a i<@sddlmZddlZddlZddlZddlmZddlmZddl m Z m Z ddl m Z mZmZddlmZddlmZddlmZdd lmZdd lmZGd d d eZGd dde ZdS)N)config)LastUpdatedOrderedDict) splitArgsjoinArgs) IO_ObjectIO_Object_ContentHandlerIO_Object_XMLGenerator)log) ipXtables)ebtables)errors) FirewallErrorc@s$eZdZddZddZddZdS)direct_ContentHandlercCst||d|_dS)NF)r__init__direct)selfitemr;/usr/lib/python3.9/site-packages/firewall/core/io/direct.pyr(s zdirect_ContentHandler.__init__cCsft||||j|||dkr@|jr6ttjdd|_n"|dkr|js\t ddS|d}|d}|d}|j |||n|dkr|jst d dS|d}|d vrttj d ||d}|d}zt |d }Wn(t y t d |d YdS0||||g|_nD|dkrP|js>t ddS|d}|g|_nt d|dSdS)NrzMore than one direct tag.Tchainz$Parse Error: chain outside of directipvtablerulez#Parse Error: rule outside of directipv4ipv6Zebz"'%s' not from {'ipv4'|'ipv6'|'eb'}priorityz'Parse Error: %s is not a valid priority passthroughz&Parse Error: command outside of directzUnknown XML element %s)r startElementrZparser_check_element_attrsrr r Z PARSE_ERRORr error add_chain INVALID_IPVint ValueError_rule _passthrough)rnameattrsrrrrrrrr,sV       z"direct_ContentHandler.startElementcCst|||dkrN|jr<|jt|j|jj|jn t dd|_n@|dkr|jr~|j t|j|jj |j n t dd|_ dS)Nrz2Error: rule does not have any arguments, ignoring.rz9Error: passthrough does not have any arguments, ignoring.) r endElementZ_elementr$appendrradd_ruler rr%add_passthrough)rr&rrrr(\s   z direct_ContentHandler.endElementN)__name__ __module__ __qualname__rrr(rrrrr's0rcs6eZdZdZddgfddddddgfgfdddgfgffZdZd gd gd d gd ZiZfddZddZ ddZ ddZ ddZ ddZ ddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+Zd,d-Zd.d/Zd0d1Zd2d3Zd4d5Zd6d7Zd8d9Zd:d;Zdd?Z d@dAZ!Z"S)BDirectz Direct class chains)r1r1rulesr1r passthroughsz(a(sss)a(sssias)a(sas))Nrrrrrrrr)rrrrcs0tt|||_t|_t|_t|_dSN)superr/rfilenamerr0r2r3)rr8 __class__rrrs zDirect.__init__cCsdSr6r)rconfrZall_confall_io_objectsrrr _check_configszDirect._check_configc Csg}g}|jD]0}|j|D] }|tt|t|gqq||g}|jD]D}|j|D]4}|t|d|d|d|dt|dfqbqT||g}|jD]*}|j|D]}|t|t|fqq||t|S)Nr)r0r)tuplelistr2r3)rretxkeyrrrrr export_configs&        zDirect.export_configcCs|||t|jD]l\}\}}|dkrH||D]}|j|q8|dkrh||D]}|j|qX|dkr||D]}|j|qxqdS)Nr0r2r3)cleanupZ check_config enumerateIMPORT_EXPORT_STRUCTUREr r*r+)rr;r<ielementZdummyrCrrr import_configs      zDirect.import_configcCs"|j|j|jdSr6)r0clearr2r3rrrrrFs  zDirect.cleanupc Cstd|jD]*}td|d|dd|j|fqtd|jD]L}td|d|d|df|j|D]\}}td |d |fqtqHtd |jD]2}td ||j|D]}td d |qqdS)Nr0z (%s, %s): %srr>,r2z (%s, %s, %s):r?z (%d, ('%s'))z','r3z %s:z ('%s'))printr0joinr2r3)rrDrargsrrroutputs     z Direct.outputcCs(gd}||vr$ttjd||fdS)Nr'%s' not in '%s')r r r!)rrZipvsrrr _check_ipvs  zDirect._check_ipvcCsF|||dvrtjntj}||vrBttjd||fdS)N)rrrS)rTr ZBUILT_IN_CHAINSkeysr r r Z INVALID_TABLE)rrrZtablesrrr_check_ipv_tables  zDirect._check_ipv_tablecCsd|||||f}||jvr(g|j|<||j|vrH|j||ntd|||fddS)Nz(Chain '%s' for table '%s' with ipv '%s' already in list, ignoring)rVr0r)r warningrrrrrDrrrr s   zDirect.add_chaincCsn|||||f}||jvrX||j|vrX|j||t|j|dkrj|j|=ntd|||fdS)Nrz4Chain '%s' with table '%s' with ipv '%s' not in list)rVr0removelenr#rYrrr remove_chains  zDirect.remove_chaincCs,|||||f}||jvo*||j|vSr6)rVr0rYrrr query_chains zDirect.query_chaincCs<|||||f}||jvr(|j|Std||fdS)Nz&No chains for table '%s' with ipv '%s')rVr0r#)rrrrDrrr get_chainss   zDirect.get_chainscCs|jSr6)r0rMrrrget_all_chainsszDirect.get_all_chainscCs||||||f}||jvr,t|j|<|t|f}||j|vrV||j||<n*tdd|||fd||fddS)N(Rule '%s' for table '%s' and chain '%s' ',zwith ipv '%s' and priority %d rW)rVr2rr@r rXrPrrrrrrQrDvaluerrrr*s      zDirect.add_rulecCs||||||f}|t|f}||jvrb||j|vrb|j||=t|j|dkr|j|=n$tdd|||fd||fdS)Nrr`raz)with ipv '%s' and priority %d not in list)rVr@r2r[r#rPrbrrr remove_rules      zDirect.remove_rulecCs^||||||f}||jvrZ|j|D]}|j||=q.t|j|dkrZ|j|=dS)Nr)rVr2rUr[)rrrrrDrcrrr remove_ruless   zDirect.remove_rulescCs:||||||f}|t|f}||jvo8||j|vSr6)rVr@r2rbrrr query_rule's   zDirect.query_rulecCsF||||||f}||jvr*|j|Std||fd|dS)Nz'No rules for table '%s' and chain '%s' z with ipv '%s')rVr2r#rYrrr get_rules-s    zDirect.get_rulescCs|jSr6)r2rMrrr get_all_rules6szDirect.get_all_rulescCs^||||jvrg|j|<||j|vr>|j||ntdd||fddS)NPassthrough '%s' for ipv '%s'rarW)rTr3r)r rXrPrrrQrrrr+;s    zDirect.add_passthroughcCsl||||jvrN||j|vrN|j||t|j|dkrh|j|=ntdd||fddS)Nrriraz not in list)rTr3rZr[r#rPrjrrrremove_passthroughEs   zDirect.remove_passthroughcCs"||||jvo ||j|vSr6)rTr3rjrrrquery_passthroughOs zDirect.query_passthroughcCs.||||jvr|j|Std|dS)NzNo passthroughs for ipv '%s')rTr3r#)rrrrrget_passthroughsSs   zDirect.get_passthroughscCs|jSr6)r3rMrrrget_all_passthroughsZszDirect.get_all_passthroughsc Cs||jds&ttjd|jt|}t}| |t |jdn}t d}| |z| |Wn:tjy}z ttjd|WYd}~n d}~00Wdn1s0YdS)Nz.xmlz'%s' is missing .xml suffixrbzNot a valid file: %s)rFr8endswithr r Z INVALID_NAMErsaxZ make_parserZsetContentHandleropenZ InputSourceZ setByteStreamparseZSAXParseExceptionZ INVALID_TYPEZ getException)rhandlerparserfsourcemsgrrrread_s&    z Direct.readc Cs,tj|jr^zt|jd|jWn6ty\}ztd|j|fWYd}~n d}~00tjtj szt tj dt j |jddd}t |}||di|d|jD]D}|\}}|j|D],}|d |d |||d |dqq|jD]}|\}}}|j|D]j\}} t| d kr6q|d |d |||d|d|tjt| |d |dqq|jD]n}|j|D]\} t| d krq|d |dd|i|tjt| |d|dqq|d|d||~dS)Nz%s.oldzBackup of '%s' failed: %siZwtzUTF-8)modeencodingr z rr4r>rz%dr5rr)ospathexistsr8shutilcopy2 ExceptionIOErrorrZ ETC_FIREWALLDmkdiriorrrZ startDocumentrZignorableWhitespacer0Z simpleElementr2r[rqZsaxutilsescaperr(r3Z endDocumentclose) rrxrvrtrDrrrrrQrrrwriteqs^(               z Direct.write)#r,r-r.__doc__rHZDBUS_SIGNATUREZPARSER_REQUIRED_ELEMENT_ATTRSZPARSER_OPTIONAL_ELEMENT_ATTRSrr=rErKrFrRrTrVr r\r]r^r_r*rdrerfrgrhr+rkrlrmrnryr __classcell__rrr9rr/qsL          r/)Zxml.saxrqr}rrZfirewallrZfirewall.fw_typesrZfirewall.functionsrrZfirewall.core.io.io_objectrrrZfirewall.core.loggerr Z firewall.corer r r Zfirewall.errorsr rr/rrrrs        J