o

bhAb�<�@s�dd
lm
Z

dd
lZdd
lZdd
lZddlmZ
ddlmZ
ddl	m
Z
mZ
ddlm
Z
mZmZ
ddlmZ
ddlmZ
ddlmZ
dd	lmZ
dd
lmZ
Gdd�de�ZGd
d�de
�Zd
S)�N)
�config)
�LastUpdatedOrderedDict)�	splitArgs�joinArgs)�	IO_Object�IO_Object_ContentHandler�IO_Object_XMLGenerator)
�log)
�	ipXtables)
�ebtables)
�errors)
�
FirewallErrorc@s$eZ
dZd
d�Zdd�Zdd�ZdS)�direct_ContentHandlercCst�
||
�
d
|_dS)NF)r�__init__�direct)�self�item�r�9/usr/lib/python3/dist-packages/firewall/core/io/direct.pyr(s


zdirect_ContentHandler.__init__cCs`
t�
||
|�
|j�|
|�
|
d
kr |jrttjd��
d|_dS|
dkrD|js.t�	d�

dS|d}|d}|d}|j�
|||�
dS|
dkr�|jsRt�	d	�

dS|d}|d
v
rbttjd|��
|d}|d}zt|d�
}Wnt
y�


t�	d
|d�

YdSw||||g|_dS|
dkr�|js�t�	d�

dS|d}|g
|_dSt�	d|
�

dS)NrzMore than one direct tag.T�chainz$Parse Error: chain outside of direct�ipv�table�rulez#Parse Error: rule outside of direct��ipv4�ipv6�ebz"'%s' not from {'ipv4'|'ipv6'|'eb'}�priorityz'Parse Error: %s is not a valid priority�passthroughz&Parse Error: command outside of directzUnknown XML element %s)r�startElementr�parser_check_element_attrsrr
r�PARSE_ERRORr	�error�	add_chain�INVALID_IPV�int�
ValueError�_rule�_passthrough)r�name�attrsrrrrrrrr,sX




�
















�





��






z"direct_ContentHandler.startElementcCs�t�
||
�
|
d
kr(|jr|j�t|j�
�

|jj|j�
nt�	d�

d|_dS|
dkrJ|jr@|j
�t|j�
�

|jj|j
�
nt�	d�

d|_
dSdS)Nrz2Error: rule does not have any arguments, ignoring.rz9Error: passthrough does not have any arguments, ignoring.)r�
endElement�_elementr'�appendrr�add_ruler	r"r(�add_passthrough)rr)rrrr+\s










�z direct_ContentHandler.endElementN)�__name__�
__module__�__qualname__rrr+rrrrr's
0rcs6
eZ
dZd
Zddg
fddddddg
fg
fdddg
fg
ffZdZd	gd
�
gd�
dg
d
�ZiZ�f
dd�Zdd�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Zd0d1�Zd2d3�Zd4d5�Zd6d7�Zd8d9�Zd:d;�Zd<d=�Zd>d?�Z d@dA�Z!�Z"S)B�Directz Direct class �chains)�r5r5�rulesr5r
�passthroughsz(a(sss)a(sssias)a(sas))N�rrr�rrrrr)rrrrcs0tt
|���
|
|_t�|_t�|_t�|_dS�
N)�superr3r�filenamerr4r6r7)rr<�
�	__class__rrr�s





zDirect.__init__c
CsdSr:r)r�confr�all_conf�all_io_objectsrrr�
_check_config�s
zDirect._check_configc
Cs�g}
g}|jD]}|j|D]}|�
tt|�
t|g
�
�
�

qq|
�
|�

g}|jD]"}|j|D]}|�
t|d
|d|d|d
t|d�
f�
�

q1q*|
�
|�

g}|jD]}|j|D]
}|�
t|t|�
f�
�

q^qW|
�
|�

t|
�
S)Nr
�
�)r4r-�tuple�listr6r7)r�ret�
x�keyrrrrr�
export_config�s,





�








��





�

zDirect.export_configcCs�|��
|�
|
�

t|j�
D]6\}\}}|d
kr$|
|D]}|j|�
q|dkr4|
|D]}|j|�
q,|dkrD|
|D]}|j|�
q<qdS)Nr4r6r7)�cleanup�check_config�	enumerate�IMPORT_EXPORT_STRUCTUREr#r.r/)rr?rA�
i�element�dummyrHrrr�
import_config�s












��zDirect.import_configc

Cs"|j�
�
|j�
�
|j�
�
dSr:)r4�clearr6r7�
rrrrrK�s




zDirect.cleanupc
	Cs�td
�

|j
D]}
td|
d|
dd�|j
|
�
f�

qtd�

|jD]&}
td|
d|
d|
df�

|j|
D]\}}td	|d
�|�
f�

q:q$td�

|jD]}
td|
�

|j|
D]}td
d
�|�
�

q_qRdS)Nr4z  (%s, %s): %sr
rC�
,r6z  (%s, %s, %s):rDz    (%d, ('%s'))z','r7z  %s:z
    ('%s'))�printr4�joinr6r7)rrIr�argsrrr�output�s$





�




�




��z
Direct.outputcCs(gd
�
}|
|v
rtt
jd|
|f��
dS)Nr�'%s' not in '%s')r
rr$)rr�ipvsrrr�
_check_ipv�s




��zDirect._check_ipvcCsF|�|
�

|
d
vrt
j��ntj��}||v
r!ttjd||f��
dS)N)rrrZ)r\r
�BUILT_IN_CHAINS�keysrr
r�
INVALID_TABLE)rrr�tablesrrr�_check_ipv_table�s


�


��zDirect._check_ipv_tablecCsf|�|
|�
|
|f}||j
v
rg|j
|<||j
|v
r%|j
|�|�

dSt�d
|||
fd�

dS)Nz(Chain '%s' for table '%s' with ipv '%s' �already in list, ignoring)rar4r-r	�warning�rrrrrIrrrr#�s








�

�zDirect.add_chaincCsp|�|
|�
|
|f}||j
vr/||j
|vr/|j
|�|�

t|j
|�
d
kr-|j
|=dSdStd|||
f�
�
)Nr
z4Chain '%s' with table '%s' with ipv '%s' not in list)rar4�remove�lenr&rdrrr�remove_chain�s





�

��zDirect.remove_chaincCs,|�|
|�
|
|f}||j
vo||j
|vSr:)rar4rdrrr�query_chain�s


zDirect.query_chaincCs8|�|
|�
|
|f}||j
vr|j
|Std
||
f�
�
)Nz&No chains for table '%s' with ipv '%s')rar4r&)rrrrIrrr�
get_chains�s






�zDirect.get_chainsc


C�|jSr:)
r4rTrrr�get_all_chains��
zDirect.get_all_chainscCs�|�|
|�
|
||f}||j
v
rt�|j
|<|t|�
f}||j
|v
r,||j
||<dSt�d
d�|�
||fd|
|fd�

dS)N�(Rule '%s' for table '%s' and chain '%s' �',zwith ipv '%s' and priority %d rb)rar6rrEr	rcrW�rrrrrrXrI�valuerrrr.
s









�
�
�zDirect.add_rulecCs�|�|
|�
|
||f}|t
|�
f}||jvr4||j|vr4|j||=t|j|�
d
kr2|j|=dSdStdd�|�
||fd|
|f�
�
)Nr
rmrnz)with ipv '%s' and priority %d not in list)rarEr6rfr&rWrorrr�remove_rule
s







�
�
�zDirect.remove_rulecCsf|�|
|�
|
||f}||j
vr/|j
|��D]}|j
||=qt|j
|�
d
kr1|j
|=dSdSdS)Nr
)rar6r^rf)rrrrrIrprrr�remove_rules
s








�zDirect.remove_rulescCs:|�|
|�
|
||f}|t
|�
f}||jvo||j|vSr:)rarEr6rorrr�
query_rule'
s




zDirect.query_rulecCsB|�|
|�
|
||f}||j
vr|j
|Std
||fd|
�
�
)Nz'No rules for table '%s' and chain '%s' z
with ipv '%s')rar6r&rdrrr�	get_rules-
s







�
�zDirect.get_rulesc


Crjr:)
r6rTrrr�
get_all_rules6
rlzDirect.get_all_rulescCs`|�|
�

|
|j
v
rg|j
|
<||j
|
v
r |j
|
�|�

dSt�d
d�|�
|
fd�

dS)N�Passthrough '%s' for ipv '%s'rnrb)r\r7r-r	rcrW�rrrXrrrr/;
s








�

�zDirect.add_passthroughcCsn|�|
�

|
|j
vr*||j
|
vr*|j
|
�|�

t|j
|
�
d
kr(|j
|
=dSdStdd�|�
|
fd�
�
)Nr
rvrnznot in list)r\r7rerfr&rWrwrrr�remove_passthroughE
s





�
�
�zDirect.remove_passthroughcCs"|�|
�

|
|j
vo||j
|
vSr:)r\r7rwrrr�query_passthroughO
s


zDirect.query_passthroughcCs*|�|
�

|
|j
vr|j
|
Std
|
�
�
)NzNo passthroughs for ipv '%s')r\r7r&)rrrrr�get_passthroughsS
s





zDirect.get_passthroughsc


Crjr:)
r7rTrrr�get_all_passthroughsZ
rlzDirect.get_all_passthroughsc
Cs�|��
|j
�d
�
sttjd|j
��
t|�
}
t��}|�	|
�

t
|j
d��2}t�d�
}|�|�

z|�
|�

WntjyO
}
z
ttjd|����
d}~w
wWd�
dS1s[w



Y
dS)Nz.xmlz'%s' is missing .xml suffix�rbzNot a valid file: %s)rKr<�endswithr
r�INVALID_NAMEr�sax�make_parser�setContentHandler�open�InputSource�
setByteStream�parse�SAXParseException�INVALID_TYPE�getException)r�handler�parser�
f�source�msgrrr�read_
s.



�













�����"�zDirect.readc


Cstj
�|j�
r)zt�|jd
|j�
Wnty(
}

z	td|j|
f�
�
d}
~
w
wtj
�tj	�
s7t�
tj	d�
tj|jddd�}t
|�
}|��
|�di�
|�d�

|jD]"}|\}}|j|D]}|�d	�

|�d
|||d��
|�d�

qaqV|jD]?}|\}}}|j|D]2\}}	t|	�
dkr�q�|�d	�

|�d
|||d|d��
|�tj�t|	�
�
�

|�d
�

|�d�

q�q||jD]3}|j|D]+}	t|	�
dkr�q�|�d	�

|�dd|i
�
|�tj�t|	�
�
�

|�d�

|�d�

q�q�|�d�

|�d�

|��
|��
~dS)Nz%s.oldzBackup of '%s' failed: %si�
�wtzUTF-8)�mode�encodingr�

z  rr8rCrz%dr9rr)�os�path�existsr<�shutil�copy2�	Exception�IOErrorr�
ETC_FIREWALLD�mkdir�ior�r�
startDocumentr�ignorableWhitespacer4�
simpleElementr6rfr�saxutils�escaperr+r7�endDocument�close)
rr�r�r�rIrrrrrXrrr�writeq
sh




��












��











�


�










�






zDirect.write)#r0r1r2�__doc__rN�DBUS_SIGNATURE�PARSER_REQUIRED_ELEMENT_ATTRS�PARSER_OPTIONAL_ELEMENT_ATTRSrrBrJrRrKrYr\rar#rgrhrirkr.rqrrrsrtrur/rxryrzr{r�r��
__classcell__rrr=rr3qsN
�


�	
		

r3)�xml.saxrr�r�r��firewallr�firewall.fw_typesr�firewall.functionsrr�firewall.core.io.io_objectrrr�firewall.core.loggerr	�
firewall.corer
rr�firewall.errorsr
rr3rrrr�<module>
s









J