g8XUdZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl m Z ddlmZddlmZddlmZddlmZddlZddlmZdd lmZdd lmZmZdd lm Z dd l!m"Z"dd l#m$Z$ddl%m&Z&ddl'm(Z(m)Z)ddl*m+Z+m,Z,ddl-m.Z.ddl/m0Z0ddl1m2Z2ddl3m4Z4m5Z5m6Z6ddl7m8Z8m9Z9ddl:m;Z;mZ>ddl?m@Z@mAZAmBZBeeCZDedZEeeFeGd<eHhdZIdZJdZKGddZLd ZMd!ZNd"eOd#eeOfd$ZPd%ZQGd&d'ZRGd(d)ZSGd*d+e"ZTd,ZUGd-d.ZVGd/d0ZWGd1d2eWZXGd3d4eVZYGd5d6ZZGd7d8Z[Gd9d:Z\dS);z. Simple unix socket RPC server implementation N)suppress) ContextVar) getLogger)Sequence)Process) inactivity)app)Core SimpleRpc)FeatureManagementError)UnixSocketAuthProtocol) tls_check)run_in_executor) is_root_userrun_coro) LineBufferLineBufferOverflow) hosting_panel)InvalidTokenException)svcctl) ResponseErrorServiceStateError SocketError) EndpointsUserType) is_runningrpc_is_running)ValidationError)ERRORSUCCESSWARNINGrpc_caller_uidcaller_uid_var>jwttokenpasswordct|}|d}t|tr't|}tD] }||vrd||< ||d<|S)Nparamsz***)dictget isinstance_SENSITIVE_PARAM_KEYS)decodedsafer( safe_paramskeys X/opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/simple_rpc/__init__.py_redact_for_logr2<sn ==D XXh  F&$%6ll ( ) )Ck!!#( C $X Kc tj|}n2#t$r%dt |cYSwxYwt |t st|Stt|S)Nz) jsonloads Exceptionformatlenr+r)reprr2)rawr-s r1_safe_log_payloadr<Hs:*S// :::(//C99999: gt $ $G}} (( ) ))s,AAceZdZdZdZdZdZdS)RpcServiceStaterunningstoppedanydirectN)__name__ __module__ __qualname__RUNNINGSTOPPEDANYDIRECTr3r1r>r>Rs*GG C FFFr3r>cK |d{V}tg|dS#t$r5}t|jd}||j|cYd}~Sd}~wt tf$r@}|j^}}tj |g|Rt|t|zgdcYd}~Sd}~wt$r^}tj|t d|t!|tt!|dcYd}~Sd}~wwxYw)N)resultmessagesdatarLrMz-Something went wrong while processing %s (%s))r rr!errorsupdate extra_dataPermissionErrorr argsloggererrorrtupler7 sentry_sdkcapture_exceptionstr)coromethodrLemsgrTs r1_execute_requestr_dsuC."r6BBB-     al### 3 4   V d S 4    uT{{*+         555$Q''' ;VSVV    SVV44444444 5s? D *A D D %5B D  D -ADD D ctj}t|ttfrt |}t jdg}t j|g}t j|g}t||zD]8\}}||vr/||vr+t d|j ||}9|S)NzApplying middleware %s) rroute_to_endpointr+listrWr MIDDLEWAREr*MIDDLEWARE_EXCLUDEreversedrUdebugrC) r\usercbhashablecommonspecificexcludedmwuserss r1_apply_middlewareros  $B&4-((==##D"-->%%h33)--h;;!&8"344  IB Bh$6$6 5r{CCCRVV Ir3 socket_pathreturnctdtjtj5}fd|DcdddS#1swxYwYdS)z9Find inodes corresponding to the unix domain socket path.z/proc/net/unix)encodingrPcLg|] }|v|d!S))split).0linerps r1 z$_find_uds_inodes..s0IIIT[D5H5H R 5H5H5Hr3N)opensysgetfilesystemencodinggetfilesystemencodeerrors)rpfiles` r1_find_uds_inodesrs *,,,..   J IIIITIII JJJJJJJJJJJJJJJJJJsAAAc tj|j}n#ttf$rYdSwxYw|j}d|vod|vS)zcTrue if cls.__init__ accepts the guard kwargs; legacy *_ signatures TypeError when passed limiter=.Flimiter read_timeout)inspect signature__init__ TypeError ValueError parameters) protocol_clssigr(s r1_protocol_supports_guardrs_ 566 z "uu ^F   ;>V#;;s 11c6eZdZdZdZdZedZdS)ConnectionLimiterc0||_d|_d|_dS)NrF)max_connections_countsaturation_logged)selfrs r1rzConnectionLimiter.__init__s. !&r3cJ|j|jkrdS|xjdz c_dS)NFT)rrrs r1acquirezConnectionLimiter.acquires, ;$. . .5 q tr3cN|jdkr|xjdzc_d|_dSdS)NrrF)rrrs r1releasezConnectionLimiter.releases2 ;?? KK1 KK%*D " " " ?r3c|jSN)rrs r1countzConnectionLimiter.counts {r3N)rCrDrErrrpropertyrrJr3r1rrs\'''  +++ Xr3rcFeZdZddddZdZdZdZdZdZd Z d Z dS) ConnectionGuardNrrc||_||_||_||_d|_d|_d|_d|_d|_dSNF) _loop_limiter _read_timeout_name _transport_timeout_handle_slot_acquired _peer_pid _peer_uid)rlooprrnames r1rzConnectionGuard.__init__sH  ) ##r3c"|j^|jsE|jjs7td|j|jjd|j_dS|jdu|_||_| dS)Nz6%s connection limit (%d) reached; rejecting new clientTF) rrrrUwarningrrrr_schedule_timeoutr transports r1 try_admitzConnectionGuard.try_admits = $T]-B-B-D-D $=2 7LJM1 37 /5"m47#    tr3c"||_||_dSr)rr)rpiduids r1 note_peerzConnectionGuard.note_peersr3c.|dSr)rrs r1on_datazConnectionGuard.on_datas      r3c||jr'|j |jd|_d|_dSr)_cancel_timeoutrrrrrs r1on_lostzConnectionGuard.on_lostsM    (4=#< M ! ! # # #"'D r3c|jdS|j|j|j|j|j|_dSr)rrcancelr call_later _on_timeoutrs r1rz!ConnectionGuard._schedule_timeoutsY   % F   +  ' ' ) ) )#z44   0  r3cX|j"|jd|_dSdSr)rrrs r1rzConnectionGuard._cancel_timeouts6   +  ' ' ) ) )#'D  , +r3cd|_|jdStd|j|j|j|j|jdc}|_|| dS)Nz;Closing idle %s connection (pid=%s uid=%s, no data for %ds)) rrrUrrrrrcloserrs r1rzConnectionGuard._on_timeoutsx# ? " F I J N N      &*_d" 4? r3) rCrDrErrrrrrrrrJr3r1rrs(,4        !!!   (((     r3rcPeZdZddddZfdZdefdZdZdZd Z d Z xZ S) _RpcServerProtocolNrc||_||_||_d|_t |_t |||d|_dS)NRPC)rrr)r_sinkrgrr_bufr_guard)rrsinkrgrrs r1rz_RpcServerProtocol.__init__sL   LL % ' 5    r3c|j|s|dS t|ny#t t tjf$rZ}t d||d|_ |j Yd}~dSd}~wwxYw|j |j|jdS)Nz5Rejected RPC connection: SO_PEERCRED unavailable (%s))rrrsuperconnection_madeOSErrorAttributeErrorstructrVrUrrrr_pid_uid)rrexc __class__s r1rz"_RpcServerProtocol.connection_made s{$$Y//  OO    F  GG # #I . . . .6    NNG    OO   "DO K   ! ! ! FFFFF  di33333s!AC 1ACC rNc~tj|}tj||\}}||_|!||dd<d|dvr |g|dd< t |j}n'#t$r}t|g}Yd}~nd}~wwxYw||d<|S)Nr(rgrncalling_process) r5r6r HostingPanel authenticatergrrcmdliner7rZ)rrNr- user_type user_namerr]s r1preprocess_dataz"_RpcServerProtocol.preprocess_datas*T"",9;;HH '   9  (1GH f %'(+++.7[!'* '%di0088::OO ' ' '"1vvhOOOOOO '%4!"s*&B B5B00B5c |jdS|j |j|nx#t $rk}td|j |j ||j d|_|j Yd}~dSd}~wwxYw|jD]} | |}|d}|d}td|t||j}t"|j } |j||||||j|jt"|n#t"|wxYw#t0$rO}td|t4t7|dYd}~Ld}~wt8$r]}tdt=||t4t7|dYd}~d}~wwxYwdS)Nz*Closing RPC connection (pid=%s uid=%s): %scommandr(zData received: command=%szIncorrect token providedrOz)Something went wrong before processing %s)rrrrappenddecoderrUrrrrrrrfrorgr#setr create_task _dispatchrresetr_write_responserrZr7 exceptionr<) rrNr]r^rLr\r(rhr%s r1 data_receivedz _RpcServerProtocol.data_received0s ? " F   I  T[[]] + + + +!    NN<       O ! ! # # #"DO K   ! ! ! FFFFF 9$ L$ LC# L--c22 *) 8&AAA&vty99 '**49550J**"FBBvtz49,M,M #((////N((/////( L L L9:::$$3q66%J%JKKKKKKKK L L L  ?%c** $$3q66%J%JKKKKKKKK  L=$ L$ LsX,A CA CCA4G AF( G(GG JAH J)AJJcRKtjd|5t ||d{V}t d||||ddddS#1swxYwYdS)Nzrpc_{}z Response: method - {}, data - {})rtracktaskr8r_rUinfor)rr\r(r[responses r1rz_RpcServerProtocol._dispatchgs   " "8??6#:#: ; ; + +-dF;;;;;;;;H KK299&(KK      * * *  + + + + + + + + + + + + + + + + + +sABB #B cF|jd|_dSr)rrrrs r1connection_lostz"_RpcServerProtocol.connection_lostps! r3c4|jtddS |jt j|dzdS#t$r%}t|Yd}~dSd}~wwxYw)Nz*Cannot send RPC response: connection lost. ) rrUrwriter5dumpsencoder7r)rrNr]s r1rz"_RpcServerProtocol._write_responsets ? " NNG H H H F $%%tz$'7'7$'>&F&F&H&HIIIII $ $ $  ######### $sAA(( B2BB) rCrDrErrrZrrrrr __classcell__)rs@r1rrs48t     44444"C*5L5L5Ln+++$$$$$$$r3rctj|}tj|dtj|ddS)NT)exist_oki)ospathdirnamemakedirschmod)rpdir_names r1 _check_socket_folder_permissionsrsBw{++HK4((((HXur3cDeZdZejZejZdZe dZ dS) RpcServericKtjtt5t jjdddn #1swxYwYt tj fdjd{V}t j jj |S)NcJtjtjSNr)rUSERConfig READ_TIMEOUTclsrrrsr1z"RpcServer.create..s+&#0 r3) r SOCKET_PATHrFileNotFoundErrorrunlinkrrMAX_CONCURRENT_CONNECTIONScreate_unix_serverr SOCKET_MODE)rrrserverrs``` @r1createzRpcServer.creates(999 ' ( ( ' ' Ico & & & ' ' ' ' ' ' ' ' ' ' ' ' ' ' '#F$EFF..        O          #/222 sAAAN) rCrDrErr rROOTrr classmethodrrJr3r1rrsA$K =DK[r3rcDeZdZejZejZeZ e dZ dS) RpcServerAVc~Kd}j}t||dr|tdd}t |}d}|D]} t jd5}|D]?} || jd|krt| j } n@ dddg dddnX#1swxYwY#t$r } | }Yd} ~ d} ~ wwxYwtdd| zjj |tj| tjtjtjz} t'jr"t+t,jfd } nfd } | | d{V}|S) aLooking for socket in /proc/net/unix and check which descriptor corresponded to it by comparing inode $ ls -l /proc/[pid]/fd lrwx------ 1 root root 64 Apr 11 07:20 4 -> socket:[2866765] $ cat /proc/net/unix Num RefCount Protocol Flags Type St Inode Path ffff880054c0a4c0: 00000002 00000000 00010000 0001 01 2866765 /var/run/defence360agent/simple_rpc.sock # noqa ctt5tj|i|cdddS#1swxYwYdS)zReturn empty path on error.N)rrrreadlink)rTkwargss r1 safe_readlinkz)RpcServerAV.create..safe_readlinks'"" 4 4{D3F33 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 42s 377z/var/runz/varNz /proc/self/fdz socket:[{}]z"[{}] Socket {!r} for {} not found.inodecVjtjSr)PROTOCOL_CLASSrrrrsr1rz$RpcServerAV.create..s0c00#0 1r3c<jSr)rr)rrrsr1rz$RpcServerAV.create..s c00dCHr3)sock)r r startswithr9rrscandirrr8intrrrrsocketfromfdAF_UNIX SOCK_STREAM SOCK_NONBLOCKrrrrr r )rrrr _socket_pathinodes last_errorritfd socket_fdr]_socketfactoryrrs``` @r1rzRpcServerAV.creates    (666  " ": . . 7'F 6L!,//   E Z00 B !!(=11]5I5I!66),BG I!E  !                             4;;6z*COSX   -  N  !5 5   $C$6 7 7 '(IJJGGGG..wW.EEEEEEEE sI"C 6AC: C C C C C C C  C6*C11C6N) rCrDrErrrrr rrrrrJr3r1rrsF =D$K'NCC[CCCr3rc*eZdZejZejZdS)NonRootRpcServerAVN) rCrDrErNON_ROOTrrNON_ROOT_SOCKET_PATHr rJr3r1r1r1s  D-KKKr3r1c.eZdZejZejZdZ dS)NonRootRpcServeriN) rCrDrErr3r rr2rrrJr3r1r5r5s%-K  DKKKr3r5c eZdZdZdZdZdS)_RpcClientImplc tjtjtjtjz|_|j|dS#t ttf$rtwxYwr) r#r%r&r'_sockconnectConnectionRefusedErrorr BlockingIOErrorr)rrps r1rz_RpcClientImpl.__init__sy & 2V5I IDJ J  { + + + + +&(9?K & & &#%% % &s AA&A?c |jtj||ddzn$#t $r}t d|d}~wwxYw |d}n%#t$r}td||d}~wwxYw tj | }n5#t$r(}td ||d}~wwxYw|S)Nrr(rzcommunication interrupted,  )terminator_bytezConnection reset: zError parsing RPC response {!r})r9sendallr5rrBrokenPipeErrorr_sock_recv_untilConnectionResetErrorrr6rr7r8)rr\r(r]rNrs r1dispatchz_RpcClientImpl.dispatchsJ A J  J6VDDEEL&((      A A A?A??@@ @ A A(((??DD# A A A 8Q 8 899q @ A z$++--00HH   188>>   sHAA A(A##A(,B B% B  B%)&C D#C==Dc|jrJg}|r ||dvr|jg}tj|ggtj}|d}|j|vr@t |r"td|td|j tj }t|dkrtd| ||||dvd|S)Nrz!select() = {!r} resulted in errorzrequest timeoutz!Empty response from socket.recv()r3)r9 getblockingfilenoselectrCLIENT_TIMEOUTrArr8recvioDEFAULT_BUFFER_SIZEr9rjoin)rr@chunks fdread_list rwx_fdlist fdready_listchunks r1rCz_RpcClientImpl._sock_recv_untilsG:))+++++ !fRj@@:,,../K% J&a=Lz  "",66z??9%;BB:NN&&7888JOOB$:;;E5zzQ!"EFFF MM% / !fRj@@2xxr3N)rCrDrErrErCrJr3r1r7r7sA&&&.     r3r7ceZdZddZdZdS) _NoRpcImplNc||_ttj5t j}|t|tjddddS#1swxYwYdSr) rrrOverridingResetasyncioget_event_looprun_until_completerr)rrrs r1rz_NoRpcImpl.__init__:s i/ 0 0 L L)++D  # #OD)/$J$J K K K L L L L L L L L L L L L L L L L L LsAA//A36A3ctj}td||||d}t tj} t|tj }| t|||j|t |S#t |wxYw)NzExecuting {}, params: {}r>)rg)rYrZrUrr8r#rrgetuidrorrr[r_rr)rr\r(rrequestr%rhs r1rEz_NoRpcImpl.dispatchFs%'' .55ffEEFFF$77""29;;// ("6 >>>B** GTZ!8!8&AA   ' ' ' 'N  ' ' ' 's 3A CC6r)rCrDrErrErJr3r1rVrV9s; L L L L ( ( ( ( (r3rVcDeZdZdZejddddZdZdZdZ d Z dS) RpcClientaR One RpcClient instance is suitable to use for multiple ipc calls :param RpcServiceState require_svc_is_running: whether to provide direct endpoints binding if the service is stopped. :param int reconnect_with_timeout: timeout in sec for reconnect retries :param int num_retries: number of reconnect retries Nr)require_svc_is_runningreconnect_with_timeout num_retriescd|_tr tjn tj|_|t jkr'trtt j |t j kr+ttj tj|t jt j fvr[ |r||||_nt%|j|_dS#t$r|t j krYnwxYw|j-ts Jdt'|_dSdS)Nz-_NoRpcImpl is not available for non root user)_implrrr r3r(r>rGrrrFrractivate_socket_servicer SVC_NAMErH_reconnect_with_timeoutr7rV)rrarbrcs r1rzRpcClient.__init___se ~~ -F  ,  #o&= = =   >$O$;<< < #'> > > V3DMBB C C C !    #&    )C!%!=!=. ""DJJ"00A!B!BDJ$   )_-DDDED  :  ? ?> ? ?#DJJJ  s7C99DDc6tj|j|Sr functoolspartialr)rr\s r1 __getattr__zRpcClient.__getattr__s 888r3c6tj|j|Srrj)rrs r1cmdz RpcClient.cmds 999r3c h|j||}t|ttfrI|dt t fvr|d|dfS|dtksJ|d|dfS|dt t fvrt|d|dS)NrLrMrN) rerEr+rbrWrr!r r)rr\r(rs r1rzRpcClient._dispatchs:&&vv66 ftUm , , $!eW%555)8J+???)W4444)8F+;;;!eW%555#HZ$8999F# #r3c t|jS#t$r;|r5td|t j||dz}nYnwxYw^)NTz$Waiting %d second(s) before retry...r)r7r(rrUrtimesleep)rtimeoutrcs r1rhz!RpcClient._reconnect_with_timeouts  %d&7888$   KK>Jw'''1$KK K   sAAA) rCrDrE__doc__r>rFrrmrorrhrJr3r1r`r`Ts /6# ,&,&,&,&,&\999::: $ $ $     r3r`)]rurYrkrrMr5rrJr#rr{rr contextlibr contextvarsrloggingrtypingrpsutilrrXdefence360agent.apirdefence360agent.applicationr defence360agent.contracts.configr r r-defence360agent.feature_management.exceptionsr 'defence360agent.internals.auth_protocolr defence360agent.modelr$defence360agent.model.simplificationrdefence360agent.utilsrrdefence360agent.utils.bufferrrdefence360agent.subsys.panelsr"defence360agent.subsys.panels.baserdefence360agent.subsysr$defence360agent.rpc_tools.exceptionsrrr defence360agent.rpc_tools.lookuprrdefence360agent.rpc_tools.utilsrr"defence360agent.rpc_tools.validaterdefence360agent.rpc_toolsrr r!rCrUr#r"__annotations__ frozensetr,r2r<r>r_rorZrrrrrrrrr1r5r7rVr`rJr3r1rsE """"""******++++++FFFFFFFFKJJJJJ++++++@@@@@@88888888GGGGGGGG777777DDDDDD)))))) A@@@@@@@?>>>>>========== 8  #-*-=">"> 3>>>" ">">">??   ***$CCC8   J#J(3-JJJJ<<<,DDDDDDDDN}$}$}$}$}$/}$}$}$@ 2IIIIIIIIX........ y> > > > > > > > B((((((((6ZZZZZZZZZZr3