Current File : //lib/python3.9/site-packages/firewall/core/io/__pycache__/ipset.cpython-39.pyc
a

���gP�@s�dZgd�ZddlmZddlZddlZddlZddlmZddl	m
Z
mZmZm
Z
mZmZmZmZddlmZmZmZddlmZmZddlmZmZmZmZdd	lmZdd
lm Z ddl!m"Z"Gdd
�d
e�Z#Gdd�de�Z$dd�Z%ddd�Z&dS)z$ipset io XML handler, reader, writer)�IPSet�ipset_reader�ipset_writer�N)�config)�checkIP�checkIP6�checkIPnMask�
checkIP6nMask�	check_mac�
check_port�checkInterface�
checkProtocol)�	IO_Object�IO_Object_ContentHandler�IO_Object_XMLGenerator)�IPSET_TYPES�IPSET_CREATE_OPTIONS)�check_icmp_name�check_icmp_type�check_icmpv6_name�check_icmpv6_type)�log)�errors)�
FirewallErrorcs�eZdZdddddddifddgffZdZgd	�Zd
d
dgdgd
d
�Zdgdgd�Z�fdd�Zdd�Z	e
dd��Zdd�Z�fdd�Z
�ZS)r)�version�)�shortr)�descriptionr)�typer�optionsr�entriesz
(ssssa{ss}as))�_�-�:�.Nr�name)rr�ipset�option�entryr�value)r&r'cs<tt|���d|_d|_d|_d|_g|_i|_d|_	dS�NrF)
�superr�__init__rrrrr r�applied��self��	__class__��:/usr/lib/python3.9/site-packages/firewall/core/io/ipset.pyr,CszIPSet.__init__cCs8d|_d|_d|_d|_|jdd�=|j��d|_dSr*)rrrrr r�clearr-r.r2r2r3�cleanupMs
z
IPSet.cleanupc
	Cs�d}d|vr|ddkrd}|�d�s6ttjd|��|dd��d�}|�d�}t|�t|�ksnt|�d	kr�ttjd
||f��t|�D�]@\}}||}|dk�r�d|v�rV|dk�rV|d	kr�ttjd
|||f��|�d�}	t|	�dk�rttjd||||f��|	D]F}
|dk�r$t|
��r8|dk�rt	|
��sttjd|
|||f���qnh|dk�r�|dk�r�ttjd||||f��|dk�r�t
}nt}nt	}||��s�ttjd||||f��q�|dk�r"d|v�r�|�d�}	t|	�dk�rttjd||||f��|dk�rt|	d��r4|dk�rPt	|	d��sPttjd|	d|||f��|dk�rht
|	d	��r�|dk�r t|	d	��s ttjd|	d	|||f��n�|�d��r�|dk�r�|dk�r�|dk�s�ttjd||||f��|dk�r�t
|��r|dk�r�t|��s�ttjd||||f��q�|dk�rVt
|��r@|dk�r�ttjd||f��q�|dk�r�d|v�r�|�d�}	t|	�dk�r�ttjd|��|	ddk�r�|dk�r�ttjd||f��t|	d	��s�t|	d	��s�ttjd|	d	|f��n�|	ddv�rV|dk�r ttjd||f��t|	d	��s�t|	d	��s�ttjd |	d	|f��n\|	dd!v�r�t|	d��s�ttjd"|	d|f��n&t|	d	��s�ttjd#|	d	|f��nt|��s�ttjd$||f��q�|d%k�r�|�d&��r$zt|d'�}Wn(t�y ttjd(||f��Yn0n6zt|�}Wn(t�yXttjd(||f��Yn0|dk�sn|d)k�r�ttjd(||f��q�|d*k�r�t|��r�t|�d+k�r�ttjd,||f��q�ttjd|��q�dS)-NZipv4�family�inet6Zipv6zhash:zipset type '%s' not usable��,�z)entry '%s' does not match ipset type '%s'�ipr"z invalid address '%s' in '%s'[%d]�z.invalid address range '%s' in '%s' for %s (%s)z(invalid address '%s' in '%s' for %s (%s)z0.0.0.0r�netz/0zhash:net,ifaceZmacz00:00:00:00:00:00z invalid mac address '%s' in '%s'�portr#zinvalid port '%s'Zicmpz(invalid protocol for family '%s' in '%s'zinvalid icmp type '%s' in '%s')Zicmpv6z	ipv6-icmpz invalid icmpv6 type '%s' in '%s')ZtcpZsctpZudpZudplitezinvalid protocol '%s' in '%s'zinvalid port '%s'in '%s'zinvalid port '%s' in '%s'Zmark�0x�zinvalid mark '%s' in '%s'l��Ziface�zinvalid interface '%s' in '%s')�
startswithrr�
INVALID_IPSET�split�lenZ
INVALID_ENTRY�	enumeraterrrr	�endswithr
rrrrr
r�int�
ValueErrorr)
r(rZ
ipset_typer6�flags�items�i�flag�itemZsplitsZ_splitZip_checkZint_valr2r2r3�check_entryVs�
�
��
��

����
��



��


��



���
����
����
����
��

�


�
��
�
��
��
�
��
����

�

�
�

�

��zIPSet.check_entryc
Cs�|dkr |tvr ttjd|��|dkr�|��D]�}|tvrLttjd|��|dvr�zt||�}Wn*ty�ttj	d|||f��Yn0|dkr�ttj	d|||f��q0|d	kr0||d
vr0ttj
||��q0dS)Nrz'%s' is not valid ipset typerzipset invalid option '%s'��timeout�hashsize�maxelem�)Option '%s': Value '%s' is not an integerr�#Option '%s': Value '%s' is negativer6�Zinetr7)rrr�INVALID_TYPE�keysrrCrHrI�
INVALID_VALUE�INVALID_FAMILY)r/rrNZ
all_config�all_io_objects�key�	int_valuer2r2r3�
_check_configs@��
��

��
�zIPSet._check_configcspd|dvr6|dddkr6t|d�dkr6ttj��|dD]}t�||d|d�q>tt|��||�dS)NrQ��0r8r�)rErrZIPSET_WITH_TIMEOUTrrOr+�
import_config)r/rr[r(r0r2r3rb&s
zIPSet.import_config)�__name__�
__module__�__qualname__ZIMPORT_EXPORT_STRUCTUREZDBUS_SIGNATUREZADDITIONAL_ALNUM_CHARSZPARSER_REQUIRED_ELEMENT_ATTRSZPARSER_OPTIONAL_ELEMENT_ATTRSr,r5�staticmethodrOr^rb�
__classcell__r2r2r0r3r,s2
���
	
5rc@seZdZdd�Zdd�ZdS)�ipset_ContentHandlercCs�t�|||�|j�||�|dkrpd|vrX|dtvrLttjd|d��|d|j_d|vrl|d|j_	�nt|dkr|�nh|dkr��n\|dk�r�d}d	|vr�|d	}|d
dvr�ttj
d|d
��|jjd
kr�|d
dvr�ttj
d|d
|jjf��|d
dv�r"|�s"ttj
d|d
��|d
dv�r�zt|�}Wn,t�yhttj
d|d
|f��Yn0|dk�r�ttj
d|d
|f��|d
dk�r�|dv�r�ttj|��|d
|jjv�r�||jj|d
<nt�d|d
�dS)Nr&rz%srrrr'rr)r%)r6rQrRrSzUnknown option '%s'zhash:mac)r6z%Unsupported option '%s' for type '%s'z&Missing mandatory value of option '%s'rPrTrrUr6rVz Option %s already set, ignoring.)r�startElementrNZparser_check_element_attrsrrrrWrrZINVALID_OPTIONrHrIrYrZrr�warning)r/r%�attrsr)r]r2r2r3ri1sx
�
����
�
��


��z!ipset_ContentHandler.startElementcCs(t�||�|dkr$|jj�|j�dS)Nr()r�
endElementrNr �appendZ_element)r/r%r2r2r3rlhszipset_ContentHandler.endElementN)rcrdrerirlr2r2r2r3rh0s7rhcCs&t�}|�d�s ttjd|��|dd�|_|�|j�||_||_|�	t
j�rVdnd|_|j|_
t|�}t��}|�|�d||f}t|d��n}t�d�}|�|�z|�|�Wn:tjy�}z ttjd|����WYd}~n
d}~00Wd�n1�s
0Y~~d	|jv�r^|jd	d
k�r^t|j�dk�r^t�d|j�|jdd�=d}	t�}
|	t|j�k�r |j|	|
v�r�t�d
|j|	�|j�|	�ntz|� |j|	|j|j!�Wn>t�y}z$t�d|�|j�|	�WYd}~n"d}~00|
�"|j|	�|	d7}	�qh~
|S)Nz.xmlz'%s' is missing .xml suffix���FT�%s/%s�rbznot a valid ipset file: %srQr`rz6ipset '%s': timeout option is set, entries are ignoredzEntry %s already set, ignoring.z
%s, ignoring.r:)#rrGrrZINVALID_NAMEr%Z
check_name�filename�pathrBr�
ETC_FIREWALLDZbuiltin�defaultrh�saxZmake_parserZsetContentHandler�openZInputSourceZ
setByteStream�parseZSAXParseExceptionrCZgetExceptionrrEr rrj�set�poprOr�add)rqrrr&�handler�parserr%�f�source�msgrLZentries_set�er2r2r3rmsd
�


��:��"rc
Cs�|r|n|j}|jr$d||jf}nd||jf}tj�|�r�zt�|d|�Wn2ty�}zt�	d||�WYd}~n
d}~00tj�
|�}|�tj
�r�tj�|�s�tj�tj
�s�t�tj
d�t�|d�tj|ddd�}t|�}|��d	|ji}|j�r|jd
k�r|j|d<|�d|�|�d
�|j�rz|jd
k�rz|�d�|�di�|�|j�|�d�|�d
�|j�r�|jd
k�r�|�d�|�di�|�|j�|�d�|�d
�|j��D]L\}	}
|�d�|
d
k�r�|�d|	|
d��n|�dd|	i�|�d
��q�|jD]:}|�d�|�di�|�|�|�d�|�d
��q"|�d�|�d
�|��|� �~dS)Nroz	%s/%s.xmlz%s.oldzBackup of file '%s' failed: %si�ZwtzUTF-8)�mode�encodingrrrr&�
z  rrr')r%r)r%r()!rrrqr%�os�exists�shutil�copy2�	Exceptionr�error�dirnamerBrrs�mkdir�iorvrZ
startDocumentrrriZignorableWhitespacerZ
charactersrlrrrKZ
simpleElementr ZendDocument�close)r&rr�_pathr%r�dirpathr}r{rkr\r)r(r2r2r3r�sf$
















r)N)'�__doc__�__all__Zxml.saxrur�r�r�ZfirewallrZfirewall.functionsrrrr	r
rrr
Zfirewall.core.io.io_objectrrrZfirewall.core.ipsetrrZfirewall.core.icmprrrrZfirewall.core.loggerrrZfirewall.errorsrrrhrrr2r2r2r3�<module>s&(=3