MINI MINI MANI MO

Path : /lib/python2.7/site-packages/firewall/core/io/
File Upload :
Current File : //lib/python2.7/site-packages/firewall/core/io/zone.pyo

ó
dßØ[c@sjdddgZddljZddlZddlZddlZddlmZddlm	Z	m
Z
mZmZm
Z
mZmZmZmZmZddlmZmZddlmZmZmZmZmZmZmZdd	lmZdd
l m!Z!ddlm"Z"ddl#m$Z$defd
„ƒYZ%defd„ƒYZ&e'd„Z(e)d„Z*dS(tZonetzone_readertzone_writeriÿÿÿÿN(tconfig(
tcheckIPtcheckIP6tcheckIPnMaskt
checkIP6nMasktcheckInterfacetuniqifytmax_zone_name_lent
u2b_if_py2t	check_mactportStr(tDEFAULT_ZONE_TARGETtZONE_TARGETS(tPY2t	IO_ObjecttIO_Object_ContentHandlertIO_Object_XMLGeneratort
check_porttcheck_tcpudptcheck_protocol(trich(tlog(terrors(t
FirewallErrorcBsNeZdZdBdCdDdefdEddgfddFgfd	dgfd
efddGgfddgfd
dgfddgfddgfddHgfdeffZdZdddgZidId6dId6dId6dgd6ddgd6dgd6dgd6ddgd6dgd6dId6dId 6d!gd"6d#gd6ddgd$6dId%6dId&6dId'6dId(6dId)6d*gd+6d#gd,6dId-6Zidd.ddgd6d/gd
6d0d1gd6d2gd6d!d3d4d2d5gd 6d4gd"6d6d7gd%6d8gd(6Z	e
d9„ƒZd:„Zd;„Z
d<„Zd=„Zd>„Zd?„Zd@„ZdA„ZRS(Js Zone class tversionttshorttdescriptiontUNUSEDttargettservicestportsticmp_blockst
masqueradet
forward_portst
interfacestsourcest	rules_strt	protocolstsource_portsticmp_block_inversions&(sssbsasa(ss)asba(ssss)asasasasa(ss)b)t_t-t/tzonetnametservicetporttprotocols
icmp-blocks	icmp-typesforward-portt	interfacetruletsourcetaddresstdestinationtvaluessource-portRtaudittaccepttrejecttdroptsettmarktlimitsicmp-block-inversiont	immutabletenabledsto-portsto-addrtfamilytmactinverttipsettprefixtlevelttypecCsLx3ttjƒD]"\}\}}||kr|SqWttjdƒ‚dS(Ns
index_of()(t	enumerateRtIMPORT_EXPORT_STRUCTURERRt
UNKNOWN_ERROR(telementtiteltdummy((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pytindex_ofbs"cCsÂtt|ƒjƒd|_d|_d|_t|_t|_	g|_
g|_g|_g|_
t|_g|_g|_g|_g|_d|_g|_t|_t|_t|_dS(NR(tsuperRt__init__RRRtFalseRRR R!R"R)R#R$R%R*R&R'tNonet	fw_configtrulesR+tcombinedtapplied(tself((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyRSis(																		cCsd|_d|_d|_t|_t|_|j2|j2|j	2|j
2t|_|j2|j
2|j2|j2d|_|j2t|_t|_t|_dS(NR(RRRRTRRR R!R"R)R#R$R%R*R&R'RURVRWR+RXRY(RZ((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pytcleanups&									c	Csçt|jƒ|_t|jƒ|_t|jƒ|_t|jƒ|_g|jD]}t|ƒ^qR|_g|jD]$\}}t|ƒt|ƒf^qw|_g|jD]}t|ƒ^q®|_g|jD]}t|ƒ^qÓ|_g|j	D]<\}}}}t|ƒt|ƒt|ƒt|ƒf^qø|_	g|j
D]$\}}t|ƒt|ƒf^qG|_
g|jD]}t|ƒ^q~|_g|jD]}t|ƒ^q£|_g|j
D]}t|ƒ^qÈ|_
dS(s» HACK. I haven't been able to make sax parser return
            strings encoded (because of python 2) instead of in unicode.
            Get rid of it once we throw out python 2 support.N(RRRRR R!R"R)R#R%R*R&R'RW(	RZtstpotprRNtp1tp2tp3tp4((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pytencode_strings”s%7%%O4%%cCsL|dkr2g|jD]}t|ƒ^q}|Sttt|ƒ|ƒSdS(NR((RWtstrtgetattrRRR(RZR0R5R(((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyt__getattr__§s"cCsT|dkr7g|D]}tjd|ƒ^q|_ntt|ƒj||ƒdS(NR(trule_str(Rt	Rich_RuleRWRRRt__setattr__(RZR0R9R\((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyRi®s+c

Cs?|dkr]|jr]|jjƒ}x|D]+}||kr+ttjd|ƒ‚q+q+WnÞ|dkr™xÏ|D]"}t|dƒt|dƒqpWn¢|dkrÃx“|D]}t|ƒq¬Wnx|dkr |jr |jjƒ}xQ|D]+}||krîttj	d|ƒ‚qîqîWn|d	kròx|D]¸}	t|	dƒt|	dƒ|	d
r„|	dr„ttj
d|	ƒ‚n|	d
rŸt|	d
ƒn|	dr3t|	dƒrët|	dƒrëttj
d
|	dƒ‚qëq3q3WnI|dkr.x:|D]"}t|dƒt|dƒqWn
|dkr^|tkr;ttj|ƒ‚q;nÝ|dkrŸxÎ|D]'}
t|
ƒsqttj|
ƒ‚qqqqWnœ|dkrx|D]R}t|ƒr²t|ƒr²t|ƒr²|jdƒr²ttj
|ƒ‚q²q²Wn0|dkr;x!|D]}tjd|ƒqWndS(NR!s '%s' not among existing servicesR"iiR)R#s"'%s' not among existing icmp typesR%iis$'%s' is missing to-port AND to-addr s#to-addr '%s' is not a valid addressR*R R&R'sipset:R(Rg(RVtget_servicesRRtINVALID_SERVICERRRt
get_icmptypestINVALID_ICMPTYPEtINVALID_FORWARDRRtINVALID_ADDRRtINVALID_TARGETRtINVALID_INTERFACERRRt
startswithRRh(
RZRtitemtexisting_servicesR1R2tprototexisting_icmptypesticmptypetfwd_portR4R6R5((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyt
_check_config´sn
	


	


"



cCstt|ƒj|ƒ|jdƒr>ttjd|ƒ‚nÄ|jdƒrfttjd|ƒ‚nœ|jdƒdkr”ttjd|ƒ‚nnd|kr¶||j	dƒ }n|}t
|ƒtƒkrttjd|t
|ƒtƒ|jfƒ‚ndS(NR.s'%s' can't start with '/'s'%s' can't end with '/'ismore than one '/' in '%s's'Zone of '%s' has %d chars, max is %d %s(
RRRt
check_nameRrRRtINVALID_NAMEtendswithtcounttfindtlenR
RX(RZR0tchecked_name((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyRzís&				c
Cs/t|_d|_d|_d|_d|_x3|jD](}||jkr7|jj|ƒq7q7Wx3|j	D](}||j	krm|j	j|ƒqmqmWx3|j
D](}||j
kr£|j
j|ƒq£q£Wx3|jD](}||jkrÙ|jj|ƒqÙqÙWx3|jD](}||jkr|jj|ƒqqWx3|j
D](}||j
krE|j
j|ƒqEqEW|jr†t|_nx3|jD](}||jkr|jj|ƒqqWx3|jD](}||jkrÆ|jj|ƒqÆqÆWx!|jD]}	|jj|	ƒqüW|jr+t|_ndS(NR(tTrueRXRUtfilenameRRRR&tappendR'R!R"R)R#R$R%R*RWR+(
RZR/R4R6R1R2RuticmptforwardR5((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pytcombinesF							(sversionR(sshortR(sdescriptionR(stargetR(RR(RRRR(RRN(t__name__t
__module__t__doc__RTRKtDBUS_SIGNATUREtADDITIONAL_ALNUM_CHARSRUtPARSER_REQUIRED_ELEMENT_ATTRStPARSER_OPTIONAL_ELEMENT_ATTRStstaticmethodRQRSR[RcRfRiRyRzR†(((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyR(sx		

















						9	tzone_ContentHandlercBs#eZd„Zd„Zd„ZRS(cCs/tj||ƒd|_t|_d|_dS(N(RRSRUt_ruleRTt_rule_errort	_limit_ok(RZRs((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyRS-s		c	Cswtj|||ƒ|jr dS|jj||ƒ|dkrd|krbtjd|dƒnd|kr|d|j_nd|kr¤tjd|dƒnd|krs|d}|tkrÛt	t
j|ƒ‚n|dkr|tkr||j_
qqsnk|d	krn\|d
kr&nM|dkrÑ|jrŠ|jjrmtjdt|jƒƒt|_dStj|dƒ|j_dS|d|jjkrº|jjj|dƒqstjd
|dƒn¢
|dkr»|jr<|jjrtjdt|jƒƒt|_dStj|d|dƒ|j_dSt|dƒt|dƒt|ddƒ|df}||jjkr|jjj|ƒqstjd|d|dƒn¸|dkrs|jr|jjrtjdt|jƒƒt|_dStj|dƒ|j_qst|dƒ|d|jjkr\|jjj|dƒqstjd|dƒn|dkr|jr×|jjrºtjdt|jƒƒt|_dStj|dƒ|j_dS|d|jjkr|jjj|dƒqstjd|dƒnU|dkr™|jr‚|jjretjdt|jƒƒt|_dStj |dƒ|j_dStjd|dƒnÚ
|dkrZd|krß|dj!ƒd`krßtjd|dƒdS|jr/|jjrtjdt|jƒƒt|_dStj"ƒ|j_qs|jj#rKtjdƒqst|j_#n
|dkrd}d|kr…|d}nd}d |kr¤|d }n|jr	|jjrßtjdt|jƒƒt|_dStj$|d|d||ƒ|j_dSt|dƒt|dƒ|r8t|ƒn|rtt%|ƒrtt&|ƒrtt	t
j'd!|ƒ‚qtnt|ddƒ|dt|dƒt|ƒf}||jj(krÎ|jj(j|ƒqstjd"|d|d|rõd#|nd|rd$|ndƒna|d%krü|jr}|jjrYtjdt|jƒƒt|_dStj)|d|dƒ|j_dSt|dƒt|dƒt|ddƒ|df}||jj*krÞ|jj*j|ƒqstjd&|d|dƒnw|d'kr˜|jr+tjd(ƒt|_dSd|krQtjd)ƒt|_dS|d|jj+kr|jj+j|dƒqstjd*|dƒnÛ|d+kr,|jrŽ	|jj,rßtjd,t|jƒƒt|_dSt-}d-|kr	|d-j!ƒdakr	t}nd}}	}
d0|kr7	|d0}nd1|krP	|d1}	nd2|kri	|d2}
ntj/||	|
d-|ƒ|j_,dSd0|kr·	d2|kr·	tjd3ƒdSd0|krà	d2|krà	tjd4ƒdSd5|kr
tjd6|d5ƒnd-|kr 
tjd7ƒdSd0|kr{
t0|d0ƒr{
t1|d0ƒr{
t2|d0ƒr{
t	t
j'|d0ƒ‚q{
nd2|krÔ
d8|d2}||jj3kr½
|jj3j|ƒqÔ
tjd9|d0ƒnd0|krs|d0}||jj3kr|jj3j|ƒq)tjd9|d0ƒqsnG|d:krÔ|js[tjd;ƒt|_dS|jj4r„tjd<t|jƒƒdSt-}d-|krµ|d-j!ƒdbkrµt}ntj5|d0|ƒ|j_4nŸ|dckrî|jstjdAƒt|_dS|jj6r)tjdBƒt|_dS|d=krJtj7ƒ|j_6n’|d>krd}dC|kru|dC}ntj8|ƒ|j_6nO|d?kr®tj9ƒ|j_6n.|d@krÜ|dD}tj:|ƒ|j_6n|jj6|_;n…|dEkr¼
|js
tjdFƒdS|jjr1
tjdGƒdSd}
dH|krv
|dH}
|
ddkrv
tjdQƒt|_dSndR|krŒ
|dRnd}tj<||
ƒ|j_|jj|_;n·|dSkr8|jsâ
tjdTƒdS|jj=rtjdUt|jƒƒt|_dStj>ƒ|j_=|jj=|_;n;|dVkr¥d}d5|kr|d5}|dekrtjdY|d5ƒt|_dSntj?|ƒ|_nÎ|dZkr(|j;sÔtjd[ƒt|_dS|j;j@rtjd\t|jƒƒt|_dS|d}tjA|ƒ|j;_@nK|d]kr_|jjBrPtjd^ƒqst|j_Bntjd_|ƒdSdS(fNR/R0s'Ignoring deprecated attribute name='%s'RRAs,Ignoring deprecated attribute immutable='%s'R RRRR1s;Invalid rule: More than one element in rule '%s', ignoring.s#Service '%s' already set, ignoring.R2R3R-s#Port '%s/%s' already set, ignoring.R9s$Protocol '%s' already set, ignoring.s
icmp-blocks&icmp-block '%s' already set, ignoring.s	icmp-types-Invalid rule: icmp-block '%s' outside of ruleR$RBtnotfalses*Ignoring deprecated attribute enabled='%s's!Masquerade already set, ignoring.sforward-portsto-portsto-addrs#to-addr '%s' is not a valid addresss-Forward port %s/%s%s%s already set, ignoring.s >%ss @%sssource-ports*Source port '%s/%s' already set, ignoring.R4s$Invalid rule: interface use in rule.s Invalid interface: Name missing.s%Interface '%s' already set, ignoring.R6s:Invalid rule: More than one source in rule '%s', ignoring.REtyesttrueR7RDRFs$Invalid source: No address no ipset.s"Invalid source: Address and ipset.RCs)Ignoring deprecated attribute family='%s's+Invalid source: Invertion not allowed here.sipset:%ss"Source '%s' already set, ignoring.R8s)Invalid rule: Destination outside of rules?Invalid rule: More than one destination in rule '%s', ignoring.R;R<R=R?s$Invalid rule: Action outside of rules"Invalid rule: More than one actionRIR>Rs!Invalid rule: Log outside of rulesInvalid rule: More than one logRHtemergtalerttcritterrortwarningtnoticetinfotdebugsInvalid rule: Invalid log levelRGR:s#Invalid rule: Audit outside of rules9Invalid rule: More than one audit in rule '%s', ignoring.R5tipv4tipv6s&Invalid rule: Rule family "%s" invalidR@s4Invalid rule: Limit outside of action, log and audits9Invalid rule: More than one limit in rule '%s', ignoring.sicmp-block-inversions+Icmp-Block-Inversion already set, ignoring.sUnknown XML element '%s'(R“R”(syesR–(syesR–(sacceptsrejectsdropsmark(R—R˜R™serrorswarningRœsinfosdebug(RŸR (CRtstartElementR‘Rstparser_check_element_attrsRR›RRRRRpRR RRMRdRRtRich_ServiceR!Rƒt	Rich_PortRRR
R"t
Rich_ProtocolRR)tRich_IcmpBlockR#t
Rich_IcmpTypetlowertRich_MasqueradeR$tRich_ForwardPortRRRoR%tRich_SourcePortR*R&R6RTRUtRich_SourceRRRR'R8tRich_DestinationtactiontRich_AccepttRich_Rejectt	Rich_Dropt	Rich_MarkR’tRich_LogR:t
Rich_AuditRhR@t
Rich_LimitR+(RZR0tattrsR tentrytto_porttto_addrREtaddrRDRFt_typet_setRHRGRCR9((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyR¡3st			
							
																	

			

					
		
	
						




	
	
		
			
	
	
	

	


	
		
		
			
			
cCstj||ƒ|dkræ|jsÑy|jjƒWn/tk
rg}tjd|t|jƒƒqÑXt|jƒg|j	j
D]}t|ƒ^qkrµ|j	j
j|jƒqÑtjdt|jƒƒnd|_t
|_n|d
krþd|_ndS(NR5s%s: %ss Rule '%s' already set, ignoring.R;R<R=R?RR:(sacceptsrejectsdropsmarkslogsaudit(Rt
endElementR‘Rtcheckt	ExceptionRR›RdRsRWRƒRURTR’(RZR0tetx((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyR½–s 	 (		(R‡RˆRSR¡R½(((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyR,s		ÿdc		CsFtƒ}|jdƒs1ttjd|ƒ‚n|d |_|sW|j|jƒn||_||_|j	t
jƒrtnt
|_|j|_t|ƒ}tjƒ}|j|ƒd||f}t|dƒM}y|j|ƒWn2tjk
r"}ttjd|jƒƒ‚nXWdQX~~trB|jƒn|S(Ns.xmls'%s' is missing .xml suffixiüÿÿÿs%s/%strsnot a valid zone file: %s(RR|RRR{R0RzR‚tpathRrRt
ETC_FIREWALLDRTRtbuiltintdefaultRtsaxtmake_parsertsetContentHandlertopentparsetSAXParseExceptiontINVALID_ZONEtgetExceptionRRc(	R‚RÃt
no_check_nameR/thandlertparserR0tftmsg((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyR«s6		
		!
	
c
Cs%
|r|n|j}|jr4d||jf}nd||jf}tjj|ƒrytj|d|ƒWqtk
r™}tj	d||ƒqXntjj
|ƒ}|jtj
ƒrtjj|ƒrtjjtj
ƒsÿtjtj
dƒntj|dƒntj|dddd	ƒ}t|ƒ}|jƒi}|jrq|jd
krq|j|d<n|jtkr|j|d<n|jd
|ƒ|jdƒ|jr|jd
kr|jdƒ|jdiƒ|j|jƒ|jdƒ|jdƒn|jrq|jd
krq|jdƒ|jdiƒ|j|jƒ|jdƒ|jdƒnxHt|jƒD]7}	|jdƒ|jdi|	d6ƒ|jdƒqWxrt|jƒD]a}
|jdƒd|
kr	|jdi|
dd6ƒn|jdi|
d6ƒ|jdƒqÌWxHt|j ƒD]7}|jdƒ|jdi|d6ƒ|jdƒqAWxWt|j!ƒD]F}|jdƒ|jdi|dd6|dd6ƒ|jdƒqŒWxHt|j"ƒD]7}
|jdƒ|jdi|
d6ƒ|jdƒqæW|j#rW|jdƒ|jdiƒ|jdƒnxHt|j$ƒD]7}|jdƒ|jd i|d6ƒ|jdƒqgW|j%rØ|jdƒ|jd!iƒ|jdƒnx³t|j&ƒD]¢}|jdƒi|dd6|dd6}|d"rB|d"d
krB|d"|d#<n|d$rm|d$d
krm|d$|d%<n|jd&|ƒ|jdƒqèWxWt|j'ƒD]F}|jdƒ|jd'i|dd6|dd6ƒ|jdƒqžWx|j(D]ú}i}|j)r|j)|d(<n|jdƒ|jd)|ƒ|jdƒ|j*rói}|j*j+ro|j*j+|d<n|j*j,rŽ|j*j,|d*<n|j*j-r­|j*j-|d<n|j*j.rÆd+|d,<n|jd-ƒ|jd|ƒ|jdƒn|j/rUi|j/j+d6}|j/j.r(d+|d,<n|jd-ƒ|jd.|ƒ|jdƒn|j0r¨	d
}i}t1|j0ƒt2j3kr›d}|j0j|d<nàt1|j0ƒt2j4krÜd}|j0j5|d<|j0j6|d<nŸt1|j0ƒt2j7kr
d}|j0j8|d<nnt1|j0ƒt2j9kr.d!}nMt1|j0ƒt2j:kr_d }|j0j|d<nt1|j0ƒt2j;krd/}|j0j|d<nët1|j0ƒt2j<kr	d&}|j0j5|d<|j0j6|d<|j0j=d
kró|j0j=|d#<n|j0j>d
kr{	|j0j>|d%<q{	n`t1|j0ƒt2j?kr\	d'}|j0j5|d<|j0j6|d<nt@tAjBd0t1|j0ƒƒ‚|jd-ƒ|j||ƒ|jdƒn|jr•
i}|jjCrÖ	|jjC|d1<n|jjDrõ	|jjD|d2<n|jjErh
|jd-ƒ|jd3|ƒ|jd4ƒ|jd5i|jjEj8d6ƒ|jd6ƒ|jd3ƒn|jd-ƒ|jd3|ƒ|jdƒn|jFrDi}|jFjEr|jd-ƒ|jd7iƒ|jd4ƒ|jd5i|jFjEj8d6ƒ|jd6ƒ|jd7ƒn|jd-ƒ|jd7|ƒ|jdƒn|jGrÅd
}i}t1|jGƒt2jHkrzd8}n«t1|jGƒt2jIkrºd9}|jGj1r%|jGj1|d:<q%nkt1|jGƒt2jJkrÛd;}nJt1|jGƒt2jKkrd<}|jGjL|d=<ntjMd>t1|jGƒƒ|jGjEr˜|jd-ƒ|j||ƒ|jd4ƒ|jd5i|jGjEj8d6ƒ|jd6ƒ|j|ƒn|jd-ƒ|j||ƒ|jdƒn|jdƒ|jd)ƒ|jdƒqòW|jd
ƒ|jdƒ|jNƒ|jOƒ~dS(?Ns%s/%ss	%s/%s.xmls%s.oldsBackup of file '%s' failed: %siètmodetwttencodingsUTF-8RRR R/s
s  RRR4R0sipset:R6iRFR7R1R2iiR3R9sicmp-block-inversions
icmp-blockR$isto-portisto-addrsforward-portssource-portRCR5RDRREs    R8s	icmp-types#Unknown element '%s' in zone_writerRGRHRs
      R@s
    R:R;R<RIR=R?R>sUnknown action '%s'(PRÃR‚R0tostexiststshutiltcopy2R¿RRštdirnameRrRRÄtmkdirtioRÊRt
startDocumentRR RR¡tignorableWhitespaceRt
charactersR½RR	R&t
simpleElementR'R!R"R)R+R#R$R%R*RWRCR6RºRDRFRER8RMRIRR£R¤R2R3R¥R9R©R¦R§RªR¸t
to_addressR«RRtINVALID_OBJECTRGRHR@R:R®R¯R°R±R²R>R›tendDocumenttclose(R/RÃt_pathR0RÓtdirpathRÒRÐR¶R4R6R1R2R3R„R…R5RMR®((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyRÈs¬	%









&
	

	


	

	

	

		
	

	

	

	

			

	







(+t__all__txml.saxRÇR×RÝRÙtfirewallRtfirewall.functionsRRRRRR	R
RRR
tfirewall.core.baseRRtfirewall.core.io.io_objectRRRRRRRt
firewall.coreRtfirewall.core.loggerRRtfirewall.errorsRRRRTRRUR(((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyt<module>s$F4ÿÿ€

OHA YOOOO