????

Your IP : 3.15.3.240

Current Path : /lib/python3.9/site-packages/firewall/__pycache__/
Upload File :
Current File : //lib/python3.9/site-packages/firewall/__pycache__/command.cpython-39.opt-1.pyc

a

���g�^�@sfdZdgZddlZddlmZddlmZddlmZddl	m
Z
mZmZm
Z
mZGdd�de�ZdS)	z<FirewallCommand class for command line client simplification�FirewallCommand�N)�errors)�
FirewallError)�
DBusException)�checkIPnMask�
checkIP6nMask�	check_mac�
check_port�check_single_addressc@s�eZdZd\dd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Zd]dd�Z	d^dd�Z
d_dd�Zd`dd�Zdadd�Z
dbdd�Zdcdd�Zdddd�Zded d!�Zdfd"d#�Zdgd$d%�Zdhd&d'�Zdid(d)�Zdjd*d+�Zdkd,d-�Zd.d/�Zdld1d2�Zdmd3d4�Zd5d6�Zd7d8�Zd9d:�Zd;d<�Zd=d>�Zd?d@�Z dgdAfdBdC�Z!dgfdDdE�Z"dgfdFdG�Z#dHdI�Z$dJdK�Z%dLdM�Z&dNdO�Z'dPdQ�Z(dRdS�Z)dTdU�Z*dVdW�Z+dXdY�Z,dZd[�Z-dS)nrFcCs||_||_d|_d|_dS�NT)�quiet�verbose�'_FirewallCommand__use_exception_handler�fw)�selfrr
�r�4/usr/lib/python3.9/site-packages/firewall/command.py�__init__#szFirewallCommand.__init__cCs
||_dS�N)r)rrrrr�set_fw)szFirewallCommand.set_fwcCs
||_dSr�r�r�flagrrr�	set_quiet,szFirewallCommand.set_quietcCs|jSrr�rrrr�	get_quiet/szFirewallCommand.get_quietcCs
||_dSr�r
rrrr�set_verbose2szFirewallCommand.set_verbosecCs|jSrrrrrr�get_verbose5szFirewallCommand.get_verboseNcCs"|dur|jstj�|d�dS�N�
)r�sys�stdout�write�r�msgrrr�	print_msg8szFirewallCommand.print_msgcCs"|dur|jstj�|d�dSr)rr!�stderrr#r$rrr�print_error_msg<szFirewallCommand.print_error_msgcCs,d}d}tj��r|||}|�|�dS)Nzz)r!r'�isattyr()rr%ZFAILZENDrrr�
print_warning@s

zFirewallCommand.print_warningrcCs,|dkr|�|�n
|�|�t�|�dS)N�)r*r&r!�exit)rr%Z	exit_coderrr�print_and_exitGs
zFirewallCommand.print_and_exitcCs|�|d�dS)N��r-r$rrr�failRszFirewallCommand.failcCs"|dur|jrtj�|d�dSr)r
r!r"r#r$rrr�print_if_verboseUsz FirewallCommand.print_if_verbosec
Cs�|jdur|j��g}
d}g}|D]�}
|dur�z||
�}
Wn�ty�}zlt�t|��}t|�dkrv|�d|�n|�d||�||vr�|�	|�|d7}WYd}~q$WYd}~n
d}~00|
�	|
�q$|
D�]d}
g}|dur�||7}t
|
t��st
|
t��s|�	|
�n||
7}|du�r*||7}|�
�z||�Wn�ttf�y.}z�t
|t��rx|�|���|��}nt|�}t�|�}|tjtjtjtjfv�r�d}t|�dk�r�|�d|�n8|dk�r�|�d|�WYd}~dS|�d||�||v�r|�	|�|d7}WYd}~n
d}~00|��q�|	�s�t|�|k�sXd|v�r\dSt|�dk�rzt�|d�nt|�dk�r�t�tj�dS)Nrr+�Warning: %s�	Error: %s)rZauthorizeAll�	Exceptionr�get_code�str�lenr*r-�append�
isinstance�list�tuple�deactivate_exception_handlerr�fail_if_not_authorized�
get_dbus_name�get_dbus_messager�ALREADY_ENABLED�NOT_ENABLED�ZONE_ALREADY_SET�ALREADY_SET�activate_exception_handlerr!r,Z
UNKNOWN_ERROR)rZcmd_type�option�
action_method�query_method�parse_method�message�
start_args�end_args�no_exit�items�_errorsZ_error_codes�itemr%�code�	call_itemrrrZ__cmd_sequenceYst


"




�



zFirewallCommand.__cmd_sequencec	Cs|jd||||||d�dS)N�add�rL��_FirewallCommand__cmd_sequence�rrErFrGrHrIrLrrr�add_sequence�s�zFirewallCommand.add_sequencec
Cs |jd||||||g|d�dS)NrR�rJrLrT�r�xrErFrGrHrIrLrrr�x_add_sequence�s�zFirewallCommand.x_add_sequencec		Cs$|jd||||||g|g|d�	dS)NrR)rJrKrLrT)	r�zonerErFrGrHrI�timeoutrLrrr�zone_add_timeout_sequence�s�z)FirewallCommand.zone_add_timeout_sequencec	Cs|jd||||||d�dS)N�removerSrTrVrrr�remove_sequence�s�zFirewallCommand.remove_sequencec
Cs |jd||||||g|d�dS)Nr_rXrTrYrrr�x_remove_sequence�s�z!FirewallCommand.x_remove_sequencec
Cs*g}|D]�}|dur�z||�}Wnjty�}	zRt|�dkrX|�d|	�WYd}	~	qnt�t|	��}
|�d|	|
�WYd}	~	n
d}	~	00|�|�q|D�]v}g}|dur�||7}t|t	�s�t|t
�s�|�|�n||7}|��z||�}Wn�t�yv}	zj|�
|	���t�|	���}
t|�dk�rN|�d|	���WYd}	~	q�n|�d|	��|
�WYd}	~	njd}	~	0t�y�}	zHt�t|	��}
t|�dk�r�|�d|	�n|�d|	|
�WYd}	~	n
d}	~	00|��t|�dk�r
|�d||d|f�q�|�|�q�|�s&t�d�dS)Nr+r2r3z%s: %s)�no�yesr)r4r7r*rr5r6r-r8r9r:r;r<rr=r>r?rDr&�print_query_resultr!r,)
rrErGrHrIrJrLrMrOr%rPrQ�resrrrZ__query_sequence�sT&
�&z FirewallCommand.__query_sequencecCs|j|||||d�dS)NrS�� _FirewallCommand__query_sequence)rrErGrHrIrLrrr�query_sequence�s
�zFirewallCommand.query_sequencecCs|j|||||g|d�dS)NrXrf)rrZrErGrHrIrLrrr�x_query_sequence�s
�z FirewallCommand.x_query_sequencecCsBt|�s>t|�s>t|�s>|�d�r.t|�dks>ttjd|��|S)Nzipset:�z8'%s' is no valid IPv4, IPv6 or MAC address, nor an ipset)rrr�
startswithr7rr�INVALID_ADDR�r�valuerrr�parse_source�s��
��zFirewallCommand.parse_source�/cCsjz|�|�\}}Wn"ty4ttjd|��Yn0t|�sJttj|��|dvrbttjd|��||fS)NzTbad port (most likely missing protocol), correct syntax is portid[-portid]%sprotocol�ZtcpZudpZsctpZdccp�''%s' not in {'tcp'|'udp'|'sctp'|'dccp'})�split�
ValueErrorrr�INVALID_PORTr	�INVALID_PROTOCOL)rrn�	separator�port�protorrr�
parse_ports���zFirewallCommand.parse_portc
Cs�d}d}d}d}d}d||d�vr�||d��dd�d}|t|�d7}d||d�vrv||d��dd�d}	n||d�}	|t|	�d7}|dkr�|	}q|dkr�|	}q|dkr�|	}q|dkr�|	}q|d	kr�|r�qttjd
|��q|s�ttjd��|�sttjd��|�s$|�s$ttjd
��t|��s:ttj|��|dv�rTttjd|��|�rpt|��spttj|��|�r�td|��s�|�s�td|��s�ttj	|��||||fS)Nr�=r+�:rxry�toport�toaddr�ifzinvalid forward port arg '%s'zmissing portzmissing protocolzmissing destinationrqrr�ipv4�ipv6)
rsr7rrZINVALID_FORWARDr	rurvr
rl)
rrn�compatrxZprotocolr}r~�i�opt�valrrr�parse_forward_portsZ�

��z"FirewallCommand.parse_forward_portcCsF|�d�}t|�dkr"|ddfSt|�dkr2|Sttjd|��dS)Nr{r+r�r.zinvalid ipset option '%s')rsr7rrZINVALID_OPTION)rrn�argsrrr�parse_ipset_optionHs
�z"FirewallCommand.parse_ipset_optioncCs.ddg}||vr*ttjd|d�|�f��|S)Nr�r��'invalid argument: %s (choose from '%s')�', '�rrZINVALID_IPV�join�rrnZipvsrrr�check_destination_ipvRs��z%FirewallCommand.check_destination_ipvcCsBz|�dd�\}}Wnty2ttjd��Yn0|�|�|fS)Nr|r+z(destination syntax is ipv:address[/mask])rsrtrrZINVALID_DESTINATIONr�)rrnZipvZdestinationrrr�parse_service_destinationZs�
z)FirewallCommand.parse_service_destinationcCs.gd�}||vr*ttjd|d�|�f��|S)N)r�r�Zebr�r�r�r�rrr�	check_ipvbs��zFirewallCommand.check_ipvcCs.gd�}||vr*ttjd|d�|�f��|S)N)r�r�r�r�r�r�r�rrr�check_helper_familyjs��z#FirewallCommand.check_helper_familycCsB|�d�sttjd|��t|�dd��dkr>ttjd|��|S)NZ
nf_conntrack_z('%s' does not start with 'nf_conntrack_'r�r+zModule name '%s' too short)rkrrZINVALID_MODULEr7�replacermrrr�check_modulers
��zFirewallCommand.check_moduleTc	Cs�|��}|��}|��}|��}	|��}
|��}|��}|��}
|��}|�	�}|�
�}|rv|��}|��}|�
�}n,|��}tt|��|��}|��}|��}dd�}g}|dur�||kr�|�d�|s�|s�|s�|r�|r�|r�|�d�|�r|dd�|�}|�|�|j�r0|�d|�|�d|�|�rH|�d	t|��|�d
|�|�st|�d|�rldnd
�|�r�|�dd�|��|�dd�|��n(|�dd�|��|�dd�|��|�dd�t|���|�dd�dd�|D���|�dd�t|	���|�s8|�d|�r0dnd
�|�d|
�rHdnd
�|�d|�r`dndd�dd�|D���|�dd�dd�|D���|�d d�|
��|�d!|�r�dndd�t||d"���dS)#NcSsdd}d}z|�|�}Wnty(Yn80|t|�7}t|||||d��d���dd��}|S)Nrz	priority=� �"r�)�indexrtr7�intr�)Zrule�priorityZ
search_strr�rrr�rich_rule_sorted_key�s*zDFirewallCommand.print_zone_policy_info.<locals>.rich_rule_sorted_key�defaultZactivez (%s)z, �  summary: �  description: z  priority: z
  target: z  icmp-block-inversion: %srcrbz  ingress-zones: r�z  egress-zones: z  interfaces: z  sources: z  services: �	  ports: cSs g|]}d|d|df�qS�z%s/%srr+r��.0rxrrr�
<listcomp>�s�z:FirewallCommand.print_zone_policy_info.<locals>.<listcomp>�
  protocols: z
  forward: %sz  masquerade: %sz  forward-ports: z
	r�cSs$g|]\}}}}d||||f�qS)z$port=%s:proto=%s:toport=%s:toaddr=%sr)r�rxryr}r~rrrr��s
�
��  source-ports: cSs g|]}d|d|df�qSr�rr�rrrr��s�z  icmp-blocks: z  rich rules: )�key)Z	getTargetZgetServices�getPorts�getProtocolsZ
getMasqueradeZgetForwardPorts�getSourcePortsZ
getIcmpBlocksZgetRichRules�getDescription�getShortZgetIngressZonesZgetEgressZonesZgetPriorityZgetIcmpBlockInversion�sorted�setZ
getInterfacesZ
getSourcesZ
getForwardr8r�r&r
r6)rr\�settings�default_zone�extra_interfaces�isPolicy�targetZservices�ports�	protocolsZ
masqueradeZ
forward_ports�source_portsZicmp_blocksZrules�description�short_descriptionZ
ingress_zonesZegress_zonesr�Zicmp_block_inversionZ
interfacesZsourcesZforwardr�Z
attributesrrr�print_zone_policy_info|s�


���

��
��
���z&FirewallCommand.print_zone_policy_infocCs|j||||dd�dS)NF�r�r�r��r�)rr\r�r�r�rrr�print_zone_info�szFirewallCommand.print_zone_infocCs|j||||dd�dS)NTr�r�)rZpolicyr�r�r�rrr�print_policy_info�sz!FirewallCommand.print_policy_infocCs.|��}|��}|��}|��}|��}|��}|��}	|��}
|��}|�	|�|j
rt|�	d|	�|�	d|�|�	dd�dd�|D���|�	dd�|��|�	dd�d	d�|D���|�	d
d�|��|�	dd�dd�|��D���|�	d
d�t
|
���|�	dd�t
|���dS)Nr�r�r�r�cSs g|]}d|d|df�qSr�rr�rrrr��s�z6FirewallCommand.print_service_info.<locals>.<listcomp>r�r�cSs g|]}d|d|df�qSr�rr�rrrr��s�z  modules: �  destination: cSsg|]\}}d||f�qS)z%s:%sr�r��k�vrrrr��s�z  includes: z  helpers: )r�r�r�Z
getModulesr��getDestinationsr�ZgetIncludesZ
getHelpersr&r
r�rMr�)rZservicer�r�r�r��modulesr��destinationsr�ZincludesZhelpersrrr�print_service_info�s<
�
��
��z"FirewallCommand.print_service_infocCsp|��}|��}|��}t|�dkr,ddg}|�|�|jrX|�d|�|�d|�|�dd�|��dS)Nrr�r�r�r�r�r�)r�r�r�r7r&r
r�)rZicmptyper�r�r�r�rrr�print_icmptype_info�s
z#FirewallCommand.print_icmptype_infocCs�|��}|��}|��}|��}|��}|�|�|jrT|�d|�|�d|�|�d|�|�dd�dd�|��D���|�dd�|��dS)	Nr�r�z  type: z  options: r�cSs$g|]\}}|rd||fn|�qS)z%s=%srr�rrrr�s�z4FirewallCommand.print_ipset_info.<locals>.<listcomp>z  entries: )	ZgetTypeZ
getOptionsZ
getEntriesr�r�r&r
r�rM)rZipsetr�Z
ipset_type�options�entriesr�r�rrr�print_ipset_info�s
�z FirewallCommand.print_ipset_infocCs�|��}|��}|��}|��}|��}|�|�|jrT|�d|�|�d|�|�d|�|�d|�|�dd�dd�|D���dS)	Nr�r�z
  family: z
  module: r�r�cSs g|]}d|d|df�qSr�rr�rrrr�s�z5FirewallCommand.print_helper_info.<locals>.<listcomp>)r�Z	getModuleZ	getFamilyr�r�r&r
r�)r�helperr�r��moduleZfamilyr�r�rrr�print_helper_infos
�z!FirewallCommand.print_helper_infocCs |r|�d�n|�dd�dS)Nrcrbr+r/rmrrrrdsz"FirewallCommand.print_query_resultcCs\|js�|�|�t�t|��}|tjtjtjtj	fvrH|�
d|�n|�d||�dS)Nr2r3)rr=rr5r6rr@rArBrCr*r-)r�exception_messagerPrrr�exception_handlers

�z!FirewallCommand.exception_handlercCsd|vrd}|�|tj�dS)NZNotAuthorizedExceptionz`Authorization failed.
    Make sure polkit agent is running or run the application as superuser.)r-rZNOT_AUTHORIZED)rr�r%rrrr='sz&FirewallCommand.fail_if_not_authorizedcCs
d|_dS)NF�rrrrrr<-sz,FirewallCommand.deactivate_exception_handlercCs
d|_dSrr�rrrrrD0sz*FirewallCommand.activate_exception_handlercCsng}t�}t|�}|D]J}|s"qb|��}t|�dks|ddvrDq||vr|�|�|�|�q|��|S)Nr+r)�#�;)r��open�stripr7r8rR�close)r�filenamer�Zentries_set�f�linerrr�get_ipset_entries_from_file3s
z+FirewallCommand.get_ipset_entries_from_file)FF)N)N)N)Nr)N)N)NNF)F)F)F)F)F)NF)F)F)rp)F).�__name__�
__module__�__qualname__rrrrrrr&r(r*r-r0r1rUrWr[r^r`rargrhrirorzr�r�r�r�r�r�r�r�r�r�r�r�r�r�rdr�r=r<rDr�rrrrr"sj






�
L�
�
�
�
�
�
3�
�


2

O)�__doc__�__all__r!ZfirewallrZfirewall.errorsrZdbus.exceptionsrZfirewall.functionsrrrr	r
�objectrrrrr�<module>s