CasperSecurity

Current Path : /lib/python3/dist-packages/uaclient/__pycache__/
Upload File :
Current File : //lib/python3/dist-packages/uaclient/__pycache__/contract.cpython-310.pyc

o

��JhW��@s�ddlZddlZddlZddlmZddlmZmZmZm	Z	m
Z
ddlmm
ZddlmZmZmZmZmZmZmZmZmZddlmZddlmZddlmZddlm Z dd	l!m"Z"m#Z#dd
l$m%Z%ddl&m'Z'dZ(d
Z)d
Z*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3ddddd�Z4e�5�Z6e�7e�8e9��Z:edddg�Z;Gdd�dej<�Z=Gdd �d e%j>�Z?d!e@fd"d#�ZA	$dKd%ed&eeBefd'eeBefd(eCd)eCd*dfd+d,�ZD	-	$dLd%ed.eeBefd/eeBefd(eCd)eCd*e
eeCffd0d1�ZEd2ejFd*ejGfd3d4�ZHd%efd5d6�ZId%ed*eefd7d8�ZJd%ed9eBd*eeBeffd:d;�ZKd<eeBeBfd=eeBeBfd*eLfd>d?�ZM	dMd@eeBefdAeBdBeBde	eBd*eeLeeBefff
dCdD�ZN		dNd.eeBefdEe	eBde	eBd*dfdFdG�ZOd%edHeeBefd*ee;fdIdJ�ZPdS)O�N)�
namedtuple)�Any�Dict�List�Optional�Tuple)	�
data_types�event_logger�
exceptions�http�messages�secret_manager�system�util�version)�_enabled_services)�_is_attached)�UAConfig)�ATTACH_FAIL_DATE_FORMAT)�attachment_data_file�machine_id_file)�
serviceclient)�get_user_or_root_log_file_pathz/v1/context/machines/tokenz3/v1/contracts/{contract}/context/machines/{machine}z
/v1/resourcesz3/v1/resources/{resource}/context/machines/{machine}z/v1/clouds/{cloud_type}/tokenz3/v1/contracts/{contract}/machine-activity/{machine}z/v1/contractz/v1/magic-attachz?/v1/contracts/{contract}/context/machines/{machine}/guest-token����)�series_overrides�series�cloud�variant�EnableByDefaultService�namer c@s�eZdZejdejdd�ejdejdd�ejdejdd�ejdejdd�ejdejdd�ejdejdd�ejd	ejdd�ejd
ejdd�ejdejdd�ejdejdd�ejd
ejdd�ejdejdd�ejdejdd�ejdejdd�gZ														ddeedeedeedeedeedeed	eed
eedeedeed
eedeedeedeefdd�Z	dS)�CPUTypeData�cpuinfo_cpuF)�required�cpuinfo_cpu_architecture�cpuinfo_cpu_family�cpuinfo_cpu_implementer�cpuinfo_cpu_part�cpuinfo_cpu_revision�cpuinfo_cpu_variant�
cpuinfo_model�cpuinfo_model_name�cpuinfo_stepping�cpuinfo_vendor_id�"sys_firmware_devicetree_base_model�
sysinfo_model�sysinfo_typeNcCsX||_||_||_||_||_||_||_||_|	|_|
|_	||_
||_|
|_||_
dS�N�r$r&r'r(r)r*r+r,r-r.r/r0r1r2)�selfr$r&r'r(r)r*r+r,r-r.r/r0r1r2�r6�3/usr/lib/python3/dist-packages/uaclient/contract.py�__init__zs�
zCPUTypeData.__init__)NNNNNNNNNNNNNN)
�__name__�
__module__�__qualname__r�Field�StringDataValue�fieldsr�strr8r6r6r6r7r#Fs����������������5��������	�
���
���r#cs�eZdZdZ	d+deeddf�fdd�
Zeje	j
gd�d�	d+d	d
��Zdee
effdd�Zd
e
dee
effdd�Zeje	j
gd�d�de
dee
effdd��Z	d+de
de
dee
dee
effdd�Zdd�Zde
dee
effdd�Zdee
effdd�Zde
fd d!�Z	d+de
d"e
dee
dee
effd#d$�Z	d+de
d"e
dee
defd%d&�Zde
d"e
de
defd'd(�Zd)d*�Z�ZS),�UAContractClient�contract_urlN�cfg�returncst�j|d�t��|_dS)N�rB)�superr8�mtf�get_machine_token_file�machine_token_file)r5rB��	__class__r6r7r8�szUAContractClient.__init__)rrr)�retry_sleepscCs�|st�|j�}|��}|�dd�|�i�|��}|��|d<||d�}t|�}|j	t
||d�}|jdkr:t�
��|jdkrCt|�|jdkrRtjt
|j|jd	��|j}	tj�|	�d
d��|	�dg�D]}
tj�|
�d
d��qe|	S)a}Requests machine attach to the provided machine_id.

        @param contract_token: Token string providing authentication to
            ContractBearer service endpoint.
        @param machine_id: Optional unique system machine id. When absent,
            contents of /etc/machine-id will be used.

        @return: Dict of the JSON response containing the machine-token.
        �
Authorization�	Bearer {}�lastAttachment��	machineId�activityInfo)�data�headers�i�����url�code�body�machineToken��resourceTokens�token)r�get_machine_idrBrS�update�format�_get_activity_info�	isoformat�_support_old_machine_info�request_url�API_V1_ADD_CONTRACT_MACHINErXr
�AttachInvalidTokenError�_raise_attach_forbidden_message�ContractAPIErrorrY�	json_dictr
�secrets�
add_secret�get)r5�contract_token�
attachment_dt�
machine_idrS�
activity_inforR�backcompat_data�response�
response_jsonr]r6r6r7�add_contract_machine�s8

�


�
�z%UAContractClient.add_contract_machinecCsT|��}|jt|d|d|d|dd�d�}|jdkr'tjt|j|jd��|jS)	z=Requests list of entitlements available to this machine type.�architecturer�kernel�virt�rurrvrw)�query_paramsrUrV)rard�API_V1_AVAILABLE_RESOURCESrXr
rhrYri)r5rprrr6r6r7�available_resources�s ��
	�z$UAContractClient.available_resourcesrmcCsN|��}|�dd�|�i�|jt|d�}|jdkr$tjt|j|jd��|j	S)NrLrM�rSrUrV)
rSr_r`rd�API_V1_GET_CONTRACT_USING_TOKENrXr
rhrYri)r5rmrSrrr6r6r7�get_contract_using_token�s�
�z)UAContractClient.get_contract_using_token�
cloud_typerRcCsz|jtj|d�|d�}|jdkr.|j�dd�}|r$t�|�tj	|d��tj
t|j|jd��|j}tj
�|�dd��|S)	z�Requests contract token for auto-attach images for Pro clouds.

        @param instance: AutoAttachCloudInstance for the cloud.

        @return: Dict of the JSON response containing the contract-token.
        )r)rRrU�messager[)�	error_msgrV�
contractToken)rd�,API_V1_GET_CONTRACT_TOKEN_FOR_CLOUD_INSTANCEr`rXrirl�LOG�debugr
�InvalidProImagerhrYr
rjrk)r5rrRrr�msgrsr6r6r7�%get_contract_token_for_cloud_instance�s*
��

�
�z6UAContractClient.get_contract_token_for_cloud_instance�
machine_token�resourceroc	Cs�|st�|j�}|��}|�dd�|�i�tj||d�}|j||d�}|jdkr3t	j
t|j|jd��|j�d�rA|jd|j
d<|j
}|�dg�D]}tj�|�d	d
��qJ|S)a�Requests machine access context for a given resource

        @param machine_token: The authentication token needed to talk to
            this contract service endpoint.
        @param resource: Entitlement name.
        @param machine_id: Optional unique system machine id. When absent,
            contents of /etc/machine-id will be used.

        @return: Dict of the JSON response containing entitlement accessInfo.
        rLrM)r��machiner|rUrV�expiresr\r]r[)rr^rBrSr_r`�"API_V1_GET_RESOURCE_MACHINE_ACCESSrdrXr
rhrYrlrir
rjrk)	r5r�r�rorSrWrrrsr]r6r6r7�get_resource_machine_accesss(�
�z,UAContractClient.get_resource_machine_accesscCs�|jj}|jj�d�}t�|j�}|��}tj	||d�}|�
�}|�dd�	|�i�|j|||d�}|j
dkrAtj||j
|jd��|jrU|jj}|j|d<|j�|�d	Sd	S)
z�Report current activity token and enabled services.

        This will report to the contracts backend all the current
        enabled services in the system.
        rZ��contractr�rLrM)rSrRrUrVrQN)rH�contract_idr�rlrr^rBra�API_V1_UPDATE_ACTIVITY_TOKENr`rSr_rdrXr
rhrYri�write)r5r�r�ro�request_datarWrSrrr6r6r7�update_activity_token;s*��

�
�z&UAContractClient.update_activity_token�magic_tokencCs�|��}|�dd�|�i�|jt|d�}|jdkrt���|jdkr't���|jdkr6tj	t|j|j
d��|j}gd�}|D]}tj
�|�|d	��q?|S)
z�Request magic attach token info.

        When the magic token is registered, it will contain new fields
        that will allow us to know that the attach process can proceed
        rLrMr|rT�rUrV�r]�userCoder�r[)rSr_r`rd�"API_V1_GET_MAGIC_ATTACH_TOKEN_INFOrXr
�MagicAttachTokenError�MagicAttachUnavailablerhrYrir
rjrkrl)r5r�rSrrrs�
secret_fields�fieldr6r6r7�get_magic_attach_token_infocs(�


�z,UAContractClient.get_magic_attach_token_infocCsx|��}|jt|dd�}|jdkrt���|jdkr$tjt|j|jd��|j}gd�}|D]}t	j
�|�|d��q-|S)z)Create a magic attach token for the user.�POST�rS�methodr�rUrVr�r[)
rSrd�API_V1_NEW_MAGIC_ATTACHrXr
r�rhrYrir
rjrkrl)r5rSrrrsr�r�r6r6r7�new_magic_attach_tokens&�

�z'UAContractClient.new_magic_attach_tokencCs�|��}|�dd�|�i�|jt|dd�}|jdkrt���|jdkr(t���|jdkr1t�	��|jdkr@tj
t|j|jd	��d
S)z)Revoke a magic attach token for the user.rLrM�DELETEr��rTr�rUrVN)rSr_r`rd�API_V1_REVOKE_MAGIC_ATTACHrXr
� MagicAttachTokenAlreadyActivatedr�r�rhrY)r5r�rSrrr6r6r7�revoke_magic_attach_token�s(�



��z*UAContractClient.revoke_magic_attach_tokenr�c	Cs�|st�|j�}|��}|�dd�|�i�tj||d�}|��}|j|d||d|d|d|dd	�d
�}|j	dkrFt
j||j	|jd��|j�
d
�rT|jd
|jd
<|jS)a|Get the updated machine token from the contract server.

        @param machine_token: The machine token needed to talk to
            this contract service endpoint.
        @param contract_id: Unique contract id provided by contract service
        @param machine_id: Optional unique system machine id. When absent,
            contents of /etc/machine-id will be used.
        rLrMr��GETrurrvrwrx)r�rSryrUrVr�)rr^rBrSr_r`�API_V1_GET_CONTRACT_MACHINErardrXr
rhrYrlri)r5r�r�rorSrWrprrr6r6r7�get_contract_machine�s4���

�z%UAContractClient.get_contract_machinec	Cs�|st�|j�}|��}|�dd�|�i�||��d�}t|�}tj||d�}|j	||d|d�}|j
dkr@tj||j
|j
d��|j�d	�rN|jd	|jd	<|jS)
a�Request machine token refresh from contract server.

        @param machine_token: The machine token needed to talk to
            this contract service endpoint.
        @param contract_id: Unique contract id provided by contract service.
        @param machine_id: Optional unique system machine id. When absent,
            contents of /etc/machine-id will be used.

        @return: Dict of the JSON response containing refreshed machine-token
        rLrMrOr�r�)rSr�rRrUrVr�)rr^rBrSr_r`rarc�API_V1_UPDATE_CONTRACT_MACHINErdrXr
rhrYrlri)	r5r�r�rorSrRrqrWrrr6r6r7�update_contract_machine�s*���

�z(UAContractClient.update_contract_machinecCst|��}|�dd�|�i�tj||d�}|j||dd�}|jdkr(tjdd��|jd	kr7tj||j|j	d
��|j
S)a�Request guest token associated with this machine's contract
        @param machine_token: The machine token needed to talk to
            this contract service endpoint.
        @param contract_id: Unique contract id provided by contract service
        @param machine_id: Unique machine id that was registered with the pro
            backend on attach.
        @return: Dict of the JSON response containing the guest token
        rLrMr�r�r�r��get_guest_token)�feature_namerUrV)rSr_r`�API_V1_GET_GUEST_TOKENrdrXr
� FeatureNotSupportedOldTokenErrorrhrYri)r5r�r�rorSrWrrr6r6r7r�s$�
�
�z UAContractClient.get_guest_tokencCs�t��}t��jt��jt��jt��t��t�	�t
��t|j
|j|j|j|j|j|j|j|j|j|j|j|j|jd�jdd�d�}t|j�jrvt|j�j }t!�"�}|j#j$p[t�%|j�|j#j&dd�|D�dd�|D�|rq|j'�(�nd	d
�}ni}i|�|�S)z9Return a dict of activity info data for contract requestsr4F)�	keep_none)�distributionrvrru�desktoprw�
clientVersion�cpu_typecSsg|]}|j�qSr6)r"��.0�servicer6r6r7�
<listcomp>Hsz7UAContractClient._get_activity_info.<locals>.<listcomp>cSsi|]
}|jr|j|j�qSr6)�variant_enabledr"�variant_namer�r6r6r7�
<dictcomp>Is��z7UAContractClient._get_activity_info.<locals>.<dictcomp>N)�
activityID�
activityToken�	resources�resourceVariantsrN))r�get_cpu_info�get_release_infor��get_kernel_info�
uname_releaser�
get_dpkg_arch�
is_desktop�
get_virt_typer�get_versionr#r$r&r'r(r)r*r+r,r-r.r/r0r1r2�to_dictrrB�is_attachedr�enabled_servicesr�readrH�activity_idr^�activity_token�attached_atrb)r5�cpuinfo�machine_infor��attachment_datarpr6r6r7ra#s^���
�����z#UAContractClient._get_activity_infor3)r9r:r;�cfg_url_base_attrrrr8r�retry�socket�timeoutrtrr?rr{r~r�r�r�r�r�r�r�r�r�ra�
__classcell__r6r6rIr7r@�s~����*�
�$����

�&(����

�/����
�(���
�#r@�request_bodyc	CsJ|�di�}|�d�||�d�|�d�|�d�|�d�dt��jd�d	�S)
a?
    Transforms a request_body that has the new activity_info into a body that
    includes both old and new forms of machineInfo/activityInfo

    This is necessary because there may be old ua-airgapped contract
    servers deployed that we need to support.
    This function is used for attach and refresh calls.
    rQrPrur�rvr�Linux)r�rvr�type�release)rPrQru�os)rlrr�r�)r�rpr6r6r7rc]s	��rcTrB�past_entitlements�new_entitlements�allow_enablerrCcCsjddlm}d}g}g}||�D]|}	z||	}
Wn	ty!Yqwg}zt||�|	i�|
||d�\}}WnMtjy[}
zt�|
�d}|�	|	�t�
d|	|
�WYd}
~
qd}
~
wty�}
zt�|
�|�	|
�|�	|	�t�d|	|
�WYd}
~
qd}
~
ww|r�|r�t�
|	�qt�|�t|�dkr�tjd	d
�t||�D�d��|r�tjdd
�|D�d��dS)
a�Iterate over all entitlements in new_entitlement and apply any delta
    found according to past_entitlements.

    :param cfg: UAConfig instance
    :param past_entitlements: dict containing the last valid information
        regarding service entitlements.
    :param new_entitlements: dict containing the current information regarding
        service entitlements.
    :param allow_enable: Boolean set True if allowed to perform the enable
        operation. When False, a message will be logged to inform the user
        about the recommended enabled service.
    :param series_overrides: Boolean set True if series overrides should be
        applied to the new_access dict.
    r)�entitlements_enable_orderF)rB�orig_access�
new_accessr�rTz+Failed to process contract delta for %s: %rNz5Unexpected error processing contract delta for %s: %rcSs*g|]\}}|tjjt|�t�d�f�qS))r��log_path)r�UNEXPECTED_ERRORr`r?r)r�r"�	exceptionr6r6r7r��s����z.process_entitlements_delta.<locals>.<listcomp>)�failed_servicescSsg|]}|tjf�qSr6)r�!E_ATTACH_FAILURE_DEFAULT_SERVICES)r�r"r6r6r7r��s��)�uaclient.entitlementsr��KeyError�process_entitlement_deltarlr
�UbuntuProErrorr�r��append�error�	Exception�event�service_processed�services_failed�len�AttachFailureUnknownError�zip�AttachFailureDefaultServices)rBr�r�r�rr��delta_error�unexpected_errorsr�r"�new_entitlement�deltas�service_enabled�er6r6r7�process_entitlements_deltaxsr�
�

��


���
�
�����r�Fr�r�c
Cs�ddlm}|rt|�t�||�}d}|rh|�di��d�}|s*|�di��d�}|s3tj||d��|�di��di��d	d
�}	z	||||	d�}
Wntjy_}zt	�
d|�|�d
}~ww|
j|||d�}||fS)a,Process a entitlement access dictionary deltas if they exist.

    :param cfg: UAConfig instance
    :param orig_access: Dict with original entitlement access details before
        contract refresh deltas
    :param new_access: Dict with updated entitlement access details after
        contract refresh
    :param allow_enable: Boolean set True if allowed to perform the enable
        operation. When False, a message will be logged to inform the user
        about the recommended enabled service.
    :param series_overrides: Boolean set True if series overrides should be
        applied to the new_access dict.

    :raise UbuntuProError: on failure to process deltas.
    :return: A tuple containing a dict of processed deltas and a
             boolean indicating if the service was fully processed
    r��entitlement_factoryF�entitlementr�)�orig�new�entitlements�obligations�use_selectorr[�rBr"r z3Skipping entitlement deltas for "%s". No such classN�r�)r�r�apply_contract_overridesr�get_dict_deltasrlr
� InvalidContractDeltasServiceType�EntitlementNotFoundErrorr�r��process_contract_deltas)rBr�r�r�rrr��retr"r r�excr6r6r7r��sD�
�
�����r�rrcCs�|j�d�}|rJ|d}|d}|dkr(|d�t�}tj|||d�d�d��|dkr@|d�t�}tj|||d�d�d	��|d
krJtj|d��t���)N�info�
contractId�reasonzno-longer-effective�timez%m-%d-%Y)r��date�contract_expiry_dateznot-effective-yet)r�r�contract_effective_dateznever-effective)r�)	rirl�strftimerr
�AttachForbiddenExpired�AttachForbiddenNotYet�AttachForbiddenNever�AttachExpiredToken)rrrr�rrr6r6r7rgs*��rgc	Cs�t�|�}|��}|j}|d}|ddd}t|d�}|j||d�}|�|�tj�	�|�
di��
dt�|��}t�|�t|||��dd	�d
S)z�Request contract refresh from ua-contracts service.

    :raise UbuntuProError: on failure to update contract or error processing
        contract deltas
    :raise ConnectivityError: On failure during a connection
    rZ�machineTokenInfo�contractInfo�idrD)r�r�rPFrN)
rFrGrr�r@r�r�rr^�cache_clearrlrr�)	rBrH�orig_entitlements�
orig_tokenr�r��contract_client�respror6r6r7�refresh.s*

�


�

�r$cCst|�}|��}|�dg�S)zDQuery available resources from the contract server for this machine.r�)r@r{rl)rB�clientr�r6r6r7�get_available_resourcesOsr&r]cCst|�}|�|�S)z/Query contract information for a specific token)r@r~)rBr]r%r6r6r7�get_contract_informationVs
r'�override_selector�selector_valuescCs<d}|��D]\}}||f|��vrdS|t|7}q|S)Nr)�items�OVERRIDE_SELECTOR_WEIGHTS)r(r)�override_weight�selector�valuer6r6r7�_get_override_weight\sr/r�series_namerc
Cszi}||d�}|r
||d<|�di��|i�}|r||td<t�|�dg��}|D]}t|�d�|�}	|	r:|||	<q*|S)N)rrr rr�	overridesr-)�popr+�copy�deepcopyrlr/)
rr0rr r1r)r�general_overrides�override�weightr6r6r7�_select_overrideshs"

�
��r8rcCs�ddlm}tt|t�d|vg�std�|���|dur!t��j	n|}|�\}}|�
di�}t||||�}t|�
��D]%\}	}
|
�
�D]\}}|d�
|�}
t|
t�rY|
�|�qC||d|<qCq;dS)a�Apply series-specific overrides to an entitlement dict.

    This function mutates orig_access dict by applying any series-overrides to
    the top-level keys under 'entitlement'. The series-overrides are sparse
    and intended to supplement existing top-level dict values. So, sub-keys
    under the top-level directives, obligations and affordance sub-key values
    will be preserved if unspecified in series-overrides.

    To more clearly indicate that orig_access in memory has already had
    the overrides applied, the 'series' key is also removed from the
    orig_access dict.

    :param orig_access: Dict with original entitlement access details
    r)�get_cloud_typerz?Expected entitlement access dict. Missing "entitlement" key: {}N)�uaclient.clouds.identityr9�all�
isinstance�dict�RuntimeErrorr`rr�rrlr8�sortedr*r_)r�rr r9r0r�_�orig_entitlementr1�_weight�overrides_to_apply�keyr.�currentr6r6r7r	�s*��
�
��r	rc	Cs�ddlm}g}|��D]H\}}|�di��dd�}z	||||d�}Wn
tjy-Yqw|�di��di�}|�d�}	|�||	�rT|��\}
}|
rT|�t	||d	��q|S)
Nrr�rrr[rr�
resourceToken)r"r )
r�rr*rlr
r�_should_enable_by_default�
can_enabler�r!)rBrr�enable_by_default_services�ent_name�	ent_valuer �entrrFrHr@r6r6r7�get_enabled_by_default_services�s,�
���rM)T)FTr3)NN)Qr3�loggingr��collectionsr�typingrrrrr�uaclient.files.machine_token�filesr�rF�uaclientrr	r
rrr
rrr�-uaclient.api.u.pro.status.enabled_services.v1r�(uaclient.api.u.pro.status.is_attached.v1r�uaclient.configr�uaclient.defaultsr�uaclient.files.state_filesrr�
uaclient.httpr�uaclient.logrrer�r�rzr�r�r�r}r�r�r�r�r+�get_event_loggerr��	getLogger�replace_top_level_logger_namer9r�r!�
DataObjectr#�UAServiceClientr@r=rcr?�boolr�r��HTTPResponse�NamedMessagergr$r&r'�intr/r8r	rMr6r6r6r7�<module>s�,�������WC ��
�
���
�^��
�
���

�?�
�!
�
�
��
����
��
���
�1�
��
Hacker Blog, Shell İndir, Sql İnjection, XSS Attacks, LFI Attacks, Social Hacking, Exploit Bot, Proxy Tools, Web Shell, PHP Shell, Alfa Shell İndir, Hacking Training Set, DDoS Script, Denial Of Service, Botnet, RFI Attacks, Encryption
Telegram @BIBIL_0DAY