AlkantarClanX12

Your IP : 52.14.6.41


Current Path : /lib/python3.6/site-packages/firewall/__pycache__/
Upload File :
Current File : //lib/python3.6/site-packages/firewall/__pycache__/command.cpython-36.pyc

3

@)�f�^�@sfdZdgZddlZddlmZddlmZddlmZddl	m
Z
mZmZm
Z
mZGdd�de�ZdS)	z<FirewallCommand class for command line client simplification�FirewallCommand�N)�errors)�
FirewallError)�
DBusException)�checkIPnMask�
checkIP6nMask�	check_mac�
check_port�check_single_addressc@s�eZdZd\dd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Zd]dd�Z	d^dd�Z
d_dd�Zd`dd�Zdadd�Z
dbdd�Zdcdd�Zdddd�Zded d!�Zdfd"d#�Zdgd$d%�Zdhd&d'�Zdid(d)�Zdjd*d+�Zdkd,d-�Zd.d/�Zdld1d2�Zdmd3d4�Zd5d6�Zd7d8�Zd9d:�Zd;d<�Zd=d>�Zd?d@�Z dgdAfdBdC�Z!dgfdDdE�Z"dgfdFdG�Z#dHdI�Z$dJdK�Z%dLdM�Z&dNdO�Z'dPdQ�Z(dRdS�Z)dTdU�Z*dVdW�Z+dXdY�Z,dZd[�Z-dS)nrFcCs||_||_d|_d|_dS)NT)�quiet�verbose�'_FirewallCommand__use_exception_handler�fw)�selfrr�r�/usr/lib/python3.6/command.py�__init__#szFirewallCommand.__init__cCs
||_dS)N)r)rrrrr�set_fw)szFirewallCommand.set_fwcCs
||_dS)N)r)r�flagrrr�	set_quiet,szFirewallCommand.set_quietcCs|jS)N)r)rrrr�	get_quiet/szFirewallCommand.get_quietcCs
||_dS)N)r)rrrrr�set_verbose2szFirewallCommand.set_verbosecCs|jS)N)r)rrrr�get_verbose5szFirewallCommand.get_verboseNcCs$|dk	r |jr tjj|d�dS)N�
)r�sys�stdout�write)r�msgrrr�	print_msg8szFirewallCommand.print_msgcCs$|dk	r |jr tjj|d�dS)Nr)rr�stderrr)rrrrr�print_error_msg<szFirewallCommand.print_error_msgcCs,d}d}tjj�r|||}|j|�dS)Nzz)rr�isattyr )rrZFAILZENDrrr�
print_warning@s

zFirewallCommand.print_warningrcCs,|dkr|j|�n
|j|�tj|�dS)N�)r"rr�exit)rrZ	exit_coderrr�print_and_exitGs
zFirewallCommand.print_and_exitcCs|j|d�dS)N�)r%)rrrrr�failRszFirewallCommand.failcCs"|dk	r|jrtjj|d�dS)Nr)rrrr)rrrrr�print_if_verboseUsz FirewallCommand.print_if_verbosec
Cs�|jdk	r|jj�g}
d}g}x�|D]�}
|dk	r�y||
�}
Wnxtk
r�}z\tjt|��}t|�dkrz|jd|�n|jd||�||kr�|j	|�|d7}w&WYdd}~XnX|
j	|
�q&W�xb|
D�]X}
g}|dk	r�||7}t
|
t�o�t
|
t��r|j	|
�n||
7}|dk	�r(||7}|j
�y||�Wn�ttfk
�r}z�t
|t��rx|j|j��|j�}nt|�}tj|�}|tjtjtjtjgk�r�d}t|�dk�r�|jd|�n,|dk�r�|jd|�dS|jd||�||k�r|j	|�|d7}WYdd}~XnX|j�q�W|	�s�t|�|k�sJd|k�rNdSt|�dk�rltj|d�nt|�dk�r�tjtj�dS)Nrr#zWarning: %sz	Error: %s)rZauthorizeAll�	Exceptionr�get_code�str�lenr"r%�append�
isinstance�list�tuple�deactivate_exception_handlerr�fail_if_not_authorized�
get_dbus_name�get_dbus_messager�ALREADY_ENABLED�NOT_ENABLED�ZONE_ALREADY_SET�ALREADY_SET�activate_exception_handlerrr$Z
UNKNOWN_ERROR)rZcmd_type�option�
action_method�query_method�parse_method�message�
start_args�end_args�no_exit�itemsZ_errorsZ_error_codes�itemr�code�	call_itemrrrZ__cmd_sequenceYsr










zFirewallCommand.__cmd_sequencec	Cs|jd||||||d�dS)N�add)rA)�_FirewallCommand__cmd_sequence)rr:r;r<r=r>rArrr�add_sequence�szFirewallCommand.add_sequencec
Cs |jd||||||g|d�dS)NrF)r?rA)rG)r�xr:r;r<r=r>rArrr�x_add_sequence�szFirewallCommand.x_add_sequencec		Cs$|jd||||||g|g|d�	dS)NrF)r?r@rA)rG)	r�zoner:r;r<r=r>ZtimeoutrArrr�zone_add_timeout_sequence�sz)FirewallCommand.zone_add_timeout_sequencec	Cs|jd||||||d�dS)N�remove)rA)rG)rr:r;r<r=r>rArrr�remove_sequence�szFirewallCommand.remove_sequencec
Cs |jd||||||g|d�dS)NrM)r?rA)rG)rrIr:r;r<r=r>rArrr�x_remove_sequence�sz!FirewallCommand.x_remove_sequencec
Csg}x�|D]�}|dk	r�y||�}Wn^tk
r�}	zBt|�dkrR|jd|	�w
ntjt|	��}
|jd|	|
�WYdd}	~	XnX|j|�q
W�xv|D�]l}g}|dk	r�||7}t|t	�r�t|t
�r�|j|�n||7}|j�y||�}Wn�tk
�rj}	zZ|j
|	j��tj|	j��}
t|�dk�rF|jd|	j��w�n|jd|	j�|
�WYdd}	~	Xn`tk
�r�}	zBtjt|	��}
t|�dk�r�|jd|	�n|jd|	|
�WYdd}	~	XnX|j�t|�dk�r�|jd||d|f�q�|j|�q�W|�stjd�dS)	Nr#zWarning: %sz	Error: %sz%s: %s�no�yesr)rPrQ)r)r,r"rr*r+r%r-r.r/r0r1rr2r3r4r9r�print_query_resultrr$)
rr:r<r=r>r?rArBrCrrDrE�resrrrZ__query_sequence�sR
""z FirewallCommand.__query_sequencecCs|j|||||d�dS)N)rA)� _FirewallCommand__query_sequence)rr:r<r=r>rArrr�query_sequence�s
zFirewallCommand.query_sequencecCs|j|||||g|d�dS)N)r?rA)rT)rrIr:r<r=r>rArrr�x_query_sequence�s
z FirewallCommand.x_query_sequencecCsJt|�rFt|�rFt|�rF|jd�o2t|�dkrFttjd|��|S)Nzipset:�z8'%s' is no valid IPv4, IPv6 or MAC address, nor an ipset)rrr�
startswithr,rr�INVALID_ADDR)r�valuerrr�parse_source�s

zFirewallCommand.parse_source�/c
Csly|j|�\}}Wn$tk
r6ttjd|��YnXt|�sLttj|��|dkrdttjd|��||fS)NzTbad port (most likely missing protocol), correct syntax is portid[-portid]%sprotocol�tcp�udp�sctp�dccpz''%s' not in {'tcp'|'udp'|'sctp'|'dccp'})r]r^r_r`)�split�
ValueErrorrr�INVALID_PORTr	�INVALID_PROTOCOL)rrZZ	separator�port�protorrr�
parse_portszFirewallCommand.parse_portc
Cs�d}d}d}d}d}x�d||d�kr�||d�jdd�d}|t|�d7}d||d�krx||d�jdd�d}	n||d�}	|t|	�d7}|dkr�|	}q|dkr�|	}q|dkr�|	}q|dkr�|	}q|d	kr�|r�qttjd
|��qW|�sttjd��|�sttjd��|�p|�s*ttjd
��t|��s@ttj|��|dk�rZttjd|��|�rxt|��rxttj|��|�r�td|��r�|�s�td|��r�ttj	|��||||fS)Nr�=r#�:rerf�toport�toaddr�ifzinvalid forward port arg '%s'zmissing portzmissing protocolzmissing destinationr]r^r_r`z''%s' not in {'tcp'|'udp'|'sctp'|'dccp'}�ipv4�ipv6)r]r^r_r`)
rar,rrZINVALID_FORWARDr	rcrdr
rY)
rrZ�compatreZprotocolrjrk�i�opt�valrrr�parse_forward_portsT

z"FirewallCommand.parse_forward_portcCsF|jd�}t|�dkr"|ddfSt|�dkr2|Sttjd|��dS)Nrhr#r�r&zinvalid ipset option '%s')rar,rrZINVALID_OPTION)rrZ�argsrrr�parse_ipset_optionHs
z"FirewallCommand.parse_ipset_optioncCs.ddg}||kr*ttjd|dj|�f��|S)Nrmrnz'invalid argument: %s (choose from '%s')z', ')rr�INVALID_IPV�join)rrZ�ipvsrrr�check_destination_ipvRsz%FirewallCommand.check_destination_ipvcCsDy|jdd�\}}Wn tk
r4ttjd��YnX|j|�|fS)Nrir#z(destination syntax is ipv:address[/mask])rarbrrZINVALID_DESTINATIONrz)rrZZipvZdestinationrrr�parse_service_destinationZsz)FirewallCommand.parse_service_destinationcCs0dddg}||kr,ttjd|dj|�f��|S)NrmrnZebz'invalid argument: %s (choose from '%s')z', ')rrrwrx)rrZryrrr�	check_ipvbs
zFirewallCommand.check_ipvcCs0dddg}||kr,ttjd|dj|�f��|S)Nrtrmrnz'invalid argument: %s (choose from '%s')z', ')rrrwrx)rrZryrrr�check_helper_familyjs
z#FirewallCommand.check_helper_familycCsB|jd�sttjd|��t|jdd��dkr>ttjd|��|S)NZ
nf_conntrack_z('%s' does not start with 'nf_conntrack_'rtr#zModule name '%s' too short)rXrrZINVALID_MODULEr,�replace)rrZrrr�check_modulers


zFirewallCommand.check_moduleTcCs�|j�}|j�}|j�}|j�}	|j�}
|j�}|j�}|j�}
|j�}|j	�}|j
�}|rv|j�}|j�}|j
�}n,|j�}tt|j�|��}|j�}|j�}dd�}g}|dk	r�||kr�|jd�|r�|s�|s�|r�|r�|r�|jd�|�r|ddj|�}|j|�|j�r2|jd|�|jd|�|�rJ|jd	t|��|jd
|�|�sv|jd|�rndnd
�|�r�|jddj|��|jddj|��n(|jddj|��|jddj|��|jddjt|���|jddjdd�|D���|jddjt|	���|�s:|jd|�r2dnd
�|jd|
�rJdnd
�|jd|�rbdnddjdd�|D���|jddjdd�|D���|jd dj|
��|jd!|�r�dnddjt||d"���dS)#NcSsfd}d}y|j|�}Wntk
r*Yn8X|t|�7}t|||||d�jd��jdd��}|S)Nrz	priority=� �"rt)�indexrbr,�intr~)Zrule�priorityZ
search_strrprrr�rich_rule_sorted_key�s*zDFirewallCommand.print_zone_policy_info.<locals>.rich_rule_sorted_key�defaultZactivez (%s)z, z  summary: z  description: z  priority: z
  target: z  icmp-block-inversion: %srQrPz  ingress-zones: r�z  egress-zones: z  interfaces: z  sources: z  services: z	  ports: cSs g|]}d|d|df�qS)z%s/%srr#r)�.0rerrr�
<listcomp>�sz:FirewallCommand.print_zone_policy_info.<locals>.<listcomp>z
  protocols: z
  forward: %sz  masquerade: %sz  forward-ports: z
	rtcSs$g|]\}}}}d||||f�qS)z$port=%s:proto=%s:toport=%s:toaddr=%sr)r�rerfrjrkrrrr��sz  source-ports: cSs g|]}d|d|df�qS)z%s/%srr#r)r�rerrrr��sz  icmp-blocks: z  rich rules: )�key)Z	getTargetZgetServices�getPorts�getProtocolsZ
getMasqueradeZgetForwardPorts�getSourcePortsZ
getIcmpBlocksZgetRichRules�getDescription�getShortZgetIngressZonesZgetEgressZonesZgetPriorityZgetIcmpBlockInversion�sorted�setZ
getInterfacesZ
getSourcesZ
getForwardr-rxrrr+)rrK�settings�default_zone�extra_interfaces�isPolicy�targetZservices�ports�	protocolsZ
masqueradeZ
forward_ports�source_portsZicmp_blocksZrules�description�short_descriptionZ
ingress_zonesZegress_zonesr�Zicmp_block_inversionZ
interfacesZsourcesZforwardr�Z
attributesrrr�print_zone_policy_info|sx






z&FirewallCommand.print_zone_policy_infocCs|j||||dd�dS)NF)r�r�r�)r�)rrKr�r�r�rrr�print_zone_info�szFirewallCommand.print_zone_infocCs|j||||dd�dS)NT)r�r�r�)r�)rZpolicyr�r�r�rrr�print_policy_info�sz!FirewallCommand.print_policy_infocCs.|j�}|j�}|j�}|j�}|j�}|j�}|j�}	|j�}
|j�}|j	|�|j
rt|j	d|	�|j	d|�|j	ddjdd�|D���|j	ddj|��|j	ddjd	d�|D���|j	d
dj|��|j	ddjdd�|j�D���|j	d
djt
|
���|j	ddjt
|���dS)Nz  summary: z  description: z	  ports: r�cSs g|]}d|d|df�qS)z%s/%srr#r)r�rerrrr��sz6FirewallCommand.print_service_info.<locals>.<listcomp>z
  protocols: z  source-ports: cSs g|]}d|d|df�qS)z%s/%srr#r)r�rerrrr��sz  modules: z  destination: cSsg|]\}}d||f�qS)z%s:%sr)r��k�vrrrr��sz  includes: z  helpers: )r�r�r�Z
getModulesr��getDestinationsr�ZgetIncludesZ
getHelpersrrrxrBr�)rZservicer�r�r�r��modulesr��destinationsr�ZincludesZhelpersrrr�print_service_info�s2


z"FirewallCommand.print_service_infocCsp|j�}|j�}|j�}t|�dkr,ddg}|j|�|jrX|jd|�|jd|�|jddj|��dS)Nrrmrnz  summary: z  description: z  destination: r�)r�r�r�r,rrrx)rZicmptyper�r�r�r�rrr�print_icmptype_info�s
z#FirewallCommand.print_icmptype_infocCs�|j�}|j�}|j�}|j�}|j�}|j|�|jrT|jd|�|jd|�|jd|�|jddjdd�|j�D���|jddj|��dS)	Nz  summary: z  description: z  type: z  options: r�cSs$g|]\}}|rd||fn|�qS)z%s=%sr)r�r�r�rrrr�sz4FirewallCommand.print_ipset_info.<locals>.<listcomp>z  entries: )	ZgetTypeZ
getOptionsZ
getEntriesr�r�rrrxrB)rZipsetr�Z
ipset_typeZoptions�entriesr�r�rrr�print_ipset_info�s
z FirewallCommand.print_ipset_infocCs�|j�}|j�}|j�}|j�}|j�}|j|�|jrT|jd|�|jd|�|jd|�|jd|�|jddjdd�|D���dS)	Nz  summary: z  description: z
  family: z
  module: z	  ports: r�cSs g|]}d|d|df�qS)z%s/%srr#r)r�rerrrr�sz5FirewallCommand.print_helper_info.<locals>.<listcomp>)r�Z	getModuleZ	getFamilyr�r�rrrx)r�helperr�r��moduleZfamilyr�r�rrr�print_helper_infos
z!FirewallCommand.print_helper_infocCs |r|jd�n|jdd�dS)NrQrPr#)r%)rrZrrrrRsz"FirewallCommand.print_query_resultcCs\|js�|j|�tjt|��}|tjtjtjtj	gkrH|j
d|�n|jd||�dS)NzWarning: %sz	Error: %s)r
r2rr*r+rr5r6r7r8r"r%)r�exception_messagerDrrr�exception_handlers

z!FirewallCommand.exception_handlercCsd|krd}|j|tj�dS)NZNotAuthorizedExceptionz`Authorization failed.
    Make sure polkit agent is running or run the application as superuser.)r%rZNOT_AUTHORIZED)rr�rrrrr2'sz&FirewallCommand.fail_if_not_authorizedcCs
d|_dS)NF)r
)rrrrr1-sz,FirewallCommand.deactivate_exception_handlercCs
d|_dS)NT)r
)rrrrr90sz*FirewallCommand.activate_exception_handlercCspg}t�}t|�}xP|D]H}|s"P|j�}t|�dks|ddkrDq||kr|j|�|j|�qW|j�|S)Nr#r�#�;)r�r�)r��open�stripr,r-rF�close)r�filenamer�Zentries_set�f�linerrr�get_ipset_entries_from_file3s

z+FirewallCommand.get_ipset_entries_from_file)FF)N)N)N)Nr)N)N)NNF)F)F)F)F)F)NF)F)F)r\)F).�__name__�
__module__�__qualname__rrrrrrrr r"r%r'r(rGrHrJrLrNrOrTrUrVr[rgrsrvrzr{r|r}rr�r�r�r�r�r�r�rRr�r2r1r9r�rrrrr"sX







J





2



2

O)�__doc__�__all__rZfirewallrZfirewall.errorsrZdbus.exceptionsrZfirewall.functionsrrrr	r
�objectrrrrr�<module>s