Sindbad~EG File Manager

Current Path : /proc/2715199/root/usr/libexec/kcare/python/kcarectl/__pycache__/
Upload File :
Current File : //proc/2715199/root/usr/libexec/kcare/python/kcarectl/__pycache__/__init__.cpython-36.pyc

3

��"hP�@sTddlmZddlZddlZddlZddlZddlZddlZddlZddl	Z	ddl
Z
ddlZddlZddl
Z
ddlZddlZddlZddlmZddlmZddlmZddlmZddlmZdd	lmZdd
lmZddlmZddlmZdd
lmZddlmZddlmZddlm Z ddlm!Z!ddlm"Z"ddlm#Z#ddlm$Z$ddlm%Z%ddlm&Z&ddl'm(Z(m)Z)m*Z*m+Z+m,Z,ddl$m-Z-m.Z.m/Z/dZ0dZ1d�Z2dZ3d Z4d�Z5d"Z6d#Z7ej8d$ej9�Z:ej8d%�Z;ej<j=d&��r�ej<j>dd&�ej?d'e@d(�ejAjBejC�d)d*�ZDd+d,�ZEd-d.�ZFd/d0�ZGd1d2�ZHd�d3d4�ZId5d6�ZJd7d8�ZKd9d:�ZLd;d<�ZMd=d>�ZNd?d@�ZOGdAdB�dBeP�ZQGdCdD�dDe.�ZRGdEdF�dFe.�ZSGdGdH�dHe.�ZTdIdJ�ZUedKdL��ZVd�dMdN�ZWdOdP�ZXdQdR�ZYiZZdSdT�Z[e[e*j\_]e^edUd��s�y8ddl_Z`ddlaZbe`jcjdebje�e`jcjddV�k�r0efdW��Wnefk
�rHYn8XdXdY�Zge*jhZiGdZd[�d[ej�ZkGd\d]�d]e*jh�Zlele*_hejmfd^d_�Znd`da�Zodbdc�ZpGddde�deej�Zqdfdg�Zrdhdi�Zsd�dkdl�Ztdmdn�Zudodp�Zvd�dqdr�Zwdsdt�Zxdudv�Zydwdx�Zzdydz�Z{d{d|�Z|d}d~�Z}dd��Z~d�d��Zd�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d�d��Z�d�d��Z�d�d��Z�Gd�d��d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�ej�ejmfd�d��Z�d�d��Z�ej�fd�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d�dÄZ�d�dńZ�d�dDŽZ�dS)��)�print_functionN)�ArgumentParser)�datetime)�contextmanager�)�config)�	constants)�	log_utils)�utils)�
process_utils)�platform_utils)�
http_utils)�auth)�config_handlers)�libcare)�selinux)�fetch)�update_utils)�errors)�kcare)�server_info)�URLError�	HTTPError�httplib�	urlencode�json_loads_nstr)�SafeExceptionWrapper�
KcareError�NotFound�cZv2�12h�24h�48h�testz./etc/sysconfig/kcare/freezer.modules.blacklistz/usr/libexec/kcare/kcdoctor.sh�	latest.v2z /etc/sysconfig/kcare/sysctl.conf�
z$==BLACKLIST==
(.*)==END BLACKLIST==
z'(kpatch.*|ksplice.*|kpatch_livepatch.*)z/usr/libexec/kcare/python�ignore)�categorycCsDt�}tjjt�r@ttd�}x|D]}|j|j��q"W|j�|S)N�r)	�set�os�path�isfile�FREEZER_BLACKLIST�open�add�rstrip�close)�result�f�line�r5�./usr/libexec/kcare/python/kcarectl/__init__.py�get_freezer_blacklistJs

r7cCsB|jd�}|r(dj|d||dg�}ndj|d|dg�}|S)N�.rr���r9)�split�join)�ptype�filenameZ
name_partsr5r5r6�_apply_ptypeTs

r>cCsJt|tj�t_t|tj�t_t|tj�t_t|tj�t_t|tj�t_dS)N)r>r�	PATCH_BIN�
PATCH_INFO�BLACKLIST_FILE�FIXUPS_FILE�
PATCH_DONE)r<r5r5r6�apply_ptype]s
rDcCstj�\}}}d}t|t�rbt|t�rbyd|jtj|j�|jf}Wq�t	t
fk
r^Yq�XnPt|tt
tf�r�t|t�r�d|}n*t|t
�r�|jp�t|j�}|jp�d|j}tj�}tjtj�|d|dt|dt|��|djtj|d��t|dd�d	�S)
N�z[Errno %i] %s: '%s'z%srr�__name__�d�attempts)Z
agent_versionZpython_version�distroZdistro_version�error�details�	tracebackrH)�sys�exc_info�
isinstance�OSErrorr�errnor*�strerrorr=�AttributeError�	TypeError�KeyError�IOErrorr�etype�type�innerrKr�
get_distror�VERSION�get_python_version�getattr�strr;rLZ	format_tb)rW�value�tbZdetails_sanitizedrIr5r5r6� format_exception_without_detailses*

racCsvtjr
dStjt��}tjtjtj	|���}tj
d�d|}tj|t
j��}ytj|�Wntk
rpYnXdS)Nz/api/kcarectl-tracez?trace=)r�UPDATE_FROM_LOCAL�json�dumpsrar
�nstr�base64Zurlsafe_b64encodeZbstr�get_patch_server_urlr
Zhttp_requestrZget_http_auth_stringZurlopen_base�	Exception)ZtraceZ
encoded_trace�urlZrequestr5r5r6�send_exc�srjcCs�tj�}|dkr tj|d�dStj�tj�}|dkrBtjd�tjd�ttjd��&}tj	|j
�d�tj	|j
�d�WdQRX|r�tj|�y
|�Wn*t
k
r�tjjd�tjd�YnXtjd�dS)z�
    Run func in a fork in an own process group
    (will stay alive after kcarectl process death).
    :param func: function to execute
    :return:
    rN�ar�zWait exception)r*�fork�waitpid�setsid�_exitr1r.rZLOG_FILE�dup2�fileno�time�sleeprhr	�kcarelog�	exception)�funcrt�pid�fdr5r5r6�
nohup_fork�s(



rzcCs�tjjtjd�}tjj|�rtt|d��H}y,t|j��}|t	j
tj�krRt||��Wnt
k
rhYnXWdQRXtj|tj��dS)aCheck the fact that there was a failed patching attempt.
    If anchor file not exists we should create an anchor with
    timestamp and schedule its deletion at $timeout.

    If anchor exists and its timestamp more than $timeout from now
    we should raise an error.
    z.kcareprev.lockr(N)r*r+r;r�PATCH_CACHEr,r.�int�readr�SUCCESS_TIMEOUTrs�PreviousPatchFailedException�
ValueErrorr
�atomic_write�
timestamp_str)Zanchor_filepathZafile�	timestampr5r5r6�touch_anchor�sr�cCsxytjtjjtjd��Wntk
r.YnXtd|�tj	j
�ytdd�Wn tk
rrt
jjd�YnXdS)z�
    See touch_anchor() for detailed explanation of anchor mechanics.
    See KPT-730 for details about action registration.
    :param state_data: dict with current level, kernel_id etc.
    z.kcareprev.lock�done)�reasonzCannot send update info!N)r*�remover+r;rr{rP�register_actionr�get_loaded_modules�clear�get_latest_patch_levelrhr	rurv)�
state_datar5r5r6�
commit_update�s

r�cCs(tjtjjtjd�tj||d�d�dS)N�patchesrE)Zexclude_path)	r
�clean_directoryr*r+r;rr{r�get_cache_path)�khashZplevelr5r5r6�clear_cache�sr�cCs>tjpd}dj||g�}tjd|f}|r2||f7}tjj|�S)N�none�-�modules)r�PREFIXr;rr{r*r+)r��fname�prefixZ
module_dirr2r5r5r6�get_current_level_path�s

r�cCstjt|d�t|�dd�dS)N�latestT)Z
ensure_dir)r
r�r�r^)r��patch_levelr5r5r6�save_cache_latest�sr�cCsVt|d�}tjj|�rRy"tt|d�j�j��}tj	||�St
tfk
rPYnXdS)Nr�r()r�r*r+r,r|r.r}�stripr�LegacyKernelPatchLevelr�rT)r�Zpath_with_latest�plr5r5r6�get_cache_latest�s
r�c@seZdZdS)�CertificateErrorN)rF�
__module__�__qualname__r5r5r5r6r�sr�c@seZdZdd�ZdS)�UnknownKernelExceptioncCs*tj|djtj�dtj�tj���dS)NzLNew kernel detected ({0} {1} {2}).
There are no updates for this kernel yet.r)	rh�__init__�formatrrZ�platform�releaser�get_kernel_hash)�selfr5r5r6r�szUnknownKernelException.__init__N)rFr�r�r�r5r5r5r6r�sr�cs$eZdZ�fdd�Zdd�Z�ZS)�ApplyPatchErrorcsFtt|�j||�||_||_||_||_tj�d|_	t
j�|_dS)Nr)�superr�r��code�
freezer_style�level�
patch_filerrZrIr�r�)r�r�r�r�r��args�kwargs)�	__class__r5r6r�szApplyPatchError.__init__c	Cs0dj|j|j|j|j|jdjdd�|jD���S)Nz0Unable to apply patch ({0} {1} {2} {3} {4}, {5})z, cSsg|]}t|��qSr5)r^)�.0�ir5r5r6�
<listcomp>sz+ApplyPatchError.__str__.<locals>.<listcomp>)r�r�r�r�rIr�r;r�)r�r5r5r6�__str__szApplyPatchError.__str__)rFr�r�r�r��
__classcell__r5r5)r�r6r�s	r�cs$eZdZ�fdd�Zdd�Z�ZS)rcs"tt|�j||�||_||_dS)N)r�rr�r��anchor)r�r�r�r�r�)r�r5r6r�%sz%PreviousPatchFailedException.__init__cCsd}|j|j|j�S)Nz�It seems, the latest patch, applying at {0}, crashed, and further attempts will be suspended. To force patch applying, remove `{1}` file)r�r�r�)r��messager5r5r6r�*sz$PreviousPatchFailedException.__str__)rFr�r�r�r�r�r5r5)r�r6r$srcCs�tjdj|�}yrtj|�}tjtj|j���}t	|d�}|dkrNt
d�n2|dkr`t
d�n |dkrrt
d�nt
d	j|��|Stk
r�}ztj
||�WYdd}~XnXd
S)Nz"/nagios/register_key.plain?key={0}r�rzKey successfully registeredrzWrong key format or sizerlz!No KernelCare license for that IPzUnknown error {0}r9)r�REGISTRATION_URLr�r
�urlopenr
�data_as_dictrer}r|�printrr	�print_cln_http_error)�keyri�response�resr��er5r5r6�!set_monitoring_key_for_ip_license3s 



r�c
cs>tjrtjtjdd�z
dVWdtjr8tjtjdd�XdS)NT)�shell)rZBEFORE_UPDATE_COMMANDr�run_commandZAFTER_UPDATE_COMMANDr5r5r5r6�
execute_hooksGs
r�cCs�t�}|j}|j}tj�}|dkrdt|�tjtj	�t
j�|tt
j��|d�}td�ttj|��nZtd�tt|��tdt|��ttj�ttj	��tt
j��t|�tt
j��dS)a1
    The output will consist of:
    Ignore output up to the line with "--START--"
    Line 1: show if update is needed:
        0 - updated to latest,
        1 - update available,
        2 - unknown kernel
        3 - kernel doesn't need patches
        4 - no license, cannot determine
    Line 2: licensing message (can be skipped, can be more then one line)
    Line 3: LICENSE: CODE: 1: license present, 2: trial license present, 0: no license
    Line 4: Update mode (True - auto-update, False, no auto update)
    Line 5: Effective kernel version
    Line 6: Real kernel version
    Line 7: Patchset Installed # --> If None, no patchset installed
    Line 8: Uptime (in seconds)

    If *format* is 'json' return the results in JSON format.

    Any other output means error retrieving info
    :return:
    rc)Z
updateCodeZ
autoUpdateZeffectiveKernelZ
realKernelZloadedPatchLevelZuptime�licensez	--START--z	LICENSE: N)�_patch_level_infor��applied_lvlr�license_infor^r�AUTO_UPDATEr�kcare_unamer�r�r|rZ
get_uptimer�rcrd)�fmt�pliZupdate_codeZ	loaded_plZlicense_info_resultZresultsr5r5r6�plugin_infoSs,

r�cCs^tj�}ytdd�}Wntk
r4tjr0dSdSX|dkrBdS||krNdStj�rZdSdS)N�info)r�r�rrl)r�loaded_patch_levelr�r�r�IGNORE_UNKNOWN_KERNELrZstatus_gap_passed)�
current_levelZlatest_patch_levelr5r5r6�get_update_status�sr�cCs2tj�dd�\}}|dkr*|jd�r*dSdSdS)NrlZ
CloudLinuxz7.�extrarE)rrZ�
startswith)rI�versionr5r5r6�edf_fallback_ptype�sr�cCsl|j|jf}tj||�}tj||j�|_|jjtj	tj
d�|tkrZ|jj�dd�t|<|jrh|j
�dS)z�Function remembers IP address of host connected to
    and uses it for later connections.

    Replaces stdlib version of httplib.HTTPConnection.connect
    rNrl)�hostZport�CONNECTION_STICKY_MAP�get�socketZcreate_connectionZtimeout�sockZ
setsockoptZIPPROTO_TCPZTCP_NODELAYZgetpeername�_tunnel_hostZ_tunnel)r�ZaddrZ
resolved_addrr5r5r6�sticky_connect�sr�ZHAS_SNIz0.13z%No pyOpenSSL module with SNI ability.cGsdS)NTr5)r�r5r5r6�dummy_verify_callback�sr�c@s,eZdZdd�Zdd�Zdd�Zdd�Zd	S)
�SSLSockcCs||_d|_dS)Nr)�	_ssl_conn�_makefile_refs)r�r�r5r5r6r��szSSLSock.__init__cGs&|jd7_tj|jf|�ddi�S)Nrr1T)r�r�Z_fileobjectr�)r�r�r5r5r6�makefile�szSSLSock.makefilecCs"|jr|jr|jj�d|_dS)N)r�r�r1)r�r5r5r6r1�s
z
SSLSock.closecGs|jj|�S)N)r��sendall)r�r�r5r5r6r��szSSLSock.sendallN)rFr�r�r�r�r1r�r5r5r5r6r��sr�c@seZdZdd�ZdS)�PyOpenSSLHTTPSConnectioncCs�tjj|�tjjtjj�}|jtjjtjj	B�t
jrJ|jtjj
t�n|jtjjt�|j�tjj||j�}|j�|jp�|j}|j|j��|j�t
jr�t|j�|�t|�|_dS)N)r�HTTPConnection�connect�OpenSSLZSSLZContextZ
SSLv23_METHODZset_optionsZOP_NO_SSLv2ZOP_NO_SSLv3r�CHECK_SSL_CERTSZ
set_verifyZVERIFY_PEERr�ZVERIFY_NONEZset_default_verify_pathsZ
Connectionr�Zset_connect_stater�r�Zset_tlsext_host_name�encodeZdo_handshake�match_hostnameZget_peer_certificater�)r�ZctxZconnZserver_hostr5r5r6r��sz PyOpenSSLHTTPSConnection.connectN)rFr�r�r�r5r5r5r6r��sr�c	CsTtj�}tjdk	r$tj|ttj��S�x"tD�]}tjrFtj||�}n tj|t	||��dt
j|�}y�tj
tj�|dd�}tj|j�t�tj|j��j�}tjdj||�dd�|r�|jd�r�t|�}tj||d|d|d	�Stj|t|��Stk
�rYq,tk
�rD}z|j d
k�r2t!d���WYdd}~Xq,Xq,Wt"��dS)N�?F)�
check_licensez;fetch patch level, reason: {0}, kernel latest response: {1})�	print_msg�{r��baseurlr���zKC licence is required)r�r�)#rr�r�PATCH_LEVELr�r|�PATCH_LATESTrbZget_kernel_prefixed_url�stickyfyrZbased_server_inforZwrap_with_cache_keyr�urlopen_authrZset_config_from_patchserver�headers�update_all_kmod_paramsr
rer}r�r	�loginfor�r�rZKernelPatchLevelrrr�rr�)	r��moder�r�rir�r�Zlatest_info�exr5r5r6�fetch_patch_level�s0
 r�cCs<|jt|tj��}tjjdj|��ytj	|ddd�dSt
k
r^tjjdj|��dStk
r�}ztjjdj|t
|���WYdd}~XnX|jt|tj�tj�}tjjdj|��ytj	|dd�Wnbt
k
�r�tjjdj|��dStk
�r6}ztjjd	j|t
|���WYdd}~XnXdS)
NzProbing patch URL: {0}F�HEAD)r��methodTz{0} is not available: 404zFHEAD request for {0} raised an error, fallback to the GET request: {1})r�z{0} is not available: {1})�file_urlr>rr?r	rur�r�rr�rrh�debugr^rZSIGr)r�r<Zbin_urlr�rir5r5r6�probe_patchs(**rcCsF|tjkr|jtj�}n
|j|�}|j|�}tj||tjtj	|�d�S)N)Zhash_checker)
r�KMOD_BINZkmod_urlr�
cache_pathrZ	fetch_urlr�
USE_SIGNATUREZget_hash_checker)r��nameriZdstr5r5r6�fetch_and_verify_kernel_file6s



r	c@s>eZdZddd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�ZdS)�PatchFetcherNcCs
||_dS)N)r�)r�r�r5r5r6r�AszPatchFetcher.__init__cCst|j|�S)N)r	r�)r�rr5r5r6�_fetchDszPatchFetcher._fetchcCsr|jjtj�}|jjtj�}|jjtj�}|jjtj�}tdd�||||fD��opt	j
j|�dkopt	j
j|�dkS)Ncss|]}tjj|�VqdS)N)r*r+r,)r�r+r5r5r6�	<genexpr>Nsz0PatchFetcher.is_patch_fetched.<locals>.<genexpr>r)r�rrrCr?r@rr�allr*r+�getsize)r�Zpatch_done_pathZpatch_bin_pathZpatch_info_pathZ
kmod_bin_pathr5r5r6�is_patch_fetchedGszPatchFetcher.is_patch_fetchedcCs0|jdkrtd��|js|jS|j�r6tjd�|jStjd�t|jtj�r�ytj	|jj
tj�dd�}Wnt
k
r~Yn(X|jjdd�}|r�|jjtj|��|_y|jtj�Wn,t
k
r�tdj|jtjp�d���YnX|jtj�|jtj�|j�tj|jjtj�d	d
d�tjtj �|jS)Nz+Cannot fetch patch as no patch level is setzUpdates already downloadedzDownloading updatesr)rzKC-Base-UrlzfThe `{0}` patch level is not found for `{1}` patch type. Please select valid patch type or patch level�default��wb)r�)!r�r�rr	r�rOrr�rr�rrr?rr�r��upgrader
rerrr��
PATCH_TYPEr@rr�extract_blacklistr�rrCr�restore_selinux_contextr{)r��respr�r5r5r6�fetch_patchSs8


zPatchFetcher.fetch_patchcCsJt|jjtj�d�j�}|rFtj|�}|rFtj	|jjtj
�|jd��dS)Nr(r)r.r�rrr@r}�BLACKLIST_RE�searchr
r�rA�group)r�ZbufZmor5r5r6r{s

zPatchFetcher.extract_blacklistcCs�|dkrdSyt|tj�}Wntk
r0dSX|jjdd�}|rT|jtj|��}|j	tj�}t
|d��}tdd�|j�D��}WdQRXx|D]}t||�q�Wt
jtj�dS)z�
        Download fixup files for defined patch level
        :param level: download fixups for this patch level (usually it's a level of loaded patch)
        :return: None
        NzKC-Base-Urlr(cSsg|]}|j��qSr5)r�)r��fixupr5r5r6r��sz-PatchFetcher.fetch_fixups.<locals>.<listcomp>)r	rrBrr�r�rr
rerr.r)�	readlinesrrrr{)r�r�rr�Zfixups_fnamer3�fixupsrr5r5r6�fetch_fixups�s 
zPatchFetcher.fetch_fixups)N)	rFr�r�r�rrrrrr5r5r5r6r
?s
(r
cCs6t�}t|j�|jtjkr(tjd�n
tjd�dS)Nrr)r�r��msgr��PLI�PATCH_NEED_UPDATErM�exit)r�r5r5r6�kcare_check�s

r$c	Cst�}t|�}ytj�}Wntk
r2i}YnXtj�}d}|dk	r\tj|d�j	d�}tj
�}t|jdg��}t
dd�|D��}tj�}|s�td�ntd�td	j|��td
j|��|dkr�tdj|��|dkr�td
j|��||dk�rtd�td�dS)NZUnknown�tsz%Y-%m-%dr�css|]}t|jdg��VqdS)r�N)�lenr�)r�Zrecr5r5r6r�sz$show_generic_info.<locals>.<genexpr>z$KernelCare live patching is disabledz"KernelCare live patching is activez - Last updated on {0}z - Effective kernel version {0}rz* - {0} kernel vulnerabilities live patchedz- - {0} userspace vulnerabilities live patchedz% - This system has no applied patchesz(Type kcarectl --patch-info to learn more)r��_kcare_patch_info_jsonrZlibcare_patch_info_basicrrZ	get_staterZ
fromtimestampZstrftimer�r&r��sumr�r�r�)	r��
kcare_info�libcare_info�stateZ
latest_updateZeffective_versionZkernel_vulnerabilitiesZuserspace_vulnerabilitiesr�r5r5r6�show_generic_info�s4

r,Fc	Cs�y�tdtjd�}|st�|jtj�}tjt	j
|�j��}|r�gi}}x>|jd�D]0}tj
|�}|rxd|krx|j|�qR|j|�qRW||d<tj|�}t|�WnHtk
r�}ztj||j�dSd}~Xntk
r�td�YnXd	S)
z�
    Retrieve and output to STDOUT latest patch info, so it is easy to get
    list of CVEs in use. More info at
    https://cloudlinux.atlassian.net/browse/KCARE-952
    :return: None
    r�)r��policyz

zkpatch-namer�rNzNo patches availabler)r�r�
POLICY_REMOTEr�rrr@r
rerr�r}r:r��append�updatercrdr�rr	r�ri)	�is_jsonr�ri�
patch_infor�r2�chunk�datar�r5r5r6�kcare_latest_patch_info�s,


r5cCs�d|ji}|jdk	r�t|�}g}x>|jd�D]0}tj|�}|rRd|krR|j|�q,|j|�q,W||d<tj	�}|r||dnd|d<|S)Nr�z

zkpatch-namer�r��unknown)
r r��_kcare_patch_infor:r
r�r/r0rZread_dumped_kernel_patch_level)r�r2r2r�r3r4Zsaved_patch_levelr5r5r6r'�s


r'cCsPtj�}tj||jtj�}tjj|�s.t	d��t
|d�j�}|rLtj
d|�}|S)NzvCan't find information due to the absent patch information file. Please, run /usr/bin/kcarectl --update and try again.r(rE)rr�r�r�rr@r*r+r,rr.r}r�sub)r�r�rr�r5r5r6r7sr7cCsTt�}|s:|jdkrt|j�|jdkr,dStt|��nttjt|�dd��dS)NrT)Z	sort_keys)	r�r�r�r r�r7rcrdr')r1r�r5r5r6r2s


r2cCs:tjd|g}tj|�}tj�}d}tj||�tj||�kS)Nz	file-infozkpatch-build-time)r�
KPATCH_CTLr�check_outputr�_patch_infoZget_patch_value)�new_patch_filer�Znew_patch_infoZcurrent_patch_infoZbuild_time_labelr5r5r6�
is_same_patchs

r=cCsL|dkrdS|r||krdS||kr(dStjtj�|tj�}t|�sHdSdS)NrFT)rr�r�rr?r=)�
applied_level�	new_levelr<r5r5r6�kcare_need_update"sr@cCsptjrltjjt�otjttj�s6tj	j
djt��dStj
dddtgdd�\}}}|dkrltj	j
dj|��dS)	Nz-File {0} does not exist or has no read accessz/sbin/sysctlz-qz-pT)�catch_stdoutrz%Unable to load kcare sysctl.conf: {0})rZUPDATE_SYSCTL_CONFIGr*r+r,�
SYSCTL_CONFIG�access�R_OKr	ru�warningr�rr�)r��_r5r5r6�
update_sysctl4srGcs�tjjt�sttd�j�tjttj�s>tj	j
djt��dSttd��j}|j�}|j
d�x,|D]$�t�fdd�|D��sb|j��qbWx|D]}|j|d�q�W|j�WdQRXdS)	z*Update SYSCTL_CONFIG accordingly the editsrkzFile {0} has no read accessNzr+rc3s|]}�j|�VqdS)N)r�)r�r()r4r5r6rPsz#edit_sysctl_conf.<locals>.<genexpr>�
)r*r+r,rBr.r1rCrDr	rurEr�r�seek�any�write�truncate)r�r/Zsysctl�linesrkr5)r4r6�edit_sysctl_conf?s


rNcCs*x$|D]}tj|�rtdj|���qWdS)NzDDetected '{0}' kernel module loaded. Please unload that module first)�CONFLICTING_MODULES_RE�matchrr�)r��moduler5r5r6�detect_conflicting_modulesXs

rRcCsdjtj��S)Nz/lib/modules/{0}/extra/kcare.ko)r�rZget_system_unamer5r5r5r6�get_kcare_kmod_link^srSc
CsXtdd�}tjtj�|tj�}tjj|�s.dSt	|d��}|j
�dd�dkSQRXdS)Nr�)r��rb�s~Module signature appended~
i��)r�rr�r�rrr*r+r,r.r})r�Z	kmod_fileZvfdr5r5r6�kmod_is_signedbs
rVcKs`d|g}x&|j�D]\}}|jdj||��qWtj|dd�\}}}|dkr\tdj||���dS)Nz/sbin/insmodz{0}={1}T)rArzLUnable to load kmod ({0} {1}). Try to run with `--check-compatibility` flag.)�itemsr/r�rr�r)Zkmodr��cmdr�r_r�rFr5r5r6�	load_kmodksrYcCs<tj�rt�rtd��tj�s0tj�s0tj�r8td��dS)Nz4Secure boot is enabled. Not supported by KernelCare.zWYou are running inside a container. Kernelcare should be executed on host side instead.)rZis_secure_bootrVrZinside_vz_containerZinside_lxc_containerZinside_docker_containerr5r5r5r6�check_compatibilitytsrZcCsPtjd�}tj|dgddd�ddk}|rL|d
krLtjdj|��tjd	�dS)NZmodinfoZkmodlveT)rA�catch_stderrr�freer�z3{0} patch type conflicts with kmodlve kernel moduler)r\r�)rZfind_cmdr�r	�logerrorr�rMr#)r<rXZhas_kmodlver5r5r6�check_patch_type_compatibility{s

r^cCsPtjddd|g�}g}x4|jd�D]&}|j�r"|jd�\}}}|j|�q"W|S)Nz
/sbin/modinfoz-FZparmrH�:)rr:r:r��	partitionr/)�
kcare_link�stdoutZavailable_paramsr4Z
param_namerFr5r5r6�get_kmod_available_params�srccCsLtjr
dndtjrdndtjr$tjndttjt�r8tjndtjrDdndd�S)NrrrE)�kpatch_debugZkmsg_outputZkcore_outputZ
kdumps_dirZenable_crashreporter)	r�KPATCH_DEBUGZKMSG_OUTPUTZKCORE_OUTPUTZKCORE_OUTPUT_SIZErO�
KDUMPS_DIRr^ZENABLE_CRASHREPORTERr5r5r5r6�make_kmod_new_params�s
rgcCsHtjr"tjjtj�r"tjtj�x t�j�D]\}}t||�q.WdS)N)	rrfr*r+�exists�makedirsrgrW�update_kmod_param)Zparam�valr5r5r6r��sr�cCstd}tjj||�}tjj|�s"dSy(t|d��}|jt|��WdQRXWn$tk
rntj	j
d||�YnXdS)Nz/sys/module/kcare/parameters�wz!failed to set %s kmod param to %s)r*r+r;rhr.rKr^rhr	rurJ)Zkmod_param_nameZparam_valueZparams_rootZ
param_pathr3r5r5r6rj�srjcs�t�}tj||tj�}ytj||�Wntk
r>|}YnXtj	rbt
jjtj	�rbt
j
tj	�t�}t|��t�fdd�|j�D��}t|f|�t�dS)Nc3s"|]\}}|�kr||fVqdS)Nr5)r��k�v)�available_kmod_paramsr5r6r�sz"load_kcare_kmod.<locals>.<genexpr>)rSrr�rr�shutil�copyrhrrfr*r+rhrirgrc�dictrWrY�
update_depmod)r�r�raZ
kcare_fileZkmod_paramsr5)ror6�load_kcare_kmod�s
rtcCsXdg}|dk	r|jd|g�tj|ddd�\}}}|rTtjdjdj|�||�dd�dS)	Nz/sbin/depmodz-aT)rAr[z%Running of `{0}` failed with {1}: {2}� F)r�)�extendrr�r	r]r�r;)�unamerXr�rF�stderrr5r5r6rs�srscCs4tjd|gdd�\}}}|dkr0tdj||���dS)Nz/sbin/rmmodT)rArzUnable to unload {0} kmod {1})rr�rr�)�modnamer�rFr5r5r6�unload_kmod�srzcCsTg}xJdg|D]<}tj||dj|��}tjj|�rt|�|jdj|��qW|S)NZvmlinuxzfixup_{0}.koz	fixup_{0})rr�r�r*r+rhrYr/)r�r�r�Zloaded�modZmodpathr5r5r6�apply_fixups�sr|cCsDx>|D]6}yt|�Wqtk
r:tjjd|�YqXqWdS)Nz$Exception while unloading module %s.)rzrhr	rurv)rr{r5r5r6�
remove_fixups�s

r}cCs�|r
|}n6tjrtj}n(t�j|�r2d|tjdfSd|tjdfSdddddd�}|j�}||krj||}ntdj||tjd���||tjdfS)	NZfreeze_conflictTrFZfreeze_noneZ
freeze_all)ZNONEZNOFREEZEZFULLZFREEZEZSMARTz3Unable to detect freezer style ({0}, {1}, {2}, {3}))rZPATCH_METHODr7�intersection�upperrr�)�freezerr�rZpatch_method_mapr5r5r6�get_freezer_style�s"
r�rEcs�|||d��td��tj�}tj�}t|�t||�}tj||tj�}t	||�dj
|tjtj
�tj|��}	d|k}
|
o�tj||�}|dk	}|o�t|�o�tj|	�}
�j||d��|
r�td��dS|�rtd��t|||�}td��t|�td	��t|�|�r"td
��td�d}
|
�s<td��t||�|�rHt�td
��t||||	|�t�tjdj
|tj���tj�td��t �fdd�tj!d�dS)N)r�Zfuturer��startz{0}-{1}:{2};{3}r)Zcurrent�kmod_changedr�Zfxp�unpatchZunfxp�unloadF�load�patchz5Patch level {0} applied. Effective kernel version {1}�waitcst��S)N)r�r5)r�r5r6�<lambda>Eszkcare_load.<locals>.<lambda>)rt)"r�rr�r�rRr�r�rr?r�r�rr
r�Zparse_unameZis_kmod_version_changedr=Zkcare_update_effective_versionr0r|�kpatch_ctl_unpatchr}rzrtr��kpatch_ctl_patchrGr	r�r�rZtouch_status_gap_filerzr~)r�r�r�r��
use_anchorr�r�r�r��descriptionZkmod_loadedr�Zpatch_loadedZ
same_patchrr5)r�r6�
kcare_load	sR











r�c	Cs�tjg}tj||tj�}tjj|�r2|j	d|g�|j	dd|g�|j	d|dg�|j
|�tj|dd�\}}}|dkr�t
||||��dS)Nz-br�z-dz-mrT)rA)rr9rr�rrAr*r+rhrvr/rr�r�)	r�r�r�r�r�r�Zblacklist_filer�rFr5r5r6r�Hs
r�cCsZtjtjdd|dgddd�\}}}|dkrVtjdj||�dd�td	j|t|����dS)
Nr�z-mrT)rAr[z4Error unpatching, kpatch_ctl stdout:
{0}
stderr:
{1}F)r�zError unpatching [{0}] {1})	rr�rr9r	r]r�rr^)r�r�rbrxr5r5r6r�Us
 r�cCs8||d<ttj��|d<tjtjjtjd�t	|��dS)N�actionr%zkcare.state)
r|rsr
r�r*r+r;rr{r^)r�r�r5r5r6r�_sr�cCspd}tjj|�sdSxVtj|�D]H}tjj||dd�}tjj|�sDq tj|�}||kr tj|�t|�q WdS)Nz/usr/lib/modules/zweak-updateszkcare.ko)	r*r+�isdir�listdirr;�islink�readlink�unlinkrs)�	kmod_linkZmodules_path�entryZ
sym_link_pathZtarget_pathr5r5r6�update_weak_moduleses

r�c
CsBtj�}t�}y|j|�Wn4tk
rP}z|s@tdj|���WYdd}~XnXtj�}t||�}t	���d|k�r|dk	}|r�t
tj�||�}tj
tjdd|dgddd�\}	}
}t|�|	dkr�tjdj|
|�d	d
�tdj|	t|����tjtjt�dtd
�t�d�t�}tjj|��r,tj|�t|�WdQRXdS)Nz�Unable to retrieve fixups: '{0}'. The unloading of patches has been interrupted. To proceed without fixups, use the --force flag.rr�z-mrT)rAr[z4Error unpatching, kpatch_ctl stdout:
{0}
stderr:
{1}F)r�zError unpatching [{0}] {1}r)�count�delay) rr�r
rrhrr�r�r�r�r|r�rr�rr9r}r	r]r^r
ZretryrZ	check_exc�UNLOAD_RETRY_DELAYrzrSr*r+r,r�r�)
r��forcer��pf�errr�r�Zneed_unpatchrr�rbrxr�r5r5r6�kcare_unloadus8

 
r�cCs8t�}|rt|�S|jdkr"|jS|jdk	r4tj�SdS)Nr)r��_kcare_info_jsonr�r r�rr;)r1r�r5r5r6r)�s

r)cCsRd|ji}|jdk	r>|jtjtj���|jtj|jd���|j	|d<t
j|�S)Nr�zkpatch-descriptionzkpatch-state)r r�r0r
r�rr;Zparse_patch_descriptionr�r+rcrd)r�r2r5r5r6r��s


r�c@s$eZdZdZdZdZdZdd�ZdS)r!rrrlr�cCs"||_||_||_||_||_dS)N)r�r �
remote_lvlr�r+)r�r�r r�r�r+r5r5r6r��s
zPLI.__init__N)rFr�r�r�r"�PATCH_UNAVALIABLE�PATCH_NOT_NEEDEDr�r5r5r5r6r!�s
r!cCs�tj�}y�tdd�}|rJt||�r6tjdd}}}qxtjdd}}}n.|dkrftjdd}}}ntjd	d}}}t|||||�}Wnltk
r�tj	}t
jr�d
jt
jt
j�dtj��}ndjt
j�dtj�tj��}t||ddd�}YnX|S)
Nr�)r�z*Update available, run 'kcarectl --update'.ZappliedzThe latest patch is applied.rz(This kernel doesn't require any patches.ZunsetzDNo patches applied, but some are available, run 'kcarectl --update'.zuInvalid sticky patch tag {0} for kernel ({1} {2}). Please check /etc/sysconfig/kcare/kcare.conf STICKY_PATCH settingszLNew kernel detected ({0} {1} {2}).
There are no updates for this kernel yet.Zunavailable)rr�r�r@r!r"r�r�r�r�r�STICKY_PATCHr�rrZr�r�r�)Zcurrent_patch_levelZnew_patch_levelr�r r+r�r5r5r6r��s8

r�c	Cs�d}yVtj�}td|fd|fg�}tjdj|�}tj|�}tj	tj
|j���}t|d�St
k
r�}ztj||�d
Sd}~XnZtk
r�}ztj||�dSd}~Xn0tk
r�}ztjdj|��dSd}~XnXdS)
z�
    Request to tag server from ePortal. See KCARE-947 for more info

    :param tag: String used to tag the server
    :return: 0 on success, -1 on wrong server id, other values otherwise
    N�	server_id�tagz/tag_server.plain?{0}r�r��zInternal Error {0}����������)r�get_serveridrrr�r�r
r�r
r�rer}r|rr	r�rrhr])	r�rir�Zqueryr�r�r�ZueZeer5r5r6�
tag_server�s"
r�cCs�tjd�}tjdj|��t}tj���}y:tj	||j
�}tjtj
|�|j
�tj|j
|�|j
}Wn2tk
r�}ztjdj|��WYdd}~XnXtjd|tjgdd�\}}}|r�tdj||���WdQRXdS)Nz	doctor.shz#Requesting doctor script from `{0}`z3Kcare doctor error: {0}. Fallback to the local one.ZbashT)r[zScript failed with '{0}' {1})r
rgr	Zlogdebugr��KCDOCTOR�tempfileZNamedTemporaryFilerZfetch_signaturerZsave_to_filer
r�Zcheck_gpg_signaturerhr]rr�r�PATCH_SERVERr)Z
doctor_urlZdoctor_filenameZ
doctor_dstZ	signaturer�r�rFrxr5r5r6�kcdoctors


"r�cCsBtjdjt��}ytj|�Wntk
r2dSXtjd�dS)Nz{0}-new-versionFzwA new version of the KernelCare package is available. To continue to get kernel updates, please install the new versionT)	r
rgr��EFFECTIVE_LATESTr
r�rr	r�)rir5r5r6�check_new_kc_version%sr�c	Cs�tj�}t|�}|tjkp*|tjko*|dk}yt||�}Wn<tk
rv}z |rT�ntj	j
dj|��WYdd}~XnX|tjkr�|}n<|}|dkr�|tjkr�tj
|d�}n|tjkr�|}ntd��|S)a�
    Get patch level to apply.
    :param reason: what was the source of request (update, info etc.)
    :param policy: REMOTE -- get latest patch_level from patchserver,
                   LOCAL -- use cached latest,
                   LOCAL_FIRST -- if cached level is None get latest from patchserver, use cache otherwise
    :param mode: constants.UPDATE_MODE_MANUAL, constants.UPDATE_MODE_AUTO or constants.UPDATE_MODE_SMART
    :return: patch_level string
    NzUnable to send data: {0}rz9Unknown policy, choose one of: REMOTE, LOCAL, LOCAL_FIRST)rr�r�rr.ZPOLICY_LOCAL_FIRSTr�rhr	rurEr�ZPOLICY_LOCALr�r)	r�r-r�r�Zcached_levelZconsider_remote_exZremote_levelr�r�r5r5r6r�2s&$


r�cCs�|dkrdS|dkrdn|t_ttdd�tj�r�tjtjd�tjdkrntj�rntjpXt	}t
dddj|�f�tj
d
j|��ntdj|���dS)N�edfrrEZprobe)r�)rr\r��fs.enforce_symlinksifowner�fs.symlinkown_gidzfs.enforce_symlinksifowner=1zfs.symlinkown_gid={0}z'{0}' patch type selectedz/'{0}' patch type is unavailable for your kernel)r\r�)r�r�)rrrr�r�
update_configrZ	is_cpanelZ	FORCE_GID�
CPANEL_GIDrNr�r	r�r)r<Zgidr5r5r6�update_patch_typeWs
r�c	$Csntj�ttj�|tjkr"t�ytd||d�}WnRt	k
r�}z6|tj
tjfkrttjrtt
|�}tjj|�dS�WYdd}~XnXtj�}t|�}|j�t||d�s�tjd�dSy(tjtjddd�tjtjdd	d�Wn"tk
�rtjjd
�YnXtj�}|tj
k�s"tj�rVt��(|j|�t |||||tjkd�WdQRXtj!|�t"||�dS)ax
    :param mode: constants.UPDATE_MODE_MANUAL, constants.UPDATE_MODE_AUTO or constants.UPDATE_MODE_SMART
    :param policy: REMOTE -- download latest and patches from patchserver,
                   LOCAL -- use cached files,
                   LOCAL_FIRST -- download latest and patches if cached level is None, use cache in other cases
    :param freezer: freezer mode
    r0)r�r-r�N)r>r?z%No updates are needed for this kernelr�zkcore*.dump)Zkeep_nZpatternz	kmsg*.logz#Error during crash reporter cleanup)r�)#rZlog_all_parent_processesr^rrrr.r�r�r��UPDATE_MODE_AUTO�UPDATE_MODE_SMARTr�r^r	rurErr�r
rr@r�r
r�rfrhrvr�r�r�rr�Zdump_kernel_patch_levelr�)	r�r�r-r�r�r r�r�r�r5r5r6�	do_updatems<



"
r�cCs�tttj�ttjptj�ttjp$tj�f�}|dkr<td��tjrHtjS|t	j
krltjp\tj}tjphtj}ntj}tj}|r�|S|r�d|SdS)Nrz�Invalid configuration: conflicting settings STICKY_PATCH, [AUTO_]UPDATE_DELAY or [AUTO_]STICKY_PATCHSET. There should be only one of themzrelease-)r(�boolrr�ZUPDATE_DELAYZAUTO_UPDATE_DELAYZSTICKY_PATCHSETZAUTO_STICKY_PATCHSETrr�UPDATE_MODE_MANUAL)r�r�r�Zpatchsetr5r5r6�
get_sticky�s$
r�cCs|d|S)Nr8r5)r�r�r5r5r6�	_stickyfy�sr�cCst|�}|s|S|dkr"t||�Stj�}|sDtjjd�tjd�yt	j
tjdj
|��}Wn:tk
r�}ztj||j�tjd�WYdd}~XnXtjtj|j���}t|d�}|dkr�t|d	|�S|d
kr�|S|dk�r�tjjd�tjd�tjjd
|d�tjd�dS)z�
    Used to add sticky prefix to satisfy KCARE-953
    :param file: name of the file to stickify
    :return: stickified file.
    �KEYzHPatch set to STICKY_PATCH=KEY, but server is not registered with the keyr�z!/sticky_patch.plain?server_id={0}r�Nr�rr�rrlzEServer ID is not recognized. Please check if the server is registeredzError: r�r�r�r�r9r�)r�r�rr�r	rur�rMr#r
r�rr�r�rr�rir
r�rer}r|)�filer��sr�r�r�r�r�r5r5r6r��s2



r�c
Cs�g}|sdS|jd�}|d}|dd�}|jd�}||krLtdt|���|s`|j�|j�kS|dkrt|jd�n>|jd	�s�|jd	�r�|jtj|��n|jtj|�j	d
d��x|D]}|jtj|��q�Wtj
dd
j|�dtj�}	|	j
|�S)zhMatching according to RFC 6125, section 6.4.3

    http://tools.ietf.org/html/rfc6125#section-6.4.3
    Fr8rrN�*z,too many wildcards in certificate DNS name: z[^.]+zxn--z\*z[^.]*z\Az\.z\Z)r:r�r��repr�lowerr/r��re�escape�replace�compiler;Z
IGNORECASErP)
Zdn�hostnameZ
max_wildcardsZpats�piecesZleftmostZ	remainderZ	wildcardsZfragZpatr5r5r6�_dnsname_match�s(


r�c	Cs
g}xBt|j��D]2}|j|�}|j�dkrdd�t|�jd�D�}qW|sTtd��g}x0|D](\}}|dkr^t||�r|dS|j|�q^W|s�|j	�j
}t||�r�dS|j|�t|�dkr�tdj
|d	jtt|�����n,t|�dk�r�td
j
||d���ntd��dS)
NZsubjectAltNamecSsg|]}|j�jdd��qS)r_r)r�r:)r��itr5r5r6r�+sz"match_hostname.<locals>.<listcomp>�,ztempty or no certificate, match_hostname needs a SSL socket or SSL context with either CERT_OPTIONAL or CERT_REQUIREDZDNSrz(hostname {0} doesn't match either of {1}z, zhostname {0} doesn't match {1}rz=no appropriate commonName or subjectAltName fields were found)�rangeZget_extension_countZ
get_extensionZget_short_namer^r:r�r�r/Zget_subjectZ
commonNamer&r�r�r;�mapr�)	Zcertr�Zsanr�r�Zdnsnamesr�r_Zcnr5r5r6r�&s0




r�cCs$
tddd�}|jdddd�|jdd	d
dd�|jdddd�|jd
dddd�|jdddd�|jdddd�|jdddd�|jdddd�|jdddd�|jdddd�|jdd dd�|jd!d"dd�|jd#d$dd�|jd%d&dd�|jd'd(d)d�|jd*d+dd�|jd,d-dd�|jd.d/dd�|jd0d1dd�|jd2d3dd�|jd4d5d6d�|jd7d8d9d�|jd:d;dd�|jd<d=d)d�|jd>d?dd�|jd@dAdd�|jdBdCdd�|jdDdEdd�|jdFdGdd�|jdHdIdd�|jdJdKdd�|jdLdMdd�|jdNdOdPtddQdR�|jdSdTdd�|jdUdVdd�|j�}|jdWdXdPd�|jdYdZdd�|jd[d\dd�|jd]d^dPddQd_�|jd`dadbddQdc�|jdddedf�|jdgdhdd�|jdidjdkdldm�tj�s�|jdndodpdqdQdr�|jdsdtdpdqdudr�|jdvdwdd�|jdxdydzdd�|jd{ddd�|jd|d}d~dd�|jdd�d�dd�|jd�d�d�d�d�|jd�d�d�dd�d��|jd�d�dd�|jd�d�dd�|j�}tjjt	j
��tj�s�tjd�g7_|jdk	�rt
td|jjd����jtj��rd�Sd�S|j�s|j�r2tj�r(tjt_ntjt_n|j�rBtjt_|j�sjtj�d�k�rjtd�tjd��d�St j!}|j�r�t j"}n|j�r�t j#}t$j%|�|j&�r�t'j(�|j)�r�|j)d�k�r�t*|j)�t_+t	j,tj+d��ndt_+t	j,dd��|j-dk	�rt	j,|j-d��|j-t_.|j/�rdQt_0|j1�r(dQt_2|j3�r6dut_4|j5�rDt5�|j6�rZt7j8d�t9�n8|j:�r�tj;d�k�r�tj<d�k�r~dntj<�p�d�|_=du|_|j>�r�|j>t_?|j@�r�t7j8d�t9�d�t_?tj?jAd��t_?tj?�r�tj?tBk�r�t$jCjDd�jEtj?d�jFtB���|jG�rdut_Hd�|jGt_I|j=�r&tJ|j=�tj;d�k�rTtK�t_;t7j8d�jEtj;�pLd��t9�|jL�rrttMjL|jNd���dStOtj;�|jP�r�tQ�dS|jR�r�|jN�r�tRd�d��ntR�dS|jS�r�t	j,d�d��dS|jT�r�t	j,d�d��dS|jU�r�t	jV|jU�dS|jW�rtX|jW�S|jY�rtZjY�|j[�rNtj;d�k�r>t	j,d�d��tZj[|j[|j\�S|j]�rltZj]�d�k�rhd�Sd�S|j^dk	�r�t_|j^�S|j`�r�ttja�tb|dpd�dk	�r�tcjd|je�d�Stj�s�|jf�r�tcjg�S|jh�r�tcji�dk	�r�t$jjd��|jk�rtcjitjld��n|jm�r tcjn�t$jjd��|jo�r4ttcjp��|jq�rHttcjr��|js�rjtcjt��rjttcju|js��|jvdk	�r�|jvdk�r�tjw�p�txtcjyjz��}nd�d��|jvjd��D�}tcjit{|�d��dk	�r�t$jjd��|j|�r�tcjitjldd��|j}�	rtt~|jNd���d}|j�	rt7j8d�t9�d�}|j��	r*|j�}|j��	rDt�|tj�tj�d��|j�	rdt�|tj�d��t$jjd��|j�	rxtt�j���|j��	r�t�||j�d��t$jjd��|j�	r�dQt_�t�j�t�j�d�d���t�|tjld��|j��	r�t�|jNd��|j��	r�t��S|j��	r�t�|jNd��|j��
r
t��t�tj��d�k�
r t��dS)�NZkcarectlz)Manage KernelCare patches for your kernel)Zprogr�z--debugrEZ
store_true)�helpr�z-iz--infoz]Display information about KernelCare. Use with --json parameter to get result in JSON format.z
--app-infozcDisplay information about KernelCare agent. Use with --json parameter to get result in JSON format.z-uz--updatez<Download latest patches and apply them to the current kernelz--unloadzUnload patchesz--smart-updatez,Patch kernel based on UPDATE POLICY settingsz
--auto-updatez-Check if update is available, if so -- updatez--localzNUpdate from a server local directory; accepts a path where patches are located�PATH)r��metavarz--patch-infoz"Return the list of applied patchesz	--freezerz)Freezer type: full (default), smart, noner�z
--nofreezez/[deprecated] Don't freeze tasks before patchingz--unamezReturn safe kernel versionz--license-infozReturn current license infoz--statuszReturn status of updatesz
--registerzRegister using KernelCare Keyr�z--register-autoretryz=Retry registering indefinitely if failed on the first attemptz--unregisterz7Unregister from KernelCare (for key-based servers only)z--checkzCheck if new update availablez--latest-patch-infoziReturn patch info for the latest available patch. Use with --json parameter to get result in JSON format.z--testz&[deprecated] Use --prefix=test insteadz--tagz7Tag server with custom metadata, for ePortal users onlyZTAGz--prefixzpPatch source prefix used to test different builds by downloading builds from different locations based on prefixr�z
--nosignaturezDo not check signaturez--set-monitoring-keyzPSet monitoring key for IP based licenses. 16 to 32 characters, alphanumeric onlyz--doctorz@Submits a vitals report to CloudLinux for analysis and bug-fixesz--enable-auto-updatezEnable auto updatesz--disable-auto-updatezDisable auto updatesz
--plugin-infozProvides the information shown in control panel plugins for KernelCare. Use with --json parameter to get result in JSON format.z--jsonzoReturn '--plugin-info', '--latest-patch-info', '--patch-info', '--app-info' and '--info' results in JSON formatz	--versionz(Return the current version of KernelCarez--kpatch-debugzEnable the debug modez--no-check-certz2Disable the patch server SSL certificates checkingz--set-patch-levelzBSet patch level to be applied. To select latest patch level set -1ZstoreF)r�r�rXr�requiredz--check-compatibilityzCheck compatibility.z
--clear-cachezClear all cached filesz--set-patch-typez@Set patch type feed. To select default feed use 'default' optionz
--edf-enabledz"Enable exploit detection frameworkz--edf-disabledz#Disable exploit detection frameworkz--set-sticky-patchzjSet patch to stick to date in DDMMYY format, or retrieve it from KEY if set to KEY. Leave empty to unstick)r�r�rr�z-qz--quietz=Suppress messages, provide only errors and warnings to stderr)r�r�r�z--has-flagszCheck agent features)r�z--forcez-Force action and ignore several restristions.z--set-configzChange configuration optionr/z	KEY=VALUE)r�r�r�z--disable-libcarezDisable libcare services�enable_libcareZstore_const)r�Zdestr��constz--enable-libcarezEnable libcare servicesTz--lib-updatezIDownload latest patches and apply them to the current userspace librariesz--lib-unloadz--userspace-unloadzUnload userspace patchesz--lib-auto-updatez
--lib-infoz--userspace-infoz&Display information about KernelCare+.z--lib-patch-infoz--userspace-patch-infoz,Return the list of applied userspace patchesz
--lib-versionz--userspace-versionzReturn safe package versionZPACKAGENAMEz--userspace-update�USERSPACE_PATCHESr�zODownload latest patches and apply them to the corresponding userspace processes)r�Znargsr�r�z--userspace-auto-updatez--userspace-statusz"Return status of userspace updateszlibcare-enabledr�rrzPlease run as root)r�)r�)r�zTFlag --edf-enabled has been deprecated and will be not available in future releases.r�rzMFlag --test has been deprecated and will be not available in future releases.r#�/z(Prefix `{0}` is not in expected one {1}.ruzfile:z+edf patches are deprecated. Fallback to {0})r1rc)r�ZYES)r�ZNOr\r�)rzUserspace patches are applied.)r�zUserspace patches are unloaded.cSsg|]}|j�j��qSr5)r�r�)r�Zptchr5r5r6r�~szmain.<locals>.<listcomp>)�limit)r�r�zQFlag --nofreeze has been deprecated and will be not available in future releases.r�)r�r-zKernel is safe)r�z=KernelCare protection disabled. Your kernel might not be safe�<)�rZadd_argumentr|Zadd_mutually_exclusive_grouprZLIBCARE_DISABLEDZ
parse_args�__dict__r0rZget_config_settingsZFLAGSZ	has_flagsr)�filterr:�issubset�quietZauto_updateZSILENCE_ERRORSrZPRINT_CRITICALZPRINT_LEVELZPRINT_ERRORrZPRINT_DEBUGrwr*�getuidr�rMrx�loggingZINFOZWARNING�DEBUGr	Zinitialize_loggingr�r
Zclear_all_cacheZset_patch_levelr^r�r�Zset_sticky_patchr�ZnosignaturerZ
no_check_certr�rdrerZZedf_enabled�warnings�warn�DeprecationWarningZedf_disabledrZPREV_PATCH_TYPEZset_patch_typer�r�r#r��EXPECTED_PREFIXrurEr�r;Zlocalrbr�r�r�Zapp_inforrcrDZdoctorr�r�Zenable_auto_updateZdisable_auto_updateZ
set_configZupdate_config_from_argsZset_monitoring_keyr�Z
unregisterr�registerZregister_autoretryr�r�r�r�r[r]rZset_libcare_statusr�Zuserspace_statusZget_userspace_update_statusZ
lib_updateZdo_userspace_updater�Zlib_auto_updater�Z
lib_unloadZlibcare_unloadZlib_infor*Zlib_patch_infoZlibcare_patch_infoZlib_versionZlibcare_server_startedZlibcare_versionZuserspace_updater��listZ
USERSPACE_MAP�keys�sortedZuserspace_auto_updater�r)Znofreezer�Zsmart_updater�r�Z
UPDATE_POLICYr�rr�r�r�r�ZCHECK_CLN_LICENSE_STATUSrsrt�randomZuniformr2Zstatusr�Zlatest_patch_infor5Zcheckr$r&�argvr,)ZparserZexclusive_groupr�r�r�r�r5r5r6�mainOs 












r�)r r!r"r#)r$)N)N)F)F)N)rEF)rEF)r)�Z
__future__rrfrcr�r*r�r�r�rpr�ZsslrMr�rsrLr�Zargparserr�
contextlibrrErrr	r
rrr
rrrrrrrrrZpy23rrrrrrrrr�r�r�r-r�r�rBr�r�ZDOTALLrrOr+r��insert�filterwarningsr�ruZsetLevelr�r7r>rDrarjrzr�r�r�r�r�r�r�r�r�r�rr�r�r�r�r�r�r�r�r�r]Zdistutils.versionZ	distutilsZOpenSSL.SSLr�r�Z
StrictVersionZ__version__�ImportErrorr�ZHTTPSConnectionZPureHTTPSConnection�objectr�r�r�r�rr	r
r$r,r5r'r7r2r=r@rGrNrRrSrVrYrZr^rcrgr�rjrtrsrzr|r}r�r�r�r�r�r�r�r)r�r!r�r�r�r�r.r�r�r�r�r�r�r�r�r�r5r5r5r6�<module>s

	
&	


4
 	a	#
 
		




?


,2
%7,
3)

Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists