shell bypass 403
a
����'�Dg�����������������������@���s
��U�d�Z�ddlZddlZddlmZmZ�ddlmZ�ddlm Z �ddl
m
Z
�ddl
m
Z
�dd ge
d
gd
�Ze
ed
<�e�e�Zeg�d
��ZdZdZdZed�dd�Zed�dd�Zeed�dd�Ze
d�dd�Z
e
d�d
d
�Z
ed
�d d �Z d!d"��Z e!e ee
dd#�d$d%�Z"dS�)&Z Wireguard�����N)�subp�util)�Cloud)�Config)�
MetaSchema)�
PER_INSTANCEZ
cc_wireguardZubuntu� wireguard)�idZdistrosZ frequencyZactivate_by_schema_keys�meta)�name�
config_path�contenti����
)��������)�wg_intc�����������������C���s����g�}t��t|������}|r8d�t|��}|�d|�����t|�����D�]@\}}|dksd|dksd|dkrDt|t �sD|�d|��d|�����qD|r�t
dt
��t
�|������d S�)
aR��Validate user-provided wg:interfaces option values.
This function supplements flexible jsonschema validation with specific
value checks to aid in triage of invalid user-provided configuration.
@param wg_int: Dict of configuration value under 'wg:interfaces'.
@raises: ValueError describing invalid values provided.
z, z%Missing required wg:interfaces keys: r
���r
���r
���z$Expected a string for wg:interfaces:�. Found z*Invalid wireguard interface configuration:N)
�REQUIRED_WG_INT_KEYS�
difference�set�keys�join�sorted�append�items�
isinstance�str�
ValueError�NL)r����errors�missingr����key�value��r#����A/usr/lib/python3.9/site-packages/cloudinit/config/cc_wireguard.py�
supplemental_schema_validation
���s
����
��r%���c��������������
���C���s����t��d|�d���z,t��d|�d���tj|�d�|�d�td��W�nF�ty��}�z.td|�d���dt��t|�����|�W�Y�d }~n
d }~0�0�d S�)
z�Writing user-provided configuration into Wireguard
interface configuration file.
@param wg_int: Dict of configuration value under 'wg:interfaces'.
@raises: RuntimeError for issues writing of configuration file.
z"Configuring Wireguard interface %sr
���z#Writing wireguard config to file %sr
���r
���)�modez-Failure writing Wireguard configuration file �:N) �LOG�debugr���Z
write_file�WG_CONFIG_FILE_MODE� Exception�
RuntimeErrorr
���r
���)r����er#���r#���r$����
write_config;���s$�����
�����r.���)r����cloudc��������������
���C���s����zTt��d|�d���|j�dd|�d������t��d|�d���|j�dd|�d������W�n>�tjy��}�z$tdt��t|�����|�W�Y�d}~n
d}~0�0�dS�) z�Enable and start Wireguard interface
@param wg_int: Dict of configuration value under 'wg:interfaces'.
@raises: RuntimeError for issues enabling WG interface.
z
Enabling wg-quick@%s at bootr
����enablez wg-quick@z!Bringing up interface wg-quick@%sZrestartz0Failed enabling/starting Wireguard interface(s):N) r(���r)����distroZmanage_servicer����ProcessExecutionErrorr,���r
���r
���)r���r/���r-���r#���r#���r$���� enable_wgP���s����
��r3���)�wg_readinessprobesc�����������������C���sZ���g�}d}|�D�],}t�|t�s
|�d|��d|�����|d7�}q
|rVtdt��t�|������dS�)z�Basic validation of user-provided probes
@param wg_readinessprobes: List of readinessprobe probe(s).
@raises: ValueError of wrong datatype provided for probes.
r���z(Expected a string for readinessprobe at r�������z Invalid readinessProbe commands:N)r���r
���r���r
���r
���r���)r4���r ����pos�cr#���r#���r$����!readinessprobe_command_validationb���s����
�
�r8���c��������������
���C���s����g�}|�D�]d}z$t��dt|���tj|ddd��W�q�tjyj�}�z |�|��d|�����W�Y�d}~qd}~0�0�q|r�tdt��t�|������dS�)z�Execute provided readiness probe(s)
@param wg_readinessprobes: List of readinessprobe probe(s).
@raises: ProcessExecutionError for issues during execution of probes.
z
Running readinessprobe: '%s'T�Zcapture�shellz: Nz&Failed running readinessprobe command:) r(���r)���r
���r���r2���r���r,���r
���r���)r4���r ���r7���r-���r#���r#���r$����readinessprobex���s����,�r;���)r/���c�����������������C���s����dg}t��d�rdS�t���tk�r*|�d��z|�j����W�n �tyX���t� t
d����Y�n0�z|�j�
|��W�n �ty����t� t
d����Y�n0�dS�)z�Install wireguard packages and tools
@param cloud: Cloud object
@raises: Exception for issues during package
installation.
zwireguard-toolsZwgNr���zPackage update failedz!Failed to install wireguard-tools)
r����whichr���Zkernel_version�MIN_KERNEL_VERSIONr���r1���Zupdate_package_sourcesr+����logexcr(���Zinstall_packages)r/���Zpackagesr#���r#���r$���� maybe_install_wireguard_packages����s
����
r?���c���������������
���C���s����z@t�j�dddd�}�t�d|�j����s>t�d��t�j�dddd��W�nB�t�jy��}�z(t� tdt
��t
|��������W�Y�d}~n
d}~0�0�dS�) zYLoad wireguard kernel module
@raises: ProcessExecutionError for issues modprobe
ZlsmodTr9���r���z Loading wireguard kernel modulezmodprobe wireguardz Could not load wireguard module:N)
r����re�search�stdout�stripr(���r)���r2���r���r>���r
���r
���)�outr-���r#���r#���r$����
load_wireguard_kernel_module����s����
rE���)r
����cfgr/����args�returnc�����������������C���s����d�}d|v�r t��d��|d�}nt��d|���d�S�t|��t���|d�D�]
}t|��t|��t||��qFd|v�r�|d�d�ur�|d�}t|��t|��n
t��d��d�S�)Nr���z!Found Wireguard section in configz<Skipping module named %s, no 'wireguard' configuration foundZ
interfacesr;���z+Skipping readinessprobe - no checks defined) r(���r)���r?���rE���r%���r.���r3���r8���r;���)r
���rF���r/���rG���Z
wg_sectionr���r4���r#���r#���r$����handle����s.����
�
�
�
rI���)#�__doc__Zloggingr@���Z cloudinitr���r���Zcloudinit.cloudr���Zcloudinit.configr���Zcloudinit.config.schemar���Zcloudinit.settingsr���r
����__annotations__Z getLogger�__name__r(���� frozensetr���r*���r
���r=����dictr%���r.���r3����listr8���r;���r?���rE���r
���rI���r#���r#���r#���r$����<module>���s2���
�