def fetch(): retval = {} content = retrieve_content(__url__) if __check__ in content: for match in re.finditer(r"([\d.]+)/(\d+)", content): prefix, mask = match.groups() start_int = addr_to_int(prefix) & make_mask(int(mask)) end_int = start_int | ((1 << 32 - int(mask)) - 1) for address in xrange(start_int, end_int + 1): retval[int_to_addr(address)] = (__info__, __reference__) return retval
def fetch(): retval = {} content = retrieve_content(__url__) if __check__ in content: for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+)/(\d+)", content): prefix, mask = match.groups() mask = int(mask) if MIN_BLACKLIST_MASK <= mask <= MAX_BLACKLIST_MASK: start_int = addr_to_int(prefix) & make_mask(mask) end_int = start_int | ((1 << 32 - mask) - 1) for address in xrange(start_int, end_int + 1): retval[int_to_addr(address)] = (__info__, __reference__) return retval
def fetch(): retval = {} content = retrieve_content(__url__) if __check__ in content: for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+)/(\d+)", content): prefix, mask = match.groups() mask = int(mask) start_int = addr_to_int(prefix) & make_mask(mask) end_int = start_int | ((1 << 32 - mask) - 1) if 0 <= end_int - start_int <= 1024: address = start_int while start_int <= address <= end_int: retval[int_to_addr(address)] = (__info__, __reference__) address += 1 return retval
def _events(self, params): session = self.get_session() if session is None: self.send_response(httplib.UNAUTHORIZED) self.send_header("Connection", "close") return None start, end, size, total = None, None, -1, None content = None log_path = os.path.join(config.LOG_DIR, "%s.log" % params.get("date", "")) if os.path.exists(log_path): total = os.stat(log_path).st_size if self.headers.get("Range"): match = re.search(r"bytes=(\d+)-(\d+)", self.headers["Range"]) if match: start, end = int(match.group(1)), int(match.group(2)) max_size = end - start + 1 end = min(total - 1, end) size = end - start + 1 if start == 0 or not session.range_handle: session.range_handle = open(log_path, "rb") if session.netfilters is None: session.range_handle.seek(start) self.send_response(httplib.PARTIAL_CONTENT) self.send_header("Connection", "close") self.send_header("Content-Type", "text/plain") self.send_header("Content-Range", "bytes %d-%d/%d" % (start, end, total)) content = session.range_handle.read(size) else: self.send_response(httplib.OK) self.send_header("Connection", "close") self.send_header("Content-Type", "text/plain") buffer, addresses, netmasks, regex = cStringIO.StringIO(), set(), [], "" for netfilter in session.netfilters: if not netfilter: continue if '/' in netfilter: netmasks.append(netfilter) elif re.search(r"\A[\d.]+\Z", netfilter): addresses.add(netfilter) elif '\.' in netfilter: regex = r" %s " % netfilter else: print "[!] invalid network filter '%s'" % netfilter return for line in session.range_handle: display = False if regex and re.search(regex, line): display = True elif addresses or netmasks: for match in re.finditer(r" (\d+\.\d+\.\d+\.\d+) ", line): if not display: ip = match.group(1) else: break if ip in addresses: display = True break elif netmasks: for _ in netmasks: prefix, mask = _.split('/') if addr_to_int(ip) & make_mask(int(mask)) == addr_to_int(prefix): addresses.add(ip) display = True break if display: buffer.write(line) if buffer.tell() >= max_size: break content = buffer.getvalue() end = start + len(content) - 1 self.send_header("Content-Range", "bytes %d-%d/%d" % (start, end, end + 1 + max_size * (len(content) >= max_size))) if len(content) < max_size: session.range_handle.close() session.range_handle = None if size == -1: self.send_response(httplib.OK) self.send_header("Connection", "close") self.send_header("Content-Type", "text/plain") self.end_headers() with open(log_path, "rb") as f: while True: data = f.read(io.DEFAULT_BUFFER_SIZE) if not data: break else: self.wfile.write(data) else: self.send_response(httplib.NOT_FOUND) self.send_header("Connection", "close") return content
def _login(self, params): valid = False if params.get("username") and params.get("password"): for entry in (config.USERS or []): entry = re.sub(r"\s", "", entry) username, stored_hash, uid, netfilter = entry.split(':') hash_parts = stored_hash.split('$') if username == params.get("username"): try: if (pbkdf2(params.get("password"), hash_parts[1].decode("hex"), int(hash_parts[2])).encode("hex") == hash_parts[3]): valid = True break except: if config.SHOW_DEBUG: traceback.print_exc() if valid: session_id = os.urandom(SESSION_ID_LENGTH).encode("hex") expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS self.send_response(httplib.OK) self.send_header("Connection", "close") self.send_header("Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" % (session_id, time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration)))) if netfilter in ("", "0.0.0.0/0"): netfilters = None else: addresses = set() netmasks = set() for item in set(re.split(r"[;,]", netfilter)): item = item.strip() if '/' in item: _ = item.split('/')[-1] if _.isdigit() and int(_) >= 16: lower = addr_to_int(item.split('/')[0]) mask = make_mask(int(_)) upper = lower | (0xffffffff ^ mask) while lower <= upper: addresses.add(int_to_addr(lower)) lower += 1 else: netmasks.add(item) elif '-' in item: _ = item.split('-') lower, upper = addr_to_int(_[0]), addr_to_int(_[1]) while lower <= upper: addresses.add(int_to_addr(lower)) lower += 1 elif re.search(r"\d+\.\d+\.\d+\.\d+", item): addresses.add(item) netfilters = netmasks if addresses: netfilters.add(get_regex(addresses)) SESSIONS[session_id] = AttribDict({"username": username, "uid": uid, "netfilters": netfilters, "expiration": expiration}) else: time.sleep(UNAUTHORIZED_SLEEP_TIME) self.send_response(httplib.UNAUTHORIZED) self.send_header("Connection", "close") self.send_header("Content-Type", "text/plain") content = "Login %s" % ("success" if valid else "failed") try: subprocess.check_output("logger -p auth.info -t \"%s[%d]\" \"%s password for %s from %s port %s\"" % (NAME.lower(), os.getpid(), "Accepted" if valid else "Failed", params.get("username"), self.client_address[0], self.client_address[1]), stderr=subprocess.STDOUT, shell=True) except Exception: if config.SHOW_DEBUG: traceback.print_exc() return content
def _events(self, params): session = self.get_session() if session is None: self.send_response(httplib.UNAUTHORIZED) self.send_header("Connection", "close") self.end_headers() return None start, end, size, total = None, None, -1, None content = None log_path = os.path.join(config.LOG_DIRECTORY, "%s.log" % params.get("date", "")) if os.path.exists(log_path): total = os.stat(log_path).st_size if self.headers.get("Range"): match = re.search(r"bytes=(\d+)-(\d+)", self.headers["Range"]) if match: start, end = int(match.group(1)), int(match.group(2)) max_size = end - start + 1 end = min(total - 1, end) size = end - start + 1 if start == 0 or not session.range_handle: session.range_handle = open(log_path, "rb") self.send_response(httplib.OK) self.send_header("Connection", "close") self.send_header("Content-Type", "text/plain") if session.netfilters is None: session.range_handle.seek(start) self.send_response(httplib.PARTIAL_CONTENT) self.send_header( "Content-Range", "bytes %d-%d/%d" % (start, end, total)) content = session.range_handle.read(size) else: buffer, addresses, netmasks = cStringIO.StringIO( ), set(), [] for netfilter in session.netfilters: if not netfilter: continue if '/' in netfilter: netmasks.append(netfilter) elif re.search(r"\A[\d.]+\Z", netfilter): addresses.add(netfilter) else: print "[!] invalid network filter '%s'" % netfilter return for line in session.range_handle.xreadlines(): display = False for match in re.finditer( r" (\d+\.\d+\.\d+\.\d+) ", line): if not display: ip = match.group(1) else: break if ip in addresses: display = True break elif netmasks: for _ in netmasks: prefix, mask = _.split('/') if addr_to_int(ip) & make_mask( int(mask)) == addr_to_int( prefix): addresses.add(ip) display = True break if display: buffer.write(line) if buffer.tell() >= max_size: break content = buffer.getvalue() end = start + len(content) - 1 self.send_header( "Content-Range", "bytes %d-%d/%d" % (start, end, end + 1 + max_size * (len(content) >= max_size))) if len(content) < max_size: session.range_handle.close() session.range_handle = None if size == -1: self.send_response(httplib.OK) self.send_header("Connection", "close") self.send_header("Content-Type", "text/plain") self.end_headers() with open(log_path, "rb") as f: while True: data = f.read(io.DEFAULT_BUFFER_SIZE) if not data: break else: self.wfile.write(data) return content
def _login(self, params): valid = False if params.get("username") and params.get("password"): for entry in (config.USERS or []): entry = re.sub(r"\s", "", entry) username, stored_hash, uid, netfilter = entry.split(':') hash_parts = stored_hash.split('$') if username == params.get("username"): try: if (pbkdf2(params.get("password"), hash_parts[1].decode("hex"), int(hash_parts[2])).encode("hex") == hash_parts[3]): valid = True break except: if DEBUG: traceback.print_exc() if valid: session_id = os.urandom(SESSION_ID_LENGTH).encode("hex") expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS self.send_response(httplib.OK) self.send_header("Connection", "close") self.send_header( "Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" % (session_id, time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration)))) if netfilter in ("", "0.0.0.0/0"): netfilters = None else: netfilters = set(re.split(r"[;,]", netfilter)) for netfilter in set(netfilters): netfilter = netfilter.strip() if '/' in netfilter: _ = netfilter.split('/')[-1] if _.isdigit() and int(_) >= 20: lower = addr_to_int(netfilter.split('/')[0]) mask = make_mask(int(_)) upper = lower | (0xffffffff ^ mask) while lower <= upper: netfilters.add(int_to_addr(lower)) lower += 1 netfilters.remove(netfilter) elif '-' in netfilter: _ = netfilter.split('-') lower, upper = addr_to_int(_[0]), addr_to_int(_[1]) while lower <= upper: netfilters.add(int_to_addr(lower)) lower += 1 netfilters.remove(netfilter) elif not netfilter: netfilters.remove(netfilter) SESSIONS[session_id] = AttribDict({ "username": username, "uid": uid, "netfilters": netfilters, "expiration": expiration }) else: time.sleep(UNAUTHORIZED_SLEEP_TIME) self.send_response(httplib.UNAUTHORIZED) self.send_header("Connection", "close") self.send_header("Content-Type", "text/plain") content = "Login %s" % ("success" if valid else "failed") return content
def _events(self, params): session = self.get_session() if session is None: self.send_response(httplib.UNAUTHORIZED) self.send_header("Connection", "close") self.end_headers() return None start, end, size, total = None, None, -1, None content = None log_path = os.path.join(config.LOG_DIRECTORY, "%s.log" % params.get("date", "")) if os.path.exists(log_path): total = os.stat(log_path).st_size if self.headers.get("Range"): match = re.search(r"bytes=(\d+)-(\d+)", self.headers["Range"]) if match: start, end = int(match.group(1)), int(match.group(2)) max_size = end - start + 1 end = min(total - 1, end) size = end - start + 1 if start == 0 or not session.range_handle: session.range_handle = open(log_path, "rb") self.send_response(httplib.OK) self.send_header("Connection", "close") self.send_header("Content-Type", "text/plain") if session.netfilter in (None, "", "0.0.0.0/0"): session.range_handle.seek(start) self.send_response(httplib.PARTIAL_CONTENT) self.send_header("Content-Range", "bytes %d-%d/%d" % (start, end, total)) content = session.range_handle.read(size) else: content, addresses, netmasks = "", set(), [] for _ in set(re.split(r"[;,]", session.netfilter)): if '/' in _: netmasks.append(_) elif re.search(r"\A[\d.]+\Z", _): addresses.add(_) else: print "[!] invalid network filter '%s'" % _ return for line in session.range_handle.xreadlines(): display = False for ip in set(re.findall(r"\d+\.\d+\.\d+\.\d+", line)): if display: break elif ip in addresses: display = True break else: for _ in netmasks: prefix, mask = _.split('/') if addr_to_int(ip) & make_mask(int(mask)) == addr_to_int(prefix): addresses.add(ip) display = True break if display: content += line if len(content) >= max_size: break end = start + len(content) - 1 self.send_header("Content-Range", "bytes %d-%d/%d" % (start, end, end + 1 + max_size * (len(content) >= max_size))) if len(content) < max_size: session.range_handle.close() session.range_handle = None if size == -1: self.send_response(httplib.OK) self.send_header("Connection", "close") self.send_header("Content-Type", "text/plain") self.end_headers() with open(log_path, "rb") as f: while True: data = f.read(io.DEFAULT_BUFFER_SIZE) if not data: break else: self.wfile.write(data) return content
def _login(self, params): valid = False if params.get("username") and params.get("password"): for entry in (config.USERS or []): entry = re.sub(r"\s", "", entry) username, stored_hash, uid, netfilter = entry.split(':') hash_parts = stored_hash.split('$') if username == params.get("username"): try: if (pbkdf2(params.get("password"), hash_parts[1].decode("hex"), int(hash_parts[2])).encode("hex") == hash_parts[3]): valid = True break except: if DEBUG: traceback.print_exc() if valid: session_id = os.urandom(SESSION_ID_LENGTH).encode("hex") expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS self.send_response(httplib.OK) self.send_header("Connection", "close") self.send_header("Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" % (session_id, time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration)))) if netfilter in ("", "0.0.0.0/0"): netfilters = None else: netfilters = set(re.split(r"[;,]", netfilter)) for netfilter in set(netfilters): netfilter = netfilter.strip() if '/' in netfilter: _ = netfilter.split('/')[-1] if _.isdigit() and int(_) >= 20: lower = addr_to_int(netfilter.split('/')[0]) mask = make_mask(int(_)) upper = lower | (0xffffffff ^ mask) while lower <= upper: netfilters.add(int_to_addr(lower)) lower += 1 netfilters.remove(netfilter) elif '-' in netfilter: _ = netfilter.split('-') lower, upper = addr_to_int(_[0]), addr_to_int(_[1]) while lower <= upper: netfilters.add(int_to_addr(lower)) lower += 1 netfilters.remove(netfilter) elif not netfilter: netfilters.remove(netfilter) SESSIONS[session_id] = AttribDict({"username": username, "uid": uid, "netfilters": netfilters, "expiration": expiration}) else: time.sleep(UNAUTHORIZED_SLEEP_TIME) self.send_response(httplib.UNAUTHORIZED) self.send_header("Connection", "close") self.send_header("Content-Type", "text/plain") content = "Login %s" % ("success" if valid else "failed") return content
def _login(self, params): valid = False if params.get("username") and params.get("password"): for entry in (config.USERS or []): entry = re.sub(r"\s", "", entry) username, stored_hash, uid, netfilter = entry.split(':') hash_parts = stored_hash.split('$') if username == params.get("username"): try: if (pbkdf2(params.get("password"), hash_parts[1].decode("hex"), int(hash_parts[2])).encode("hex") == hash_parts[3]): valid = True break except: if config.SHOW_DEBUG: traceback.print_exc() if valid: session_id = os.urandom(SESSION_ID_LENGTH).encode("hex") expiration = time.time() + 3600 * SESSION_EXPIRATION_HOURS self.send_response(httplib.OK) self.send_header("Connection", "close") self.send_header( "Set-Cookie", "session=%s; expires=%s; path=/; HttpOnly" % (session_id, time.strftime(HTTP_TIME_FORMAT, time.gmtime(expiration)))) if netfilter in ("", "0.0.0.0/0"): netfilters = None else: addresses = set() netmasks = set() for item in set(re.split(r"[;,]", netfilter)): item = item.strip() if '/' in item: _ = item.split('/')[-1] if _.isdigit() and int(_) >= 16: lower = addr_to_int(item.split('/')[0]) mask = make_mask(int(_)) upper = lower | (0xffffffff ^ mask) while lower <= upper: addresses.add(int_to_addr(lower)) lower += 1 else: netmasks.add(item) elif '-' in item: _ = item.split('-') lower, upper = addr_to_int(_[0]), addr_to_int(_[1]) while lower <= upper: addresses.add(int_to_addr(lower)) lower += 1 elif re.search(r"\d+\.\d+\.\d+\.\d+", item): addresses.add(item) netfilters = netmasks if addresses: netfilters.add(get_regex(addresses)) SESSIONS[session_id] = AttribDict({ "username": username, "uid": uid, "netfilters": netfilters, "expiration": expiration }) else: time.sleep(UNAUTHORIZED_SLEEP_TIME) self.send_response(httplib.UNAUTHORIZED) self.send_header("Connection", "close") self.send_header("Content-Type", "text/plain") content = "Login %s" % ("success" if valid else "failed") if not subprocess.mswindows: try: subprocess.check_output( "logger -p auth.info -t \"%s[%d]\" \"%s password for %s from %s port %s\"" % (NAME.lower(), os.getpid(), "Accepted" if valid else "Failed", params.get("username"), self.client_address[0], self.client_address[1]), stderr=subprocess.STDOUT, shell=True) except Exception: if config.SHOW_DEBUG: traceback.print_exc() return content