????

Your IP : 3.135.204.41

Current Path : /proc/self/root/lib/python3.6/site-packages/firewall/core/io/__pycache__/
Upload File :
Current File : //proc/self/root/lib/python3.6/site-packages/firewall/core/io/__pycache__/zone.cpython-36.pyc

3

@)�f�M�@sdddgZddljZddlZddlZddlZddlmZddlm	Z	m
Z
mZmZm
Z
mZmZddlmZmZddlmZmZmZmZdd	lmZmZmZmZdd
lmZddlm Z ddlm!Z!dd
l"m#Z#Gdd�de�Z$Gdd�de�Z%ddd�Z&ddd�Z'dS)�Zone�zone_reader�zone_writer�N)�config)�checkIPnMask�
checkIP6nMask�checkInterface�uniqify�max_zone_name_len�
u2b_if_py2�	check_mac)�DEFAULT_ZONE_TARGET�ZONE_TARGETS)�PY2�	IO_Object�IO_Object_ContentHandler�IO_Object_XMLGenerator)�common_startElement�common_endElement�common_check_config�
common_writer)�rich)�log)�errors)�
FirewallErrorcsfeZdZdZd@dAdBdCdDd	dgfd
dEgfddgfdFd
dGgfddgfddgfddgfddgfddHgfdIdJfZdddgZddddgddgdgdgdddgdgddddgddgddddddgdgdd�Zddddgd gd!d"gd#d$gd%d&d'd#d(gd%d'd(gd)d*gd+gd,gd-�	Zed.d/��Z	�fd0d1�Z
d2d3�Zd4d5�Z�fd6d7�Z
�fd8d9�Zd:d;�Z�fd<d=�Zd>d?�Z�ZS)Krz Zone class �version��short�description�UNUSEDF�target�services�ports�icmp_blocks�
masquerade�
forward_ports�
interfaces�sources�	rules_str�	protocols�source_ports�icmp_block_inversion�forward�_�-�/N�name�port�protocol�value�set)rr�zone�servicer1z
icmp-blockz	icmp-typer,zforward-port�	interface�rule�source�destinationr2zsource-portrZauditZaccept�rejectZdropZmark�limitzicmp-block-inversion�	immutableZenabledzto-portzto-addr�familyZpriority�address�mac�invert�ipset�prefix�level�typeZburst)	r5r$zforward-portr8r9r:rr;r<cCs8x&ttj�D]\}\}}||kr|SqWttjd��dS)Nz
index_of())�	enumerater�IMPORT_EXPORT_STRUCTURErrZ
UNKNOWN_ERROR)�element�iZelZdummy�rJ�/usr/lib/python3.6/zone.py�index_ofdsz
Zone.index_ofcs�tt|�j�d|_d|_d|_d|_t|_g|_	g|_
g|_g|_d|_
d|_g|_g|_g|_g|_d|_g|_g|_d|_d|_d|_dS)NrF)�superr�__init__rrrrr
r r!r"r)r#r,r$r%r*r&r'�	fw_config�rulesr(r+�combined�applied)�self)�	__class__rJrKrNks,z
Zone.__init__cCs�d|_d|_d|_d|_t|_|jdd�=|jdd�=|jdd�=|j	dd�=d|_
d|_|jdd�=|j
dd�=|jdd�=|jdd�=d|_|jdd�=|jdd�=d|_d|_d|_dS)NrF)rrrrr
r r!r"r)r#r,r$r%r*r&r'rOrPr(r+rQrR)rSrJrJrK�cleanup�s*zZone.cleanupcCs�t|j�|_t|j�|_t|j�|_t|j�|_dd�|jD�|_dd�|jD�|_dd�|jD�|_dd�|jD�|_dd�|j	D�|_	dd�|j
D�|_
dd�|jD�|_d	d�|jD�|_d
d�|j
D�|_
dd�|jD�|_dS)
z� HACK. I haven't been able to make sax parser return
            strings encoded (because of python 2) instead of in unicode.
            Get rid of it once we throw out python 2 support.cSsg|]}t|��qSrJ)r)�.0�srJrJrK�
<listcomp>�sz'Zone.encode_strings.<locals>.<listcomp>cSs g|]\}}t|�t|�f�qSrJ)r)rV�po�prrJrJrKrX�scSsg|]}t|��qSrJ)r)rVrZrJrJrKrX�scSsg|]}t|��qSrJ)r)rVrIrJrJrKrX�scSs0g|](\}}}}t|�t|�t|�t|�f�qSrJ)r)rVZp1Zp2Zp3Zp4rJrJrKrX�scSs g|]\}}t|�t|�f�qSrJ)r)rVrYrZrJrJrKrX�scSsg|]}t|��qSrJ)r)rVrIrJrJrKrX�scSsg|]}t|��qSrJ)r)rVrWrJrJrKrX�scSsg|]}t|��qSrJ)r)rVrWrJrJrKrX�scSsg|]}t|��qSrJ)r)rVrWrJrJrKrX�sN)rrrrr r!r"r)r#r%r*r&r'rPr()rSrJrJrK�encode_strings�szZone.encode_stringscsN|dkr8dd�|D�|_tt|�j|dd�|jD��ntt|�j||�dS)Nr(cSsg|]}tj|d��qS))Zrule_str)rZ	Rich_Rule)rVrWrJrJrKrX�sz$Zone.__setattr__.<locals>.<listcomp>cSsg|]}t|��qSrJ)�str)rVrWrJrJrKrX�s)rPrMr�__setattr__)rSr0r3)rTrJrKr]�s zZone.__setattr__cstt|�j�}|d=|S)Nr)rMr�export_config_dict)rSZconf)rTrJrKr^�szZone.export_config_dictcCsLt||||�|dkr.|tkr*ttj|���n|dkr�xl|D]d}t|�sTttj|��|jr<xD|jj�D]6}||j	krvqf||jj
|�jkrfttjdj||���qfWq<Wn�|dk�rHx�|D]�}t
|�r�t|�r�t|�r�|jd�r�ttj|��|jr�xL|jj�D]>}||j	k�r�q||jj
|�jk�rttjdj||����qWq�WdS)Nr r&z)interface '{}' already bound to zone '{}'r'zipset:z&source '{}' already bound to zone '{}')rrrr�INVALID_TARGETrZINVALID_INTERFACErOZ	get_zonesr0Zget_zoner&�formatrrr�
startswith�INVALID_ADDRr')rSr�itemZ
all_configr7r5r9rJrJrK�
_check_config�s6



zZone._check_configcs�tt|�j|�|jd�r,ttjd|��n�|jd�rHttjd|��n�|jd�dkrhttjd|��nnd|kr�|d|j	d��}n|}t
|�t�kr�ttjd|t
|�t�|jf��|j
r�||j
j�kr�ttjd��dS)Nr/z'%s' can't start with '/'z'%s' can't end with '/'�zmore than one '/' in '%s'z'Zone of '%s' has %d chars, max is %d %sz+Zones can't have the same name as a policy.)rMr�
check_namerarr�INVALID_NAME�endswith�count�find�lenr
rQrOZget_policy_objectsZ
NAME_CONFLICT)rSr0Zchecked_name)rTrJrKrf�s,

zZone.check_namec
Cs�d|_d|_d|_d|_d|_x$|jD]}||jkr&|jj|�q&Wx$|jD]}||jkrL|jj|�qLWx$|jD]}||jkrr|jj|�qrWx$|j	D]}||j	kr�|j	j|�q�Wx$|j
D]}||j
kr�|j
j|�q�Wx$|jD]}||jkr�|jj|�q�W|j�rd|_|j
�rd|_
x(|jD]}||jk�r&|jj|��q&Wx(|jD]}||jk�rP|jj|��qPWx,|jD]"}	|jj|	�|jjt|	���qzW|j�r�d|_dS)NTr)rQ�filenamerrrr&�appendr'r!r"r)r#r,r$r%r*rPr(r\r+)
rSr5r7r9r6r1�protoZicmpr,r8rJrJrK�combine�sL





zZone.combine)rr)rr)rr)rF)r r)rr)r$F)rrrr)rr)r+F)r,F)�__name__�
__module__�__qualname__�__doc__rGZADDITIONAL_ALNUM_CHARSZPARSER_REQUIRED_ELEMENT_ATTRSZPARSER_OPTIONAL_ELEMENT_ATTRS�staticmethodrLrNrUr[r]r^rdrfro�
__classcell__rJrJ)rTrKr(sx


c@s$eZdZdd�Zdd�Zdd�ZdS)�zone_ContentHandlercCs"tj||�d|_d|_d|_dS)NF)rrN�_rule�_rule_errorZ	_limit_ok)rSrcrJrJrKrN szzone_ContentHandler.__init__c	Cs�tj|||�|jrdS|jj||�t|||�r6dS|dkr�d|krVtjd|d�d|krj|d|j_d|kr�tjd|d�d|kr�|d}|t	kr�t
tj|��|dkr�|t
kr�||j_�n�|d	kr�|jjr�tjd
�nd|j_�n�|dk�rh|j�rtjd
�d|_dSd|k�r.tjd�d|_dS|d|jjk�rT|jjj|d�ntjd|d��n8|dk�rf|j�r |jj�r�tjdt|j��d|_dSd}d|k�r�|dj�d$k�r�d}d}}}d|k�r�|d}d|k�r�|d}d|k�r|d}tj||||d�|j_dSd|k�rBd|k�rBtjd�dSd|k�rdd|k�rdtjd�dSd|k�r~tjd|d�d|k�r�tjd�dSd|k�r�t|d��r�t|d��r�t|d��r�t
tj|d��d|k�r$d|d}||jjk�r|jjj|�ntjd |d�d|k�r�|d}||jjk�rT|jjj|�ntjd |d�n:|d!k�r�|jj�r�tjd"�nd|j_ntjd#|�dSdS)%Nr5r0z'Ignoring deprecated attribute name='%s'rr=z,Ignoring deprecated attribute immutable='%s'r rr,zForward already set, ignoring.Tr7z$Invalid rule: interface use in rule.z Invalid interface: Name missing.z%Interface '%s' already set, ignoring.r9z:Invalid rule: More than one source in rule '%s', ignoring.FrA�yes�truer?r@rB)rAz$Invalid source: No address no ipset.z"Invalid source: Address and ipset.r>z)Ignoring deprecated attribute family='%s'z+Invalid source: Invertion not allowed here.zipset:%sz"Source '%s' already set, ignoring.zicmp-block-inversionz+Icmp-Block-Inversion already set, ignoring.zUnknown XML element '%s')ryrz)r�startElementrxrcZparser_check_element_attrsrrZwarningrrrrr_r
r r,rwr&rmr9r\�lowerrZRich_Sourcerrrrbr'r+)	rSr0�attrsr rAZaddrr@rB�entryrJrJrKr{&s�

























z zone_ContentHandler.startElementcCstj||�t||�dS)N)r�
endElementr)rSr0rJrJrKr�szzone_ContentHandler.endElementN)rprqrrrNr{rrJrJrJrKrvsprvFc
Cst�}|jd�s ttjd|��|dd	�|_|s>|j|j�||_||_|j	t
j�rZdnd|_|j|_
t|�}tj�}|j|�d||f}t|d��b}tjd�}|j|�y|j|�Wn8tjk
r�}	zttjd|	j���WYdd}	~	XnXWdQRX~~t�r|j�|S)
Nz.xmlz'%s' is missing .xml suffix�FTz%s/%s�rbznot a valid zone file: %s���)rrhrrrgr0rfrl�pathrar�
ETC_FIREWALLDZbuiltin�defaultrv�saxZmake_parserZsetContentHandler�openZInputSourceZ
setByteStream�parseZSAXParseExceptionZINVALID_ZONEZgetExceptionrr[)
rlr�Z
no_check_namer5�handler�parserr0�fr9�msgrJrJrKr�s:




(cCs\|r|n|j}|jr$d||jf}nd||jf}tjj|�r�ytj|d|�Wn0tk
r�}ztj	d||�WYdd}~XnXtjj
|�}|jtj
�r�tjj|�r�tjjtj
�s�tjtj
d�tj|d�tj|ddd�}t|�}|j�i}|j�r|jd	k�r|j|d
<|jtk�r*|j|d<|jd|�|jd
�t||�x8t|j�D]*}	|jd�|jdd|	i�|jd
��qVWx\t|j�D]N}
|jd�d|
k�r�|jdd|
dd�i�n|jdd|
i�|jd
��q�W|j�r
|jd�|jdi�|jd
�|j�r2|jd�|jdi�|jd
�|jd�|jd
�|j �|j!�~dS)Nz%s/%sz	%s/%s.xmlz%s.oldzBackup of file '%s' failed: %si�ZwtzUTF-8)�mode�encodingrrr r5�
z  r7r0zipset:r9rB�r?zicmp-block-inversionr,)"r�rlr0�os�exists�shutilZcopy2�	Exceptionr�error�dirnamerarr��mkdir�ior�rZ
startDocumentrr r
r{ZignorableWhitespacerr	r&Z
simpleElementr'r+r,rZendDocument�close)r5r��_pathr0r��dirpathr�r�r}r7r9rJrJrKr�s` 












)F)N)(�__all__Zxml.saxr�r�r�r�ZfirewallrZfirewall.functionsrrrr	r
rrZfirewall.core.baser
rZfirewall.core.io.io_objectrrrrZfirewall.core.io.policyrrrrZ
firewall.corerZfirewall.core.loggerrrZfirewall.errorsrrrvrrrJrJrJrK�<module>s$

$x|