}Zc@sdZdgZddlZddlmZddlmZddlmZddl m Z m Z m Z m Z mZdefdYZdS( s<FirewallCommand class for command line client simplificationtFirewallCommandiN(terrors(t FirewallError(t DBusException(t checkIPnMaskt checkIP6nMaskt check_mact check_porttcheck_single_addresscBseZeedZdZdZdZdZdZd+dZ d+dZ d+dZ d+d d Z d+d Zd+d Zd+d+ed ZedZedZedZedZedZd+edZedZedZdZddZdZdZdZdZdZdZ dZ!d+d Z"d!Z#d"Z$d#Z%d$Z&d%Z'd&Z(d'Z)d(Z*d)Z+d*Z,RS(,cCs(||_||_t|_d|_dS(N(tquiettverbosetTruet'_FirewallCommand__use_exception_handlertNonetfw(tselfR R ((s4/usr/lib/python2.7/site-packages/firewall/command.pyt__init__#s   cCs ||_dS(N(R(RR((s4/usr/lib/python2.7/site-packages/firewall/command.pytset_fw)scCs ||_dS(N(R (Rtflag((s4/usr/lib/python2.7/site-packages/firewall/command.pyt set_quiet,scCs|jS(N(R (R((s4/usr/lib/python2.7/site-packages/firewall/command.pyt get_quiet/scCs ||_dS(N(R (RR((s4/usr/lib/python2.7/site-packages/firewall/command.pyt set_verbose2scCs|jS(N(R (R((s4/usr/lib/python2.7/site-packages/firewall/command.pyt get_verbose5scCs1|dk r-|j r-tjj|dndS(Ns (R R tsyststdouttwrite(Rtmsg((s4/usr/lib/python2.7/site-packages/firewall/command.pyt print_msg8scCs1|dk r-|j r-tjj|dndS(Ns (R R RtstderrR(RR((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_error_msg<scCs=d}d}tjjr,|||}n|j|dS(Nss(RRtisattyR(RRtFAILtEND((s4/usr/lib/python2.7/site-packages/firewall/command.pyt print_warning@s icCs:|dkr|j|n |j|tj|dS(Ni(R!RRtexit(RRt exit_code((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_and_exitGs  cCs|j|ddS(Ni(R$(RR((s4/usr/lib/python2.7/site-packages/firewall/command.pytfailRscCs0|dk r,|jr,tjj|dndS(Ns (R R RRR(RR((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_if_verboseUsc Cs1|jdk r|jjng} d} g} x|D]} |dk ry|| } Wqtk r}tjt|}t|dkr|jd|n|j d|||| kr| j |n| d7} q8qXn| j | q8Wx| D]} g}|dk r(||7}nt | t  rXt | t  rX|j | n || 7}|dk r{||7}n|jy||Wnttfk r}t |tr|j|j|j}n t|}tj|}|tjtjtjtjgkr$d}nt|dkrJ|jd|n5|dkrk|jd|dS|j d|||| kr| j |n| d7} nX|jqW| s-t|| ksd| krdSt| dkrtj| dq-t| dkr-tjtjq-ndS(Niis Warning: %ss Error: %s(RR t authorizeAllt ExceptionRtget_codetstrtlenR!R$tappendt isinstancetlistttupletdeactivate_exception_handlerRtfail_if_not_authorizedt get_dbus_nametget_dbus_messageRtALREADY_ENABLEDt NOT_ENABLEDtZONE_ALREADY_SETt ALREADY_SETtactivate_exception_handlerRR"t UNKNOWN_ERROR(Rtcmd_typetoptiont action_methodt query_methodt parse_methodtmessaget start_argstend_argstno_exittitemst_errorst _error_codestitemRtcodet call_item((s4/usr/lib/python2.7/site-packages/firewall/command.pyt__cmd_sequenceYsr                 c Cs&|jd|||||d|dS(NtaddRB(t_FirewallCommand__cmd_sequence(RR;R<R=R>R?RB((s4/usr/lib/python2.7/site-packages/firewall/command.pyt add_sequencesc Cs/|jd|||||d|gd|dS(NRJR@RB(RK(RtxR;R<R=R>R?RB((s4/usr/lib/python2.7/site-packages/firewall/command.pytx_add_sequencesc Cs8|jd|||||d|gd|gd|dS(NRJR@RARB(RK( RtzoneR;R<R=R>R?ttimeoutRB((s4/usr/lib/python2.7/site-packages/firewall/command.pytzone_add_timeout_sequencesc Cs&|jd|||||d|dS(NtremoveRB(RK(RR;R<R=R>R?RB((s4/usr/lib/python2.7/site-packages/firewall/command.pytremove_sequencesc Cs/|jd|||||d|gd|dS(NRRR@RB(RK(RRMR;R<R=R>R?RB((s4/usr/lib/python2.7/site-packages/firewall/command.pytx_remove_sequencesc Cs|g}x|D]}|dk ry||}Wqtk r} t|dkrj|jd| q qtjt| } |jd| | qXn|j|q Wx|D]}g} |dk r| |7} nt |t  rt |t  r| j|n | |7} |j y|| } Wnt k r} |j| jtj| j} t|dkr|jd| jqq|jd| j| nbtk r} tjt| } t|dkr|jd| q|jd| | nX|jt|dkrQ|jd||d| fq|j| qW|sxtjdndS( Nis Warning: %ss Error: %ss%s: %stnotyesi(RUsyes(R R(R+R!RR)R*R$R,R-R.R/R0RR1R2R3R8Rtprint_query_resultRR"( RR;R=R>R?R@RBRCRFRRGRHtres((s4/usr/lib/python2.7/site-packages/firewall/command.pyt__query_sequencesR          "cCs |j||||d|dS(NRB(t _FirewallCommand__query_sequence(RR;R=R>R?RB((s4/usr/lib/python2.7/site-packages/firewall/command.pytquery_sequencesc Cs)|j||||d|gd|dS(NR@RB(RZ(RRMR;R=R>R?RB((s4/usr/lib/python2.7/site-packages/firewall/command.pytx_query_sequencescCsft| rbt| rbt| rb|jdoEt|dk rbttjd|n|S(Nsipset:is8'%s' is no valid IPv4, IPv6 or MAC address, nor an ipset(RRRt startswithR+RRt INVALID_ADDR(Rtvalue((s4/usr/lib/python2.7/site-packages/firewall/command.pyt parse_sources  " t/cCsy|j|\}}Wn'tk rBttjd|nXt|sdttj|n|dkrttjd|n||fS(NsTbad port (most likely missing protocol), correct syntax is portid[-portid]%sprotocolttcptudptsctptdccps''%s' not in {'tcp'|'udp'|'sctp'|'dccp'}(RbRcRdRe(tsplitt ValueErrorRRt INVALID_PORTRtINVALID_PROTOCOL(RR_t separatortporttproto((s4/usr/lib/python2.7/site-packages/firewall/command.pyt parse_ports      c Csd}d}d}d}|jd}x|D]}ym|jd\}} |dkra| }n?|dkrv| }n*|dkr| }n|dkr| }nWq.tk rttjd|q.Xq.W|sttjdn|sttjd n|p|s&ttjd nt|sGttj|n|dkrlttjd|n|rt| rttj|n|rt d| rttj |n||||fS(Nt:t=RkRlttoportttoaddrsinvalid forward port arg '%s's missing portsmissing protocolsmissing destinationRbRcRdRes''%s' not in {'tcp'|'udp'|'sctp'|'dccp'}tipv4(stcpsudpssctpsdccp( R RfRgRRtINVALID_FORWARDRRhRiRR^( RR_RktprotocolRpRqtargstargtopttval((s4/usr/lib/python2.7/site-packages/firewall/command.pytparse_forward_portsH                cCs_|jd}t|dkr/|ddfSt|dkrE|Sttjd|dS(NRoiitisinvalid ipset option '%s'(RfR+RRtINVALID_OPTION(RR_Ru((s4/usr/lib/python2.7/site-packages/firewall/command.pytparse_ipset_option>s cCsDddg}||kr@ttjd|dj|fn|S(NRrtipv6s'invalid argument: %s (choose from '%s')s', '(RRt INVALID_IPVtjoin(RR_tipvs((s4/usr/lib/python2.7/site-packages/firewall/command.pytcheck_destination_ipvHs    cCsUy|jdd\}}Wn#tk rAttjdnX|j||fS(NRnis(destination syntax is ipv:address[/mask](RfRgRRtINVALID_DESTINATIONR(RR_tipvt destination((s4/usr/lib/python2.7/site-packages/firewall/command.pytparse_service_destinationPs    cCsGdddg}||krCttjd|dj|fn|S(NRrR}tebs'invalid argument: %s (choose from '%s')s', '(RRR~R(RR_R((s4/usr/lib/python2.7/site-packages/firewall/command.pyt check_ipvXs   cCsGdddg}||krCttjd|dj|fn|S(NRzRrR}s'invalid argument: %s (choose from '%s')s', '(RRR~R(RR_R((s4/usr/lib/python2.7/site-packages/firewall/command.pytcheck_helper_family`s   cCsc|jds(ttjd|nt|jdddkr_ttjd|n|S(Nt nf_conntrack_s('%s' does not start with 'nf_conntrack_'RzisModule name '%s' too short(R]RRtINVALID_MODULER+treplace(RR_((s4/usr/lib/python2.7/site-packages/firewall/command.pyt check_modulehs c Cs|j}|j}|j}|j}|j}|j} |j} |j} |j} |j } |j }|j }|j }|j }g}|dk r||kr|jdqn|s|r|jdn|r|ddj|}n|j||jrP|jd||jd|n|jd||jd|rvd nd |jd d j||jd d j||jdd j||jdd jg| D]}d|d|df^q|jdd j| |jd| r:d nd |jddjg| D](\}}}}d||||f^qX|jdd jg| D]}d|d|df^q|jdd j||jddj|dS(Ntdefaulttactives (%s)s, s summary: s description: s target: s icmp-block-inversion: %sRVRUs interfaces: t s sources: s services: s ports: s%s/%siis protocols: s masquerade: %ss forward-ports: s s$port=%s:proto=%s:toport=%s:toaddr=%ss source-ports: s icmp-blocks: s rich rules: (t getTargettgetIcmpBlockInversiont getInterfacest getSourcest getServicestgetPortst getProtocolst getMasqueradetgetForwardPortstgetSourcePortst getIcmpBlockst getRichRulestgetDescriptiontgetShortR R,RRR (RROtsettingst default_zonettargetticmp_block_inversiont interfacestsourcestservicestportst protocolst masqueradet forward_portst source_portst icmp_blockstrulest descriptiontshort_descriptiont attributesRkRlRpRq((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_zone_inforsX                    -  7  -c Cs|j}|j}|j}|j}|j}|j}|j} |j||jr|jd| |jd|n|jddj g|D]} d| d| df^q|jddj ||jd dj g|D]} d| d| df^q|jd dj ||jd dj g|j D]\} } d | | f^q]dS( Ns summary: s description: s ports: Rs%s/%siis protocols: s source-ports: s modules: s destination: s%s:%s( RRRt getModulesRtgetDestinationsRRR RRC( RtserviceRRRRtmodulesRt destinationsRRktktv((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_service_infos*         -  -  cCs|j}|j}|j}t|dkrEddg}n|j||jr|jd||jd|n|jddj|dS(NiRrR}s summary: s description: s destination: R(RRRR+RR R(RticmptypeRRRR((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_icmptype_infos     c Cs|j}|j}|j}|j}|j}|j||jrw|jd||jd|n|jd||jddjg|jD](\}} | rd|| fn|^q|jddj|dS(Ns summary: s description: s type: s options: Rs%s=%ss entries: ( tgetTypet getOptionst getEntriesRRRR RRC( RtipsetRt ipset_typetoptionstentriesRRRR((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_ipset_infos       =c Cs|j}|j}|j}|j}|j}|j||jrw|jd||jd|n|jd||jd||jddjg|D]}d|d|d f^qdS( Ns summary: s description: s family: s module: s ports: Rs%s/%sii(Rt getModulet getFamilyRRRR R( RthelperRRtmoduletfamilyRRRk((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_helper_infos       cCs*|r|jdn|jdddS(NRVRUi(R$(RR_((s4/usr/lib/python2.7/site-packages/firewall/command.pyRWscCs|jsn|j|tjt|}|tjtjtjtj gkri|j d|n|j d||dS(Ns Warning: %ss Error: %s( R R1RR)R*RR4R5R6R7R!R$(Rtexception_messageRG((s4/usr/lib/python2.7/site-packages/firewall/command.pytexception_handlers  cCs,d|kr(d}|j|tjndS(NtNotAuthorizedExceptions`Authorization failed. Make sure polkit agent is running or run the application as superuser.(R$RtNOT_AUTHORIZED(RRR((s4/usr/lib/python2.7/site-packages/firewall/command.pyR1s cCs t|_dS(N(tFalseR (R((s4/usr/lib/python2.7/site-packages/firewall/command.pyR0scCs t|_dS(N(R R (R((s4/usr/lib/python2.7/site-packages/firewall/command.pyR8scCsg}t}t|}xu|D]m}|s2Pn|j}t|dks"|ddkrfq"n||kr"|j||j|q"q"W|j|S(Niit#t;(RR(tsettopentstripR+R,RJtclose(RtfilenameRt entries_settftline((s4/usr/lib/python2.7/site-packages/firewall/command.pytget_ipset_entries_from_files    "   N(-t__name__t __module__RRRRRRRR RRR!R$R%R&RKRLRNRQRSRTRZR[R\R`RmRyR|RRRRRRRRRRRWRR1R0R8R(((s4/usr/lib/python2.7/site-packages/firewall/command.pyR"sT           J     2     (     1       (t__doc__t__all__RtfirewallRtfirewall.errorsRtdbus.exceptionsRtfirewall.functionsRRRRRtobjectR(((s4/usr/lib/python2.7/site-packages/firewall/command.pyts  (