_state.<locals>.<listcomp>T)�
ensure_dir)rBrB)
�
_libcare_info�_get_patches_info�get�appendr�itemsr�atomic_write�LIBCARE_PATCHES�LIBCARE_CVE_LIST)�infoZversionsZcvesZpackagesZ	cves_listrH�patchr#r#r$�save_current_statePsz8refresh_applied_patches_list.<locals>.save_current_statecs"d}z�||�}|S�|�XdS)Nr#)r,r-rS)r/rUr#r$r0bs

z-refresh_applied_patches_list.<locals>.wrapperr#)r/r0r#)r/rUr$�refresh_applied_patches_listOsrVcCstjpd}t|�}tjtj|d�|||d�}|dtjtj	d|��7}tj|d�}yt
jtj
�|dd�}Wn,tjk
r�tjt||�d	d
��YnXtj|j�ttj|j���}t|||d|jd��}t|d�}	t|||	d
�}
tjj|
��s
tjj|
�dk�rttj|d�}yt
j||
tj t
j!|�d�Wn<t"k
�rr}z|j#dk�r`tj$d���WYdd}~XnXt|||	�}dd|
d|dg}
t%j&|
d	d	d�\}}}|�r�tj'dj(|||���t||d�}tjj)|��r�tjj*|��r�tj|�tj+|	|d�tj,|d|�dS)N�main�uz	latest.v1z?info=�updaterF)�
check_licenseT)�
ignore_errorsr7r8zpatch.tar.gzrZ	patch_url)Zcheck_signature�hash_checker��zKC+ licence is required�tarZxfz-Cz--no-same-owner)�catch_stdout�catch_stderrz(Patches unpacking error: '{0}' '{1}' {2}�latestz.tmp)r]r^)-r�PREFIXrr�get_patch_server_url�LIBNAME_MAPrMrZencode_server_lib_infoZserver_lib_infor�wrap_with_cache_keyr	�urlopen_authr
�NotFound�shutil�rmtreer%r�set_config_from_patchserver�headersr�nstr�readr2r<rr�exists�getsize�	fetch_url�
USE_SIGNATURE�get_hash_checkerr�code�NoLibcareLicenseExceptionr�run_command�
KcareErrorr+�islink�isdir�symlink�rename)r!�build_id�patch_level�prefix�url�	cache_dst�response�metar7�plevelZ
patch_path�ex�dst�cmdrt�stdout�stderrZ	link_namer#r#r$�fetch_userspace_patchmsB
"

r�cCsL|t_|st�tj|rdndd�|r0t�tjjd|r@dnd�dS)N�FALSE�YES)�LIBCARE_DISABLEDzlibcare service is �enabled�disabled)	rr��libcare_server_stopr�
update_config�libcare_server_startr�kcarelogrS)r�r#r#r$�set_libcare_status�sr�cCs:ytjdd�ddg}Wntk
r*dSXtj|�dS)N�service�
/usr/sbin/�/sbin/�libcare�stop)r�r�)r�find_cmdr)rv)r�r#r#r$r��s
r�cCsttjstjjtj�r:tjtjddg�tjtjddg�n6ytjdd	�ddg}Wnt	k
rddSXtj|�dS)
Nzreset-failedr�Zrestartzlibcare.socketr��
/usr/sbin/�/sbin/�start)r�r�)
r�SKIP_SYSTEMCTL_CHECKrrro�	SYSTEMCTLrrvr�r))r�r#r#r$r��sr�Tcs�djdd�t|pg�D��}ddg}�s6|dd|g7}yt|�}Wn2tk
rt}ztjdj|���WYdd}~XnXg}x@|jd	�D]2}|r�y|jt	j
|��Wq�tk
r�Yq�Xq�Wd
d�|D�}x.|D]&}t�fdd�|d
j
�D��|d
<q�W|S)N�|css|]}dj|�VqdS)z({0})N)r+)rG�procr#r#r$�	<genexpr>�sz _libcare_info.<locals>.<genexpr>rSz-jz-lz-rz/Gathering userspace libraries info error: '{0}'rEcSs$g|]}|jd�|jd�|d��qS)�comm�pid)r�r�r)�pop)rG�liner#r#r$rI�sz!_libcare_info.<locals>.<listcomp>c3s(|] \}}d|ks�r||fVqdS)�patchlvlNr#)rG�k�v)�patchedr#r$r��sr)r�sortedr(r)r
rwr+�splitrN�json�loads�
ValueError�dictrO)r��limitZregexpr��linesr.�resultr�r#)r�r$rK�s&"

&rKcCs�t�}x<|D]4}x.|dj�D]\}}|j|d|df�qWqWg}xbtD]Z}xT|D]L\}}t||t|�d�}	tjj|	�rXt	|	d��}
|j
tj|
��WdQRXqXWqNW|S)Nrr6r�z	info.json�r)
�setrO�add�
USERSPACE_MAPr%r<rr�isfile�openrNr��load)rSrDrH�_�datar�r�r|r�Zpatch_info_filename�fdr#r#r$rL�s

"rLcCs
tt��S)N)rLrKr#r#r#r$�libcare_patch_info_basic�sr�cCs"t�}|stjd�tjd|i�S)NzNo patched processes.r�)r�rr*r��dumps)r�r#r#r$�libcare_patch_info�s
r�cCs"t�}|stjd�tjd|i�S)NzNo patched processes.r�)rKrr*r�r�)r�r#r#r$�libcare_info�s
r�cCs.i}x$t�D]}|jdd�||jd�<qW|S)Nzlatest-versionrBrC)r�rM)r�rHr#r#r$�_libcare_version�sr�cCs*x$t�j�D]\}}|j|�r|SqWdS)NrB)r�rO�
startswith)r!rC�versionr#r#r$�libcare_versions
r�cCsdjdd�|D��dS)N�css|]}tj|�dVqdS)�N)r�bstr)rG�pr#r#r$r�
sz(libcare_client_format.<locals>.<genexpr>r�)r)�paramsr#r#r$�libcare_client_format	sr�cCs,xtD]}tjj|�r|SqWtjd��dS)NzLibcare socket is not found.)�LIBCARE_SOCKETrrror
rw)Zlibcare_socketr#r#r$�get_available_libcare_socket
s
r�c
Gs�tjrtjd��tjtjtjd�}|jd�d}zz|jt	��|jt
�t|�}tj
dj|d��|j|�x|jd�}|s~P||7}qnW|jdd	�}tj
d
j|d��|S|j�XdS)NzLibcare is disabled.r�
r�zLibcare socket send: {cmd})r�izutf-8�replacez!Libcare socket recieved: {result})r�)rr�r
rw�socket�AF_UNIX�SOCK_STREAM�
settimeout�connectr��LIBCARE_SOCKET_TIMEOUTr�r�logdebugr+�sendall�recv�decode�close)r��sock�resr�r�r�r#r#r$r(s(




r(cCs�x�|D]�}ytdt|��Wn2tk
rN}ztjdj|���WYdd}~XnXytd�Wqtk
r�}ztjdj|���WYdd}~XqXqWdS)NZstoragez(Userspace storage switching error: '{0}'rYz%Userspace patch applying error: '{0}')r(r%r)r
rwr+)r�r�r.r#r#r$�libcare_patch_apply,s
"r�cCsDytd�Wn2tk
r>}ztjdj|���WYdd}~XnXdS)N�unloadz&Userspace patch unloading error: '{0}')r(r)r
rwr+)r.r#r#r$�libcare_unload9sr�cCs�tj�t�|tjkr$tjr$dS|dkr8ttj	��}g}x|D]}|j
tj|g��qBW|sttj
dj|��dSt|d�\}}}}|r�tjd��|s�tj
d�dStjtjjtjd��t�yt|�Wn>tjk
�r}ztjt|��tjd��WYdd}~XnXt�}	t|	�}
ttdd	�|	D����s8dStjd
j|d��tjdj|
d
��tdd	�|
j �D��}tdd	�|j �D��}||}
t!dd	�|
j �D��}tj
djt"|
�|d��x,|
j#�D] \}}tj
dj|t"|����q�W|	S)z0Patch userspace processes to the latest version.NzNo such userspace patches: {0})r�z:There was an errors while patches downloading (unpacking).zNo patches were found.rz+There was an errors while patches applying.css|]}|dVqdS)rNr#)rG�itemr#r#r$r�tsz&do_userspace_update.<locals>.<genexpr>zPatched before: {before})�beforezPatched after: {after})�aftercss|]}|D]
}|Vq
qdS)Nr#)rGrOr�r#r#r$r�{scss|]}|D]
}|Vq
qdS)Nr#)rGrOr�r#r#r$r�|scss|]}t|�VqdS)N)�len)rGr�r#r#r$r�sz�The patches have been successfully applied to {count} newly discovered processes. The overall amount of applied patches is {overall}.)�count�overallz*Object `{0}` is patched for {1} processes.)$r�log_all_parent_processes�rotate_libcare_logsr�UPDATE_MODE_AUTOr�LIB_AUTO_UPDATE�listr��keys�extendrMr�loginfor+�check_userspace_updatesr
rwr�restore_selinux_contextrrrr r�r*r<rK�_get_userspace_procs�anyr�r��values�sumr�rO)�moder�Zprocess_filterZuserspace_patch�failed�something_foundr�r�r�Z
data_afterr�Zuniq_procs_afterZuniq_procs_beforeZdiffr�r�r�r#r#r$�do_userspace_updateBsR


r�cCsNyt�\}}}}Wntjk
r(dSX|r2dS|r:dStjdd�rJdSdS)N�rz.libcarestatus)�filename�r)r�r
rwr
�status_gap_passed)r�r��libs_not_patchedr#r#r$�get_userspace_update_status�sr�cCsdi}xZ|D]R}xL|dj�D]<\}}|jd�r||kr>g||<||j|d|df�qWq
W|S)Nrr�r�r�)rOrMrN)rSr�r�r!rHr#r#r$r��s

"r�cCsNt�}xB|D]:}x4|dj�D]$\}}|j||d|jdd�f�qWqW|S)Nrr6r�r)r�rOr�rM)rSr�r�r!rHr#r#r$�_get_userspace_libs�s

$r�cs��sg��fdd�tj�D�td�d�}t|�}d}}d}x�t|�D]�}|\}}}	y t|||	�d}|	dkrtd}WqHtjtjfk
r�YqHtj	k
r��YqHtj
k
r�}
zd}tjt
|
��WYdd}
~
XqHXqHWtjdd�||||fS)	Ncsg|]}�j|��qSr#)r�)rGr)r�r#r$rI�sz+check_userspace_updates.<locals>.<listcomp>F)r�r�Trz.libcarestatus)r�)r�r�rKr�r�r�r
rhru�AlreadyTrialedExceptionrwrr*r<r
�touch_status_gap_file)r�Zdata_beforer�r�r�r�rHr!r|r�r�r#)r�r$r��s.
$r�csfd}d}tjddd�}|r�ytj|tgdd�\}}}Wn.tk
rd}zd}t|�}WYdd}~XnX|r�tjd	j|�dd
�ntj	ddd
�d�t
jj��s�dSt
jd}y�t
j��}tjd����fdd�|D�}dd�|D�}|jdd�d}	xD|D]<\}}
|	t
jj|
�7}	|	|k�r�t
j|
�tjjd|
��q�WWn$tk
�r`tjddd
�YnXdS)NrrBZ	logrotateF)�	raise_excT)rarz5failed to run logrotate for libcare logs, stderr: {0})r'zlogrotate utility wasn't foundz/var/log/libcare/ir�z^\d+\.log.*cs$g|]}�j|�rtjj�|��qSr#)�matchrrr)rG�fn)�libcare_log_directory�	pidlog_rer#r$rI�sz'rotate_libcare_logs.<locals>.<listcomp>cSsg|]}tjj|�|f�qSr#)rr�getctime)rG�fpr#r#r$rI�s)�reversez%Removed %s because of logs size limitz)Failed to cleanup libcare server logfilesi)rr�rv�LIBCARE_LOGROTATE_CONFIGr)r<rr*r+�logwarnrrryr�!LIBCARE_PIDLOGS_MAX_TOTAL_SIZE_MB�listdir�re�compile�sortrp�remover�rS�logexc)�rcr�Zlogrotate_pathr��eZmax_total_sizeZ	log_filesZpidlog_filesZpidlog_files_with_ctZ
total_size�filepathr#)rrr$r��s<




r�c
CsJytjdd
�ddg}Wntk
r*dSXtj|ddd�\}}}|d	kS)zKAssume that whenever the service is not running, we did not patch anything.r��
/usr/sbin/�/sbin/r��statusFT)r`rar)rr)rr�r)rv)r�rtr�r#r#r$�libcare_server_started�sr)rr)N)TN)N)<rrrir�r�rBrrrrrrr	r
rrr
r�py23rrrZLIBCARE_CLIENTr�r�rQrRrrer�r%r1�intr2rVr�r�r�r�rKrLr�r�r�r�r�r�r�r(r�r��skip_if_no_selinux_module�UPDATE_MODE_MANUALr�r�r�r�r�r�rr#r#r#r$�<module>sv
,


G
*

404 Not Found
[ LogOut ]