c`c@sddlmZddlZeejde"ejj1ddedvd3Z?e"ejj1ddedvd4Z@e"ejj1dddd+edvd5ZAe"ejj1dd-edvd6ZBe"ejj1dd7edvd8ZCe"ejj1dd7edvd9ZDe"ejj1dd7dd+edvd:ZEe"ejj1dd;edvd<ZFe"ejjGdd=edvd>ZHe"ejjGdd-edvd?ZIe"ejjGdddd@edvdAZJe"ejjGddeKj3dd@edvdBZLej+j,ejjGd"dedCZMe"ejjGdd=edvdDZNe"ejjGdd-edvdEZOe"ejjGdddd@edvdFZPe"ejjGddeQj3dd@edvdGZRej+j,ejjGd"dedHZSe"ejjGdd=edvdIZTe"ejjGdd-edvdJZUe"ejjGdddd@edvdKZVe"ejjGddeWj3dd@edvdLZXej+j,ejjGd"dedMZYe"ejjGdd=edvdNZZe"ejjGdd-edvdOZ[e"ejjGdddd@edvdPZ\e"ejjGddddedvdQZ]e"ejjGddddedvdRZ^e"ejjGdde_j3dd@edvdSZ`ej+j,ejjGd"dedTZae"ejjGdd=edvdUZbe"ejjGdd-edvdVZce"ejjGdddd@edvdWZde"ejjGddeej3dd@edvdXZfej+j,ejjGd"dedYZge"ejjhdeij3edvdZZje"ejjhdeij3edvd[Zkej+j,ejjhed\Zle"ejjhdd]edvd^Zme"ejjhdd]edvd_Zne"ejjhdd]dd+edvd`Zoe"ejjhdddd-edvdaZpe"ejjhddbddcedvddZqe"ejjhddeedvdfZre"ejjhddeedvdgZse"ejjhddedd+edvdhZte"ejjhdd]edvdiZue"ejjhdd]ddjedvdkZve"ejjhddbddledvdmZwe"ejjhddnedvdoZxe"ejjhddnedvdpZye"ejjhddndd+edvdqZze"ejjhddddredvdsZ{e"ejjhddtedvduZ|RS(wsFirewallD main classcOstt|j||||_|d|_|d|_|jt|jd|_ |j j tj |j j tj |j j tj |j j tj|j j tj|j j tj|j j tj|j j tj|j j tj|j j tjtjjtjrx[ttjtjD]>}dtj|f}tjj|rG|j j |qGqGWn|j jtj|j jtj|j jtjt|tjj idd6dd6dd6dd 6dd 6dd 6dd 6dd 6dS(Niiis%s/%st readwritet CleanupOnExitt IPv6_rpfiltertLockdownt MinimalMarktIndividualCallst LogDeniedtAutomaticHelperstAllowZoneDrifting(!tsuperRt__init__Rtbusnametpatht _init_varsRt watch_updatertwatchert add_watch_dirtFIREWALLD_IPSETStETC_FIREWALLD_IPSETStFIREWALLD_ICMPTYPEStETC_FIREWALLD_ICMPTYPEStFIREWALLD_HELPERStETC_FIREWALLD_HELPERStFIREWALLD_SERVICEStETC_FIREWALLD_SERVICEStFIREWALLD_ZONEStETC_FIREWALLD_ZONEStostexiststsortedtlistdirtisdirtadd_watch_filetLOCKDOWN_WHITELISTtFIREWALLD_DIRECTtFIREWALLD_CONFRtdbustDBUS_INTERFACE_CONFIG(tselftconftargstkwargstfilenameR+((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyR)GsD      cCs]g|_d|_g|_d|_g|_d|_g|_d|_g|_d|_ x0|j j D]}|j |j j |qjWx0|j jD]}|j|j j|qWx0|j jD]}|j|j j|qWx0|j jD]}|j|j j|qWx0|j jD]}|j|j j|q6WdS(Ni(tipsetst ipset_idxt icmptypest icmptype_idxtservicest service_idxtzonestzone_idxthelperst helper_idxRt get_ipsetst _addIPSett get_ipsett get_icmptypest _addIcmpTypet get_icmptypet get_servicest _addServicet get_servicet get_zonest_addZonetget_zonet get_helperst _addHelpert get_helper(REtipsetticmptypetservicetzonethelper((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyR,os(          cCsdS(N((RE((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyt__del__scCs&x5t|jdkr7|jj}|j~qWx5t|jdkro|jj}|j~q;Wx5t|jdkr|jj}|j~qsWx5t|jdkr|jj}|j~qWx5t|jdkr|jj}|j~qW|jdS(Ni( tlenRJtpopt unregisterRLRNRPRRR,(REtitem((s:/usr/lib/python2.7/site-packages/firewall/server/config.pytreloads*     c Cs|tjkr |jtjj}tjdtjy|jjWn+tk ru}tj d||fdSX|jtjjj }xDt |j D]0}||kr||||kr||=qqWt |dkr|jtjj|gndS|jtjs.|jtjr|jdry|jj|\}}Wn+tk r}tj d||fdSX|dkr|j|q|dkr|j|q|dkr|j|qn|jtjs|jtjr|jdry|jj|\}}Wn+tk rZ}tj d ||fdSX|dkrw|j|q|dkr|j|q|dkr|j|qn|jtjs|jtjr=|jdry|jj|\}}Wn+tk r.}tj d ||fdSX|dkrK|j |q:|dkrg|j!|q:|dkr:|j"|q:q|jtjr|j#tjd j$d }t |d ksd |krdSt%j&j'|r|j(j)|s7|j(j*|q7q:|j(j)|r:|j(j+|q:qn^|jtj,sa|jtj-r|jdry|jj.|\}}Wn+tk r}tj d||fdSX|dkr|j/|q|dkr|j0|q|dkr|j1|qn|jtj2s5|jtj3r|jdry|jj4|\}}Wn+tk r}tj d||fdSX|dkr|j5|q|dkr|j6|q|dkr|j7|qn|tj8kr@y|jj9Wn+tk r2}tj d||fdSX|j:n[|tj;kry|jj<Wn+tk r}tj d||fdSX|j=ndS(Ns,config: Reloading firewalld config file '%s's+Failed to load firewalld.conf file '%s': %sis.xmls%Failed to load icmptype file '%s': %stnewtremovetupdates$Failed to load service file '%s': %ss!Failed to load zone file '%s': %stt/is"Failed to load ipset file '%s': %ss#Failed to load helper file '%s': %ss/Failed to load lockdown whitelist file '%s': %ss)Failed to load direct rules file '%s': %s(>RRBtGetAllRCRDRtdebug1tupdate_firewalld_conft ExceptionterrortcopytlisttkeysRitPropertiesChangedt startswithR2R3tendswithtupdate_icmptype_from_pathRXtremoveIcmpTypet_updateIcmpTypeR6R7tupdate_service_from_pathR[t removeServicet_updateServiceR8R9tupdate_zone_from_pathR^t removeZonet _updateZonetreplacetstripR:R+R>R.t has_watchR/t remove_watchR0R1tupdate_ipset_from_pathRUt removeIPSett _updateIPSetR4R5tupdate_helper_from_pathRat removeHelpert _updateHelperR@tupdate_lockdown_whitelisttLockdownWhitelistUpdatedRAt update_directtUpdated( REtnamet old_propstmsgtpropstkeytwhattobjt_name((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyR-s                            c Csjt||j||j|jdtjj|jf}|jj||jd7_|j|j |S(Ns%s/%di( R RRMR*RCtDBUS_PATH_CONFIG_ICMPTYPERLtappendt IcmpTypeAddedR(RERtconfig_icmptype((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyRX&s cCssxl|jD]a}|jj|jkr |jj|jkr |jj|jkr ||_|j|jq q WdS(N(RLRRR+RIR(RERRd((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyR2s  cCsd}xu|jD]j}|j}|j||kr||j|j|jj|j||_|j|jjqqWxP|jD]E}|j|kr|j |j|j |jj|~qqWdS(Ni( RPt getSettingsRRoRtset_zone_configRRRLtRemovedRk(RERtindexRftsettingsRd((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyR;s  c Csjt||j||j|jdtjj|jf}|jj||jd7_|j|j |S(Ns%s/%di( R RROR*RCtDBUS_PATH_CONFIG_SERVICERNRt ServiceAddedR(RERtconfig_service((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyR[MscCssxl|jD]a}|jj|jkr |jj|jkr |jj|jkr ||_|j|jq q WdS(N(RNRRR+RIR(RERRe((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyRXs  cCsd}xu|jD]j}|j}|j||kr||j|j|jj|j||_|j|jjqqWxP|jD]E}|j|kr|j |j|j |jj|~qqWdS(Ni( RPRRRoRRRRRNRRk(RERRRfRRe((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyRas  c Csjt||j||j|jdtjj|jf}|jj||jd7_|j|j |S(Ns%s/%di( R RRQR*RCtDBUS_PATH_CONFIG_ZONERPRt ZoneAddedR(RERt config_zone((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyR^sscCssxl|jD]a}|jj|jkr |jj|jkr |jj|jkr ||_|j|jq q WdS(N(RPRRR+RIR(RERRf((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyR~s * cCsWxP|jD]E}|j|kr |j|j|j|jj|~q q WdS(N(RPRRRRkRo(RERRf((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyRs  c Csjt||j||j|jdtjj|jf}|jj||jd7_|j|j |S(Ns%s/%di( R RRKR*RCtDBUS_PATH_CONFIG_IPSETRJRt IPSetAddedR(RERt config_ipset((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyRUscCssxl|jD]a}|jj|jkr |jj|jkr |jj|jkr ||_|j|jq q WdS(N(RJRRR+RIR(RERRc((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyRs * cCsWxP|jD]E}|j|kr |j|j|j|jj|~q q WdS(N(RJRRRRkRo(RERRc((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyRs  c Csjt||j||j|jdtjj|jf}|jj||jd7_|j|j |S(Ns%s/%di( R RRSR*RCtDBUS_PATH_CONFIG_HELPERRRRt HelperAddedR(RERt config_helper((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyRascCssxl|jD]a}|jj|jkr |jj|jkr |jj|jkr ||_|j|jq q WdS(N(RRRRR+RIR(RERRg((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyRs * cCsWxP|jD]E}|j|kr |j|j|j|jj|~q q WdS(N(RRRRRRkRo(RERRg((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyRs  cCs|jjr|dkr,tjddStj}t||}|jjd|r`dSt ||}|jjd|rdSt |}|jjd|rdSt ||}|jjd|rdSt t jdndS(Ns&Lockdown not possible, sender not set.tcontexttuidtusertcommandslockdown is enabled(Rtlockdown_enabledtNoneRRwRCt SystemBusRt access_checkRRRRRt ACCESS_DENIED(REtsendertbusRRRR((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyt accessChecks$    c CsB|d kr%tjjd |n|jjj|}|dkrn|dkratj}ntj|S|dkr|dkrtj }n t |}tj |S|dkr|dkrtj rd nd }ntj|S|dkr%|dkrtj rd nd }ntj|S|dkrb|dkrUtjrLd nd }ntj|S|dkr|dkrtjrd nd }ntj|S|dkr|dkrtj}ntj|S|dkr|dkrtj}ntj|S|d kr>|dkr1tjr(d nd }ntj|SdS(Nt DefaultZoneR#R R"R!R$R%R&R'sDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not existtyestno( Rs MinimalMarks CleanupOnExitsLockdowns IPv6_rpfiltersIndividualCallss LogDeniedsAutomaticHelperssAllowZoneDrifting(RCt exceptionst DBusExceptionRtget_firewalld_conftgetRt FALLBACK_ZONEtStringtFALLBACK_MINIMAL_MARKtinttInt32tFALLBACK_CLEANUP_ON_EXITtFALLBACK_LOCKDOWNtFALLBACK_IPV6_RPFILTERtFALLBACK_INDIVIDUAL_CALLStFALLBACK_LOG_DENIEDtFALLBACK_AUTOMATIC_HELPERStFALLBACK_ALLOW_ZONE_DRIFTING(REtproptvalue((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyt _get_propertysX                                  cCsL|dkr"tj|j|S|dkrDtj|j|S|dkrftj|j|S|dkrtj|j|S|dkrtj|j|S|dkrtj|j|S|dkrtj|j|S|dkrtj|j|S|d kr2tj|j|Stjjd |dS( NRR#R R"R!R$R%R&R'sDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist(RCRRRRR(RER((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyt_get_dbus_propertys*          t in_signaturetsst out_signaturetvcCst|t}t|t}tjd|||tjjkrP|j|S|tjjtjj gkrtj j d|ntj j d||j|S(Nsconfig.Get('%s', '%s')sDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not existsJorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist( RtstrRRtRRCRDRtDBUS_INTERFACE_CONFIG_DIRECTtDBUS_INTERFACE_CONFIG_POLICIESRR(REtinterface_namet property_nameR((s:/usr/lib/python2.7/site-packages/firewall/server/config.pytGet/s      tssa{sv}c Cst|t}tjd|i}|tjjkryxvdddddddd d g D]}|j|||RRRRRpRRERFRGRHRIRLRMRNRPRQRRRTRURVRXRY(((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyR?s8 (          2A$                                                   (<t gi.repositoryRtsystmodulesR:RCt dbus.servicet slip.dbusRbtslip.dbus.servicetfirewallRtfirewall.core.baseRtfirewall.core.watcherRtfirewall.core.loggerRtfirewall.server.decoratorsRRRtfirewall.server.config_icmptypeR tfirewall.server.config_serviceR tfirewall.server.config_zoneR tfirewall.server.config_ipsetR tfirewall.server.config_helperR tfirewall.core.io.zoneRtfirewall.core.io.serviceRtfirewall.core.io.icmptypeRtfirewall.core.io.ipsetRtfirewall.core.io.helperRt#firewall.core.io.lockdown_whitelistRtfirewall.core.io.directRtfirewall.dbus_utilsRRRRRRRRtfirewall.errorsRRetObjectR(((s:/usr/lib/python2.7/site-packages/firewall/server/config.pyts8       4