a i@sddlZddlZddlmZddlmZmZmZddlm Z ddl m Z ddl m Z ddlmZddlmZdd lmZdd lmZmZmZmZdd lmZdd lmZdd lmZmZmZm Z GdddeZ!dS)N)config)dbus_to_python%dbus_introspection_prepare_properties!dbus_introspection_add_properties)Zone)ifcfg_set_zone_of_interface)DEFAULT_ZONE_TARGET) Rich_Rule)log)DbusServiceObject)handle_exceptionsdbus_handle_exceptionsdbus_service_methoddbus_polkit_require_auth)errors) FirewallError)portStrportInPortRangecoalescePortRangebreakPortRangecs eZdZdZdZejjZe fddZ e ddZ e ddZ e d d Zeejd d d e dddZeejddd e dddZeejjeejdde dddZejjejddddZeejjeejdde dfdd Zeejjd de dd!d"Zeejjdde dd#d$Zd%d&Zeejjd de dd'd(Zeejjdde dd)d*Z eejje dd+d,Z!ejjejjdde d-d.Z"eejje dd/d0Z#ejjejjdde d1d2Z$eejjdde dd3d4Z%ejjejjdde d5d6Z&eejjdde dd7d8Z'eejjdde dd9d:Z(eejjdde dd;d<Z)eejjdde dd=d>Z*eejjdde dd?d@Z+eejjdde ddAdBZ,eejjdde ddCdDZ-eejjdde ddEdFZ.eejjdGde ddHdIZ/eejjdGde ddJdKZ0eejjdde ddLdMZ1eejjdde ddNdOZ2eejjddPd e ddQdRZ3eejjdSde ddTdUZ4eejjdSde ddVdWZ5eejjd de ddXdYZ6eejjd de ddZd[Z7eejjd dPd e dd\d]Z8eejjdGde dd^d_Z9eejjdGde dd`daZ:eejjdde ddbdcZ;eejjdde ddddeZeejjdSde ddjdkZ?eejjd de ddldmZ@eejjd de ddndoZAeejjd dPd e ddpdqZBeejjdGde ddrdsZCeejjdGde ddtduZDeejjdde ddvdwZEeejjdde ddxdyZFeejjddPd e ddzd{ZGeejjdPde dd|d}ZHeejjdPde dd~dZIeejje dddZJeejje dddZKeejjdPde dddZLeejjdPde dddZMeejjdPde dddZNeejje dddZOeejje dddZPeejjdPde dddZQeejjdde dddZReejjdde dddZSeejjdde dddZTeejjdde dddZUeejjddPd e dddZVeejjdGde dddZWeejjdGde dddZXeejjdde dddZYeejjdde dddZZeejjddPd e dddZ[eejjdGde dddZ\eejjdGde dddZ]eejjdde dddZ^eejjdde dddZ_eejjddPd e dddZ`eejjdGde dddZaeejjdGde dddZbeejjdde dddZceejjdde dddZdeejjddPd e dddZeZfS(FirewallDConfigZonezFirewallD main classTcs`tt|j|i|||_||_||_||_|d|_|d|_d|j|_ t |tj j dS)Nrzconfig.zone.%d) superr__init__parentrobjitem_idbusnamepath _log_prefixrdbusDBUS_INTERFACE_CONFIG_ZONE)selfrZconfzonerargskwargs __class__?/usr/lib/python3.9/site-packages/firewall/server/config_zone.pyr8s   zFirewallDConfigZone.__init__cCsdSNr(r"r(r(r)__del__EszFirewallDConfigZone.__del__cCs |dSr*)Zremove_from_connectionr+r(r(r) unregisterIszFirewallDConfigZone.unregistercCs|dkrt|jjS|dkr,t|jjS|dkrBt|jjS|dkrXt|jjS|dkrnt|jjStj d|dS)NnamefilenamerdefaultbuiltinzDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist) r Stringrr.r/rZBooleanr0r1 exceptions DBusException)r" property_namer(r(r) _get_propertyQsz!FirewallDConfigZone._get_propertyssv) in_signature out_signatureNcCsLt|t}t|t}td|j|||tjjkrBtj d|| |S)Nz%s.Get('%s', '%s')Jorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist) rstrr debug1rrr r!r3r4r6)r"interface_namer5senderr(r(r)Getbs    zFirewallDConfigZone.Getsza{sv}cCs`t|t}td|j||tjjkr6tj d|i}dD]}| |||<q>tj |ddS)Nz%s.GetAll('%s')r;)r.r/rr0r1svZ signature) rr<r r=rrr r!r3r4r6Z Dictionary)r"r>r?retxr(r(r)GetAllss  zFirewallDConfigZone.GetAllZssv)r9cCslt|t}t|t}t|}td|j||||j||tjj krXtj d|tj d|dS)Nz%s.Set('%s', '%s', '%s')r;zGorg.freedesktop.DBus.Error.PropertyReadOnly: Property '%s' is read-only) rr<r r=rr accessCheckrr r!r3r4)r"r>r5Z new_valuer?r(r(r)Sets$     zFirewallDConfigZone.Setzsa{sv}asrCcCs2t|t}t|}t|}td|j|||dS)Nz&%s.PropertiesChanged('%s', '%s', '%s'))rr<r r=r)r"r>Zchanged_propertiesZinvalidated_propertiesr(r(r)PropertiesChangeds   z%FirewallDConfigZone.PropertiesChanged)r:cs8td|jtt||j|j}t ||t j j S)Nz%s.Introspect()) r Zdebug2rrr IntrospectrrZget_busrrr r!)r"r?datar&r(r)rJs   zFirewallDConfigZone.Introspectz&(sssbsasa(ss)asba(ssss)asasasasa(ss)b)cCsDtd|j|j|j}|dtkr@t|}d|d<t|}|S)get settings for zone z%s.getSettings()r0) r r=rrZget_zone_configrrlisttuple)r"r?settings _settingsr(r(r) getSettingss zFirewallDConfigZone.getSettingscCs4td|j|j|j}|dtkr0d|d<|S)rLz%s.getSettings2()targetr0)r r=rrget_zone_config_dictrrr"r?rPr(r(r) getSettings2s  z FirewallDConfigZone.getSettings2c Cs|j|j}d|vr"t|dnt}d|vr|ddkr>t|d<|||j |j ||_ | |j j dS)r]z%s.update2('...')rSr0N) rr r=rrrGrr\rZset_zone_config_dictrr^r.)r"rPr?r(r(r)update2s  zFirewallDConfigZone.update2cCs<td|j|j||j|j|_||jj dS)z/load default settings for builtin zone z%s.loadDefaults()N) r r=rrrGrZload_zone_defaultsrr^r.r"r?r(r(r) loadDefaultss z FirewallDConfigZone.loadDefaultscCstd|j|fdS)Nz%s.Updated('%s')r r=rr"r.r(r(r)r^ szFirewallDConfigZone.UpdatedcCs:td|j|j||j|j|j|jdS)zremove zone z%s.removeZone()N) r r=rrrGrZ remove_zonerZ removeZonerar(r(r)removes zFirewallDConfigZone.removecCstd|j|fdS)Nz%s.Removed('%s')rcrdr(r(r)RemovedszFirewallDConfigZone.RemovedcCsFt|t}td|j||j||j|j ||_ | |dS)zrename zone z%s.rename('%s')N) rr<r r=rrrGrZ rename_zonerRenamed)r"r.r?r(r(r)rename%s   zFirewallDConfigZone.renamecCstd|j|fdS)Nz%s.Renamed('%s')rcrdr(r(r)rg1szFirewallDConfigZone.RenamedcCstd|j|dS)Nz%s.getVersion()rr r=rrRrar(r(r) getVersion8szFirewallDConfigZone.getVersioncCsHt|t}td|j||j|t|}||d<| |dS)Nz%s.setVersion('%s')r rr<r r=rrrGrNrRr_)r"versionr?rPr(r(r) setVersion?s    zFirewallDConfigZone.setVersioncCstd|j|dS)Nz %s.getShort()rrirar(r(r)getShortLszFirewallDConfigZone.getShortcCsHt|t}td|j||j|t|}||d<| |dS)Nz%s.setShort('%s')rrk)r"Zshortr?rPr(r(r)setShortSs    zFirewallDConfigZone.setShortcCstd|j|dS)Nz%s.getDescription()rirar(r(r)getDescription`sz"FirewallDConfigZone.getDescriptioncCsHt|t}td|j||j|t|}||d<| |dS)Nz%s.setDescription('%s')rprk)r" descriptionr?rPr(r(r)setDescriptiongs    z"FirewallDConfigZone.setDescriptioncCs.td|j|}|dtkr*|dSdS)Nz%s.getTarget()rMr0)r r=rrRrrUr(r(r) getTargetwszFirewallDConfigZone.getTargetcCsTt|t}td|j||j|t|}|dkr>|nt |d<| |dS)Nz%s.setTarget('%s')r0rM) rr<r r=rrrGrNrRrr_)r"rSr?rPr(r(r) setTargets    zFirewallDConfigZone.setTargetascCstd|j|dS)Nz%s.getServices()rirar(r(r) getServicesszFirewallDConfigZone.getServicescCsNt|t}td|jd||j|t|}||d<| |dS)Nz%s.setServices('[%s]'),rw rrNr r=rjoinrrGrRr_)r"Zservicesr?rPr(r(r) setServicess    zFirewallDConfigZone.setServicescCsft|t}td|j||j|t|}||dvrJt t j ||d || |dS)Nz%s.addService('%s')rwrr<r r=rrrGrNrRrrALREADY_ENABLEDappendr_r"servicer?rPr(r(r) addServices     zFirewallDConfigZone.addServicecCsft|t}td|j||j|t|}||dvrJt t j ||d || |dS)Nz%s.removeService('%s')rwrr<r r=rrrGrNrRrr NOT_ENABLEDrer_rr(r(r) removeServices     z!FirewallDConfigZone.removeServicebcCs*t|t}td|j|||dvS)Nz%s.queryService('%s')rwrr<r r=rrR)r"rr?r(r(r) queryServices z FirewallDConfigZone.queryServiceza(ss)cCstd|j|dS)Nz %s.getPorts()rirar(r(r)getPortsszFirewallDConfigZone.getPortscCsg}t|tD](}t|tr,|t|q||q|}td|jddd|D|j |t| }||d<| |dS)Nz%s.setPorts('[%s]')rycss"|]}d|d|dfVqdSz ('%s, '%s')rrNr(.0portr(r(r) z/FirewallDConfigZone.setPorts..r rrNrZrrOr r=rr{rrGrRr_r"Zportsr?Z_portsrrPr(r(r)setPortss     zFirewallDConfigZone.setPortsc st|t}tttd|j||j|t|}tt fdd|d}|D]&}t ||dr\t t j d|fq\t|dd|D\}}|D]} |dt| d fq|D]} |dt| d fq||dS) Nz%s.addPort('%s', '%s')cs |dkSNrr(rEprotocolr(r)rz-FirewallDConfigZone.addPort..rr%s:%scSsg|] \}}|qSr(r(r_port _protocolr(r(r) rz/FirewallDConfigZone.addPort..-rr<r r=rrrGrNrRfilterrrrr~rrerrr_ r"rrr?rPZexisting_port_idsZport_idZ added_rangesZremoved_rangesranger(rr)addPorts&      zFirewallDConfigZone.addPortc st|t}tttd|j||j|t|}tt fdd|d}|D]}t ||dr\qq\t t j d|ft|dd|D\}}|D]} |dt| d fq|D]} |dt| d fq||dS) Nz%s.removePort('%s', '%s')cs |dkSrr(rrr(r)rrz0FirewallDConfigZone.removePort..rrrcSsg|] \}}|qSr(r(rr(r(r)rrz2FirewallDConfigZone.removePort..rrr<r r=rrrGrNrRrrrrrrrerrr_rr(rr) removePorts$     zFirewallDConfigZone.removePortcCsXt|t}t|t}td|j|||dD] \}}t||r2||kr2dSq2dS)Nz%s.queryPort('%s', '%s')rTFrr<r r=rrRrr"rrr?rrr(r(r) queryPort s   zFirewallDConfigZone.queryPortcCstd|j|dS)Nz%s.getProtocols() rirar(r(r) getProtocolssz FirewallDConfigZone.getProtocolscCsNt|t}td|jd||j|t|}||d<| |dS)Nz%s.setProtocols('[%s]')ryrrz)r"Z protocolsr?rPr(r(r) setProtocols!s    z FirewallDConfigZone.setProtocolscCsft|t}td|j||j|t|}||dvrJt t j ||d || |dS)Nz%s.addProtocol('%s')rr}r"rr?rPr(r(r) addProtocol-s     zFirewallDConfigZone.addProtocolcCsft|t}td|j||j|t|}||dvrJt t j ||d || |dS)Nz%s.removeProtocol('%s')rrrr(r(r)removeProtocol:s     z"FirewallDConfigZone.removeProtocolcCs*t|t}td|j|||dvS)Nz%s.queryProtocol('%s')rr)r"rr?r(r(r) queryProtocolGs z!FirewallDConfigZone.queryProtocolcCstd|j|dS)Nz%s.getSourcePorts()rirar(r(r)getSourcePortsQsz"FirewallDConfigZone.getSourcePortscCsg}t|tD](}t|tr,|t|q||q|}td|jddd|D|j |t| }||d<| |dS)Nz%s.setSourcePorts('[%s]')rycss"|]}d|d|dfVqdSrr(rr(r(r)rerz5FirewallDConfigZone.setSourcePorts..rrrr(r(r)setSourcePortsXs     z"FirewallDConfigZone.setSourcePortsc st|t}tttd|j||j|t|}tt fdd|d}|D]&}t ||dr\t t j d|fq\t|dd|D\}}|D]} |dt| d fq|D]} |dt| d fq||dS) Nz%s.addSourcePort('%s', '%s')cs |dkSrr(rrr(r)rurz3FirewallDConfigZone.addSourcePort..rrrcSsg|] \}}|qSr(r(rr(r(r)rzrz5FirewallDConfigZone.addSourcePort..rrrr(rr) addSourcePortks&      z!FirewallDConfigZone.addSourcePortc st|t}tttd|j||j|t|}tt fdd|d}|D]}t ||dr\qq\t t j d|ft|dd|D\}}|D]} |dt| d fq|D]} |dt| d fq||dS) Nz%s.removeSourcePort('%s', '%s')cs |dkSrr(rrr(r)rrz6FirewallDConfigZone.removeSourcePort..rrrcSsg|] \}}|qSr(r(rr(r(r)rrz8FirewallDConfigZone.removeSourcePort..rrrr(rr)removeSourcePorts$     z$FirewallDConfigZone.removeSourcePortcCsXt|t}t|t}td|j|||dD] \}}t||r2||kr2dSq2dS)Nz%s.querySourcePort('%s', '%s')rTFrrr(r(r)querySourcePorts   z#FirewallDConfigZone.querySourcePortcCstd|j|dS)Nz%s.getIcmpBlocks()rirar(r(r) getIcmpBlockssz!FirewallDConfigZone.getIcmpBlockscCsNt|t}td|jd||j|t|}||d<| |dS)Nz%s.setIcmpBlocks('[%s]')ryrrz)r"Z icmptypesr?rPr(r(r) setIcmpBlockss    z!FirewallDConfigZone.setIcmpBlockscCsft|t}td|j||j|t|}||dvrJt t j ||d || |dS)Nz%s.addIcmpBlock('%s')rr}r"icmptyper?rPr(r(r) addIcmpBlocks     z FirewallDConfigZone.addIcmpBlockcCsft|t}td|j||j|t|}||dvrJt t j ||d || |dS)Nz%s.removeIcmpBlock('%s')rrrr(r(r)removeIcmpBlocks     z#FirewallDConfigZone.removeIcmpBlockcCs*t|t}td|j|||dvS)Nz%s.queryIcmpBlock('%s')rr)r"rr?r(r(r)queryIcmpBlocks z"FirewallDConfigZone.queryIcmpBlockcCstd|j|dS)Nz%s.getIcmpBlockInversion()rirar(r(r)getIcmpBlockInversionsz)FirewallDConfigZone.getIcmpBlockInversioncCsHt|t}td|j||j|t|}||d<| |dS)Nz%s.setIcmpBlockInversion('%s')r rboolr r=rrrGrNrRr_)r"flagr?rPr(r(r)setIcmpBlockInversions    z)FirewallDConfigZone.setIcmpBlockInversioncCsPtd|j|j|t|}|dr:ttj dd|d<| |dS)Nz%s.addIcmpBlockInversion()ricmp-block-inversionT r r=rrrGrNrRrrr~r_rUr(r(r)addIcmpBlockInversions   z)FirewallDConfigZone.addIcmpBlockInversioncCsPtd|j|j|t|}|ds:ttj dd|d<| |dS)Nz%s.removeIcmpBlockInversion()rrF r r=rrrGrNrRrrrr_rUr(r(r)removeIcmpBlockInversions   z,FirewallDConfigZone.removeIcmpBlockInversioncCstd|j|dS)Nz%s.queryIcmpBlockInversion()rrirar(r(r)queryIcmpBlockInversionsz+FirewallDConfigZone.queryIcmpBlockInversioncCstd|j|dS)Nz%s.getMasquerade()rirar(r(r) getMasqueradesz!FirewallDConfigZone.getMasqueradecCsHt|t}td|j||j|t|}||d<| |dS)Nz%s.setMasquerade('%s')rr)r" masquerader?rPr(r(r) setMasquerades    z!FirewallDConfigZone.setMasqueradecCsPtd|j|j|t|}|dr:ttj dd|d<| |dS)Nz%s.addMasquerade()rrTrrUr(r(r) addMasquerade"s   z!FirewallDConfigZone.addMasqueradecCsPtd|j|j|t|}|ds:ttj dd|d<| |dS)Nz%s.removeMasquerade()rrFrrUr(r(r)removeMasquerade-s   z$FirewallDConfigZone.removeMasqueradecCstd|j|dS)Nz%s.queryMasquerade()rrirar(r(r)queryMasquerade8sz#FirewallDConfigZone.queryMasqueradeza(ssss)cCstd|j|dS)Nz%s.getForwardPorts() rirar(r(r)getForwardPortsAsz#FirewallDConfigZone.getForwardPortscCsg}t|tD](}t|tr,|t|q||q|}td|jddd|D|j |t| }||d<| |dS)Nz%s.setForwardPorts('[%s]')rycss.|]&}d|d|d|d|dfVqdS)z('%s, '%s', '%s', '%s')rrrpNr(rr(r(r)rUs z6FirewallDConfigZone.setForwardPorts..rrrr(r(r)setForwardPortsHs      z#FirewallDConfigZone.setForwardPortsZsssscCst|t}t|t}t|t}t|t}td|j|||||j|||t|t|f}t|}||dvrt t j d||||f|d || |dS)Nz)%s.addForwardPort('%s', '%s', '%s', '%s')r %s:%s:%s:%sr}r"rrtoporttoaddrr?fwp_idrPr(r(r)addForwardPort\s$        z"FirewallDConfigZone.addForwardPortcCst|t}t|t}t|t}t|t}td|j|||||j|||t|t|f}t|}||dvrt t j d||||f|d || |dS)Nz,%s.removeForwardPort('%s', '%s', '%s', '%s')rrrrr(r(r)removeForwardPortps$        z%FirewallDConfigZone.removeForwardPortcCsbt|t}t|t}t|t}t|t}td|j||||||t|t|f}||dvS)Nz+%s.queryForwardPort('%s', '%s', '%s', '%s')rr)r"rrrrr?rr(r(r)queryForwardPorts     z$FirewallDConfigZone.queryForwardPortcCstd|j|dS)Nz%s.getInterfaces() rirar(r(r) getInterfacessz!FirewallDConfigZone.getInterfacescCsNt|t}td|jd||j|t|}||d<| |dS)Nz%s.setInterfaces('[%s]')ryrrz)r"rWr?rPr(r(r) setInterfacess    z!FirewallDConfigZone.setInterfacescCstt|t}td|j||j|t|}||dvrJt t j ||d || |t|jj|dS)Nz%s.addInterface('%s')r)rr<r r=rrrGrNrRrrr~rr_rrr.r" interfacer?rPr(r(r) addInterfaces      z FirewallDConfigZone.addInterfacecCspt|t}td|j||j|t|}||dvrJt t j ||d || |td|dS)Nz%s.removeInterface('%s')r)rr<r r=rrrGrNrRrrrrer_rrr(r(r)removeInterfaces      z#FirewallDConfigZone.removeInterfacecCs*t|t}td|j|||dvS)Nz%s.queryInterface('%s')rr)r"rr?r(r(r)queryInterfaces z"FirewallDConfigZone.queryInterfacecCstd|j|dS)Nz%s.getSources() rirar(r(r) getSourcesszFirewallDConfigZone.getSourcescCsNt|t}td|jd||j|t|}||d<| |dS)Nz%s.setSources('[%s]')ryrrz)r"rXr?rPr(r(r) setSourcess    zFirewallDConfigZone.setSourcescCsft|t}td|j||j|t|}||dvrJt t j ||d || |dS)Nz%s.addSource('%s')rr}r"r[r?rPr(r(r) addSources     zFirewallDConfigZone.addSourcecCsft|t}td|j||j|t|}||dvrJt t j ||d || |dS)Nz%s.removeSource('%s')rrrr(r(r) removeSources     z FirewallDConfigZone.removeSourcecCs*t|t}td|j|||dvS)Nz%s.querySource('%s')rr)r"r[r?r(r(r) querySources zFirewallDConfigZone.querySourcecCstd|j|dS)Nz%s.getRichRules() rirar(r(r) getRichRulessz FirewallDConfigZone.getRichRulescCs\t|t}td|jd||j|t|}dd|D}||d<| |dS)Nz%s.setRichRules('[%s]')rycSsg|]}tt|dqS)rule_str)r<r )rrr(r(r)rrz4FirewallDConfigZone.setRichRules..rrz)r"Zrulesr?rPr(r(r) setRichRuless    z FirewallDConfigZone.setRichRulescCstt|t}td|j||j|t|}tt |d}||dvrXt t j ||d |||dS)Nz%s.addRichRule('%s')rr)rr<r r=rrrGrNrRr rrr~rr_r"ruler?rPrr(r(r) addRichRules     zFirewallDConfigZone.addRichRulecCstt|t}td|j||j|t|}tt |d}||dvrXt t j ||d |||dS)Nz%s.removeRichRule('%s')rr)rr<r r=rrrGrNrRr rrrrer_rr(r(r)removeRichRule)s     z"FirewallDConfigZone.removeRichRulecCs8t|t}td|j|tt|d}||dvS)Nz%s.queryRichRule('%s')rr)rr<r r=rr rR)r"rr?rr(r(r) queryRichRule7s z!FirewallDConfigZone.queryRichRule)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)g__name__ __module__ __qualname____doc__Z persistentrr ZPK_ACTION_CONFIGZdefault_polkit_auth_requiredr rr r,r-r6rZPROPERTIES_IFACEr@rFrrHrsignalrIZPK_ACTION_INFOZINTROSPECTABLE_IFACErJr!rRrVr\r_r`rbr^rerfrhrgrjrmrnrorqrsrtrurxr|rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr __classcell__r(r(r&r)r0s                                                 r)"r Z dbus.serviceZfirewallrZfirewall.dbus_utilsrrrZfirewall.core.io.zonerZfirewall.core.fw_ifcfgrZfirewall.core.baserZfirewall.core.richr Zfirewall.core.loggerr Zfirewall.server.dbusr Zfirewall.server.decoratorsr r rrrZfirewall.errorsrZfirewall.functionsrrrrrr(r(r(r)s