wo4h=MPddlZddlZddlZddlZddlZddlZddlZddlZddlZddl m Z ddlm Z ddl m Z ddlmZddlmZddlmZddlmZdd lmZdd lmZmZmZmZmZdd lmZdd lm Z dd l!m"Z"m#Z#ddl$m%Z%m&Z&ddl'm(Z(m)Z)dZ*dZ+eddZ,e dxZ-.s*e dxZ-.s e dZ-e&e%ej/ej0Z1Gdde2Z3GddZ4dZ5de6de7fdZ8dS) N)suppress)JSONDecodeError)Path)TimeoutExpired)Optional)OperationalError)is_cpanel_installed)sentry)ANTIVIRUS_MODECore CustomBillingint_from_envvarlogger) HookEvent)g)retry_on timed_cache)HOUR rate_limit) IPEchoAPIAPIError IMUNIFYAVi&IMUNIFY360_CACHE_LICENSE_TOKEN_TIMEOUTiXz/opt/alt/openssl11/bin/opensslz/opt/alt/openssl/bin/opensslz/usr/bin/openssl)periodon_dropceZdZdZdS) LicenseErrorz9Used to communicate that some function requires a licenseN)__name__ __module__ __qualname____doc__V/opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/contracts/license.pyrr8sCCCCr#rceZdZdZdZeedZdZdZdZdZ dZ d Z d Z d Z gd ZiZd ZeeeddedededeeeeeffdZed2dedefdZedeeeefdeeeeffdZedZee e!j"e#dde$fdZ%edeefdZ&edZ'ed Z(ed!Z)ed3d"Z*ed3d#efd$Z+ed%Z,ed&Z-ed'Z.ed(Z/ed)Z0ed*Z1edefd+Z2edefd,Z3edefd-Z4edefd.Z5edefd/Z6ed0Z7edefd1Z8d S)4 LicenseCLN)idstatusgrouplimittoken_created_utctoken_expire_utc)r'r(r*r+r,group_id permissions)z!/usr/share/imunify360/cln-pub.key)z)/usr/share/imunify360/alt-license-pub.keyz/var/imunify360/license.jsonz!/var/imunify360/license-free.jsonz9https://cln.cloudlinux.com/console/purchase/ImunifyAvPlusz8https://www.cloudlinux.com/upgrade-imunify-{user_count}/z6../../../scripts14/purchase_imunifyavplus_init_IMUNIFYz3../../../scripts14/purchase_imunify360_init_IMUNIFY)r/Nr0) max_tries pubkey_pathcontent signaturereturnc $g}d}tjd5}|||tddd|d|jg} t j|t jt j|d }|j d krd}nb| d |j d |j d |j n4#t$r'}| d|jYd}~nd}~wwxYwdddn #1swxYwY||pdfS)zVerify that `content` is correctly signed with public key from file `pubkey_path` with resulting `signature`. Returns a tuple with (success, error_list). FT)deletedgstz-sha512z-verifyz -signaturer/)stdoutstderrinputtimeoutrz1Signature verification failed - openssl returned z . stdout: z , stderr: z openssl command failed: missing N)tempfileNamedTemporaryFilewriteflush OPENSSL_BINname subprocessrunPIPE returncodeappendr;r<FileNotFoundErrorfilename) r4r5r6errorsresultsig_filecmdpes r$_verify_signaturezLicenseCLN._verify_signaturens  ( 5 5 5  NN9 % % % NN    C N%?%?! <1$$!FFMMB,-LBB#$8BB78xBB % O O O MMMNNNNNNNN O)               @v~%%s;=D-Cz2LicenseCLN._get_signature_input..sH,FH"..H..r#null)VERIFY_FIELDS_MAP isinstancedictrIjoinitemsstrencode)clslicenserSpartskeyvalues r$_get_signature_inputzLicenseCLN._get_signature_inputs(1 ) )CCLE%&& ) GG05   V$$$$ SZZ((((wwu~~$$&&&r#signature_listcF g fd}|D]y\}}tj|} ||}n#t$rY>wxYw|j||r|dfcSjD]}||||r|dfccSz D]} t jd| dS)zc Verify signatures in license :return: signature, is_alternative, version cVj|i|\}}|r||SN)rRextend)argskwargssuccessrL all_errorsrds r$verify_and_collect_errorsz=LicenseCLN._find_signature..verify_and_collect_errorss?3c3TDVDDOGV *!!&)))Nr#)rSFTz%sNF)base64 b64decoderiKeyError _PUBKEY_FILE_ALTERNATIVE_PUBKEY_FILESrwarning) rd license_tokenrjrssignrSr6r5 alt_pubkeyerrorrrs ` @r$_find_signaturezLicenseCLN._find_signatures6!#        , & &MD'(..I 22!73    )()97INN #U{"""!; & & ,,Z)LL&:%%%%%& &  ( (E N4 ' ' ' '{s? A  A c ,i} t|5}tj|}t|ts%t jd||cdddS||d|dgD\}}|dx}rC|||dfg\}} |%td| dd|td |cdddS||d <||d <|cdddS#1swxYwYn^#t$rt j d Yn>tttt f$r} t jd | Yd} ~ nd} ~ wwxYw|S)z Load license token from file and verify signature If signature verification successful, put first valid signature to 'sign' field of license token :return: license token z2Failed to load license. Expected JSON object, got Ncg|]}|dfSr/r")rXr|s r$ z*LicenseCLN._load_token..s, q r# signatures signature_v2r0z%Failed to verify license signature v2r.z"Failed to verify license signaturer|is_alternativez'Failed to load license: not registered?zFailed to load license: %s)openjsonloadr^r_rr~rgetthrottled_log_errorpoprJinfoOSErrorrrwUnicodeDecodeError) rdpathdefaultfr{r6rr|_sign_rQs r$ _load_tokenzLicenseCLN._load_tokensv' :d %q $ ! !-66#LL(=+# % % % % % % % %-0,?,?!$1$5$5lB$G$G--) >),,^<<<4?"22=D!9+NNHE1}+C&))->>>$'(LMMM"7 % % % % % % % %:)2 f%2@ ./$? % % % % % % % % % % % % % % % % %B! C C C KA B B B B B(4FG : : : L5q 9 9 9 9 9 9 9 9 :sZD6AD* D6"B#D* D6 D* D6*D..D61D.2D66FF2F  F)seconds)maxsizeci}tr|j|jgn|jg}|D]}||}|r|cS|S)z Get available license. In Antivirus mode, if main license is unavailable, return free license :return: license token )r _LICENSE_FILE_FREE_LICENSE_FILEr)rd lic_token license_fileslfs r$ get_tokenzLicenseCLN.get_token sr  %S  6 7 7#$    ! !B++I !     !r#cP|dS)z$ :return: server id r'rrrds r$ get_server_idzLicenseCLN.get_server_id!s }}""4(((r#cDt|S)z1 :return: bool: if we have token )boolrrs r$ is_registeredzLicenseCLN.is_registered(s CMMOO$$$r#cbto(|o| S)ze :return: Return true only if we have valid ImunifyAV+ or Imunify360 license )r is_validis_freers r$is_valid_av_pluszLicenseCLN.is_valid_av_plus/s' H#,,..H#++--6GHr#cNtsdS|tkSrt)r r AV_DEFAULT_IDrs r$rzLicenseCLN.is_free7s& 5  ""m33r#cR|p|}|sdStrF|dddo|dt jkS|ddvo6|dt jko|jdup|j|dkS) zLicense check based on license token return True - if license token is valid for this server return False - if license token is invalid Fr(rUokr,rok-trialNr*)rr r startswithtime users_countrdtokens r$rzLicenseCLN.is_valid=s( 5   (B''22488=,-<  (O1 1 O()TY[[8 OD(MCOuW~,M r# permissionc|p|}|sdS||dgx}vo ||dkS)zLicense check for a specific permission based on a license token return True - if license token has a given permission for this server return False - if license token does not have permission Fr.ENABLEDr)rdrrperms r$has_permissionzLicenseCLN.has_permissionTsW( 5 599]B#?#??4 @ .Z I- r#c:|}|jdz}tjtjztjz}d}t t5tj|dddn #1swxYwYtj tj |||d5}tj ||dddn #1swxYwYtj|ddtj||j|jt#j|t#j| |||dS#t.$rYdSwxYw)zb Write new license token to file :param token: new token :return: z.tmpiNwroot_imunify)userr))rrosO_WRONLYO_CREATO_EXCLrrJunlinkfdopenrrdumpshutilchownrename cache_clearr set_server_idrset_product_nameget_product_name renew_hookr)rdr old_token temp_fileflagsmoders r$updatezLicenseCLN.updatedsMMOO %.  bj(294 ' ( ( ! ! Ii  ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Yrwy%66 < <  IeQ                    YV:>>>> )S./// !!###S..00111 4 4 6 6777  NN9e , , , , ,    DD s6A<<BB0CCC4F FFcgd}d}|}tfd|D}|r=tj||}ddlm}tj||ddSdS) N)license_expire_utcr(r*r'rchg|].}||k/Sr"r)rXelemrrs r$rz)LicenseCLN.renew_hook..s4 O O OUYYt__ d 3 3 3 O O Or#)exp_timerer) execute_hooksT)return_exceptions) rfill_license_typeanyrLicenseReneweddefence360agent.hooks.executerasynciogather) rdrrimportant_keysr license_type conditionlicense_updatedrs `` r$rzLicenseCLN.renew_hooksHHH99122,,U33  O O O O O O O O    '6!<O D C C C C C N o..$         r#c6tt5tj|jdddn #1swxYwY|jtjdtj | dS)zY Delete license token along with old-style license data :return: N) rrJrrrrrr rrrrs r$r9zLicenseCLN.deletes ' ( ( ) ) Ic' ( ( ( ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) !!###T""" 4 4 6 677777s ;??cd|d}ddddd}||S)Nr( imunify360imunify360Trial imunifyAV imunifyAVPlus)rrok-avok-avpr)rdrrlicense_type_to_products r$rzLicenseCLN.fill_license_typesByy** ) % # #  '**<888r#c|}|dddrdSdS)Nr'rUzip-TF)rrlowerrrs r$is_ip_license_typezLicenseCLN.is_ip_license_typesI  99T2   $ $ & & 1 1% 8 8 4ur#c |}|ddv}|dd}trtjrtjsd}tr|r|sd}|ro||dd|d|d|j|||d }ndd i}d|d <d|d <trd g}|dr|D]}||dvrd|d<tj otjdup tj du|d<tjp|d p|j |d <tj p t|d <n|d d|d<| rd|d<|S)Nr(rmessagezYou've got a license for the advanced security product Imunify360. Please, uninstall ImunifyAV and replace it with the Imunify360 providing comprehensive security for your server. Here are the steps for upgrade: https://docs.imunify360.com/installation/rrr*r')r( expiration user_limitr' user_countrrF upgrade_urlupgrade_url_360z user limits ip_license redirect_urlTdemo)rrr r UPGRADE_URL NOTIFICATIONSrrr IP_LICENSEUPGRADE_URL_360AV_PLUS_BUY_URLupgrade_url_defaultis_demo)rdrkey_360rrignored_messagesmsgs r$ license_infozLicenseCLN.license_infos ))H%%);;))It,,  ) "/  G  g g <   %,,..#ii( ? ? ?  % 5 B-1AA  r#c||o(|o| Srm)rrr rs r$is_eligible_for_imunify_patchz(LicenseCLN.is_eligible_for_imunify_patchs; JJLL 8  855777 r#cts tjS|dd}|dkrdS|dvrdSt jd|dS) Nr(rUrz imunify.av)rrrz imunify.av+zUnknown license %szUnknown license)r r NAMErrrr~)rdlicense_statuss r$rzLicenseCLN.get_product_namesi 9 ,,Xr:: W $ $< ; ; ; = L-~ > > >$$r#c@tjdS)Nz/var/imunify360/demo)rrisfilers r$rzLicenseCLN.is_demosw~~4555r#ch|}|ddtkS)Nr*r)rrUNLIMITED_USERS_COUNTrs r$ is_unlimitedzLicenseCLN.is_unlimited"s) yy!$$(===r#c|j|jdS|jD]*}|j|kr|j|cS+|jdS)Nr/)r unlimited)rIM360_BUY_URL_TEMPLATEformatVERSION_THRESHOLDS)rd thresholds r$get_im360_buy_urlzLicenseCLN.get_im360_buy_url's ? "-444BB B/ O OI)++188I8NNNNN,)00K0HHHr#rrm)9rrr VERIFY_FIELDS_V1VERIFY_FIELDS_V2r]rxryrrrrr r r_tokenr staticmethodrrrbbytestuplerrlistrR classmethodintrirrrdatetime timedelta_CACHE_LICENSE_TOKEN_TIMEOUTr_rrrrrrrrrr9rrrrr rrrrrr"r#r$r&r&<st   7L!3M<C C A >& FK Xn***)&)&#()&5:)& tXd3i(( ))&)&)&+*\)&V''C''''['"%,0sCx,A% x}d" #%%%[%N22[2h[#?@@@!$[&)hsm)))[) %%[% II[I44[4    [ ,       [  [8[$ 8 8[ 899[9[ ??[?BDtDDD[D  d    [   d   [  % % % %[ %6666[6>>[>I#III[IIIr#r&ctj}tjdd}t rtt jtjkrZt|s tj Sd} tj }n#t$rd}YnwxYw|dkrd|}nd|}||zSt d|zd|t|zzS) NiaidrUz???uuG  sAA98A9)9rrur(rrrrEr?r contextlibrrpathlibrrtypingrpeeweer3defence360agent.application.determine_hosting_panelr defence360agent.contractsr defence360agent.contracts.configr r r rr%defence360agent.contracts.hook_eventsr&defence360agent.internals.global_scoperdefence360agent.utilsrrdefence360agent.utils.commonrrdefence360agent.utils.ipechorrrrr*rCexistsrzr~r Exceptionrr&rrbrr-r"r#r$rHs    %%%%%%######-,,,,,<;;;;;4444447777777799999999<<<<<<<< " /,g   t<=== EEGG/4 >?? ?K G G I I/d-.. EjjfnEEE L DDDDD9DDDrIrIrIrIrIrIrIrIj***Z  #  $       r#