o (fr@s`ddlZddlZddlmZmZmZmZmZmZm Z ddl m Z m Z m Z mZmZddlmZmZddlmZddlmZmZddlmZmZddlmZmZmZmZdd l m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4dd l5m6Z6dd l5m7Z8dd l9m:Z:dd l9m7Z;dd lZ>ddl?m@Z@mAZAmBZBddlCmDZDddlEmFZFddlGmHZHmIZImJZJddlKmLZLddlMmNZNddlOmPZPddlQmRZRmSZSmTZTddlUmVZVddlWmXZXddlYmZZZddl[m\Z\GdddZ]de+fddZ^de-fd d!Z_d"e`d#ead$eLfd%d&Zbd"e`d#ead'ead$eLfd(d)Zc dod*ee`d+e`d,edd-edd.ee`d/e`f d0d1Zed$eLd2e`d/eafd3d4Zfdpd5d6Zgd$eLfd7d8Zhd$eLd/eafd9d:Zid;ee`d/e`fdd?Zkd$eLd/eafd@dAZld$eLdBe`d/eafdCdDZmdBe`d$eLd#ead/eafdEdFZn Gdqd+edHe`dIe`fdJdKZodLe`fdMdNZpdOe]dPe0fdQdRZqdOe]dPe1fdSdTZrdOe]dPe/fdUdVZsdOe]dPe$fdWdXZtdOe]dPe%fdYdZZudOe]dPe&fd[d\ZvdOe]dPe*fd]d^ZwdOe]dPe(fd_d`ZxdOe]dPe'fdadbZyde+d#ead$eLd/eeeeffdcddZzdedfZ{eBdge j|e j}e{eFj~eAe@d"e jdhe@die jdjdke@dle jdjdkgdmgdnZdS)rN)DictList NamedTupleOptionalSetTupleUnion)apt exceptionsmessagessystemutil)attach_with_tokenenable_entitlement_by_name) _initiate)MagicAttachRevokeOptions_revoke)MagicAttachWaitOptions_wait)CVE_OR_USN_REGEX FixStatusUnfixedPackagestatus_message)ESM_APPS_POCKETESM_INFRA_POCKETSTANDARD_UPDATES_POCKETFixPlanAptUpgradeStepFixPlanAttachStepFixPlanEnableStepFixPlanNoOpAlreadyFixedStepFixPlanNoOpLivepatchFixStepFixPlanNoOpStatusFixPlanNoOpStep FixPlanResult FixPlanStepFixPlanUSNResultFixPlanWarning"FixPlanWarningFailUpdatingESMCache&FixPlanWarningPackageCannotBeInstalled#FixPlanWarningSecurityIssueNotFixedNoOpAlreadyFixedDataNoOpLivepatchFixDataUSNAdditionalData)CVEFixPlanOptions)_plan)USNFixPlanOptions)ContractExpiryStatus _is_attached) ProArgumentProArgumentGroup ProCommand) action_detach) HelpCategory)CLOUD_TYPE_TO_TITLEPRO_CLOUD_URLSget_cloud_type)UAConfig)PRINT_WRAP_WIDTH)entitlement_factory)ApplicabilityStatusCanEnableFailureUserFacingStatus)notices)Notice) PRO_HOME_PAGE)colorize_commandsc@sjeZdZdededeedefddZddZ dd eed ed e efd dZ deedefddZ d S) FixContexttitledry_run affected_pkgscfgcCsJd|_g|_t|_tj|_||_||_||_ ||_ d|_ d|_ d|_ dS)NrTF) pkg_index unfixed_pkgssetinstalled_pkgsrSYSTEM_NON_VULNERABLE fix_statusrErGrFrHshould_print_pkg_header warn_package_cannot_be_installedfixed_by_livepatch)selfrErFrGrHrS2/usr/lib/python3/dist-packages/uaclient/cli/fix.py__init__Ss zFixContext.__init__cCsR|jr'tjt|jjt|jdt|jd}tt j |t ddddSdS)N, )countpkgs F)widthsubsequent_indentreplace_whitespace) rGr SECURITY_AFFECTED_PKGS pluralizelenformatjoinsortedprinttextwrapfillr;)rRmsgrSrSrTprint_fix_headerfs"zFixContext.print_fix_headerN source_pkgsstatuspocketcCs8|jrtt|||jt|j|rt|ndddSdS)N)pkg_listrirInum_pkgs pocket_source)rOrc_format_packages_messagerIr_rGget_pocket_description)rRrhrirjrSrSrTprint_pkg_headerwszFixContext.print_pkg_headerrXunfixed_reasoncCs"|D] }|jt||dqdS)N)pkgrq)rJappendr)rRrXrqrrrSrSrTadd_unfixed_packagess  zFixContext.add_unfixed_packagesN) __name__ __module__ __qualname__strboolrr:rUrgrrprtrSrSrSrTrDRs(  rDcvecCs8dj|j|jdd|jg}td|dS)N{issue}: {description}issue descriptionz! - https://ubuntu.com/security/{} )r`rEupperrrcra)r{linesrSrSrTprint_cve_headers  rfix_plancCs|j}dj|j|jdg}|j}t|trK|jr5| t j |jD]}| dt j j j|dq#n|jrK| t j|jD] }| d|qAtd|dS)Nr|r}z - {})r{z - r)target_usn_planr`rErradditional_data isinstancer,associated_cvesrsr SECURITY_FOUND_CVESurlsSECURITY_CVE_PAGEassociated_launchpad_bugsSECURITY_FOUND_LAUNCHPAD_BUGSrcra)r target_usnrrr{lp_bugrSrSrTprint_usn_headers*      rsecurity_issuerFrHcCsztt|gd|d}|jjdj}|r$|jr$tjt |j pd|jdt |jjdt t |jjd||\}}|S)N)cvesoptionsrHrunexpected-error named_msg)cve_planr- cves_datarerrorrfr AnonymousUbuntuProErrorr NamedMessagecoderrcexecute_fix_plan)rrFrHrrri_rSrSrTfix_cves   r no_relatedcCstt|gd|d}|jjdjj}|r%|jr%tjt |j pd|jdt |jjdt dt jj|dt|jjdj||\}}|tjtjfvrO|S|jjdj}|rZ|r\|St dt jjdd d |Dd t dt ji} |D]} t d | jt| ||| | j<t qzt t jt||t jd d} |D]=} | | j\} } t| | jt jd | tjkrt dt jjddd} | tjkr| D]}|j rt d|j!|j qd} q| rt dt j"j|d|S)N)usnsrrrrr)issue_idz - css|]}|jVqdSru)rE).0usnrSrSrT szfix_usn..) related_usnsz- {})contextF- fix operation operationTz - {}: {})#usn_planr/ usns_datarrrrfr rr rrrrcSECURITY_FIXING_REQUESTED_USNr`rrrMSYSTEM_NOT_AFFECTEDrelated_usns_planSECURITY_RELATED_USNSraSECURITY_FIXING_RELATED_USNSrESECURITY_USN_SUMMARY_handle_fix_status_messageFIX_ISSUE_CONTEXT_REQUESTEDFIX_ISSUE_CONTEXT_RELATEDSYSTEM_VULNERABLE_UNTIL_REBOOTENABLE_REBOOT_REQUIRED_TMPLSYSTEM_STILL_VULNERABLErqrrSECURITY_RELATED_USN_ERROR)rrFrrHrrtarget_usn_statusrrrelated_usn_statusrelated_usn_planfailure_on_related_usnrirJ unfixed_pkgrSrSrTfix_usns        rrkrirIrlrmreturnc Cs|sdSg}g}|D]}|d7}|d||||q tjddd|ddt|tdd }d |t||S) z;Format the packages and status to an user friendly message.z{}/{}z{} {}:(rV)rYrZr[z{} {})rsr`rdrerarbr;r) rkrirIrlrm msg_indexsrc_pkgssrc_pkg msg_headerrSrSrTrn0s  rntokenc Cs\ttdd|ggz t||ddWdStjy-}z t|jWYd}~dSd}~ww)ztAttach to an Ubuntu Pro subscription with a given token. :return: True if attach performed without errors. proattachT)r allow_enableNF)rcrCrr UbuntuProErrorrf)rHrerrrSrSrT_run_ua_attachLs rcCs>t\}}|tvrttjjt|t|ddSdS)z:Alert the user when running Pro on cloud with PRO support.)rEcloud_specific_urlN) r9r8keysrcr SECURITY_USE_PRO_TMPLr`r7get) cloud_typerrSrSrT*_inform_ubuntu_pro_existence_if_applicableZs  rc Csttjt|d}tdtjj|jdt|jd}zt ||d}Wn t j yD}zttj t |jd}t||d|d}~wwtdtjt||jS)N)rHr) user_code) magic_tokenr)rcr CLI_MAGIC_ATTACH_INITrCLI_MAGIC_ATTACH_SIGN_INr`rrrrr MagicAttachTokenErrorCLI_MAGIC_ATTACH_FAILEDrrCLI_MAGIC_ATTACH_PROCESSINGrcontract_token)rH initiate_resp wait_options wait_resperevoke_optionsrSrSrT_perform_magic_attachfs.      rcCshtttjtjtjgdd}|dkrdS|dkr t|S|dkr2ttjt d}t ||SdS) zZPrompt for attach to a subscription or token. :return: True if attach performed. )sac valid_choicesrFrr> T) rrcr *SECURITY_UPDATE_NOT_INSTALLED_SUBSCRIPTIONr prompt_choicesSECURITY_FIX_ATTACH_PROMPTrPROMPT_ENTER_TOKENinputr)rHchoicerrSrSrT_prompt_for_attachs   rrJcCs4t|}tjtj|j|dt|dt ddS)zFormat the list of unfixed packages into an message. :returns: A string containing the message output for the unfixed packages. rV)rlrXrYr) r_rdrer SECURITY_PKG_STILL_AFFECTEDr^r`rarbr;)rJnum_pkgs_unfixedrSrSrT_format_unfixed_packages_msgs rcCs4t|j}|r|tjjkr|rttjdSdSdS)zuCheck if the Ubuntu Pro subscription is expired. :returns: True if subscription is expired and not renewed. FT)r1contract_statusr0EXPIREDvaluercr (SECURITY_DRY_RUN_UA_EXPIRED_SUBSCRIPTION)rHrFcontract_expiry_statusrSrSrT_check_subscription_is_expireds   rcCsddl}tttjtjtjjt dddgd}|dkr?ttj t d}tt dd ggt |jd d d |t||Sd S)zdPrompt for attach a new subscription token to the user. :return: True if attach performed. rN)urlrrrrrdetachTcli) assume_yesr`F)argparserrcr %SECURITY_UPDATE_NOT_INSTALLED_EXPIREDr rSECURITY_FIX_RENEW_PROMPTr`rBPROMPT_EXPIRED_ENTER_TOKENrrCr5 Namespacer)rHrrrrSrSrT_prompt_for_new_tokens    rservicecCsttjj|dtjtjj|dddgd}|dkrEttdd|ggt||d\}}|sC|durCt |t rC|j durCt|j j |Sd S) zMPrompt for enable a pro service. :return: True if enable performed. rrrrrenablerHnameNF) rcr SECURITY_SERVICE_DISABLEDr`r rSECURITY_FIX_ENABLE_PROMPTrCrrr>messagerf)rHrrretreasonrSrSrT_prompt_for_enables"   rcCst||d}|rN|\}}|tjkrdS|\}}|tjkrD|r0tdtj j |j ddSt ||j r8dSttj j |j ddSttjj |j ddS)zQ Verify if the Ubuntu Pro subscription has the required service enabled. r Trr F)r<user_facing_statusr?ACTIVEapplicability_statusr= APPLICABLErcr 'SECURITY_DRY_RUN_UA_SERVICE_NOT_ENABLEDr`r rSECURITY_UA_SERVICE_NOT_ENABLED SECURITY_UA_SERVICE_NOT_ENTITLED)rrHrFent ent_statusrrrSrSrT)_handle_subscription_for_required_services<       rrrrcCs|tjkr |rtjj||d}ntjj|d}tt|dS|tj kr@|r0tj j||d}ntj j|d}tt|dS|tj kr`|rPtj j||d}ntjj|d}tt|dS|rktj j||d}ntjj|d}tt|dS)N)r~rr~)rrMr %SECURITY_ISSUE_RESOLVED_ISSUE_CONTEXTr`SECURITY_ISSUE_RESOLVEDrcr handle_unicode_charactersr'SECURITY_ISSUE_UNAFFECTED_ISSUE_CONTEXTSECURITY_ISSUE_UNAFFECTEDr)SECURITY_ISSUE_NOT_RESOLVED_ISSUE_CONTEXTSECURITY_ISSUE_NOT_RESOLVED)rirrrfrSrSrTrs6   rrjcCs.|tkrtjS|tkrtjS|tkrtjS|Sru)rr 'SECURITY_UBUNTU_STANDARD_UPDATES_POCKETrSECURITY_UA_INFRA_POCKETrSECURITY_UA_APPS_POCKET)rjrSrSrTro@sro fix_contextstepcCsh|j|jjd|jjdd|_tjj|jj|jj d}t d||j |jj g|dd|_ tj|_dS)NreleasedrhrirjF)packageversionrrXrqT)rpdatarelated_source_packagesrjrOr FIX_CANNOT_INSTALL_PACKAGEr`binary_packagebinary_package_versionrcrtsource_packagerPrrrN)r(r)warn_msgrSrSrT)_execute_package_cannot_be_installed_stepKs    r6cCsR|j|jj|jjd|jt|jj7_|j|jjt|jjdtj |_ dS)N)rhrir.) rpr/source_packagesrirIr_rtrrrrNr(r)rSrSrT&_execute_security_issue_not_fixed_stepds  r9cCs,tr ttjdStdtjddS)Nr)r we_are_currently_rootrcr CLI_FIX_FAIL_UPDATING_ESM_CACHE(CLI_FIX_FAIL_UPDATING_ESM_CACHE_NON_ROOTr8rSrSrT%_execute_fail_updating_esm_cache_steptsr=c Csh|j|jjd|jjd|jt|jj7_|jjs)|js#tt j t j |_ dStsE|jsEtt jt j|_ |j|jjt jddSttgdgdt|jjg|jrat j |_ dSzttjgd|jjddid Wn,ty}z t|d t|}t|t j|_ |j|jj|dWYd}~dSd}~wwt j |_ d |_|j|jjdS) Nr*r+r.)r updatez&&)r install--only-upgrade-y)zapt-getr?r@rADEBIAN_FRONTENDnoninteractive)cmdoverride_env_varsrfT)rpr/r7rjrIr_binary_packagesrPrcr SECURITY_UPDATE_INSTALLEDrrMrNr r:rFSECURITY_APT_NON_ROOTrrtrCrbr run_apt_update_commandrun_apt_command ExceptiongetattrryrOrLr>)r(r)rrfrSrSrT_execute_apt_upgrade_step}sl      rMcCs|jjdkrtnt}|j|jjd|dd|_t|jj sD|j r(t dt j nHt|jsCtj|_|j|jjt jj|jjdddSn,t|j|j drp|j rUt t jnt|jsptj|_|j|jjt jj|jjdddStj|_dS) N esm-infrar*r+Frr r.)rHrF)r/required_servicerrrpr7rOr1rH is_attachedrFrcr SECURITY_DRY_RUN_UA_NOT_ATTACHEDrrrrNrtSECURITY_UA_SERVICE_REQUIREDr`rrr$SECURITY_UA_SERVICE_WITH_EXPIRED_SUBrMr(r)rjrSrSrT_execute_attach_stepsL       rUcCst|jjdkrtnt}|j|jjd|dd|_t|jj|j|j s7|j |jjt j j |jjddtj|_dStjS)NrNr*r+Fr r.)r/rrrrpr7rOrrHrFrtr %SECURITY_UA_SERVICE_NOT_ENABLED_SHORTr`rrrNrMrTrSrSrT_execute_enable_steps0 rWcCs*|jjtjjkrttjtj |_ dSdSru) r/rir! NOT_AFFECTEDrrcr SECURITY_NO_AFFECTED_PKGSrrrNr8rSrSrT_execute_noop_not_affected_step s  rZcCs4t|jtrttjj|j|jjdd|_ dSdS)N)r~r-T) rr/r+rcr CVE_FIXED_BY_LIVEPATCHr`rE patch_versionrQr8rSrSrT%_execute_noop_fixed_by_livepatch_steps  r]cCsLt|jtr$|j|jjd|jjdttj|j t |jj7_ dSdS)Nr*r+) rr/r*rpr7rjrcr rGrIr_r8rSrSrT _execute_noop_already_fixed_step s  r^cCsg|j|j}t|j||jpg|d}|t|dddD]t}t|tr,t ||t|t r6t ||t|t r@t ||t|trRt|||jtjkrRnCt|trdt|||jtjkrdn1t|trvt|||jtjkrvnt|trt||t|trt||t|trt||q t|jrttt t!dd|jDtj"|_|jtjkrt#j$|j%drtj&|_t'j(j)dd }t|t*j+t,j-dd |j.st/|j|j|j|jfS) N)rErFrGrHcSs|jSru)order)xrSrSrT=sz"execute_fix_plan..)keycSsg|]}|jqSrS)rr)rrrSrSrT asz$execute_fix_plan..)rLrr)0planwarningsrDrEaffected_packagesrgrbrr(r6r)r9r'r=rrMrNrrMrrUrrWr"rZr r]rr^rcrJrlistrKrr should_rebootrLrr rr`r@addrAENABLE_REBOOT_REQUIREDrQr)rrFrH full_planr(r) reboot_msgrSrSrTr-s                        rcKsjtt|jstj|jd|jrttj d|j vr(t |j|j|}|jSt |j|j|j |}|jS)Nrr{)rematchrrr InvalidSecurityIssueIdFormatrFrcr SECURITY_DRY_RUN_WARNINGlowerrrr exit_code)argsrHkwargsrirSrSrT action_fixs rufix)helpz --dry-run store_true)rwactionz --no-related) arguments)rwrry help_categoryargument_groupsru)rN)r)rmrdtypingrrrrrrruaclientr r r r r uaclient.actionsrr+uaclient.api.u.pro.attach.magic.initiate.v1r)uaclient.api.u.pro.attach.magic.revoke.v1rr'uaclient.api.u.pro.attach.magic.wait.v1rr'uaclient.api.u.pro.security.fix._commonrrrr/uaclient.api.u.pro.security.fix._common.plan.v1rrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,+uaclient.api.u.pro.security.fix.cve.plan.v1r-r.r+uaclient.api.u.pro.security.fix.usn.plan.v1r/r(uaclient.api.u.pro.status.is_attached.v1r0r1uaclient.cli.commandsr2r3r4uaclient.cli.detachr5uaclient.cli.parserr6uaclient.clouds.identityr7r8r9uaclient.configr:uaclient.defaultsr;uaclient.entitlementsr<(uaclient.entitlements.entitlement_statusr=r>r?uaclient.filesr@uaclient.files.noticesrAuaclient.messages.urlsrBuaclient.statusrCrDrrryrzrrintrnrrrrrrrrrrror6r9r=rMrUrWrZr]r^rru CLI_ROOT_FIX CLI_FIX_DESCSECURITY CLI_FIX_ISSUECLI_FIX_DRY_RUNCLI_FIX_NO_RELATED fix_commandrSrSrSrTs:$  X             ?  l    , %      > / !      R