Current File : //lib/python3.9/site-packages/firewall/core/io/__pycache__/zone.cpython-39.pyc
a

���g�I�@s�gd�ZddlmZddlZddlZddlZddlmZddlm	Z	m
Z
mZmZm
Z
mZddlmZmZddlmZmZmZddlmZmZmZmZddlmZdd	lmZdd
lmZddl m!Z!Gdd
�d
e�Z"Gdd�de�Z#ddd�Z$ddd�Z%dS))�Zone�zone_reader�zone_writer�N)�config)�checkIPnMask�
checkIP6nMask�checkInterface�uniqify�max_zone_name_len�	check_mac)�DEFAULT_ZONE_TARGET�ZONE_TARGETS)�	IO_Object�IO_Object_ContentHandler�IO_Object_XMLGenerator)�common_startElement�common_endElement�common_check_config�
common_writer)�rich)�log)�errors)�
FirewallErrorcsXeZdZdZdddddddgfd	d
gfddgfdd
dgfddgfddgfddgfddgfdd
gfddfZgd�Zddddgddgdgdgdddgdgddddgddgdddddddgdgdd�Zgd�dgd d!gd"d#ggd$�gd%�d&d'ggd(�d)gdgd*�
Zed+d,��Z	�fd-d.�Z
d/d0�Z�fd1d2�Z�fd3d4�Z
d5d6�Z�fd7d8�Zd9d:�Z�ZS);rz Zone class )�version�)�shortr)�descriptionr)�UNUSEDF)�targetr�servicesr�ports)rr�icmp_blocks)�
masqueradeF�
forward_ports)rrrr�
interfaces�sources�	rules_str�	protocols�source_ports)�icmp_block_inversionF)�forwardT)�_�-�/N�name�port�protocol�value�set)rr�zone�servicer/z
icmp-blockz	icmp-typer*�forward-port�	interface�rule�source�destinationr0zsource-portr�nflog�auditZaccept�rejectZdropZmark�limit�icmp-block-inversion)r.�	immutablerrZenabledzto-portzto-addr�family�priority)�address�mac�invertr@�ipset)rBrDrE�prefix�level)�grouprFz
queue-size�type)
r3r"r5r7r8r9rr:r<z
tcp-mss-clampcCs8ttj�D]\}\}}||kr
|Sq
ttjd��dS)Nz
index_of())�	enumerater�IMPORT_EXPORT_STRUCTURErrZ
UNKNOWN_ERROR)�element�i�elZdummy�rO�9/usr/lib/python3.9/site-packages/firewall/core/io/zone.py�index_offs
z
Zone.index_ofcs�tt|���d|_d|_d|_d|_t|_g|_	g|_
g|_g|_d|_
d|_g|_g|_g|_g|_g|_g|_d|_d|_d|_dS�NrFT)�superr�__init__rrrrrrrr r'r!r*r"r#r(r$r%�rulesr&r)�combined�applied��self��	__class__rOrPrTms*z
Zone.__init__cCs�d|_d|_d|_d|_t|_|jdd�=|jdd�=|jdd�=|j	dd�=d|_
d|_|jdd�=|j
dd�=|jdd�=|jdd�=|jdd�=|jdd�=d|_d|_d|_dSrR)rrrrrrrr r'r!r*r"r#r(r$r%rUr&r)rVrWrXrOrOrP�cleanup�s(zZone.cleanupcsN|dkr8dd�|D�|_tt|��|dd�|jD��ntt|��||�dS)Nr&cSsg|]}tj|d��qS))Zrule_str)rZ	Rich_Rule��.0�srOrOrP�
<listcomp>��z$Zone.__setattr__.<locals>.<listcomp>cSsg|]}t|��qSrO)�strr]rOrOrPr`�ra)rUrSr�__setattr__)rYr.r1rZrOrPrc�s zZone.__setattr__cstt|���}|d=|S)Nr)rSr�export_config_dict)rYZconfrZrOrPrd�szZone.export_config_dictc	Csvt|||||�|j|dvr2ttjd�|j���|dkr\|tvrXttjd�|j|����n|dkr�|D]f}t|�s�ttj	d�|j|���|dD]:}||jkr�q�||d|j
vr�ttj	d�|j||���q�qhn�|d	k�rr|D]�}t|��s$t|��s$t
|��s$|�d
��s$ttjd�|j|���|dD]B}||jk�r@�q,||d|jv�r,ttjd�|j||����q,q�dS)
NZpoliciesz0Zone '{}': Can't have the same name as a policy.rzZone '{}': invalid target '{}'r$z!Zone '{}': invalid interface '{}'Zzonesz4Zone '{}': interface '{}' already bound to zone '{}'r%�ipset:zZone '{}': invalid source '{}'z1Zone '{}': source '{}' already bound to zone '{}')rr.rrZ
NAME_CONFLICT�formatr
�INVALID_TARGETrZINVALID_INTERFACEr$rrr�
startswith�INVALID_ADDRr%)rYr�itemZ
all_configZall_io_objectsr6r3r8rOrOrP�
_check_config�sT
�

�
��

��
���zZone._check_configcs�tt|��|�|�d�r.ttjd�|���n�|�d�rLttjd�|���nl|�	d�dkrnttjd�|���nJd|vr�|d|�
d��}n|}t|�t�kr�ttjd�|t|�t����dS)Nr-z$Zone '{}': name can't start with '/'z"Zone '{}': name can't end with '/'�z%Zone '{}': name has more than one '/'z'Zone '{}': name has {} chars, max is {})
rSr�
check_namerhrr�INVALID_NAMErf�endswith�count�find�lenr
)rYr.Zchecked_namerZrOrPrm�s,
�
����zZone.check_namec
Cs�d|_d|_d|_d|_d|_|jD]}||jvr$|j�|�q$|jD]}||jvrF|j�|�qF|jD]}||jvrh|j�|�qh|j	D]}||j	vr�|j	�|�q�|j
D]}||j
vr�|j
�|�q�|jD]}||jvr�|j�|�q�|jr�d|_|j
�rd|_
|jD]}||jv�r
|j�|��q
|jD]}||jv�r0|j�|��q0|jD]"}	|j�|	�|j�t|	���qV|j�r�d|_dS)NTr)rV�filenamerrrr$�appendr%rr r'r!r*r"r#r(rUr&rbr))
rYr3r6r8r4r/�protoZicmpr*r7rOrOrP�combine�sL














zZone.combine)�__name__�
__module__�__qualname__�__doc__rKZADDITIONAL_ALNUM_CHARSZPARSER_REQUIRED_ELEMENT_ATTRSZPARSER_OPTIONAL_ELEMENT_ATTRS�staticmethodrQrTr\rcrdrkrmrv�
__classcell__rOrOrZrPr(s����

%rc@s$eZdZdd�Zdd�Zdd�ZdS)�zone_ContentHandlercCs"t�||�d|_d|_d|_dS)NF)rrT�_rule�_rule_errorZ	_limit_ok)rYrjrOrOrPrT
szzone_ContentHandler.__init__c	Cs�t�|||�|jrdS|j�||�t|||�r6dS|dkr�d|vrVt�d|d�d|vrj|d|j_d|vr�t�d|d�d|vr�|d}|t	vr�t
tj|��|dkr�|t
kr�||j_�n�|d	kr�|jjr�t�d
�nd|j_�n�|dk�rh|j�rt�d
�d|_dSd|v�r.t�d�d|_dS|d|jjv�rT|jj�|d�nt�d|d��n2|dk�r`|j�r |jj�r�t�dt|j��d|_dSd}d|v�r�|d��dv�r�d}d}}}d|v�r�|d}d|v�r�|d}d|v�r|d}tj||||d�|j_dSd|v�rBd|v�rBt�d�dSd|v�rdd|v�rdt�d�dSd|v�r~t�d|d�d|v�r�t�d�dSd|v�r�t|d��s�t|d��s�t|d��s�t
tj|d��d|v�rd|d}||jjv�r|jj�|�nt�d|d�d|v�r�|d}||jjv�rN|jj�|�nt�d|d�n:|d k�r�|jj�r�t�d!�nd|j_nt�d"|�dSdS)#Nr3r.z'Ignoring deprecated attribute name='%s'rr?z,Ignoring deprecated attribute immutable='%s'rrr*zForward already set, ignoring.Tr6z$Invalid rule: interface use in rule.z Invalid interface: Name missing.z%Interface '%s' already set, ignoring.r8z:Invalid rule: More than one source in rule '%s', ignoring.FrD)Zyes�truerBrCrE)rDz$Invalid source: No address no ipset.z"Invalid source: Address and ipset.r@z)Ignoring deprecated attribute family='%s'z+Invalid source: Invertion not allowed here.zipset:%sz"Source '%s' already set, ignoring.r>z+Icmp-Block-Inversion already set, ignoring.zUnknown XML element '%s')r�startElementrrjZparser_check_element_attrsrrZwarningrr
rrrgrrr*r~r$rtr8rb�lowerrZRich_Sourcerrrrir%r))	rYr.�attrsrrD�addrrCrE�entryrOrOrPr�s���



�

�
�



�



�



�
�
�
�


z zone_ContentHandler.startElementcCst�||�t||�dS)N)r�
endElementr)rYr.rOrOrPr��szzone_ContentHandler.endElementN)rwrxryrTr�r�rOrOrOrPr}spr}Fc
Cs&t�}|�d�s ttjd|��|dd�|_|s>|�|j�||_||_|�	t
j�rZdnd|_|j|_
d|_t|�}t��}|�|�d||f}t|d��n}t�d�}|�|�z|�|�Wn:tjy�}	z ttjd|	����WYd}	~	n
d}	~	00Wd�n1�s0Y~~|S)	Nz.xmlz'%s' is missing .xml suffix���FT�%s/%s�rbznot a valid zone file: %s)rrorrrnr.rmrs�pathrhr�
ETC_FIREWALLDZbuiltin�defaultr*r}�saxZmake_parserZsetContentHandler�openZInputSourceZ
setByteStream�parseZSAXParseExceptionZINVALID_ZONEZgetException)
rsr�Z
no_check_namer3�handler�parserr.�fr8�msgrOrOrPr�s>
�


��:rc
CsT|r|n|j}|jr$d||jf}nd||jf}tj�|�r�zt�|d|�Wn2ty�}zt�	d||�WYd}~n
d}~00tj�
|�}|�tj
�r�tj�|�s�tj�tj
�s�t�tj
d�t�|d�tj|ddd�}t|�}|��i}|j�r|jd	k�r|j|d
<|jtk�r*|j|d<|�d|�|�d
�t||�t|j�D]*}	|�d�|�dd|	i�|�d
��qTt|j�D]N}
|�d�d|
v�r�|�dd|
dd�i�n|�dd|
i�|�d
��q�|j�r|�d�|�di�|�d
�|j�r*|�d�|�di�|�d
�|�d�|�d
�|� �|�!�~dS)Nr�z	%s/%s.xmlz%s.oldzBackup of file '%s' failed: %si�ZwtzUTF-8)�mode�encodingrrrr3�
z  r6r.rer8rE�rBr>r*)"r�rsr.�os�exists�shutil�copy2�	Exceptionr�error�dirnamerhrr��mkdir�ior�rZ
startDocumentrrrr�ZignorableWhitespacerr	r$Z
simpleElementr%r)r*r�ZendDocument�close)r3r��_pathr.r��dirpathr�r�r�r6r8rOrOrPr�s`$












r)F)N)&�__all__Zxml.saxr�r�r�r�ZfirewallrZfirewall.functionsrrrr	r
rZfirewall.core.baserr
Zfirewall.core.io.io_objectrrrZfirewall.core.io.policyrrrrZ
firewall.corerZfirewall.core.loggerrrZfirewall.errorsrrr}rrrOrOrOrP�<module>s$ e|
!