????

Your IP : 3.149.255.21

Current Path : /lib/python3.9/site-packages/firewall/__pycache__/
Upload File :
Current File : //lib/python3.9/site-packages/firewall/__pycache__/functions.cpython-39.pyc

a

���g+J�@s�gd�ZddlZddlZddlZddlZddlZddlZddlZddlm	Z	ddl
mZmZdd�e
dd�D�Zdd	�Zd
d�ZdUd
d�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd �Zd!d"�Zd#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Z d-d.�Z!d/d0�Z"d1d2�Z#d3d4�Z$d5d6�Z%d7d8�Z&d9d:�Z'd;d<�Z(d=d>�Z)d?d@�Z*dAdB�Z+dCdD�Z,dEdF�Z-dGdH�Z.dIdJ�Z/dKdL�Z0dMdN�Z1dOdP�Z2dQdR�Z3dSdT�Z4dS)V)!�	getPortID�getPortRange�portStr�getServiceName�checkIP�checkIP6�checkIPnMask�
checkIP6nMask�
checkProtocol�checkInterface�checkUINT16�checkUINT32�firewalld_is_active�tempFile�readfile�	writefile�enable_ip_forwarding�
check_port�
check_address�check_single_address�	check_mac�uniqify�ppid_of_pid�max_zone_name_len�	checkUser�checkUid�checkCommand�checkContext�joinArgs�	splitArgs�max_policy_name_len�checkTcpMssClamp�stripNonPrintableCharacters�N)�log)�FIREWALLD_TEMPDIR�FIREWALLD_PIDFILEcCs"i|]}|dkr|dks|d�qS)��N�)�.0�ir(r(�6/usr/lib/python3.9/site-packages/firewall/functions.py�
<dictcomp>+sr,�cCstt|t�r|}nT|r|��}zt|�}Wn:tybzt�|�}Wntjy\YYdS0Yn0|dkrpdS|S)z� Check and Get port id from port string or port id using socket.getservbyname

    @param port port string or port id
    @return Port id if valid, -1 if port can not be found and -2 if port is too big
    �������)�
isinstance�int�strip�
ValueError�socketZ
getservbyname�error)�portZ_idr(r(r+r4s
rcCs�t|t�st|t�r|St|t�s*|��rDt|�}|dkr@|fS|S|�d�}t|�dkr�|d��r�|d��r�t|d�}t|d�}|dkr�|dkr�||kr�||fS||kr�||fS|fSg}tt|�dd�D]�}td�	|d|���}d�	||d��}t|�dk�rlt|�}|dk�r�|dk�r�||k�rD|�
||f�n&||k�r^|�
||f�n|�
|f�q�|dkr�|�
|f�|t|�kr��q�q�t|�dk�r�dSt|�dk�r�dS|dS)aI Get port range for port range string or single port id

    @param ports an integer or port string or port range string
    @return Array containing start and end port id for a valid range or -1 if port can not be found and -2 if port is too big for integer input or -1 for invalid ranges or None if the range is ambiguous.
    r"�-��r.N)r1�tuple�listr2�isdigitr�split�len�range�join�append)ZportsZid1�splitsZid2Zmatchedr*Zport2r(r(r+rKsL
$

r�:cCsX|dkrdSt|�}t|t�r*|dkr*dSt|�dkr>d|Sd|d||dfSdS)a Create port and port range string

    @param port port or port range int or [int, int]
    @param delimiter of the output string for port ranges, default ':'
    @return Port or port range string, empty string if port isn't specified, None if port or port range is not valid
    �r"Nr:z%sz%s%s%s)rr1r2r?)r7Z	delimiter�_ranger(r(r+r�srcCst|�}t|�}t|�dkr�t|�dkr@t|d�t|d�kSt|�dkr�t|d�t|d�kr�t|d�t|d�kr�dSn|t|�dkr�t|�dkr�t|d�t|d�kr�t|d�t|d�kr�t|d�t|d�kr�t|d�t|d�kr�dSdS)Nr:r"r9TF)rr?r)r7r@Z_portrFr(r(r+�portInPortRange�s.������rGcCsPt|�}t|�dkr$|d|df}tt|�}ttdd�|�dd�d�}g}|D]�}|d|dkr�|d|dkr�|�|�qP|d|dkr�|d|dkr�|d|dkr�|�|�|d|df}qP|d|dkrP|d|dkrP|d|dkrP|�|�|d|df}qPttdd�|��}|d|dk�rF|df}|g|fS)z� Coalesce a port range with existing list of port ranges

        @param new_range tuple/list/string
        @param ranges list of tuple/list/string
        @return tuple of (list of ranges added after coalescing, list of removed original ranges)
    r:r"cSs t|�dkr|d|dfS|S�Nr:r"�r?��xr(r(r+�<lambda>��z#coalescePortRange.<locals>.<lambda>cSs|dS�Nr"r(rJr(r(r+rL�rM��keycSs|d|dkr|dfS|S�Nr"r:r(rJr(r(r+rL�rM�rr?�map�sortedrBr<)Z	new_range�rangesZcoalesced_range�_ranges�removed_rangesr@r(r(r+�coalescePortRange�s.
  �
 �

rXcCs�t|�}t|�dkr$|d|df}tt|�}ttdd�|�dd�d�}g}g}|D�]@}|d|dkr�|d|dkr�|�|�qT|d|dkr�|d|dkr�|d|dkr�|�|�|�|dd|df�qT|d|dk�r8|d|dk�r8|d|dk�r8|�|�|�|d|ddf�qT|d|dkrT|d|dkrT|�|�|�|d|ddf�|�|dd|df�qTttdd�|��}ttdd�|��}||fS)	z� break a port range from existing list of port ranges

        @param remove_range tuple/list/string
        @param ranges list of tuple/list/string
        @return tuple of (list of ranges added after breaking up, list of removed original ranges)
    r:r"cSs t|�dkr|d|dfS|SrHrIrJr(r(r+rL�rMz breakPortRange.<locals>.<lambda>cSs|dSrNr(rJr(r(r+rL�rMrOcSs|d|dkr|dfS|SrQr(rJr(r(r+rL�rMcSs|d|dkr|dfS|SrQr(rJr(r(r+rL�rMrR)Zremove_rangerUrVrWZadded_rangesr@r(r(r+�breakPortRange�s6

  �
$�
 
rYcCs0zt�t|�|�}Wntjy*YdS0|S)z� Check and Get service name from port and proto string combination using socket.getservbyport

    @param port string or id
    @param protocol string
    @return Service name if port and protocol are valid, else None
    N)r5Z
getservbyportr2r6)r7�proto�namer(r(r+r�s
rcCs.zt�tj|�Wntjy(YdS0dS)zh Check IPv4 address.

    @param ip address string
    @return True if address is valid, else False
    FT)r5�	inet_ptonZAF_INETr6��ipr(r(r+rs
rcCs
|�d�S)z� Normalize the IPv6 address

    This is mostly about converting URL-like IPv6 address to normal ones.
    e.g. [1234::4321] --> 1234:4321
    z[])r3r]r(r(r+�normalizeIP6sr_cCs2zt�tjt|��Wntjy,YdS0dS)zh Check IPv6 address.

    @param ip address string
    @return True if address is valid, else False
    FT)r5r\ZAF_INET6r_r6r]r(r(r+rs
rcCs�|�d�}|dkr<|d|�}||dd�}|r6|sDdSn|}d}t|�sPdS|r�d|vrdt|�Szt|�}Wnty�YdS0|dks�|dkr�dSdS)	N�/r.r:F�.r"� T)�findrr2r4�r^�index�addr�maskr*r(r(r+r*s(
rcCs
|�t�S�N)�	translate�NOPRINT_TRANS_TABLE)Zrule_strr(r(r+r!Bsr!cCs�|�d�}|dkr<|d|�}||dd�}|r6|sDdSn|}d}t|�sPdS|r�zt|�}WntytYdS0|dks�|dkr�dSdS)Nr`r.r:Fr"�T)rcrr2r4rdr(r(r+rEs$
rcCs`zt|�}Wn:tyFzt�|�Wntjy@YYdS0Yn0|dksX|dkr\dSdS)NFr"�T)r2r4r5Zgetprotobynamer6)Zprotocolr*r(r(r+r	[sr	cCs:|r6|��rt|�dkr6dSn|dkr*dS|dkr6dSdS)NiF�NoneTZpmtu)r=r2)Ztcp_mss_clamp_valuer(r(r+r jsr cCs0|rt|�dkrdSdD]}||vrdSqdS)z� Check interface string

    @param interface string
    @return True if interface is valid (maximum 16 chars and does not contain ' ', '/', '!', ':', '*'), else False
    �F)� r`�!�*TrI)Ziface�chr(r(r+r
usr
cCs<zt|d�}Wnty"YdS0|dkr8|dkr8dSdS)Nr"Fr/T�r2r4��valrKr(r(r+r�srcCs<zt|d�}Wnty"YdS0|dkr8|dkr8dSdS)Nr"Fl��Trsrtr(r(r+r�srcCs�tj�t�sdSz6ttd��}|��}Wd�n1s:0YWntyZYdS0tj�d|�spdSz:td|d��}|��}Wd�n1s�0YWnty�YdS0d|vr�dSdS)zv Check if firewalld is active

    @return True if there is a firewalld pid file and the pid is used by firewalld
    F�rNz/proc/%sz/proc/%s/cmdlineZ	firewalldT)�os�path�existsr%�open�readline�	Exception)�fd�pidZcmdliner(r(r+r
�s"**r
c
Csfz,tj�t�st�td�tjddtdd�WSty`}zt�	d|��WYd}~n
d}~00dS)Ni�Zwtztemp.F)�mode�prefix�dir�deletez#Failed to create temporary file: %s)
rwrxryr$�mkdir�tempfileZNamedTemporaryFiler|r#r6)�msgr(r(r+r�s�rc
Cstz8t|d��}|��Wd�WS1s,0YWn6tyn}zt�d||f�WYd}~n
d}~00dS)NrvzFailed to read file "%s": %s)rz�	readlinesr|r#r6)�filename�f�er(r(r+r�s,(rc
Csvz8t|d��}|�|�Wd�n1s,0YWn8typ}z t�d||f�WYd}~dSd}~00dS)N�wz Failed to write to file "%s": %sFT)rz�writer|r#r6)r��liner�r�r(r(r+r�s,rcCs(|dkrtdd�S|dkr$tdd�SdS)N�ipv4z/proc/sys/net/ipv4/ip_forwardz1
�ipv6z&/proc/sys/net/ipv6/conf/all/forwardingF)r)�ipvr(r(r+r�s


rcCs|�dd��dd�S)N�_r8z
nf-conntrack-rE)�replace)�moduler(r(r+�get_nf_conntrack_short_name�sr�cCs�t|�}|dks<|dks<|dus<t|�dkr�|d|dkr�|dkrTt�d|�nZ|dkrlt�d|�nB|dur�t�d|�n*t|�dkr�|d|dkr�t�d	|�d
SdS)Nr0r.r9r"r:z'%s': port > 65535z'%s': port is invalidz'%s': port is ambiguousz'%s': range start >= endFT)rr?r#Zdebug2)r7rFr(r(r+r�s 
��rcCs(|dkrt|�S|dkr t|�SdSdS�Nr�r�F)rr�r��sourcer(r(r+r�s
rcCs(|dkrt|�S|dkr t|�SdSdSr�)rrr�r(r(r+r�s
rcCsNt|�dkrJdD]}||dkrdSqdD]}||tjvr,dSq,dSdS)N�)r9����rDF)r"r:�����	�
��
�rnT)r?�stringZ	hexdigits)Zmacr*r(r(r+r�srcCs$g}|D]}||vr|�|�q|Srh)rB)Z_list�outputrKr(r(r+r
s
rcCsHz.t�d|�}t|��d���}|��WntyBYdS0|S)z Get parent for pid zps -o ppid -h -p %d 2>/dev/nullr"N)rw�popenr2r�r3�closer|)r~r�r(r(r+rsrcCsBddlm}ddlm}ttt|����}d|t|�td�S)z�
    iptables limits length of chain to (currently) 28 chars.
    The longest chain we create is POST_<policy>_allow,
    which leaves 28 - 11 = 17 chars for <policy>.
    r")�POLICY_CHAIN_PREFIX��	SHORTCUTS�Z_allow)Zfirewall.core.ipXtablesr��firewall.core.baser��maxrSr?�values)r�r��longest_shortcutr(r(r+rsrcCs.ddlm}ttt|����}d|td�S)z�
    Netfilter limits length of chain to (currently) 28 chars.
    The longest chain we create is POST_<zone>_allow,
    which leaves 28 - 11 = 17 chars for <zone>.
    r"r�r�Z__allow)r�r�r�rSr?r�)r�r�r(r(r+r'srcCsRt|�dkst|�t�d�kr"dS|D]&}|tjvr&|tjvr&|dvr&dSq&dS)Nr:�SC_LOGIN_NAME_MAXF)rar8r��$T)r?rw�sysconfr��
ascii_letters�digits)�user�cr(r(r+r1s
��rcCsDt|t�r,zt|�}Wnty*YdS0|dkr@|dkr@dSdS)NFr"i���T)r1�strr2r4)�uidr(r(r+r;s
rcCsHt|�dkst|�dkrdSdD]}||vr dSq |ddkrDdSdS)Nr:iF)�|�
�r"r`TrI)Zcommandrrr(r(r+rEsrcCs�|�d�}t|�dvrdS|ddkr>|ddd�dkr>dS|ddd�d	krVdS|d
dd�dkrndSt|d�dkr�dSd
S)NrD)r�r�Fr"�rootr0Z_ur:Z_rr9Z_tr�T)r>r?)�contextrCr(r(r+rOs
 rcCs8dtt�vr d�dd�|D��Sd�dd�|D��SdS)N�quoterocss|]}t�|�VqdSrh)�shlexr��r)�ar(r(r+�	<genexpr>crMzjoinArgs.<locals>.<genexpr>css|]}t�|�VqdSrh)�pipesr�r�r(r(r+r�erM)r�r�rA)�argsr(r(r+rasrcCs
t�|�Srh)r�r>)Z_stringr(r(r+rgsr)rD)5�__all__r5rwZos.pathr�r�r�r�Zfirewall.core.loggerr#Zfirewall.configr$r%r@rjrrrrGrXrYrrr_rrr!rr	r r
rrr
rrrrr�rrrrrrrrrrrrrrr(r(r(r+�<module>sd�	:
&+