Your IP : 3.143.24.110


Current Path : /usr/lib/python3.6/site-packages/firewall/server/__pycache__/
Upload File :
Current File : //usr/lib/python3.6/site-packages/firewall/server/__pycache__/config.cpython-36.pyc

3

@)�f��@sdddlmZddlZeejd<ddlZddlZddlZddlZddl	Zddl
mZddlm
Z
ddlmZddlmZddlmZmZmZdd	lmZdd
lmZddlmZddlmZdd
lmZddl m!Z!ddl"m#Z#ddl$m%Z%ddl&m'Z'ddl(m)Z)ddl*m+Z+ddl,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3ddl
m4Z4ddl5m6Z6Gdd�dejj7j8�Z9dS)�)�GObjectNZgobject)�config)�DEFAULT_ZONE_TARGET)�Watcher)�log)�handle_exceptions�dbus_handle_exceptions�dbus_service_method)�FirewallDConfigIcmpType)�FirewallDConfigService)�FirewallDConfigZone)�FirewallDConfigPolicy)�FirewallDConfigIPSet)�FirewallDConfigHelper)�IcmpType)�IPSet)�Helper)�LockdownWhitelist)�Direct)�dbus_to_python�command_of_sender�context_of_sender�
uid_of_sender�user_of_uid�%dbus_introspection_prepare_properties�!dbus_introspection_add_properties)�errors)�
FirewallErrorcs@eZdZdZdZejjZe	�fdd��Z
e	dd��Ze	dd��Ze	d	d
��Z
e	dd��Ze	d
d��Ze	dd��Ze	dd��Ze	dd��Ze	dd��Ze	dd��Ze	dd��Ze	dd��Ze	dd��Ze	dd ��Ze	d!d"��Ze	d#d$��Ze	d%d&��Ze	d'd(��Ze	d)d*��Ze	d+d,��Ze	d-d.��Ze	d/d0��Z e!d1d2��Z"e!d3d4��Z#e!d5d6��Z$e%ej&d7d8d9�e!d�d;d<���Z'e%ej&d=d>d9�e!d�d?d@���Z(e)jj*j+ejj�e%ej&dAdB�e!d�dCdD����Z,ej-j.ej&dEdF�dGdH��Z/e)jj*j+ejj0�e%ej1d=dI�e!d�fdJdK�	���Z2e%ejj3e4j5dI�e!d�dLdM���Z6e%ejj3e4j5dB�e!d�dNdO���Z7ej-j.ejj3�e!dPdQ���Z8e%ejj3d=dB�e!d�dRdS���Z9e%ejj3d=dB�e!d�dTdU���Z:e%ejj3d=dVd9�e!d�dWdX���Z;e%ejj3dYdI�e!d�dZd[���Z<e%ejj3d=dB�e!d�d\d]���Z=e%ejj3d=dB�e!d�d^d_���Z>e%ejj3d=dVd9�e!d�d`da���Z?e%ejj3dYdI�e!d�dbdc���Z@e%ejj3d=dB�e!d�ddde���ZAe%ejj3d=dB�e!d�dfdg���ZBe%ejj3d=dVd9�e!d�dhdi���ZCe%ejj3dYdI�e!d�djdk���ZDe%ejj3dldB�e!�ddmdn���ZEe%ejj3dldB�e!�ddodp���ZFe%ejj3dldVd9�e!�ddqdr���ZGe%ejj3dsdI�e!�ddtdu���ZHe%ejjIdvdI�e!�ddwdx���ZJe%ejjIdYdI�e!�ddydz���ZKe%ejjId=d{d9�e!�dd|d}���ZLe%ejjId=eMj5d{d9�e!�dd~d���ZNej-j.ejjId=dF�e!d�d����ZOe%ejjIdvdI�e!�dd�d����ZPe%ejjIdYdI�e!�d	d�d����ZQe%ejjId=d{d9�e!�d
d�d����ZRe%ejjId=eSj5d{d9�e!�dd�d����ZTej-j.ejjId=dF�e!d�d����ZUe%ejjIdvdI�e!�dd�d����ZVe%ejjIdYdI�e!�d
d�d����ZWe%ejjId=d{d9�e!�dd�d����ZXe%ejjId�d{d9�e!�dd�d����ZYe%ejjId�d{d9�e!�dd�d����ZZej-j.ejjId=dF�e!d�d����Z[e%ejjIdvdI�e!�dd�d����Z\e%ejjIdYdI�e!�dd�d����Z]e%ejjId=d{d9�e!�dd�d����Z^e%ejjId=d=d9�e!�dd�d����Z_e%ejjId=d=d9�e!�dd�d����Z`e%ejjId�d{d9�e!�dd�d����Zae%ejjId�d{d9�e!�dd�d����Zbej-j.ejjId=dF�e!d�d����Zce%ejjIdvdI�e!�dd�d����Zde%ejjIdYdI�e!�dd�d����Zee%ejjId=d{d9�e!�dd�d����Zfe%ejjId�d{d9�e!�dd�d����Zgej-j.ejjId=dF�e!d�d����Zhe%ejjIdvdI�e!�dd�d����Zie%ejjIdYdI�e!�dd�d����Zje%ejjId=d{d9�e!�dd�d����Zke%ejjId=elj5d{d9�e!�dd�d����Zmej-j.ejjId=dF�e!d�d����Zne%ejjoepj5dI�e!�d d�d����Zqe%ejjoepj5dB�e!�d!d�d„��Zrej-j.ejjo�e!d�dĄ��Zse%ejjod�dB�e!�d"d�dDŽ��Zte%ejjod�dB�e!�d#d�dɄ��Zue%ejjod�dVd9�e!�d$d�d˄��Zve%ejjod7dYd9�e!�d%d�d̈́��Zwe%ejjod�d�d9�e!�d&d�dф��Zxe%ejjod�dB�e!�d'd�dԄ��Zye%ejjod�dB�e!�d(d�dք��Zze%ejjod�dVd9�e!�d)d�d؄��Z{e%ejjod�dB�e!�d*d�dڄ��Z|e%ejjod�d�d9�e!�d+d�d݄��Z}e%ejjod�d�d9�e!�d,d�d���Z~e%ejjod�dB�e!�d-d�d���Ze%ejjod�dB�e!�d.d�d���Z�e%ejjod�dVd9�e!�d/d�d���Z�e%ejjod=d�d9�e!�d0d�d���Z�e%ejjod�dI�e!�d1d�d���Z��Z�S(2�FirewallDConfigzFirewallD main classTcs�tt|�j||�||_|d|_|d|_|j�t|jd�|_	|j	j
tj�|j	j
tj�|j	j
tj
�|j	j
tj�|j	j
tj�|j	j
tj�|j	j
tj�|j	j
tj�|j	j
tj�|j	j
tj�|j	j
tj�|j	j
tj�tjjtj��r>xBttjtj��D].}dtj|f}tjj|��r|j	j
|��qW|j	jtj�|j	jtj�|j	jtj�t |tj!j"ddddddddddddd��dS)Nr��z%s/%sZ	readwrite)�
CleanupOnExit�CleanupModulesOnExit�
IPv6_rpfilter�Lockdown�MinimalMark�IndividualCalls�	LogDenied�AutomaticHelpers�FirewallBackend�FlushAllOnReload�RFC3964_IPv4�AllowZoneDrifting)#�superr�__init__r�busname�path�
_init_varsr�
watch_updater�watcher�
add_watch_dir�FIREWALLD_IPSETS�ETC_FIREWALLD_IPSETS�FIREWALLD_ICMPTYPES�ETC_FIREWALLD_ICMPTYPES�FIREWALLD_HELPERS�ETC_FIREWALLD_HELPERS�FIREWALLD_SERVICES�ETC_FIREWALLD_SERVICES�FIREWALLD_ZONES�ETC_FIREWALLD_ZONES�FIREWALLD_POLICIES�ETC_FIREWALLD_POLICIES�os�exists�sorted�listdir�isdirZadd_watch_file�LOCKDOWN_WHITELIST�FIREWALLD_DIRECT�FIREWALLD_CONFr�dbus�DBUS_INTERFACE_CONFIG)�selfZconf�args�kwargs�filenamer0)�	__class__��/usr/lib/python3.6/config.pyr.FsP

zFirewallDConfig.__init__cCs2g|_d|_g|_d|_g|_d|_g|_d|_g|_d|_	g|_
d|_x$|jj
�D]}|j|jj|��qTWx$|jj�D]}|j|jj|��qzWx$|jj�D]}|j|jj|��q�Wx$|jj�D]}|j|jj|��q�Wx$|jj�D]}|j|jj|��q�Wx&|jj�D]}|j|jj|���qWdS)Nr)�ipsets�	ipset_idx�	icmptypes�icmptype_idx�services�service_idx�zones�zone_idx�helpers�
helper_idx�policy_objects�policy_object_idxrZ
get_ipsets�	_addIPSetZ	get_ipsetZ
get_icmptypes�_addIcmpTypeZget_icmptypeZget_services�_addServiceZget_serviceZ	get_zones�_addZoneZget_zoneZget_helpers�
_addHelperZ
get_helperZget_policy_objects�
_addPolicyZget_policy_object)rK�ipset�icmptype�service�zone�helper�policyrPrPrQr1ts0zFirewallDConfig._init_varscCsdS)NrP)rKrPrPrQ�__del__�szFirewallDConfig.__del__cCs�x&t|j�dkr&|jj�}|j�~qWx&t|j�dkrN|jj�}|j�~q*Wx&t|j�dkrv|jj�}|j�~qRWx&t|j�dkr�|jj�}|j�~qzWx&t|j�dkr�|jj�}|j�~q�Wx&t|j�dkr�|jj�}|j�~q�W|j	�dS)Nr)
�lenrR�pop�
unregisterrTrVrXrZr\r1)rK�itemrPrPrQ�reload�s2





zFirewallDConfig.reloadc	CsJ|tjkr�|jtjj�}tjdtj�y|jj�Wn2tk
rf}ztj	d||f�dSd}~XnX|jtjj�j
�}x2t|j��D]"}||kr�||||kr�||=q�Wt
|�dkr�|jtjj|g�dS|jtj�s�|jtj�o�|jd��r�y|jj|�\}}Wn4tk
�r<}ztj	d||f�dSd}~XnX|dk�rT|j|�n*|dk�rj|j|�n|dk�rF|j|��n�|jtj��s�|jtj��r8|jd��r8y|jj|�\}}Wn4tk
�r�}ztj	d	||f�dSd}~XnX|dk�r
|j|�n*|dk�r |j|�n|dk�rF|j|��n|jtj��sT|jtj��rr|jd��r�y|jj|�\}}Wn4tk
�r�}ztj	d
||f�dSd}~XnX|dk�r�|j |�n*|dk�r�|j!|�n|dk�rn|j"|�n�|jtj��rF|j#tjd�j$d�}t
|�d
k�s&d|k�r*dSt%j&j'|��rT|j(j)|��sn|j(j*|�n|j(j)|��rF|j(j+|��n�|jtj,��s�|jtj-��r(|jd��r(y|jj.|�\}}Wn4tk
�r�}ztj	d||f�dSd}~XnX|dk�r�|j/|�n*|dk�r|j0|�n|dk�rF|j1|��n|jtj2��sD|jtj3��r�|jd��r�y|jj4|�\}}Wn4tk
�r�}ztj	d||f�dSd}~XnX|dk�r�|j5|�n*|dk�r�|j6|�n|dk�rF|j7|��nh|tj8k�r:y|jj9�Wn4tk
�r,}ztj	d||f�dSd}~XnX|j:��n|tj;k�r�y|jj<�Wn4tk
�r�}ztj	d||f�dSd}~XnX|j=�n�|jtj>��s�|jtj?��rF|jd��rFy|jj@|�\}}Wn4tk
�r}ztj	d||f�dSd}~XnX|dk�r|jA|�n*|dk�r2|jB|�n|dk�rF|jC|�dS)Nz,config: Reloading firewalld config file '%s'z+Failed to load firewalld.conf file '%s': %srz.xmlz%Failed to load icmptype file '%s': %s�new�remove�updatez$Failed to load service file '%s': %sz!Failed to load zone file '%s': %s��/rz"Failed to load ipset file '%s': %sz#Failed to load helper file '%s': %sz/Failed to load lockdown whitelist file '%s': %sz)Failed to load direct rules file '%s': %sz#Failed to load policy file '%s': %s)DrrH�GetAllrIrJr�debug1Zupdate_firewalld_conf�	Exception�error�copy�list�keysrk�PropertiesChanged�
startswithr7r8�endswithZupdate_icmptype_from_pathr_�removeIcmpType�_updateIcmpTyper;r<Zupdate_service_from_pathr`�
removeService�_updateServicer=r>Zupdate_zone_from_pathra�
removeZone�_updateZone�replace�striprAr0rEr3Z	has_watchr4Zremove_watchr5r6Zupdate_ipset_from_pathr^�removeIPSet�_updateIPSetr9r:Zupdate_helper_from_pathrb�removeHelper�
_updateHelperrFZupdate_lockdown_whitelist�LockdownWhitelistUpdatedrGZ
update_direct�Updatedr?r@Zupdate_policy_object_from_pathrc�removePolicy�
_updatePolicy)	rK�nameZ	old_props�msgZprops�keyZwhat�obj�_namerPrPrQr2�s
























zFirewallDConfig.watch_updaterc	CsPt||j||j|jdtjj|jf�}|jj|�|jd7_|j|j	�|S)Nz%s/%dr)
r
rrUr/rIZDBUS_PATH_CONFIG_ICMPTYPErT�append�
IcmpTypeAddedr�)rKr��config_icmptyperPrPrQr_AszFirewallDConfig._addIcmpTypecCsPxJ|jD]@}|jj|jkr|jj|jkr|jj|jkr||_|j|j�qWdS)N)rTr�r�r0rNr�)rKr�rerPrPrQr�MszFirewallDConfig._updateIcmpTypecCs�d}xT|jD]J}|j�}|j||kr||j|j�|jj|j|�|_|j|jj�qWx\|jD]R}|j�}d|krb|j|dkrb|dj|j�|jj	|j|�|_|j|jj�qbWx:|j
D]0}|j|kr�|j|j�|j�|j
j|�~q�WdS)N�Zicmp_blocks)
rX�getSettingsr�rqr�set_zone_configr�r�r\�set_policy_object_config_dictrT�Removedrm)rKr��indexrg�settingsrirerPrPrQrVs&
zFirewallDConfig.removeIcmpTypec	CsPt||j||j|jdtjj|jf�}|jj|�|jd7_|j|j	�|S)Nz%s/%dr)
rrrWr/rIZDBUS_PATH_CONFIG_SERVICErVr��ServiceAddedr�)rKr��config_servicerPrPrQr`pszFirewallDConfig._addServicecCsPxJ|jD]@}|jj|jkr|jj|jkr|jj|jkr||_|j|j�qWdS)N)rVr�r�r0rNr�)rKr�rfrPrPrQr�{szFirewallDConfig._updateServicecCs�d}xT|jD]J}|j�}|j||kr||j|j�|jj|j|�|_|j|jj�qWx\|jD]R}|j�}d|krb|j|dkrb|dj|j�|jj	|j|�|_|j|jj�qbWx:|j
D]0}|j|kr�|j|j�|j�|j
j|�~q�WdS)Nr rV)
rXr�r�rqrr�r�r�r\r�rVr�rm)rKr�r�rgr�rirfrPrPrQr��s&
zFirewallDConfig.removeServicec	CsPt||j||j|jdtjj|jf�}|jj|�|jd7_|j|j	�|S)Nz%s/%dr)
rrrYr/rIZDBUS_PATH_CONFIG_ZONErXr��	ZoneAddedr�)rKr��config_zonerPrPrQra�szFirewallDConfig._addZonecCsPxJ|jD]@}|jj|jkr|jj|jkr|jj|jkr||_|j|j�qWdS)N)rXr�r�r0rNr�)rKr�rgrPrPrQr��s
zFirewallDConfig._updateZonecCs@x:|jD]0}|j|kr|j|j�|j�|jj|�~qWdS)N)rXr�r�r�rmrq)rKr�rgrPrPrQr��s
zFirewallDConfig.removeZonec	CsPt||j||j|jdtjj|jf�}|jj|�|jd7_|j|j	�|S)Nz%s/%dr)
r
rr]r/rIZDBUS_PATH_CONFIG_POLICYr\r��PolicyAddedr�)rKr��
config_policyrPrPrQrc�szFirewallDConfig._addPolicycCsPxJ|jD]@}|jj|jkr|jj|jkr|jj|jkr||_|j|j�qWdS)N)r\r�r�r0rNr�)rKr�rirPrPrQr��s
zFirewallDConfig._updatePolicycCs@x:|jD]0}|j|kr|j|j�|j�|jj|�~qWdS)N)r\r�r�r�rmrq)rKr�rirPrPrQr��s
zFirewallDConfig.removePolicyc	CsPt||j||j|jdtjj|jf�}|jj|�|jd7_|j|j	�|S)Nz%s/%dr)
rrrSr/rIZDBUS_PATH_CONFIG_IPSETrRr��
IPSetAddedr�)rKr��config_ipsetrPrPrQr^�szFirewallDConfig._addIPSetcCsPxJ|jD]@}|jj|jkr|jj|jkr|jj|jkr||_|j|j�qWdS)N)rRr�r�r0rNr�)rKr�rdrPrPrQr��s
zFirewallDConfig._updateIPSetcCs@x:|jD]0}|j|kr|j|j�|j�|jj|�~qWdS)N)rRr�r�r�rmrq)rKr�rdrPrPrQr��s
zFirewallDConfig.removeIPSetc	CsPt||j||j|jdtjj|jf�}|jj|�|jd7_|j|j	�|S)Nz%s/%dr)
rrr[r/rIZDBUS_PATH_CONFIG_HELPERrZr��HelperAddedr�)rKr��
config_helperrPrPrQrb�szFirewallDConfig._addHelpercCsPxJ|jD]@}|jj|jkr|jj|jkr|jj|jkr||_|j|j�qWdS)N)rZr�r�r0rNr�)rKr�rhrPrPrQr��s
zFirewallDConfig._updateHelpercCs@x:|jD]0}|j|kr|j|j�|j�|jj|�~qWdS)N)rZr�r�r�rmrq)rKr�rhrPrPrQr�s
zFirewallDConfig.removeHelpercCs�|jj�r�|dkr tjd�dStj�}t||�}|jjd|�rDdSt||�}|jjd|�r`dSt	|�}|jjd|�rzdSt
||�}|jjd|�r�dSttj
d��dS)Nz&Lockdown not possible, sender not set.�context�uid�user�commandzlockdown is enabled)rZlockdown_enabledrrxrIZ	SystemBusrZaccess_checkrrrrrZ
ACCESS_DENIED)rK�senderZbusr�r�r�r�rPrPrQ�accessChecks$




zFirewallDConfig.accessCheckcCsF|dkrtjjd|��|jj�j|�}|dkrH|dkr>tj}tj|�S|dkrr|dkr`tj}nt	|�}tj
|�S|dkr�|dkr�tjr�dnd}tj|�S|dkr�|dkr�tjr�dnd}tj|�S|dk�r�|dk�r�tj
�r�dnd}tj|�S|dk�r|dk�rtj�rdnd}tj|�S|dk�rL|dk�rBtj�r>dnd}tj|�S|dk�rp|dk�rftj}tj|�S|d	k�r�|dk�r�tj}tj|�S|d
k�r�|dk�r�tj}tj|�S|dk�r�|dk�r�tj�r�dnd}tj|�S|dk�r|dk�r
tj�rdnd}tj|�S|d
k�rB|dk�r8tj�r4dnd}tj|�SdS)N�DefaultZoner%r!r"r$r#r&r'r(r)r*r+r,zDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist�yes�no)
r�r%r!r"r$r#r&r'r(r)r*r+r,)rI�
exceptions�
DBusExceptionr�get_firewalld_conf�getZ
FALLBACK_ZONE�StringZFALLBACK_MINIMAL_MARK�int�Int32ZFALLBACK_CLEANUP_ON_EXITZ FALLBACK_CLEANUP_MODULES_ON_EXITZFALLBACK_LOCKDOWNZFALLBACK_IPV6_RPFILTERZFALLBACK_INDIVIDUAL_CALLSZFALLBACK_LOG_DENIEDZFALLBACK_AUTOMATIC_HELPERSZFALLBACK_FIREWALL_BACKENDZFALLBACK_FLUSH_ALL_ON_RELOADZFALLBACK_RFC3964_IPV4ZFALLBACK_ALLOW_ZONE_DRIFTING)rK�prop�valuerPrPrQ�
_get_property+s|





























zFirewallDConfig._get_propertycCsT|dkrtj|j|��S|dkr0tj|j|��S|dkrHtj|j|��S|dkr`tj|j|��S|dkrxtj|j|��S|dkr�tj|j|��S|dkr�tj|j|��S|dkr�tj|j|��S|d	kr�tj|j|��S|d
k�r�tj|j|��S|dk�rtj|j|��S|dk�r&tj|j|��S|d
k�r@tj|j|��Stjjd|��dS)Nr�r%r!r"r$r#r&r'r(r)r*r+r,zDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist)rIr�r�r�r�r�)rKr�rPrPrQ�_get_dbus_propertyos:



z"FirewallDConfig._get_dbus_propertyZss�v)�in_signature�
out_signatureNcCsxt|t�}t|t�}tjd||�|tjjkr8|j|�S|tjjtjj	gkr^tj
jd|��ntj
jd|��|j|�S)Nzconfig.Get('%s', '%s')zDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not existzJorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r�strrrvrrIrJr��DBUS_INTERFACE_CONFIG_DIRECT�DBUS_INTERFACE_CONFIG_POLICIESr�r�)rK�interface_name�
property_namer�rPrPrQ�Get�s



zFirewallDConfig.Get�sza{sv}c
Csxt|t�}tjd|�i}|tjjkrDxBdD]}|j|�||<q,Wn&|tjjtjj	gkrZntj
jd|��tj|dd�S)Nzconfig.GetAll('%s')r�r%r!r"r$r#r&r'r(r)r*r+r,zJorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not existZsv)�	signature)
r�r%r!r"r$r#r&r'r(r)r*r+r,)
rr�rrvrrIrJr�r�r�r�r�Z
Dictionary)rKr�r��ret�xrPrPrQru�s"
zFirewallDConfig.GetAllZssv)r�cCs�t|t�}t|t�}t|�}tjd|||�|j|�|tjjk�r�|dk�rz|dkrv|j�dkrvt	t
jd||f��|dkr�|tjkr�t	t
jd||f��|dkr�|tj
kr�t	t
jd||f��|d	k�r�|j�dk�r�t	t
jd||f��|d
k�r|j�dk�rt	t
jd||f��|dk�rF|j�dk�rFt	t
jd||f��|jj�j||�|jj�j�|j|||ig�n|dk�r�ntjjd|��n8|tjjtjjgk�r�tjjd|��ntjjd|��dS)Nzconfig.Set('%s', '%s', '%s')r!r$r"r#r&r'r)r*r+r,r�r��true�falsez'%s' for %sr%r(zDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not existzJorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)
r!r$r"r#r&r'r)r*r+r,)r!r$r"r#r&)r�r�r�r�)r�r�r�r�)r�r�r�r�)r�r�r�r�)r%r()rr�rrvr�rrIrJ�lowerrrZ
INVALID_VALUEZLOG_DENIED_VALUESZFIREWALL_BACKEND_VALUESr��set�writer|r�r�r�r�)rKr�r�Z	new_valuer�rPrPrQ�Set�sz










zFirewallDConfig.Setzsa{sv}as)r�cCs.t|t�}t|�}t|�}tjd|||�dS)Nz*config.PropertiesChanged('%s', '%s', '%s'))rr�rrv)rKr�Zchanged_propertiesZinvalidated_propertiesrPrPrQr|s

z!FirewallDConfig.PropertiesChanged)r�cs4tjd�tt|�j|j|jj��}t||t	j
j�S)Nzconfig.Introspect())rZdebug2r-r�
Introspectr0r/Zget_busrrrIrJ)rKr��data)rOrPrQr�s

zFirewallDConfig.IntrospectcCstjd�|jj�jj�S)Nz&config.policies.getLockdownWhitelist())rrvr�get_policies�lockdown_whitelist�
export_config)rKr�rPrPrQ�getLockdownWhitelists
z$FirewallDConfig.getLockdownWhitelistcCs@tjd�t|�}|jj�jj|�|jj�jj�|j�dS)Nz)config.policies.setLockdownWhitelist(...))	rrvrrr�r��
import_configr�r�)rKr�r�rPrPrQ�setLockdownWhitelist&s

z$FirewallDConfig.setLockdownWhitelistcCstjd�dS)Nz*config.policies.LockdownWhitelistUpdated())rrv)rKrPrPrQr�0sz(FirewallDConfig.LockdownWhitelistUpdatedcCs^t|�}tjd|�|j|�t|j��}||dkrBttj|��|dj	|�|j
|�dS)Nz1config.policies.addLockdownWhitelistCommand('%s')r)rrrvr�rzr�rr�ALREADY_ENABLEDr�r�)rKr�r�r�rPrPrQ�addLockdownWhitelistCommand7s
z+FirewallDConfig.addLockdownWhitelistCommandcCs^t|�}tjd|�|j|�t|j��}||dkrBttj|��|dj	|�|j
|�dS)Nz4config.policies.removeLockdownWhitelistCommand('%s')r)rrrvr�rzr�rr�NOT_ENABLEDrqr�)rKr�r�r�rPrPrQ�removeLockdownWhitelistCommandDs
z.FirewallDConfig.removeLockdownWhitelistCommand�bcCs$t|�}tjd|�||j�dkS)Nz3config.policies.queryLockdownWhitelistCommand('%s')r)rrrvr�)rKr�r�rPrPrQ�queryLockdownWhitelistCommandRsz-FirewallDConfig.queryLockdownWhitelistCommand�ascCstjd�|j�dS)Nz.config.policies.getLockdownWhitelistCommands()r)rrvr�)rKr�rPrPrQ�getLockdownWhitelistCommands[s
z,FirewallDConfig.getLockdownWhitelistCommandscCs^t|�}tjd|�|j|�t|j��}||dkrBttj|��|dj	|�|j
|�dS)Nz1config.policies.addLockdownWhitelistContext('%s')r)rrrvr�rzr�rrr�r�r�)rKr�r�r�rPrPrQ�addLockdownWhitelistContextds
z+FirewallDConfig.addLockdownWhitelistContextcCs^t|�}tjd|�|j|�t|j��}||dkrBttj|��|dj	|�|j
|�dS)Nz4config.policies.removeLockdownWhitelistContext('%s')r)rrrvr�rzr�rrr�rqr�)rKr�r�r�rPrPrQ�removeLockdownWhitelistContextqs
z.FirewallDConfig.removeLockdownWhitelistContextcCs$t|�}tjd|�||j�dkS)Nz3config.policies.queryLockdownWhitelistContext('%s')r)rrrvr�)rKr�r�rPrPrQ�queryLockdownWhitelistContextsz-FirewallDConfig.queryLockdownWhitelistContextcCstjd�|j�dS)Nz.config.policies.getLockdownWhitelistContexts()r)rrvr�)rKr�rPrPrQ�getLockdownWhitelistContexts�s
z,FirewallDConfig.getLockdownWhitelistContextscCs^t|�}tjd|�|j|�t|j��}||dkrBttj|��|dj	|�|j
|�dS)Nz.config.policies.addLockdownWhitelistUser('%s')�)rrrvr�rzr�rrr�r�r�)rKr�r�r�rPrPrQ�addLockdownWhitelistUser�s
z(FirewallDConfig.addLockdownWhitelistUsercCs^t|�}tjd|�|j|�t|j��}||dkrBttj|��|dj	|�|j
|�dS)Nz1config.policies.removeLockdownWhitelistUser('%s')r�)rrrvr�rzr�rrr�rqr�)rKr�r�r�rPrPrQ�removeLockdownWhitelistUser�s
z+FirewallDConfig.removeLockdownWhitelistUsercCs$t|�}tjd|�||j�dkS)Nz0config.policies.queryLockdownWhitelistUser('%s')r�)rrrvr�)rKr�r�rPrPrQ�queryLockdownWhitelistUser�sz*FirewallDConfig.queryLockdownWhitelistUsercCstjd�|j�dS)Nz+config.policies.getLockdownWhitelistUsers()r�)rrvr�)rKr�rPrPrQ�getLockdownWhitelistUsers�s
z)FirewallDConfig.getLockdownWhitelistUsers�icCs^t|�}tjd|�|j|�t|j��}||dkrBttj|��|dj	|�|j
|�dS)Nz+config.policies.addLockdownWhitelistUid(%d)�)rrrvr�rzr�rrr�r�r�)rKr�r�r�rPrPrQ�addLockdownWhitelistUid�s
z'FirewallDConfig.addLockdownWhitelistUidcCs^t|�}tjd|�|j|�t|j��}||dkrBttj|��|dj	|�|j
|�dS)Nz.config.policies.removeLockdownWhitelistUid(%d)r�)rrrvr�rzr�rrr�rqr�)rKr�r�r�rPrPrQ�removeLockdownWhitelistUid�s
z*FirewallDConfig.removeLockdownWhitelistUidcCs$t|�}tjd|�||j�dkS)Nz-config.policies.queryLockdownWhitelistUid(%d)r�)rrrvr�)rKr�r�rPrPrQ�queryLockdownWhitelistUid�sz)FirewallDConfig.queryLockdownWhitelistUidZaicCstjd�|j�dS)Nz*config.policies.getLockdownWhitelistUids()r�)rrvr�)rKr�rPrPrQ�getLockdownWhitelistUids�s
z(FirewallDConfig.getLockdownWhitelistUidsZaocCstjd�|jS)z"list ipsets objects paths
        zconfig.listIPSets())rrvrR)rKr�rPrPrQ�
listIPSets�s
zFirewallDConfig.listIPSetscCs4tjd�g}x|jD]}|j|jj�qWt|�S)zget ipset names
        zconfig.getIPSetNames())rrvrRr�r�r�rC)rKr�rRr�rPrPrQ�
getIPSetNames�s

zFirewallDConfig.getIPSetNames�ocCsFt|t�}tjd|�x|jD]}|jj|kr|SqWttj	|��dS)z-object path of ipset with given name
        zconfig.getIPSetByName('%s')N)
rr�rrvrRr�r�rrZ
INVALID_IPSET)rKrdr�r�rPrPrQ�getIPSetByName�s
zFirewallDConfig.getIPSetByNamecCsDt|t�}t|�}tjd|�|j|�|jj||�}|j|�}|S)z/add ipset with given name and settings
        zconfig.addIPSet('%s'))rr�rrvr�rZ	new_ipsetr^)rKrdr�r�r�r�rPrPrQ�addIPSet	s


zFirewallDConfig.addIPSetcCst|t�}tjd|�dS)Nzconfig.IPSetAdded('%s'))rr�rrv)rKrdrPrPrQr�s
zFirewallDConfig.IPSetAddedcCstjd�|jS)z%list icmptypes objects paths
        zconfig.listIcmpTypes())rrvrT)rKr�rPrPrQ�
listIcmpTypes s
zFirewallDConfig.listIcmpTypescCs4tjd�g}x|jD]}|j|jj�qWt|�S)zget icmptype names
        zconfig.getIcmpTypeNames())rrvrTr�r�r�rC)rKr�rTr�rPrPrQ�getIcmpTypeNames(s

z FirewallDConfig.getIcmpTypeNamescCsFt|t�}tjd|�x|jD]}|jj|kr|SqWttj	|��dS)z0object path of icmptype with given name
        zconfig.getIcmpTypeByName('%s')N)
rr�rrvrTr�r�rrZINVALID_ICMPTYPE)rKrer�r�rPrPrQ�getIcmpTypeByName3s
z!FirewallDConfig.getIcmpTypeByNamecCsDt|t�}t|�}tjd|�|j|�|jj||�}|j|�}|S)z2add icmptype with given name and settings
        zconfig.addIcmpType('%s'))rr�rrvr�rZnew_icmptyper_)rKrer�r�r�r�rPrPrQ�addIcmpType@s


zFirewallDConfig.addIcmpTypecCstjd|�dS)Nzconfig.IcmpTypeAdded('%s'))rrv)rKrerPrPrQr�OszFirewallDConfig.IcmpTypeAddedcCstjd�|jS)z$list services objects paths
        zconfig.listServices())rrvrV)rKr�rPrPrQ�listServicesVs
zFirewallDConfig.listServicescCs4tjd�g}x|jD]}|j|jj�qWt|�S)zget service names
        zconfig.getServiceNames())rrvrVr�r�r�rC)rKr�rVr�rPrPrQ�getServiceNames^s

zFirewallDConfig.getServiceNamescCsFt|t�}tjd|�x|jD]}|jj|kr|SqWttj	|��dS)z/object path of service with given name
        zconfig.getServiceByName('%s')N)
rr�rrvrVr�r�rrZINVALID_SERVICE)rKrfr�r�rPrPrQ�getServiceByNameis
z FirewallDConfig.getServiceByNamezs(sssa(ss)asa{ss}asa(ss))cCsDt|t�}t|�}tjd|�|j|�|jj||�}|j|�}|S)z1add service with given name and settings
        zconfig.addService('%s'))rr�rrvr�rZnew_servicer`)rKrfr�r�r�r�rPrPrQ�
addServicevs


zFirewallDConfig.addServicezsa{sv}cCsDt|t�}t|�}tjd|�|j|�|jj||�}|j|�}|S)z1add service with given name and settings
        zconfig.addService2('%s'))rr�rrvr�rZnew_service_dictr`)rKrfr�r�r�r�rPrPrQ�addService2�s


zFirewallDConfig.addService2cCstjd|�dS)Nzconfig.ServiceAdded('%s'))rrv)rKrfrPrPrQr��szFirewallDConfig.ServiceAddedcCstjd�|jS)z!list zones objects paths
        zconfig.listZones())rrvrX)rKr�rPrPrQ�	listZones�s
zFirewallDConfig.listZonescCs4tjd�g}x|jD]}|j|jj�qWt|�S)zget zone names
        zconfig.getZoneNames())rrvrXr�r�r�rC)rKr�rXr�rPrPrQ�getZoneNames�s

zFirewallDConfig.getZoneNamescCsFt|t�}tjd|�x|jD]}|jj|kr|SqWttj	|��dS)z,object path of zone with given name
        zconfig.getZoneByName('%s')N)
rr�rrvrXr�r�rrZINVALID_ZONE)rKrgr�r�rPrPrQ�
getZoneByName�s
zFirewallDConfig.getZoneByNamecCszt|t�}tjd|�g}x(|jD]}||jjkr"|j|jj�q"Wt	|�dkrjdj
|�d|t	|�fS|rv|dSdS)z4name of zone the given interface belongs to
        zconfig.getZoneOfInterface('%s')r� zE  (ERROR: interface '%s' is in %s zone XML files, can be only in one)rrs)rr�rrvrXr�Z
interfacesr�r�rk�join)rKZifacer�r�r�rPrPrQ�getZoneOfInterface�s
z"FirewallDConfig.getZoneOfInterfacecCszt|t�}tjd|�g}x(|jD]}||jjkr"|j|jj�q"Wt	|�dkrjdj
|�d|t	|�fS|rv|dSdS)z1name of zone the given source belongs to
        zconfig.getZoneOfSource('%s')rr�zB  (ERROR: source '%s' is in %s zone XML files, can be only in one)rrs)rr�rrvrXr�Zsourcesr�r�rkr)rK�sourcer�r�r�rPrPrQ�getZoneOfSource�s
zFirewallDConfig.getZoneOfSourcez's(sssbsasa(ss)asba(ssss)asasasasa(ss)b)cCsht|t�}t|�}tjd|�|j|�|ddkrLt|�}t|d<t|�}|jj	||�}|j
|�}|S)z.add zone with given name and settings
        zconfig.addZone('%s')��default)rr�rrvr�rzr�tuplerZnew_zonera)rKrgr�r�Z	_settingsr�r�rPrPrQ�addZone�s


zFirewallDConfig.addZonecCs`t|t�}t|�}tjd|�|j|�d|krD|ddkrDt|d<|jj||�}|j|�}|S)z.add zone with given name and settings
        zconfig.addZone('%s')�targetr)	rr�rrvr�rrZ
new_zone_dictra)rKrgr�r�r�r�rPrPrQ�addZone2�s


zFirewallDConfig.addZone2cCstjd|�dS)Nzconfig.ZoneAdded('%s'))rrv)rKrgrPrPrQr�szFirewallDConfig.ZoneAddedcCstjd�|jS)z$list policies objects paths
        zconfig.listPolicies())rrvr\)rKr�rPrPrQ�listPoliciess
zFirewallDConfig.listPoliciescCs4tjd�g}x|jD]}|j|jj�qWt|�S)zget policy names
        zconfig.getPolicyNames())rrvr\r�r�r�rC)rKr�Zpoliciesr�rPrPrQ�getPolicyNamess

zFirewallDConfig.getPolicyNamescCsFt|t�}tjd|�x|jD]}|jj|kr|SqWttj	|��dS)z.object path of policy with given name
        zconfig.getPolicyByName('%s')N)
rr�rrvr\r�r�rrZINVALID_POLICY)rKrir�r�rPrPrQ�getPolicyByName"s
zFirewallDConfig.getPolicyByNamecCsDt|t�}t|�}tjd|�|j|�|jj||�}|j|�}|S)z0add policy with given name and settings
        zconfig.addPolicy('%s'))rr�rrvr�rZnew_policy_object_dictrc)rKrir�r�r�r�rPrPrQ�	addPolicy/s


zFirewallDConfig.addPolicycCstjd|�dS)Nzconfig.PolicyAdded('%s'))rrv)rKrirPrPrQr�>szFirewallDConfig.PolicyAddedcCstjd�|jS)z#list helpers objects paths
        zconfig.listHelpers())rrvrZ)rKr�rPrPrQ�listHelpersGs
zFirewallDConfig.listHelperscCs4tjd�g}x|jD]}|j|jj�qWt|�S)zget helper names
        zconfig.getHelperNames())rrvrZr�r�r�rC)rKr�rZr�rPrPrQ�getHelperNamesOs

zFirewallDConfig.getHelperNamescCsFt|t�}tjd|�x|jD]}|jj|kr|SqWttj	|��dS)z.object path of helper with given name
        zconfig.getHelperByName('%s')N)
rr�rrvrZr�r�rrZINVALID_HELPER)rKrhr�r�rPrPrQ�getHelperByNameZs
zFirewallDConfig.getHelperByNamecCsDt|t�}t|�}tjd|�|j|�|jj||�}|j|�}|S)z0add helper with given name and settings
        zconfig.addHelper('%s'))rr�rrvr�rZ
new_helperrb)rKrhr�r�r�r�rPrPrQ�	addHelpergs


zFirewallDConfig.addHelpercCst|t�}tjd|�dS)Nzconfig.HelperAdded('%s'))rr�rrv)rKrhrPrPrQr�vs
zFirewallDConfig.HelperAddedcCstjd�|jj�j�S)Nzconfig.direct.getSettings())rrvr�
get_directr�)rKr�rPrPrQr�s
zFirewallDConfig.getSettingscCs<tjd�t|�}|jj�j|�|jj�j�|j�dS)Nzconfig.direct.update())rrvrrrr�r�r�)rKr�r�rPrPrQrr�s

zFirewallDConfig.updatecCstjd�dS)Nzconfig.direct.Updated())rrv)rKrPrPrQr��szFirewallDConfig.UpdatedZssscCs�t|�}t|�}t|�}tjd|||f�|j|�t|||f�}t|j��}||dkrrttj	d|||f��|dj
|�|j|�dS)Nz(config.direct.addChain('%s', '%s', '%s')rz chain '%s' already is in '%s:%s')rrrvr�rrzr�rrr�r�rr)rK�ipv�table�chainr��idxr�rPrPrQ�addChain�s
zFirewallDConfig.addChaincCs�t|�}t|�}t|�}tjd|||f�|j|�t|||f�}t|j��}||dkrrttj	d|||f��|dj
|�|j|�dS)Nz+config.direct.removeChain('%s', '%s', '%s')rzchain '%s' is not in '%s:%s')rrrvr�rrzr�rrr�rqrr)rKrrrr�rr�rPrPrQ�removeChain�s

zFirewallDConfig.removeChaincCsJt|�}t|�}t|�}tjd|||f�t|||f�}||j�dkS)Nz*config.direct.queryChain('%s', '%s', '%s')r)rrrvrr�)rKrrrr�rrPrPrQ�
queryChain�szFirewallDConfig.queryChaincCsft|�}t|�}tjd||f�g}x:|j�dD]*}|d|kr4|d|kr4|j|d�q4W|S)Nz#config.direct.getChains('%s', '%s')rrr�)rrrvr�r�)rKrrr�r�rrPrPrQ�	getChains�szFirewallDConfig.getChainsrsza(sss)cCstjd�|j�dS)Nzconfig.direct.getAllChains()r)rrvr�)rKr�rPrPrQ�getAllChains�s
zFirewallDConfig.getAllChainsZsssiasc	Cs�t|�}t|�}t|�}t|�}t|�}tjd||||dj|�f�|j|�|||||f}t|j��}||dkr�ttj	d||||f��|dj
|�|jt|��dS)Nz1config.direct.addRule('%s', '%s', '%s', %d, '%s')z','rz"rule '%s' already is in '%s:%s:%s')
rrrvrr�rzr�rrr�r�rrr)	rKrrr�priorityrLr�rr�rPrPrQ�addRule�s 
zFirewallDConfig.addRulec	Cs�t|�}t|�}t|�}t|�}t|�}tjd||||dj|�f�|j|�|||||f}t|j��}||dkr�ttj	d||||f��|dj
|�|jt|��dS)Nz4config.direct.removeRule('%s', '%s', '%s', %d, '%s')z','rzrule '%s' is not in '%s:%s:%s')
rrrvrr�rzr�rrr�rqrrr)	rKrrrrrLr�rr�rPrPrQ�
removeRule�s 
zFirewallDConfig.removeRulecCsdt|�}t|�}t|�}t|�}t|�}tjd||||dj|�f�|||||f}||j�dkS)Nz3config.direct.queryRule('%s', '%s', '%s', %d, '%s')z','r)rrrvrr�)rKrrrrrLr�rrPrPrQ�	queryRuleszFirewallDConfig.queryRulecCs�t|�}t|�}t|�}tjd|||f�|j|�t|j��}xF|ddd�D]2}|||f|d|d|dfkrT|dj|�qTW|jt|��dS)Nz+config.direct.removeRules('%s', '%s', '%s')rrr�)	rrrvr�rzr�rqrrr)rKrrrr�r�ZrulerPrPrQ�removeRuless
 zFirewallDConfig.removeRulesza(ias)cCs�t|�}t|�}t|�}tjd|||f�g}xN|j�dD]>}|d|kr>|d|kr>|d|kr>|j|d|df�q>W|S)Nz(config.direct.getRules('%s', '%s', '%s')rrr�r�r)rrrvr�r�)rKrrrr�r�rrPrPrQ�getRules)s$zFirewallDConfig.getRulesz	a(sssias)cCstjd�|j�dS)Nzconfig.direct.getAllRules()r)rrvr�)rKr�rPrPrQ�getAllRules8s
zFirewallDConfig.getAllRulesZsascCs�t|�}t|�}tjd|dj|�f�|j|�||f}t|j��}||dkrfttj	d||f��|dj
|�|j|�dS)Nz(config.direct.addPassthrough('%s', '%s')z','r�zpassthrough '%s', '%s')rrrvrr�rzr�rrr�r�rr)rKrrLr�rr�rPrPrQ�addPassthroughAs
zFirewallDConfig.addPassthroughcCs�t|�}t|�}tjd|dj|�f�|j|�||f}t|j��}||dkrfttj	d||f��|dj
|�|j|�dS)Nz+config.direct.removePassthrough('%s', '%s')z','r�zpassthrough '%s', '%s')rrrvrr�rzr�rrr�rqrr)rKrrLr�rr�rPrPrQ�removePassthroughSs
z!FirewallDConfig.removePassthroughcCs@t|�}t|�}tjd|dj|�f�||f}||j�dkS)Nz*config.direct.queryPassthrough('%s', '%s')z','r�)rrrvrr�)rKrrLr�rrPrPrQ�queryPassthroughdsz FirewallDConfig.queryPassthroughZaascCsNt|�}tjd|�g}x.|j�dD]}|d|kr(|j|d�q(W|S)Nz#config.direct.getPassthroughs('%s')r�rr)rrrvr�r�)rKrr�r�rrPrPrQ�getPassthroughsoszFirewallDConfig.getPassthroughsza(sas)cCstjd�|j�dS)Nz"config.direct.getAllPassthroughs()r�)rrvr�)rKr�rPrPrQ�getAllPassthroughs{s
z"FirewallDConfig.getAllPassthroughs)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)��__name__�
__module__�__qualname__�__doc__Z
persistentrrIZPK_ACTION_CONFIGZdefault_polkit_auth_requiredrr.r1rjror2r_r�rr`r�r�rar�r�rcr�r�r^r�r�rbr�r�rr�r�r�r	ZPROPERTIES_IFACEr�ru�slipZpolkitZrequire_authr�rf�signalr|ZPK_ACTION_INFOZINTROSPECTABLE_IFACEr�r�rZDBUS_SIGNATUREr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rJr�r�r�rr�r�r�r�r�rr�r�r�r�r�r�r�r�r�r�r�rrrr	r�r
rrr
r�rrrrrr�r�rr�rrr�rrrrrrrrr r!r"r#r$r%r&r'�
__classcell__rPrP)rOrQr>sv.				D!D	





	

	

	

	




	

	

	

	r):Z
gi.repositoryr�sys�modulesrArIZdbus.serviceZ	slip.dbusr,Zslip.dbus.serviceZfirewallrZfirewall.core.baserZfirewall.core.watcherrZfirewall.core.loggerrZfirewall.server.decoratorsrrr	Zfirewall.server.config_icmptyper
Zfirewall.server.config_servicerZfirewall.server.config_zonerZfirewall.server.config_policyr
Zfirewall.server.config_ipsetrZfirewall.server.config_helperrZfirewall.core.io.icmptyperZfirewall.core.io.ipsetrZfirewall.core.io.helperrZ#firewall.core.io.lockdown_whitelistrZfirewall.core.io.directrZfirewall.dbus_utilsrrrrrrrrZfirewall.errorsrrfZObjectrrPrPrPrQ�<module>s6
$

?>