c`c@sdZdgZddlZddlmZddlmZddlmZddl m Z m Z m Z m Z mZdefdYZdS( s<FirewallCommand class for command line client simplificationtFirewallCommandiN(terrors(t FirewallError(t DBusException(t checkIPnMaskt checkIP6nMaskt check_mact check_porttcheck_single_addresscBseZeedZdZdZdZdZdZd+dZ d+dZ d+dZ d+d d Z d+d Zd+d Zd+d+ed ZedZedZedZedZedZd+edZedZedZdZddZedZdZdZdZdZdZ dZ!d+gd Z"d!Z#d"Z$d#Z%d$Z&d%Z'd&Z(d'Z)d(Z*d)Z+d*Z,RS(,cCs(||_||_t|_d|_dS(N(tquiettverbosetTruet'_FirewallCommand__use_exception_handlertNonetfw(tselfR R ((s4/usr/lib/python2.7/site-packages/firewall/command.pyt__init__#s   cCs ||_dS(N(R(RR((s4/usr/lib/python2.7/site-packages/firewall/command.pytset_fw)scCs ||_dS(N(R (Rtflag((s4/usr/lib/python2.7/site-packages/firewall/command.pyt set_quiet,scCs|jS(N(R (R((s4/usr/lib/python2.7/site-packages/firewall/command.pyt get_quiet/scCs ||_dS(N(R (RR((s4/usr/lib/python2.7/site-packages/firewall/command.pyt set_verbose2scCs|jS(N(R (R((s4/usr/lib/python2.7/site-packages/firewall/command.pyt get_verbose5scCs1|dk r-|j r-tjj|dndS(Ns (R R tsyststdouttwrite(Rtmsg((s4/usr/lib/python2.7/site-packages/firewall/command.pyt print_msg8scCs1|dk r-|j r-tjj|dndS(Ns (R R RtstderrR(RR((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_error_msg<scCs=d}d}tjjr,|||}n|j|dS(Nss(RRtisattyR(RRtFAILtEND((s4/usr/lib/python2.7/site-packages/firewall/command.pyt print_warning@s icCs:|dkr|j|n |j|tj|dS(Ni(R!RRtexit(RRt exit_code((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_and_exitGs  cCs|j|ddS(Ni(R$(RR((s4/usr/lib/python2.7/site-packages/firewall/command.pytfailRscCs0|dk r,|jr,tjj|dndS(Ns (R R RRR(RR((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_if_verboseUsc Cs1|jdk r|jjng} d} g} x|D]} |dk ry|| } Wqtk r}tjt|}t|dkr|jd|n|j d|||| kr| j |n| d7} q8qXn| j | q8Wx| D]} g}|dk r(||7}nt | t  rXt | t  rX|j | n || 7}|dk r{||7}n|jy||Wnttfk r}t |tr|j|j|j}n t|}tj|}|tjtjtjtjgkr$d}nt|dkrJ|jd|n5|dkrk|jd|dS|j d|||| kr| j |n| d7} nX|jqW| s-t|| ksd| krdSt| dkrtj| dq-t| dkr-tjtjq-ndS(Niis Warning: %ss Error: %s(RR t authorizeAllt ExceptionRtget_codetstrtlenR!R$tappendt isinstancetlistttupletdeactivate_exception_handlerRtfail_if_not_authorizedt get_dbus_nametget_dbus_messageRtALREADY_ENABLEDt NOT_ENABLEDtZONE_ALREADY_SETt ALREADY_SETtactivate_exception_handlerRR"t UNKNOWN_ERROR(Rtcmd_typetoptiont action_methodt query_methodt parse_methodtmessaget start_argstend_argstno_exittitemst_errorst _error_codestitemRtcodet call_item((s4/usr/lib/python2.7/site-packages/firewall/command.pyt__cmd_sequenceYsr                 c Cs&|jd|||||d|dS(NtaddRB(t_FirewallCommand__cmd_sequence(RR;R<R=R>R?RB((s4/usr/lib/python2.7/site-packages/firewall/command.pyt add_sequencesc Cs/|jd|||||d|gd|dS(NRJR@RB(RK(RtxR;R<R=R>R?RB((s4/usr/lib/python2.7/site-packages/firewall/command.pytx_add_sequencesc Cs8|jd|||||d|gd|gd|dS(NRJR@RARB(RK( RtzoneR;R<R=R>R?ttimeoutRB((s4/usr/lib/python2.7/site-packages/firewall/command.pytzone_add_timeout_sequencesc Cs&|jd|||||d|dS(NtremoveRB(RK(RR;R<R=R>R?RB((s4/usr/lib/python2.7/site-packages/firewall/command.pytremove_sequencesc Cs/|jd|||||d|gd|dS(NRRR@RB(RK(RRMR;R<R=R>R?RB((s4/usr/lib/python2.7/site-packages/firewall/command.pytx_remove_sequencesc Cs|g}x|D]}|dk ry||}Wqtk r} t|dkrj|jd| q qtjt| } |jd| | qXn|j|q Wx|D]}g} |dk r| |7} nt |t  rt |t  r| j|n | |7} |j y|| } Wnt k r} |j| jtj| j} t|dkr|jd| jqq|jd| j| nbtk r} tjt| } t|dkr|jd| q|jd| | nX|jt|dkrQ|jd||d| fq|j| qW|sxtjdndS( Nis Warning: %ss Error: %ss%s: %stnotyesi(RUsyes(R R(R+R!RR)R*R$R,R-R.R/R0RR1R2R3R8Rtprint_query_resultRR"( RR;R=R>R?R@RBRCRFRRGRHtres((s4/usr/lib/python2.7/site-packages/firewall/command.pyt__query_sequencesR          "cCs |j||||d|dS(NRB(t _FirewallCommand__query_sequence(RR;R=R>R?RB((s4/usr/lib/python2.7/site-packages/firewall/command.pytquery_sequencesc Cs)|j||||d|gd|dS(NR@RB(RZ(RRMR;R=R>R?RB((s4/usr/lib/python2.7/site-packages/firewall/command.pytx_query_sequencescCsft| rbt| rbt| rb|jdoEt|dk rbttjd|n|S(Nsipset:is8'%s' is no valid IPv4, IPv6 or MAC address, nor an ipset(RRRt startswithR+RRt INVALID_ADDR(Rtvalue((s4/usr/lib/python2.7/site-packages/firewall/command.pyt parse_sources  " t/cCsy|j|\}}Wn'tk rBttjd|nXt|sdttj|n|dkrttjd|n||fS(NsTbad port (most likely missing protocol), correct syntax is portid[-portid]%sprotocolttcptudptsctptdccps''%s' not in {'tcp'|'udp'|'sctp'|'dccp'}(RbRcRdRe(tsplitt ValueErrorRRt INVALID_PORTRtINVALID_PROTOCOL(RR_t separatortporttproto((s4/usr/lib/python2.7/site-packages/firewall/command.pyt parse_ports      c CsFd}d}d}d}d}x d||kr,||jddd}|t|d7}d||kr||jddd} n ||} |t| d7}|dkr| }q!|dkr| }q!|dkr| }q!|dkr| }q!|d kr|rq!ttjd |q!W|sHttjd n|scttjd n|pl|sttjd nt|sttj|n|dkrttjd|n|rt| rttj|n|r6t d| r6|st d| r6ttj |q6n||||fS(Nit=it:RkRlttoportttoaddrtifsinvalid forward port arg '%s's missing portsmissing protocolsmissing destinationRbRcRdRes''%s' not in {'tcp'|'udp'|'sctp'|'dccp'}tipv4tipv6(stcpsudpssctpsdccp( R RfR+RRtINVALID_FORWARDRRhRiRR^( RR_tcompatRktprotocolRpRqtitopttval((s4/usr/lib/python2.7/site-packages/firewall/command.pytparse_forward_portsT               cCs_|jd}t|dkr/|ddfSt|dkrE|Sttjd|dS(NRniitisinvalid ipset option '%s'(RfR+RRtINVALID_OPTION(RR_targs((s4/usr/lib/python2.7/site-packages/firewall/command.pytparse_ipset_optionHs cCsDddg}||kr@ttjd|dj|fn|S(NRsRts'invalid argument: %s (choose from '%s')s', '(RRt INVALID_IPVtjoin(RR_tipvs((s4/usr/lib/python2.7/site-packages/firewall/command.pytcheck_destination_ipvRs    cCsUy|jdd\}}Wn#tk rAttjdnX|j||fS(NRois(destination syntax is ipv:address[/mask](RfRgRRtINVALID_DESTINATIONR(RR_tipvt destination((s4/usr/lib/python2.7/site-packages/firewall/command.pytparse_service_destinationZs    cCsGdddg}||krCttjd|dj|fn|S(NRsRttebs'invalid argument: %s (choose from '%s')s', '(RRRR(RR_R((s4/usr/lib/python2.7/site-packages/firewall/command.pyt check_ipvbs   cCsGdddg}||krCttjd|dj|fn|S(NR|RsRts'invalid argument: %s (choose from '%s')s', '(RRRR(RR_R((s4/usr/lib/python2.7/site-packages/firewall/command.pytcheck_helper_familyjs   cCsc|jds(ttjd|nt|jdddkr_ttjd|n|S(Nt nf_conntrack_s('%s' does not start with 'nf_conntrack_'R|isModule name '%s' too short(R]RRtINVALID_MODULER+treplace(RR_((s4/usr/lib/python2.7/site-packages/firewall/command.pyt check_modulers c Cs|j}|j}tt|j|}|j}|j} |j} |j} |j } |j } |j }|j }|j }|j}|j}g}|dk r||kr|jdqn|s|r|jdn|r%|ddj|}n|j||jr`|jd||jd|n|jd||jd|rd nd |jd d j||jd d j||jdd jt| |jdd jg| D]}d|d|df^q|jdd jt| |jd| rVd nd |jddjg| D](\}}}}d||||f^qt|jdd jg|D]}d|d|df^q|jdd j||jddj|dS(Ntdefaulttactives (%s)s, s summary: s description: s target: s icmp-block-inversion: %sRVRUs interfaces: t s sources: s services: s ports: s%s/%siis protocols: s masquerade: %ss forward-ports: s s$port=%s:proto=%s:toport=%s:toaddr=%ss source-ports: s icmp-blocks: s rich rules: (t getTargettgetIcmpBlockInversiontsortedtsett getInterfacest getSourcest getServicestgetPortst getProtocolst getMasqueradetgetForwardPortstgetSourcePortst getIcmpBlockst getRichRulestgetDescriptiontgetShortR R,RRR (RROtsettingst default_zonetextra_interfacesttargetticmp_block_inversiont interfacestsourcestservicestportst protocolst masqueradet forward_portst source_portst icmp_blockstrulest descriptiontshort_descriptiont attributesRkRlRpRq((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_zone_info|sX                    -   7  -c Cs|j}|j}|j}|j}|j}|j}|j} |j||jr|jd| |jd|n|jddj g|D]} d| d| df^q|jddj ||jd dj g|D]} d| d| df^q|jd dj ||jd dj g|j D]\} } d | | f^q]dS( Ns summary: s description: s ports: Rs%s/%siis protocols: s source-ports: s modules: s destination: s%s:%s( RRRt getModulesRtgetDestinationsRRR RRC( RtserviceRRRRtmodulesRt destinationsRRktktv((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_service_infos*         -  -  cCs|j}|j}|j}t|dkrEddg}n|j||jr|jd||jd|n|jddj|dS(NiRsRts summary: s description: s destination: R(RRRR+RR R(RticmptypeRRRR((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_icmptype_infos     c Cs|j}|j}|j}|j}|j}|j||jrw|jd||jd|n|jd||jddjg|jD](\}} | rd|| fn|^q|jddj|dS(Ns summary: s description: s type: s options: Rs%s=%ss entries: ( tgetTypet getOptionst getEntriesRRRR RRC( RtipsetRt ipset_typetoptionstentriesRRRR((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_ipset_infos       =c Cs|j}|j}|j}|j}|j}|j||jrw|jd||jd|n|jd||jd||jddjg|D]}d|d|d f^qdS( Ns summary: s description: s family: s module: s ports: Rs%s/%sii(Rt getModulet getFamilyRRRR R( RthelperRRtmoduletfamilyRRRk((s4/usr/lib/python2.7/site-packages/firewall/command.pytprint_helper_infos       cCs*|r|jdn|jdddS(NRVRUi(R$(RR_((s4/usr/lib/python2.7/site-packages/firewall/command.pyRWscCs|jsn|j|tjt|}|tjtjtjtj gkri|j d|n|j d||dS(Ns Warning: %ss Error: %s( R R1RR)R*RR4R5R6R7R!R$(Rtexception_messageRG((s4/usr/lib/python2.7/site-packages/firewall/command.pytexception_handlers  cCs,d|kr(d}|j|tjndS(NtNotAuthorizedExceptions`Authorization failed. Make sure polkit agent is running or run the application as superuser.(R$RtNOT_AUTHORIZED(RRR((s4/usr/lib/python2.7/site-packages/firewall/command.pyR1s cCs t|_dS(N(tFalseR (R((s4/usr/lib/python2.7/site-packages/firewall/command.pyR0scCs t|_dS(N(R R (R((s4/usr/lib/python2.7/site-packages/firewall/command.pyR8scCsg}t}t|}xu|D]m}|s2Pn|j}t|dks"|ddkrfq"n||kr"|j||j|q"q"W|j|S(Niit#t;(RR(RtopentstripR+R,RJtclose(RtfilenameRt entries_settftline((s4/usr/lib/python2.7/site-packages/firewall/command.pytget_ipset_entries_from_file s    "   N(-t__name__t __module__RRRRRRRR RRR!R$R%R&RKRLRNRQRSRTRZR[R\R`RmR{RRRRRRRRRRRRWRR1R0R8R(((s4/usr/lib/python2.7/site-packages/firewall/command.pyR"sT           J     2     2     1       (t__doc__t__all__RtfirewallRtfirewall.errorsRtdbus.exceptionsRtfirewall.functionsRRRRRtobjectR(((s4/usr/lib/python2.7/site-packages/firewall/command.pyts  (