ó }”ÍZc@sÛddljZddlZddlZddlZddlmZddlTddlm Z ddl m Z m Z m Z mZmZmZddlmZddlmZdefd „ƒYZd efd „ƒYZdS( iÿÿÿÿN(tconfig(t*(tlog(tuniqifyt checkUsertcheckUidt checkCommandt checkContextt u2b_if_py2(terrors(t FirewallErrort!lockdown_whitelist_ContentHandlercBseZd„Zd„ZRS(cCstj||ƒt|_dS(N(tIO_Object_ContentHandlert__init__tFalset whitelist(tselftitem((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR $scCs»tj|||ƒ|jj||ƒ|dkr\|jrPttjdƒ‚nt|_n[|dkrŸ|js‚t j dƒdS|d}|jj |ƒn|dkrH|jsÅt j dƒdSd|kr"yt |dƒ}Wn't k rt j d |dƒdSX|jj|ƒq·d|kr·|jj|dƒq·no|d kr¢|jsnt j d ƒdSd |kr‹t j d ƒdS|jj|d ƒnt j d|ƒdSdS(NRsMore than one whitelist.tcommands)Parse Error: command outside of whitelisttnametusers&Parse Error: user outside of whitelisttids"Parse Error: %s is not a valid uidtselinuxs)Parse Error: selinux outside of whitelisttcontextsParse Error: no contextsUnknown XML element %s(R t startElementRtparser_check_element_attrsRR R t PARSE_ERRORtTrueRterrort add_commandtintt ValueErrortadd_uidtadd_usert add_context(RRtattrsRtuid((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR(sJ                      (t__name__t __module__R R(((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR #s tLockdownWhitelistcBsxeZdZddgfddgfddgfddgffZdZdgZid*d 6d gd 6d*d 6d gd6Zidd gd 6Zd„Z d„Z d„Z d„Z d„Z d„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd „Zd!„Zd"„Zd#„Zd$„Zd%„Zd&„Zd'„Z d(„Z!d)„Z"RS(+s LockdownWhitelist class tcommandsttcontextstuserstuidsis (asasasai)t_RRRRRRRcCsMtt|ƒjƒ||_d|_g|_g|_g|_g|_ dS(N( tsuperR'R tfilenametNonetparserR(R*R+R,(RR/((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR ms     cCsø|d kr4xå|D]}|j||d ƒqWnÀ|dkrdt|ƒsôttj|ƒ‚qôn|dkr”t|ƒsôttj|ƒ‚qôn`|dkrÄt|ƒsôttj|ƒ‚qôn0|d krôt |ƒsôttj |ƒ‚qôndS( NR(R*R+R,iÿÿÿÿRRRR$(scommandsscontextssuserssuids( t _check_configRR R tINVALID_COMMANDRtINVALID_CONTEXTRt INVALID_USERRt INVALID_UID(RRRtx((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR2xs          cCs |j2|j2|j2|j2dS(N(R(R*R+R,(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytcleanup‰scCssg|jD]}t|ƒ^q |_g|jD]}t|ƒ^q/|_g|jD]}t|ƒ^qT|_dS(s» HACK. I haven't been able to make sax parser return strings encoded (because of python 2) instead of in unicode. Get rid of it once we throw out python 2 support.N(R(RR*R+(RR7((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytencode_strings‘s%%cCs]t|ƒs!ttj|ƒ‚n||jkrC|jj|ƒnttjd|ƒ‚dS(Ns!Command "%s" already in whitelist(RR R R3R(tappendtALREADY_ENABLED(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR›s   cCs<||jkr"|jj|ƒnttjd|ƒ‚dS(NsCommand "%s" not in whitelist.(R(tremoveR R t NOT_ENABLED(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytremove_command¤s cCs ||jkS(N(R((RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt has_command«scCsQxJ|jD]?}|jdƒr9|j|d ƒrItSq ||kr tSq WtS(NRiÿÿÿÿ(R(tendswitht startswithRR(RRt_command((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_command®s cCs|jS(N(R((R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt get_commands¸scCsct|ƒs'ttjt|ƒƒ‚n||jkrI|jj|ƒnttjd|ƒ‚dS(NsUid "%s" already in whitelist(RR R R6tstrR,R:R;(RR$((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR ½s   cCs<||jkr"|jj|ƒnttjd|ƒ‚dS(NsUid "%s" not in whitelist.(R,R<R R R=(RR$((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt remove_uidÇs cCs ||jkS(N(R,(RR$((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pythas_uidÎscCs ||jkS(N(R,(RR$((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_uidÑscCs|jS(N(R,(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytget_uidsÔscCs]t|ƒs!ttj|ƒ‚n||jkrC|jj|ƒnttjd|ƒ‚dS(NsUser "%s" already in whitelist(RR R R5R+R:R;(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR!Ùs   cCs<||jkr"|jj|ƒnttjd|ƒ‚dS(NsUser "%s" not in whitelist.(R+R<R R R=(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt remove_userãs cCs ||jkS(N(R+(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pythas_userêscCs ||jkS(N(R+(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_useríscCs|jS(N(R+(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt get_usersðscCs]t|ƒs!ttj|ƒ‚n||jkrC|jj|ƒnttjd|ƒ‚dS(Ns!Context "%s" already in whitelist(RR R R4R*R:R;(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR"!s   cCs<||jkr"|jj|ƒnttjd|ƒ‚dS(NsContext "%s" not in whitelist.(R*R<R R R=(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytremove_context+s cCs ||jkS(N(R*(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt has_context2scCs ||jkS(N(R*(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_context5scCs|jS(N(R*(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt get_contexts8scCsÃ|jƒ|jjdƒs8ttjd|jƒ‚nt|ƒ}tjƒ}|j |ƒy|j |jƒWn2tj k r¥}ttj d|j ƒƒ‚nX~~tr¿|jƒndS(Ns.xmls'%s' is missing .xml suffixsNot a valid file: %s(R8R/R@R R t INVALID_NAMER tsaxt make_parsertsetContentHandlertparsetSAXParseExceptiont INVALID_TYPEt getExceptiontPY2R9(RthandlerR1tmsg((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytread=s"      cCsHtjj|jƒreytj|jd|jƒWqetk ra}td|j|fƒ‚qeXntjjtj ƒstj tj dƒnt j |jddddƒ}t |ƒ}|jƒ|jdiƒ|jd ƒxHt|jƒD]7}|jd ƒ|jd i|d 6ƒ|jd ƒqñWxNt|jƒD]=}|jd ƒ|jd it|ƒd6ƒ|jd ƒq<WxHt|jƒD]7}|jd ƒ|jd i|d 6ƒ|jd ƒqWxHt|jƒD]7}|jd ƒ|jdi|d6ƒ|jd ƒqØW|jdƒ|jd ƒ|jƒ|jƒ~dS(Ns%s.oldsBackup of '%s' failed: %siètmodetwttencodingsUTF-8Rs s RRRRRR(tostpathtexistsR/tshutiltcopy2t ExceptiontIOErrorRt ETC_FIREWALLDtmkdirtiotopentIO_Object_XMLGeneratort startDocumentRtignorableWhitespaceRR(t simpleElementR,RER+R*t endElementt endDocumenttclose(RR\tfR[RR$RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytwritePsB             N(#R%R&t__doc__tIMPORT_EXPORT_STRUCTUREtDBUS_SIGNATUREtADDITIONAL_ALNUM_CHARSR0tPARSER_REQUIRED_ELEMENT_ATTRStPARSER_OPTIONAL_ELEMENT_ATTRSR R2R8R9RR>R?RCRDR RFRGRHRIR!RJRKRLRMR"RNRORPRQR]Rt(((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR'VsP                   1     (txml.saxRSRaRjRdtfirewallRtfirewall.core.io.io_objecttfirewall.core.loggerRtfirewall.functionsRRRRRRR tfirewall.errorsR R R t IO_ObjectR'(((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyts    .3