File manager

File manager - Edit - /home/newsbmcs.com/public_html/static/img/logo/server.zip

Back
PK��,(�Zs�ԯD��D��config_helper.pynu��[��# -- coding: utf-8 -- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner <twoerner@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import dbus import dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.helper import Helper from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_polkit_require_auth from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfig # ############################################################################ class FirewallDConfigHelper(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, helper, item_id, args, kwargs): super(FirewallDConfigHelper, self).__init__(args, *kwargs) self.parent = parent self.config = conf self.obj = helper self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.helper.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_HELPER) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_HELPER: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_HELPER: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_HELPER: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigHelper, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_HELPER) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature=Helper.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for helper """ log.debug1("%s.getSettings()", self._log_prefix) return self.config.get_helper_config(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature=Helper.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for helper """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_helper_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin helper """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_helper_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER) @dbus_handle_exceptions def remove(self, sender=None): """remove helper """ log.debug1("%s.removeHelper()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_helper(self.obj) self.parent.removeHelper(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename helper """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_helper(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # family @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getFamily(self, sender=None): log.debug1("%s.getFamily()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) return settings[3] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setFamily(self, ipv, sender=None): ipv = dbus_to_python(ipv, str) log.debug1("%s.setFamily('%s')", self._log_prefix, ipv) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[3] == ipv: raise FirewallError(errors.ALREADY_ENABLED, "'%s'" % ipv) settings[3] = ipv self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryFamily(self, ipv, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv, str) log.debug1("%s.queryFamily('%s')", self._log_prefix, ipv) settings = self.getSettings() return (settings[3] == ipv) # module @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getModule(self, sender=None): log.debug1("%s.getModule()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) return settings[4] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setModule(self, module, sender=None): module = dbus_to_python(module, str) log.debug1("%s.setModule('%s')", self._log_prefix, module) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[4] == module: raise FirewallError(errors.ALREADY_ENABLED, "'%s'" % module) settings[4] = module self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryModule(self, module, sender=None): # pylint: disable=W0613 module = dbus_to_python(module, str) log.debug1("%s.queryModule('%s')", self._log_prefix, module) settings = self.getSettings() return (settings[4] == module) # port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='a(ss)') @dbus_handle_exceptions def getPorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getPorts()", self._log_prefix) return self.getSettings()[5] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='a(ss)') @dbus_handle_exceptions def setPorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setPorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[5] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='ss') @dbus_handle_exceptions def addPort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addPort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) in settings[5]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) settings[5].append((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='ss') @dbus_handle_exceptions def removePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) not in settings[5]: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) settings[5].remove((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryPort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.queryPort('%s', '%s')", self._log_prefix, port, protocol) return (port,protocol) in self.getSettings()[5] PK��,(�Z��ە�� decorators.pynu��[��# -- coding: utf-8 -- # # Copyright (C) 2012-2016 Red Hat, Inc. # # Authors: # Thomas Woerner <twoerner@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. """This module contains decorators for use with and without D-Bus""" __all__ = ["handle_exceptions", "dbus_handle_exceptions", "dbus_service_method"] import dbus import dbus.service import traceback import functools import inspect from dbus.exceptions import DBusException from firewall.errors import FirewallError from firewall import errors from firewall.core.logger import log from firewall.server.dbus import FirewallDBusException, NotAuthorizedException from firewall.dbus_utils import uid_of_sender ############################################################################ # # Exception handler decorators # ############################################################################ def handle_exceptions(func): """Decorator to handle exceptions and log them. Used if not conneced to D-Bus. """ @functools.wraps(func) def _impl(args, *kwargs): try: return func(args, *kwargs) except FirewallError as error: log.debug1(traceback.format_exc()) log.error(error) except Exception: # pylint: disable=W0703 log.exception() return _impl def dbus_handle_exceptions(func): """Decorator to handle exceptions, log and report them into D-Bus :Raises DBusException: on a firewall error code problems. """ @functools.wraps(func) def _impl(args, *kwargs): try: return func(args, *kwargs) except FirewallError as error: code = FirewallError.get_code(str(error)) if code in [ errors.ALREADY_ENABLED, errors.NOT_ENABLED, errors.ZONE_ALREADY_SET, errors.ALREADY_SET ]: log.warning(str(error)) else: log.debug1(traceback.format_exc()) log.error(str(error)) raise FirewallDBusException(str(error)) except DBusException as ex: # only log DBusExceptions once raise ex except Exception as ex: log.exception() raise FirewallDBusException(str(ex)) # HACK: functools.wraps() does not copy the function signature and # dbus-python doesn't support varargs. As such we need to copy the # signature from the function to the newly decorated function otherwise the # decorators in dbus-python will manipulate the arg stack and fail # miserably. # # Note: This can be removed if we ever stop using dbus-python. # # Ref: https://gitlab.freedesktop.org/dbus/dbus-python/-/issues/12 # _impl.__signature__ = inspect.signature(func) return _impl def dbus_service_method(args, *kwargs): """Add sender argument for D-Bus""" kwargs.setdefault("sender_keyword", "sender") return dbus.service.method(args, *kwargs) class dbus_service_method_deprecated: """Decorator that maintains a list of deprecated methods in dbus interfaces. """ deprecated = {} def __init__(self, interface=None): self.interface = interface if self.interface: if self.interface not in self.deprecated: self.deprecated[self.interface] = set() def __call__(self, func): if self.interface: self.deprecated[self.interface].add(func.__name__) @functools.wraps(func) def _impl(args, *kwargs): return func(args, *kwargs) return _impl class dbus_service_signal_deprecated(dbus_service_method_deprecated): """Decorator that maintains a list of deprecated signals in dbus interfaces. """ pass class dbus_polkit_require_auth: """Decorator factory that checks if the interface/method can be used by the sender/user. Assumes wrapped function is a method inside a class derived from DbusServiceObject. """ _polkit_name = "org.freedesktop.PolicyKit1" _polkit_path = "/org/freedesktop/PolicyKit1/Authority" _polkit_interface = "org.freedesktop.PolicyKit1.Authority" _bus = None _bus_signal_receiver = None _interface_polkit = None def __init__(self, polkit_auth_required): self._polkit_auth_required = polkit_auth_required @classmethod def _polkit_name_owner_changed(cls, name, old_owner, new_owner): cls._bus.remove_signal_receiver(cls._bus_signal_receiver) cls._bus_signal_receiver = None cls._interface_polkit = None pass def __call__(self, func): @functools.wraps(func) def _impl(args, *kwargs): if not type(self)._bus: type(self)._bus = dbus.SystemBus() if not type(self)._bus_signal_receiver: type(self)._bus_signal_receiver = type(self)._bus.add_signal_receiver( handler_function=type(self)._polkit_name_owner_changed, signal_name="NameOwnerChanged", dbus_interface="org.freedesktop.DBus", arg0=self._polkit_name) if not type(self)._interface_polkit: try: type(self)._interface_polkit = dbus.Interface(type(self)._bus.get_object( type(self)._polkit_name, type(self)._polkit_path), type(self)._polkit_interface) except dbus.DBusException: # polkit must not be available pass action_id = self._polkit_auth_required if not action_id: raise dbus.DBusException("Not Authorized: No action_id specified.") sender = kwargs.get("sender") if sender: # use polkit if it's available if type(self)._interface_polkit: (result, _, _) = type(self)._interface_polkit.CheckAuthorization( ("system-bus-name", {"name": sender}), action_id, {}, 1, "") if not result: raise NotAuthorizedException(action_id, "polkit") # fallback to checking UID else: uid = uid_of_sender(type(self)._bus, sender) if uid != 0: raise NotAuthorizedException(action_id, "uid") return func(args, *kwargs) _impl._polkit_auth_required = self._polkit_auth_required return _impl PK��,(�Z��5��&��__pycache__/decorators.cpython-310.pycnu��[��o ��bhAb��@��s��d�Z�g�d�ZddlZddlZddlZddlZddlZddlmZ�ddl m Z �ddlmZ�ddl mZ�ddlmZmZ�dd lmZ�d d��Zdd ��Zdd��ZG�dd��d�ZG�dd��de�ZG�dd��d�ZdS�)z>This module contains decorators for use with and without D-Bus)�handle_exceptions�dbus_handle_exceptions�dbus_service_method��N)� DBusException)� FirewallError)�errors)�log)�FirewallDBusException�NotAuthorizedException)� uid_of_senderc��s��t��fdd��}\|S�)zTDecorator to handle exceptions and log them. Used if not conneced to D-Bus. c�� sj��z��\|�i�\|��W�S��t�y'�}�zt�t��t�\|��W�Y�d�}~d�S�d�}~w�ty4��t��Y�d�S�w��N)r��r��debug1� traceback� format_exc�error� Exception� exception)�args�kwargsr��func��</usr/lib/python3/dist-packages/firewall/server/decorators.py�_impl0��s��z handle_exceptions.<locals>._impl)� functools�wraps�r��r��r��r��r��r��,��s��r��c��s&��t��fdd��}t��\|_\|S�)z�Decorator to handle exceptions, log and report them into D-Bus :Raises DBusException: on a firewall error code problems. c�� s��z��\|�i�\|��W�S��t�yC�}�z/t��t\|��}\|tjtjtjtjfv�r+t� t\|��nt� t��t� t\|��tt\|��d�}~w�tyP�}�z\|�d�}~w�tye�}�z t��tt\|��d�}~ww�r��)r��get_code�strr��ALREADY_ENABLED�NOT_ENABLED�ZONE_ALREADY_SET�ALREADY_SETr��warningr ��r��r��r��r ��r��r��r��)r��r��r��code�exr��r��r��r��@��s(�� z%dbus_handle_exceptions.<locals>._impl)r��r��inspect� signature� __signature__r��r��r��r��r��;��s��r��c��O��s��\|��dd��tjj\|�i�\|��S�)zAdd sender argument for D-Bus�sender_keyword�sender)� setdefault�dbus�service�method�r��r��r��r��r��r��`��s��r��c��@��s&��e�Zd�ZdZi�Zddd�Zdd��ZdS�)�dbus_service_method_deprecatedzRDecorator that maintains a list of deprecated methods in dbus interfaces. Nc��C��s2��\|\|�_�\|�j�r\|�j�\|�jvrt��\|�j\|�j�<�d�S�d�S�d�S�r��)� interface� deprecated�set)�selfr1��r��r��r��__init__k��s��z'dbus_service_method_deprecated.__init__c��s4��\|�j�r \|�j\|�j��j��t��fdd��}\|S�)Nc��s��\|�i�\|��S�r��r��r/��r��r��r��r��u��s��z6dbus_service_method_deprecated.__call__.<locals>._impl)r1��r2��add�__name__r��r��r4��r��r��r��r��r��__call__q��s ��z'dbus_service_method_deprecated.__call__r��)r7�� __module__�__qualname__�__doc__r2��r5��r9��r��r��r��r��r0��e��s �� r0��c��@��s��e�Zd�ZdZdS�)�dbus_service_signal_deprecatedzRDecorator that maintains a list of deprecated signals in dbus interfaces. N)r7��r:��r;��r<��r��r��r��r��r=��z��s��r=��c��@��sD��e�Zd�ZdZdZdZdZdZdZdZ dd��Z edd ��Zd d��Z dS�)�dbus_polkit_require_authz�Decorator factory that checks if the interface/method can be used by the sender/user. Assumes wrapped function is a method inside a class derived from DbusServiceObject. zorg.freedesktop.PolicyKit1z%/org/freedesktop/PolicyKit1/Authorityz$org.freedesktop.PolicyKit1.AuthorityNc��C��s ��\|\|�_�d�S�r��)�_polkit_auth_required)r4��polkit_auth_requiredr��r��r��r5��s�� z!dbus_polkit_require_auth.__init__c��C��s��\|�j��\|�j��d�\|�_d�\|�_d�S�r��)�_bus�remove_signal_receiver�_bus_signal_receiver�_interface_polkit)�cls�name� old_owner� new_ownerr��r��r��_polkit_name_owner_changed��s��z3dbus_polkit_require_auth._polkit_name_owner_changedc��s$��t��fdd��}�j\|_\|S�)Nc��s0��t��jst��t��_t��js$t��jjt��jdd�jd�t��_t��jsOzt� t��j� t��jt��j�t��j�t��_W�n �tj yN��Y�nw��j}\|sYt� d��\|�d�}\|r�t��jr�t��j�dd\|if\|i�dd �\}}}\|st\|d ��ntt��j\|�}\|dkr�t\|d��\|�i�\|��S�) N�NameOwnerChangedzorg.freedesktop.DBus)�handler_function�signal_name�dbus_interface�arg0z'Not Authorized: No action_id specified.r��zsystem-bus-namerF��polkitr��uid)�typerA��r,�� SystemBusrC��add_signal_receiverrI��_polkit_namerD�� Interface� get_object�_polkit_path�_polkit_interfacer��r?��get�CheckAuthorizationr ��r��)r��r�� action_idr��result�_rR��r��r4��r��r��r��sJ�� z0dbus_polkit_require_auth.__call__.<locals>._impl)r��r��r?��r8��r��r`��r��r9��s��+z!dbus_polkit_require_auth.__call__)r7��r:��r;��r<��rV��rY��rZ��rA��rC��rD��r5��classmethodrI��r9��r��r��r��r��r>��s�� r>��)r<��__all__r,��dbus.servicer��r��r&��dbus.exceptionsr��firewall.errorsr��firewallr��firewall.core.loggerr��firewall.server.dbusr ��r ��firewall.dbus_utilsr��r��r��r��r0��r=��r>��r��r��r��r��<module>��s&��%PK��,(�ZP>�d��%��__pycache__/firewalld.cpython-310.pycnu��[��o ��bhAb��@��sB��d�gZ�ddlmZ�ddlZddlZddlZddlmZ�ddlm Z �ddl mZ�ddlm Z �ddlmZ�dd lmZmZ�dd lmZmZmZmZmZmZ�ddlmZ�ddlmZmZmZm Z m!Z!m"Z"m#Z#m$Z$�dd l%m&Z&�ddl'm(Z(�ddl)mZ�ddl+m,Z,�ddl-m.Z.m/Z/�ddl0m1Z1�ddlm2Z2�ddl3m4Z4�G�dd��d�e�Z5dS�)� FirewallD��)�GLibN)�config)�Firewall)� Rich_Rule)�log)�FirewallClientZoneSettings)�FirewallDBusException�DbusServiceObject)�dbus_handle_exceptions�dbus_service_method�handle_exceptions�dbus_service_method_deprecated�dbus_service_signal_deprecated�dbus_polkit_require_auth)�FirewallDConfig)�dbus_to_python�command_of_sender�context_of_sender� uid_of_sender�user_of_uid�%dbus_introspection_prepare_properties�!dbus_introspection_add_properties�!dbus_introspection_add_deprecated)�check_on_disk_config)�IPSet)�IcmpType)�Helper)�nm_get_connection_of_interface�nm_set_zone_of_connection)�ifcfg_set_zone_of_interface)�errors)� FirewallErrorc��s� ��e�Zd�ZdZdZ �ejjZ �e ��fdd��Z dd��Ze dd��Ze d d ��Z edd��Zed d��Zedd��Zedd��Zedd��Zeejddd�e�d�dd��Zeejddd�e�d�dd��Zeejj�eejdd �e�d�d!d"��Zejjejd#d$�d%d&��Zeejj�eejdd'�e�d��fd(d)� ��Zeejj�eejj ddd�e�d�d+d,��Z!eejj�eejj ddd�e�d�d-d.��Z"ej�ejj �ed/d0��Z#eejj�eejj ddd�e�d�d1d2��Z$eejj�eejj ddd�e�d�d3d4��Z%eejj&�eejj'ddd�e�d�d5d6��Z(eejj&�eejj'ddd�e�d�d7d8��Z)eejj�eejj'dd9d�e�d�d:d;��Z+ejjejj'dd$�ed<d=��Z,ejjejj'dd$�ed>d?��Z-eejj&�eejj'ddd�e�d�d@dA��Z.eejj&�eejj'ddd�e�d�dBdC��Z/eejj�eejj'dd9d�e�d�dDdE��Z0eejj�eejj'ddFd�e�d�dGdH��Z1ejjejj'dd$�edIdJ��Z2ejjejj'dd$�edKdL��Z3eejj&�eejj'dMdd�e�d�dNdO��Z4eejj&�eejj'dMdd�e�d�dPdQ��Z5eejj�eejj'dMd9d�e�d�dRdS��Z6eejj�eejj'ddTd�e�d�dUdV��Z7ejjejj'dMd$�edWdX��Z8ejjejj'dMd$�edYdZ��Z9eejj&�eejj'ddd�e�d�d[d\��Z:eejj&�eejj'ddd�e�d�d]d^��Z;eejj�eejj'dd9d�e�d�d_d`��Z<eejj�eejj'ddFd�e�d�dadb��Z=ejjejj'dd$�edcdd��Z>ejjejj'dd$�ededf��Z?eejj&�eejj'ddd�e�d�dgdh��Z@eejj&�eejj'ddd�e�d�didj��ZAeejj�eejj'dd9d�e�d�dkdl��ZBeejj�eejj'ddFd�e�d�dmdn��ZCejjejj'dd$�edodp��ZDejjejj'dd$�edqdr��ZEeejj�eejj ddd�e�d�dsdt��ZFeejj�eejj ddd�e�d�dudv��ZGeejj�eejj dd9d�e�d�dwdx��ZHejjejj dd$�edydz��ZIejjejj dd$�ed{d\|��ZJeejjK�eejj dd}d�e�d�d~d��ZLeejjK�eejjMddd�e�d�d�d��ZNeejjK�eejjMd�d �e�d�d�d��ZOejjejjMd�d$�ed�d��ZPeejjK�eejjQddd�e�d�d�d��ZReejjK�eejjQd�d �e�d�d�d��ZSejjejjQd�d$�ed�d��ZTeejj�eejj ddFd�e�d�d�d��ZUeejjK�eejj dd�d�e�d�d�d��ZVeejjK�eejj ddd�e�d�d�d��ZWeejj�eejj ddFd�e�d�d�d��ZXeejjK�eejj deYjZd�e�d�d�d��Z[eejjK�eejj ddd�e�d�d�d��Z\eejj�eejj ddd�e�d�d�d��Z]ejjejj dd$�ed�d��Z^eejjK�eejj ddd�e�d�d�d��Z_eejj�eejj ddd�e�d�d�d��Z`ejjejj dd$�ed�d��Zaeejj�eejj ddd�e�d�d�d��Zbeejj�eejj ddd�e�d�d�d��Zcejjejj dd$�ed�d��Zdeejj�eejjQddFd�e�d�d�d��Zeeejj�eejjQdd�d�e�d�d�d��Zfeejj�eejjMddFd�e�d�d�d��Zgeejj�eejjMdd�d�e�d�d�d��Zheejj�eejjMddd�e�d�d�d��Zieejj�eejjMddd�e�d�d�d��ZjeejjK�eejjMdd9d�e�d�d�d��Zkeejj�eejjMddd�e�d�d�d��Zleejj�eejjMddd�e�d�d�d��Zmeejj�eejjMddd�e�d�d�d��Zneejj�eejjMddd�e�d�d�d��ZoeejjK�eejjMdd9d�e�d�d�d��ZpeejjK�eejjMddFd�e�d�d�dĄ��ZqejjejjMdd$�ed�dƄ��ZrejjejjMdd$�ed�dȄ��ZsejjejjMdd$�ed�dʄ��ZtejjejjMdd$�ed�d̄��Zueejj�eejjMddd�e�d�d�d΄��Zveejj�eejjMddd�e�d�d�dЄ��Zweejj�eejjMddd�e�d�d�d҄��ZxeejjK�eejjMdd9d�e�d�d�dԄ��ZyeejjK�eejjMddFd�e�d�d�dք��ZzejjejjMdd$�ed�d؄��Z{ejjejjMdd$�ed�dڄ��Z\|ejjejjMdd$�ed�d܄��Z}ed�dބ��Z~eejj�eejjMd�dd�e�d�d�d��Zeejj�eejjMddd�e�d�d�d��Z�eejjK�eejjMdd9d�e�d�d�d��Z�eejjK�eejjMddFd�e�d�d�d��Z�ejjejjMd�d$�ed�d��Z�ejjejjMdd$�ed�d��Z�ed�d��Z�eejj�eejjMd�dd�e�d�d�d��Z�eejj�eejjMddd�e�d�d�d��Z�eejjK�eejjMdd9d�e�d�d�d��Z�eejjK�eejjMddFd�e�d�d�d��Z�ejjejjMd�d$�ed�d��Z�ejjejjMdd$�ed�d��Z�ed�d��Z�eejj�eejjMd�dd�e�d�d�d��Z�eejj�eejjMd�dd�e�d��d��d��Z�eejjK�eejjMd�d9d�e�d��d�d��Z�eejjK�eejjMd�dd�e�d��d�d��Z�ejjejjMd�d$�e�d��d�d ��Z�ejjejjMd�d$�e�d �d��Z�e�d�d ��Z�eejj�eejjMd�dd�e�d��d�d��Z�eejj�eejjMddd�e�d��d�d��Z�eejjK�eejjMdd9d�e�d��d�d��Z�eejjK�eejjMddFd�e�d��d�d��Z�ejjejjMd�d$�e�d��d�d��Z�ejjejjMdd$�e�d�d��Z�e�d�d��Z�eejj�eejjMd�dd�e�d��d�d��Z�eejj�eejjMd�dd�e�d��d�d��Z�eejjK�eejjMd�d9d�e�d��d �d!��Z�eejjK�eejjMd�dd�e�d��d"�d#��Z�ejjejjMd�d$�e�d��d$�d%��Z�ejjejjMd�d$�e�d&�d'��Z�e�d(�d)��Z�eejj�eejjM�ddd�e�d��d+�d,��Z�eejj�eejjMddd�e�d��d-�d.��Z�eejjK�eejjMdd9d�e�d��d/�d0��Z�ejjejjM�dd$�e�d��d1�d2��Z�ejjejjMdd$�e�d3�d4��Z�e�d5�d6��Z�eejj�eejjM�d7dd�e �d��d8�d9��Z�eejj�eejjM�d:dd�e �d��d;�d<��Z�eejjK�eejjM�d:d9d�e �d��d=�d>��Z�eejjK�eejjMd�dd�e�d��d?�d@��Z�ejjejjM�d7d$�e� �d��dA�dB��Z�ejjejjM�d:d$�e�dC�dD��Z�e�dE�dF��Z�eejj�eejjMd�dd�e�d��dG�dH��Z�eejj�eejjMddd�e�d��dI�dJ��Z�eejjK�eejjMdd9d�e�d��dK�dL��Z�eejjK�eejjMddFd�e�d��dM�dN��Z�ejjejjMd�d$�e�d��dO�dP��Z�ejjejjMdd$�e�dQ�dR��Z�eejj�eejjMddd�e�d��dS�dT��Z�eejj�eejjMddd�e�d��dU�dV��Z�eejjK�eejjMdd9d�e�d��dW�dX��Z�ejjejjMdd$�e�dY�dZ��Z�ejjejjMdd$�e�d[�d\��Z�eejj��e�ejj��eejj�d�dd�e�d��d]�d^��Z�eejj��e�ejj��eejj�d�dd�e�d��d_�d`��Z�eejj��e�ejj��eejj�d�d9d�e�d��da�db��Z�eejj��e�ejj��eejj�ddFd�e�d��dc�dd��Z�eejj��e�ejj��eejj�d�ded�e�d��df�dg��Z�e�ejj��ejjejj�d�d$�e�dh�di��Z�e�ejj��ejjejj�d�d$�e�dj�dk��Z�eejj��e�ejj��eejj��dldd�e�d��dm�dn��Z�eejj��e�ejj��eejj��dldd�e�d��do�dp��Z�eejj��e�ejj��eejj�d�dd�e�d��dq�dr��Z�eejj��e�ejj��eejj��dld9d�e�d��ds�dt��Z�eejj��e�ejj��eejj�d��dud�e�d��dv�dw��Z�eejj��e�ejj��eejj�d�dxd�e�d��dy�dz��Z�e�ejj��ejjejj��dld$�e�d{�d\|��Z�e�ejj��ejjejj��dld$�e�d}�d~��Z�eejj��e�ejj��eejj��ddd�e�d��d��d��Z�eejj��e�ejj��eejj��ddd�e�d��d��d��Z�eejj��e�ejj��eejj��ddd�e�d��d��d��Z�eejj��e�ejj��eejj��dd9d�e�d��d��d��Z�eejj��e�ejj��eejj�d�d�d�e�d��d��d��Z�eejj��e�ejj��eejj�ddd�e�d��d��d��Z�eejj��e�ejj��eejj�d�dd�e�d��d��d��Z�e�ejj��ejjejj��dd$�e�d��d��Z�e�ejj��ejjejj��dd$�e�d��d��Z�eejj׃eejj ddd�e�d��d��d��Z�eejj�eejj�dd9d�e�d��d��d��Z�eejj�eejj�ddFd�e�d��d��d��Z�eejjK�eejj�de�jZd�e�d��d��d��Z�eejj�eejj�ddd�e�d��d��d��Z�eejj�eejj�ddd�e�d��d��d��Z�eejj�eejj�dd9d�e�d��d��d��Z�eejj�eejj�ddFd�e�d��d��d��Z�eejj�eejjِdd �e�d��d��d��Z�ejjejj�dd$�e�d��d��Z�ejjejj�dd$�e�d��d��Z�eejj�eejj ddFd�e�d��d��d��Z�eejjK�eejj de�jZd�e�d��d��d��Z��Z�S�(��r��zFirewallD main classTc��sd��t�t\|��j\|i�\|��t��\|�_\|d�\|�_\|d�\|�_\|��t\|�t j j��t\|�jj \|�jt j j �\|�_ d�S�)Nr��)�superr��__init__r��fw�busname�path�startr��r��dbus�DBUS_INTERFACEr��DBUS_PATH_CONFIG)�self�args�kwargs�� __class__��;/usr/lib/python3/dist-packages/firewall/server/firewalld.pyr%��G��s�� zFirewallD.__init__c��C��s��\|��d�S��N)�stop�r-��r2��r2��r3��__del__R��s��zFirewallD.__del__c��C��s��t��d��i�\|�_\|�j��S�)Nzstart())r��debug1� _timeoutsr&��r)��r6��r2��r2��r3��r)��U��s�� zFirewallD.startc��C��t��d��\|�j��S�)Nzstop())r��r8��r&��r5��r6��r2��r2��r3��r5��]��s�� zFirewallD.stopc��C��s��\|�j�j��rV\|d�u�rt�d��d�S�t��}t\|\|�}\|�j�j�d\|�r$d�S�t \|\|�}\|�j�j�d\|�r3d�S�t \|�}\|�j�j�d\|�rAd�S�t\|\|�}\|�j�j�d\|�rPd�S�tt jd��d�S�)Nz&Lockdown not possible, sender not set.�context�uid�user�commandzlockdown is enabled)r&��policies�query_lockdownr��errorr�� SystemBusr��access_checkr��r��r��r"��r!�� ACCESS_DENIED)r-��sender�busr;��r<��r=��r>��r2��r2��r3��accessCheckf��s&�� zFirewallD.accessCheckc��C��s&��\|\|�j�vr i�\|�j�\|<�\|\|�j�\|�\|<�d�S�r4��)r9��)r-��zone�x�tagr2��r2��r3�� addTimeout}��s�� zFirewallD.addTimeoutc��C��sD��\|\|�j�v�r\|\|�j�\|�v�r t�\|�j�\|�\|��\|�j�\|�\|=�d�S�d�S�d�S�r4��)r9��r�� source_remove�r-��rH��rI��r2��r2��r3�� removeTimeout��s��zFirewallD.removeTimeoutc��C��sL��\|�j�D�]}\|�j�\|�D�]}t�\|�j�\|�\|��q \|�j�\|��q\|�j��d�S�r4��)r9��r��rL��clearrM��r2��r2��r3��cleanup_timeouts��s �� zFirewallD.cleanup_timeoutsc��C��sV��\|dkr t��tj�S�\|dkrt��dtj�jtj�jf��S�\|dkr't��\|�j��S�\|dkr4t��\|�j� d��S�\|dkr@t�� \|�jjd�S�\|d krMt��\|�j� d ��S�\|dkrXt��\|�jj�S�\|dkrdt�� \|�jj d�S�\|d krot��\|�jj�S�\|dkrzt��\|�jj�S�\|dkr�t�� \|�jjd�S�\|dkr�t��d�S�\|dkr�t��i�d�S�\|dkr�t��i�d�S�t�j�d\|��)N�version�interface_versionz%d.%d�state�IPv4�ipv4� IPv4ICMPTypes�s�IPv6�ipv6� IPv6_rpfilter� IPv6ICMPTypes�BRIDGEr�� IPSetTypes�nf_conntrack_helper_settingF�nf_conntrack_helpers�sas�nf_nat_helpers�Dorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist)r��Stringr��VERSION�DBUS_INTERFACE_VERSION�DBUS_INTERFACE_REVISIONr&�� get_state�Boolean�is_ipv_enabled�Array�ipv4_supported_icmp_types�ipv6_rpfilter_enabled�ipv6_supported_icmp_types�ebtables_enabled� ipset_enabled�ipset_supported_types� Dictionary� exceptions� DBusException)r-��propr2��r2��r3�� _get_property��sF�� zFirewallD._get_property�ss�v)�in_signature� out_signatureNc��C��sx��t�\|t�}t�\|t�}t�d\|\|��\|tjjkr\|��\|�S�\|tjjtjj tjj tjjfv�r4tj� d\|��tj� d\|��)NzGet('%s', '%s')rb��Jorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r��strr��r8��r��r��r+��ru��DBUS_INTERFACE_ZONE�DBUS_INTERFACE_DIRECT�DBUS_INTERFACE_POLICIES�DBUS_INTERFACE_IPSETrr��rs��)r-��interface_name� property_namerE��r2��r2��r3��Get��s(�� z FirewallD.GetrW��za{sv}c��C��s��t�\|t�}t�d\|��i�}\|tjjkr dD�] }\|��\|�\|\|<�qn\|tjjtjj tjj tjjfv�r1ntj� d\|��tj\|dd�S�)NzGetAll('%s')�rQ��rR��rS��rT��rX��rZ��r\��r��r]��r^��r_��ra��rV��r[��rz��sv�� signature)r��r{��r��r8��r��r��r+��ru��r\|��r}��r~��r��rr��rs��rq��)r-��r��rE��retrI��r2��r2��r3��GetAll��s&�� zFirewallD.GetAll�ssv)rx��c��C��s��t�\|t�}t�\|t�}t�\|�}t�d\|\|\|��\|��\|��\|tjjkr5\|dv�r-tj� d\|��tj� d\|��\|tjj tjjtjjtjj fv�rMtj� d\|��tj� d\|��)NzSet('%s', '%s', '%s')r��zGorg.freedesktop.DBus.Error.PropertyReadOnly: Property '%s' is read-onlyrb��rz��)r��r{��r��r8��rG��r��r��r+��rr��rs��r\|��r}��r~��r��)r-��r��r�� new_valuerE��r2��r2��r3��Set��sD�� z FirewallD.Setzsa{sv}asr��c��C��s.��t�\|t�}t�\|�}t�\|�}t�d\|\|\|��d�S�)Nz#PropertiesChanged('%s', '%s', '%s'))r��r{��r��r8��)r-��r��changed_properties�invalidated_propertiesr2��r2��r3��PropertiesChanged��s�� zFirewallD.PropertiesChanged)ry��c��s`��t��d��tt\|��\|�j\|�j��}t\|�\|t j j�}t j jfD�]}t \|�\|\|t��jt��j�}q\|S�)NzIntrospect())r��debug2r$��r�� Introspectr(��r'��get_busr��r��r��r+��r}��r��r�� deprecatedr��)r-��rE��data� interfacer0��r2��r3��r��$��s�� zFirewallD.Introspect��c��C��s��t��d��\|�j��\|�j��\|��dS�)z#Reload the firewall rules. zreload()N�r��r8��r&��reloadr��Reloaded�r-��rE��r2��r2��r3��r��:��s�� zFirewallD.reloadc��C��s,��t��d��\|�j�d��\|�j��\|��dS�)z�Completely reload the firewall. Completely reload the firewall: Stops firewall, unloads modules and starts the firewall again. zcompleteReload()TNr��r��r2��r2��r3��completeReloadI��s�� zFirewallD.completeReloadc��C��t��d��d�S�)Nz Reloaded()�r��r8��r6��r2��r2��r3��r��Y��zFirewallD.Reloadedc��C��s��t��d��t\|�j��dS�)z&Check permanent configuration zcheckPermanentConfig()N)r��r8��r��r&��r��r2��r2��r3��checkPermanentConfig^��s�� zFirewallD.checkPermanentConfigc��C��s~��t��d��d}\|�j��}\|�jj��D�]Y}\|��\|�}z5\|\|v�r?\|�j�\|�}\|� ��\|kr7t��d\|��\|� \|��nt��d\|��nt��d\|��\|�j�\|\|��W�q�tyk�}�zt�� d\|\|f��d}W�Y�d}~qd}~ww�\|�j��}\|�jj��D�]Y}\|��\|�}z5\|\|v�r�\|�j�\|�}\|� ��\|kr�t��d \|��\|� \|��nt��d \|��nt��d\|��\|�j�\|\|��W�qw�ty��}�zt�� d\|\|f��d}W�Y�d}~qwd}~ww�\|�j��}\|�jj��D�]\}z<\|��\|�}\|\|v��r\|�j�\|�}\|� ��\|k�rt��d \|��\|� \|��nt��d\|��nt��d\|��\|�j�\|\|��W�q��t�y8�}�zt�� d\|\|f��d}W�Y�d}~q�d}~ww�\|�j��}\|�jj��D�]�}\|��\|�}t\|�}d} \|�jjD�]} t��d\|\| f��\|� \| ��d} �qU\|�!��D�]$} zt"\| �}\|�r�t#\|\|��r�\|� \| ��d} W��qm�t�y��Y��qmw�\| �r�\|�$��}\|�!��D�]} t%\|\| ��q�z)\|\|v��r�\|�j�&\|�}t��d\|��\|�'\|��nt��d\|��\|�j�(\|\|��W��qD�t�y��}�zt�� d\|\|f��d}W�Y�d}~�qDd}~ww�\|�j�)��}\|�jj�+��D�]H}\|��,\|�}z"\|\|v��r\|�j�-\|�}\|� \|��nt��d\|��\|�j�.\|\|��W��q��t�yB�}�zt�� d\|\|f��d}W�Y�d}~�q�d}~ww�\|�j�/��}\|�jj0�1��D�]^}\|��2\|�}z8\|\|v��r}\|�j�3\|�}\|� ��\|k�rut��d\|��\|� \|��nt��d\|��nt��d\|��\|�j�4\|\|��W��qN�t�y��}�zt�� d\|\|f��d}W�Y�d}~�qNd}~ww�\|�jj5�6��\|�jj5�7��\|�jj5�8��f}z\|�j� ��\|k�r�t��d��\|�j� \|��nt��d��W�n�t�y��}�zt�� d\|��d}W�Y�d}~nd}~ww�\|�jj9j:�;��}z\|�j� ��\|k�rt��d��\|�j�<\|��nt��d��W�n�t�y4�}�zt�� d \|��d}W�Y�d}~nd}~ww�\|�r=t=t>j?��dS�)!z-Make runtime configuration permanent zcopyRuntimeToPermanent()FzCopying service '%s' settingsz$Service '%s' is identical, ignoring.zCreating service '%s'z/Runtime To Permanent failed on service '%s': %sTNzCopying icmptype '%s' settingsz%IcmpType '%s' is identical, ignoring.zCreating icmptype '%s'z0Runtime To Permanent failed on icmptype '%s': %szCopying ipset '%s' settingsz"IPSet '%s' is identical, ignoring.zCreating ipset '%s'z-Runtime To Permanent failed on ipset '%s': %szEZone '%s': interface binding for '%s' has been added by NM, ignoring.zCopying zone '%s' settingszCreating zone '%s'z,Runtime To Permanent failed on zone '%s': %szCreating policy '%s'z.Runtime To Permanent failed on policy '%s': %szCopying helper '%s' settingsz#Helper '%s' is identical, ignoring.zCreating helper '%s'z.Runtime To Permanent failed on helper '%s': %szCopying direct configurationz,Direct configuration is identical, ignoring.z7Runtime To Permanent failed on direct configuration: %szCopying policies configurationz.Policies configuration is identical, ignoring.z9Runtime To Permanent failed on policies configuration: %s)@r��r8��r��getServiceNamesr&��service�get_services�getServiceSettings�getServiceByName�getSettings�update� addService� Exception�warning�getIcmpTypeNames�icmptype� get_icmptypes�getIcmpTypeSettings�getIcmpTypeByName�addIcmpType� getIPSetNames�ipset� get_ipsets�getIPSetSettings�getIPSetByName�addIPSet�getZoneNamesrH�� get_zones�getZoneSettings2r��_nm_assigned_interfaces�removeInterface� getInterfacesr��r��getSettingsDictr �� getZoneByName�update2�addZone2�getPolicyNames�policy�"get_policies_not_derived_from_zone�getPolicySettings�getPolicyByName� addPolicy�getHelperNames�helper�get_helpers�getHelperSettings�getHelperByName� addHelper�direct�get_all_chains� get_all_rules�get_all_passthroughsr?��lockdown_whitelist� export_config�setLockdownWhitelistr"��r!��RT_TO_PERM_FAILED)r-��rE��rA��config_names�name�conf�conf_obj�e�settings�changedr�� connectionr2��r2��r3��runtimeToPermanentj��sr�� zFirewallD.runtimeToPermanentc��C��,��t��d��\|��\|��\|�jj��\|��dS�)z!Enable lockdown policies zpolicies.enableLockdown()N)r��r8��rG��r&��r?��enable_lockdown�LockdownEnabledr��r2��r2��r3��enableLockdown4�� zFirewallD.enableLockdownc��C��r��)z"Disable lockdown policies zpolicies.disableLockdown()N)r��r8��rG��r&��r?��disable_lockdown�LockdownDisabledr��r2��r2��r3��disableLockdown@��r��zFirewallD.disableLockdown�bc��C��t��d��\|�jj��S�)z+Retuns True if lockdown is enabled zpolicies.queryLockdown())r��r8��r&��r?��r@��r��r2��r2��r3�� queryLockdownL��s�� zFirewallD.queryLockdownc��C��r��)NzLockdownEnabled()r��r6��r2��r2��r3��r��W��r��zFirewallD.LockdownEnabledc��C��r��)NzLockdownDisabled()r��r6��r2��r2��r3��r��\��r��zFirewallD.LockdownDisabledc��C��@��t�\|t�}t�d\|��\|��\|��\|�jjj�\|��\|�� \|��dS�)�Add lockdown command zpolicies.addLockdownWhitelistCommand('%s')N) r��r{��r��r8��rG��r&��r?��r��add_command�LockdownWhitelistCommandAdded�r-��r>��rE��r2��r2��r3��addLockdownWhitelistCommande�� z%FirewallD.addLockdownWhitelistCommandc��C��r��)z Remove lockdown command z-policies.removeLockdownWhitelistCommand('%s')N) r��r{��r��r8��rG��r&��r?��r��remove_command�LockdownWhitelistCommandRemovedr��r2��r2��r3��removeLockdownWhitelistCommandr��r��z(FirewallD.removeLockdownWhitelistCommandc��C��(��t�\|t�}t�d\|��\|�jjj�\|�S�)zQuery lockdown command z,policies.queryLockdownWhitelistCommand('%s'))r��r{��r��r8��r&��r?��r��has_commandr��r2��r2��r3��queryLockdownWhitelistCommand�� z'FirewallD.queryLockdownWhitelistCommand�asc��C��t��d��\|�jjj��S�)r��z'policies.getLockdownWhitelistCommands())r��r8��r&��r?��r��get_commandsr��r2��r2��r3��getLockdownWhitelistCommands�� z&FirewallD.getLockdownWhitelistCommandsc��C��t��d\|��d�S�)Nz#LockdownWhitelistCommandAdded('%s')r��r-��r>��r2��r2��r3��r��z'FirewallD.LockdownWhitelistCommandAddedc��C��r��)Nz%LockdownWhitelistCommandRemoved('%s')r��r��r2��r2��r3��r��r��z)FirewallD.LockdownWhitelistCommandRemoved�ic��C��r��)�Add lockdown uid z&policies.addLockdownWhitelistUid('%s')N) r��intr��r8��rG��r&��r?��r��add_uid�LockdownWhitelistUidAdded�r-��r<��rE��r2��r2��r3��addLockdownWhitelistUid��r��z!FirewallD.addLockdownWhitelistUidc��C��r��)zRemove lockdown uid z)policies.removeLockdownWhitelistUid('%s')N) r��r��r��r8��rG��r&��r?��r�� remove_uid�LockdownWhitelistUidRemovedr��r2��r2��r3��removeLockdownWhitelistUid��r��z$FirewallD.removeLockdownWhitelistUidc��C��r��)zQuery lockdown uid z(policies.queryLockdownWhitelistUid('%s'))r��r��r��r8��r&��r?��r��has_uidr��r2��r2��r3��queryLockdownWhitelistUid��r��z#FirewallD.queryLockdownWhitelistUid�aic��C��r��)r��z#policies.getLockdownWhitelistUids())r��r8��r&��r?��r��get_uidsr��r2��r2��r3��getLockdownWhitelistUids��r��z"FirewallD.getLockdownWhitelistUidsc��C��r��)NzLockdownWhitelistUidAdded(%d)r��r-��r<��r2��r2��r3��r��r��z#FirewallD.LockdownWhitelistUidAddedc��C��r��)NzLockdownWhitelistUidRemoved(%d)r��r��r2��r2��r3��r��r��z%FirewallD.LockdownWhitelistUidRemovedc��C��r��)�Add lockdown user z'policies.addLockdownWhitelistUser('%s')N) r��r{��r��r8��rG��r&��r?��r��add_user�LockdownWhitelistUserAdded�r-��r=��rE��r2��r2��r3��addLockdownWhitelistUser��r��z"FirewallD.addLockdownWhitelistUserc��C��r��)zRemove lockdown user zpolicies.removeLockdownWhitelistUser('%s')N) r��r{��r��r8��rG��r&��r?��r��remove_user�LockdownWhitelistUserRemovedr��r2��r2��r3��removeLockdownWhitelistUser��r��z%FirewallD.removeLockdownWhitelistUserc��C��r��)zQuery lockdown user z)policies.queryLockdownWhitelistUser('%s'))r��r{��r��r8��r&��r?��r��has_userr��r2��r2��r3��queryLockdownWhitelistUser��r��z$FirewallD.queryLockdownWhitelistUserc��C��r��)r ��z$policies.getLockdownWhitelistUsers())r��r8��r&��r?��r�� get_usersr��r2��r2��r3��getLockdownWhitelistUsers��r��z#FirewallD.getLockdownWhitelistUsersc��C��r��)Nz LockdownWhitelistUserAdded('%s')r��r-��r=��r2��r2��r3��r��r��z$FirewallD.LockdownWhitelistUserAddedc��C��r��)Nz"LockdownWhitelistUserRemoved('%s')r��r��r2��r2��r3��r��r��z&FirewallD.LockdownWhitelistUserRemovedc��C��r��)�Add lockdown context zpolicies.addLockdownWhitelistContext('%s')N) r��r{��r��r8��rG��r&��r?��r��add_context�LockdownWhitelistContextAdded�r-��r;��rE��r2��r2��r3��addLockdownWhitelistContext��r��z%FirewallD.addLockdownWhitelistContextc��C��r��)z Remove lockdown context z-policies.removeLockdownWhitelistContext('%s')N) r��r{��r��r8��rG��r&��r?��r��remove_context�LockdownWhitelistContextRemovedr��r2��r2��r3��removeLockdownWhitelistContext)��r��z(FirewallD.removeLockdownWhitelistContextc��C��r��)zQuery lockdown context z,policies.queryLockdownWhitelistContext('%s'))r��r{��r��r8��r&��r?��r��has_contextr��r2��r2��r3��queryLockdownWhitelistContext6��r��z'FirewallD.queryLockdownWhitelistContextc��C��r��)r��z'policies.getLockdownWhitelistContexts())r��r8��r&��r?��r��get_contextsr��r2��r2��r3��getLockdownWhitelistContextsB��r��z&FirewallD.getLockdownWhitelistContextsc��C��r��)Nz#LockdownWhitelistContextAdded('%s')r��r-��r;��r2��r2��r3��r��M��r��z'FirewallD.LockdownWhitelistContextAddedc��C��r��)Nz%LockdownWhitelistContextRemoved('%s')r��r&��r2��r2��r3��r ��R��r��z)FirewallD.LockdownWhitelistContextRemovedc��C����t��d��\|��\|��\|�j��\|��dS�)znEnable panic mode. All ingoing and outgoing connections and packets will be blocked. zenablePanicMode()N)r��r8��rG��r&��enable_panic_mode�PanicModeEnabledr��r2��r2��r3��enablePanicMode[��s�� zFirewallD.enablePanicModec��C��r'��)z�Disable panic mode. Enables normal mode: Allowed ingoing and outgoing connections will not be blocked anymore zdisablePanicMode()N)r��r8��rG��r&��disable_panic_mode�PanicModeDisabledr��r2��r2��r3��disablePanicModei��s�� zFirewallD.disablePanicModec��C��r:��)NzqueryPanicMode())r��r8��r&��query_panic_moder��r2��r2��r3��queryPanicModex�� zFirewallD.queryPanicModec��C��r��)NzPanicModeEnabled()r��r6��r2��r2��r3��r)��r��zFirewallD.PanicModeEnabledc��C��r��)NzPanicModeDisabled()r��r6��r2��r2��r3��r,��r��zFirewallD.PanicModeDisabledz&(sssbsasa(ss)asba(ssss)asasasasa(ss)b)c��C��$��t�\|t�}t�d\|��\|�jj�\|�S�)NzgetZoneSettings(%s))r��r{��r��r8��r&��rH��get_config_with_settings�r-��rH��rE��r2��r2��r3��getZoneSettings��s�� zFirewallD.getZoneSettingsc��C��r1��)NzgetZoneSettings2(%s))r��r{��r��r8��r&��rH��get_config_with_settings_dictr3��r2��r2��r3��r�� zFirewallD.getZoneSettings2zsa{sv}c��C��F��t�\|t�}t�d\|��\|��\|��\|�jj�\|t�\|�\|��\|��\|\|��d�S�)NzsetZoneSettings2(%s)) r��r{��r��r8��rG��r&��rH��set_config_with_settings_dict�ZoneUpdated)r-��rH��r��rE��r2��r2��r3��setZoneSettings2�� zFirewallD.setZoneSettings2c��C��t��d\|\|f��d�S�)Nzzone.ZoneUpdated('%s', '%s')r��)r-��rH��r��r2��r2��r3��r9��zFirewallD.ZoneUpdatedc��C��r1��)Nzpolicy.getPolicySettings(%s))r��r{��r��r8��r&��r��r5��)r-��r��rE��r2��r2��r3��r��r6��zFirewallD.getPolicySettingsc��C��r7��)Nzpolicy.setPolicySettings(%s)) r��r{��r��r8��rG��r&��r��r8�� PolicyUpdated)r-��r��r��rE��r2��r2��r3��setPolicySettings��r;��zFirewallD.setPolicySettingsc��C��r<��)Nz policy.PolicyUpdated('%s', '%s')r��)r-��r��r��r2��r2��r3��r>��r=��zFirewallD.PolicyUpdatedc��C��r��)NzlistServices())r��r8��r&��r��r��r��r2��r2��r3��listServices�� zFirewallD.listServicesz(sssa(ss)asa{ss}asa(ss))c�� C��s��t�\|t�}t�d\|��\|�jj�\|�}\|��}g�}td�D�](}\|j \|�d�\|vr8\|� t�t \|\|j \|�d��q\|� \|\|j \|�d��qt\|�S�)NzgetServiceSettings(%s)��r��)r��r{��r��r8��r&��r��get_service�export_config_dict�range�IMPORT_EXPORT_STRUCTURE�append�copy�deepcopy�getattr�tuple)r-��r��rE��obj� conf_dict� conf_listr��r2��r2��r3��r��s�� "zFirewallD.getServiceSettingsc��C��s,��t�\|t�}t�d\|��\|�jj�\|�}\|��S�)NzgetServiceSettings2(%s))r��r{��r��r8��r&��r��rC��rD��)r-��r��rE��rL��r2��r2��r3��getServiceSettings2��s�� zFirewallD.getServiceSettings2c��C��r��)NzlistIcmpTypes())r��r8��r&��r��r��r��r2��r2��r3�� listIcmpTypes��rA��zFirewallD.listIcmpTypesc��C��(��t�\|t�}t�d\|��\|�jj�\|��S�)NzgetIcmpTypeSettings(%s))r��r{��r��r8��r&��r��get_icmptyper��)r-��r��rE��r2��r2��r3��r�� zFirewallD.getIcmpTypeSettingsc��C��r:��)NzgetLogDenied())r��r8��r&��get_log_deniedr��r2��r2��r3��getLogDenied��r0��zFirewallD.getLogDeniedc��C��sX��t�\|t�}t�d\|��\|��\|��\|�j�\|��\|��\|��\|�j��\|�j ��\|�� d�S�)NzsetLogDenied('%s'))r��r{��r��r8��rG��r&��set_log_denied�LogDeniedChangedr��r��r��r-��valuerE��r2��r2��r3��setLogDenied��s�� zFirewallD.setLogDeniedc��C��r��)NzLogDeniedChanged('%s')r��r-��rY��r2��r2��r3��rW��$��r��zFirewallD.LogDeniedChangedc��C��s��t��d��dS�)NzgetAutomaticHelpers()�nor��r��r2��r2��r3��getAutomaticHelpers-��s�� zFirewallD.getAutomaticHelpersc��C��s&��t�\|t�}t�d\|��\|��\|��d�S�)NzsetAutomaticHelpers('%s'))r��r{��r��r8��rG��rX��r2��r2��r3��setAutomaticHelpers8�� zFirewallD.setAutomaticHelpersc��C��r��)NzAutomaticHelpersChanged('%s')r��r[��r2��r2��r3��AutomaticHelpersChangedD��r��z!FirewallD.AutomaticHelpersChangedc��C��r:��)NzgetDefaultZone())r��r8��r&��get_default_zoner��r2��r2��r3��getDefaultZoneM��r0��zFirewallD.getDefaultZonec��C��s<��t�\|t�}t�d\|��\|��\|��\|�j�\|��\|��\|��d�S�)NzsetDefaultZone('%s'))r��r{��r��r8��rG��r&��set_default_zone�DefaultZoneChangedr3��r2��r2��r3��setDefaultZoneV��s �� zFirewallD.setDefaultZonec��C��r��)NzDefaultZoneChanged('%s')r��r-��rH��r2��r2��r3��rd��b��r��zFirewallD.DefaultZoneChangedc��C��r��)Nzpolicy.getPolicies())r��r8��r&��r��r��r��r2��r2��r3��getPoliciesm��s�� zFirewallD.getPoliciesz a{sa{sas}}c��C��sX��t��d��i�}\|�jj��D�]}i�\|\|<�\|�jj�\|�\|\|�d<�\|�jj�\|�\|\|�d<�q \|S�)Nzpolicy.getActivePolicies()� ingress_zones�egress_zones)r��r8��r&��r��)get_active_policies_not_derived_from_zone�list_ingress_zones�list_egress_zones)r-��rE��r?��r��r2��r2��r3��getActivePoliciesu��s�� zFirewallD.getActivePoliciesc��C��r��)Nzzone.getZones())r��r8��r&��rH��r��r��r2��r2��r3��getZones�� zFirewallD.getZonesc��C��s��t��d��i�}\|�jj��D�]6}\|�jj�\|�}\|�jj�\|�}t\|�t\|��dkrCi�\|\|<�t\|�dkr7\|\|\|�d<�t\|�dkrC\|\|\|�d<�q \|S�)Nzzone.getActiveZones()r�� interfaces�sources)r��r8��r&��rH��r��list_interfaces�list_sources�len)r-��rE��zonesrH��rp��rq��r2��r2��r3��getActiveZones��s�� zFirewallD.getActiveZonesc��C��2��t�\|t�}t�d\|��\|�jj�\|�}\|r\|S�dS�)z�Return the zone an interface belongs to. :Parameters: `interface` : str Name of the interface :Returns: str. The name of the zone. zzone.getZoneOfInterface('%s')r��)r��r{��r��r8��r&��rH��get_zone_of_interface)r-��r��rE��rH��r2��r2��r3��getZoneOfInterface��s�� zFirewallD.getZoneOfInterfacec��C��rw��)Nzzone.getZoneOfSource('%s')r��)r��r{��r��r8��r&��rH��get_zone_of_source)r-��sourcerE��rH��r2��r2��r3��getZoneOfSource��s�� zFirewallD.getZoneOfSourcec��C��dS�)NFr2��r3��r2��r2��r3��isImmutable��s��zFirewallD.isImmutablec��C��R��t�\|t�}t�\|t�}t�d\|\|f��\|��\|��\|�jj�\|\|\|�}\|��\|\|��\|S�)zPAdd an interface to a zone. If zone is empty, use default zone. zzone.addInterface('%s', '%s')) r��r{��r��r8��rG��r&��rH�� add_interface�InterfaceAdded�r-��rH��r��rE��_zoner2��r2��r3��addInterface�� zFirewallD.addInterfacec��C��s"��t�\|t�}t�\|t�}\|��\|\|\|�S�)z�Change a zone an interface is part of. If zone is empty, use default zone. This function is deprecated, use changeZoneOfInterface instead )r��r{��changeZoneOfInterface�r-��rH��r��rE��r2��r2��r3�� changeZone��s�� zFirewallD.changeZonec��C��r��)z[Change a zone an interface is part of. If zone is empty, use default zone. z&zone.changeZoneOfInterface('%s', '%s')) r��r{��r��r8��rG��r&��rH��change_zone_of_interface�ZoneOfInterfaceChangedr��r2��r2��r3��r��r��zFirewallD.changeZoneOfInterfacec��C��P��t�\|t�}t�\|t�}t�d\|\|f��\|��\|��\|�jj�\|\|�}\|��\|\|��\|S�)zkRemove interface from a zone. If zone is empty, remove from zone the interface belongs to. z zone.removeInterface('%s', '%s')) r��r{��r��r8��rG��r&��rH��remove_interface�InterfaceRemovedr��r2��r2��r3��r�� zFirewallD.removeInterfacec��C��6��t�\|t�}t�\|t�}t�d\|\|f��\|�jj�\|\|�S�)z^Return true if an interface is in a zone. If zone is empty, use default zone. zzone.queryInterface('%s', '%s'))r��r{��r��r8��r&��rH��query_interfacer��r2��r2��r3��queryInterface�� zFirewallD.queryInterfacec��C��&��t�\|t�}t�d\|��\|�jj�\|�S�)z]Return the list of interfaces of a zone. If zone is empty, use default zone. zzone.getInterfaces('%s'))r��r{��r��r8��r&��rH��rr��r3��r2��r2��r3��r�� zFirewallD.getInterfacesc��C��r<��)Nzzone.InterfaceAdded('%s', '%s')r��r-��rH��r��r2��r2��r3��r��-��r=��zFirewallD.InterfaceAddedc��C��s��t��d\|\|f��dS�)z, This signal is deprecated. zzone.ZoneChanged('%s', '%s')Nr��r��r2��r2��r3��ZoneChanged2��s��zFirewallD.ZoneChangedc��C��s"��t��d\|\|f��\|��\|\|��d�S�)Nz'zone.ZoneOfInterfaceChanged('%s', '%s'))r��r8��r��r��r2��r2��r3��r��:��s��z FirewallD.ZoneOfInterfaceChangedc��C��r<��)Nz!zone.InterfaceRemoved('%s', '%s')r��r��r2��r2��r3��r��A��r=��zFirewallD.InterfaceRemovedc��C��r��)zLAdd a source to a zone. If zone is empty, use default zone. zzone.addSource('%s', '%s')) r��r{��r��r8��rG��r&��rH�� add_source�SourceAdded�r-��rH��r{��rE��r��r2��r2��r3�� addSourceJ��r��zFirewallD.addSourcec��C��r��)zXChange a zone an source is part of. If zone is empty, use default zone. z#zone.changeZoneOfSource('%s', '%s')) r��r{��r��r8��rG��r&��rH��change_zone_of_source�ZoneOfSourceChangedr��r2��r2��r3��changeZoneOfSource[��r��zFirewallD.changeZoneOfSourcec��C��r��)zeRemove source from a zone. If zone is empty, remove from zone the source belongs to. zzone.removeSource('%s', '%s')) r��r{��r��r8��rG��r&��rH�� remove_source� SourceRemovedr��r2��r2��r3��removeSourcel��r��zFirewallD.removeSourcec��C��r��)z[Return true if an source is in a zone. If zone is empty, use default zone. zzone.querySource('%s', '%s'))r��r{��r��r8��r&��rH��query_source)r-��rH��r{��rE��r2��r2��r3��querySource}��r��zFirewallD.querySourcec��C��r��)zZReturn the list of sources of a zone. If zone is empty, use default zone. zzone.getSources('%s'))r��r{��r��r8��r&��rH��rs��r3��r2��r2��r3�� getSources��r��zFirewallD.getSourcesc��C��r<��)Nzzone.SourceAdded('%s', '%s')r��r-��rH��r{��r2��r2��r3��r��r=��zFirewallD.SourceAddedc��C��r<��)Nz$zone.ZoneOfSourceChanged('%s', '%s')r��r��r2��r2��r3��r��r=��zFirewallD.ZoneOfSourceChangedc��C��r<��)Nzzone.SourceRemoved('%s', '%s')r��r��r2��r2��r3��r��r=��zFirewallD.SourceRemovedc��C��sH��t��d\|\|f��\|�j\|�\|=�t\|d�}\|�jj�\|\|��\|��\|\|��d�S�)Nz%zone.disableTimedRichRule('%s', '%s')��rule_str)r��r8��r9��r��r&��rH��remove_rule�RichRuleRemoved)r-��rH��rulerL��r2��r2��r3��disableTimedRichRule��s �� zFirewallD.disableTimedRichRule�ssic��C��s��t�\|t�}t�\|t�}t�\|t�}t�d\|\|f��t\|d�}\|�jj�\|\|\|�}\|dkr:t � \|\|�j\|\|�}\|��\|\|\|��\|�� \|\|\|��\|S�)Nzzone.addRichRule('%s', '%s')r��r��)r��r{��r��r��r8��r��r&��rH��add_ruler��timeout_add_secondsr��rK�� RichRuleAdded)r-��rH��r��timeoutrE��rL��r��rJ��r2��r2��r3��addRichRule��s�� zFirewallD.addRichRulec��C��s\��t�\|t�}t�\|t�}t�d\|\|f��t\|d�}\|�jj�\|\|�}\|��\|\|��\|�� \|\|��\|S�)Nzzone.removeRichRule('%s', '%s')r��) r��r{��r��r8��r��r&��rH��r��rN��r��)r-��rH��r��rE��rL��r��r2��r2��r3��removeRichRule��s�� zFirewallD.removeRichRulec��C��s@��t�\|t�}t�\|t�}t�d\|\|f��t\|d�}\|�jj�\|\|�S�)Nzzone.queryRichRule('%s', '%s')r��)r��r{��r��r8��r��r&��rH�� query_rule)r-��rH��r��rE��rL��r2��r2��r3�� queryRichRule��s �� zFirewallD.queryRichRulec��C��r��)Nzzone.getRichRules('%s'))r��r{��r��r8��r&��rH�� list_rulesr3��r2��r2��r3��getRichRules�� zFirewallD.getRichRulesc��C��t��d\|\|\|f��d�S�)Nz"zone.RichRuleAdded('%s', '%s', %d)r��)r-��rH��r��r��r2��r2��r3��r��s��zFirewallD.RichRuleAddedc��C��r<��)Nz zone.RichRuleRemoved('%s', '%s')r��)r-��rH��r��r2��r2��r3��r��r=��zFirewallD.RichRuleRemovedc��C��>��t��d\|\|f��\|�j\|�\|=�\|�jj�\|\|��\|��\|\|��d�S�)Nz$zone.disableTimedService('%s', '%s'))r��r8��r9��r&��rH��remove_service�ServiceRemoved�r-��rH��r��r2��r2��r3��disableTimedService��zFirewallD.disableTimedServicec��C��s��t�\|t�}t�\|t�}t�\|t�}t�d\|\|\|f��\|��\|��\|�jj�\|\|\|\|�}\|dkr<t � \|\|�j\|\|�}\|��\|\|\|��\|�� \|\|\|��\|S�)Nzzone.addService('%s', '%s', %d)r��)r��r{��r��r��r8��rG��r&��rH��add_servicer��r��r��rK��ServiceAdded)r-��rH��r��r��rE��r��rJ��r2��r2��r3��r��s�� zFirewallD.addServicec��C��\��t�\|t�}t�\|t�}t�d\|\|f��\|��\|��\|�jj�\|\|�}\|��\|\|��\|�� \|\|��\|S�)Nzzone.removeService('%s', '%s')) r��r{��r��r8��rG��r&��rH��r��rN��r��)r-��rH��r��rE��r��r2��r2��r3�� removeService��s�� zFirewallD.removeServicec��C��r��)Nzzone.queryService('%s', '%s'))r��r{��r��r8��r&��rH�� query_service)r-��rH��r��rE��r2��r2��r3��queryService(�� zFirewallD.queryServicec��C��r��)Nzzone.getServices('%s'))r��r{��r��r8��r&��rH�� list_servicesr3��r2��r2��r3��getServices3��r��zFirewallD.getServicesc��C��r��)Nz!zone.ServiceAdded('%s', '%s', %d)r��)r-��rH��r��r��r2��r2��r3��r��?�� zFirewallD.ServiceAddedc��C��r<��)Nzzone.ServiceRemoved('%s', '%s')r��r��r2��r2��r3��r��E��r=��zFirewallD.ServiceRemovedc��C��sH��t��d\|\|\|f��\|�j\|�\|\|f=�\|�jj�\|\|\|��\|��\|\|\|��d�S�)Nz'zone.disableTimedPort('%s', '%s', '%s'))r��r8��r9��r&��rH��remove_port�PortRemoved�r-��rH��port�protocolr2��r2��r3��disableTimedPortN��s��zFirewallD.disableTimedPort�sssic��C��s��t�\|t�}t�\|t�}t�\|t�}t�\|t�}t�d\|\|\|f��\|��\|��\|�jj�\|\|\|\|\|�}\|dkrEt � \|\|�j\|\|\|�}\|��\|\|\|f\|��\|�� \|\|\|\|��\|S�)Nzzone.addPort('%s', '%s', '%s')r��)r��r{��r��r��r8��rG��r&��rH��add_portr��r��r��rK�� PortAdded�r-��rH��r��r��r��rE��r��rJ��r2��r2��r3��addPortV��s �� zFirewallD.addPort�sssc��C��sp��t�\|t�}t�\|t�}t�\|t�}t�d\|\|\|f��\|��\|��\|�jj�\|\|\|�}\|��\|\|\|f��\|�� \|\|\|��\|S�)Nz!zone.removePort('%s', '%s', '%s')) r��r{��r��r8��rG��r&��rH��r��rN��r��r-��rH��r��r��rE��r��r2��r2��r3�� removePortm��s�� zFirewallD.removePortc��C��D��t�\|t�}t�\|t�}t�\|t�}t�d\|\|\|f��\|�jj�\|\|\|�S�)Nz zone.queryPort('%s', '%s', '%s'))r��r{��r��r8��r&��rH�� query_port�r-��rH��r��r��rE��r2��r2��r3�� queryPort��s �� zFirewallD.queryPort�aasc��C��r��)Nzzone.getPorts('%s'))r��r{��r��r8��r&��rH�� list_portsr3��r2��r2��r3��getPorts��r��zFirewallD.getPortsr��c��C��t��d\|\|\|\|f��d�S�)Nz$zone.PortAdded('%s', '%s', '%s', %d)r��r-��rH��r��r��r��r2��r2��r3��r�� zFirewallD.PortAddedc��C��r��)Nz"zone.PortRemoved('%s', '%s', '%s')r��r��r2��r2��r3��r��r��zFirewallD.PortRemovedc��C��r��)Nz%zone.disableTimedProtocol('%s', '%s'))r��r8��r9��r&��rH��remove_protocol�ProtocolRemoved�r-��rH��r��r2��r2��r3��disableTimedProtocol��r��zFirewallD.disableTimedProtocolc��C��s��t�\|t�}t�\|t�}t�\|t�}t�d\|\|f��\|��\|��\|�jj�\|\|\|\|�}\|dkr;t � \|\|�j\|\|�}\|��\|\|\|��\|�� \|\|\|��\|S�)Nzzone.enableProtocol('%s', '%s')r��)r��r{��r��r��r8��rG��r&��rH��add_protocolr��r��r��rK�� ProtocolAdded)r-��rH��r��r��rE��r��rJ��r2��r2��r3��addProtocol��s�� zFirewallD.addProtocolc��C��r��)Nzzone.removeProtocol('%s', '%s')) r��r{��r��r8��rG��r&��rH��r��rN��r��)r-��rH��r��rE��r��r2��r2��r3��removeProtocol�� zFirewallD.removeProtocolc��C��r��)Nzzone.queryProtocol('%s', '%s'))r��r{��r��r8��r&��rH��query_protocol)r-��rH��r��rE��r2��r2��r3�� queryProtocol��r��zFirewallD.queryProtocolc��C��r��)Nzzone.getProtocols('%s'))r��r{��r��r8��r&��rH��list_protocolsr3��r2��r2��r3��getProtocols��r��zFirewallD.getProtocolsc��C��r��)Nz"zone.ProtocolAdded('%s', '%s', %d)r��)r-��rH��r��r��r2��r2��r3��r��r��zFirewallD.ProtocolAddedc��C��r<��)Nz zone.ProtocolRemoved('%s', '%s')r��r��r2��r2��r3��r��r=��zFirewallD.ProtocolRemovedc��C��sJ��t��d\|\|\|f��\|�j\|�d\|\|f=�\|�jj�\|\|\|��\|��\|\|\|��d�S�)Nz-zone.disableTimedSourcePort('%s', '%s', '%s')�sport)r��r8��r9��r&��rH��remove_source_port�SourcePortRemovedr��r2��r2��r3��disableTimedSourcePort��s��z FirewallD.disableTimedSourcePortc��C��s��t�\|t�}t�\|t�}t�\|t�}t�\|t�}t�d\|\|\|f��\|��\|��\|�jj�\|\|\|\|\|�}\|dkrFt � \|\|�j\|\|\|�}\|��\|d\|\|f\|��\|�� \|\|\|\|��\|S�)Nz$zone.addSourcePort('%s', '%s', '%s')r��r��)r��r{��r��r��r8��rG��r&��rH��add_source_portr��r��r��rK��SourcePortAddedr��r2��r2��r3�� addSourcePort��s$�� zFirewallD.addSourcePortc��C��sr��t�\|t�}t�\|t�}t�\|t�}t�d\|\|\|f��\|��\|��\|�jj�\|\|\|�}\|��\|d\|\|f��\|�� \|\|\|��\|S�)Nz'zone.removeSourcePort('%s', '%s', '%s')r��) r��r{��r��r8��rG��r&��rH��r��rN��r��r��r2��r2��r3��removeSourcePort��s�� zFirewallD.removeSourcePortc��C��r��)Nz&zone.querySourcePort('%s', '%s', '%s'))r��r{��r��r8��r&��rH��query_source_portr��r2��r2��r3��querySourcePort+��s�� zFirewallD.querySourcePortc��C��r��)Nzzone.getSourcePorts('%s'))r��r{��r��r8��r&��rH��list_source_portsr3��r2��r2��r3��getSourcePorts8��r��zFirewallD.getSourcePortsc��C��r��)Nzzone.SourcePortAdded('%s', '%s', '%s', %d)r��r��r2��r2��r3��r��D��r��zFirewallD.SourcePortAddedc��C��r��)Nz(zone.SourcePortRemoved('%s', '%s', '%s')r��r��r2��r2��r3��r��J��s�� zFirewallD.SourcePortRemovedc��C��s(��\|�j�\|�d=�\|�jj�\|��\|��\|��d�S�)N� masquerade)r9��r&��rH��remove_masquerade�MasqueradeRemovedrf��r2��r2��r3��disableTimedMasqueradeT��s��z FirewallD.disableTimedMasquerade�sic��C��st��t�\|t�}t�\|t�}t�d\|��\|��\|��\|�jj�\|\|\|�}\|dkr2t � \|\|�j\|�}\|��\|d\|��\|�� \|\|��\|S�)Nzzone.addMasquerade('%s')r��r��)r��r{��r��r��r8��rG��r&��rH��add_masquerader��r��r��rK��MasqueradeAdded)r-��rH��r��rE��r��rJ��r2��r2��r3�� addMasqueradeZ��s�� zFirewallD.addMasqueradec��C��sJ��t�\|t�}t�d\|��\|��\|��\|�jj�\|�}\|��\|d��\|�� \|��\|S�)Nzzone.removeMasquerade('%s')r��) r��r{��r��r8��rG��r&��rH��r��rN��r��r-��rH��rE��r��r2��r2��r3��removeMasqueraden��s�� zFirewallD.removeMasqueradec��C��r��)Nzzone.queryMasquerade('%s'))r��r{��r��r8��r&��rH��query_masquerader3��r2��r2��r3��queryMasquerade}��r_��zFirewallD.queryMasqueradec��C��r<��)Nzzone.MasqueradeAdded('%s', %d)r��)r-��rH��r��r2��r2��r3��r��r=��zFirewallD.MasqueradeAddedc��C��r��)Nzzone.MasqueradeRemoved('%s')r��rf��r2��r2��r3��r��r��zFirewallD.MasqueradeRemovedc��C��s@��\|�j�\|�\|\|\|\|f=�\|�jj�\|\|\|\|\|��\|��\|\|\|\|\|��d�S�r4��)r9��r&��rH��remove_forward_port�ForwardPortRemoved�r-��rH��r��r��toport�toaddrr2��r2��r3��disable_forward_port��s��zFirewallD.disable_forward_port�sssssic�� C��s��t�\|t�}t�\|t�}t�\|t�}t�\|t�}t�\|t�}t�\|t�}t�d\|\|\|\|\|f��\|��\|��\|�jj�\|\|\|\|\|\|\|�}\|dkrWt � \|\|�j\|\|\|\|\|�} \|��\|\|\|\|\|f\| ��\|�� \|\|\|\|\|\|��\|S�)Nz1zone.addForwardPort('%s', '%s', '%s', '%s', '%s')r��)r��r{��r��r��r8��rG��r&��rH��add_forward_portr��r��r ��rK��ForwardPortAdded) r-��rH��r��r��r��r ��r��rE��r��rJ��r2��r2��r3��addForwardPort��s,�� zFirewallD.addForwardPort�sssssc��C��s��t�\|t�}t�\|t�}t�\|t�}t�\|t�}t�\|t�}t�d\|\|\|\|\|f��\|��\|��\|�jj�\|\|\|\|\|�}\|��\|\|\|\|\|f��\|�� \|\|\|\|\|��\|S�)Nz4zone.removeForwardPort('%s', '%s', '%s', '%s', '%s')) r��r{��r��r8��rG��r&��rH��r��rN��r��)r-��rH��r��r��r��r ��rE��r��r2��r2��r3��removeForwardPort��s�� zFirewallD.removeForwardPortc��C��s`��t�\|t�}t�\|t�}t�\|t�}t�\|t�}t�\|t�}t�d\|\|\|\|\|f��\|�jj�\|\|\|\|\|�S�)Nz3zone.queryForwardPort('%s', '%s', '%s', '%s', '%s'))r��r{��r��r8��r&��rH��query_forward_port)r-��rH��r��r��r��r ��rE��r2��r2��r3��queryForwardPort��s�� zFirewallD.queryForwardPortc��C��r��)Nzzone.getForwardPorts('%s'))r��r{��r��r8��r&��rH��list_forward_portsr3��r2��r2��r3��getForwardPorts��r��zFirewallD.getForwardPortsc�� C��s��t��d\|\|\|\|\|\|f��d�S�)Nz7zone.ForwardPortAdded('%s', '%s', '%s', '%s', '%s', %d)r��)r-��rH��r��r��r��r ��r��r2��r2��r3��r ��s�� zFirewallD.ForwardPortAddedc��C��s��t��d\|\|\|\|\|f��d�S�)Nz5zone.ForwardPortRemoved('%s', '%s', '%s', '%s', '%s')r��r��r2��r2��r3��r��s�� zFirewallD.ForwardPortRemovedc��C��r��)Nz&zone.disableTimedIcmpBlock('%s', '%s'))r��r8��r9��r&��rH��remove_icmp_block�IcmpBlockRemoved�r-��rH��icmprE��r2��r2��r3��disableTimedIcmpBlock��r��zFirewallD.disableTimedIcmpBlockc��C��s��t�\|t�}t�\|t�}t�\|t�}t�d\|\|f��\|��\|��\|�jj�\|\|\|\|�}\|dkr<t � \|\|�j\|\|\|�}\|��\|\|\|��\|�� \|\|\|��\|S�)Nz zone.enableIcmpBlock('%s', '%s')r��)r��r{��r��r��r8��rG��r&��rH��add_icmp_blockr��r��r��rK��IcmpBlockAdded)r-��rH��r��r��rE��r��rJ��r2��r2��r3��addIcmpBlock��s�� zFirewallD.addIcmpBlockc��C��r��)Nz zone.removeIcmpBlock('%s', '%s')) r��r{��r��r8��rG��r&��rH��r��rN��r��)r-��rH��r��rE��r��r2��r2��r3��removeIcmpBlock��r��zFirewallD.removeIcmpBlockc��C��r��)Nzzone.queryIcmpBlock('%s', '%s'))r��r{��r��r8��r&��rH��query_icmp_blockr��r2��r2��r3��queryIcmpBlock(��r��zFirewallD.queryIcmpBlockc��C��r��)Nzzone.getIcmpBlocks('%s'))r��r{��r��r8��r&��rH��list_icmp_blocksr3��r2��r2��r3�� getIcmpBlocks3��r��zFirewallD.getIcmpBlocksc��C��r��)Nz#zone.IcmpBlockAdded('%s', '%s', %d)r��)r-��rH��r��r��r2��r2��r3��r��?��r��zFirewallD.IcmpBlockAddedc��C��r<��)Nz!zone.IcmpBlockRemoved('%s', '%s')r��)r-��rH��r��r2��r2��r3��r��E��r=��zFirewallD.IcmpBlockRemovedc��C��s@��t�\|t�}t�d\|��\|��\|��\|�jj�\|\|�}\|��\|��\|S�)Nz zone.addIcmpBlockInversion('%s')) r��r{��r��r8��rG��r&��rH��add_icmp_block_inversion�IcmpBlockInversionAddedr��r2��r2��r3��addIcmpBlockInversionN��s�� zFirewallD.addIcmpBlockInversionc��C��s>��t�\|t�}t�d\|��\|��\|��\|�jj�\|�}\|��\|��\|S�)Nz#zone.removeIcmpBlockInversion('%s')) r��r{��r��r8��rG��r&��rH��remove_icmp_block_inversion�IcmpBlockInversionRemovedr��r2��r2��r3��removeIcmpBlockInversion\��s�� z"FirewallD.removeIcmpBlockInversionc��C��r��)Nz"zone.queryIcmpBlockInversion('%s'))r��r{��r��r8��r&��rH��query_icmp_block_inversionr3��r2��r2��r3��queryIcmpBlockInversionj��r_��z!FirewallD.queryIcmpBlockInversionc��C��r��)Nz"zone.IcmpBlockInversionAdded('%s')r��rf��r2��r2��r3��r#��t��r��z!FirewallD.IcmpBlockInversionAddedc��C��r��)Nz$zone.IcmpBlockInversionRemoved('%s')r��rf��r2��r2��r3��r&��y��r��z#FirewallD.IcmpBlockInversionRemovedc��C��`��t�\|t�}t�\|t�}t�\|t�}t�d\|\|\|f��\|��\|��\|�jj�\|\|\|��\|��\|\|\|��d�S�)Nz!direct.addChain('%s', '%s', '%s')) r��r{��r��r8��rG��r&��r�� add_chain� ChainAdded�r-��ipv�table�chainrE��r2��r2��r3��addChain�� zFirewallD.addChainc��C��r��)Nz$direct.removeChain('%s', '%s', '%s')) r��r{��r��r8��rG��r&��r��remove_chain�ChainRemovedr-��r2��r2��r3��removeChain��r2��zFirewallD.removeChainc��C��r��)Nz#direct.queryChain('%s', '%s', '%s'))r��r{��r��r8��r&��r��query_chainr-��r2��r2��r3�� queryChain�� zFirewallD.queryChainc��C��r��)Nzdirect.getChains('%s', '%s'))r��r{��r��r8��r&��r�� get_chains)r-��r.��r/��rE��r2��r2��r3�� getChains��s�� zFirewallD.getChainsza(sss)c��C��r��)Nzdirect.getAllChains())r��r8��r&��r��r��r��r2��r2��r3��getAllChains��ro��zFirewallD.getAllChainsc��C��r��)Nz#direct.ChainAdded('%s', '%s', '%s')r��r-��r.��r/��r0��r2��r2��r3��r,��s��zFirewallD.ChainAddedc��C��r��)Nz%direct.ChainRemoved('%s', '%s', '%s')r��r<��r2��r2��r3��r4��s�� zFirewallD.ChainRemoved�sssiasc�� C��t�\|t�}t�\|t�}t�\|t�}t�\|t�}tdd��\|D��}t�d\|\|\|\|d�\|�f��\|��\|��\|�jj � \|\|\|\|\|��\|��\|\|\|\|\|��d�S�)Nc��s��\|�]}t�\|t�V��qd�S�r4��r��r{��.0r��r2��r2��r3�� <genexpr>��z$FirewallD.addRule.<locals>.<genexpr>zdirect.addRule('%s', '%s', '%s', %d, '%s')�',')r��r{��r��rK��r��r8��joinrG��r&��r��r�� RuleAdded�r-��r.��r/��r0��priorityr.��rE��r2��r2��r3��addRule�� zFirewallD.addRulec�� C��r>��)Nc��s��r?��r4��r@��rA��r2��r2��r3��rC��rD��z'FirewallD.removeRule.<locals>.<genexpr>z-direct.removeRule('%s', '%s', '%s', %d, '%s')rE��)r��r{��r��rK��r��r8��rF��rG��r&��r��r��RuleRemovedrH��r2��r2��r3�� removeRule��rK��zFirewallD.removeRulec��C��s��t�\|t�}t�\|t�}t�\|t�}t�d\|\|\|f��\|��\|��\|�jj�\|\|\|�D�]\}}\|�jj�\|\|\|\|\|��\|�� \|\|\|\|\|��q'd�S�)Nz$direct.removeRules('%s', '%s', '%s')) r��r{��r��r8��rG��r&��r�� get_rulesr��rL��)r-��r.��r/��r0��rE��rI��r.��r2��r2��r3��removeRules��s�� zFirewallD.removeRulesc�� C��sn��t�\|t�}t�\|t�}t�\|t�}t�\|t�}tdd��\|D��}t�d\|\|\|\|d�\|�f��\|�jj� \|\|\|\|\|�S�)Nc��s��r?��r4��r@��rA��r2��r2��r3��rC�� rD��z&FirewallD.queryRule.<locals>.<genexpr>z,direct.queryRule('%s', '%s', '%s', %d, '%s')rE��) r��r{��r��rK��r��r8��rF��r&��r��r��rH��r2��r2��r3�� queryRule ��s�� zFirewallD.queryRuleza(ias)c��C��r��)Nz!direct.getRules('%s', '%s', '%s'))r��r{��r��r8��r&��r��rN��r-��r2��r2��r3��getRules ��r8��zFirewallD.getRulesz a(sssias)c��C��r��)Nzdirect.getAllRules())r��r8��r&��r��r��r��r2��r2��r3��getAllRules' ��ro��zFirewallD.getAllRulesc�� C��"��t��d\|\|\|\|d�\|�f��d�S�)Nz,direct.RuleAdded('%s', '%s', '%s', %d, '%s')rE��r��r8��rF��r-��r.��r/��r0��rI��r.��r2��r2��r3��rG��1 �� zFirewallD.RuleAddedc�� C��rS��)Nz.direct.RuleRemoved('%s', '%s', '%s', %d, '%s')rE��rT��rU��r2��r2��r3��rL��8 ��rV��zFirewallD.RuleRemovedr`��c�� C��s��t�\|t�}tdd��\|D��}t�d\|d�\|�f��\|��\|��z \|�jj� \|\|�W�S��t yc�}�z/\|dv�r;tg�d��}ntddg�}t\|�}\|jt jkr^tt\|�\|@��d krZt�\|��t\|��d�}~ww�) Nc��s��r?��r4��r@��rA��r2��r2��r3��rC��K ��rD��z(FirewallD.passthrough.<locals>.<genexpr>zdirect.passthrough('%s', '%s')rE��)rU��rY��)z-Cz--check�-L�--listrW��rX��r��)r��r{��rK��r��r8��rF��rG��r&��r��passthroughr"��set�coder!��COMMAND_FAILEDrt��r��r ��)r-��r.��r.��rE��rA�� query_args�msgr2��r2��r3��rY��C ��s$�� zFirewallD.passthroughc��C��\��t�\|�}tdd��\|D��}t�d\|d�\|�f��\|��\|��\|�jj�\|\|��\|�� \|\|��d�S�)Nc��s��\|�]}t�\|�V��qd�S�r4��r��rA��r2��r2��r3��rC��g ��z+FirewallD.addPassthrough.<locals>.<genexpr>z!direct.addPassthrough('%s', '%s')rE��) r��rK��r��r8��rF��rG��r&��r��add_passthrough�PassthroughAdded�r-��r.��r.��rE��r2��r2��r3��addPassthrough_ �� zFirewallD.addPassthroughc��C��r_��)Nc��s��r`��r4��ra��rA��r2��r2��r3��rC��v ��rb��z.FirewallD.removePassthrough.<locals>.<genexpr>z$direct.removePassthrough('%s', '%s')rE��) r��rK��r��r8��rF��rG��r&��r��remove_passthrough�PassthroughRemovedre��r2��r2��r3��removePassthroughn ��rg��zFirewallD.removePassthroughc��C��sB��t�\|�}tdd��\|D��}t�d\|d�\|�f��\|�jj�\|\|�S�)Nc��s��r`��r4��ra��rA��r2��r2��r3��rC�� rb��z-FirewallD.queryPassthrough.<locals>.<genexpr>z#direct.queryPassthrough('%s', '%s')rE��)r��rK��r��r8��rF��r&��r��query_passthroughre��r2��r2��r3��queryPassthrough} ��s��zFirewallD.queryPassthroughza(sas)c��C��r��)Nzdirect.getAllPassthroughs())r��r8��r&��r��r��r��r2��r2��r3��getAllPassthroughs� ��ro��zFirewallD.getAllPassthroughsc��C��s��t��d��t\|��D�]}\|�j\|��qd�S�)Nzdirect.removeAllPassthroughs())r��r8��reversedrm��rj��)r-��rE��rY��r2��r2��r3��removeAllPassthroughs� ��s�� zFirewallD.removeAllPassthroughsc��C��s"��t�\|�}t�d\|��\|�jj�\|�S�)Nzdirect.getPassthroughs('%s'))r��r��r8��r&��r��get_passthroughs)r-��r.��rE��r2��r2��r3��getPassthroughs� ��s��zFirewallD.getPassthroughsc��C��t��d\|d�\|�f��d�S�)Nz#direct.PassthroughAdded('%s', '%s')rE��rT��r-��r.��r.��r2��r2��r3��rd�� zFirewallD.PassthroughAddedc��C��rr��)Nz%direct.PassthroughRemoved('%s', '%s')rE��rT��rs��r2��r2��r3��ri�� rt��zFirewallD.PassthroughRemovedc��C��r}��)z� PK_ACTION_ALL implies all other actions, i.e. once a subject is authorized for PK_ACTION_ALL it's also authorized for any other action. Use-case is GUI (RHBZ#994729). Nr2��r��r2��r2��r3��authorizeAll� ��s�� zFirewallD.authorizeAllc��C��$��t�\|�}t�d\|��\|�jj�\|�S�)Nzipset.queryIPSet('%s'))r��r��r8��r&��r��query_ipset�r-��r��rE��r2��r2��r3�� queryIPSet� ��zFirewallD.queryIPSetc��C��r��)Nzipsets.getIPSets())r��r8��r&��r��r��r��r2��r2��r3�� getIPSets� �� zFirewallD.getIPSetsc��C��rQ��)NzgetIPSetSettings(%s))r��r{��r��r8��r&��r�� get_ipsetr��rx��r2��r2��r3��r�� rS��zFirewallD.getIPSetSettingsc��C��L��t�\|�}t�\|�}t�d\|\|f��\|��\|��\|�jj�\|\|��\|��\|\|��d�S�)Nzipset.addEntry('%s', '%s'))r��r��r8��rG��r&��r�� add_entry� EntryAdded�r-��r��entryrE��r2��r2��r3��addEntry� �� zFirewallD.addEntryc��C��r~��)Nzipset.removeEntry('%s', '%s'))r��r��r8��rG��r&��r��remove_entry�EntryRemovedr��r2��r2��r3��removeEntry� ��r��zFirewallD.removeEntryc��C��s2��t�\|�}t�\|�}t�d\|\|f��\|�jj�\|\|�S�)Nzipset.queryEntry('%s', '%s'))r��r��r8��r&��r��query_entryr��r2��r2��r3�� queryEntry ��s��zFirewallD.queryEntryc��C��rv��)Nzipset.getEntries('%s'))r��r��r8��r&��r��get_entriesrx��r2��r2��r3�� getEntries ��rz��zFirewallD.getEntriesc��C��s��t�\|�}t�\|t�}t�d\|d�\|��\|�jj�\|�}\|�jj�\|\|��t \|�}t \|�}\|\|�D�]}\|�� \|\|��q.\|\|�D�]}\|��\|\|��q;d�S�)Nzipset.setEntries('%s', '[%s]')�,)r��listr��r8��rF��r&��r��r��set_entriesrZ��r��r��)r-��r��entriesrE��old_entries�old_entries_set�entries_setr��r2��r2��r3�� setEntries ��s�� zFirewallD.setEntriesc��C��&��t�\|�}t�\|�}t�d\|\|f��d�S�)Nzipset.EntryAdded('%s', '%s')�r��r��r8��r-��r��r��r2��r2��r3��r��) ��zFirewallD.EntryAddedc��C��r��)Nzipset.EntryRemoved('%s', '%s')r��r��r2��r2��r3��r��0 ��r��zFirewallD.EntryRemovedc��C��r��)Nzhelpers.getHelpers())r��r8��r&��r��r��r��r2��r2��r3�� getHelpers; ��r\|��zFirewallD.getHelpersc��C��rQ��)NzgetHelperSettings(%s))r��r{��r��r8��r&��r�� get_helperr��)r-��r��rE��r2��r2��r3��r��D ��rS��zFirewallD.getHelperSettingsr4��)r��)��__name__� __module__�__qualname__�__doc__� persistentr��r��PK_ACTION_CONFIG�default_polkit_auth_requiredr ��r%��r7��r)��r5��r��rG��rK��rN��rP��ru��r��PROPERTIES_IFACEr��r��r��r��r��signalr��PK_ACTION_INFO�INTROSPECTABLE_IFACEr��r+��r��r��r��r��r��PK_ACTION_POLICIESr~��r��r��PK_ACTION_POLICIES_INFOr��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r!��r#��r%��r��r ��r��r-��r/��r)��r,��PK_ACTION_CONFIG_INFOr4��r\|��r��r:��r9��DBUS_INTERFACE_POLICYr��r?��r>��r@��r��rO��rP��r��DBUS_SIGNATUREr��rU��rZ��rW��r]��r^��r`��rb��re��rd��rg��rm��rn��rv��ry��r\|��r~��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r ��r��r��r��r��r ��r��r��r��r��r��r!��r��r��r$��r'��r)��r#��r&��PK_ACTION_DIRECTr��r}��r1��r5��PK_ACTION_DIRECT_INFOr7��r:��r;��r��r,��r4��rJ��rM��rO��rP��rQ��rR��rG��rL��rY��rf��rj��rl��rm��ro��rq��rd��ri�� PK_ACTION_ALLru��r��ry��r{��r��r��r��r��r��r��r��r��r��r��r��r�� __classcell__r2��r2��r0��r3��r��?��s�� /�� " � � � �� G � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �� )6�__all__� gi.repositoryr��rH��r��dbus.service�firewallr��firewall.core.fwr��firewall.core.richr��firewall.core.loggerr��firewall.clientr��firewall.server.dbusr ��r ��firewall.server.decoratorsr��r��r ��r��r��r��firewall.server.configr��firewall.dbus_utilsr��r��r��r��r��r��r��r��firewall.core.io.functionsr��firewall.core.io.ipsetr��firewall.core.io.icmptyper��firewall.core.io.helperr��firewall.core.fw_nmr��r��firewall.core.fw_ifcfgr ��r!��firewall.errorsr"��r��r2��r2��r2��r3��<module>��s.�� (PK��,(�Z�(�u'��u'��+��__pycache__/config_icmptype.cpython-310.pycnu��[��o ��bhAb�9��@��s��d�dl�Z�d�dlZ�d�dlmZ�d�dlmZmZmZ�d�dlm Z �d�dl mZ�d�dlm Z �d�dlmZmZmZmZ�d�dlmZ�d�d lmZ�G�d d��de �ZdS�)��N)�config)�dbus_to_python�%dbus_introspection_prepare_properties�!dbus_introspection_add_properties)�IcmpType)�log)�DbusServiceObject)�handle_exceptions�dbus_handle_exceptions�dbus_service_method�dbus_polkit_require_auth)�errors)� FirewallErrorc��s@��e�Zd�ZdZdZ �ejjZ �e ��fdd��Z edd��Zedd��Z ed d ��Zeejddd �edHdd��Zeejddd �edHdd��Zeejj�eejdd�edHdd��Zejjejdd�dd��Zeejj�eejdd�edH��fdd� ��Zeejjejd�edHd d!��Zeejjejd�edHd"d#��Zeejj�edHd$d%��Z ejjejjdd�ed&d'��Z!eejj�edHd(d)��Z"ejjejjdd�edd+��Z#eejjdd�edHd,d-��Z$ejjejjdd�ed.d/��Z%eejjdd�edHd0d1��Z&eejjdd�edHd2d3��Z'eejjdd�edHd4d5��Z(eejjdd�edHd6d7��Z)eejjdd�edHd8d9��Zeejjdd�edHd:d;��Z+eejjd<d�edHd=d>��Z,eejjd<d�edHd?d@��Z-eejjdd�edHdAdB��Z.eejjdd�edHdCdD��Z/eejjddEd �edHdFdG��Z0��Z1S�)I�FirewallDConfigIcmpTypezFirewallD main classTc��s`��t�t\|��j\|i�\|��\|\|�_\|\|�_\|\|�_\|\|�_\|d�\|�_\|d�\|�_d\|�j�\|�_ t \|�tjj��d�S�)Nr��zconfig.icmptype.%d) �superr��__init__�parentr��obj�item_id�busname�path�_log_prefixr��dbus�DBUS_INTERFACE_CONFIG_ICMPTYPE)�selfr��conf�icmptyper��args�kwargs�� __class__��A/usr/lib/python3/dist-packages/firewall/server/config_icmptype.pyr��3��s�� z FirewallDConfigIcmpType.__init__c��C��s��d�S��Nr"��r��r"��r"��r#��__del__@��s��zFirewallDConfigIcmpType.__del__c��C��s��\|��d�S�r$��)�remove_from_connectionr%��r"��r"��r#�� unregisterD��s��z"FirewallDConfigIcmpType.unregisterc��C��s~��\|dkrt��\|�jj�S�\|dkrt��\|�jj�S�\|dkr!t��\|�jj�S�\|dkr,t��\|�jj�S�\|dkr7t��\|�jj�S�t�j � d\|��)N�name�filenamer��default�builtinzDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist)r��Stringr��r)��r��r��Booleanr+��r,�� exceptions� DBusException)r�� property_namer"��r"��r#�� _get_propertyL��s��z%FirewallDConfigIcmpType._get_property�ss�v)�in_signature� out_signatureNc��C��sL��t�\|t�}t�\|t�}t�d\|�j\|\|��\|tjjkr!tj� d\|��\|�� \|�S�)Nz%s.Get('%s', '%s')�Jorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r��strr��debug1r��r��r��r��r/��r0��r2��)r��interface_namer1��senderr"��r"��r#��Get]��s�� zFirewallDConfigIcmpType.Get�sza{sv}c��C��s`��t�\|t�}t�d\|�j\|��\|tjjkrtj� d\|��i�}dD�] }\|�� \|�\|\|<�qtj\|dd�S�)Nz%s.GetAll('%s')r7��)r)��r��r��r+��r,��sv�� signature)r��r8��r��r9��r��r��r��r��r/��r0��r2�� Dictionary)r��r:��r;��ret�xr"��r"��r#��GetAlln��s�� zFirewallDConfigIcmpType.GetAll�ssv)r5��c��C��sh��t�\|t�}t�\|t�}t�\|�}t�d\|�j\|\|\|��\|�j�\|��\|tjj kr,tj �d\|��tj �d\|��)Nz%s.Set('%s', '%s', '%s')r7��zGorg.freedesktop.DBus.Error.PropertyReadOnly: Property '%s' is read-only)r��r8��r��r9��r��r��accessCheckr��r��r��r/��r0��)r��r:��r1�� new_valuer;��r"��r"��r#��Set��s$�� zFirewallDConfigIcmpType.Setzsa{sv}asr?��c��C��s2��t�\|t�}t�\|�}t�\|�}t�d\|�j\|\|\|��d�S�)Nz&%s.PropertiesChanged('%s', '%s', '%s'))r��r8��r��r9��r��)r��r:��changed_properties�invalidated_propertiesr"��r"��r#��PropertiesChanged��s�� z)FirewallDConfigIcmpType.PropertiesChanged)r6��c��s8��t��d\|�j��tt\|��\|�j\|�j��}t \|�\|t jj�S�)Nz%s.Introspect()) r��debug2r��r��r�� Introspectr��r��get_busr��r��r��r��)r��r;��datar ��r"��r#��rM��s�� z"FirewallDConfigIcmpType.Introspectc��C��s��t��d\|�j��\|�j�\|�j�S�)z"get settings for icmptype z%s.getSettings())r��r9��r��r��get_icmptype_configr��r��r;��r"��r"��r#��getSettings��s��z#FirewallDConfigIcmpType.getSettingsc��C��sF��t�\|�}t�d\|�j��\|�j�\|��\|�j�\|�j\|�\|�_\|�� \|�jj ��dS�)z%update settings for icmptype z%s.update('...')N)r��r��r9��r��r��rF��r��set_icmptype_configr��Updatedr)��)r��settingsr;��r"��r"��r#��update��s ��zFirewallDConfigIcmpType.updatec��C��s<��t��d\|�j��\|�j�\|��\|�j�\|�j�\|�_\|��\|�jj ��dS�)z3load default settings for builtin icmptype z%s.loadDefaults()N) r��r9��r��r��rF��r��load_icmptype_defaultsr��rT��r)��rQ��r"��r"��r#��loadDefaults��s��z$FirewallDConfigIcmpType.loadDefaultsc��C��t��d\|�j\|f��d�S�)Nz%s.Updated('%s')�r��r9��r��r��r)��r"��r"��r#��rT��zFirewallDConfigIcmpType.Updatedc��C��s:��t��d\|�j��\|�j�\|��\|�j�\|�j��\|�j�\|�j��dS�)zremove icmptype z%s.removeIcmpType()N) r��r9��r��r��rF��r��remove_icmptyper��removeIcmpTyperQ��r"��r"��r#��remove��s��zFirewallDConfigIcmpType.removec��C��rY��)Nz%s.Removed('%s')rZ��r[��r"��r"��r#��Removed��r\��zFirewallDConfigIcmpType.Removedc��C��sF��t�\|t�}t�d\|�j\|��\|�j�\|��\|�j�\|�j \|�\|�_ \|�� \|��dS�)zrename icmptype z%s.rename('%s')N)r��r8��r��r9��r��r��rF��r��rename_icmptyper��Renamed)r��r)��r;��r"��r"��r#��rename��s �� zFirewallDConfigIcmpType.renamec��C��rY��)Nz%s.Renamed('%s')rZ��r[��r"��r"��r#��rb��r\��zFirewallDConfigIcmpType.Renamedc��C��t��d\|�j��\|��d�S�)Nz%s.getVersion()r��r��r9��r��rR��rQ��r"��r"��r#�� getVersion��z"FirewallDConfigIcmpType.getVersionc��C��H��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d<�\|�� \|��d�S�)Nz%s.setVersion('%s')r�� r��r8��r��r9��r��r��rF��listrR��rV��)r��versionr;��rU��r"��r"��r#�� setVersion�� z"FirewallDConfigIcmpType.setVersionc��C��rd��)Nz %s.getShort()r��re��rQ��r"��r"��r#��getShort��rg��z FirewallDConfigIcmpType.getShortc��C��rh��)Nz%s.setShort('%s')r��ri��)r��shortr;��rU��r"��r"��r#��setShort��rm��z FirewallDConfigIcmpType.setShortc��C��rd��)Nz%s.getDescription()��re��rQ��r"��r"��r#��getDescription��rg��z&FirewallDConfigIcmpType.getDescriptionc��C��rh��)Nz%s.setDescription('%s')rq��ri��)r��descriptionr;��rU��r"��r"��r#��setDescription&��s�� z&FirewallDConfigIcmpType.setDescription�asc��C��s��t��d\|�j��t\|��d��S�)Nz%s.getDestinations()��)r��r9��r��sortedrR��rQ��r"��r"��r#��getDestinations4��s��z'FirewallDConfigIcmpType.getDestinationsc��C��sN��t�\|t�}t�d\|�jd�\|��\|�j�\|��t\|��}\|\|d<�\|�� \|��d�S�)Nz%s.setDestinations('[%s]')�,rv��) r��rj��r��r9��r��joinr��rF��rR��rV��)r��destinationsr;��rU��r"��r"��r#��setDestinations;��s�� z'FirewallDConfigIcmpType.setDestinationsc��C��sf��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d�v�r%t t j\|��\|d��\|��\|�� \|��d�S�)Nz%s.addDestination('%s')rv��)r��r8��r��r9��r��r��rF��rj��rR��r��r ��ALREADY_ENABLED�appendrV��r��destinationr;��rU��r"��r"��r#��addDestinationG��s�� z&FirewallDConfigIcmpType.addDestinationc��C��s��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|d�r1\|\|d�vr)t t j\|��\|d��\|��ntt ddg�t \|g��\|d<�\|��\|��d�S�)Nz%s.removeDestination('%s')rv��ipv4�ipv6)r��r8��r��r9��r��r��rF��rj��rR��r��r ��NOT_ENABLEDr_��setrV��r��r"��r"��r#��removeDestinationU��s�� z)FirewallDConfigIcmpType.removeDestination�bc��C��s8��t�\|t�}t�d\|�j\|��\|��}\|d��p\|\|d�v�S�)Nz%s.queryDestination('%s')rv��)r��r8��r��r9��r��rR��r��r"��r"��r#��queryDestinationh��s�� z(FirewallDConfigIcmpType.queryDestinationr$��)2�__name__� __module__�__qualname__�__doc__� persistentr��r��PK_ACTION_CONFIG�default_polkit_auth_requiredr ��r��r ��r&��r(��r2��r��PROPERTIES_IFACEr<��rD��r��rH��service�signalrK��PK_ACTION_INFO�INTROSPECTABLE_IFACErM��r��r��DBUS_SIGNATURErR��rV��rX��rT��r_��r`��rc��rb��rf��rl��rn��rp��rr��rt��rx��r\|��r��r��r�� __classcell__r"��r"��r ��r#��r��+��s�� r��)r��dbus.service�firewallr��firewall.dbus_utilsr��r��r��firewall.core.io.icmptyper��firewall.core.loggerr��firewall.server.dbusr��firewall.server.decoratorsr ��r ��r��r��r ��firewall.errorsr��r��r"��r"��r"��r#��<module>��s��PK��,(�Z�H��-��-��)��__pycache__/config_helper.cpython-310.pycnu��[��o ��bhAbD��@��s��d�dl�Z�d�dlZ�d�dlmZ�d�dlmZmZmZ�d�dlm Z �d�dl mZ�d�dlm Z �d�dlmZmZmZmZ�d�dlmZ�d�d lmZ�G�d d��de �ZdS�)��N)�config)�dbus_to_python�%dbus_introspection_prepare_properties�!dbus_introspection_add_properties)�Helper)�log)�DbusServiceObject)�handle_exceptions�dbus_handle_exceptions�dbus_service_method�dbus_polkit_require_auth)�errors)� FirewallErrorc��s��e�Zd�ZdZdZ �ejjZ �e ��fdd��Z edd��Zedd��Z ed d ��Zeejddd �edTdd��Zeejddd �edTdd��Zeejj�eejdd�edTdd��Zejjejdd�dd��Zeejj�eejdd�edT��fdd� ��Zeejjejd�edTd d!��Zeejjejd�edTd"d#��Zeejj�edTd$d%��Z ejjejjdd�ed&d'��Z!eejj�edTd(d)��Z"ejjejjdd�edd+��Z#eejjdd�edTd,d-��Z$ejjejjdd�ed.d/��Z%eejjdd�edTd0d1��Z&eejjdd�edTd2d3��Z'eejjdd�edTd4d5��Z(eejjdd�edTd6d7��Z)eejjdd�edTd8d9��Zeejjdd�edTd:d;��Z+eejjdd�edTd<d=��Z,eejjdd�edTd>d?��Z-eejjdd@d �edTdAdB��Z.eejjdd�edTdCdD��Z/eejjdd�edTdEdF��Z0eejjdd@d �edTdGdH��Z1eejjdId�edTdJdK��Z2eejjdId�edTdLdM��Z3eejjdd�edTdNdO��Z4eejjdd�edTdPdQ��Z5eejjdd@d �edTdRdS��Z6��Z7S�)U�FirewallDConfigHelperzFirewallD main classTc��s`��t�t\|��j\|i�\|��\|\|�_\|\|�_\|\|�_\|\|�_\|d�\|�_\|d�\|�_d\|�j�\|�_ t \|�tjj��d�S�)Nr��zconfig.helper.%d) �superr��__init__�parentr��obj�item_id�busname�path�_log_prefixr��dbus�DBUS_INTERFACE_CONFIG_HELPER)�selfr��conf�helperr��args�kwargs�� __class__��?/usr/lib/python3/dist-packages/firewall/server/config_helper.pyr��3��s�� zFirewallDConfigHelper.__init__c��C��s��d�S��Nr"��r��r"��r"��r#��__del__@��s��zFirewallDConfigHelper.__del__c��C��s��\|��d�S�r$��)�remove_from_connectionr%��r"��r"��r#�� unregisterD��s��z FirewallDConfigHelper.unregisterc��C��s~��\|dkrt��\|�jj�S�\|dkrt��\|�jj�S�\|dkr!t��\|�jj�S�\|dkr,t��\|�jj�S�\|dkr7t��\|�jj�S�t�j � d\|��)N�name�filenamer��default�builtinzDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist)r��Stringr��r)��r��r��Booleanr+��r,�� exceptions� DBusException)r�� property_namer"��r"��r#�� _get_propertyL��s��z#FirewallDConfigHelper._get_property�ss�v)�in_signature� out_signatureNc��C��sL��t�\|t�}t�\|t�}t�d\|�j\|\|��\|tjjkr!tj� d\|��\|�� \|�S�)Nz%s.Get('%s', '%s')�Jorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r��strr��debug1r��r��r��r��r/��r0��r2��)r��interface_namer1��senderr"��r"��r#��Get]��s�� zFirewallDConfigHelper.Get�sza{sv}c��C��s`��t�\|t�}t�d\|�j\|��\|tjjkrtj� d\|��i�}dD�] }\|�� \|�\|\|<�qtj\|dd�S�)Nz%s.GetAll('%s')r7��)r)��r��r��r+��r,��sv�� signature)r��r8��r��r9��r��r��r��r��r/��r0��r2�� Dictionary)r��r:��r;��ret�xr"��r"��r#��GetAlln��s�� zFirewallDConfigHelper.GetAll�ssv)r5��c��C��sh��t�\|t�}t�\|t�}t�\|�}t�d\|�j\|\|\|��\|�j�\|��\|tjj kr,tj �d\|��tj �d\|��)Nz%s.Set('%s', '%s', '%s')r7��zGorg.freedesktop.DBus.Error.PropertyReadOnly: Property '%s' is read-only)r��r8��r��r9��r��r��accessCheckr��r��r��r/��r0��)r��r:��r1�� new_valuer;��r"��r"��r#��Set��s$�� zFirewallDConfigHelper.Setzsa{sv}asr?��c��C��s2��t�\|t�}t�\|�}t�\|�}t�d\|�j\|\|\|��d�S�)Nz&%s.PropertiesChanged('%s', '%s', '%s'))r��r8��r��r9��r��)r��r:��changed_properties�invalidated_propertiesr"��r"��r#��PropertiesChanged��s�� z'FirewallDConfigHelper.PropertiesChanged)r6��c��s8��t��d\|�j��tt\|��\|�j\|�j��}t \|�\|t jj�S�)Nz%s.Introspect()) r��debug2r��r��r�� Introspectr��r��get_busr��r��r��r��)r��r;��datar ��r"��r#��rM��s�� z FirewallDConfigHelper.Introspectc��C��s��t��d\|�j��\|�j�\|�j�S�)z get settings for helper z%s.getSettings())r��r9��r��r��get_helper_configr��r��r;��r"��r"��r#��getSettings��s��z!FirewallDConfigHelper.getSettingsc��C��sF��t�\|�}t�d\|�j��\|�j�\|��\|�j�\|�j\|�\|�_\|�� \|�jj ��dS�)z#update settings for helper z%s.update('...')N)r��r��r9��r��r��rF��r��set_helper_configr��Updatedr)��)r��settingsr;��r"��r"��r#��update��s ��zFirewallDConfigHelper.updatec��C��s<��t��d\|�j��\|�j�\|��\|�j�\|�j�\|�_\|��\|�jj ��dS�)z1load default settings for builtin helper z%s.loadDefaults()N) r��r9��r��r��rF��r��load_helper_defaultsr��rT��r)��rQ��r"��r"��r#��loadDefaults��s��z"FirewallDConfigHelper.loadDefaultsc��C��t��d\|�j\|f��d�S�)Nz%s.Updated('%s')�r��r9��r��r��r)��r"��r"��r#��rT��zFirewallDConfigHelper.Updatedc��C��s:��t��d\|�j��\|�j�\|��\|�j�\|�j��\|�j�\|�j��dS�)zremove helper z%s.removeHelper()N) r��r9��r��r��rF��r�� remove_helperr��removeHelperrQ��r"��r"��r#��remove��s��zFirewallDConfigHelper.removec��C��rY��)Nz%s.Removed('%s')rZ��r[��r"��r"��r#��Removed��r\��zFirewallDConfigHelper.Removedc��C��sF��t�\|t�}t�d\|�j\|��\|�j�\|��\|�j�\|�j \|�\|�_ \|�� \|��dS�)zrename helper z%s.rename('%s')N)r��r8��r��r9��r��r��rF��r�� rename_helperr��Renamed)r��r)��r;��r"��r"��r#��rename��s �� zFirewallDConfigHelper.renamec��C��rY��)Nz%s.Renamed('%s')rZ��r[��r"��r"��r#��rb��r\��zFirewallDConfigHelper.Renamedc��C��t��d\|�j��\|��d�S�)Nz%s.getVersion()r��r��r9��r��rR��rQ��r"��r"��r#�� getVersion��z FirewallDConfigHelper.getVersionc��C��H��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d<�\|�� \|��d�S�)Nz%s.setVersion('%s')r�� r��r8��r��r9��r��r��rF��listrR��rV��)r��versionr;��rU��r"��r"��r#�� setVersion�� z FirewallDConfigHelper.setVersionc��C��rd��)Nz %s.getShort()r��re��rQ��r"��r"��r#��getShort��rg��zFirewallDConfigHelper.getShortc��C��rh��)Nz%s.setShort('%s')r��ri��)r��shortr;��rU��r"��r"��r#��setShort��rm��zFirewallDConfigHelper.setShortc��C��rd��)Nz%s.getDescription()��re��rQ��r"��r"��r#��getDescription��rg��z$FirewallDConfigHelper.getDescriptionc��C��rh��)Nz%s.setDescription('%s')rq��ri��)r��descriptionr;��rU��r"��r"��r#��setDescription&��s�� z$FirewallDConfigHelper.setDescriptionc��C��.��t��d\|�j��\|�j�\|��t\|��}\|d�S�)Nz%s.getFamily()��r��r9��r��r��rF��rj��rR��r��r;��rU��r"��r"��r#�� getFamily4��zFirewallDConfigHelper.getFamilyc��C��d��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|d�\|kr't t jd\|��\|\|d<�\|��\|��d�S�)Nz%s.setFamily('%s')rv��'%s'� r��r8��r��r9��r��r��rF��rj��rR��r��r ��ALREADY_ENABLEDrV��r��ipvr;��rU��r"��r"��r#�� setFamily=�� zFirewallDConfigHelper.setFamily�bc��C��.��t�\|t�}t�d\|�j\|��\|��}\|d�\|kS�)Nz%s.queryFamily('%s')rv��r��r8��r��r9��r��rR��r��r"��r"��r#��queryFamilyJ�� z!FirewallDConfigHelper.queryFamilyc��C��ru��)Nz%s.getModule()��rw��rx��r"��r"��r#�� getModuleU��rz��zFirewallDConfigHelper.getModulec��C��r{��)Nz%s.setModule('%s')r��r\|��r}��r��moduler;��rU��r"��r"��r#�� setModule^��r��zFirewallDConfigHelper.setModulec��C��r��)Nz%s.queryModule('%s')r��r��r��r"��r"��r#��queryModulek��r��z!FirewallDConfigHelper.queryModuleza(ss)c��C��rd��)Nz %s.getPorts()��re��rQ��r"��r"��r#��getPortsv��rg��zFirewallDConfigHelper.getPortsc��C��s��g�}t�\|t�D�]}t\|t�r\|�t\|��q\|�\|��q\|}t�d\|�jd�dd��\|D��\|�j � \|��t\|��}\|\|d<�\|��\|��d�S�)Nz%s.setPorts('[%s]')�,c��s��s$��\|�] }d�\|d�\|d�f�V��qdS�)z('%s, '%s')r��r��Nr"��)�.0�portr"��r"��r#�� <genexpr>��s��"�z1FirewallDConfigHelper.setPorts.<locals>.<genexpr>r��) r��rj�� isinstance�append�tupler��r9��r��joinr��rF��rR��rV��)r��portsr;��_portsr��rU��r"��r"��r#��setPorts}��s�� zFirewallDConfigHelper.setPortsc��C��s��t�\|t�}t�\|t�}t�d\|�j\|\|��\|�j�\|��t\|��}\|\|f\|d�v�r1t t jd\|\|f��\|d��\|\|f��\|�� \|��d�S�)Nz%s.addPort('%s', '%s')r��%s:%s)r��r8��r��r9��r��r��rF��rj��rR��r��r ��r~��r��rV��r��r��protocolr;��rU��r"��r"��r#��addPort��s�� zFirewallDConfigHelper.addPortc��C��s��t�\|t�}t�\|t�}t�d\|�j\|\|��\|�j�\|��t\|��}\|\|f\|d�vr1t t jd\|\|f��\|d��\|\|f��\|�� \|��d�S�)Nz%s.removePort('%s', '%s')r��r��)r��r8��r��r9��r��r��rF��rj��rR��r��r ��NOT_ENABLEDr_��rV��r��r"��r"��r#�� removePort��s�� z FirewallDConfigHelper.removePortc��C��s:��t�\|t�}t�\|t�}t�d\|�j\|\|��\|\|f\|��d�v�S�)Nz%s.queryPort('%s', '%s')r��r��)r��r��r��r;��r"��r"��r#�� queryPort��s�� zFirewallDConfigHelper.queryPortr$��)8�__name__� __module__�__qualname__�__doc__� persistentr��r��PK_ACTION_CONFIG�default_polkit_auth_requiredr ��r��r ��r&��r(��r2��r��PROPERTIES_IFACEr<��rD��r��rH��service�signalrK��PK_ACTION_INFO�INTROSPECTABLE_IFACErM��r��r��DBUS_SIGNATURErR��rV��rX��rT��r_��r`��rc��rb��rf��rl��rn��rp��rr��rt��ry��r��r��r��r��r��r��r��r��r��r�� __classcell__r"��r"��r ��r#��r��+��s6�� r��)r��dbus.service�firewallr��firewall.dbus_utilsr��r��r��firewall.core.io.helperr��firewall.core.loggerr��firewall.server.dbusr��firewall.server.decoratorsr ��r ��r��r��r ��firewall.errorsr��r��r"��r"��r"��r#��<module>��s��PK��,(�Zھ�> �� "��__pycache__/server.cpython-310.pycnu��[��o ��bhAbY��@��st��d�gZ�ddlZddlmZ�ddlZddlZddlZddlmZ�ddl m Z �ddlmZ�dd��Z d d ��Zd dd��ZdS�)� run_server��N)�GLib)�config)�log)� FirewallDc��C��s��\|��dS�)NT)�reload)�service��r ��8/usr/lib/python3/dist-packages/firewall/server/server.py�sighup0��s��r��c��C��s��\|��d�S�)N)�quit)�mainloopr ��r ��r ��sigterm4��s��r��Fc�� sd��d}\|�r#ddl�m��ddl��j��d��fdd��zMtjjj dd��t� ��}tjjt jj\|d �}t\|t jj�}t��}\|�rMt��ttd �rVtj}ntj}\|tjtjt\|��\|tjtjt\|��\|��W�n7�ty~��t� d��Y�n�t!y��t�"d��Y�n�t#y��}�zt�"d \|j$j%t&\|��W�Y�d}~nd}~ww�\|r�\|�'��dS�dS�)zI Main function for firewall server. Handles D-Bus and GLib mainloop. Nr��)�pformat� ��c��sn��t��j�dkr/td��tdt��j��jD�]}�tt\|��d��t�\|��qtd��t��d�S�)Nr��zP >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> zGARBAGE OBJECTS (%d): z zP <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< )�collect�len�garbage�print�typer��timeout_add_seconds)�x��gc� gc_collect� gc_timeoutr��r ��r ��r��H��s�� zrun_server.<locals>.gc_collectT)�set_as_default)�bus�unix_signal_addz Stopping..z Raising SystemExit in run_serverzException %s: %s)(�pprintr��r��enable� set_debug� DEBUG_LEAK�dbusr ��glib� DBusGMainLoop� SystemBusr��BusNamer��DBUS_INTERFACEr�� DBUS_PATHr��MainLoopr��hasattrr��unix_signal_add_full� PRIORITY_HIGH�signal�SIGHUPr��SIGTERMr��run�KeyboardInterruptr��debug1� SystemExit�error� Exception� __class__�__name__�str�stop)�debug_gcr��r��namer ��r��er ��r��r ��r��=��sJ�� "��)F)�__all__r.�� gi.repositoryr��r#��dbus.service�dbus.mainloop.glib�firewallr��firewall.core.loggerr��firewall.server.firewalldr��r��r��r��r ��r ��r ��r ��<module>��s�� PK��,(�Z?X��$��__pycache__/__init__.cpython-310.pycnu��[��o ��bhAb��@��s��d�S�)N��r��r��r��:/usr/lib/python3/dist-packages/firewall/server/__init__.py�<module>��s��PK��,(�Z�~t�J��J����__pycache__/config_service.cpython-310.pycnu��[��o ��bhAb_u��@��s��d�dl�Z�d�dlZ�d�dlmZ�d�dlmZmZmZ�d�dlm Z �d�dl mZ�d�dlm Z mZmZmZ�d�dlmZ�d�dlmZ�G�d d ��d e�ZdS�)��N)�config)�dbus_to_python�%dbus_introspection_prepare_properties�!dbus_introspection_add_properties)�log)�DbusServiceObject)�handle_exceptions�dbus_handle_exceptions�dbus_service_method�dbus_polkit_require_auth)�errors)� FirewallErrorc��s��e�Zd�ZdZdZ �ejjZ �e ��fdd��Z edd��Zedd��Z ed d ��Zeejddd �ed�dd��Zeejddd �ed�dd��Zeejj�eejdd�ed�dd��Zejjejdd�dd��Zeejj�eejdd�ed��fdd� ��Zeejjd d�ed�d!d"��Zeejjdd�ed�d#d$��Zeejjd d�ed�d%d&��Zeejjdd�ed�d'd(��Zeejj�ed�d)d��Z ejjejjdd�ed+d,��Z!eejj�ed�d-d.��Z"ejjejjdd�ed/d0��Z#eejjdd�ed�d1d2��Z$ejjejjdd�ed3d4��Z%eejjdd�ed�d5d6��Z&eejjdd�ed�d7d8��Z'eejjdd�ed�d9d:��Z(eejjdd�ed�d;d<��Z)eejjdd�ed�d=d>��Zeejjdd�ed�d?d@��Z+eejjdAd�ed�dBdC��Z,eejjdAd�ed�dDdE��Z-eejjdd�ed�dFdG��Z.eejjdd�ed�dHdI��Z/eejjddJd �ed�dKdL��Z0eejjdMd�ed�dNdO��Z1eejjdMd�ed�dPdQ��Z2eejjdd�ed�dRdS��Z3eejjdd�ed�dTdU��Z4eejjddJd �ed�dVdW��Z5eejjdAd�ed�dXdY��Z6eejjdAd�ed�dZd[��Z7eejjdd�ed�d\d]��Z8eejjdd�ed�d^d_��Z9eejjddJd �ed�d`da��Z:eejjdMd�ed�dbdc��Z;eejjdMd�ed�ddde��Z<eejjdd�ed�dfdg��Z=eejjdd�ed�dhdi��Z>eejjddJd �ed�djdk��Z?eejjdld�ed�dmdn��Z@eejjdld�ed�dodp��ZAeejjddd �ed�dqdr��ZBeejjdd�ed�dsdt��ZCeejjdd�ed�dudv��ZDeejjddJd �ed�dwdx��ZEeejjdMd�ed�dydz��ZFeejjdMd�ed�d{d\|��ZGeejjdd�ed�d}d~��ZHeejjdd�ed�dd��ZIeejjddJd �ed�d�d��ZJ��ZKS�)��FirewallDConfigServicezFirewallD main classTc��s`��t�t\|��j\|i�\|��\|\|�_\|\|�_\|\|�_\|\|�_\|d�\|�_\|d�\|�_d\|�j�\|�_ t \|�tjj��d�S�)Nr��zconfig.service.%d) �superr��__init__�parentr��obj�item_id�busname�path�_log_prefixr��dbus�DBUS_INTERFACE_CONFIG_SERVICE)�selfr��conf�servicer��args�kwargs�� __class__��@/usr/lib/python3/dist-packages/firewall/server/config_service.pyr��2��s�� zFirewallDConfigService.__init__c��C��s��d�S��Nr!��r��r!��r!��r"��__del__?��s��zFirewallDConfigService.__del__c��C��s��\|��d�S�r#��)�remove_from_connectionr$��r!��r!��r"�� unregisterC��s��z!FirewallDConfigService.unregisterc��C��s~��\|dkrt��\|�jj�S�\|dkrt��\|�jj�S�\|dkr!t��\|�jj�S�\|dkr,t��\|�jj�S�\|dkr7t��\|�jj�S�t�j � d\|��)N�name�filenamer��default�builtinzDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist)r��Stringr��r(��r)��r��Booleanr��r+�� exceptions� DBusException)r�� property_namer!��r!��r"�� _get_propertyK��s��z$FirewallDConfigService._get_property�ss�v)�in_signature� out_signatureNc��C��sL��t�\|t�}t�\|t�}t�d\|�j\|\|��\|tjjkr!tj� d\|��\|�� \|�S�)Nz%s.Get('%s', '%s')�Jorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r��strr��debug1r��r��r��r��r.��r/��r1��)r��interface_namer0��senderr!��r!��r"��Get\��s�� zFirewallDConfigService.Get�sza{sv}c��C��s`��t�\|t�}t�d\|�j\|��\|tjjkrtj� d\|��i�}dD�] }\|�� \|�\|\|<�qtj\|dd�S�)Nz%s.GetAll('%s')r6��)r(��r)��r��r��r+��sv�� signature)r��r7��r��r8��r��r��r��r��r.��r/��r1�� Dictionary)r��r9��r:��ret�xr!��r!��r"��GetAllm��s�� zFirewallDConfigService.GetAll�ssv)r4��c��C��sh��t�\|t�}t�\|t�}t�\|�}t�d\|�j\|\|\|��\|�j�\|��\|tjj kr,tj �d\|��tj �d\|��)Nz%s.Set('%s', '%s', '%s')r6��zGorg.freedesktop.DBus.Error.PropertyReadOnly: Property '%s' is read-only)r��r7��r��r8��r��r��accessCheckr��r��r��r.��r/��)r��r9��r0�� new_valuer:��r!��r!��r"��Set~��s$�� zFirewallDConfigService.Setzsa{sv}asr>��c��C��s2��t�\|t�}t�\|�}t�\|�}t�d\|�j\|\|\|��d�S�)Nz&%s.PropertiesChanged('%s', '%s', '%s'))r��r7��r��r8��r��)r��r9��changed_properties�invalidated_propertiesr!��r!��r"��PropertiesChanged��s�� z(FirewallDConfigService.PropertiesChanged)r5��c��s8��t��d\|�j��tt\|��\|�j\|�j��}t \|�\|t jj�S�)Nz%s.Introspect()) r��debug2r��r��r�� Introspectr��r��get_busr��r��r��r��)r��r:��datar��r!��r"��rL��s�� z!FirewallDConfigService.Introspectz(sssa(ss)asa{ss}asa(ss))c��C��t��d\|�j��\|�j�\|�j�S�)�!get settings for service z%s.getSettings())r��r8��r��r��get_service_configr��r��r:��r!��r!��r"��getSettings��z"FirewallDConfigService.getSettingsc��C��rO��)rP��z%s.getSettings2())r��r8��r��r��get_service_config_dictr��rR��r!��r!��r"��getSettings2��rT��z#FirewallDConfigService.getSettings2c��C��sF��t�\|�}t�d\|�j��\|�j�\|��\|�j�\|�j\|�\|�_\|�� \|�jj ��dS�)z$update settings for service z%s.update('...')N)r��r��r8��r��r��rE��r��set_service_configr��Updatedr(��r��settingsr:��r!��r!��r"��update��s ��zFirewallDConfigService.updatec��C��sF��t�\|�}t�d\|�j��\|�j�\|��\|�j�\|�j\|�\|�_\|�� \|�jj ��d�S�)Nz%s.update2('...'))r��r��r8��r��r��rE��r��set_service_config_dictr��rX��r(��rY��r!��r!��r"��update2��s ��zFirewallDConfigService.update2c��C��s<��t��d\|�j��\|�j�\|��\|�j�\|�j�\|�_\|��\|�jj ��dS�)z2load default settings for builtin service z%s.loadDefaults()N) r��r8��r��r��rE��r��load_service_defaultsr��rX��r(��rR��r!��r!��r"��loadDefaults��s��z#FirewallDConfigService.loadDefaultsc��C��t��d\|�j\|f��d�S�)Nz%s.Updated('%s')�r��r8��r��r��r(��r!��r!��r"��rX��zFirewallDConfigService.Updatedc��C��s:��t��d\|�j��\|�j�\|��\|�j�\|�j��\|�j�\|�j��dS�)zremove service z%s.removeService()N) r��r8��r��r��rE��r��remove_servicer�� removeServicerR��r!��r!��r"��remove��s��zFirewallDConfigService.removec��C��r`��)Nz%s.Removed('%s')ra��rb��r!��r!��r"��Removed��rc��zFirewallDConfigService.Removedc��C��sF��t�\|t�}t�d\|�j\|��\|�j�\|��\|�j�\|�j \|�\|�_ \|�� \|��dS�)zrename service z%s.rename('%s')N)r��r7��r��r8��r��r��rE��r��rename_servicer��Renamed)r��r(��r:��r!��r!��r"��rename��s �� zFirewallDConfigService.renamec��C��r`��)Nz%s.Renamed('%s')ra��rb��r!��r!��r"��ri��rc��zFirewallDConfigService.Renamedc��C��t��d\|�j��\|��d�S�)Nz%s.getVersion()r��r��r8��r��rS��rR��r!��r!��r"�� getVersion ��z!FirewallDConfigService.getVersionc��C��H��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d<�\|�� \|��d�S�)Nz%s.setVersion('%s')r�� r��r7��r��r8��r��r��rE��listrS��r[��)r��versionr:��rZ��r!��r!��r"�� setVersion�� z!FirewallDConfigService.setVersionc��C��rk��)Nz %s.getShort()r��rl��rR��r!��r!��r"��getShort��rn��zFirewallDConfigService.getShortc��C��ro��)Nz%s.setShort('%s')r��rp��)r��shortr:��rZ��r!��r!��r"��setShort$��rt��zFirewallDConfigService.setShortc��C��rk��)Nz%s.getDescription()��rl��rR��r!��r!��r"��getDescription1��rn��z%FirewallDConfigService.getDescriptionc��C��ro��)Nz%s.setDescription('%s')rx��rp��)r��descriptionr:��rZ��r!��r!��r"��setDescription8��s�� z%FirewallDConfigService.setDescriptionza(ss)c��C��rk��)Nz %s.getPorts()��rl��rR��r!��r!��r"��getPortsF��rn��zFirewallDConfigService.getPortsc��C��g�}t�\|t�D�]}t\|t�r\|�t\|��q\|�\|��q\|}t�d\|�jd�dd��\|D��\|�j � \|��t\|��}\|\|d<�\|��\|��d�S�)Nz%s.setPorts('[%s]')�,c��s��$��\|�] }d�\|d�\|d�f�V��qdS��z('%s, '%s')r��r��Nr!��.0�portr!��r!��r"�� <genexpr>Z��"�z2FirewallDConfigService.setPorts.<locals>.<genexpr>r\|�� r��rq�� isinstance�append�tupler��r8��r��joinr��rE��rS��r[��r��portsr:��_portsr��rZ��r!��r!��r"��setPortsM�� zFirewallDConfigService.setPortsc��C��t�\|t�}t�\|t�}t�d\|�j\|\|��\|�j�\|��t\|��}\|\|f\|d�v�r1t t jd\|\|f��\|d��\|\|f��\|�� \|��d�S�)Nz%s.addPort('%s', '%s')r\|��%s:%s�r��r7��r��r8��r��r��rE��rq��rS��r ��r��ALREADY_ENABLEDr��r[��r��r��protocolr:��rZ��r!��r!��r"��addPort`�� zFirewallDConfigService.addPortc��C��t�\|t�}t�\|t�}t�d\|�j\|\|��\|�j�\|��t\|��}\|\|f\|d�vr1t t jd\|\|f��\|d��\|\|f��\|�� \|��d�S�)Nz%s.removePort('%s', '%s')r\|��r��r��r7��r��r8��r��r��rE��rq��rS��r ��r��NOT_ENABLEDrf��r[��r��r!��r!��r"�� removePortp�� z!FirewallDConfigService.removePort�bc��C��:��t�\|t�}t�\|t�}t�d\|�j\|\|��\|\|f\|��d�v�S�)Nz%s.queryPort('%s', '%s')r\|��r��r7��r��r8��r��rS��r��r��r��r:��r!��r!��r"�� queryPort�� z FirewallDConfigService.queryPort�asc��C��rk��)Nz%s.getProtocols()��rl��rR��r!��r!��r"��getProtocols��rn��z#FirewallDConfigService.getProtocolsc��C��sN��t�\|t�}t�d\|�jd�\|��\|�j�\|��t\|��}\|\|d<�\|�� \|��d�S�)Nz%s.setProtocols('[%s]')r��r��) r��rq��r��r8��r��r��r��rE��rS��r[��)r�� protocolsr:��rZ��r!��r!��r"��setProtocols��s�� z#FirewallDConfigService.setProtocolsc��C��sf��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d�v�r%t t j\|��\|d��\|��\|�� \|��d�S�)Nz%s.addProtocol('%s')r��r��r��r��r:��rZ��r!��r!��r"��addProtocol�� z"FirewallDConfigService.addProtocolc��C��sf��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d�vr%t t j\|��\|d��\|��\|�� \|��d�S�)Nz%s.removeProtocol('%s')r��r��r��r!��r!��r"��removeProtocol��r��z%FirewallDConfigService.removeProtocolc��C��s��t�\|t�}t�d\|�j\|��\|\|��d�v�S�)Nz%s.queryProtocol(%s')r��r��)r��r��r:��r!��r!��r"�� queryProtocol��s�� z$FirewallDConfigService.queryProtocolc��C��rk��)Nz%s.getSourcePorts()��rl��rR��r!��r!��r"��getSourcePorts��rn��z%FirewallDConfigService.getSourcePortsc��C��r~��)Nz%s.setSourcePorts('[%s]')r��c��s��r��r��r!��r��r!��r!��r"��r��r��z8FirewallDConfigService.setSourcePorts.<locals>.<genexpr>r��r��r��r!��r!��r"��setSourcePorts��r��z%FirewallDConfigService.setSourcePortsc��C��r��)Nz%s.addSourcePort('%s', '%s')r��r��r��r��r!��r!��r"�� addSourcePort��r��z$FirewallDConfigService.addSourcePortc��C��r��)Nz%s.removeSourcePort('%s', '%s')r��r��r��r��r!��r!��r"��removeSourcePort��r��z'FirewallDConfigService.removeSourcePortc��C��r��)Nz%s.querySourcePort('%s', '%s')r��r��r��r!��r!��r"��querySourcePort��r��z&FirewallDConfigService.querySourcePortc��C��rk��)Nz%s.getModules()��rl��rR��r!��r!��r"�� getModules��rn��z!FirewallDConfigService.getModulesc��C��s��t�\|t�}g�}\|D�]}\|�d�r \|�dd�}d\|v�r \|�dd�}\|�\|��q \|}t�d\|�jd�\|��\|�j � \|��t\|��}\|\|d<�\|��\|��d�S�)N� nf_conntrack_��_�-z%s.setModules('[%s]')r��r��) r��rq�� startswith�replacer��r��r8��r��r��r��rE��rS��r[��)r��modulesr:��_modules�modulerZ��r!��r!��r"�� setModules��s �� z!FirewallDConfigService.setModulesc��C��s��t�\|t�}\|�d�r\|�dd�}d\|v�r\|�dd�}t�d\|�j\|��\|�j�\|��t \|�� }\|\|d�v�r:ttj \|��\|d��\|��\|��\|��d�S�)Nr��r��r��r��z%s.addModule('%s')r��)r��r7��r��r��r��r8��r��r��rE��rq��rS��r ��r��r��r��r[��r��r��r:��rZ��r!��r!��r"�� addModule"�� z FirewallDConfigService.addModulec��C��s��t�\|t�}\|�d�r\|�dd�}d\|v�r\|�dd�}t�d\|�j\|��\|�j�\|��t \|�� }\|\|d�vr:ttj \|��\|d��\|��\|��\|��d�S�)Nr��r��r��r��z%s.removeModule('%s')r��)r��r7��r��r��r��r8��r��r��rE��rq��rS��r ��r��r��rf��r[��r��r!��r!��r"��removeModule3��r��z#FirewallDConfigService.removeModulec��C��sT��t�\|t�}\|�d�r\|�dd�}d\|v�r\|�dd�}t�d\|�j\|��\|\|��d�v�S�)Nr��r��r��r��z%s.queryModule('%s')r��)r��r7��r��r��r��r8��r��rS��)r��r��r:��r!��r!��r"��queryModuleD��s�� z"FirewallDConfigService.queryModuleza{ss}c��C��rk��)Nz%s.getDestinations()��rl��rR��r!��r!��r"��getDestinationsR��rn��z&FirewallDConfigService.getDestinationsc��C��sV��t�\|t�}t�d\|�j\|�d�\|�d��\|�j�\|��t\|�� }\|\|d<�\|�� \|��d�S�)Nz%s.setDestinations({ipv4:'%s', ipv6:'%s'})�ipv4�ipv6r��)r��dictr��r8��r��getr��rE��rq��rS��r[��)r��destinationsr:��rZ��r!��r!��r"��setDestinationsY��s�� z&FirewallDConfigService.setDestinationsc��C��sV��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d�vr%t t j\|��\|d�\|�S�)Nz%s.getDestination('%s')r��)r��r7��r��r8��r��r��rE��rq��rS��r ��r��r��r��familyr:��rZ��r!��r!��r"��getDestinationf��s�� z%FirewallDConfigService.getDestinationc��C��s��t�\|t�}t�\|t�}t�d\|�j\|\|��\|�j�\|��t\|��}\|\|d�v�r7\|d�\|�\|kr7t t jd\|\|f��\|\|d�\|<�\|��\|��d�S�)Nz%s.setDestination('%s', '%s')r��z '%s': '%s') r��r7��r��r8��r��r��rE��rq��rS��r ��r��r��r[��r��r��addressr:��rZ��r!��r!��r"��setDestinations��s�� z%FirewallDConfigService.setDestinationc��C��sb��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d�vr%t t j\|��\|d�\|=�\|��\|��d�S�)Nz%s.removeDestination('%s')r��) r��r7��r��r8��r��r��rE��rq��rS��r ��r��r��r[��r��r!��r!��r"��removeDestination��s�� z(FirewallDConfigService.removeDestinationc��C��sJ��t�\|t�}t�\|t�}t�d\|�j\|\|��\|��}\|\|d�v�o$\|\|d�\|�kS�)Nz%s.queryDestination('%s', '%s')r��r��r��r!��r!��r"��queryDestination��s�� z'FirewallDConfigService.queryDestinationc��C��s<��t��d\|�j��\|�j�\|��\|�j�\|�j�}d\|v�r\|d�S�g�S�)Nz%s.getIncludes()�includes)r��r8��r��r��rE��r��rU��r��)r��r:��rZ��r!��r!��r"��getIncludes��s��z"FirewallDConfigService.getIncludesc��C��sZ��t�\|t�}t�d\|�j\|��\|�j�\|��d\|d�d��i}\|�j�\|�j \|�\|�_ \|�� \|�j j��d�S�)Nz%s.setIncludes('%s')r��)r��rq��r��r8��r��r��rE��r��r\��r��rX��r(��)r��r��r:��rZ��r!��r!��r"��setIncludes��s�� z"FirewallDConfigService.setIncludesc��C��sj��t�\|t�}t�d\|�j\|��\|�j�\|��\|�j�\|�j �}\|� dg��\|��\|�j�\|�j \|�\|�_ \|�� \|�j j��d�S�)Nz%s.addInclude('%s')r��)r��r7��r��r8��r��r��rE��r��rU��r�� setdefaultr��r\��rX��r(��r��includer:��rZ��r!��r!��r"�� addInclude��s�� z!FirewallDConfigService.addIncludec��C��sf��t�\|t�}t�d\|�j\|��\|�j�\|��\|�j�\|�j �}\|d�� \|��\|�j�\|�j \|�\|�_ \|��\|�j j ��d�S�)Nz%s.removeInclude('%s')r��)r��r7��r��r8��r��r��rE��r��rU��r��rf��r\��rX��r(��r��r!��r!��r"�� removeInclude��s�� z$FirewallDConfigService.removeIncludec��C��s@��t�\|t�}t�d\|�j\|��\|�j�\|�j�}d\|v�r\|\|d�v�S�dS�)Nz%s.queryInclude('%s')r��F)r��r7��r��r8��r��r��rU��r��r��r!��r!��r"��queryInclude��s�� z#FirewallDConfigService.queryIncluder#��)L�__name__� __module__�__qualname__�__doc__� persistentr��r��PK_ACTION_CONFIG�default_polkit_auth_requiredr��r��r ��r%��r'��r1��r ��PROPERTIES_IFACEr;��rC��r��rG��r��signalrJ��PK_ACTION_INFO�INTROSPECTABLE_IFACErL��r��rS��rV��r[��r]��r_��rX��rf��rg��rj��ri��rm��rs��ru��rw��ry��r{��r}��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r�� __classcell__r!��r!��r��r"��r����s�� r��)r��dbus.service�firewallr��firewall.dbus_utilsr��r��r��firewall.core.loggerr��firewall.server.dbusr��firewall.server.decoratorsr��r ��r ��r��r��firewall.errorsr ��r��r!��r!��r!��r"��<module>��s��PK��,(�Z�ku��)��__pycache__/config_policy.cpython-310.pycnu��[��o ��bhAb� ��@��st��d�dl�Z�d�dlZ�d�dlmZ�d�dlmZmZmZ�d�dlm Z �d�dl mZ�d�dlm Z mZmZmZ�G�dd��de�ZdS�) ��N)�config)�dbus_to_python�%dbus_introspection_prepare_properties�!dbus_introspection_add_properties)�log)�DbusServiceObject)�handle_exceptions�dbus_handle_exceptions�dbus_service_method�dbus_polkit_require_authc��s��e�Zd�ZdZejjZe��fdd��Z e dd��Ze dd��Ze dd ��Z eejd dd�e d/dd��Zeejddd�e d/dd��Zeejj�eejdd�e d/dd��Zejjejdd�dd��Zeejj�eejdd�e d/��fdd� ��Zeejjdd�e d/dd ��Zeejjdd�e d/d!d"��Zeejj�e d/d#d$��Zejjejjdd�e d%d&��Zeejj�e d/d'd(��Zejjejjdd�e d)d��Z eejjdd�e d/d+d,��Z!ejjejjdd�e d-d.��Z"��Z#S�)0�FirewallDConfigPolicyTc��s`��t�t\|��j\|i�\|��\|\|�_\|\|�_\|\|�_\|\|�_\|d�\|�_\|d�\|�_d\|�j�\|�_ t \|�tjj��d�S�)Nr��zconfig.policy.%d) �superr��__init__�parentr��obj�item_id�busname�path�_log_prefixr��dbus�DBUS_INTERFACE_CONFIG_POLICY)�selfr��conf�policyr��args�kwargs�� __class__��?/usr/lib/python3/dist-packages/firewall/server/config_policy.pyr��s�� zFirewallDConfigPolicy.__init__c��C��s��d�S��Nr��r��r��r��r ��__del__#��s��zFirewallDConfigPolicy.__del__c��C��s��\|��d�S�r!��)�remove_from_connectionr"��r��r��r �� unregister'��s��z FirewallDConfigPolicy.unregisterc��C��s~��\|dkrt��\|�jj�S�\|dkrt��\|�jj�S�\|dkr!t��\|�jj�S�\|dkr,t��\|�jj�S�\|dkr7t��\|�jj�S�t�j � d\|��)N�name�filenamer��default�builtinzDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist)r��Stringr��r&��r'��r��Booleanr(��r)�� exceptions� DBusException)r�� property_namer��r��r �� _get_property/��s��z#FirewallDConfigPolicy._get_property�ss�v)�in_signature� out_signatureNc��C��sL��t�\|t�}t�\|t�}t�d\|�j\|\|��\|tjjkr!tj� d\|��\|�� \|�S�)Nz%s.Get('%s', '%s')�Jorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r��strr��debug1r��r��r��r��r,��r-��r/��)r��interface_namer.��senderr��r��r ��Get@��s�� zFirewallDConfigPolicy.Get�sza{sv}c��C��s`��t�\|t�}t�d\|�j\|��\|tjjkrtj� d\|��i�}dD�] }\|�� \|�\|\|<�qtj\|dd�S�)Nz%s.GetAll('%s')r4��)r&��r'��r��r(��r)��sv�� signature)r��r5��r��r6��r��r��r��r��r,��r-��r/�� Dictionary)r��r7��r8��ret�xr��r��r ��GetAllQ��s�� zFirewallDConfigPolicy.GetAll�ssv)r2��c��C��sh��t�\|t�}t�\|t�}t�\|�}t�d\|�j\|\|\|��\|�j�\|��\|tjj kr,tj �d\|��tj �d\|��)Nz%s.Set('%s', '%s', '%s')r4��zGorg.freedesktop.DBus.Error.PropertyReadOnly: Property '%s' is read-only)r��r5��r��r6��r��r��accessCheckr��r��r��r,��r-��)r��r7��r.�� new_valuer8��r��r��r ��Setb��s$�� zFirewallDConfigPolicy.Setzsa{sv}asr<��c��C��s2��t�\|t�}t�\|�}t�\|�}t�d\|�j\|\|\|��d�S�)Nz&%s.PropertiesChanged('%s', '%s', '%s'))r��r5��r��r6��r��)r��r7��changed_properties�invalidated_propertiesr��r��r ��PropertiesChangedv��s�� z'FirewallDConfigPolicy.PropertiesChanged)r3��c��s8��t��d\|�j��tt\|��\|�j\|�j��}t \|�\|t jj�S�)Nz%s.Introspect()) r��debug2r��r��r�� Introspectr��r��get_busr��r��r��r��)r��r8��datar��r��r ��rJ��s�� z FirewallDConfigPolicy.Introspectc��C��s ��t��d\|�j��\|�j�\|�j�}\|S�)z get settings for policy z%s.getSettings())r��r6��r��r��get_policy_object_config_dictr��)r��r8��settingsr��r��r ��getSettings��s��z!FirewallDConfigPolicy.getSettingsc��C��sF��t�\|�}t�d\|�j��\|�j�\|��\|�j�\|�j\|�\|�_\|�� \|�jj ��dS�)z#update settings for policy z%s.update('...')N)r��r��r6��r��r��rC��r��set_policy_object_config_dictr��Updatedr&��)r��rN��r8��r��r��r ��update��s ��zFirewallDConfigPolicy.updatec��C��s<��t��d\|�j��\|�j�\|��\|�j�\|�j�\|�_\|��\|�jj ��dS�)z1load default settings for builtin policy z%s.loadDefaults()N) r��r6��r��r��rC��r��load_policy_object_defaultsr��rQ��r&��r��r8��r��r��r ��loadDefaults��s��z"FirewallDConfigPolicy.loadDefaultsc��C��t��d\|�j\|f��d�S�)Nz%s.Updated('%s')�r��r6��r��r��r&��r��r��r ��rQ��zFirewallDConfigPolicy.Updatedc��C��s:��t��d\|�j��\|�j�\|��\|�j�\|�j��\|�j�\|�j��dS�)zremove policy z%s.removePolicy()N) r��r6��r��r��rC��r��remove_policy_objectr��removePolicyrT��r��r��r ��remove��s��zFirewallDConfigPolicy.removec��C��rV��)Nz%s.Removed('%s')rW��rX��r��r��r ��Removed��rY��zFirewallDConfigPolicy.Removedc��C��sF��t�\|t�}t�d\|�j\|��\|�j�\|��\|�j�\|�j \|�\|�_ \|�� \|��dS�)zrename policy z%s.rename('%s')N)r��r5��r��r6��r��r��rC��r��rename_policy_objectr��Renamed)r��r&��r8��r��r��r ��rename��s �� zFirewallDConfigPolicy.renamec��C��rV��)Nz%s.Renamed('%s')rW��rX��r��r��r ��r_��rY��zFirewallDConfigPolicy.Renamedr!��)$�__name__� __module__�__qualname__� persistentr��r��PK_ACTION_CONFIG�default_polkit_auth_requiredr��r��r ��r#��r%��r/��r ��PROPERTIES_IFACEr9��rA��r��rE��service�signalrH��PK_ACTION_INFO�INTROSPECTABLE_IFACErJ��r��rO��rR��rU��rQ��r\��r]��r`��r_�� __classcell__r��r��r��r ��r��sz�� r��)r��dbus.service�firewallr��firewall.dbus_utilsr��r��r��firewall.core.loggerr��firewall.server.dbusr��firewall.server.decoratorsr��r ��r ��r��r��r��r��r��r ��<module>��s��PK��,(�Zi[�?l��?l��'��__pycache__/config_zone.cpython-310.pycnu��[��o ��bhAb��@��s��d�dl�Z�d�dlZ�d�dlmZ�d�dlmZmZmZ�d�dlm Z �d�dl mZ�d�dlm Z �d�dlmZ�d�dlmZ�d�d lmZ�d�d lmZmZmZmZ�d�dlmZ�d�dlmZ�d�d lmZmZmZm Z �G�dd��de�Z!dS�)��N)�config)�dbus_to_python�%dbus_introspection_prepare_properties�!dbus_introspection_add_properties)�Zone)�ifcfg_set_zone_of_interface)�DEFAULT_ZONE_TARGET)� Rich_Rule)�log)�DbusServiceObject)�handle_exceptions�dbus_handle_exceptions�dbus_service_method�dbus_polkit_require_auth)�errors)� FirewallError)�portStr�portInPortRange�coalescePortRange�breakPortRangec��s� ��e�Zd�ZdZdZ �ejjZ �e ��fdd��Z edd��Zedd��Z ed d ��Zeejddd �ed�dd��Zeejddd �ed�dd��Zeejj�eejdd�ed�dd��Zejjejdd�dd��Zeejj�eejdd�ed��fdd� ��Zeejjd d�ed�d!d"��Zeejjdd�ed�d#d$��Zd%d&��Zeejjd d�ed�d'd(��Zeejjdd�ed�d)d��Z eejj�ed�d+d,��Z!ejjejjdd�ed-d.��Z"eejj�ed�d/d0��Z#ejjejjdd�ed1d2��Z$eejjdd�ed�d3d4��Z%ejjejjdd�ed5d6��Z&eejjdd�ed�d7d8��Z'eejjdd�ed�d9d:��Z(eejjdd�ed�d;d<��Z)eejjdd�ed�d=d>��Zeejjdd�ed�d?d@��Z+eejjdd�ed�dAdB��Z,eejjdd�ed�dCdD��Z-eejjdd�ed�dEdF��Z.eejjdGd�ed�dHdI��Z/eejjdGd�ed�dJdK��Z0eejjdd�ed�dLdM��Z1eejjdd�ed�dNdO��Z2eejjddPd �ed�dQdR��Z3eejjdSd�ed�dTdU��Z4eejjdSd�ed�dVdW��Z5eejjdd�ed�dXdY��Z6eejjdd�ed�dZd[��Z7eejjddPd �ed�d\d]��Z8eejjdGd�ed�d^d_��Z9eejjdGd�ed�d`da��Z:eejjdd�ed�dbdc��Z;eejjdd�ed�ddde��Z<eejjddPd �ed�dfdg��Z=eejjdSd�ed�dhdi��Z>eejjdSd�ed�djdk��Z?eejjdd�ed�dldm��Z@eejjdd�ed�dndo��ZAeejjddPd �ed�dpdq��ZBeejjdGd�ed�drds��ZCeejjdGd�ed�dtdu��ZDeejjdd�ed�dvdw��ZEeejjdd�ed�dxdy��ZFeejjddPd �ed�dzd{��ZGeejjdPd�ed�d\|d}��ZHeejjdPd�ed�d~d��ZIeejj�ed�d�d��ZJeejj�ed�d�d��ZKeejjdPd�ed�d�d��ZLeejjdPd�ed�d�d��ZMeejjdPd�ed�d�d��ZNeejj�ed�d�d��ZOeejj�ed�d�d��ZPeejjdPd�ed�d�d��ZQeejjd�d�ed�d�d��ZReejjd�d�ed�d�d��ZSeejjd�d�ed�d�d��ZTeejjd�d�ed�d�d��ZUeejjd�dPd �ed�d�d��ZVeejjdGd�ed�d�d��ZWeejjdGd�ed�d�d��ZXeejjdd�ed�d�d��ZYeejjdd�ed�d�d��ZZeejjddPd �ed�d�d��Z[eejjdGd�ed�d�d��Z\eejjdGd�ed�d�d��Z]eejjdd�ed�d�d��Z^eejjdd�ed�d�d��Z_eejjddPd �ed�d�d��Z`eejjdGd�ed�d�d��ZaeejjdGd�ed�d�d��Zbeejjdd�ed�d�d��Zceejjdd�ed�d�d��ZdeejjddPd �ed�d�d��Ze��ZfS�)��FirewallDConfigZonezFirewallD main classTc��s`��t�t\|��j\|i�\|��\|\|�_\|\|�_\|\|�_\|\|�_\|d�\|�_\|d�\|�_d\|�j�\|�_ t \|�tjj��d�S�)Nr��zconfig.zone.%d) �superr��__init__�parentr��obj�item_id�busname�path�_log_prefixr��dbus�DBUS_INTERFACE_CONFIG_ZONE)�selfr��conf�zoner��args�kwargs�� __class__��=/usr/lib/python3/dist-packages/firewall/server/config_zone.pyr��8��s�� zFirewallDConfigZone.__init__c��C��s��d�S��Nr)��r"��r)��r)��r��__del__E��s��zFirewallDConfigZone.__del__c��C��s��\|��d�S�r+��)�remove_from_connectionr,��r)��r)��r�� unregisterI��s��zFirewallDConfigZone.unregisterc��C��s~��\|dkrt��\|�jj�S�\|dkrt��\|�jj�S�\|dkr!t��\|�jj�S�\|dkr,t��\|�jj�S�\|dkr7t��\|�jj�S�t�j � d\|��)N�name�filenamer��default�builtinzDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist)r ��Stringr��r0��r1��r��Booleanr2��r3�� exceptions� DBusException)r"�� property_namer)��r)��r�� _get_propertyQ��s��z!FirewallDConfigZone._get_property�ss�v)�in_signature� out_signatureNc��C��sL��t�\|t�}t�\|t�}t�d\|�j\|\|��\|tjjkr!tj� d\|��\|�� \|�S�)Nz%s.Get('%s', '%s')�Jorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r��strr ��debug1r��r��r ��r!��r6��r7��r9��)r"��interface_namer8��senderr)��r)��r��Getb��s�� zFirewallDConfigZone.Get�sza{sv}c��C��s`��t�\|t�}t�d\|�j\|��\|tjjkrtj� d\|��i�}dD�] }\|�� \|�\|\|<�qtj\|dd�S�)Nz%s.GetAll('%s')r>��)r0��r1��r��r2��r3��sv�� signature)r��r?��r ��r@��r��r��r ��r!��r6��r7��r9�� Dictionary)r"��rA��rB��ret�xr)��r)��r��GetAlls��s�� zFirewallDConfigZone.GetAll�ssv)r<��c��C��sh��t�\|t�}t�\|t�}t�\|�}t�d\|�j\|\|\|��\|�j�\|��\|tjj kr,tj �d\|��tj �d\|��)Nz%s.Set('%s', '%s', '%s')r>��zGorg.freedesktop.DBus.Error.PropertyReadOnly: Property '%s' is read-only)r��r?��r ��r@��r��r��accessCheckr��r ��r!��r6��r7��)r"��rA��r8�� new_valuerB��r)��r)��r��Set��s$�� zFirewallDConfigZone.Setzsa{sv}asrF��c��C��s2��t�\|t�}t�\|�}t�\|�}t�d\|�j\|\|\|��d�S�)Nz&%s.PropertiesChanged('%s', '%s', '%s'))r��r?��r ��r@��r��)r"��rA��changed_properties�invalidated_propertiesr)��r)��r��PropertiesChanged��s�� z%FirewallDConfigZone.PropertiesChanged)r=��c��s8��t��d\|�j��tt\|��\|�j\|�j��}t \|�\|t jj�S�)Nz%s.Introspect()) r ��debug2r��r��r�� Introspectr��r��get_busr��r��r ��r!��)r"��rB��datar'��r)��r��rT��s�� zFirewallDConfigZone.Introspectz&(sssbsasa(ss)asba(ssss)asasasasa(ss)b)c��C��sD��t��d\|�j��\|�j�\|�j�}\|d�tkr t\|�}d\|d<�t\|�}\|S�)�get settings for zone z%s.getSettings()��r2��) r ��r@��r��r��get_zone_configr��r��list�tuple)r"��rB��settings� _settingsr)��r)��r��getSettings��s��zFirewallDConfigZone.getSettingsc��C��s4��t��d\|�j��\|�j�\|�j�}\|d�tkrd\|d<�\|S�)rW��z%s.getSettings2()�targetr2��)r ��r@��r��r��get_zone_config_dictr��r��r"��rB��r\��r)��r)��r��getSettings2��s ��z FirewallDConfigZone.getSettings2c��C��s��\|�j��\|�j�}d\|v�rt\|d��nt��}d\|v�rt\|d��nt��}t\|t�r=t\|t�d��\|�}t\|t�d��\|�}n"d\|v�rGt\|d��nt��}d\|v�rTt\|d��nt��}\|\|�}\|\|�}\|D�]} \|�j� \| �rot tj\| ��qa\|D�]} \|�j� \| �r�t tj\| ��qrdS�)a ��Assignment of interfaces/sources to zones is different from other zone settings in the sense that particular interface/zone can be part of only one zone. So make sure added interfaces/sources have not already been bound to another zone.� interfaces�sourcesN)r��r`��r��set� isinstancer[��r��index_ofr��getZoneOfInterfacer��r�� ZONE_CONFLICT�getZoneOfSource)r"��r\��old_settings� old_ifaces�old_sources�added_ifaces� added_sources� new_ifaces�new_sources�iface�sourcer)��r)��r�� _checkDuplicateInterfacesSources��s&�� z4FirewallDConfigZone._checkDuplicateInterfacesSourcesc��C��st��t�\|�}t�d\|�j��\|�j�\|��\|d�dkr#t\|�}t\|d<�t\|�}\|�� \|��\|�j �\|�j\|�\|�_\|�� \|�jj��dS�)�!update settings for zone z%s.update('...')rX��r2��N)r��r ��r@��r��r��rM��rZ��r��r[��rt��r��set_zone_configr��Updatedr0��)r"��r\��rB��r]��r)��r)��r��update��s�� zFirewallDConfigZone.updatec��C��sl��t�\|�}t�d\|�j��\|�j�\|��d\|v�r\|d�dkrt\|d<�\|��\|��\|�j� \|�j \|�\|�_ \|��\|�j j��dS�)ru��z%s.update2('...')r_��r2��N) r��r ��r@��r��r��rM��r��rt��r��set_zone_config_dictr��rw��r0��)r"��r\��rB��r)��r)��r��update2��s�� zFirewallDConfigZone.update2c��C��s<��t��d\|�j��\|�j�\|��\|�j�\|�j�\|�_\|��\|�jj ��dS�)z/load default settings for builtin zone z%s.loadDefaults()N) r ��r@��r��r��rM��r��load_zone_defaultsr��rw��r0��r"��rB��r)��r)��r��loadDefaults��s��z FirewallDConfigZone.loadDefaultsc��C��t��d\|�j\|f��d�S�)Nz%s.Updated('%s')�r ��r@��r��r"��r0��r)��r)��r��rw�� zFirewallDConfigZone.Updatedc��C��s:��t��d\|�j��\|�j�\|��\|�j�\|�j��\|�j�\|�j��dS�)zremove zone z%s.removeZone()N) r ��r@��r��r��rM��r��remove_zoner�� removeZoner\|��r)��r)��r��remove��s��zFirewallDConfigZone.removec��C��r~��)Nz%s.Removed('%s')r��r��r)��r)��r��Removed��r��zFirewallDConfigZone.Removedc��C��sF��t�\|t�}t�d\|�j\|��\|�j�\|��\|�j�\|�j \|�\|�_ \|�� \|��dS�)zrename zone z%s.rename('%s')N)r��r?��r ��r@��r��r��rM��r��rename_zoner��Renamed)r"��r0��rB��r)��r)��r��rename%��s �� zFirewallDConfigZone.renamec��C��r~��)Nz%s.Renamed('%s')r��r��r)��r)��r��r��1��r��zFirewallDConfigZone.Renamedc��C��t��d\|�j��\|��d�S�)Nz%s.getVersion()r��r ��r@��r��r^��r\|��r)��r)��r�� getVersion8��zFirewallDConfigZone.getVersionc��C��H��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d<�\|�� \|��d�S�)Nz%s.setVersion('%s')r�� r��r?��r ��r@��r��r��rM��rZ��r^��rx��)r"��versionrB��r\��r)��r)��r�� setVersion?�� zFirewallDConfigZone.setVersionc��C��r��)Nz %s.getShort()r��r��r\|��r)��r)��r��getShortL��r��zFirewallDConfigZone.getShortc��C��r��)Nz%s.setShort('%s')r��r��)r"��shortrB��r\��r)��r)��r��setShortS��r��zFirewallDConfigZone.setShortc��C��r��)Nz%s.getDescription()��r��r\|��r)��r)��r��getDescription`��r��z"FirewallDConfigZone.getDescriptionc��C��r��)Nz%s.setDescription('%s')r��r��)r"��descriptionrB��r\��r)��r)��r��setDescriptiong��r��z"FirewallDConfigZone.setDescriptionc��C��s.��t��d\|�j��\|��}\|d�tkr\|d�S�dS�)Nz%s.getTarget()rX��r2��)r ��r@��r��r^��r��ra��r)��r)��r�� getTargetw��s��zFirewallDConfigZone.getTargetc��C��sT��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|dkr\|nt \|d<�\|�� \|��d�S�)Nz%s.setTarget('%s')r2��rX��)r��r?��r ��r@��r��r��rM��rZ��r^��r��rx��)r"��r_��rB��r\��r)��r)��r�� setTarget��s�� zFirewallDConfigZone.setTarget�asc��C��r��)Nz%s.getServices()��r��r\|��r)��r)��r��getServices��r��zFirewallDConfigZone.getServicesc��C��N��t�\|t�}t�d\|�jd�\|��\|�j�\|��t\|��}\|\|d<�\|�� \|��d�S�)Nz%s.setServices('[%s]')�,r�� r��rZ��r ��r@��r��joinr��rM��r^��rx��)r"��servicesrB��r\��r)��r)��r��setServices�� zFirewallDConfigZone.setServicesc��C��f��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d�v�r%t t j\|��\|d��\|��\|�� \|��d�S�)Nz%s.addService('%s')r��r��r?��r ��r@��r��r��rM��rZ��r^��r��r��ALREADY_ENABLED�appendrx��r"��servicerB��r\��r)��r)��r�� addService�� zFirewallDConfigZone.addServicec��C��f��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d�vr%t t j\|��\|d��\|��\|�� \|��d�S�)Nz%s.removeService('%s')r��r��r?��r ��r@��r��r��rM��rZ��r^��r��r��NOT_ENABLEDr��rx��r��r)��r)��r�� removeService��r��z!FirewallDConfigZone.removeService�bc��C����t�\|t�}t�d\|�j\|��\|\|��d�v�S�)Nz%s.queryService('%s')r��r��r?��r ��r@��r��r^��)r"��r��rB��r)��r)��r��queryService�� z FirewallDConfigZone.queryServiceza(ss)c��C��r��)Nz %s.getPorts()��r��r\|��r)��r)��r��getPorts��r��zFirewallDConfigZone.getPortsc��C��g�}t�\|t�D�]}t\|t�r\|�t\|��q\|�\|��q\|}t�d\|�jd�dd��\|D��\|�j � \|��t\|��}\|\|d<�\|��\|��d�S�)Nz%s.setPorts('[%s]')r��c��s��$��\|�] }d�\|d�\|d�f�V��qdS��z('%s, '%s')r��r��Nr)��.0�portr)��r)��r�� <genexpr>��"�z/FirewallDConfigZone.setPorts.<locals>.<genexpr>r�� r��rZ��rf��r��r[��r ��r@��r��r��r��rM��r^��rx��r"��portsrB��_portsr��r\��r)��r)��r��setPorts�� zFirewallDConfigZone.setPortsc�� t�\|t�}t��t��t�d\|�j\|��\|�j�\|��t\|��}tt ��fdd�\|d��}\|D�]}t \|\|d��rAttj d\|��f��q.t\|dd��\|D��\}}\|D�]} \|d��t\| d ��f��qP\|D�]} \|d��t\| d ��f��qa\|��\|��d�S�) Nz%s.addPort('%s', '%s')c��\|�d��kS��Nr��r)��rJ��protocolr)��r��<lambda>��z-FirewallDConfigZone.addPort.<locals>.<lambda>r��r��%s:%sc��S��g�\|�]\}}\|�qS�r)��r)��r��_port� _protocolr)��r)��r�� <listcomp>��z/FirewallDConfigZone.addPort.<locals>.<listcomp>�-�r��r?��r ��r@��r��r��rM��rZ��r^��filterr��r��r��r��r��r��r��r��rx�� r"��r��r��rB��r\��existing_port_ids�port_id�added_ranges�removed_ranges�ranger)��r��r��addPort��(�� zFirewallDConfigZone.addPortc�� t�\|t�}t��t��t�d\|�j\|��\|�j�\|��t\|��}tt ��fdd�\|d��}\|D�]}t \|\|d��r9�nq.ttj d\|��f��t\|dd��\|D��\}}\|D�]} \|d��t\| d ��f��qR\|D�]} \|d��t\| d ��f��qc\|��\|��d�S�) Nz%s.removePort('%s', '%s')c��r��r��r)��r��r��r)��r��r��r��z0FirewallDConfigZone.removePort.<locals>.<lambda>r��r��r��c��S��r��r)��r)��r��r)��r)��r��r��r��z2FirewallDConfigZone.removePort.<locals>.<listcomp>r��r��r?��r ��r@��r��r��rM��rZ��r^��r��r��r��r��r��r��r��r��r��rx��r��r)��r��r�� removePort��&�� zFirewallDConfigZone.removePortc��C��X��t�\|t�}t�\|t�}t�d\|�j\|\|��\|��d�D�]\}}t\|\|�r)\|\|kr)�dS�qdS�)Nz%s.queryPort('%s', '%s')r��TF�r��r?��r ��r@��r��r^��r��r"��r��r��rB��r��r��r)��r)��r�� queryPort �� zFirewallDConfigZone.queryPortc��C��r��)Nz%s.getProtocols()� ��r��r\|��r)��r)��r��getProtocols��r��z FirewallDConfigZone.getProtocolsc��C��r��)Nz%s.setProtocols('[%s]')r��r��r��)r"�� protocolsrB��r\��r)��r)��r��setProtocols!��r��z FirewallDConfigZone.setProtocolsc��C��r��)Nz%s.addProtocol('%s')r��r��r"��r��rB��r\��r)��r)��r��addProtocol-��r��zFirewallDConfigZone.addProtocolc��C��r��)Nz%s.removeProtocol('%s')r��r��r��r)��r)��r��removeProtocol:��r��z"FirewallDConfigZone.removeProtocolc��C��r��)Nz%s.queryProtocol('%s')r��r��)r"��r��rB��r)��r)��r�� queryProtocolG��r��z!FirewallDConfigZone.queryProtocolc��C��r��)Nz%s.getSourcePorts()��r��r\|��r)��r)��r��getSourcePortsQ��r��z"FirewallDConfigZone.getSourcePortsc��C��r��)Nz%s.setSourcePorts('[%s]')r��c��s��r��r��r)��r��r)��r)��r��r��e��r��z5FirewallDConfigZone.setSourcePorts.<locals>.<genexpr>r��r��r��r)��r)��r��setSourcePortsX��r��z"FirewallDConfigZone.setSourcePortsc�� r��) Nz%s.addSourcePort('%s', '%s')c��r��r��r)��r��r��r)��r��r��u��r��z3FirewallDConfigZone.addSourcePort.<locals>.<lambda>r��r��r��c��S��r��r)��r)��r��r)��r)��r��r��z��r��z5FirewallDConfigZone.addSourcePort.<locals>.<listcomp>r��r��r��r)��r��r�� addSourcePortk��r��z!FirewallDConfigZone.addSourcePortc�� r��) Nz%s.removeSourcePort('%s', '%s')c��r��r��r)��r��r��r)��r��r��r��z6FirewallDConfigZone.removeSourcePort.<locals>.<lambda>r��r��r��c��S��r��r)��r)��r��r)��r)��r��r��r��z8FirewallDConfigZone.removeSourcePort.<locals>.<listcomp>r��r��r��r)��r��r��removeSourcePort��r��z$FirewallDConfigZone.removeSourcePortc��C��r��)Nz%s.querySourcePort('%s', '%s')r��TFr��r��r)��r)��r��querySourcePort��r��z#FirewallDConfigZone.querySourcePortc��C��r��)Nz%s.getIcmpBlocks()��r��r\|��r)��r)��r�� getIcmpBlocks��r��z!FirewallDConfigZone.getIcmpBlocksc��C��r��)Nz%s.setIcmpBlocks('[%s]')r��r��r��)r"�� icmptypesrB��r\��r)��r)��r�� setIcmpBlocks��r��z!FirewallDConfigZone.setIcmpBlocksc��C��r��)Nz%s.addIcmpBlock('%s')r��r��r"��icmptyperB��r\��r)��r)��r��addIcmpBlock��r��z FirewallDConfigZone.addIcmpBlockc��C��r��)Nz%s.removeIcmpBlock('%s')r��r��r��r)��r)��r��removeIcmpBlock��r��z#FirewallDConfigZone.removeIcmpBlockc��C��r��)Nz%s.queryIcmpBlock('%s')r��r��)r"��r��rB��r)��r)��r��queryIcmpBlock��r��z"FirewallDConfigZone.queryIcmpBlockc��C��r��)Nz%s.getIcmpBlockInversion()��r��r\|��r)��r)��r��getIcmpBlockInversion��r��z)FirewallDConfigZone.getIcmpBlockInversionc��C��r��)Nz%s.setIcmpBlockInversion('%s')r�� r��boolr ��r@��r��r��rM��rZ��r^��rx��)r"��flagrB��r\��r)��r)��r��setIcmpBlockInversion��r��z)FirewallDConfigZone.setIcmpBlockInversionc��C��P��t��d\|�j��\|�j�\|��t\|��}\|d�rttj d��d\|d<�\|�� \|��d�S�)Nz%s.addIcmpBlockInversion()r��icmp-block-inversionT�r ��r@��r��r��rM��rZ��r^��r��r��r��rx��ra��r)��r)��r��addIcmpBlockInversion��z)FirewallDConfigZone.addIcmpBlockInversionc��C��P��t��d\|�j��\|�j�\|��t\|��}\|d�sttj d��d\|d<�\|�� \|��d�S�)Nz%s.removeIcmpBlockInversion()r��r��F�r ��r@��r��r��rM��rZ��r^��r��r��r��rx��ra��r)��r)��r��removeIcmpBlockInversion��r ��z,FirewallDConfigZone.removeIcmpBlockInversionc��C��r��)Nz%s.queryIcmpBlockInversion()r��r��r\|��r)��r)��r��queryIcmpBlockInversion��r��z+FirewallDConfigZone.queryIcmpBlockInversionc��C��r��)Nz%s.getMasquerade()��r��r\|��r)��r)��r�� getMasquerade��r��z!FirewallDConfigZone.getMasqueradec��C��r��)Nz%s.setMasquerade('%s')r��r��)r"�� masqueraderB��r\��r)��r)��r�� setMasquerade��r��z!FirewallDConfigZone.setMasqueradec��C��r��)Nz%s.addMasquerade()r��r��Tr��ra��r)��r)��r�� addMasquerade"��r ��z!FirewallDConfigZone.addMasqueradec��C��r��)Nz%s.removeMasquerade()r��r��Fr��ra��r)��r)��r��removeMasquerade-��r ��z$FirewallDConfigZone.removeMasqueradec��C��r��)Nz%s.queryMasquerade()r��r��r\|��r)��r)��r��queryMasquerade8��r��z#FirewallDConfigZone.queryMasqueradeza(ssss)c��C��r��)Nz%s.getForwardPorts()� ��r��r\|��r)��r)��r��getForwardPortsA��r��z#FirewallDConfigZone.getForwardPortsc��C��r��)Nz%s.setForwardPorts('[%s]')r��c��s��s0��\|�]}d�\|d�\|d�\|d�\|d�f�V��qdS�)z('%s, '%s', '%s', '%s')r��r��r��Nr)��r��r)��r)��r��r��U��s��z6FirewallDConfigZone.setForwardPorts.<locals>.<genexpr>r��r��r��r)��r)��r��setForwardPortsH��s�� z#FirewallDConfigZone.setForwardPorts�ssssc��C��s��t�\|t�}t�\|t�}t�\|t�}t�\|t�}t�d\|�j\|\|\|\|��\|�j�\|��\|\|t\|�t\|�f}t\|��}\|\|d�v�rGt t jd\|\|\|\|f��\|d��\|��\|�� \|��d�S�)Nz)%s.addForwardPort('%s', '%s', '%s', '%s')r��%s:%s:%s:%sr��r"��r��r��toport�toaddrrB��fwp_idr\��r)��r)��r��addForwardPort\��$�� z"FirewallDConfigZone.addForwardPortc��C��s��t�\|t�}t�\|t�}t�\|t�}t�\|t�}t�d\|�j\|\|\|\|��\|�j�\|��\|\|t\|�t\|�f}t\|��}\|\|d�vrGt t jd\|\|\|\|f��\|d��\|��\|�� \|��d�S�)Nz,%s.removeForwardPort('%s', '%s', '%s', '%s')r��r��r��r��r)��r)��r��removeForwardPortp��r!��z%FirewallDConfigZone.removeForwardPortc��C��sb��t�\|t�}t�\|t�}t�\|t�}t�\|t�}t�d\|�j\|\|\|\|��\|\|t\|�t\|�f}\|\|��d�v�S�)Nz+%s.queryForwardPort('%s', '%s', '%s', '%s')r��r��)r"��r��r��r��r��rB��r��r)��r)��r��queryForwardPort��s�� z$FirewallDConfigZone.queryForwardPortc��C��r��)Nz%s.getInterfaces()� ��r��r\|��r)��r)��r�� getInterfaces��r��z!FirewallDConfigZone.getInterfacesc��C��r��)Nz%s.setInterfaces('[%s]')r��r$��r��)r"��rc��rB��r\��r)��r)��r�� setInterfaces��r��z!FirewallDConfigZone.setInterfacesc��C��st��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d�v�r%t t j\|��\|d��\|��\|�� \|��t\|�jj\|��d�S�)Nz%s.addInterface('%s')r$��)r��r?��r ��r@��r��r��rM��rZ��r^��r��r��r��r��rx��r��r��r0��r"�� interfacerB��r\��r)��r)��r��addInterface��s�� z FirewallDConfigZone.addInterfacec��C��sp��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d�vr%t t j\|��\|d��\|��\|�� \|��td\|��d�S�)Nz%s.removeInterface('%s')r$��)r��r?��r ��r@��r��r��rM��rZ��r^��r��r��r��r��rx��r��r'��r)��r)��r��removeInterface��s�� z#FirewallDConfigZone.removeInterfacec��C��r��)Nz%s.queryInterface('%s')r$��r��)r"��r(��rB��r)��r)��r��queryInterface��s�� z"FirewallDConfigZone.queryInterfacec��C��r��)Nz%s.getSources()��r��r\|��r)��r)��r�� getSources��r��zFirewallDConfigZone.getSourcesc��C��r��)Nz%s.setSources('[%s]')r��r-��r��)r"��rd��rB��r\��r)��r)��r�� setSources��r��zFirewallDConfigZone.setSourcesc��C��r��)Nz%s.addSource('%s')r-��r��r"��rs��rB��r\��r)��r)��r�� addSource��r��zFirewallDConfigZone.addSourcec��C��r��)Nz%s.removeSource('%s')r-��r��r0��r)��r)��r��removeSource��r��z FirewallDConfigZone.removeSourcec��C��r��)Nz%s.querySource('%s')r-��r��)r"��rs��rB��r)��r)��r��querySource��r��zFirewallDConfigZone.querySourcec��C��r��)Nz%s.getRichRules()��r��r\|��r)��r)��r��getRichRules��r��z FirewallDConfigZone.getRichRulesc��C��s\��t�\|t�}t�d\|�jd�\|��\|�j�\|��t\|��}dd��\|D��}\|\|d<�\|�� \|��d�S�)Nz%s.setRichRules('[%s]')r��c��S��s��g�\|�] }t�t\|d��qS�)��rule_str)r?��r ��)r��rr)��r)��r��r��s��z4FirewallDConfigZone.setRichRules.<locals>.<listcomp>r4��r��)r"��rulesrB��r\��r)��r)��r��setRichRules��s�� z FirewallDConfigZone.setRichRulesc��C��st��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}tt \|d��}\|\|d�v�r,t tj\|��\|d�� \|��\|��\|��d�S�)Nz%s.addRichRule('%s')r6��r4��)r��r?��r ��r@��r��r��rM��rZ��r^��r ��r��r��r��r��rx��r"��rulerB��r\��r7��r)��r)��r��addRichRule�� zFirewallDConfigZone.addRichRulec��C��st��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}tt \|d��}\|\|d�vr,t tj\|��\|d�� \|��\|��\|��d�S�)Nz%s.removeRichRule('%s')r6��r4��)r��r?��r ��r@��r��r��rM��rZ��r^��r ��r��r��r��r��rx��r;��r)��r)��r��removeRichRule)��r>��z"FirewallDConfigZone.removeRichRulec��C��s8��t�\|t�}t�d\|�j\|��tt\|d��}\|\|��d�v�S�)Nz%s.queryRichRule('%s')r6��r4��)r��r?��r ��r@��r��r ��r^��)r"��r<��rB��r7��r)��r)��r�� queryRichRule7��s�� z!FirewallDConfigZone.queryRichRuler+��)g�__name__� __module__�__qualname__�__doc__� persistentr��r ��PK_ACTION_CONFIG�default_polkit_auth_requiredr��r��r ��r-��r/��r9��r��PROPERTIES_IFACErC��rK��r��rO��r��signalrR��PK_ACTION_INFO�INTROSPECTABLE_IFACErT��r!��r^��rb��rt��rx��rz��r}��rw��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r ��r ��r��r��r��r��r��r��r��r��r ��r"��r#��r%��r&��r)��r+��r,��r.��r/��r1��r2��r3��r5��r:��r=��r?��r@�� __classcell__r)��r)��r'��r��r��0��s�� r��)"r ��dbus.service�firewallr��firewall.dbus_utilsr��r��r��firewall.core.io.zoner��firewall.core.fw_ifcfgr��firewall.core.baser��firewall.core.richr ��firewall.core.loggerr ��firewall.server.dbusr��firewall.server.decoratorsr��r ��r��r��r��firewall.errorsr��firewall.functionsr��r��r��r��r��r)��r)��r)��r��<module>��s�� PK��,(�Z��u �� __pycache__/dbus.cpython-310.pycnu��[��o ��bhAb��@��sP��d�dl�Z�d�dlmZ�G�dd��de�j�ZG�dd��de�j�ZG�dd��de�jj�ZdS�) ��N)�configc��@��s��e�Zd�Zd�Zdejj�ZdS�)�FirewallDBusExceptionz%s.ExceptionN)�__name__� __module__�__qualname__�__doc__r��dbus�DBUS_INTERFACE�_dbus_error_name��r��r��6/usr/lib/python3/dist-packages/firewall/server/dbus.pyr��s��r��c��e�Zd�Z��fdd�Z��ZS�)�NotAuthorizedExceptionc��s&��t�jjd�\|�_t��d�\|\|��d�S�)Nz.NotAuthorizedExceptionzNot Authorized({}): {})r��r��r ��r ��super�__init__�format)�self� action_id�method�args�kwargs�� __class__r��r��r�� s��zNotAuthorizedException.__init__)r��r��r��r�� __classcell__r��r��r��r��r��r��c��r ��)�DbusServiceObjectc��s^��ddl�m}�t\|��D�]}t\|�\|�}t\|d�r(t\|d�s(\|\|�j�}t\|�\|\|\|��q t��\|��S�)Nr��)�dbus_polkit_require_auth�_dbus_is_method�_polkit_auth_required) �firewall.server.decoratorsr��dir�getattr�hasattr�default_polkit_auth_required�setattrr��__new__)�clsr��r��r�� attr_namer�� _decoratorr��r��r��r%��s�� zDbusServiceObject.__new__)r��r��r��r%��r��r��r��r��r��r��r��r��) r��firewallr�� DBusExceptionr��r��service�Objectr��r��r��r��r��<module>��s ��PK��,(�Zpq)��"��__pycache__/config.cpython-310.pycnu��[��o ��bhAb"��@��sL��d�dl�Z�d�dlZd�dlZd�dlmZ�d�dlmZ�d�dlmZ�d�dl m Z �d�dlmZ�d�dl mZmZmZmZmZmZ�d�dlmZ�d�d lmZ�d�d lmZ�d�dlmZ�d�dlmZ�d�d lmZ�d�dl m!Z!�d�dl"m#Z#�d�dl$m%Z%�d�dl&m'Z'�d�dl(m)Z)�d�dlm+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2�d�dlm3Z3�d�dl4m5Z5�G�dd��de�Z6dS�)��N)�config)�DEFAULT_ZONE_TARGET)�Watcher)�log)�DbusServiceObject)�handle_exceptions�dbus_handle_exceptions�dbus_service_method�dbus_service_method_deprecated�dbus_service_signal_deprecated�dbus_polkit_require_auth)�FirewallDConfigIcmpType)�FirewallDConfigService)�FirewallDConfigZone)�FirewallDConfigPolicy)�FirewallDConfigIPSet)�FirewallDConfigHelper)�IcmpType)�IPSet)�Helper)�LockdownWhitelist)�Direct)�dbus_to_python�command_of_sender�context_of_sender� uid_of_sender�user_of_uid�%dbus_introspection_prepare_properties�!dbus_introspection_add_properties�!dbus_introspection_add_deprecated)�errors)� FirewallErrorc��s��e�Zd�ZdZdZ �ejjZ �e ��fdd��Z e dd��Ze dd��Ze d d ��Z e dd��Ze d d��Ze dd��Ze dd��Ze dd��Ze dd��Ze dd��Ze dd��Ze dd��Ze dd��Ze dd ��Ze d!d"��Ze d#d$��Ze d%d&��Ze d'd(��Ze d)d��Ze d+d,��Ze d-d.��Ze d/d0��Z e!d1d2��Z"e!d3d4��Z#e!d5d6��Z$e%ej&d7d8d9�e!d�d;d<��Z'e%ej&d=d>d9�e!d�d?d@��Z(e)ejj�e%ej&dAdB�e!d�dCdD��Zej+j,ej&dEdF�dGdH��Z-e)ejj.�e%ej/d=dI�e!d��fdJdK� ��Z0e%ejj1e2j3dI�e!d�dLdM��Z4e%ejj1e2j3dB�e!d�dNdO��Z5ej+�,ejj1�e!dPdQ��Z6e%ejj1d=dB�e!d�dRdS��Z7e%ejj1d=dB�e!d�dTdU��Z8e%ejj1d=dVd9�e!d�dWdX��Z9e%ejj1dYdI�e!d�dZd[��Z:e%ejj1d=dB�e!d�d\d]��Z;e%ejj1d=dB�e!d�d^d_��Z<e%ejj1d=dVd9�e!d�d`da��Z=e%ejj1dYdI�e!d�dbdc��Z>e%ejj1d=dB�e!d�ddde��Z?e%ejj1d=dB�e!d�dfdg��Z@e%ejj1d=dVd9�e!d�dhdi��ZAe%ejj1dYdI�e!d�djdk��ZBe%ejj1dldB�e!d�dmdn��ZCe%ejj1dldB�e!d�dodp��ZDe%ejj1dldVd9�e!d�dqdr��ZEe%ejj1dsdI�e!d�dtdu��ZFe%ejjGdvdI�e!d�dwdx��ZHe%ejjGdYdI�e!d�dydz��ZIe%ejjGd=d{d9�e!d�d\|d}��ZJe%ejjGd=eKj3�d{d9�e!d�d~d��ZLej+j,ejjGd=dF�e!d�d��ZMe%ejjGdvdI�e!d�d�d��ZNe%ejjGdYdI�e!d�d�d��ZOe%ejjGd=d{d9�e!d�d�d��ZPe%ejjGd=eQj3�d{d9�e!d�d�d��ZRej+j,ejjGd=dF�e!d�d��ZSe%ejjGdvdI�e!d�d�d��ZTe%ejjGdYdI�e!d�d�d��ZUe%ejjGd=d{d9�e!d�d�d��ZVe%ejjGd�d{d9�e!d�d�d��ZWe%ejjGd�d{d9�e!d�d�d��ZXej+j,ejjGd=dF�e!d�d��ZYe%ejjGdvdI�e!d�d�d��ZZe%ejjGdYdI�e!d�d�d��Z[e%ejjGd=d{d9�e!d�d�d��Z\e%ejjGd=d=d9�e!d�d�d��Z]e%ejjGd=d=d9�e!d�d�d��Z^e%ejjGd�d{d9�e!d�d�d��Z_e%ejjGd�d{d9�e!d�d�d��Z`ej+j,ejjGd=dF�e!d�d��Zae%ejjGdvdI�e!d�d�d��Zbe%ejjGdYdI�e!d�d�d��Zce%ejjGd=d{d9�e!d�d�d��Zde%ejjGd�d{d9�e!d�d�d��Zeej+j,ejjGd=dF�e!d�d��Zfe%ejjGdvdI�e!d�d�d��Zge%ejjGdYdI�e!d�d�d��Zhe%ejjGd=d{d9�e!d�d�d��Zie%ejjGd=ejj3�d{d9�e!d�d�d��Zkej+j,ejjGd=dF�e!d�d��Zlemejjn�e%ejjneoj3dI�e!d�d�d��Zpemejjn�e%ejjneoj3dB�e!d�d�d��Zqerejjn�ej+�,ejjn�e!d�dĄ��Zsemejjn�e%ejjnd�dB�e!d�d�dǄ��Ztemejjn�e%ejjnd�dB�e!d�d�dɄ��Zuemejjn�e%ejjnd�dVd9�e!d�d�d˄��Zvemejjn�e%ejjnd7dYd9�e!d�d�d̈́��Zwemejjn�e%ejjnd�d�d9�e!d�d�dф��Zxemejjn�e%ejjnd�dB�e!d�d�dԄ��Zyemejjn�e%ejjnd�dB�e!d�d�dք��Zzemejjn�e%ejjnd�dVd9�e!d�d�d؄��Z{emejjn�e%ejjnd�dB�e!d�d�dڄ��Z\|emejjn�e%ejjnd�d�d9�e!d�d�d݄��Z}emejjn�e%ejjnd�d�d9�e!d�d�d��Z~emejjn�e%ejjnd�dB�e!d�d�d��Zemejjn�e%ejjnd�dB�e!d�d�d��Z�emejjn�e%ejjnd�dVd9�e!d�d�d��Z�emejjn�e%ejjnd=d�d9�e!d�d�d��Z�emejjn�e%ejjnd�dI�e!d�d�d��Z��Z�S�)��FirewallDConfigzFirewallD main classTc��s��t�t\|��j\|i�\|��\|\|�_\|d�\|�_\|d�\|�_\|��t\|�jd�\|�_ \|�j � tj��\|�j � tj��\|�j � tj ��\|�j � tj��\|�j � tj��\|�j � tj��\|�j � tj��\|�j � tj��\|�j � tj��\|�j � tj��\|�j � tj��\|�j � tj��tj�tj�r�tt�tj��D�]}dtj\|f�}tj�\|�r�\|�j � \|��q�\|�j �tj��\|�j �tj��\|�j �tj��t \|�tj!j"ddddddddddddd��d�S�)Nr��z%s/%s� readwrite)� CleanupOnExit�CleanupModulesOnExit� IPv6_rpfilter�Lockdown�MinimalMark�IndividualCalls� LogDenied�AutomaticHelpers�FirewallBackend�FlushAllOnReload�RFC3964_IPv4�AllowZoneDrifting)#�superr"��__init__r��busname�path� _init_varsr�� watch_updater�watcher� add_watch_dir�FIREWALLD_IPSETS�ETC_FIREWALLD_IPSETS�FIREWALLD_ICMPTYPES�ETC_FIREWALLD_ICMPTYPES�FIREWALLD_HELPERS�ETC_FIREWALLD_HELPERS�FIREWALLD_SERVICES�ETC_FIREWALLD_SERVICES�FIREWALLD_ZONES�ETC_FIREWALLD_ZONES�FIREWALLD_POLICIES�ETC_FIREWALLD_POLICIES�os�exists�sorted�listdir�isdir�add_watch_file�LOCKDOWN_WHITELIST�FIREWALLD_DIRECT�FIREWALLD_CONFr��dbus�DBUS_INTERFACE_CONFIG)�self�conf�args�kwargs�filenamer5�� __class__��8/usr/lib/python3/dist-packages/firewall/server/config.pyr3��D��sV�� zFirewallDConfig.__init__c��C��s��g�\|�_�d\|�_g�\|�_d\|�_g�\|�_d\|�_g�\|�_d\|�_g�\|�_d\|�_ g�\|�_ d\|�_\|�j� ��D�]}\|��\|�j�\|��q)\|�j��D�]}\|��\|�j�\|��q:\|�j��D�]}\|��\|�j�\|��qK\|�j��D�]}\|��\|�j�\|��q\\|�j��D�]}\|��\|�j�\|��qm\|�j��D�]}\|��\|�j�\|��q~d�S��Nr��)�ipsets� ipset_idx� icmptypes�icmptype_idx�services�service_idx�zones�zone_idx�helpers� helper_idx�policy_objects�policy_object_idxr�� get_ipsets� _addIPSet� get_ipset� get_icmptypes�_addIcmpType�get_icmptype�get_services�_addService�get_service� get_zones�_addZone�get_zone�get_helpers� _addHelper� get_helper�get_policy_objects� _addPolicy�get_policy_object)rQ��ipset�icmptype�service�zone�helper�policyrX��rX��rY��r6��r��s2��zFirewallDConfig._init_varsc��C��s��d�S��NrX��rQ��rX��rX��rY��__del__��s��zFirewallDConfig.__del__c��C��s,��t�\|�j�dkr\|�j��}\|��~t�\|�j�dkst�\|�j�dkr0\|�j��}\|��~t�\|�j�dkst�\|�j�dkrH\|�j��}\|��~t�\|�j�dks7t�\|�j�dkr`\|�j��}\|��~t�\|�j�dksOt�\|�j�dkrx\|�j��}\|��~t�\|�j�dksgt�\|�j�dkr�\|�j��}\|��~t�\|�j�dks\|�� d�S�rZ��) �lenr[��pop� unregisterr]��r_��ra��rc��re��r6��)rQ��itemrX��rX��rY��reload��s>�� zFirewallDConfig.reloadc�� C��s��\|t�jkri\|��t�jj�}t�dt�j��z\|�j��W�n�ty6�}�zt� d\|\|f��W�Y�d�}~d�S�d�}~ww�\|��t�jj�� }t\|��D�]}\|\|v�rW\|\|�\|\|�krW\|\|=�qFt \|�dkrg\|��t�jj\|g��d�S�\|�t�j�su\|�t�j�r�\|�d�r�z \|�j��\|�\}}W�n�ty��}�zt� d\|\|f��W�Y�d�}~d�S�d�}~ww�\|dkr�\|��\|��d�S�\|dkr�\|��\|��d�S�\|dkr�\|��\|��d�S�d�S�\|�t�j�s�\|�t�j��r$\|�d��r$z \|�j��\|�\}}W�n�ty��}�zt� d \|\|f��W�Y�d�}~d�S�d�}~ww�\|dk�r \|��\|��d�S�\|dk�r\|��\|��d�S�\|dk�r"\|��\|��d�S�d�S�\|�t�j��s2\|�t�j��r�\|�d��r�z \|�j��\|�\}}W�n�t�y_�}�zt� d \|\|f��W�Y�d�}~d�S�d�}~ww�\|dk�rl\|�� \|��d�S�\|dk�rx\|��!\|��d�S�\|dk�r�\|��"\|��d�S�d�S�\|�t�j��r�\|�#t�jd��$d�}t \|�d k��s�d\|v��r�d�S�t%j&�'\|��r�\|�j(�)\|��s�\|�j(�\|��d�S�d�S�\|�j(�)\|��r�\|�j(�+\|��d�S�d�S�d�S�\|�t�j,��s�\|�t�j-��r2\|�d��r2z \|�j��.\|�\}}W�n�t�y�}�zt� d\|\|f��W�Y�d�}~d�S�d�}~ww�\|dk�r\|��/\|��d�S�\|dk�r$\|��0\|��d�S�\|dk�r0\|��1\|��d�S�d�S�\|�t�j2��s@\|�t�j3��r�\|�d��r�z \|�j��4\|�\}}W�n�t�ym�}�zt� d\|\|f��W�Y�d�}~d�S�d�}~ww�\|dk�rz\|��5\|��d�S�\|dk�r�\|��6\|��d�S�\|dk�r�\|��7\|��d�S�d�S�\|t�j8k�r�z\|�j��9��W�n�t�y��}�zt� d\|\|f��W�Y�d�}~d�S�d�}~ww�\|��:��d�S�\|t�j;k�r�z\|�j��<��W�n�t�y��}�zt� d\|\|f��W�Y�d�}~d�S�d�}~ww�\|��=��d�S�\|�t�j>��s\|�t�j?��rX\|�d��rVz \|�j��@\|�\}}W�n�t�y1�}�zt� d\|\|f��W�Y�d�}~d�S�d�}~ww�\|dk�r>\|��A\|��d�S�\|dk�rJ\|��B\|��d�S�\|dk�rZ\|��C\|��d�S�d�S�d�S�d�S�)Nz,config: Reloading firewalld config file '%s'z+Failed to load firewalld.conf file '%s': %sr��z.xmlz%Failed to load icmptype file '%s': %s�new�remove�updatez$Failed to load service file '%s': %sz!Failed to load zone file '%s': %s��/r#��z"Failed to load ipset file '%s': %sz#Failed to load helper file '%s': %sz/Failed to load lockdown whitelist file '%s': %sz)Failed to load direct rules file '%s': %sz#Failed to load policy file '%s': %s)Dr��rN��GetAllrO��rP��r��debug1�update_firewalld_conf� Exception�error�copy�list�keysr��PropertiesChanged� startswithr<��r=��endswith�update_icmptype_from_pathrk��removeIcmpType�_updateIcmpTyper@��rA��update_service_from_pathrn�� removeService�_updateServicerB��rC��update_zone_from_pathrq�� removeZone�_updateZone�replace�striprF��r5��rJ��r8�� has_watchr9��remove_watchr:��r;��update_ipset_from_pathrh��removeIPSet�_updateIPSetr>��r?��update_helper_from_pathrt��removeHelper� _updateHelperrL��update_lockdown_whitelist�LockdownWhitelistUpdatedrM�� update_direct�UpdatedrD��rE��update_policy_object_from_pathrw��removePolicy� _updatePolicy) rQ��name� old_props�msg�props�key�what�obj�_namerX��rX��rY��r7��s`�� zFirewallDConfig.watch_updaterc�� C��P��t�\|�\|�j\|\|�j\|�jdtjj\|�jf��}\|�j�\|��\|��jd7��_\|��\|j ��\|S��Nz%s/%dr#��) r ��r��r^��r4��rO��DBUS_PATH_CONFIG_ICMPTYPEr]��append� IcmpTypeAddedr��)rQ��r��config_icmptyperX��rX��rY��rk��?��s��zFirewallDConfig._addIcmpTypec��C��L��\|�j�D�] }\|jj\|jkr#\|jj\|jkr#\|jj\|jkr#\|\|_\|�\|j��qd�S�r��)r]��r��r��r5��rU��r��)rQ��r��rz��rX��rX��rY��r��K�� zFirewallDConfig._updateIcmpTypec��C��d}\|�j�D�]%}\|��}\|j\|\|�v�r\|\|��\|j��\|�j�\|j\|�\|_\|�\|jj��q\|�jD�])}\|��}d\|v�rW\|j\|d�v�rW\|d��\|j��\|�j� \|j\|�\|_\|�\|jj��q.\|�j D�]}\|j\|krs\|�\|j��\|��\|�j �\|��~q[d�S�)N��icmp_blocks) ra��getSettingsr��r��r��set_zone_configr��r��re��set_policy_object_config_dictr]��Removedr��)rQ��r��indexr\|��settingsr~��rz��rX��rX��rY��r��T��.�� zFirewallDConfig.removeIcmpTypec�� C��r��r��) r��r��r`��r4��rO��DBUS_PATH_CONFIG_SERVICEr_��r��ServiceAddedr��)rQ��r��config_servicerX��rX��rY��rn��n��zFirewallDConfig._addServicec��C��r��r��)r_��r��r��r5��rU��r��)rQ��r��r{��rX��rX��rY��r��y��r��zFirewallDConfig._updateServicec��C��r��)Nr$��r_��) ra��r��r��r��r��r��r��r��re��r��r_��r��r��)rQ��r��r��r\|��r��r~��r{��rX��rX��rY��r��r��zFirewallDConfig.removeServicec�� C��r��r��) r��r��rb��r4��rO��DBUS_PATH_CONFIG_ZONEra��r�� ZoneAddedr��)rQ��r��config_zonerX��rX��rY��rq��r��zFirewallDConfig._addZonec��C��r��r��)ra��r��r��r5��rU��r��rQ��r��r\|��rX��rX��rY��r�� zFirewallDConfig._updateZonec��C��<��\|�j�D�]}\|j\|kr\|�\|j��\|��\|�j��\|��~qd�S�r��)ra��r��r��r��r��r��r��rX��rX��rY��r�� zFirewallDConfig.removeZonec�� C��r��r��) r��r��rf��r4��rO��DBUS_PATH_CONFIG_POLICYre��r��PolicyAddedr��)rQ��r�� config_policyrX��rX��rY��rw��r��zFirewallDConfig._addPolicyc��C��r��r��)re��r��r��r5��rU��r��rQ��r��r~��rX��rX��rY��r��r��zFirewallDConfig._updatePolicyc��C��r��r��)re��r��r��r��r��r��r��rX��rX��rY��r��r��zFirewallDConfig.removePolicyc�� C��r��r��) r��r��r\��r4��rO��DBUS_PATH_CONFIG_IPSETr[��r�� IPSetAddedr��)rQ��r��config_ipsetrX��rX��rY��rh��r��zFirewallDConfig._addIPSetc��C��r��r��)r[��r��r��r5��rU��r��rQ��r��ry��rX��rX��rY��r��r��zFirewallDConfig._updateIPSetc��C��r��r��)r[��r��r��r��r��r��r��rX��rX��rY��r��r��zFirewallDConfig.removeIPSetc�� C��r��r��) r��r��rd��r4��rO��DBUS_PATH_CONFIG_HELPERrc��r��HelperAddedr��)rQ��r�� config_helperrX��rX��rY��rt��r��zFirewallDConfig._addHelperc��C��r��r��)rc��r��r��r5��rU��r��rQ��r��r}��rX��rX��rY��r��r��zFirewallDConfig._updateHelperc��C��r��r��)rc��r��r��r��r��r��r��rX��rX��rY��r��r��zFirewallDConfig.removeHelperc��C��s��\|�j��rQ\|d�u�rt�d��d�S�t��}t\|\|�}\|�j��d\|�r"d�S�t\|\|�}\|�j��d\|�r0d�S�t \|�}\|�j��d\|�r=d�S�t \|\|�}\|�j��d\|�rKd�S�ttj d��d�S�)Nz&Lockdown not possible, sender not set.�context�uid�user�commandzlockdown is enabled)r��lockdown_enabledr��r��rO�� SystemBusr��access_checkr��r��r��r!��r �� ACCESS_DENIED)rQ��sender�busr��r��r��r��rX��rX��rY��accessCheck��s&�� zFirewallDConfig.accessCheckc��C��s��\|dvrt�j�d\|��\|�j��\|�}\|dkr$\|d�u�rtj}t��\|�S�\|dkr9\|d�u�r0tj}nt \|�}t�� \|�S�\|dkrM\|d�u�rHtjrFdnd}t��\|�S�\|dkra\|d�u�r\tjrZdnd}t��\|�S�\|d kru\|d�u�rptj rndnd}t��\|�S�\|d kr�\|d�u�r�tjr�dnd}t��\|�S�\|dkr�\|d�u�r�tjr�dnd}t��\|�S�\|dkr�\|d�u�r�tj}t��\|�S�\|d kr�\|d�u�r�tj}t��\|�S�\|dkr�\|d�u�r�tj}t��\|�S�\|dkr�\|d�u�r�tjr�dnd}t��\|�S�\|dkr�\|d�u�r�tjr�dnd}t��\|�S�\|dk�r\|d�u��rtj�rdnd}t��\|�S�d�S�)N� �DefaultZoner��r&��r'��r)��r(��r+��r,��r-��r.��r/��r0��r1��Dorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not existr��r��r&��yes�nor'��r)��r(��r+��r,��r-��r.��r/��r0��r1��)rO�� exceptions� DBusExceptionr��get_firewalld_conf�get� FALLBACK_ZONE�String�FALLBACK_MINIMAL_MARK�int�Int32�FALLBACK_CLEANUP_ON_EXIT� FALLBACK_CLEANUP_MODULES_ON_EXIT�FALLBACK_LOCKDOWN�FALLBACK_IPV6_RPFILTER�FALLBACK_INDIVIDUAL_CALLS�FALLBACK_LOG_DENIED�FALLBACK_AUTOMATIC_HELPERS�FALLBACK_FIREWALL_BACKEND�FALLBACK_FLUSH_ALL_ON_RELOAD�FALLBACK_RFC3964_IPV4�FALLBACK_ALLOW_ZONE_DRIFTING)rQ��prop�valuerX��rX��rY�� _get_property)��sz�� zFirewallDConfig._get_propertyc��C��sH��\|dkrt��\|��\|��S�\|dkrt��\|��\|��S�\|dkr$t��\|��\|��S�\|dkr0t��\|��\|��S�\|dkr<t��\|��\|��S�\|dkrHt��\|��\|��S�\|dkrTt��\|��\|��S�\|dkr`t��\|��\|��S�\|d krlt��\|��\|��S�\|d krxt��\|��\|��S�\|dkr�t��\|��\|��S�\|dkr�t��\|��\|��S�\|d kr�t��\|��\|��S�t�j�d\|��)Nr��r��r&��r'��r)��r(��r+��r,��r-��r.��r/��r0��r1��r��)rO��r��r��r��r��r��)rQ��r��rX��rX��rY��_get_dbus_propertym��s>��z"FirewallDConfig._get_dbus_property�ss�v)�in_signature� out_signatureNc��C��sl��t�\|t�}t�\|t�}t�d\|\|��\|tjjkr\|��\|�S�\|tjjtjj fv�r.tj �d\|��tj �d\|��)Nzconfig.Get('%s', '%s')r��Jorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r��strr��r��r��rO��rP��r ��DBUS_INTERFACE_CONFIG_DIRECT�DBUS_INTERFACE_CONFIG_POLICIESr��r��)rQ��interface_name� property_namer��rX��rX��rY��Get��s$�� zFirewallDConfig.Get�sza{sv}c��C��st��t�\|t�}t�d\|��i�}\|tjjkr dD�] }\|��\|�\|\|<�qn\|tjjtjj fv�r+ntj �d\|��tj\|dd�S�)Nzconfig.GetAll('%s')r��r��sv�� signature) r��r��r��r��r��rO��rP��r��r��r��r��r�� Dictionary)rQ��r��r��ret�xrX��rX��rY��r��s"�� zFirewallDConfig.GetAll�ssv)r��c��C��sZ��t�\|t�}t�\|t�}t�\|�}t�d\|\|\|��\|��\|��\|tjjkr�\|dv�r�\|dv�r:\|��dvr9t t jd\|\|f��n0\|dkrN\|tjvrMt t jd\|\|f��n\|dkrb\|tj vrat t jd\|\|f��ntj�d\|��\|�j��\|\|��\|�j��\|��\|\|\|ig��d�S�\|d v�r�d�S�tj�d\|��\|tjjtjjfv�r�tj�d\|��tj�d \|��)Nzconfig.Set('%s', '%s', '%s')) r&��r'��r)��r(��r+��r,��r.��r/��r0��)r&��r'��r)��r(��r+��r/��r0��)r��r��true�falsez'%s' for %sr,��r.��r��)r��r-��r1��r��)r��r��r��r��r��r��rO��rP��lowerr!��r �� INVALID_VALUE�LOG_DENIED_VALUES�FIREWALL_BACKEND_VALUESr��r��r��set�writer��r��r��)rQ��r��r�� new_valuer��rX��rX��rY��Set��s~�� zFirewallDConfig.Setzsa{sv}asr��c��C��s.��t�\|t�}t�\|�}t�\|�}t�d\|\|\|��d�S�)Nzconfig.PropertiesChanged('%s', '%s', '%s')�r��r��r��r��)rQ��r��changed_properties�invalidated_propertiesrX��rX��rY��r��s�� z!FirewallDConfig.PropertiesChanged)r ��c��s`��t��d��tt\|��\|�j\|�j��}t\|�\|t j j�}t j jfD�]}t \|�\|\|t��jt��j�}q\|S�)Nzconfig.Introspect())r��debug2r2��r"�� Introspectr5��r4��get_busr��r��rO��rP��r��r��r �� deprecatedr��)rQ��r��data� interfacerV��rX��rY��r+��s�� zFirewallDConfig.Introspectc��C��s��t��d��\|�j��j��S�)Nz&config.policies.getLockdownWhitelist())r��r��r��get_policies�lockdown_whitelist� export_config�rQ��r��rX��rX��rY��getLockdownWhitelist��s�� z$FirewallDConfig.getLockdownWhitelistc��C��sB��t��d��t\|�}\|�j��j�\|i��\|�j��j��\|��d�S�)Nz)config.policies.setLockdownWhitelist(...)) r��r��r��r��r0��r1�� import_configr$��r��rQ��r��r��rX��rX��rY��setLockdownWhitelist"��s �� z$FirewallDConfig.setLockdownWhitelistc��C��t��d��d�S�)Nzconfig.policies.LockdownWhitelistUpdated()�r��r��r��rX��rX��rY��r��,��s��z(FirewallDConfig.LockdownWhitelistUpdatedc��C��^��t�\|�}t�d\|��\|��\|��t\|��}\|\|d�v�r!ttj\|��\|d�� \|��\|�� \|��d�S�)Nz1config.policies.addLockdownWhitelistCommand('%s')r��r��r��r��r��r��r4��r!��r ��ALREADY_ENABLEDr��r7��rQ��r��r��r��rX��rX��rY��addLockdownWhitelistCommand3�� z+FirewallDConfig.addLockdownWhitelistCommandc��C��^��t�\|�}t�d\|��\|��\|��t\|��}\|\|d�vr!ttj\|��\|d�� \|��\|�� \|��d�S�)Nz4config.policies.removeLockdownWhitelistCommand('%s')r��r��r��r��r��r��r4��r!��r ��NOT_ENABLEDr��r7��r=��rX��rX��rY��removeLockdownWhitelistCommand@�� z.FirewallDConfig.removeLockdownWhitelistCommand�bc��C��$��t�\|�}t�d\|��\|\|��d�v�S�)Nz3config.policies.queryLockdownWhitelistCommand('%s')r��r��r��r��r4��)rQ��r��r��rX��rX��rY��queryLockdownWhitelistCommandN�� z-FirewallDConfig.queryLockdownWhitelistCommand�asc��C��t��d��\|��d�S�)Nz.config.policies.getLockdownWhitelistCommands()r��r��r��r4��r3��rX��rX��rY��getLockdownWhitelistCommandsW�� z,FirewallDConfig.getLockdownWhitelistCommandsc��C��r:��)Nz1config.policies.addLockdownWhitelistContext('%s')r#��r;��rQ��r��r��r��rX��rX��rY��addLockdownWhitelistContext`��r?��z+FirewallDConfig.addLockdownWhitelistContextc��C��r@��)Nz4config.policies.removeLockdownWhitelistContext('%s')r#��rA��rO��rX��rX��rY��removeLockdownWhitelistContextm��rD��z.FirewallDConfig.removeLockdownWhitelistContextc��C��rF��)Nz3config.policies.queryLockdownWhitelistContext('%s')r#��rG��)rQ��r��r��rX��rX��rY��queryLockdownWhitelistContext{��rI��z-FirewallDConfig.queryLockdownWhitelistContextc��C��rK��)Nz.config.policies.getLockdownWhitelistContexts()r#��rL��r3��rX��rX��rY��getLockdownWhitelistContexts��rN��z,FirewallDConfig.getLockdownWhitelistContextsc��C��r:��)Nz.config.policies.addLockdownWhitelistUser('%s')��r;��rQ��r��r��r��rX��rX��rY��addLockdownWhitelistUser��r?��z(FirewallDConfig.addLockdownWhitelistUserc��C��r@��)Nz1config.policies.removeLockdownWhitelistUser('%s')rT��rA��rU��rX��rX��rY��removeLockdownWhitelistUser��r?��z+FirewallDConfig.removeLockdownWhitelistUserc��C��rF��)Nz0config.policies.queryLockdownWhitelistUser('%s')rT��rG��)rQ��r��r��rX��rX��rY��queryLockdownWhitelistUser��zFirewallDConfig.queryLockdownWhitelistUserc��C��rK��)Nz+config.policies.getLockdownWhitelistUsers()rT��rL��r3��rX��rX��rY��getLockdownWhitelistUsers��rN��z)FirewallDConfig.getLockdownWhitelistUsers�ic��C��r:��)Nz+config.policies.addLockdownWhitelistUid(%d)��r;��rQ��r��r��r��rX��rX��rY��addLockdownWhitelistUid��r?��z'FirewallDConfig.addLockdownWhitelistUidc��C��r@��)Nz.config.policies.removeLockdownWhitelistUid(%d)r\��rA��r]��rX��rX��rY��removeLockdownWhitelistUid��r?��zFirewallDConfig.removeLockdownWhitelistUidc��C��rF��)Nz-config.policies.queryLockdownWhitelistUid(%d)r\��rG��)rQ��r��r��rX��rX��rY��queryLockdownWhitelistUid��rY��z)FirewallDConfig.queryLockdownWhitelistUid�aic��C��rK��)Nzconfig.policies.getLockdownWhitelistUids()r\��rL��r3��rX��rX��rY��getLockdownWhitelistUids��rN��z(FirewallDConfig.getLockdownWhitelistUids�aoc��C��t��d��\|�jS�)z"list ipsets objects paths zconfig.listIPSets())r��r��r[��r3��rX��rX��rY�� listIPSets�� zFirewallDConfig.listIPSetsc��C��0��t��d��g�}\|�jD�] }\|�\|jj��q t\|�S�)zget ipset names zconfig.getIPSetNames())r��r��r[��r��r��r��rH��)rQ��r��r[��r��rX��rX��rY�� getIPSetNames�� zFirewallDConfig.getIPSetNames�oc��C��B��t�\|t�}t�d\|��\|�jD�]}\|jj\|kr\|��S�qttj \|��)z-object path of ipset with given name zconfig.getIPSetByName('%s')) r��r��r��r��r[��r��r��r!��r �� INVALID_IPSET)rQ��ry��r��r��rX��rX��rY��getIPSetByName�� zFirewallDConfig.getIPSetByNamec��C��D��t�\|t�}t�\|�}t�d\|��\|��\|��\|�j�\|\|�}\|��\|�}\|S�)z/add ipset with given name and settings zconfig.addIPSet('%s'))r��r��r��r��r��r�� new_ipsetrh��)rQ��ry��r��r��r��r��rX��rX��rY��addIPSet�� zFirewallDConfig.addIPSetc��C��t�\|t�}t�d\|��d�S�)Nzconfig.IPSetAdded('%s')r'��)rQ��ry��rX��rX��rY��r�� zFirewallDConfig.IPSetAddedc��C��rd��)z%list icmptypes objects paths zconfig.listIcmpTypes())r��r��r]��r3��rX��rX��rY�� listIcmpTypes��rf��zFirewallDConfig.listIcmpTypesc��C��rg��)zget icmptype names zconfig.getIcmpTypeNames())r��r��r]��r��r��r��rH��)rQ��r��r]��r��rX��rX��rY��getIcmpTypeNames$��ri��z FirewallDConfig.getIcmpTypeNamesc��C��rk��)z0object path of icmptype with given name zconfig.getIcmpTypeByName('%s')) r��r��r��r��r]��r��r��r!��r ��INVALID_ICMPTYPE)rQ��rz��r��r��rX��rX��rY��getIcmpTypeByName/��rn��z!FirewallDConfig.getIcmpTypeByNamec��C��ro��)z2add icmptype with given name and settings zconfig.addIcmpType('%s'))r��r��r��r��r��r��new_icmptyperk��)rQ��rz��r��r��r��r��rX��rX��rY��addIcmpType<��rr��zFirewallDConfig.addIcmpTypec��C��t��d\|��d�S�)Nzconfig.IcmpTypeAdded('%s')r9��)rQ��rz��rX��rX��rY��r��K��zFirewallDConfig.IcmpTypeAddedc��C��rd��)z$list services objects paths zconfig.listServices())r��r��r_��r3��rX��rX��rY��listServicesR��rf��zFirewallDConfig.listServicesc��C��rg��)zget service names zconfig.getServiceNames())r��r��r_��r��r��r��rH��)rQ��r��r_��r��rX��rX��rY��getServiceNamesZ��ri��zFirewallDConfig.getServiceNamesc��C��rk��)z/object path of service with given name zconfig.getServiceByName('%s')) r��r��r��r��r_��r��r��r!��r ��INVALID_SERVICE)rQ��r{��r��r��rX��rX��rY��getServiceByNamee��rn��z FirewallDConfig.getServiceByNamezs(sssa(ss)asa{ss}asa(ss))c��C��ro��)�1add service with given name and settings zconfig.addService('%s'))r��r��r��r��r��r��new_servicern��rQ��r{��r��r��r��r��rX��rX��rY�� addServicer��rr��zFirewallDConfig.addServicezsa{sv}c��C��ro��)r��zconfig.addService2('%s'))r��r��r��r��r��r��new_service_dictrn��r��rX��rX��rY��addService2��rr��zFirewallDConfig.addService2c��C��r{��)Nzconfig.ServiceAdded('%s')r9��)rQ��r{��rX��rX��rY��r��r\|��zFirewallDConfig.ServiceAddedc��C��rd��)z!list zones objects paths zconfig.listZones())r��r��ra��r3��rX��rX��rY�� listZones��rf��zFirewallDConfig.listZonesc��C��rg��)zget zone names zconfig.getZoneNames())r��r��ra��r��r��r��rH��)rQ��r��ra��r��rX��rX��rY��getZoneNames��ri��zFirewallDConfig.getZoneNamesc��C��rk��)z,object path of zone with given name zconfig.getZoneByName('%s')) r��r��r��r��ra��r��r��r!��r ��INVALID_ZONE)rQ��r\|��r��r��rX��rX��rY�� getZoneByName��rn��zFirewallDConfig.getZoneByNamec��C��v��t�\|t�}t�d\|��g�}\|�jD�]}\|\|jjv�r\|�\|jj��qt \|�dkr3d� \|�d\|t \|�f��S�\|r9\|d�S�dS�)z4name of zone the given interface belongs to zconfig.getZoneOfInterface('%s')r#�� zE (ERROR: interface '%s' is in %s zone XML files, can be only in one)r��r��)r��r��r��r��ra��r�� interfacesr��r��r��join)rQ��ifacer��r��r��rX��rX��rY��getZoneOfInterface�� z"FirewallDConfig.getZoneOfInterfacec��C��r��)z1name of zone the given source belongs to zconfig.getZoneOfSource('%s')r#��r��zB (ERROR: source '%s' is in %s zone XML files, can be only in one)r��r��)r��r��r��r��ra��r��sourcesr��r��r��r��)rQ��sourcer��r��r��rX��rX��rY��getZoneOfSource��r��zFirewallDConfig.getZoneOfSourcez's(sssbsasa(ss)asba(ssss)asasasasa(ss)b)c��C��sh��t�\|t�}t�\|�}t�d\|��\|��\|��\|d�dkr&t\|�}t\|d<�t\|�}\|�j� \|\|�}\|�� \|�}\|S�)�.add zone with given name and settings �config.addZone('%s')��default)r��r��r��r��r��r��r��tupler��new_zonerq��)rQ��r\|��r��r�� _settingsr��r��rX��rX��rY��addZone��s�� zFirewallDConfig.addZonec��C��s`��t�\|t�}t�\|�}t�d\|��\|��\|��d\|v�r"\|d�dkr"t\|d<�\|�j�\|\|�}\|��\|�}\|S�)r��r��targetr��) r��r��r��r��r��r��r�� new_zone_dictrq��)rQ��r\|��r��r��r��r��rX��rX��rY��addZone2��s�� zFirewallDConfig.addZone2c��C��r{��)Nzconfig.ZoneAdded('%s')r9��)rQ��r\|��rX��rX��rY��r��r\|��zFirewallDConfig.ZoneAddedc��C��rd��)z$list policies objects paths zconfig.listPolicies())r��r��re��r3��rX��rX��rY��listPolicies��rf��zFirewallDConfig.listPoliciesc��C��rg��)zget policy names zconfig.getPolicyNames())r��r��re��r��r��r��rH��)rQ��r��policiesr��rX��rX��rY��getPolicyNames��ri��zFirewallDConfig.getPolicyNamesc��C��rk��)z.object path of policy with given name zconfig.getPolicyByName('%s')) r��r��r��r��re��r��r��r!��r ��INVALID_POLICY)rQ��r~��r��r��rX��rX��rY��getPolicyByName��rn��zFirewallDConfig.getPolicyByNamec��C��ro��)z0add policy with given name and settings zconfig.addPolicy('%s'))r��r��r��r��r��r��new_policy_object_dictrw��)rQ��r~��r��r��r��r��rX��rX��rY�� addPolicy+��rr��zFirewallDConfig.addPolicyc��C��r{��)Nzconfig.PolicyAdded('%s')r9��)rQ��r~��rX��rX��rY��r��:��r\|��zFirewallDConfig.PolicyAddedc��C��rd��)z#list helpers objects paths zconfig.listHelpers())r��r��rc��r3��rX��rX��rY��listHelpersC��rf��zFirewallDConfig.listHelpersc��C��rg��)zget helper names zconfig.getHelperNames())r��r��rc��r��r��r��rH��)rQ��r��rc��r��rX��rX��rY��getHelperNamesK��ri��zFirewallDConfig.getHelperNamesc��C��rk��)z.object path of helper with given name zconfig.getHelperByName('%s')) r��r��r��r��rc��r��r��r!��r ��INVALID_HELPER)rQ��r}��r��r��rX��rX��rY��getHelperByNameV��rn��zFirewallDConfig.getHelperByNamec��C��ro��)z0add helper with given name and settings zconfig.addHelper('%s'))r��r��r��r��r��r�� new_helperrt��)rQ��r}��r��r��r��r��rX��rX��rY�� addHelperc��rr��zFirewallDConfig.addHelperc��C��rs��)Nzconfig.HelperAdded('%s')r'��)rQ��r}��rX��rX��rY��r��r��rt��zFirewallDConfig.HelperAddedc��C��s��t��d��\|�j��S�)Nzconfig.direct.getSettings())r��r��r�� get_directr2��r3��rX��rX��rY��r��{��s�� zFirewallDConfig.getSettingsc��C��s>��t��d��t\|�}\|�j��\|i��\|�j��\|��d�S�)Nzconfig.direct.update())r��r��r��r��r��r5��r$��r��r6��rX��rX��rY��r��s �� zFirewallDConfig.updatec��C��r8��)Nzconfig.direct.Updated()r9��r��rX��rX��rY��r��s��zFirewallDConfig.Updated�sssc��C��s��t�\|�}t�\|�}t�\|�}t�d\|\|\|f��\|��\|��t\|\|\|f�}t\|��}\|\|d�v�r9ttj d\|\|\|f��\|d�� \|��\|��\|��d�S�)Nz(config.direct.addChain('%s', '%s', '%s')r��z chain '%s' already is in '%s:%s')r��r��r��r��r��r��r��r!��r ��r<��r��r��rQ��ipv�table�chainr��idxr��rX��rX��rY��addChain��s"�� zFirewallDConfig.addChainc��C��s��t�\|�}t�\|�}t�\|�}t�d\|\|\|f��\|��\|��t\|\|\|f�}t\|��}\|\|d�vr9ttj d\|\|\|f��\|d�� \|��\|��\|��d�S�)Nz+config.direct.removeChain('%s', '%s', '%s')r��zchain '%s' is not in '%s:%s')r��r��r��r��r��r��r��r!��r ��rB��r��r��r��rX��rX��rY��removeChain��s"�� zFirewallDConfig.removeChainc��C��sJ��t�\|�}t�\|�}t�\|�}t�d\|\|\|f��t\|\|\|f�}\|\|��d�v�S�)Nzconfig.direct.queryChain('%s', '%s', '%s')r��)r��r��r��r��r��)rQ��r��r��r��r��r��rX��rX��rY�� queryChain��s��zFirewallDConfig.queryChainc��C��sb��t�\|�}t�\|�}t�d\|\|f��g�}\|��d�D�]}\|d�\|kr.\|d�\|kr.\|�\|d��q\|S�)Nz#config.direct.getChains('%s', '%s')r��r#��rT��r��r��r��r��r��)rQ��r��r��r��r��r��rX��rX��rY�� getChains��s��zFirewallDConfig.getChainsr��za(sss)c��C��rK��)Nzconfig.direct.getAllChains()r��r��r��r��r3��rX��rX��rY��getAllChains�� zFirewallDConfig.getAllChains�sssiasc�� C��s��t�\|�}t�\|�}t�\|�}t�\|�}t�\|�}t�d\|\|\|\|d�\|�f��\|��\|��\|\|\|\|\|f}t\|��}\|\|d�v�rGttj d\|\|\|\|f��\|d�� \|��\|��t\|��d�S�)Nz1config.direct.addRule('%s', '%s', '%s', %d, '%s')�','r#��z"rule '%s' already is in '%s:%s:%s') r��r��r��r��r��r��r��r!��r ��r<��r��r��r�� rQ��r��r��r��priorityrS��r��r��r��rX��rX��rY��addRule��&�� zFirewallDConfig.addRulec�� C��s��t�\|�}t�\|�}t�\|�}t�\|�}t�\|�}t�d\|\|\|\|d�\|�f��\|��\|��\|\|\|\|\|f}t\|��}\|\|d�vrGttj d\|\|\|\|f��\|d�� \|��\|��t\|��d�S�)Nz4config.direct.removeRule('%s', '%s', '%s', %d, '%s')r��r#��zrule '%s' is not in '%s:%s:%s') r��r��r��r��r��r��r��r!��r ��rB��r��r��r��r��rX��rX��rY�� removeRule��r��zFirewallDConfig.removeRulec�� C��sd��t�\|�}t�\|�}t�\|�}t�\|�}t�\|�}t�d\|\|\|\|d�\|�f��\|\|\|\|\|f}\|\|��d�v�S�)Nz3config.direct.queryRule('%s', '%s', '%s', %d, '%s')r��r#��r��r��r��r��r��)rQ��r��r��r��r��rS��r��r��rX��rX��rY�� queryRule��s��zFirewallDConfig.queryRulec��C��s��t�\|�}t�\|�}t�\|�}t�d\|\|\|f��\|��\|��t\|��}\|d�d�d��D�]}\|\|\|f\|d�\|d�\|d�fkrB\|d��\|��q)\|��t\|��d�S�)Nz+config.direct.removeRules('%s', '%s', '%s')r#��r��rT��) r��r��r��r��r��r��r��r��r��)rQ��r��r��r��r��r��rulerX��rX��rY��removeRules ��s�� zFirewallDConfig.removeRulesza(ias)c��C��s��t�\|�}t�\|�}t�\|�}t�d\|\|\|f��g�}\|��d�D�]}\|d�\|kr=\|d�\|kr=\|d�\|kr=\|�\|d�\|d�f��q\|S�)Nz(config.direct.getRules('%s', '%s', '%s')r#��r��rT��r\��r��r��)rQ��r��r��r��r��r��r��rX��rX��rY��getRules1��s��$�zFirewallDConfig.getRulesz a(sssias)c��C��rK��)Nzconfig.direct.getAllRules()r#��r��r3��rX��rX��rY��getAllRulesA��r��zFirewallDConfig.getAllRules�sasc��C��s��t�\|�}t�\|�}t�d\|d�\|�f��\|��\|��\|\|f}t\|��}\|\|d�v�r3ttj d\|\|f��\|d�� \|��\|��\|��d�S�)Nz(config.direct.addPassthrough('%s', '%s')r��rT��passthrough '%s', '%s')r��r��r��r��r��r��r��r!��r ��r<��r��r��rQ��r��rS��r��r��r��rX��rX��rY��addPassthroughK�� zFirewallDConfig.addPassthroughc��C��s��t�\|�}t�\|�}t�d\|d�\|�f��\|��\|��\|\|f}t\|��}\|\|d�vr3ttj d\|\|f��\|d�� \|��\|��\|��d�S�)Nz+config.direct.removePassthrough('%s', '%s')r��rT��r��)r��r��r��r��r��r��r��r!��r ��rB��r��r��r��rX��rX��rY��removePassthrough^��r��z!FirewallDConfig.removePassthroughc��C��s@��t�\|�}t�\|�}t�d\|d�\|�f��\|\|f}\|\|��d�v�S�)Nzconfig.direct.queryPassthrough('%s', '%s')r��rT��r��)rQ��r��rS��r��r��rX��rX��rY��queryPassthroughp��s��z FirewallDConfig.queryPassthrough�aasc��C��sJ��t�\|�}t�d\|��g�}\|��d�D�]}\|d�\|kr"\|�\|d��q\|S�)Nz#config.direct.getPassthroughs('%s')rT��r��r#��r��)rQ��r��r��r��r��rX��rX��rY��getPassthroughs\|��s��zFirewallDConfig.getPassthroughsza(sas)c��C��rK��)Nz"config.direct.getAllPassthroughs()rT��r��r3��rX��rX��rY��getAllPassthroughs��r��z"FirewallDConfig.getAllPassthroughsr��)��__name__� __module__�__qualname__�__doc__� persistentr��rO��PK_ACTION_CONFIG�default_polkit_auth_requiredr��r3��r6��r��r��r7��rk��r��r��rn��r��r��rq��r��r��rw��r��r��rh��r��r��rt��r��r��r��r��r��r ��r ��PROPERTIES_IFACEr��r��r��r&��r{��signalr��PK_ACTION_INFO�INTROSPECTABLE_IFACEr+��r��r��DBUS_SIGNATUREr4��r7��r��r>��rC��rH��rM��rP��rQ��rR��rS��rV��rW��rX��rZ��r^��r_��r`��rb��rP��re��rh��rm��r��rq��r��ru��rv��rx��r��rz��r��r}��r~��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r ��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r�� __classcell__rX��rX��rV��rY��r"��<��sT��- � C �� < �� r"��)7rF��rO��dbus.service�firewallr��firewall.core.baser��firewall.core.watcherr��firewall.core.loggerr��firewall.server.dbusr��firewall.server.decoratorsr��r��r ��r ��r��r��firewall.server.config_icmptyper ��firewall.server.config_servicer��firewall.server.config_zoner��firewall.server.config_policyr��firewall.server.config_ipsetr��firewall.server.config_helperr��firewall.core.io.icmptyper��firewall.core.io.ipsetr��firewall.core.io.helperr��#firewall.core.io.lockdown_whitelistr��firewall.core.io.directr��firewall.dbus_utilsr��r��r��r��r��r��r��r��r ��firewall.errorsr!��r"��rX��rX��rX��rY��<module>��s0�� (PK��,(�Zq��0��0��(��__pycache__/config_ipset.cpython-310.pycnu��[��o ��bhAbI��@��s��d�dl�Z�d�dlZ�d�dlmZ�d�dlmZmZmZ�d�dlm Z �d�dl mZmZm Z mZ�d�dlmZ�d�dlmZ�d�dlmZmZmZmZ�d�d lmZ�d�d lmZ�G�dd��de�ZdS�) ��N)�config)�dbus_to_python�%dbus_introspection_prepare_properties�!dbus_introspection_add_properties)�IPSet)�IPSET_TYPES�normalize_ipset_entry�check_entry_overlaps_existing�check_for_overlapping_entries)�log)�DbusServiceObject)�handle_exceptions�dbus_handle_exceptions�dbus_service_method�dbus_polkit_require_auth)�errors)� FirewallErrorc��s��e�Zd�ZdZdZ �ejjZ �e ��fdd��Z edd��Zedd��Z ed d ��Zeejddd �edWdd��Zeejddd �edWdd��Zeejj�eejdd�edWdd��Zejjejdd�dd��Zeejj�eejdd�edW��fdd� ��Zeejjejd�edWd d!��Zeejjejd�edWd"d#��Zeejj�edWd$d%��Z ejjejjdd�ed&d'��Z!eejj�edWd(d)��Z"ejjejjdd�edd+��Z#eejjdd�edWd,d-��Z$ejjejjdd�ed.d/��Z%eejjdd�edWd0d1��Z&eejjdd�edWd2d3��Z'eejjdd�edWd4d5��Z(eejjdd�edWd6d7��Z)eejjdd�edWd8d9��Zeejjdd�edWd:d;��Z+eejjdd�edWd<d=��Z,eejjdd�edWd>d?��Z-eejjd@d�edWdAdB��Z.eejjd@d�edWdCdD��Z/eejjdd�edWdEdF��Z0eejjdd�edWdGdH��Z1eejjddId �edWdJdK��Z2eejjdLd�edWdMdN��Z3eejjdLd�edWdOdP��Z4eejjdd�edWdQdR��Z5eejjdd�edWdSdT��Z6eejjddId �edWdUdV��Z7��Z8S�)X�FirewallDConfigIPSetzFirewallD main classTc��s`��t�t\|��j\|i�\|��\|\|�_\|\|�_\|\|�_\|\|�_\|d�\|�_\|d�\|�_d\|�j�\|�_ t \|�tjj��d�S�)Nr��zconfig.ipset.%d) �superr��__init__�parentr��obj�item_id�busname�path�_log_prefixr��dbus�DBUS_INTERFACE_CONFIG_IPSET)�selfr��conf�ipsetr��args�kwargs�� __class__��>/usr/lib/python3/dist-packages/firewall/server/config_ipset.pyr��6��s�� zFirewallDConfigIPSet.__init__c��C��s��d�S��Nr&��r��r&��r&��r'��__del__C��s��zFirewallDConfigIPSet.__del__c��C��s��\|��d�S�r(��)�remove_from_connectionr)��r&��r&��r'�� unregisterG��s��zFirewallDConfigIPSet.unregisterc��C��s~��\|dkrt��\|�jj�S�\|dkrt��\|�jj�S�\|dkr!t��\|�jj�S�\|dkr,t��\|�jj�S�\|dkr7t��\|�jj�S�t�j � d\|��)N�name�filenamer��default�builtinzDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist)r��Stringr��r-��r.��r��Booleanr/��r0�� exceptions� DBusException)r�� property_namer&��r&��r'�� _get_propertyO��s��z"FirewallDConfigIPSet._get_property�ss�v)�in_signature� out_signatureNc��C��sL��t�\|t�}t�\|t�}t�d\|�j\|\|��\|tjjkr!tj� d\|��\|�� \|�S�)Nz%s.Get('%s', '%s')�Jorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r��strr��debug1r��r��r��r��r3��r4��r6��)r��interface_namer5��senderr&��r&��r'��Get`��s�� zFirewallDConfigIPSet.Get�sza{sv}c��C��s`��t�\|t�}t�d\|�j\|��\|tjjkrtj� d\|��i�}dD�] }\|�� \|�\|\|<�qtj\|dd�S�)Nz%s.GetAll('%s')r;��)r-��r.��r��r/��r0��sv�� signature)r��r<��r��r=��r��r��r��r��r3��r4��r6�� Dictionary)r��r>��r?��ret�xr&��r&��r'��GetAllq��s�� zFirewallDConfigIPSet.GetAll�ssv)r9��c��C��sh��t�\|t�}t�\|t�}t�\|�}t�d\|�j\|\|\|��\|�j�\|��\|tjj kr,tj �d\|��tj �d\|��)Nz%s.Set('%s', '%s', '%s')r;��zGorg.freedesktop.DBus.Error.PropertyReadOnly: Property '%s' is read-only)r��r<��r��r=��r��r��accessCheckr��r��r��r3��r4��)r��r>��r5�� new_valuer?��r&��r&��r'��Set��s$�� zFirewallDConfigIPSet.Setzsa{sv}asrC��c��C��s2��t�\|t�}t�\|�}t�\|�}t�d\|�j\|\|\|��d�S�)Nz&%s.PropertiesChanged('%s', '%s', '%s'))r��r<��r��r=��r��)r��r>��changed_properties�invalidated_propertiesr&��r&��r'��PropertiesChanged��s�� z&FirewallDConfigIPSet.PropertiesChanged)r:��c��s8��t��d\|�j��tt\|��\|�j\|�j��}t \|�\|t jj�S�)Nz%s.Introspect()) r��debug2r��r��r�� Introspectr��r��get_busr��r��r��r��)r��r?��datar$��r&��r'��rQ��s�� zFirewallDConfigIPSet.Introspectc��C��s��t��d\|�j��\|�j�\|�j�S�)zget settings for ipset z%s.getSettings())r��r=��r��r��get_ipset_configr��r��r?��r&��r&��r'��getSettings��s��z FirewallDConfigIPSet.getSettingsc��C��sF��t�\|�}t�d\|�j��\|�j�\|��\|�j�\|�j\|�\|�_\|�� \|�jj ��dS�)z"update settings for ipset z%s.update('...')N)r��r��r=��r��r��rJ��r��set_ipset_configr��Updatedr-��)r��settingsr?��r&��r&��r'��update��s ��zFirewallDConfigIPSet.updatec��C��s<��t��d\|�j��\|�j�\|��\|�j�\|�j�\|�_\|��\|�jj ��dS�)z0load default settings for builtin ipset z%s.loadDefaults()N) r��r=��r��r��rJ��r��load_ipset_defaultsr��rX��r-��rU��r&��r&��r'��loadDefaults��s��z!FirewallDConfigIPSet.loadDefaultsc��C��t��d\|�j\|f��d�S�)Nz%s.Updated('%s')�r��r=��r��r��r-��r&��r&��r'��rX��zFirewallDConfigIPSet.Updatedc��C��s:��t��d\|�j��\|�j�\|��\|�j�\|�j��\|�j�\|�j��dS�)zremove ipset z%s.remove()N) r��r=��r��r��rJ��r��remove_ipsetr��removeIPSetrU��r&��r&��r'��remove��s��zFirewallDConfigIPSet.removec��C��r]��)Nz%s.Removed('%s')r^��r_��r&��r&��r'��Removed��r`��zFirewallDConfigIPSet.Removedc��C��sF��t�\|t�}t�d\|�j\|��\|�j�\|��\|�j�\|�j \|�\|�_ \|�� \|��dS�)zrename ipset z%s.rename('%s')N)r��r<��r��r=��r��r��rJ��r��rename_ipsetr��Renamed)r��r-��r?��r&��r&��r'��rename��s �� zFirewallDConfigIPSet.renamec��C��r]��)Nz%s.Renamed('%s')r^��r_��r&��r&��r'��rf��r`��zFirewallDConfigIPSet.Renamedc��C��t��d\|�j��\|��d�S�)Nz%s.getVersion()r��r��r=��r��rV��rU��r&��r&��r'�� getVersion��zFirewallDConfigIPSet.getVersionc��C��H��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d<�\|�� \|��d�S�)Nz%s.setVersion('%s')r�� r��r<��r��r=��r��r��rJ��listrV��rZ��)r��versionr?��rY��r&��r&��r'�� setVersion�� zFirewallDConfigIPSet.setVersionc��C��rh��)Nz %s.getShort()r��ri��rU��r&��r&��r'��getShort��rk��zFirewallDConfigIPSet.getShortc��C��rl��)Nz%s.setShort('%s')r��rm��)r��shortr?��rY��r&��r&��r'��setShort��rq��zFirewallDConfigIPSet.setShortc��C��rh��)Nz%s.getDescription()��ri��rU��r&��r&��r'��getDescription#��rk��z#FirewallDConfigIPSet.getDescriptionc��C��rl��)Nz%s.setDescription('%s')ru��rm��)r��descriptionr?��rY��r&��r&��r'��setDescription��s�� z#FirewallDConfigIPSet.setDescriptionc��C��rh��)Nz%s.getType()��ri��rU��r&��r&��r'��getType8��rk��zFirewallDConfigIPSet.getTypec��C��s\��t�\|t�}t�d\|�j\|��\|�j�\|��\|tvrtt j \|��t\|��}\|\|d<�\|�� \|��d�S�)Nz%s.setType('%s')ry��)r��r<��r��r=��r��r��rJ��r��r��r��INVALID_TYPErn��rV��rZ��)r�� ipset_typer?��rY��r&��r&��r'��setType?��s�� zFirewallDConfigIPSet.setTypeza{ss}c��C��rh��)Nz%s.getOptions()��ri��rU��r&��r&��r'�� getOptionsN��rk��zFirewallDConfigIPSet.getOptionsc��C��sL��t�\|t�}t�d\|�jt\|��\|�j�\|��t\|�� }\|\|d<�\|�� \|��d�S�)Nz%s.setOptions('[%s]')r~��)r��dictr��r=��r��reprr��rJ��rn��rV��rZ��)r��optionsr?��rY��r&��r&��r'�� setOptionsU��s�� zFirewallDConfigIPSet.setOptionsc��C��s��t�\|t�}t�\|t�}t�d\|�j\|\|��\|�j�\|��t\|��}\|\|d�v�r7\|d�\|�\|kr7t t jd\|\|f��\|\|d�\|<�\|��\|��d�S�)Nz%s.addOption('%s', '%s')r~��z '%s': '%s') r��r<��r��r=��r��r��rJ��rn��rV��r��r��ALREADY_ENABLEDrZ��r��key�valuer?��rY��r&��r&��r'�� addOptiona��s�� zFirewallDConfigIPSet.addOptionc��C��sb��t�\|t�}t�d\|�j\|��\|�j�\|��t\|��}\|\|d�vr%t t j\|��\|d�\|=�\|��\|��d�S�)Nz%s.removeOption('%s')r~��) r��r<��r��r=��r��r��rJ��rn��rV��r��r��NOT_ENABLEDrZ��)r��r��r?��rY��r&��r&��r'��removeOptionp��s�� z!FirewallDConfigIPSet.removeOption�bc��C��sN��t�\|t�}t�\|t�}t�d\|�j\|\|��t\|��}\|\|d�v�o&\|d�\|�\|kS�)Nz%s.queryOption('%s', '%s')r~��)r��r<��r��r=��r��rn��rV��r��r&��r&��r'��queryOption}��s�� z FirewallDConfigIPSet.queryOption�asc��C��rh��)Nz%s.getEntries()��ri��rU��r&��r&��r'�� getEntries��rk��zFirewallDConfigIPSet.getEntriesc��C��s\|��t�\|t�}t\|��t�d\|�jd�\|��\|�j�\|��t\|�� }d\|d�v�r3\|d�d�dkr3t tj��\|\|d<�\|�� \|��d�S�)Nz%s.setEntries('[%s]')�,�timeoutr~��0r��)r��rn��r ��r��r=��r��joinr��rJ��rV��r��r��IPSET_WITH_TIMEOUTrZ��)r��entriesr?��rY��r&��r&��r'�� setEntries��s�� zFirewallDConfigIPSet.setEntriesc��C��s��t�\|t�}t\|�}t�d\|�j\|��\|�j�\|��t\|�� }d\|d�v�r0\|d�d�dkr0t tj��\|\|d�v�r<t tj \|��t\|\|d��\|d��\|��\|��\|��d�S�)Nz%s.addEntry('%s')r��r~��r��r��)r��r<��r��r��r=��r��r��rJ��rn��rV��r��r��r��r��r ��appendrZ��r��entryr?��rY��r&��r&��r'��addEntry��s�� zFirewallDConfigIPSet.addEntryc��C��s��t�\|t�}t\|�}t�d\|�j\|��\|�j�\|��t\|�� }d\|d�v�r0\|d�d�dkr0t tj��\|\|d�vr<t tj \|��\|d��\|��\|��\|��d�S�)Nz%s.removeEntry('%s')r��r~��r��r��)r��r<��r��r��r=��r��r��rJ��rn��rV��r��r��r��r��rc��rZ��r��r&��r&��r'��removeEntry��s�� z FirewallDConfigIPSet.removeEntryc��C��s`��t�\|t�}t\|�}t�d\|�j\|��t\|��}d\|d�v�r\|d�d�dkrtt j ��\|\|d�v�S�)Nz%s.queryEntry('%s')r��r~��r��r��)r��r<��r��r��r=��r��rn��rV��r��r��r��r��r&��r&��r'�� queryEntry��s�� zFirewallDConfigIPSet.queryEntryr(��)9�__name__� __module__�__qualname__�__doc__� persistentr��r��PK_ACTION_CONFIG�default_polkit_auth_requiredr ��r��r��r��r,��r6��r��PROPERTIES_IFACEr@��rH��r��rL��service�signalrO��PK_ACTION_INFO�INTROSPECTABLE_IFACErQ��r��r��DBUS_SIGNATURErV��rZ��r\��rX��rc��rd��rg��rf��rj��rp��rr��rt��rv��rx��rz��r}��r��r��r��r��r��r��r��r��r��r�� __classcell__r&��r&��r$��r'��r��.��s6�� r��)r��dbus.service�firewallr��firewall.dbus_utilsr��r��r��firewall.core.io.ipsetr��firewall.core.ipsetr��r��r ��r ��firewall.core.loggerr��firewall.server.dbusr��firewall.server.decoratorsr ��r��r��r��r��firewall.errorsr��r��r&��r&��r&��r'��<module>��s��PK��,(�Z4�7}�9��9��config_icmptype.pynu��[��# -- coding: utf-8 -- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner <twoerner@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import dbus import dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.icmptype import IcmpType from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_polkit_require_auth from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfigIcmpType # ############################################################################ class FirewallDConfigIcmpType(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, icmptype, item_id, args, *kwargs): super(FirewallDConfigIcmpType, self).__init__(args, *kwargs) self.parent = parent self.config = conf self.obj = icmptype self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.icmptype.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigIcmpType, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature=IcmpType.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for icmptype """ log.debug1("%s.getSettings()", self._log_prefix) return self.config.get_icmptype_config(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature=IcmpType.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for icmptype """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_icmptype_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin icmptype """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_icmptype_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) @dbus_handle_exceptions def remove(self, sender=None): """remove icmptype """ log.debug1("%s.removeIcmpType()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_icmptype(self.obj) self.parent.removeIcmpType(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename icmptype """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_icmptype(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # destination @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='as') @dbus_handle_exceptions def getDestinations(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDestinations()", self._log_prefix) return sorted(self.getSettings()[3]) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='as') @dbus_handle_exceptions def setDestinations(self, destinations, sender=None): destinations = dbus_to_python(destinations, list) log.debug1("%s.setDestinations('[%s]')", self._log_prefix, ",".join(destinations)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[3] = destinations self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def addDestination(self, destination, sender=None): destination = dbus_to_python(destination, str) log.debug1("%s.addDestination('%s')", self._log_prefix, destination) self.parent.accessCheck(sender) settings = list(self.getSettings()) if destination in settings[3]: raise FirewallError(errors.ALREADY_ENABLED, destination) settings[3].append(destination) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def removeDestination(self, destination, sender=None): destination = dbus_to_python(destination, str) log.debug1("%s.removeDestination('%s')", self._log_prefix, destination) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[3]: if destination not in settings[3]: raise FirewallError(errors.NOT_ENABLED, destination) else: settings[3].remove(destination) else: # empty means all settings[3] = list(set(['ipv4', 'ipv6']) - set([destination])) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryDestination(self, destination, sender=None): # pylint: disable=W0613 destination = dbus_to_python(destination, str) log.debug1("%s.queryDestination('%s')", self._log_prefix, destination) settings = self.getSettings() # empty means all return (not settings[3] or destination in settings[3]) PK��,(�ZLO�_u��_u��config_service.pynu��[��# -- coding: utf-8 -- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner <twoerner@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import dbus import dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_polkit_require_auth from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfig # ############################################################################ class FirewallDConfigService(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, service, item_id, args, *kwargs): super(FirewallDConfigService, self).__init__(args, *kwargs) self.parent = parent self.config = conf self.obj = service self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.service.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_SERVICE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_SERVICE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_SERVICE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigService, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='(sssa(ss)asa{ss}asa(ss))') @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for service """ log.debug1("%s.getSettings()", self._log_prefix) return self.config.get_service_config(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a{sv}') @dbus_handle_exceptions def getSettings2(self, sender=None): """get settings for service """ log.debug1("%s.getSettings2()", self._log_prefix) return self.config.get_service_config_dict(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='(sssa(ss)asa{ss}asa(ss))') @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for service """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_service_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a{sv}') @dbus_handle_exceptions def update2(self, settings, sender=None): settings = dbus_to_python(settings) log.debug1("%s.update2('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_service_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin service """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_service_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) @dbus_handle_exceptions def remove(self, sender=None): """remove service """ log.debug1("%s.removeService()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_service(self.obj) self.parent.removeService(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename service """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_service(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a(ss)') @dbus_handle_exceptions def getPorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getPorts()", self._log_prefix) return self.getSettings()[3] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a(ss)') @dbus_handle_exceptions def setPorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setPorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[3] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def addPort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addPort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) in settings[3]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) settings[3].append((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def removePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) not in settings[3]: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) settings[3].remove((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryPort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.queryPort('%s', '%s')", self._log_prefix, port, protocol) return (port,protocol) in self.getSettings()[3] # protocol @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='as') @dbus_handle_exceptions def getProtocols(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getProtocols()", self._log_prefix) return self.getSettings()[6] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as') @dbus_handle_exceptions def setProtocols(self, protocols, sender=None): protocols = dbus_to_python(protocols, list) log.debug1("%s.setProtocols('[%s]')", self._log_prefix, ",".join(protocols)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[6] = protocols self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def addProtocol(self, protocol, sender=None): protocol = dbus_to_python(protocol, str) log.debug1("%s.addProtocol('%s')", self._log_prefix, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if protocol in settings[6]: raise FirewallError(errors.ALREADY_ENABLED, protocol) settings[6].append(protocol) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def removeProtocol(self, protocol, sender=None): protocol = dbus_to_python(protocol, str) log.debug1("%s.removeProtocol('%s')", self._log_prefix, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if protocol not in settings[6]: raise FirewallError(errors.NOT_ENABLED, protocol) settings[6].remove(protocol) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryProtocol(self, protocol, sender=None): # pylint: disable=W0613 protocol = dbus_to_python(protocol, str) log.debug1("%s.queryProtocol(%s')", self._log_prefix, protocol) return protocol in self.getSettings()[6] # source port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a(ss)') @dbus_handle_exceptions def getSourcePorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getSourcePorts()", self._log_prefix) return self.getSettings()[7] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a(ss)') @dbus_handle_exceptions def setSourcePorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setSourcePorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[7] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def addSourcePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addSourcePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) in settings[7]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) settings[7].append((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def removeSourcePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removeSourcePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) not in settings[7]: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) settings[7].remove((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def querySourcePort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.querySourcePort('%s', '%s')", self._log_prefix, port, protocol) return (port,protocol) in self.getSettings()[7] # module @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='as') @dbus_handle_exceptions def getModules(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getModules()", self._log_prefix) return self.getSettings()[4] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as') @dbus_handle_exceptions def setModules(self, modules, sender=None): modules = dbus_to_python(modules, list) _modules = [ ] for module in modules: if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") _modules.append(module) modules = _modules log.debug1("%s.setModules('[%s]')", self._log_prefix, ",".join(modules)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[4] = modules self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def addModule(self, module, sender=None): module = dbus_to_python(module, str) if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") log.debug1("%s.addModule('%s')", self._log_prefix, module) self.parent.accessCheck(sender) settings = list(self.getSettings()) if module in settings[4]: raise FirewallError(errors.ALREADY_ENABLED, module) settings[4].append(module) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def removeModule(self, module, sender=None): module = dbus_to_python(module, str) if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") log.debug1("%s.removeModule('%s')", self._log_prefix, module) self.parent.accessCheck(sender) settings = list(self.getSettings()) if module not in settings[4]: raise FirewallError(errors.NOT_ENABLED, module) settings[4].remove(module) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryModule(self, module, sender=None): # pylint: disable=W0613 module = dbus_to_python(module, str) if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") log.debug1("%s.queryModule('%s')", self._log_prefix, module) return module in self.getSettings()[4] # destination @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a{ss}') @dbus_handle_exceptions def getDestinations(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDestinations()", self._log_prefix) return self.getSettings()[5] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a{ss}') @dbus_handle_exceptions def setDestinations(self, destinations, sender=None): destinations = dbus_to_python(destinations, dict) log.debug1("%s.setDestinations({ipv4:'%s', ipv6:'%s'})", self._log_prefix, destinations.get('ipv4'), destinations.get('ipv6')) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[5] = destinations self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', out_signature='s') @dbus_handle_exceptions def getDestination(self, family, sender=None): family = dbus_to_python(family, str) log.debug1("%s.getDestination('%s')", self._log_prefix, family) self.parent.accessCheck(sender) settings = list(self.getSettings()) if family not in settings[5]: raise FirewallError(errors.NOT_ENABLED, family) return settings[5][family] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def setDestination(self, family, address, sender=None): family = dbus_to_python(family, str) address = dbus_to_python(address, str) log.debug1("%s.setDestination('%s', '%s')", self._log_prefix, family, address) self.parent.accessCheck(sender) settings = list(self.getSettings()) if family in settings[5] and settings[5][family] == address: raise FirewallError(errors.ALREADY_ENABLED, "'%s': '%s'" % (family, address)) settings[5][family] = address self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def removeDestination(self, family, sender=None): family = dbus_to_python(family, str) log.debug1("%s.removeDestination('%s')", self._log_prefix, family) self.parent.accessCheck(sender) settings = list(self.getSettings()) if family not in settings[5]: raise FirewallError(errors.NOT_ENABLED, family) del settings[5][family] self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryDestination(self, family, address, sender=None): # pylint: disable=W0613 family = dbus_to_python(family, str) address = dbus_to_python(address, str) log.debug1("%s.queryDestination('%s', '%s')", self._log_prefix, family, address) settings = self.getSettings() return (family in settings[5] and address == settings[5][family]) # includes @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='as') @dbus_handle_exceptions def getIncludes(self, sender=None): log.debug1("%s.getIncludes()", self._log_prefix) self.parent.accessCheck(sender) settings = self.config.get_service_config_dict(self.obj) return settings["includes"] if "includes" in settings else [] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as') @dbus_handle_exceptions def setIncludes(self, includes, sender=None): includes = dbus_to_python(includes, list) log.debug1("%s.setIncludes('%s')", self._log_prefix, includes) self.parent.accessCheck(sender) settings = {"includes": includes[:]} self.obj = self.config.set_service_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def addInclude(self, include, sender=None): include = dbus_to_python(include, str) log.debug1("%s.addInclude('%s')", self._log_prefix, include) self.parent.accessCheck(sender) settings = self.config.get_service_config_dict(self.obj) settings.setdefault("includes", []).append(include) self.obj = self.config.set_service_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def removeInclude(self, include, sender=None): include = dbus_to_python(include, str) log.debug1("%s.removeInclude('%s')", self._log_prefix, include) self.parent.accessCheck(sender) settings = self.config.get_service_config_dict(self.obj) settings["includes"].remove(include) self.obj = self.config.set_service_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryInclude(self, include, sender=None): include = dbus_to_python(include, str) log.debug1("%s.queryInclude('%s')", self._log_prefix, include) settings = self.config.get_service_config_dict(self.obj) return include in settings["includes"] if "includes" in settings else False PK��,(�Z��I��dbus.pynu��[��# -- coding: utf-8 -- # # SPDX-License-Identifier: GPL-2.0-or-later import dbus from firewall import config class FirewallDBusException(dbus.DBusException): """FirewallDBusException""" _dbus_error_name = "%s.Exception" % config.dbus.DBUS_INTERFACE class NotAuthorizedException(dbus.DBusException): def __init__(self, action_id, method, args, *kwargs): self._dbus_error_name = config.dbus.DBUS_INTERFACE + ".NotAuthorizedException" super().__init__("Not Authorized({}): {}".format(method, action_id)) class DbusServiceObject(dbus.service.Object): def __new__(cls, args, *kwargs): # Check each dbus method. If it does not have an explicit polkit auth # then implicitly wrap it with the default from firewall.server.decorators import dbus_polkit_require_auth for attr_name in dir(cls): method = getattr(cls, attr_name) if hasattr(method, "_dbus_is_method") and \ not hasattr(method, "_polkit_auth_required"): _decorator = dbus_polkit_require_auth(cls.default_polkit_auth_required) setattr(cls, attr_name, _decorator(method)) return super().__new__(cls) PK��,(�Zxki��config_zone.pynu��[��# -- coding: utf-8 -- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner <twoerner@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import dbus import dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.zone import Zone from firewall.core.fw_ifcfg import ifcfg_set_zone_of_interface from firewall.core.base import DEFAULT_ZONE_TARGET from firewall.core.rich import Rich_Rule from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_polkit_require_auth from firewall import errors from firewall.errors import FirewallError from firewall.functions import portStr, portInPortRange, coalescePortRange, \ breakPortRange ############################################################################ # # class FirewallDConfig # ############################################################################ class FirewallDConfigZone(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, zone, item_id, args, *kwargs): super(FirewallDConfigZone, self).__init__(args, *kwargs) self.parent = parent self.config = conf self.obj = zone self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.zone.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ZONE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ZONE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ZONE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigZone, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_ZONE) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)") @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for zone """ log.debug1("%s.getSettings()", self._log_prefix) settings = self.config.get_zone_config(self.obj) if settings[4] == DEFAULT_ZONE_TARGET: # convert to list, fix target, convert back to tuple _settings = list(settings) _settings[4] = "default" settings = tuple(_settings) return settings @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature="a{sv}") @dbus_handle_exceptions def getSettings2(self, sender=None): """get settings for zone """ log.debug1("%s.getSettings2()", self._log_prefix) settings = self.config.get_zone_config_dict(self.obj) if settings["target"] == DEFAULT_ZONE_TARGET: settings["target"] = "default" return settings def _checkDuplicateInterfacesSources(self, settings): """Assignment of interfaces/sources to zones is different from other zone settings in the sense that particular interface/zone can be part of only one zone. So make sure added interfaces/sources have not already been bound to another zone.""" old_settings = self.config.get_zone_config_dict(self.obj) old_ifaces = set(old_settings["interfaces"]) if "interfaces" in old_settings else set() old_sources = set(old_settings["sources"]) if "sources" in old_settings else set() if isinstance(settings, tuple): added_ifaces = set(settings[Zone.index_of("interfaces")]) - old_ifaces added_sources = set(settings[Zone.index_of("sources")]) - old_sources else: # dict new_ifaces = set(settings["interfaces"]) if "interfaces" in settings else set() new_sources = set(settings["sources"]) if "sources" in settings else set() added_ifaces = new_ifaces - old_ifaces added_sources = new_sources - old_sources for iface in added_ifaces: if self.parent.getZoneOfInterface(iface): raise FirewallError(errors.ZONE_CONFLICT, iface) # or move to new zone ? for source in added_sources: if self.parent.getZoneOfSource(source): raise FirewallError(errors.ZONE_CONFLICT, source) # or move to new zone ? @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)") @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for zone """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) if settings[4] == "default": # convert to list, fix target, convert back to tuple _settings = list(settings) _settings[4] = DEFAULT_ZONE_TARGET settings = tuple(_settings) self._checkDuplicateInterfacesSources(settings) self.obj = self.config.set_zone_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature="a{sv}") @dbus_handle_exceptions def update2(self, settings, sender=None): """update settings for zone """ settings = dbus_to_python(settings) log.debug1("%s.update2('...')", self._log_prefix) self.parent.accessCheck(sender) if "target" in settings and settings["target"] == "default": settings["target"] = DEFAULT_ZONE_TARGET self._checkDuplicateInterfacesSources(settings) self.obj = self.config.set_zone_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin zone """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_zone_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def remove(self, sender=None): """remove zone """ log.debug1("%s.removeZone()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_zone(self.obj) self.parent.removeZone(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename zone """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_zone(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # immutable (deprecated) # settings[3] was used for 'immutable' # target @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') @dbus_handle_exceptions def getTarget(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getTarget()", self._log_prefix) settings = self.getSettings() return settings[4] if settings[4] != DEFAULT_ZONE_TARGET else "default" @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def setTarget(self, target, sender=None): target = dbus_to_python(target, str) log.debug1("%s.setTarget('%s')", self._log_prefix, target) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[4] = target if target != "default" else DEFAULT_ZONE_TARGET self.update(settings) # service @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getServices(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getServices()", self._log_prefix) return self.getSettings()[5] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setServices(self, services, sender=None): services = dbus_to_python(services, list) log.debug1("%s.setServices('[%s]')", self._log_prefix, ",".join(services)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[5] = services self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addService(self, service, sender=None): service = dbus_to_python(service, str) log.debug1("%s.addService('%s')", self._log_prefix, service) self.parent.accessCheck(sender) settings = list(self.getSettings()) if service in settings[5]: raise FirewallError(errors.ALREADY_ENABLED, service) settings[5].append(service) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeService(self, service, sender=None): service = dbus_to_python(service, str) log.debug1("%s.removeService('%s')", self._log_prefix, service) self.parent.accessCheck(sender) settings = list(self.getSettings()) if service not in settings[5]: raise FirewallError(errors.NOT_ENABLED, service) settings[5].remove(service) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryService(self, service, sender=None): # pylint: disable=W0613 service = dbus_to_python(service, str) log.debug1("%s.queryService('%s')", self._log_prefix, service) return service in self.getSettings()[5] # port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ss)') @dbus_handle_exceptions def getPorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getPorts()", self._log_prefix) return self.getSettings()[6] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ss)') @dbus_handle_exceptions def setPorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setPorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[6] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') @dbus_handle_exceptions def addPort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addPort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) existing_port_ids = list(filter(lambda x: x[1] == protocol, settings[6])) for port_id in existing_port_ids: if portInPortRange(port, port_id[0]): raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) added_ranges, removed_ranges = coalescePortRange(port, [_port for (_port, _protocol) in existing_port_ids]) for range in removed_ranges: settings[6].remove((portStr(range, "-"), protocol)) for range in added_ranges: settings[6].append((portStr(range, "-"), protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') @dbus_handle_exceptions def removePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) existing_port_ids = list(filter(lambda x: x[1] == protocol, settings[6])) for port_id in existing_port_ids: if portInPortRange(port, port_id[0]): break else: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) added_ranges, removed_ranges = breakPortRange(port, [_port for (_port, _protocol) in existing_port_ids]) for range in removed_ranges: settings[6].remove((portStr(range, "-"), protocol)) for range in added_ranges: settings[6].append((portStr(range, "-"), protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryPort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.queryPort('%s', '%s')", self._log_prefix, port, protocol) for (_port, _protocol) in self.getSettings()[6]: if portInPortRange(port, _port) and protocol == _protocol: return True return False # protocol @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getProtocols(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getProtocols()", self._log_prefix) return self.getSettings()[13] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setProtocols(self, protocols, sender=None): protocols = dbus_to_python(protocols, list) log.debug1("%s.setProtocols('[%s]')", self._log_prefix, ",".join(protocols)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[13] = protocols self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addProtocol(self, protocol, sender=None): protocol = dbus_to_python(protocol, str) log.debug1("%s.addProtocol('%s')", self._log_prefix, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if protocol in settings[13]: raise FirewallError(errors.ALREADY_ENABLED, protocol) settings[13].append(protocol) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeProtocol(self, protocol, sender=None): protocol = dbus_to_python(protocol, str) log.debug1("%s.removeProtocol('%s')", self._log_prefix, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if protocol not in settings[13]: raise FirewallError(errors.NOT_ENABLED, protocol) settings[13].remove(protocol) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryProtocol(self, protocol, sender=None): # pylint: disable=W0613 protocol = dbus_to_python(protocol, str) log.debug1("%s.queryProtocol('%s')", self._log_prefix, protocol) return protocol in self.getSettings()[13] # source port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ss)') @dbus_handle_exceptions def getSourcePorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getSourcePorts()", self._log_prefix) return self.getSettings()[14] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ss)') @dbus_handle_exceptions def setSourcePorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setSourcePorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[14] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') @dbus_handle_exceptions def addSourcePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addSourcePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) existing_port_ids = list(filter(lambda x: x[1] == protocol, settings[14])) for port_id in existing_port_ids: if portInPortRange(port, port_id[0]): raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) added_ranges, removed_ranges = coalescePortRange(port, [_port for (_port, _protocol) in existing_port_ids]) for range in removed_ranges: settings[14].remove((portStr(range, "-"), protocol)) for range in added_ranges: settings[14].append((portStr(range, "-"), protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') @dbus_handle_exceptions def removeSourcePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removeSourcePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) existing_port_ids = list(filter(lambda x: x[1] == protocol, settings[14])) for port_id in existing_port_ids: if portInPortRange(port, port_id[0]): break else: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) added_ranges, removed_ranges = breakPortRange(port, [_port for (_port, _protocol) in existing_port_ids]) for range in removed_ranges: settings[14].remove((portStr(range, "-"), protocol)) for range in added_ranges: settings[14].append((portStr(range, "-"), protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def querySourcePort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.querySourcePort('%s', '%s')", self._log_prefix, port, protocol) for (_port, _protocol) in self.getSettings()[14]: if portInPortRange(port, _port) and protocol == _protocol: return True return False # icmp block @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getIcmpBlocks(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getIcmpBlocks()", self._log_prefix) return self.getSettings()[7] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setIcmpBlocks(self, icmptypes, sender=None): icmptypes = dbus_to_python(icmptypes, list) log.debug1("%s.setIcmpBlocks('[%s]')", self._log_prefix, ",".join(icmptypes)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[7] = icmptypes self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addIcmpBlock(self, icmptype, sender=None): icmptype = dbus_to_python(icmptype, str) log.debug1("%s.addIcmpBlock('%s')", self._log_prefix, icmptype) self.parent.accessCheck(sender) settings = list(self.getSettings()) if icmptype in settings[7]: raise FirewallError(errors.ALREADY_ENABLED, icmptype) settings[7].append(icmptype) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeIcmpBlock(self, icmptype, sender=None): icmptype = dbus_to_python(icmptype, str) log.debug1("%s.removeIcmpBlock('%s')", self._log_prefix, icmptype) self.parent.accessCheck(sender) settings = list(self.getSettings()) if icmptype not in settings[7]: raise FirewallError(errors.NOT_ENABLED, icmptype) settings[7].remove(icmptype) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryIcmpBlock(self, icmptype, sender=None): # pylint: disable=W0613 icmptype = dbus_to_python(icmptype, str) log.debug1("%s.queryIcmpBlock('%s')", self._log_prefix, icmptype) return icmptype in self.getSettings()[7] # icmp block inversion @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') @dbus_handle_exceptions def getIcmpBlockInversion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getIcmpBlockInversion()", self._log_prefix) return self.getSettings()[15] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='b') @dbus_handle_exceptions def setIcmpBlockInversion(self, flag, sender=None): flag = dbus_to_python(flag, bool) log.debug1("%s.setIcmpBlockInversion('%s')", self._log_prefix, flag) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[15] = flag self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def addIcmpBlockInversion(self, sender=None): log.debug1("%s.addIcmpBlockInversion()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[15]: raise FirewallError(errors.ALREADY_ENABLED, "icmp-block-inversion") settings[15] = True self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def removeIcmpBlockInversion(self, sender=None): log.debug1("%s.removeIcmpBlockInversion()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) if not settings[15]: raise FirewallError(errors.NOT_ENABLED, "icmp-block-inversion") settings[15] = False self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') @dbus_handle_exceptions def queryIcmpBlockInversion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.queryIcmpBlockInversion()", self._log_prefix) return self.getSettings()[15] # masquerade @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') @dbus_handle_exceptions def getMasquerade(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getMasquerade()", self._log_prefix) return self.getSettings()[8] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='b') @dbus_handle_exceptions def setMasquerade(self, masquerade, sender=None): masquerade = dbus_to_python(masquerade, bool) log.debug1("%s.setMasquerade('%s')", self._log_prefix, masquerade) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[8] = masquerade self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def addMasquerade(self, sender=None): log.debug1("%s.addMasquerade()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[8]: raise FirewallError(errors.ALREADY_ENABLED, "masquerade") settings[8] = True self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def removeMasquerade(self, sender=None): log.debug1("%s.removeMasquerade()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) if not settings[8]: raise FirewallError(errors.NOT_ENABLED, "masquerade") settings[8] = False self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') @dbus_handle_exceptions def queryMasquerade(self, sender=None): # pylint: disable=W0613 log.debug1("%s.queryMasquerade()", self._log_prefix) return self.getSettings()[8] # forward port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ssss)') @dbus_handle_exceptions def getForwardPorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getForwardPorts()", self._log_prefix) return self.getSettings()[9] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ssss)') @dbus_handle_exceptions def setForwardPorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setForwardPorts('[%s]')", self._log_prefix, ",".join("('%s, '%s', '%s', '%s')" % (port[0], port[1], \ port[2], port[3]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[9] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss') @dbus_handle_exceptions def addForwardPort(self, port, protocol, toport, toaddr, sender=None): # pylint: disable=R0913 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("%s.addForwardPort('%s', '%s', '%s', '%s')", self._log_prefix, port, protocol, toport, toaddr) self.parent.accessCheck(sender) fwp_id = (port, protocol, str(toport), str(toaddr)) settings = list(self.getSettings()) if fwp_id in settings[9]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s:%s:%s" % (port, protocol, toport, toaddr)) settings[9].append(fwp_id) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss') @dbus_handle_exceptions def removeForwardPort(self, port, protocol, toport, toaddr, sender=None): # pylint: disable=R0913 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("%s.removeForwardPort('%s', '%s', '%s', '%s')", self._log_prefix, port, protocol, toport, toaddr) self.parent.accessCheck(sender) fwp_id = (port, protocol, str(toport), str(toaddr)) settings = list(self.getSettings()) if fwp_id not in settings[9]: raise FirewallError(errors.NOT_ENABLED, "%s:%s:%s:%s" % (port, protocol, toport, toaddr)) settings[9].remove(fwp_id) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss', out_signature='b') @dbus_handle_exceptions def queryForwardPort(self, port, protocol, toport, toaddr, sender=None): # pylint: disable=W0613, R0913 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("%s.queryForwardPort('%s', '%s', '%s', '%s')", self._log_prefix, port, protocol, toport, toaddr) fwp_id = (port, protocol, str(toport), str(toaddr)) return fwp_id in self.getSettings()[9] # interface @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getInterfaces(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getInterfaces()", self._log_prefix) return self.getSettings()[10] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setInterfaces(self, interfaces, sender=None): interfaces = dbus_to_python(interfaces, list) log.debug1("%s.setInterfaces('[%s]')", self._log_prefix, ",".join(interfaces)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[10] = interfaces self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addInterface(self, interface, sender=None): interface = dbus_to_python(interface, str) log.debug1("%s.addInterface('%s')", self._log_prefix, interface) self.parent.accessCheck(sender) settings = list(self.getSettings()) if interface in settings[10]: raise FirewallError(errors.ALREADY_ENABLED, interface) settings[10].append(interface) self.update(settings) ifcfg_set_zone_of_interface(self.obj.name, interface) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeInterface(self, interface, sender=None): interface = dbus_to_python(interface, str) log.debug1("%s.removeInterface('%s')", self._log_prefix, interface) self.parent.accessCheck(sender) settings = list(self.getSettings()) if interface not in settings[10]: raise FirewallError(errors.NOT_ENABLED, interface) settings[10].remove(interface) self.update(settings) ifcfg_set_zone_of_interface("", interface) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryInterface(self, interface, sender=None): # pylint: disable=W0613 interface = dbus_to_python(interface, str) log.debug1("%s.queryInterface('%s')", self._log_prefix, interface) return interface in self.getSettings()[10] # source @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getSources(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getSources()", self._log_prefix) return self.getSettings()[11] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setSources(self, sources, sender=None): sources = dbus_to_python(sources, list) log.debug1("%s.setSources('[%s]')", self._log_prefix, ",".join(sources)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[11] = sources self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addSource(self, source, sender=None): source = dbus_to_python(source, str) log.debug1("%s.addSource('%s')", self._log_prefix, source) self.parent.accessCheck(sender) settings = list(self.getSettings()) if source in settings[11]: raise FirewallError(errors.ALREADY_ENABLED, source) settings[11].append(source) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeSource(self, source, sender=None): source = dbus_to_python(source, str) log.debug1("%s.removeSource('%s')", self._log_prefix, source) self.parent.accessCheck(sender) settings = list(self.getSettings()) if source not in settings[11]: raise FirewallError(errors.NOT_ENABLED, source) settings[11].remove(source) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def querySource(self, source, sender=None): # pylint: disable=W0613 source = dbus_to_python(source, str) log.debug1("%s.querySource('%s')", self._log_prefix, source) return source in self.getSettings()[11] # rich rule @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getRichRules(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getRichRules()", self._log_prefix) return self.getSettings()[12] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setRichRules(self, rules, sender=None): rules = dbus_to_python(rules, list) log.debug1("%s.setRichRules('[%s]')", self._log_prefix, ",".join(rules)) self.parent.accessCheck(sender) settings = list(self.getSettings()) rules = [ str(Rich_Rule(rule_str=r)) for r in rules ] settings[12] = rules self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addRichRule(self, rule, sender=None): rule = dbus_to_python(rule, str) log.debug1("%s.addRichRule('%s')", self._log_prefix, rule) self.parent.accessCheck(sender) settings = list(self.getSettings()) rule_str = str(Rich_Rule(rule_str=rule)) if rule_str in settings[12]: raise FirewallError(errors.ALREADY_ENABLED, rule) settings[12].append(rule_str) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeRichRule(self, rule, sender=None): rule = dbus_to_python(rule, str) log.debug1("%s.removeRichRule('%s')", self._log_prefix, rule) self.parent.accessCheck(sender) settings = list(self.getSettings()) rule_str = str(Rich_Rule(rule_str=rule)) if rule_str not in settings[12]: raise FirewallError(errors.NOT_ENABLED, rule) settings[12].remove(rule_str) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryRichRule(self, rule, sender=None): # pylint: disable=W0613 rule = dbus_to_python(rule, str) log.debug1("%s.queryRichRule('%s')", self._log_prefix, rule) rule_str = str(Rich_Rule(rule_str=rule)) return rule_str in self.getSettings()[12] PK��,(�ZO0�"�"� ��config.pynu��[��# -- coding: utf-8 -- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner <twoerner@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import os import dbus import dbus.service from firewall import config from firewall.core.base import DEFAULT_ZONE_TARGET from firewall.core.watcher import Watcher from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_service_method_deprecated, dbus_service_signal_deprecated, \ dbus_polkit_require_auth from firewall.server.config_icmptype import FirewallDConfigIcmpType from firewall.server.config_service import FirewallDConfigService from firewall.server.config_zone import FirewallDConfigZone from firewall.server.config_policy import FirewallDConfigPolicy from firewall.server.config_ipset import FirewallDConfigIPSet from firewall.server.config_helper import FirewallDConfigHelper from firewall.core.io.icmptype import IcmpType from firewall.core.io.ipset import IPSet from firewall.core.io.helper import Helper from firewall.core.io.lockdown_whitelist import LockdownWhitelist from firewall.core.io.direct import Direct from firewall.dbus_utils import dbus_to_python, \ command_of_sender, context_of_sender, uid_of_sender, user_of_uid, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties, \ dbus_introspection_add_deprecated from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfig # ############################################################################ class FirewallDConfig(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use config.dbus.PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, conf, args, *kwargs): super(FirewallDConfig, self).__init__(args, *kwargs) self.config = conf self.busname = args[0] self.path = args[1] self._init_vars() self.watcher = Watcher(self.watch_updater, 5) self.watcher.add_watch_dir(config.FIREWALLD_IPSETS) self.watcher.add_watch_dir(config.ETC_FIREWALLD_IPSETS) self.watcher.add_watch_dir(config.FIREWALLD_ICMPTYPES) self.watcher.add_watch_dir(config.ETC_FIREWALLD_ICMPTYPES) self.watcher.add_watch_dir(config.FIREWALLD_HELPERS) self.watcher.add_watch_dir(config.ETC_FIREWALLD_HELPERS) self.watcher.add_watch_dir(config.FIREWALLD_SERVICES) self.watcher.add_watch_dir(config.ETC_FIREWALLD_SERVICES) self.watcher.add_watch_dir(config.FIREWALLD_ZONES) self.watcher.add_watch_dir(config.ETC_FIREWALLD_ZONES) self.watcher.add_watch_dir(config.FIREWALLD_POLICIES) self.watcher.add_watch_dir(config.ETC_FIREWALLD_POLICIES) # Add watches for combined zone directories if os.path.exists(config.ETC_FIREWALLD_ZONES): for filename in sorted(os.listdir(config.ETC_FIREWALLD_ZONES)): path = "%s/%s" % (config.ETC_FIREWALLD_ZONES, filename) if os.path.isdir(path): self.watcher.add_watch_dir(path) self.watcher.add_watch_file(config.LOCKDOWN_WHITELIST) self.watcher.add_watch_file(config.FIREWALLD_DIRECT) self.watcher.add_watch_file(config.FIREWALLD_CONF) dbus_introspection_prepare_properties(self, config.dbus.DBUS_INTERFACE_CONFIG, { "CleanupOnExit": "readwrite", "CleanupModulesOnExit": "readwrite", "IPv6_rpfilter": "readwrite", "Lockdown": "readwrite", "MinimalMark": "readwrite", "IndividualCalls": "readwrite", "LogDenied": "readwrite", "AutomaticHelpers": "readwrite", "FirewallBackend": "readwrite", "FlushAllOnReload": "readwrite", "RFC3964_IPv4": "readwrite", "AllowZoneDrifting": "readwrite", }) @handle_exceptions def _init_vars(self): self.ipsets = [ ] self.ipset_idx = 0 self.icmptypes = [ ] self.icmptype_idx = 0 self.services = [ ] self.service_idx = 0 self.zones = [ ] self.zone_idx = 0 self.helpers = [ ] self.helper_idx = 0 self.policy_objects = [ ] self.policy_object_idx = 0 for ipset in self.config.get_ipsets(): self._addIPSet(self.config.get_ipset(ipset)) for icmptype in self.config.get_icmptypes(): self._addIcmpType(self.config.get_icmptype(icmptype)) for service in self.config.get_services(): self._addService(self.config.get_service(service)) for zone in self.config.get_zones(): self._addZone(self.config.get_zone(zone)) for helper in self.config.get_helpers(): self._addHelper(self.config.get_helper(helper)) for policy in self.config.get_policy_objects(): self._addPolicy(self.config.get_policy_object(policy)) @handle_exceptions def __del__(self): pass @handle_exceptions def reload(self): while len(self.ipsets) > 0: item = self.ipsets.pop() item.unregister() del item while len(self.icmptypes) > 0: item = self.icmptypes.pop() item.unregister() del item while len(self.services) > 0: item = self.services.pop() item.unregister() del item while len(self.zones) > 0: item = self.zones.pop() item.unregister() del item while len(self.helpers) > 0: item = self.helpers.pop() item.unregister() del item while len(self.policy_objects) > 0: item = self.policy_objects.pop() item.unregister() del item self._init_vars() @handle_exceptions def watch_updater(self, name): if name == config.FIREWALLD_CONF: old_props = self.GetAll(config.dbus.DBUS_INTERFACE_CONFIG) log.debug1("config: Reloading firewalld config file '%s'", config.FIREWALLD_CONF) try: self.config.update_firewalld_conf() except Exception as msg: log.error("Failed to load firewalld.conf file '%s': %s" % \ (name, msg)) return props = self.GetAll(config.dbus.DBUS_INTERFACE_CONFIG).copy() for key in list(props.keys()): if key in old_props and old_props[key] == props[key]: del props[key] if len(props) > 0: self.PropertiesChanged(config.dbus.DBUS_INTERFACE_CONFIG, props, []) return if (name.startswith(config.FIREWALLD_ICMPTYPES) or \ name.startswith(config.ETC_FIREWALLD_ICMPTYPES)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_icmptype_from_path(name) except Exception as msg: log.error("Failed to load icmptype file '%s': %s" % (name, msg)) return if what == "new": self._addIcmpType(obj) elif what == "remove": self.removeIcmpType(obj) elif what == "update": self._updateIcmpType(obj) elif (name.startswith(config.FIREWALLD_SERVICES) or \ name.startswith(config.ETC_FIREWALLD_SERVICES)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_service_from_path(name) except Exception as msg: log.error("Failed to load service file '%s': %s" % (name, msg)) return if what == "new": self._addService(obj) elif what == "remove": self.removeService(obj) elif what == "update": self._updateService(obj) elif name.startswith(config.FIREWALLD_ZONES) or \ name.startswith(config.ETC_FIREWALLD_ZONES): if name.endswith(".xml"): try: (what, obj) = self.config.update_zone_from_path(name) except Exception as msg: log.error("Failed to load zone file '%s': %s" % (name, msg)) return if what == "new": self._addZone(obj) elif what == "remove": self.removeZone(obj) elif what == "update": self._updateZone(obj) elif name.startswith(config.ETC_FIREWALLD_ZONES): # possible combined zone base directory _name = name.replace(config.ETC_FIREWALLD_ZONES, "").strip("/") if len(_name) < 1 or "/" in _name: # if there is a / in x, then it is a sub sub directory # ignore it return if os.path.isdir(name): if not self.watcher.has_watch(name): self.watcher.add_watch_dir(name) elif self.watcher.has_watch(name): self.watcher.remove_watch(name) elif (name.startswith(config.FIREWALLD_IPSETS) or \ name.startswith(config.ETC_FIREWALLD_IPSETS)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_ipset_from_path(name) except Exception as msg: log.error("Failed to load ipset file '%s': %s" % (name, msg)) return if what == "new": self._addIPSet(obj) elif what == "remove": self.removeIPSet(obj) elif what == "update": self._updateIPSet(obj) elif (name.startswith(config.FIREWALLD_HELPERS) or \ name.startswith(config.ETC_FIREWALLD_HELPERS)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_helper_from_path(name) except Exception as msg: log.error("Failed to load helper file '%s': %s" % (name, msg)) return if what == "new": self._addHelper(obj) elif what == "remove": self.removeHelper(obj) elif what == "update": self._updateHelper(obj) elif name == config.LOCKDOWN_WHITELIST: try: self.config.update_lockdown_whitelist() except Exception as msg: log.error("Failed to load lockdown whitelist file '%s': %s" % \ (name, msg)) return self.LockdownWhitelistUpdated() elif name == config.FIREWALLD_DIRECT: try: self.config.update_direct() except Exception as msg: log.error("Failed to load direct rules file '%s': %s" % (name, msg)) return self.Updated() elif (name.startswith(config.FIREWALLD_POLICIES) or \ name.startswith(config.ETC_FIREWALLD_POLICIES)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_policy_object_from_path(name) except Exception as msg: log.error("Failed to load policy file '%s': %s" % (name, msg)) return if what == "new": self._addPolicy(obj) elif what == "remove": self.removePolicy(obj) elif what == "update": self._updatePolicy(obj) @handle_exceptions def _addIcmpType(self, obj): # TODO: check for idx overflow config_icmptype = FirewallDConfigIcmpType( self, self.config, obj, self.icmptype_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_ICMPTYPE, self.icmptype_idx)) self.icmptypes.append(config_icmptype) self.icmptype_idx += 1 self.IcmpTypeAdded(obj.name) return config_icmptype @handle_exceptions def _updateIcmpType(self, obj): for icmptype in self.icmptypes: if icmptype.obj.name == obj.name and \ icmptype.obj.path == obj.path and \ icmptype.obj.filename == obj.filename: icmptype.obj = obj icmptype.Updated(obj.name) @handle_exceptions def removeIcmpType(self, obj): index = 7 # see IMPORT_EXPORT_STRUCTURE in class Zone(IO_Object) for zone in self.zones: settings = zone.getSettings() # if this IcmpType is used in a zone remove it from that zone first if obj.name in settings[index]: settings[index].remove(obj.name) zone.obj = self.config.set_zone_config(zone.obj, settings) zone.Updated(zone.obj.name) for policy in self.policy_objects: settings = policy.getSettings() # if this IcmpType is used in a policy remove it from that policy first if "icmp_blocks" in settings and obj.name in settings["icmp_blocks"]: settings["icmp_blocks"].remove(obj.name) policy.obj = self.config.set_policy_object_config_dict(policy.obj, settings) policy.Updated(policy.obj.name) for icmptype in self.icmptypes: if icmptype.obj == obj: icmptype.Removed(obj.name) icmptype.unregister() self.icmptypes.remove(icmptype) del icmptype @handle_exceptions def _addService(self, obj): # TODO: check for idx overflow config_service = FirewallDConfigService( self, self.config, obj, self.service_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_SERVICE, self.service_idx)) self.services.append(config_service) self.service_idx += 1 self.ServiceAdded(obj.name) return config_service @handle_exceptions def _updateService(self, obj): for service in self.services: if service.obj.name == obj.name and \ service.obj.path == obj.path and \ service.obj.filename == obj.filename: service.obj = obj service.Updated(obj.name) @handle_exceptions def removeService(self, obj): index = 5 # see IMPORT_EXPORT_STRUCTURE in class Zone(IO_Object) for zone in self.zones: settings = zone.getSettings() # if this Service is used in a zone remove it from that zone first if obj.name in settings[index]: settings[index].remove(obj.name) zone.obj = self.config.set_zone_config(zone.obj, settings) zone.Updated(zone.obj.name) for policy in self.policy_objects: settings = policy.getSettings() # if this Service is used in a policy remove it from that policy first if "services" in settings and obj.name in settings["services"]: settings["services"].remove(obj.name) policy.obj = self.config.set_policy_object_config_dict(policy.obj, settings) policy.Updated(policy.obj.name) for service in self.services: if service.obj == obj: service.Removed(obj.name) service.unregister() self.services.remove(service) del service @handle_exceptions def _addZone(self, obj): # TODO: check for idx overflow config_zone = FirewallDConfigZone( self, self.config, obj, self.zone_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_ZONE, self.zone_idx)) self.zones.append(config_zone) self.zone_idx += 1 self.ZoneAdded(obj.name) return config_zone @handle_exceptions def _updateZone(self, obj): for zone in self.zones: if zone.obj.name == obj.name and zone.obj.path == obj.path and \ zone.obj.filename == obj.filename: zone.obj = obj zone.Updated(obj.name) @handle_exceptions def removeZone(self, obj): for zone in self.zones: if zone.obj == obj: zone.Removed(obj.name) zone.unregister() self.zones.remove(zone) del zone @handle_exceptions def _addPolicy(self, obj): # TODO: check for idx overflow config_policy = FirewallDConfigPolicy( self, self.config, obj, self.policy_object_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_POLICY, self.policy_object_idx)) self.policy_objects.append(config_policy) self.policy_object_idx += 1 self.PolicyAdded(obj.name) return config_policy @handle_exceptions def _updatePolicy(self, obj): for policy in self.policy_objects: if policy.obj.name == obj.name and policy.obj.path == obj.path and \ policy.obj.filename == obj.filename: policy.obj = obj policy.Updated(obj.name) @handle_exceptions def removePolicy(self, obj): for policy in self.policy_objects: if policy.obj == obj: policy.Removed(obj.name) policy.unregister() self.policy_objects.remove(policy) del policy @handle_exceptions def _addIPSet(self, obj): # TODO: check for idx overflow config_ipset = FirewallDConfigIPSet( self, self.config, obj, self.ipset_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_IPSET, self.ipset_idx)) self.ipsets.append(config_ipset) self.ipset_idx += 1 self.IPSetAdded(obj.name) return config_ipset @handle_exceptions def _updateIPSet(self, obj): for ipset in self.ipsets: if ipset.obj.name == obj.name and ipset.obj.path == obj.path and \ ipset.obj.filename == obj.filename: ipset.obj = obj ipset.Updated(obj.name) @handle_exceptions def removeIPSet(self, obj): for ipset in self.ipsets: if ipset.obj == obj: ipset.Removed(obj.name) ipset.unregister() self.ipsets.remove(ipset) del ipset # access check @handle_exceptions def _addHelper(self, obj): # TODO: check for idx overflow config_helper = FirewallDConfigHelper( self, self.config, obj, self.helper_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_HELPER, self.helper_idx)) self.helpers.append(config_helper) self.helper_idx += 1 self.HelperAdded(obj.name) return config_helper @handle_exceptions def _updateHelper(self, obj): for helper in self.helpers: if helper.obj.name == obj.name and helper.obj.path == obj.path and \ helper.obj.filename == obj.filename: helper.obj = obj helper.Updated(obj.name) @handle_exceptions def removeHelper(self, obj): for helper in self.helpers: if helper.obj == obj: helper.Removed(obj.name) helper.unregister() self.helpers.remove(helper) del helper # access check @dbus_handle_exceptions def accessCheck(self, sender): if self.config.lockdown_enabled(): if sender is None: log.error("Lockdown not possible, sender not set.") return bus = dbus.SystemBus() context = context_of_sender(bus, sender) if self.config.access_check("context", context): return uid = uid_of_sender(bus, sender) if self.config.access_check("uid", uid): return user = user_of_uid(uid) if self.config.access_check("user", user): return command = command_of_sender(bus, sender) if self.config.access_check("command", command): return raise FirewallError(errors.ACCESS_DENIED, "lockdown is enabled") # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, prop): if prop not in [ "DefaultZone", "MinimalMark", "CleanupOnExit", "CleanupModulesOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "LogDenied", "AutomaticHelpers", "FirewallBackend", "FlushAllOnReload", "RFC3964_IPv4", "AllowZoneDrifting" ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % prop) value = self.config.get_firewalld_conf().get(prop) if prop == "DefaultZone": if value is None: value = config.FALLBACK_ZONE return dbus.String(value) elif prop == "MinimalMark": if value is None: value = config.FALLBACK_MINIMAL_MARK else: value = int(value) return dbus.Int32(value) elif prop == "CleanupOnExit": if value is None: value = "yes" if config.FALLBACK_CLEANUP_ON_EXIT else "no" return dbus.String(value) elif prop == "CleanupModulesOnExit": if value is None: value = "yes" if config.FALLBACK_CLEANUP_MODULES_ON_EXIT else "no" return dbus.String(value) elif prop == "Lockdown": if value is None: value = "yes" if config.FALLBACK_LOCKDOWN else "no" return dbus.String(value) elif prop == "IPv6_rpfilter": if value is None: value = "yes" if config.FALLBACK_IPV6_RPFILTER else "no" return dbus.String(value) elif prop == "IndividualCalls": if value is None: value = "yes" if config.FALLBACK_INDIVIDUAL_CALLS else "no" return dbus.String(value) elif prop == "LogDenied": if value is None: value = config.FALLBACK_LOG_DENIED return dbus.String(value) elif prop == "AutomaticHelpers": if value is None: value = config.FALLBACK_AUTOMATIC_HELPERS return dbus.String(value) elif prop == "FirewallBackend": if value is None: value = config.FALLBACK_FIREWALL_BACKEND return dbus.String(value) elif prop == "FlushAllOnReload": if value is None: value = "yes" if config.FALLBACK_FLUSH_ALL_ON_RELOAD else "no" return dbus.String(value) elif prop == "RFC3964_IPv4": if value is None: value = "yes" if config.FALLBACK_RFC3964_IPV4 else "no" return dbus.String(value) elif prop == "AllowZoneDrifting": if value is None: value = "yes" if config.FALLBACK_ALLOW_ZONE_DRIFTING else "no" return dbus.String(value) @dbus_handle_exceptions def _get_dbus_property(self, prop): if prop == "DefaultZone": return dbus.String(self._get_property(prop)) elif prop == "MinimalMark": return dbus.Int32(self._get_property(prop)) elif prop == "CleanupOnExit": return dbus.String(self._get_property(prop)) elif prop == "CleanupModulesOnExit": return dbus.String(self._get_property(prop)) elif prop == "Lockdown": return dbus.String(self._get_property(prop)) elif prop == "IPv6_rpfilter": return dbus.String(self._get_property(prop)) elif prop == "IndividualCalls": return dbus.String(self._get_property(prop)) elif prop == "LogDenied": return dbus.String(self._get_property(prop)) elif prop == "AutomaticHelpers": return dbus.String(self._get_property(prop)) elif prop == "FirewallBackend": return dbus.String(self._get_property(prop)) elif prop == "FlushAllOnReload": return dbus.String(self._get_property(prop)) elif prop == "RFC3964_IPv4": return dbus.String(self._get_property(prop)) elif prop == "AllowZoneDrifting": return dbus.String(self._get_property(prop)) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % prop) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("config.Get('%s', '%s')", interface_name, property_name) if interface_name == config.dbus.DBUS_INTERFACE_CONFIG: return self._get_dbus_property(property_name) elif interface_name in [ config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("config.GetAll('%s')", interface_name) ret = { } if interface_name == config.dbus.DBUS_INTERFACE_CONFIG: for x in [ "DefaultZone", "MinimalMark", "CleanupOnExit", "CleanupModulesOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "LogDenied", "AutomaticHelpers", "FirewallBackend", "FlushAllOnReload", "RFC3964_IPv4", "AllowZoneDrifting" ]: ret[x] = self._get_property(x) elif interface_name in [ config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: pass else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("config.Set('%s', '%s', '%s')", interface_name, property_name, new_value) self.accessCheck(sender) if interface_name == config.dbus.DBUS_INTERFACE_CONFIG: if property_name in [ "CleanupOnExit", "CleanupModulesOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "LogDenied", "FirewallBackend", "FlushAllOnReload", "RFC3964_IPv4"]: if property_name in [ "CleanupOnExit", "CleanupModulesOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "FlushAllOnReload", "RFC3964_IPv4"]: if new_value.lower() not in [ "yes", "no", "true", "false" ]: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) elif property_name == "LogDenied": if new_value not in config.LOG_DENIED_VALUES: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) elif property_name == "FirewallBackend": if new_value not in config.FIREWALL_BACKEND_VALUES: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) self.config.get_firewalld_conf().set(property_name, new_value) self.config.get_firewalld_conf().write() self.PropertiesChanged(interface_name, { property_name: new_value }, [ ]) elif property_name in ["MinimalMark", "AutomaticHelpers", "AllowZoneDrifting"]: # deprecated fields. Ignore setting them. pass else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) elif interface_name in [ config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("config.PropertiesChanged('%s', '%s', '%s')", interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("config.Introspect()") data = super(FirewallDConfig, self).Introspect(self.path, self.busname.get_bus()) data = dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG) for interface in [config.dbus.DBUS_INTERFACE_CONFIG_DIRECT]: data = dbus_introspection_add_deprecated( self, data, interface, dbus_service_method_deprecated().deprecated, dbus_service_signal_deprecated().deprecated) return data # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # policies @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature=LockdownWhitelist.DBUS_SIGNATURE) @dbus_handle_exceptions def getLockdownWhitelist(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelist()") return self.config.get_policies().lockdown_whitelist.export_config() @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature=LockdownWhitelist.DBUS_SIGNATURE) @dbus_handle_exceptions def setLockdownWhitelist(self, settings, sender=None): # pylint: disable=W0613 log.debug1("config.policies.setLockdownWhitelist(...)") settings = dbus_to_python(settings) self.config.get_policies().lockdown_whitelist.import_config(settings, {}) self.config.get_policies().lockdown_whitelist.write() self.LockdownWhitelistUpdated() @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES) @dbus_handle_exceptions def LockdownWhitelistUpdated(self): log.debug1("config.policies.LockdownWhitelistUpdated()") # command @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def addLockdownWhitelistCommand(self, command, sender=None): command = dbus_to_python(command) log.debug1("config.policies.addLockdownWhitelistCommand('%s')", command) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if command in settings[0]: raise FirewallError(errors.ALREADY_ENABLED, command) settings[0].append(command) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def removeLockdownWhitelistCommand(self, command, sender=None): command = dbus_to_python(command) log.debug1("config.policies.removeLockdownWhitelistCommand('%s')", command) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if command not in settings[0]: raise FirewallError(errors.NOT_ENABLED, command) settings[0].remove(command) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistCommand(self, command, sender=None): # pylint: disable=W0613 command = dbus_to_python(command) log.debug1("config.policies.queryLockdownWhitelistCommand('%s')", command) return command in self.getLockdownWhitelist()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistCommands(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelistCommands()") return self.getLockdownWhitelist()[0] # context @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def addLockdownWhitelistContext(self, context, sender=None): context = dbus_to_python(context) log.debug1("config.policies.addLockdownWhitelistContext('%s')", context) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if context in settings[1]: raise FirewallError(errors.ALREADY_ENABLED, context) settings[1].append(context) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def removeLockdownWhitelistContext(self, context, sender=None): context = dbus_to_python(context) log.debug1("config.policies.removeLockdownWhitelistContext('%s')", context) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if context not in settings[1]: raise FirewallError(errors.NOT_ENABLED, context) settings[1].remove(context) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistContext(self, context, sender=None): # pylint: disable=W0613 context = dbus_to_python(context) log.debug1("config.policies.queryLockdownWhitelistContext('%s')", context) return context in self.getLockdownWhitelist()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistContexts(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelistContexts()") return self.getLockdownWhitelist()[1] # user @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def addLockdownWhitelistUser(self, user, sender=None): user = dbus_to_python(user) log.debug1("config.policies.addLockdownWhitelistUser('%s')", user) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if user in settings[2]: raise FirewallError(errors.ALREADY_ENABLED, user) settings[2].append(user) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def removeLockdownWhitelistUser(self, user, sender=None): user = dbus_to_python(user) log.debug1("config.policies.removeLockdownWhitelistUser('%s')", user) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if user not in settings[2]: raise FirewallError(errors.NOT_ENABLED, user) settings[2].remove(user) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistUser(self, user, sender=None): # pylint: disable=W0613 user = dbus_to_python(user) log.debug1("config.policies.queryLockdownWhitelistUser('%s')", user) return user in self.getLockdownWhitelist()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistUsers(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelistUsers()") return self.getLockdownWhitelist()[2] # uid @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i') @dbus_handle_exceptions def addLockdownWhitelistUid(self, uid, sender=None): uid = dbus_to_python(uid) log.debug1("config.policies.addLockdownWhitelistUid(%d)", uid) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if uid in settings[3]: raise FirewallError(errors.ALREADY_ENABLED, uid) settings[3].append(uid) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i') @dbus_handle_exceptions def removeLockdownWhitelistUid(self, uid, sender=None): uid = dbus_to_python(uid) log.debug1("config.policies.removeLockdownWhitelistUid(%d)", uid) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if uid not in settings[3]: raise FirewallError(errors.NOT_ENABLED, uid) settings[3].remove(uid) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistUid(self, uid, sender=None): # pylint: disable=W0613 uid = dbus_to_python(uid) log.debug1("config.policies.queryLockdownWhitelistUid(%d)", uid) return uid in self.getLockdownWhitelist()[3] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature='ai') @dbus_handle_exceptions def getLockdownWhitelistUids(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelistUids()") return self.getLockdownWhitelist()[3] # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # I P S E T S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listIPSets(self, sender=None): # pylint: disable=W0613 """list ipsets objects paths """ log.debug1("config.listIPSets()") return self.ipsets @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getIPSetNames(self, sender=None): # pylint: disable=W0613 """get ipset names """ log.debug1("config.getIPSetNames()") ipsets = [ ] for obj in self.ipsets: ipsets.append(obj.obj.name) return sorted(ipsets) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getIPSetByName(self, ipset, sender=None): # pylint: disable=W0613 """object path of ipset with given name """ ipset = dbus_to_python(ipset, str) log.debug1("config.getIPSetByName('%s')", ipset) for obj in self.ipsets: if obj.obj.name == ipset: return obj raise FirewallError(errors.INVALID_IPSET, ipset) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s'+IPSet.DBUS_SIGNATURE, out_signature='o') @dbus_handle_exceptions def addIPSet(self, ipset, settings, sender=None): """add ipset with given name and settings """ ipset = dbus_to_python(ipset, str) settings = dbus_to_python(settings) log.debug1("config.addIPSet('%s')", ipset) self.accessCheck(sender) obj = self.config.new_ipset(ipset, settings) config_ipset = self._addIPSet(obj) return config_ipset @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def IPSetAdded(self, ipset): ipset = dbus_to_python(ipset, str) log.debug1("config.IPSetAdded('%s')" % (ipset)) # I C M P T Y P E S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listIcmpTypes(self, sender=None): # pylint: disable=W0613 """list icmptypes objects paths """ log.debug1("config.listIcmpTypes()") return self.icmptypes @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getIcmpTypeNames(self, sender=None): # pylint: disable=W0613 """get icmptype names """ log.debug1("config.getIcmpTypeNames()") icmptypes = [ ] for obj in self.icmptypes: icmptypes.append(obj.obj.name) return sorted(icmptypes) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getIcmpTypeByName(self, icmptype, sender=None): # pylint: disable=W0613 """object path of icmptype with given name """ icmptype = dbus_to_python(icmptype, str) log.debug1("config.getIcmpTypeByName('%s')", icmptype) for obj in self.icmptypes: if obj.obj.name == icmptype: return obj raise FirewallError(errors.INVALID_ICMPTYPE, icmptype) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s'+IcmpType.DBUS_SIGNATURE, out_signature='o') @dbus_handle_exceptions def addIcmpType(self, icmptype, settings, sender=None): """add icmptype with given name and settings """ icmptype = dbus_to_python(icmptype, str) settings = dbus_to_python(settings) log.debug1("config.addIcmpType('%s')", icmptype) self.accessCheck(sender) obj = self.config.new_icmptype(icmptype, settings) config_icmptype = self._addIcmpType(obj) return config_icmptype @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def IcmpTypeAdded(self, icmptype): log.debug1("config.IcmpTypeAdded('%s')" % (icmptype)) # S E R V I C E S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listServices(self, sender=None): # pylint: disable=W0613 """list services objects paths """ log.debug1("config.listServices()") return self.services @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getServiceNames(self, sender=None): # pylint: disable=W0613 """get service names """ log.debug1("config.getServiceNames()") services = [ ] for obj in self.services: services.append(obj.obj.name) return sorted(services) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getServiceByName(self, service, sender=None): # pylint: disable=W0613 """object path of service with given name """ service = dbus_to_python(service, str) log.debug1("config.getServiceByName('%s')", service) for obj in self.services: if obj.obj.name == service: return obj raise FirewallError(errors.INVALID_SERVICE, service) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s(sssa(ss)asa{ss}asa(ss))', out_signature='o') @dbus_handle_exceptions def addService(self, service, settings, sender=None): """add service with given name and settings """ service = dbus_to_python(service, str) settings = dbus_to_python(settings) log.debug1("config.addService('%s')", service) self.accessCheck(sender) obj = self.config.new_service(service, settings) config_service = self._addService(obj) return config_service @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='sa{sv}', out_signature='o') @dbus_handle_exceptions def addService2(self, service, settings, sender=None): """add service with given name and settings """ service = dbus_to_python(service, str) settings = dbus_to_python(settings) log.debug1("config.addService2('%s')", service) self.accessCheck(sender) obj = self.config.new_service_dict(service, settings) config_service = self._addService(obj) return config_service @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def ServiceAdded(self, service): log.debug1("config.ServiceAdded('%s')" % (service)) # Z O N E S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listZones(self, sender=None): # pylint: disable=W0613 """list zones objects paths """ log.debug1("config.listZones()") return self.zones @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getZoneNames(self, sender=None): # pylint: disable=W0613 """get zone names """ log.debug1("config.getZoneNames()") zones = [ ] for obj in self.zones: zones.append(obj.obj.name) return sorted(zones) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getZoneByName(self, zone, sender=None): # pylint: disable=W0613 """object path of zone with given name """ zone = dbus_to_python(zone, str) log.debug1("config.getZoneByName('%s')", zone) for obj in self.zones: if obj.obj.name == zone: return obj raise FirewallError(errors.INVALID_ZONE, zone) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='s') @dbus_handle_exceptions def getZoneOfInterface(self, iface, sender=None): # pylint: disable=W0613 """name of zone the given interface belongs to """ iface = dbus_to_python(iface, str) log.debug1("config.getZoneOfInterface('%s')", iface) ret = [] for obj in self.zones: if iface in obj.obj.interfaces: ret.append(obj.obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same interface is in several zone XML files return " ".join(ret) + \ " (ERROR: interface '%s' is in %s zone XML files, can be only in one)" % \ (iface, len(ret)) return ret[0] if ret else "" @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='s') @dbus_handle_exceptions def getZoneOfSource(self, source, sender=None): # pylint: disable=W0613 """name of zone the given source belongs to """ source = dbus_to_python(source, str) log.debug1("config.getZoneOfSource('%s')", source) ret = [] for obj in self.zones: if source in obj.obj.sources: ret.append(obj.obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same source is in several zone XML files return " ".join(ret) + \ " (ERROR: source '%s' is in %s zone XML files, can be only in one)" % \ (source, len(ret)) return ret[0] if ret else "" @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature="s(sssbsasa(ss)asba(ssss)asasasasa(ss)b)", out_signature='o') @dbus_handle_exceptions def addZone(self, zone, settings, sender=None): """add zone with given name and settings """ zone = dbus_to_python(zone, str) settings = dbus_to_python(settings) log.debug1("config.addZone('%s')", zone) self.accessCheck(sender) if settings[4] == "default": # convert to list, fix target, convert back to tuple _settings = list(settings) _settings[4] = DEFAULT_ZONE_TARGET settings = tuple(_settings) obj = self.config.new_zone(zone, settings) config_zone = self._addZone(obj) return config_zone @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature="sa{sv}", out_signature='o') @dbus_handle_exceptions def addZone2(self, zone, settings, sender=None): """add zone with given name and settings """ zone = dbus_to_python(zone, str) settings = dbus_to_python(settings) log.debug1("config.addZone('%s')", zone) self.accessCheck(sender) if "target" in settings and settings["target"] == "default": settings["target"] = DEFAULT_ZONE_TARGET obj = self.config.new_zone_dict(zone, settings) config_zone = self._addZone(obj) return config_zone @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def ZoneAdded(self, zone): log.debug1("config.ZoneAdded('%s')" % (zone)) # policies @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listPolicies(self, sender=None): """list policies objects paths """ log.debug1("config.listPolicies()") return self.policy_objects @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getPolicyNames(self, sender=None): """get policy names """ log.debug1("config.getPolicyNames()") policies = [ ] for obj in self.policy_objects: policies.append(obj.obj.name) return sorted(policies) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getPolicyByName(self, policy, sender=None): """object path of policy with given name """ policy = dbus_to_python(policy, str) log.debug1("config.getPolicyByName('%s')", policy) for obj in self.policy_objects: if obj.obj.name == policy: return obj raise FirewallError(errors.INVALID_POLICY, policy) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature="sa{sv}", out_signature='o') @dbus_handle_exceptions def addPolicy(self, policy, settings, sender=None): """add policy with given name and settings """ policy = dbus_to_python(policy, str) settings = dbus_to_python(settings) log.debug1("config.addPolicy('%s')", policy) self.accessCheck(sender) obj = self.config.new_policy_object_dict(policy, settings) config_policy = self._addPolicy(obj) return config_policy @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def PolicyAdded(self, policy): log.debug1("config.PolicyAdded('%s')" % (policy)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # H E L P E R S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listHelpers(self, sender=None): # pylint: disable=W0613 """list helpers objects paths """ log.debug1("config.listHelpers()") return self.helpers @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getHelperNames(self, sender=None): # pylint: disable=W0613 """get helper names """ log.debug1("config.getHelperNames()") helpers = [ ] for obj in self.helpers: helpers.append(obj.obj.name) return sorted(helpers) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getHelperByName(self, helper, sender=None): # pylint: disable=W0613 """object path of helper with given name """ helper = dbus_to_python(helper, str) log.debug1("config.getHelperByName('%s')", helper) for obj in self.helpers: if obj.obj.name == helper: return obj raise FirewallError(errors.INVALID_HELPER, helper) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s'+Helper.DBUS_SIGNATURE, out_signature='o') @dbus_handle_exceptions def addHelper(self, helper, settings, sender=None): """add helper with given name and settings """ helper = dbus_to_python(helper, str) settings = dbus_to_python(settings) log.debug1("config.addHelper('%s')", helper) self.accessCheck(sender) obj = self.config.new_helper(helper, settings) config_helper = self._addHelper(obj) return config_helper @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def HelperAdded(self, helper): helper = dbus_to_python(helper, str) log.debug1("config.HelperAdded('%s')" % (helper)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, out_signature=Direct.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 # returns list ipv, table, list of chains log.debug1("config.direct.getSettings()") return self.config.get_direct().export_config() @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature=Direct.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): # pylint: disable=W0613 # returns list ipv, table, list of chains log.debug1("config.direct.update()") settings = dbus_to_python(settings) self.config.get_direct().import_config(settings, {}) self.config.get_direct().write() self.Updated() @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_handle_exceptions def Updated(self): log.debug1("config.direct.Updated()") # chain @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss') @dbus_handle_exceptions def addChain(self, ipv, table, chain, sender=None): ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.addChain('%s', '%s', '%s')" % \ (ipv, table, chain)) self.accessCheck(sender) idx = tuple((ipv, table, chain)) settings = list(self.getSettings()) if idx in settings[0]: raise FirewallError(errors.ALREADY_ENABLED, "chain '%s' already is in '%s:%s'" % \ (chain, ipv, table)) settings[0].append(idx) self.update(settings) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss') @dbus_handle_exceptions def removeChain(self, ipv, table, chain, sender=None): ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.removeChain('%s', '%s', '%s')" % \ (ipv, table, chain)) self.accessCheck(sender) idx = tuple((ipv, table, chain)) settings = list(self.getSettings()) if idx not in settings[0]: raise FirewallError(errors.NOT_ENABLED, "chain '%s' is not in '%s:%s'" % (chain, ipv, table)) settings[0].remove(idx) self.update(settings) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss', out_signature='b') @dbus_handle_exceptions def queryChain(self, ipv, table, chain, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.queryChain('%s', '%s', '%s')" % \ (ipv, table, chain)) idx = tuple((ipv, table, chain)) return idx in self.getSettings()[0] @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='ss', out_signature='as') @dbus_handle_exceptions def getChains(self, ipv, table, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) table = dbus_to_python(table) log.debug1("config.direct.getChains('%s', '%s')" % (ipv, table)) ret = [ ] for idx in self.getSettings()[0]: if idx[0] == ipv and idx[1] == table: ret.append(idx[2]) return ret @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='', out_signature='a(sss)') @dbus_handle_exceptions def getAllChains(self, sender=None): # pylint: disable=W0613 log.debug1("config.direct.getAllChains()") return self.getSettings()[0] # rule @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias') @dbus_handle_exceptions def addRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=R0913 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) priority = dbus_to_python(priority) args = dbus_to_python(args) log.debug1("config.direct.addRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) self.accessCheck(sender) idx = (ipv, table, chain, priority, args) settings = list(self.getSettings()) if idx in settings[1]: raise FirewallError(errors.ALREADY_ENABLED, "rule '%s' already is in '%s:%s:%s'" % \ (args, ipv, table, chain)) settings[1].append(idx) self.update(tuple(settings)) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias') @dbus_handle_exceptions def removeRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=R0913 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) priority = dbus_to_python(priority) args = dbus_to_python(args) log.debug1("config.direct.removeRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) self.accessCheck(sender) idx = (ipv, table, chain, priority, args) settings = list(self.getSettings()) if idx not in settings[1]: raise FirewallError(errors.NOT_ENABLED, "rule '%s' is not in '%s:%s:%s'" % \ (args, ipv, table, chain)) settings[1].remove(idx) self.update(tuple(settings)) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias', out_signature='b') @dbus_handle_exceptions def queryRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=W0613,R0913 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) priority = dbus_to_python(priority) args = dbus_to_python(args) log.debug1("config.direct.queryRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) idx = (ipv, table, chain, priority, args) return idx in self.getSettings()[1] @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss') @dbus_handle_exceptions def removeRules(self, ipv, table, chain, sender=None): ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.removeRules('%s', '%s', '%s')" % \ (ipv, table, chain, )) self.accessCheck(sender) settings = list(self.getSettings()) for rule in settings[1][:]: if (ipv, table, chain) == (rule[0], rule[1], rule[2]): settings[1].remove(rule) self.update(tuple(settings)) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss', out_signature='a(ias)') @dbus_handle_exceptions def getRules(self, ipv, table, chain, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.getRules('%s', '%s', '%s')" % \ (ipv, table, chain)) ret = [ ] for idx in self.getSettings()[1]: if idx[0] == ipv and idx[1] == table and idx[2] == chain: ret.append((idx[3], idx[4])) return ret @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='', out_signature='a(sssias)') @dbus_handle_exceptions def getAllRules(self, sender=None): # pylint: disable=W0613 log.debug1("config.direct.getAllRules()") return self.getSettings()[1] # passthrough @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas') @dbus_handle_exceptions def addPassthrough(self, ipv, args, sender=None): ipv = dbus_to_python(ipv) args = dbus_to_python(args) log.debug1("config.direct.addPassthrough('%s', '%s')" % \ (ipv, "','".join(args))) self.accessCheck(sender) idx = (ipv, args) settings = list(self.getSettings()) if idx in settings[2]: raise FirewallError(errors.ALREADY_ENABLED, "passthrough '%s', '%s'" % (ipv, args)) settings[2].append(idx) self.update(settings) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas') @dbus_handle_exceptions def removePassthrough(self, ipv, args, sender=None): ipv = dbus_to_python(ipv) args = dbus_to_python(args) log.debug1("config.direct.removePassthrough('%s', '%s')" % \ (ipv, "','".join(args))) self.accessCheck(sender) idx = (ipv, args) settings = list(self.getSettings()) if idx not in settings[2]: raise FirewallError(errors.NOT_ENABLED, "passthrough '%s', '%s'" % (ipv, args)) settings[2].remove(idx) self.update(settings) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas', out_signature='b') @dbus_handle_exceptions def queryPassthrough(self, ipv, args, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) args = dbus_to_python(args) log.debug1("config.direct.queryPassthrough('%s', '%s')" % \ (ipv, "','".join(args))) idx = (ipv, args) return idx in self.getSettings()[2] @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getPassthroughs(self, ipv, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) log.debug1("config.direct.getPassthroughs('%s')" % (ipv)) ret = [ ] for idx in self.getSettings()[2]: if idx[0] == ipv: ret.append(idx[1]) return ret @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, out_signature='a(sas)') @dbus_handle_exceptions def getAllPassthroughs(self, sender=None): # pylint: disable=W0613 log.debug1("config.direct.getAllPassthroughs()") return self.getSettings()[2] PK��,(�Z��ϬI��I��config_ipset.pynu��[��# -- coding: utf-8 -- # # Copyright (C) 2015-2016 Red Hat, Inc. # # Authors: # Thomas Woerner <twoerner@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import dbus import dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.ipset import IPSet from firewall.core.ipset import IPSET_TYPES, normalize_ipset_entry, \ check_entry_overlaps_existing, \ check_for_overlapping_entries from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_polkit_require_auth from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfigIPSet # ############################################################################ class FirewallDConfigIPSet(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, ipset, item_id, args, *kwargs): super(FirewallDConfigIPSet, self).__init__(args, *kwargs) self.parent = parent self.config = conf self.obj = ipset self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.ipset.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_IPSET) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_IPSET: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_IPSET: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_IPSET: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigIPSet, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_IPSET) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature=IPSet.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for ipset """ log.debug1("%s.getSettings()", self._log_prefix) return self.config.get_ipset_config(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature=IPSet.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for ipset """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_ipset_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin ipset """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_ipset_defaults(self.obj) self.Updated(self.obj.name) #self.PropertiesChanged(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, # { "default": True }, [ ]) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET) @dbus_handle_exceptions def remove(self, sender=None): """remove ipset """ log.debug1("%s.remove()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_ipset(self.obj) self.parent.removeIPSet(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename ipset """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_ipset(self.obj, name) self.Renamed(name) #self.PropertiesChanged(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, # { "name": name }, [ ]) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # type @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='s') @dbus_handle_exceptions def getType(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getType()", self._log_prefix) return self.getSettings()[3] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def setType(self, ipset_type, sender=None): ipset_type = dbus_to_python(ipset_type, str) log.debug1("%s.setType('%s')", self._log_prefix, ipset_type) self.parent.accessCheck(sender) if ipset_type not in IPSET_TYPES: raise FirewallError(errors.INVALID_TYPE, ipset_type) settings = list(self.getSettings()) settings[3] = ipset_type self.update(settings) # options @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='a{ss}') @dbus_handle_exceptions def getOptions(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getOptions()", self._log_prefix) return self.getSettings()[4] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='a{ss}') @dbus_handle_exceptions def setOptions(self, options, sender=None): options = dbus_to_python(options, dict) log.debug1("%s.setOptions('[%s]')", self._log_prefix, repr(options)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[4] = options self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='ss') @dbus_handle_exceptions def addOption(self, key, value, sender=None): key = dbus_to_python(key, str) value = dbus_to_python(value, str) log.debug1("%s.addOption('%s', '%s')", self._log_prefix, key, value) self.parent.accessCheck(sender) settings = list(self.getSettings()) if key in settings[4] and settings[4][key] == value: raise FirewallError(errors.ALREADY_ENABLED, "'%s': '%s'" % (key, value)) settings[4][key] = value self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def removeOption(self, key, sender=None): key = dbus_to_python(key, str) log.debug1("%s.removeOption('%s')", self._log_prefix, key) self.parent.accessCheck(sender) settings = list(self.getSettings()) if key not in settings[4]: raise FirewallError(errors.NOT_ENABLED, key) del settings[4][key] self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryOption(self, key, value, sender=None): # pylint: disable=W0613 key = dbus_to_python(key, str) value = dbus_to_python(value, str) log.debug1("%s.queryOption('%s', '%s')", self._log_prefix, key, value) settings = list(self.getSettings()) return (key in settings[4] and settings[4][key] == value) # entries @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='as') @dbus_handle_exceptions def getEntries(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getEntries()", self._log_prefix) return self.getSettings()[5] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='as') @dbus_handle_exceptions def setEntries(self, entries, sender=None): entries = dbus_to_python(entries, list) check_for_overlapping_entries(entries) log.debug1("%s.setEntries('[%s]')", self._log_prefix, ",".join(entries)) self.parent.accessCheck(sender) settings = list(self.getSettings()) if "timeout" in settings[4] and settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) settings[5] = entries self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def addEntry(self, entry, sender=None): entry = dbus_to_python(entry, str) entry = normalize_ipset_entry(entry) log.debug1("%s.addEntry('%s')", self._log_prefix, entry) self.parent.accessCheck(sender) settings = list(self.getSettings()) if "timeout" in settings[4] and settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) if entry in settings[5]: raise FirewallError(errors.ALREADY_ENABLED, entry) check_entry_overlaps_existing(entry, settings[5]) settings[5].append(entry) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def removeEntry(self, entry, sender=None): entry = dbus_to_python(entry, str) entry = normalize_ipset_entry(entry) log.debug1("%s.removeEntry('%s')", self._log_prefix, entry) self.parent.accessCheck(sender) settings = list(self.getSettings()) if "timeout" in settings[4] and settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) if entry not in settings[5]: raise FirewallError(errors.NOT_ENABLED, entry) settings[5].remove(entry) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryEntry(self, entry, sender=None): # pylint: disable=W0613 entry = dbus_to_python(entry, str) entry = normalize_ipset_entry(entry) log.debug1("%s.queryEntry('%s')", self._log_prefix, entry) settings = list(self.getSettings()) if "timeout" in settings[4] and settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) return entry in settings[5] PK��,(�Z��{��firewalld.pynu��[��# -- coding: utf-8 -- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner <twoerner@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. __all__ = [ "FirewallD" ] from gi.repository import GLib import copy import dbus import dbus.service from firewall import config from firewall.core.fw import Firewall from firewall.core.rich import Rich_Rule from firewall.core.logger import log from firewall.client import FirewallClientZoneSettings from firewall.server.dbus import FirewallDBusException, DbusServiceObject from firewall.server.decorators import dbus_handle_exceptions, \ dbus_service_method, \ handle_exceptions, \ dbus_service_method_deprecated, \ dbus_service_signal_deprecated, \ dbus_polkit_require_auth from firewall.server.config import FirewallDConfig from firewall.dbus_utils import dbus_to_python, \ command_of_sender, context_of_sender, uid_of_sender, user_of_uid, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties, \ dbus_introspection_add_deprecated from firewall.core.io.functions import check_on_disk_config from firewall.core.io.ipset import IPSet from firewall.core.io.icmptype import IcmpType from firewall.core.io.helper import Helper from firewall.core.fw_nm import nm_get_connection_of_interface, \ nm_set_zone_of_connection from firewall.core.fw_ifcfg import ifcfg_set_zone_of_interface from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallD # ############################################################################ class FirewallD(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use config.dbus.PK_ACTION_CONFIG as a default """ @handle_exceptions def __init__(self, args, *kwargs): super(FirewallD, self).__init__(args, *kwargs) self.fw = Firewall() self.busname = args[0] self.path = args[1] self.start() dbus_introspection_prepare_properties(self, config.dbus.DBUS_INTERFACE) self.config = FirewallDConfig(self.fw.config, self.busname, config.dbus.DBUS_PATH_CONFIG) def __del__(self): self.stop() @handle_exceptions def start(self): # tests if iptables and ip6tables are usable using test functions # loads default firewall rules for iptables and ip6tables log.debug1("start()") self._timeouts = { } return self.fw.start() @handle_exceptions def stop(self): # stops firewall: unloads firewall modules, flushes chains and tables, # resets policies log.debug1("stop()") return self.fw.stop() # lockdown functions @dbus_handle_exceptions def accessCheck(self, sender): if self.fw.policies.query_lockdown(): if sender is None: log.error("Lockdown not possible, sender not set.") return bus = dbus.SystemBus() context = context_of_sender(bus, sender) if self.fw.policies.access_check("context", context): return uid = uid_of_sender(bus, sender) if self.fw.policies.access_check("uid", uid): return user = user_of_uid(uid) if self.fw.policies.access_check("user", user): return command = command_of_sender(bus, sender) if self.fw.policies.access_check("command", command): return raise FirewallError(errors.ACCESS_DENIED, "lockdown is enabled") # timeout functions @dbus_handle_exceptions def addTimeout(self, zone, x, tag): if zone not in self._timeouts: self._timeouts[zone] = { } self._timeouts[zone][x] = tag @dbus_handle_exceptions def removeTimeout(self, zone, x): if zone in self._timeouts and x in self._timeouts[zone]: GLib.source_remove(self._timeouts[zone][x]) del self._timeouts[zone][x] @dbus_handle_exceptions def cleanup_timeouts(self): # cleanup timeouts for zone in self._timeouts: for x in self._timeouts[zone]: GLib.source_remove(self._timeouts[zone][x]) self._timeouts[zone].clear() self._timeouts.clear() # property handling @dbus_handle_exceptions def _get_property(self, prop): if prop == "version": return dbus.String(config.VERSION) elif prop == "interface_version": return dbus.String("%d.%d" % (config.dbus.DBUS_INTERFACE_VERSION, config.dbus.DBUS_INTERFACE_REVISION)) elif prop == "state": return dbus.String(self.fw.get_state()) elif prop == "IPv4": return dbus.Boolean(self.fw.is_ipv_enabled("ipv4")) elif prop == "IPv4ICMPTypes": return dbus.Array(self.fw.ipv4_supported_icmp_types, "s") elif prop == "IPv6": return dbus.Boolean(self.fw.is_ipv_enabled("ipv6")) elif prop == "IPv6_rpfilter": return dbus.Boolean(self.fw.ipv6_rpfilter_enabled) elif prop == "IPv6ICMPTypes": return dbus.Array(self.fw.ipv6_supported_icmp_types, "s") elif prop == "BRIDGE": return dbus.Boolean(self.fw.ebtables_enabled) elif prop == "IPSet": return dbus.Boolean(self.fw.ipset_enabled) elif prop == "IPSetTypes": return dbus.Array(self.fw.ipset_supported_types, "s") elif prop == "nf_conntrack_helper_setting": return dbus.Boolean(False) elif prop == "nf_conntrack_helpers": return dbus.Dictionary({}, "sas") elif prop == "nf_nat_helpers": return dbus.Dictionary({}, "sas") else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % prop) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("Get('%s', '%s')", interface_name, property_name) if interface_name == config.dbus.DBUS_INTERFACE: return self._get_property(property_name) elif interface_name in [ config.dbus.DBUS_INTERFACE_ZONE, config.dbus.DBUS_INTERFACE_DIRECT, config.dbus.DBUS_INTERFACE_POLICIES, config.dbus.DBUS_INTERFACE_IPSET ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("GetAll('%s')", interface_name) ret = { } if interface_name == config.dbus.DBUS_INTERFACE: for x in [ "version", "interface_version", "state", "IPv4", "IPv6", "IPv6_rpfilter", "BRIDGE", "IPSet", "IPSetTypes", "nf_conntrack_helper_setting", "nf_conntrack_helpers", "nf_nat_helpers", "IPv4ICMPTypes", "IPv6ICMPTypes" ]: ret[x] = self._get_property(x) elif interface_name in [ config.dbus.DBUS_INTERFACE_ZONE, config.dbus.DBUS_INTERFACE_DIRECT, config.dbus.DBUS_INTERFACE_POLICIES, config.dbus.DBUS_INTERFACE_IPSET ]: pass else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("Set('%s', '%s', '%s')", interface_name, property_name, new_value) self.accessCheck(sender) if interface_name == config.dbus.DBUS_INTERFACE: if property_name in [ "version", "interface_version", "state", "IPv4", "IPv6", "IPv6_rpfilter", "BRIDGE", "IPSet", "IPSetTypes", "nf_conntrack_helper_setting", "nf_conntrack_helpers", "nf_nat_helpers", "IPv4ICMPTypes", "IPv6ICMPTypes" ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) elif interface_name in [ config.dbus.DBUS_INTERFACE_ZONE, config.dbus.DBUS_INTERFACE_DIRECT, config.dbus.DBUS_INTERFACE_POLICIES, config.dbus.DBUS_INTERFACE_IPSET ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("PropertiesChanged('%s', '%s', '%s')", interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("Introspect()") data = super(FirewallD, self).Introspect(self.path, self.busname.get_bus()) data = dbus_introspection_add_properties(self, data, config.dbus.DBUS_INTERFACE) for interface in [config.dbus.DBUS_INTERFACE_DIRECT]: data = dbus_introspection_add_deprecated(self, data, interface, dbus_service_method_deprecated().deprecated, dbus_service_signal_deprecated().deprecated) return data # reload @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def reload(self, sender=None): # pylint: disable=W0613 """Reload the firewall rules. """ log.debug1("reload()") self.fw.reload() self.config.reload() self.Reloaded() # complete_reload @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def completeReload(self, sender=None): # pylint: disable=W0613 """Completely reload the firewall. Completely reload the firewall: Stops firewall, unloads modules and starts the firewall again. """ log.debug1("completeReload()") self.fw.reload(True) self.config.reload() self.Reloaded() @dbus.service.signal(config.dbus.DBUS_INTERFACE) @dbus_handle_exceptions def Reloaded(self): log.debug1("Reloaded()") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def checkPermanentConfig(self, sender=None): # pylint: disable=W0613 """Check permanent configuration """ log.debug1("checkPermanentConfig()") check_on_disk_config(self.fw) # runtime to permanent @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def runtimeToPermanent(self, sender=None): # pylint: disable=W0613 """Make runtime configuration permanent """ log.debug1("copyRuntimeToPermanent()") error = False # Services or icmptypes can not be modified in runtime, but they can # be removed or modified in permanent environment. Therefore copying # of services and icmptypes to permanent is also needed. # services config_names = self.config.getServiceNames() for name in self.fw.service.get_services(): conf = self.getServiceSettings(name) try: if name in config_names: conf_obj = self.config.getServiceByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying service '%s' settings" % name) conf_obj.update(conf) else: log.debug1("Service '%s' is identical, ignoring." % name) else: log.debug1("Creating service '%s'" % name) self.config.addService(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on service '%s': %s" % \ (name, e)) error = True # icmptypes config_names = self.config.getIcmpTypeNames() for name in self.fw.icmptype.get_icmptypes(): conf = self.getIcmpTypeSettings(name) try: if name in config_names: conf_obj = self.config.getIcmpTypeByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying icmptype '%s' settings" % name) conf_obj.update(conf) else: log.debug1("IcmpType '%s' is identical, ignoring." % name) else: log.debug1("Creating icmptype '%s'" % name) self.config.addIcmpType(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on icmptype '%s': %s" % \ (name, e)) error = True # ipsets config_names = self.config.getIPSetNames() for name in self.fw.ipset.get_ipsets(): try: conf = self.getIPSetSettings(name) if name in config_names: conf_obj = self.config.getIPSetByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying ipset '%s' settings" % name) conf_obj.update(conf) else: log.debug1("IPSet '%s' is identical, ignoring." % name) else: log.debug1("Creating ipset '%s'" % name) self.config.addIPSet(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on ipset '%s': %s" % \ (name, e)) error = True # zones config_names = self.config.getZoneNames() for name in self.fw.zone.get_zones(): conf = self.getZoneSettings2(name) settings = FirewallClientZoneSettings(conf) changed = False for interface in self.fw._nm_assigned_interfaces: log.debug1("Zone '%s': interface binding for '%s' has been added by NM, ignoring." % (name, interface)) settings.removeInterface(interface) changed = True # For the remaining interfaces, attempt to let NM manage them for interface in settings.getInterfaces(): try: connection = nm_get_connection_of_interface(interface) if connection and nm_set_zone_of_connection(name, connection): settings.removeInterface(interface) changed = True except Exception: pass if changed: conf = settings.getSettingsDict() # For the remaining try to update the ifcfg files for interface in settings.getInterfaces(): ifcfg_set_zone_of_interface(name, interface) try: if name in config_names: conf_obj = self.config.getZoneByName(name) log.debug1("Copying zone '%s' settings" % name) conf_obj.update2(conf) else: log.debug1("Creating zone '%s'" % name) self.config.addZone2(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on zone '%s': %s" % \ (name, e)) error = True # policies config_names = self.config.getPolicyNames() for name in self.fw.policy.get_policies_not_derived_from_zone(): conf = self.getPolicySettings(name) try: if name in config_names: conf_obj = self.config.getPolicyByName(name) conf_obj.update(conf) else: log.debug1("Creating policy '%s'" % name) self.config.addPolicy(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on policy '%s': %s" % \ (name, e)) error = True # helpers config_names = self.config.getHelperNames() for name in self.fw.helper.get_helpers(): conf = self.getHelperSettings(name) try: if name in config_names: conf_obj = self.config.getHelperByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying helper '%s' settings" % name) conf_obj.update(conf) else: log.debug1("Helper '%s' is identical, ignoring." % name) else: log.debug1("Creating helper '%s'" % name) self.config.addHelper(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on helper '%s': %s" % \ (name, e)) error = True # direct # rt_config = self.fw.direct.get_config() conf = ( self.fw.direct.get_all_chains(), self.fw.direct.get_all_rules(), self.fw.direct.get_all_passthroughs() ) try: if self.config.getSettings() != conf: log.debug1("Copying direct configuration") self.config.update(conf) else: log.debug1("Direct configuration is identical, ignoring.") except Exception as e: log.warning( "Runtime To Permanent failed on direct configuration: %s" % e) error = True # policies conf = self.fw.policies.lockdown_whitelist.export_config() try: if self.config.getSettings() != conf: log.debug1("Copying policies configuration") self.config.setLockdownWhitelist(conf) else: log.debug1("Policies configuration is identical, ignoring.") except Exception as e: log.warning( "Runtime To Permanent failed on policies configuration: %s" % \ e) error = True if error: raise FirewallError(errors.RT_TO_PERM_FAILED) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # POLICIES # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # lockdown @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='') @dbus_handle_exceptions def enableLockdown(self, sender=None): """Enable lockdown policies """ log.debug1("policies.enableLockdown()") self.accessCheck(sender) self.fw.policies.enable_lockdown() self.LockdownEnabled() @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='') @dbus_handle_exceptions def disableLockdown(self, sender=None): """Disable lockdown policies """ log.debug1("policies.disableLockdown()") self.accessCheck(sender) self.fw.policies.disable_lockdown() self.LockdownDisabled() @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='b') @dbus_handle_exceptions def queryLockdown(self, sender=None): # pylint: disable=W0613 """Retuns True if lockdown is enabled """ log.debug1("policies.queryLockdown()") # no access check here return self.fw.policies.query_lockdown() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='') @dbus_handle_exceptions def LockdownEnabled(self): log.debug1("LockdownEnabled()") @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='') @dbus_handle_exceptions def LockdownDisabled(self): log.debug1("LockdownDisabled()") # lockdown whitelist # command @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def addLockdownWhitelistCommand(self, command, sender=None): """Add lockdown command """ command = dbus_to_python(command, str) log.debug1("policies.addLockdownWhitelistCommand('%s')" % command) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.add_command(command) self.LockdownWhitelistCommandAdded(command) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def removeLockdownWhitelistCommand(self, command, sender=None): """Remove lockdown command """ command = dbus_to_python(command, str) log.debug1("policies.removeLockdownWhitelistCommand('%s')" % command) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.remove_command(command) self.LockdownWhitelistCommandRemoved(command) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistCommand(self, command, sender=None): # pylint: disable=W0613 """Query lockdown command """ command = dbus_to_python(command, str) log.debug1("policies.queryLockdownWhitelistCommand('%s')" % command) # no access check here return self.fw.policies.lockdown_whitelist.has_command(command) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistCommands(self, sender=None): # pylint: disable=W0613 """Add lockdown command """ log.debug1("policies.getLockdownWhitelistCommands()") # no access check here return self.fw.policies.lockdown_whitelist.get_commands() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistCommandAdded(self, command): log.debug1("LockdownWhitelistCommandAdded('%s')" % command) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistCommandRemoved(self, command): log.debug1("LockdownWhitelistCommandRemoved('%s')" % command) # uid @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='i', out_signature='') @dbus_handle_exceptions def addLockdownWhitelistUid(self, uid, sender=None): """Add lockdown uid """ uid = dbus_to_python(uid, int) log.debug1("policies.addLockdownWhitelistUid('%s')" % uid) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.add_uid(uid) self.LockdownWhitelistUidAdded(uid) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='i', out_signature='') @dbus_handle_exceptions def removeLockdownWhitelistUid(self, uid, sender=None): """Remove lockdown uid """ uid = dbus_to_python(uid, int) log.debug1("policies.removeLockdownWhitelistUid('%s')" % uid) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.remove_uid(uid) self.LockdownWhitelistUidRemoved(uid) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='i', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistUid(self, uid, sender=None): # pylint: disable=W0613 """Query lockdown uid """ uid = dbus_to_python(uid, int) log.debug1("policies.queryLockdownWhitelistUid('%s')" % uid) # no access check here return self.fw.policies.lockdown_whitelist.has_uid(uid) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='ai') @dbus_handle_exceptions def getLockdownWhitelistUids(self, sender=None): # pylint: disable=W0613 """Add lockdown uid """ log.debug1("policies.getLockdownWhitelistUids()") # no access check here return self.fw.policies.lockdown_whitelist.get_uids() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='i') @dbus_handle_exceptions def LockdownWhitelistUidAdded(self, uid): log.debug1("LockdownWhitelistUidAdded(%d)" % uid) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='i') @dbus_handle_exceptions def LockdownWhitelistUidRemoved(self, uid): log.debug1("LockdownWhitelistUidRemoved(%d)" % uid) # user @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def addLockdownWhitelistUser(self, user, sender=None): """Add lockdown user """ user = dbus_to_python(user, str) log.debug1("policies.addLockdownWhitelistUser('%s')" % user) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.add_user(user) self.LockdownWhitelistUserAdded(user) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def removeLockdownWhitelistUser(self, user, sender=None): """Remove lockdown user """ user = dbus_to_python(user, str) log.debug1("policies.removeLockdownWhitelistUser('%s')" % user) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.remove_user(user) self.LockdownWhitelistUserRemoved(user) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistUser(self, user, sender=None): # pylint: disable=W0613 """Query lockdown user """ user = dbus_to_python(user, str) log.debug1("policies.queryLockdownWhitelistUser('%s')" % user) # no access check here return self.fw.policies.lockdown_whitelist.has_user(user) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistUsers(self, sender=None): # pylint: disable=W0613 """Add lockdown user """ log.debug1("policies.getLockdownWhitelistUsers()") # no access check here return self.fw.policies.lockdown_whitelist.get_users() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistUserAdded(self, user): log.debug1("LockdownWhitelistUserAdded('%s')" % user) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistUserRemoved(self, user): log.debug1("LockdownWhitelistUserRemoved('%s')" % user) # context @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def addLockdownWhitelistContext(self, context, sender=None): """Add lockdown context """ context = dbus_to_python(context, str) log.debug1("policies.addLockdownWhitelistContext('%s')" % context) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.add_context(context) self.LockdownWhitelistContextAdded(context) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def removeLockdownWhitelistContext(self, context, sender=None): """Remove lockdown context """ context = dbus_to_python(context, str) log.debug1("policies.removeLockdownWhitelistContext('%s')" % context) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.remove_context(context) self.LockdownWhitelistContextRemoved(context) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistContext(self, context, sender=None): # pylint: disable=W0613 """Query lockdown context """ context = dbus_to_python(context, str) log.debug1("policies.queryLockdownWhitelistContext('%s')" % context) # no access check here return self.fw.policies.lockdown_whitelist.has_context(context) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistContexts(self, sender=None): # pylint: disable=W0613 """Add lockdown context """ log.debug1("policies.getLockdownWhitelistContexts()") # no access check here return self.fw.policies.lockdown_whitelist.get_contexts() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistContextAdded(self, context): log.debug1("LockdownWhitelistContextAdded('%s')" % context) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistContextRemoved(self, context): log.debug1("LockdownWhitelistContextRemoved('%s')" % context) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # PANIC @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def enablePanicMode(self, sender=None): """Enable panic mode. All ingoing and outgoing connections and packets will be blocked. """ log.debug1("enablePanicMode()") self.accessCheck(sender) self.fw.enable_panic_mode() self.PanicModeEnabled() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def disablePanicMode(self, sender=None): """Disable panic mode. Enables normal mode: Allowed ingoing and outgoing connections will not be blocked anymore """ log.debug1("disablePanicMode()") self.accessCheck(sender) self.fw.disable_panic_mode() self.PanicModeDisabled() @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='b') @dbus_handle_exceptions def queryPanicMode(self, sender=None): # pylint: disable=W0613 # returns True if in panic mode log.debug1("queryPanicMode()") return self.fw.query_panic_mode() @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='') @dbus_handle_exceptions def PanicModeEnabled(self): log.debug1("PanicModeEnabled()") @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='') @dbus_handle_exceptions def PanicModeDisabled(self): log.debug1("PanicModeDisabled()") # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # list functions @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)") @dbus_handle_exceptions def getZoneSettings(self, zone, sender=None): # pylint: disable=W0613 # returns zone settings for zone zone = dbus_to_python(zone, str) log.debug1("getZoneSettings(%s)", zone) return self.fw.zone.get_config_with_settings(zone) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature="a{sv}") @dbus_handle_exceptions def getZoneSettings2(self, zone, sender=None): zone = dbus_to_python(zone, str) log.debug1("getZoneSettings2(%s)", zone) return self.fw.zone.get_config_with_settings_dict(zone) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sa{sv}') @dbus_handle_exceptions def setZoneSettings2(self, zone, settings, sender=None): zone = dbus_to_python(zone, str) log.debug1("setZoneSettings2(%s)", zone) self.accessCheck(sender) self.fw.zone.set_config_with_settings_dict(zone, dbus_to_python(settings), sender) self.ZoneUpdated(zone, settings) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sa{sv}') @dbus_handle_exceptions def ZoneUpdated(self, zone, settings): log.debug1("zone.ZoneUpdated('%s', '%s')" % (zone, settings)) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICY, in_signature='s', out_signature="a{sv}") @dbus_handle_exceptions def getPolicySettings(self, policy, sender=None): policy = dbus_to_python(policy, str) log.debug1("policy.getPolicySettings(%s)", policy) return self.fw.policy.get_config_with_settings_dict(policy) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICY, in_signature='sa{sv}') @dbus_handle_exceptions def setPolicySettings(self, policy, settings, sender=None): policy = dbus_to_python(policy, str) log.debug1("policy.setPolicySettings(%s)", policy) self.accessCheck(sender) self.fw.policy.set_config_with_settings_dict(policy, dbus_to_python(settings), sender) self.PolicyUpdated(policy, settings) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICY, signature='sa{sv}') @dbus_handle_exceptions def PolicyUpdated(self, policy, settings): log.debug1("policy.PolicyUpdated('%s', '%s')" % (policy, settings)) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='as') @dbus_handle_exceptions def listServices(self, sender=None): # pylint: disable=W0613 # returns the list of services # TODO: should be renamed to getServices() # because is called by firewall-cmd --get-services log.debug1("listServices()") return self.fw.service.get_services() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='(sssa(ss)asa{ss}asa(ss))') @dbus_handle_exceptions def getServiceSettings(self, service, sender=None): # pylint: disable=W0613 # returns service settings for service service = dbus_to_python(service, str) log.debug1("getServiceSettings(%s)", service) obj = self.fw.service.get_service(service) conf_dict = obj.export_config_dict() conf_list = [] for i in range(8): # tuple based dbus API has 8 elements if obj.IMPORT_EXPORT_STRUCTURE[i][0] not in conf_dict: # old API needs the empty elements as well. Grab it from the # object otherwise we don't know the type. conf_list.append(copy.deepcopy(getattr(obj, obj.IMPORT_EXPORT_STRUCTURE[i][0]))) else: conf_list.append(conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]]) return tuple(conf_list) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def getServiceSettings2(self, service, sender=None): # pylint: disable=W0613 service = dbus_to_python(service, str) log.debug1("getServiceSettings2(%s)", service) obj = self.fw.service.get_service(service) return obj.export_config_dict() @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='as') @dbus_handle_exceptions def listIcmpTypes(self, sender=None): # pylint: disable=W0613 # returns the list of services # TODO: should be renamed to getIcmptypes() # because is called by firewall-cmd --get-icmptypes log.debug1("listIcmpTypes()") return self.fw.icmptype.get_icmptypes() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature=IcmpType.DBUS_SIGNATURE) @dbus_handle_exceptions def getIcmpTypeSettings(self, icmptype, sender=None): # pylint: disable=W0613 # returns icmptype settings for icmptype icmptype = dbus_to_python(icmptype, str) log.debug1("getIcmpTypeSettings(%s)", icmptype) return self.fw.icmptype.get_icmptype(icmptype).export_config() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # LOG DENIED @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='s') @dbus_handle_exceptions def getLogDenied(self, sender=None): # pylint: disable=W0613 # returns the log denied value log.debug1("getLogDenied()") return self.fw.get_log_denied() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='') @dbus_handle_exceptions def setLogDenied(self, value, sender=None): # set the log denied value value = dbus_to_python(value, str) log.debug1("setLogDenied('%s')" % value) self.accessCheck(sender) self.fw.set_log_denied(value) self.LogDeniedChanged(value) # must reload the firewall as well self.fw.reload() self.config.reload() self.Reloaded() @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='s') @dbus_handle_exceptions def LogDeniedChanged(self, value): log.debug1("LogDeniedChanged('%s')" % (value)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # AUTOMATIC HELPER ASSIGNMENT @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='s') @dbus_handle_exceptions def getAutomaticHelpers(self, sender=None): # pylint: disable=W0613 # returns the automatic helpers value log.debug1("getAutomaticHelpers()") # NOTE: This feature was removed and is now a noop. We retain the dbus # call to keep API. return "no" @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='') @dbus_handle_exceptions def setAutomaticHelpers(self, value, sender=None): # set the automatic helpers value value = dbus_to_python(value, str) log.debug1("setAutomaticHelpers('%s')" % value) self.accessCheck(sender) # NOTE: This feature was removed and is now a noop. We retain the dbus # call to keep API. @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='s') @dbus_handle_exceptions def AutomaticHelpersChanged(self, value): log.debug1("AutomaticHelpersChanged('%s')" % (value)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DEFAULT ZONE @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='s') @dbus_handle_exceptions def getDefaultZone(self, sender=None): # pylint: disable=W0613 # returns the system default zone log.debug1("getDefaultZone()") return self.fw.get_default_zone() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='') @dbus_handle_exceptions def setDefaultZone(self, zone, sender=None): # set the system default zone zone = dbus_to_python(zone, str) log.debug1("setDefaultZone('%s')" % zone) self.accessCheck(sender) self.fw.set_default_zone(zone) self.DefaultZoneChanged(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='s') @dbus_handle_exceptions def DefaultZoneChanged(self, zone): log.debug1("DefaultZoneChanged('%s')" % (zone)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # POLICY INTERFACE # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # POLICIES @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICY, in_signature='', out_signature='as') @dbus_handle_exceptions def getPolicies(self, sender=None): log.debug1("policy.getPolicies()") return self.fw.policy.get_policies_not_derived_from_zone() @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICY, in_signature='', out_signature='a{sa{sas}}') @dbus_handle_exceptions def getActivePolicies(self, sender=None): log.debug1("policy.getActivePolicies()") policies = { } for policy in self.fw.policy.get_active_policies_not_derived_from_zone(): policies[policy] = { } policies[policy]["ingress_zones"] = self.fw.policy.list_ingress_zones(policy) policies[policy]["egress_zones"] = self.fw.policy.list_egress_zones(policy) return policies # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ZONE INTERFACE # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ZONES @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) # TODO: shouldn't this be in DBUS_INTERFACE instead of DBUS_INTERFACE_ZONE ? @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='', out_signature='as') @dbus_handle_exceptions def getZones(self, sender=None): # pylint: disable=W0613 # returns the list of zones log.debug1("zone.getZones()") return self.fw.zone.get_zones() @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='', out_signature='a{sa{sas}}') @dbus_handle_exceptions def getActiveZones(self, sender=None): # pylint: disable=W0613 # returns the list of active zones log.debug1("zone.getActiveZones()") zones = { } for zone in self.fw.zone.get_zones(): interfaces = self.fw.zone.list_interfaces(zone) sources = self.fw.zone.list_sources(zone) if len(interfaces) + len(sources) > 0: zones[zone] = { } if len(interfaces) > 0: zones[zone]["interfaces"] = interfaces if len(sources) > 0: zones[zone]["sources"] = sources return zones @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def getZoneOfInterface(self, interface, sender=None): # pylint: disable=W0613 """Return the zone an interface belongs to. :Parameters: `interface` : str Name of the interface :Returns: str. The name of the zone. """ interface = dbus_to_python(interface, str) log.debug1("zone.getZoneOfInterface('%s')" % interface) zone = self.fw.zone.get_zone_of_interface(interface) if zone: return zone return "" @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def getZoneOfSource(self, source, sender=None): # pylint: disable=W0613 #Return the zone an source belongs to. source = dbus_to_python(source, str) log.debug1("zone.getZoneOfSource('%s')" % source) zone = self.fw.zone.get_zone_of_source(source) if zone: return zone return "" @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def isImmutable(self, zone, sender=None): # pylint: disable=W0613 # no immutable zones anymore return False # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # INTERFACES @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def addInterface(self, zone, interface, sender=None): """Add an interface to a zone. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) log.debug1("zone.addInterface('%s', '%s')" % (zone, interface)) self.accessCheck(sender) _zone = self.fw.zone.add_interface(zone, interface, sender) self.InterfaceAdded(_zone, interface) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def changeZone(self, zone, interface, sender=None): """Change a zone an interface is part of. If zone is empty, use default zone. This function is deprecated, use changeZoneOfInterface instead """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) return self.changeZoneOfInterface(zone, interface, sender) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def changeZoneOfInterface(self, zone, interface, sender=None): """Change a zone an interface is part of. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) log.debug1("zone.changeZoneOfInterface('%s', '%s')" % (zone, interface)) self.accessCheck(sender) _zone = self.fw.zone.change_zone_of_interface(zone, interface, sender) self.ZoneOfInterfaceChanged(_zone, interface) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeInterface(self, zone, interface, sender=None): """Remove interface from a zone. If zone is empty, remove from zone the interface belongs to. """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) log.debug1("zone.removeInterface('%s', '%s')" % (zone, interface)) self.accessCheck(sender) _zone = self.fw.zone.remove_interface(zone, interface) self.InterfaceRemoved(_zone, interface) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryInterface(self, zone, interface, sender=None): # pylint: disable=W0613 """Return true if an interface is in a zone. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) log.debug1("zone.queryInterface('%s', '%s')" % (zone, interface)) return self.fw.zone.query_interface(zone, interface) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getInterfaces(self, zone, sender=None): # pylint: disable=W0613 """Return the list of interfaces of a zone. If zone is empty, use default zone. """ # TODO: should be renamed to listInterfaces() # because is called by firewall-cmd --zone --list-interfaces zone = dbus_to_python(zone, str) log.debug1("zone.getInterfaces('%s')" % (zone)) return self.fw.zone.list_interfaces(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def InterfaceAdded(self, zone, interface): log.debug1("zone.InterfaceAdded('%s', '%s')" % (zone, interface)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ZoneChanged(self, zone, interface): """ This signal is deprecated. """ log.debug1("zone.ZoneChanged('%s', '%s')" % (zone, interface)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ZoneOfInterfaceChanged(self, zone, interface): log.debug1("zone.ZoneOfInterfaceChanged('%s', '%s')" % (zone, interface)) self.ZoneChanged(zone, interface) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def InterfaceRemoved(self, zone, interface): log.debug1("zone.InterfaceRemoved('%s', '%s')" % (zone, interface)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # SOURCES @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def addSource(self, zone, source, sender=None): """Add a source to a zone. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) source = dbus_to_python(source, str) log.debug1("zone.addSource('%s', '%s')" % (zone, source)) self.accessCheck(sender) _zone = self.fw.zone.add_source(zone, source, sender) self.SourceAdded(_zone, source) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def changeZoneOfSource(self, zone, source, sender=None): """Change a zone an source is part of. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) source = dbus_to_python(source, str) log.debug1("zone.changeZoneOfSource('%s', '%s')" % (zone, source)) self.accessCheck(sender) _zone = self.fw.zone.change_zone_of_source(zone, source, sender) self.ZoneOfSourceChanged(_zone, source) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeSource(self, zone, source, sender=None): """Remove source from a zone. If zone is empty, remove from zone the source belongs to. """ zone = dbus_to_python(zone, str) source = dbus_to_python(source, str) log.debug1("zone.removeSource('%s', '%s')" % (zone, source)) self.accessCheck(sender) _zone = self.fw.zone.remove_source(zone, source) self.SourceRemoved(_zone, source) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def querySource(self, zone, source, sender=None): # pylint: disable=W0613 """Return true if an source is in a zone. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) source = dbus_to_python(source, str) log.debug1("zone.querySource('%s', '%s')" % (zone, source)) return self.fw.zone.query_source(zone, source) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getSources(self, zone, sender=None): # pylint: disable=W0613 """Return the list of sources of a zone. If zone is empty, use default zone. """ # TODO: should be renamed to listSources() # because is called by firewall-cmd --zone --list-sources zone = dbus_to_python(zone, str) log.debug1("zone.getSources('%s')" % (zone)) return self.fw.zone.list_sources(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def SourceAdded(self, zone, source): log.debug1("zone.SourceAdded('%s', '%s')" % (zone, source)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ZoneOfSourceChanged(self, zone, source): log.debug1("zone.ZoneOfSourceChanged('%s', '%s')" % (zone, source)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def SourceRemoved(self, zone, source): log.debug1("zone.SourceRemoved('%s', '%s')" % (zone, source)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # RICH RULES @dbus_handle_exceptions def disableTimedRichRule(self, zone, rule): log.debug1("zone.disableTimedRichRule('%s', '%s')" % (zone, rule)) del self._timeouts[zone][rule] obj = Rich_Rule(rule_str=rule) self.fw.zone.remove_rule(zone, obj) self.RichRuleRemoved(zone, rule) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ssi', out_signature='s') @dbus_handle_exceptions def addRichRule(self, zone, rule, timeout, sender=None): # pylint: disable=W0613 zone = dbus_to_python(zone, str) rule = dbus_to_python(rule, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addRichRule('%s', '%s')" % (zone, rule)) obj = Rich_Rule(rule_str=rule) _zone = self.fw.zone.add_rule(zone, obj, timeout) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedRichRule, _zone, rule) self.addTimeout(_zone, rule, tag) self.RichRuleAdded(_zone, rule, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeRichRule(self, zone, rule, sender=None): # pylint: disable=W0613 zone = dbus_to_python(zone, str) rule = dbus_to_python(rule, str) log.debug1("zone.removeRichRule('%s', '%s')" % (zone, rule)) obj = Rich_Rule(rule_str=rule) _zone = self.fw.zone.remove_rule(zone, obj) self.removeTimeout(_zone, rule) self.RichRuleRemoved(_zone, rule) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryRichRule(self, zone, rule, sender=None): # pylint: disable=W0613 zone = dbus_to_python(zone, str) rule = dbus_to_python(rule, str) log.debug1("zone.queryRichRule('%s', '%s')" % (zone, rule)) obj = Rich_Rule(rule_str=rule) return self.fw.zone.query_rule(zone, obj) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getRichRules(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled rich rules for zone # TODO: should be renamed to listRichRules() # because is called by firewall-cmd --zone --list-rich-rules zone = dbus_to_python(zone, str) log.debug1("zone.getRichRules('%s')" % (zone)) return self.fw.zone.list_rules(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ssi') @dbus_handle_exceptions def RichRuleAdded(self, zone, rule, timeout): log.debug1("zone.RichRuleAdded('%s', '%s', %d)" % (zone, rule, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def RichRuleRemoved(self, zone, rule): log.debug1("zone.RichRuleRemoved('%s', '%s')" % (zone, rule)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # SERVICES @dbus_handle_exceptions def disableTimedService(self, zone, service): log.debug1("zone.disableTimedService('%s', '%s')" % (zone, service)) del self._timeouts[zone][service] self.fw.zone.remove_service(zone, service) self.ServiceRemoved(zone, service) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ssi', out_signature='s') @dbus_handle_exceptions def addService(self, zone, service, timeout, sender=None): # enables service <service> if not enabled already for zone zone = dbus_to_python(zone, str) service = dbus_to_python(service, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addService('%s', '%s', %d)" % (zone, service, timeout)) self.accessCheck(sender) _zone = self.fw.zone.add_service(zone, service, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedService, _zone, service) self.addTimeout(_zone, service, tag) self.ServiceAdded(_zone, service, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeService(self, zone, service, sender=None): # disables service for zone zone = dbus_to_python(zone, str) service = dbus_to_python(service, str) log.debug1("zone.removeService('%s', '%s')" % (zone, service)) self.accessCheck(sender) _zone = self.fw.zone.remove_service(zone, service) self.removeTimeout(_zone, service) self.ServiceRemoved(_zone, service) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryService(self, zone, service, sender=None): # pylint: disable=W0613 # returns true if a service is enabled for zone zone = dbus_to_python(zone, str) service = dbus_to_python(service, str) log.debug1("zone.queryService('%s', '%s')" % (zone, service)) return self.fw.zone.query_service(zone, service) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getServices(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled services for zone # TODO: should be renamed to listServices() # because is called by firewall-cmd --zone --list-services zone = dbus_to_python(zone, str) log.debug1("zone.getServices('%s')" % (zone)) return self.fw.zone.list_services(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ssi') @dbus_handle_exceptions def ServiceAdded(self, zone, service, timeout): log.debug1("zone.ServiceAdded('%s', '%s', %d)" % \ (zone, service, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ServiceRemoved(self, zone, service): log.debug1("zone.ServiceRemoved('%s', '%s')" % (zone, service)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # PORTS @dbus_handle_exceptions def disableTimedPort(self, zone, port, protocol): log.debug1("zone.disableTimedPort('%s', '%s', '%s')" % \ (zone, port, protocol)) del self._timeouts[zone][(port, protocol)] self.fw.zone.remove_port(zone, port, protocol) self.PortRemoved(zone, port, protocol) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssi', out_signature='s') @dbus_handle_exceptions def addPort(self, zone, port, protocol, timeout, sender=None): # pylint: disable=R0913 # adds port <port> <protocol> if not enabled already to zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addPort('%s', '%s', '%s')" % \ (zone, port, protocol)) self.accessCheck(sender) _zone = self.fw.zone.add_port(zone, port, protocol, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedPort, _zone, port, protocol) self.addTimeout(_zone, (port, protocol), tag) self.PortAdded(_zone, port, protocol, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sss', out_signature='s') @dbus_handle_exceptions def removePort(self, zone, port, protocol, sender=None): # pylint: disable=R0913 # removes port<port> <protocol> if enabled from zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.removePort('%s', '%s', '%s')" % \ (zone, port, protocol)) self.accessCheck(sender) _zone= self.fw.zone.remove_port(zone, port, protocol) self.removeTimeout(_zone, (port, protocol)) self.PortRemoved(_zone, port, protocol) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sss', out_signature='b') @dbus_handle_exceptions def queryPort(self, zone, port, protocol, sender=None): # pylint: disable=W0613, R0913 # returns true if a port is enabled for zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.queryPort('%s', '%s', '%s')" % (zone, port, protocol)) return self.fw.zone.query_port(zone, port, protocol) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getPorts(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled ports # TODO: should be renamed to listPorts() # because is called by firewall-cmd --zone --list-ports zone = dbus_to_python(zone, str) log.debug1("zone.getPorts('%s')" % (zone)) return self.fw.zone.list_ports(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sssi') @dbus_handle_exceptions def PortAdded(self, zone, port, protocol, timeout=0): log.debug1("zone.PortAdded('%s', '%s', '%s', %d)" % \ (zone, port, protocol, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sss') @dbus_handle_exceptions def PortRemoved(self, zone, port, protocol): log.debug1("zone.PortRemoved('%s', '%s', '%s')" % \ (zone, port, protocol)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # PROTOCOLS @dbus_handle_exceptions def disableTimedProtocol(self, zone, protocol): log.debug1("zone.disableTimedProtocol('%s', '%s')" % (zone, protocol)) del self._timeouts[zone][(protocol)] self.fw.zone.remove_protocol(zone, protocol) self.ProtocolRemoved(zone, protocol) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ssi', out_signature='s') @dbus_handle_exceptions def addProtocol(self, zone, protocol, timeout, sender=None): # adds protocol <protocol> if not enabled already to zone zone = dbus_to_python(zone, str) protocol = dbus_to_python(protocol, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.enableProtocol('%s', '%s')" % (zone, protocol)) self.accessCheck(sender) _zone = self.fw.zone.add_protocol(zone, protocol, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedProtocol, _zone, protocol) self.addTimeout(_zone, protocol, tag) self.ProtocolAdded(_zone, protocol, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeProtocol(self, zone, protocol, sender=None): # removes protocol<protocol> if enabled from zone zone = dbus_to_python(zone, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.removeProtocol('%s', '%s')" % (zone, protocol)) self.accessCheck(sender) _zone= self.fw.zone.remove_protocol(zone, protocol) self.removeTimeout(_zone, protocol) self.ProtocolRemoved(_zone, protocol) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryProtocol(self, zone, protocol, sender=None): # pylint: disable=W0613 # returns true if a protocol is enabled for zone zone = dbus_to_python(zone, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.queryProtocol('%s', '%s')" % (zone, protocol)) return self.fw.zone.query_protocol(zone, protocol) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getProtocols(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled protocols # TODO: should be renamed to listProtocols() # because is called by firewall-cmd --zone --list-protocols zone = dbus_to_python(zone, str) log.debug1("zone.getProtocols('%s')" % (zone)) return self.fw.zone.list_protocols(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ssi') @dbus_handle_exceptions def ProtocolAdded(self, zone, protocol, timeout=0): log.debug1("zone.ProtocolAdded('%s', '%s', %d)" % \ (zone, protocol, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ProtocolRemoved(self, zone, protocol): log.debug1("zone.ProtocolRemoved('%s', '%s')" % (zone, protocol)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # SOURCE PORTS @dbus_handle_exceptions def disableTimedSourcePort(self, zone, port, protocol): log.debug1("zone.disableTimedSourcePort('%s', '%s', '%s')" % \ (zone, port, protocol)) del self._timeouts[zone][("sport", port, protocol)] self.fw.zone.remove_source_port(zone, port, protocol) self.SourcePortRemoved(zone, port, protocol) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssi', out_signature='s') @dbus_handle_exceptions def addSourcePort(self, zone, port, protocol, timeout, sender=None): # pylint: disable=R0913 # adds source port <port> <protocol> if not enabled already to zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addSourcePort('%s', '%s', '%s')" % (zone, port, protocol)) self.accessCheck(sender) _zone = self.fw.zone.add_source_port(zone, port, protocol, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedSourcePort, _zone, port, protocol) self.addTimeout(_zone, ("sport", port, protocol), tag) self.SourcePortAdded(_zone, port, protocol, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sss', out_signature='s') @dbus_handle_exceptions def removeSourcePort(self, zone, port, protocol, sender=None): # pylint: disable=R0913 # removes source port<port> <protocol> if enabled from zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.removeSourcePort('%s', '%s', '%s')" % (zone, port, protocol)) self.accessCheck(sender) _zone= self.fw.zone.remove_source_port(zone, port, protocol) self.removeTimeout(_zone, ("sport", port, protocol)) self.SourcePortRemoved(_zone, port, protocol) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sss', out_signature='b') @dbus_handle_exceptions def querySourcePort(self, zone, port, protocol, sender=None): # pylint: disable=W0613, R0913 # returns true if a source port is enabled for zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.querySourcePort('%s', '%s', '%s')" % (zone, port, protocol)) return self.fw.zone.query_source_port(zone, port, protocol) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getSourcePorts(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled source ports # TODO: should be renamed to listSourcePorts() # because is called by firewall-cmd --zone --list-source-ports zone = dbus_to_python(zone, str) log.debug1("zone.getSourcePorts('%s')" % (zone)) return self.fw.zone.list_source_ports(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sssi') @dbus_handle_exceptions def SourcePortAdded(self, zone, port, protocol, timeout=0): log.debug1("zone.SourcePortAdded('%s', '%s', '%s', %d)" % \ (zone, port, protocol, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sss') @dbus_handle_exceptions def SourcePortRemoved(self, zone, port, protocol): log.debug1("zone.SourcePortRemoved('%s', '%s', '%s')" % (zone, port, protocol)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # MASQUERADE @dbus_handle_exceptions def disableTimedMasquerade(self, zone): del self._timeouts[zone]["masquerade"] self.fw.zone.remove_masquerade(zone) self.MasqueradeRemoved(zone) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='si', out_signature='s') @dbus_handle_exceptions def addMasquerade(self, zone, timeout, sender=None): # adds masquerade if not added already zone = dbus_to_python(zone, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addMasquerade('%s')" % (zone)) self.accessCheck(sender) _zone = self.fw.zone.add_masquerade(zone, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedMasquerade, _zone) self.addTimeout(_zone, "masquerade", tag) self.MasqueradeAdded(_zone, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def removeMasquerade(self, zone, sender=None): # removes masquerade zone = dbus_to_python(zone, str) log.debug1("zone.removeMasquerade('%s')" % (zone)) self.accessCheck(sender) _zone = self.fw.zone.remove_masquerade(zone) self.removeTimeout(_zone, "masquerade") self.MasqueradeRemoved(_zone) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryMasquerade(self, zone, sender=None): # pylint: disable=W0613 # returns true if a masquerade is added zone = dbus_to_python(zone, str) log.debug1("zone.queryMasquerade('%s')" % (zone)) return self.fw.zone.query_masquerade(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='si') @dbus_handle_exceptions def MasqueradeAdded(self, zone, timeout=0): log.debug1("zone.MasqueradeAdded('%s', %d)" % (zone, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='s') @dbus_handle_exceptions def MasqueradeRemoved(self, zone): log.debug1("zone.MasqueradeRemoved('%s')" % (zone)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # FORWARD PORT @dbus_handle_exceptions def disable_forward_port(self, zone, port, protocol, toport, toaddr): # pylint: disable=R0913 del self._timeouts[zone][(port, protocol, toport, toaddr)] self.fw.zone.remove_forward_port(zone, port, protocol, toport, toaddr) self.ForwardPortRemoved(zone, port, protocol, toport, toaddr) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssssi', out_signature='s') @dbus_handle_exceptions def addForwardPort(self, zone, port, protocol, toport, toaddr, timeout, sender=None): # pylint: disable=R0913 # add forward port if not enabled already for zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addForwardPort('%s', '%s', '%s', '%s', '%s')" % \ (zone, port, protocol, toport, toaddr)) self.accessCheck(sender) _zone = self.fw.zone.add_forward_port(zone, port, protocol, toport, toaddr, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disable_forward_port, _zone, port, protocol, toport, toaddr) self.addTimeout(_zone, (port, protocol, toport, toaddr), tag) self.ForwardPortAdded(_zone, port, protocol, toport, toaddr, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssss', out_signature='s') @dbus_handle_exceptions def removeForwardPort(self, zone, port, protocol, toport, toaddr, sender=None): # pylint: disable=R0913 # remove forward port from zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("zone.removeForwardPort('%s', '%s', '%s', '%s', '%s')" % \ (zone, port, protocol, toport, toaddr)) self.accessCheck(sender) _zone = self.fw.zone.remove_forward_port(zone, port, protocol, toport, toaddr) self.removeTimeout(_zone, (port, protocol, toport, toaddr)) self.ForwardPortRemoved(_zone, port, protocol, toport, toaddr) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssss', out_signature='b') @dbus_handle_exceptions def queryForwardPort(self, zone, port, protocol, toport, toaddr, sender=None): # pylint: disable=W0613, R0913 # returns true if a forward port is enabled for zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("zone.queryForwardPort('%s', '%s', '%s', '%s', '%s')" % \ (zone, port, protocol, toport, toaddr)) return self.fw.zone.query_forward_port(zone, port, protocol, toport, toaddr) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getForwardPorts(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled ports for zone # TODO: should be renamed to listForwardPorts() # because is called by firewall-cmd --zone --list-forward-ports zone = dbus_to_python(zone, str) log.debug1("zone.getForwardPorts('%s')" % (zone)) return self.fw.zone.list_forward_ports(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sssssi') @dbus_handle_exceptions def ForwardPortAdded(self, zone, port, protocol, toport, toaddr, timeout=0): # pylint: disable=R0913 log.debug1("zone.ForwardPortAdded('%s', '%s', '%s', '%s', '%s', %d)" % \ (zone, port, protocol, toport, toaddr, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sssss') @dbus_handle_exceptions def ForwardPortRemoved(self, zone, port, protocol, toport, toaddr): # pylint: disable=R0913 log.debug1("zone.ForwardPortRemoved('%s', '%s', '%s', '%s', '%s')" % \ (zone, port, protocol, toport, toaddr)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ICMP BLOCK @dbus_handle_exceptions def disableTimedIcmpBlock(self, zone, icmp, sender): # pylint: disable=W0613 log.debug1("zone.disableTimedIcmpBlock('%s', '%s')" % (zone, icmp)) del self._timeouts[zone][icmp] self.fw.zone.remove_icmp_block(zone, icmp) self.IcmpBlockRemoved(zone, icmp) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ssi', out_signature='s') @dbus_handle_exceptions def addIcmpBlock(self, zone, icmp, timeout, sender=None): # add icmpblock <icmp> if not enabled already for zone zone = dbus_to_python(zone, str) icmp = dbus_to_python(icmp, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.enableIcmpBlock('%s', '%s')" % (zone, icmp)) self.accessCheck(sender) _zone = self.fw.zone.add_icmp_block(zone, icmp, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedIcmpBlock, _zone, icmp, sender) self.addTimeout(_zone, icmp, tag) self.IcmpBlockAdded(_zone, icmp, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeIcmpBlock(self, zone, icmp, sender=None): # removes icmpBlock from zone zone = dbus_to_python(zone, str) icmp = dbus_to_python(icmp, str) log.debug1("zone.removeIcmpBlock('%s', '%s')" % (zone, icmp)) self.accessCheck(sender) _zone = self.fw.zone.remove_icmp_block(zone, icmp) self.removeTimeout(_zone, icmp) self.IcmpBlockRemoved(_zone, icmp) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryIcmpBlock(self, zone, icmp, sender=None): # pylint: disable=W0613 # returns true if a icmp is enabled for zone zone = dbus_to_python(zone, str) icmp = dbus_to_python(icmp, str) log.debug1("zone.queryIcmpBlock('%s', '%s')" % (zone, icmp)) return self.fw.zone.query_icmp_block(zone, icmp) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getIcmpBlocks(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled icmpblocks # TODO: should be renamed to listIcmpBlocks() # because is called by firewall-cmd --zone --list-icmp-blocks zone = dbus_to_python(zone, str) log.debug1("zone.getIcmpBlocks('%s')" % (zone)) return self.fw.zone.list_icmp_blocks(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ssi') @dbus_handle_exceptions def IcmpBlockAdded(self, zone, icmp, timeout=0): log.debug1("zone.IcmpBlockAdded('%s', '%s', %d)" % \ (zone, icmp, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def IcmpBlockRemoved(self, zone, icmp): log.debug1("zone.IcmpBlockRemoved('%s', '%s')" % (zone, icmp)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ICMP BLOCK INVERSION @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def addIcmpBlockInversion(self, zone, sender=None): # adds icmpBlockInversion if not added already zone = dbus_to_python(zone, str) log.debug1("zone.addIcmpBlockInversion('%s')" % (zone)) self.accessCheck(sender) _zone = self.fw.zone.add_icmp_block_inversion(zone, sender) self.IcmpBlockInversionAdded(_zone) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def removeIcmpBlockInversion(self, zone, sender=None): # removes icmpBlockInversion zone = dbus_to_python(zone, str) log.debug1("zone.removeIcmpBlockInversion('%s')" % (zone)) self.accessCheck(sender) _zone = self.fw.zone.remove_icmp_block_inversion(zone) self.IcmpBlockInversionRemoved(_zone) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryIcmpBlockInversion(self, zone, sender=None): # pylint: disable=W0613 # returns true if a icmpBlockInversion is added zone = dbus_to_python(zone, str) log.debug1("zone.queryIcmpBlockInversion('%s')" % (zone)) return self.fw.zone.query_icmp_block_inversion(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='s') @dbus_handle_exceptions def IcmpBlockInversionAdded(self, zone): log.debug1("zone.IcmpBlockInversionAdded('%s')" % (zone)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='s') @dbus_handle_exceptions def IcmpBlockInversionRemoved(self, zone): log.debug1("zone.IcmpBlockInversionRemoved('%s')" % (zone)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT INTERFACE # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT CHAIN @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='') @dbus_handle_exceptions def addChain(self, ipv, table, chain, sender=None): # inserts direct chain ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.addChain('%s', '%s', '%s')" % (ipv, table, chain)) self.accessCheck(sender) self.fw.direct.add_chain(ipv, table, chain) self.ChainAdded(ipv, table, chain) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='') @dbus_handle_exceptions def removeChain(self, ipv, table, chain, sender=None): # removes direct chain ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.removeChain('%s', '%s', '%s')" % (ipv, table, chain)) self.accessCheck(sender) self.fw.direct.remove_chain(ipv, table, chain) self.ChainRemoved(ipv, table, chain) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='b') @dbus_handle_exceptions def queryChain(self, ipv, table, chain, sender=None): # pylint: disable=W0613 # returns true if a chain is enabled ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.queryChain('%s', '%s', '%s')" % (ipv, table, chain)) return self.fw.direct.query_chain(ipv, table, chain) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='ss', out_signature='as') @dbus_handle_exceptions def getChains(self, ipv, table, sender=None): # pylint: disable=W0613 # returns list of added chains ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) log.debug1("direct.getChains('%s', '%s')" % (ipv, table)) return self.fw.direct.get_chains(ipv, table) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='', out_signature='a(sss)') @dbus_handle_exceptions def getAllChains(self, sender=None): # pylint: disable=W0613 # returns list of added chains log.debug1("direct.getAllChains()") return self.fw.direct.get_all_chains() @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sss') @dbus_handle_exceptions def ChainAdded(self, ipv, table, chain): log.debug1("direct.ChainAdded('%s', '%s', '%s')" % (ipv, table, chain)) @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sss') @dbus_handle_exceptions def ChainRemoved(self, ipv, table, chain): log.debug1("direct.ChainRemoved('%s', '%s', '%s')" % (ipv, table, chain)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT RULE @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sssias', out_signature='') @dbus_handle_exceptions def addRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=R0913 # inserts direct rule ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) priority = dbus_to_python(priority, int) args = tuple( dbus_to_python(i, str) for i in args ) log.debug1("direct.addRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) self.accessCheck(sender) self.fw.direct.add_rule(ipv, table, chain, priority, args) self.RuleAdded(ipv, table, chain, priority, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sssias', out_signature='') @dbus_handle_exceptions def removeRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=R0913 # removes direct rule ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) priority = dbus_to_python(priority, int) args = tuple( dbus_to_python(i, str) for i in args ) log.debug1("direct.removeRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) self.accessCheck(sender) self.fw.direct.remove_rule(ipv, table, chain, priority, args) self.RuleRemoved(ipv, table, chain, priority, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='') @dbus_handle_exceptions def removeRules(self, ipv, table, chain, sender=None): # removes direct rule ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.removeRules('%s', '%s', '%s')" % (ipv, table, chain)) self.accessCheck(sender) for (priority, args) in self.fw.direct.get_rules(ipv, table, chain): self.fw.direct.remove_rule(ipv, table, chain, priority, args) self.RuleRemoved(ipv, table, chain, priority, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sssias', out_signature='b') @dbus_handle_exceptions def queryRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=W0613, R0913 # returns true if a rule is enabled ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) priority = dbus_to_python(priority, int) args = tuple( dbus_to_python(i, str) for i in args ) log.debug1("direct.queryRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) return self.fw.direct.query_rule(ipv, table, chain, priority, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='a(ias)') @dbus_handle_exceptions def getRules(self, ipv, table, chain, sender=None): # pylint: disable=W0613 # returns list of added rules ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.getRules('%s', '%s', '%s')" % (ipv, table, chain)) return self.fw.direct.get_rules(ipv, table, chain) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='', out_signature='a(sssias)') @dbus_handle_exceptions def getAllRules(self, sender=None): # pylint: disable=W0613 # returns list of added rules log.debug1("direct.getAllRules()") return self.fw.direct.get_all_rules() @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sssias') @dbus_handle_exceptions def RuleAdded(self, ipv, table, chain, priority, args): # pylint: disable=R0913 log.debug1("direct.RuleAdded('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sssias') @dbus_handle_exceptions def RuleRemoved(self, ipv, table, chain, priority, args): # pylint: disable=R0913 log.debug1("direct.RuleRemoved('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT PASSTHROUGH (untracked) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas', out_signature='s') @dbus_handle_exceptions def passthrough(self, ipv, args, sender=None): # inserts direct rule ipv = dbus_to_python(ipv, str) args = tuple( dbus_to_python(i, str) for i in args ) log.debug1("direct.passthrough('%s', '%s')" % (ipv, "','".join(args))) self.accessCheck(sender) try: return self.fw.direct.passthrough(ipv, args) except FirewallError as error: if ipv in ["ipv4", "ipv6"]: query_args = set(["-C", "--check", "-L", "--list"]) else: query_args = set(["-L", "--list"]) msg = str(error) if error.code == errors.COMMAND_FAILED: if len(set(args) & query_args) <= 0: log.warning(msg) raise FirewallDBusException(msg) raise # DIRECT PASSTHROUGH (tracked) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas', out_signature='') @dbus_handle_exceptions def addPassthrough(self, ipv, args, sender=None): # inserts direct passthrough ipv = dbus_to_python(ipv) args = tuple( dbus_to_python(i) for i in args ) log.debug1("direct.addPassthrough('%s', '%s')" % \ (ipv, "','".join(args))) self.accessCheck(sender) self.fw.direct.add_passthrough(ipv, args) self.PassthroughAdded(ipv, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas', out_signature='') @dbus_handle_exceptions def removePassthrough(self, ipv, args, sender=None): # removes direct passthrough ipv = dbus_to_python(ipv) args = tuple( dbus_to_python(i) for i in args ) log.debug1("direct.removePassthrough('%s', '%s')" % \ (ipv, "','".join(args))) self.accessCheck(sender) self.fw.direct.remove_passthrough(ipv, args) self.PassthroughRemoved(ipv, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas', out_signature='b') @dbus_handle_exceptions def queryPassthrough(self, ipv, args, sender=None): # pylint: disable=W0613 # returns true if a passthrough is enabled ipv = dbus_to_python(ipv) args = tuple( dbus_to_python(i) for i in args ) log.debug1("direct.queryPassthrough('%s', '%s')" % \ (ipv, "','".join(args))) return self.fw.direct.query_passthrough(ipv, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='', out_signature='a(sas)') @dbus_handle_exceptions def getAllPassthroughs(self, sender=None): # pylint: disable=W0613 # returns list of all added passthroughs log.debug1("direct.getAllPassthroughs()") return self.fw.direct.get_all_passthroughs() @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='', out_signature='') @dbus_handle_exceptions def removeAllPassthroughs(self, sender=None): # pylint: disable=W0613 # remove all passhroughs log.debug1("direct.removeAllPassthroughs()") # remove in reverse order to avoid removing non-empty chains for passthrough in reversed(self.getAllPassthroughs()): self.removePassthrough(passthrough) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getPassthroughs(self, ipv, sender=None): # pylint: disable=W0613 # returns list of all added passthroughs with ipv ipv = dbus_to_python(ipv) log.debug1("direct.getPassthroughs('%s')", ipv) return self.fw.direct.get_passthroughs(ipv) @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sas') @dbus_handle_exceptions def PassthroughAdded(self, ipv, args): log.debug1("direct.PassthroughAdded('%s', '%s')" % \ (ipv, "','".join(args))) @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sas') @dbus_handle_exceptions def PassthroughRemoved(self, ipv, args): log.debug1("direct.PassthroughRemoved('%s', '%s')" % \ (ipv, "','".join(args))) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @dbus_polkit_require_auth(config.dbus.PK_ACTION_ALL) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def authorizeAll(self, sender=None): # pylint: disable=W0613 """ PK_ACTION_ALL implies all other actions, i.e. once a subject is authorized for PK_ACTION_ALL it's also authorized for any other action. Use-case is GUI (RHBZ#994729). """ pass # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # IPSETS # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryIPSet(self, ipset, sender=None): # pylint: disable=W0613 # returns true if a set with the name exists ipset = dbus_to_python(ipset) log.debug1("ipset.queryIPSet('%s')" % (ipset)) return self.fw.ipset.query_ipset(ipset) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='', out_signature='as') @dbus_handle_exceptions def getIPSets(self, sender=None): # pylint: disable=W0613 # returns list of added sets log.debug1("ipsets.getIPSets()") return self.fw.ipset.get_ipsets() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='s', out_signature=IPSet.DBUS_SIGNATURE) @dbus_handle_exceptions def getIPSetSettings(self, ipset, sender=None): # pylint: disable=W0613 # returns ipset settings for ipset ipset = dbus_to_python(ipset, str) log.debug1("getIPSetSettings(%s)", ipset) return self.fw.ipset.get_ipset(ipset).export_config() # set entries # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss', out_signature='') @dbus_handle_exceptions def addEntry(self, ipset, entry, sender=None): # adds ipset entry ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.addEntry('%s', '%s')" % (ipset, entry)) self.accessCheck(sender) self.fw.ipset.add_entry(ipset, entry) self.EntryAdded(ipset, entry) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss', out_signature='') @dbus_handle_exceptions def removeEntry(self, ipset, entry, sender=None): # removes ipset entry ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.removeEntry('%s', '%s')" % (ipset, entry)) self.accessCheck(sender) self.fw.ipset.remove_entry(ipset, entry) self.EntryRemoved(ipset, entry) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryEntry(self, ipset, entry, sender=None): # pylint: disable=W0613 # returns true if the entry exists in the ipset ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.queryEntry('%s', '%s')" % (ipset, entry)) return self.fw.ipset.query_entry(ipset, entry) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='s', out_signature='as') @dbus_handle_exceptions def getEntries(self, ipset, sender=None): # pylint: disable=W0613 # returns list of added entries for the ipset ipset = dbus_to_python(ipset) log.debug1("ipset.getEntries('%s')" % ipset) return self.fw.ipset.get_entries(ipset) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='sas') @dbus_handle_exceptions def setEntries(self, ipset, entries, sender=None): # pylint: disable=W0613 # returns list of added entries for the ipset ipset = dbus_to_python(ipset) entries = dbus_to_python(entries, list) log.debug1("ipset.setEntries('%s', '[%s]')", ipset, ",".join(entries)) old_entries = self.fw.ipset.get_entries(ipset) self.fw.ipset.set_entries(ipset, entries) old_entries_set = set(old_entries) entries_set = set(entries) for entry in entries_set - old_entries_set: self.EntryAdded(ipset, entry) for entry in old_entries_set - entries_set: self.EntryRemoved(ipset, entry) @dbus.service.signal(config.dbus.DBUS_INTERFACE_IPSET, signature='ss') @dbus_handle_exceptions def EntryAdded(self, ipset, entry): ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.EntryAdded('%s', '%s')" % (ipset, entry)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_IPSET, signature='ss') @dbus_handle_exceptions def EntryRemoved(self, ipset, entry): ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.EntryRemoved('%s', '%s')" % (ipset, entry)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # HELPERS # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='as') @dbus_handle_exceptions def getHelpers(self, sender=None): # pylint: disable=W0613 # returns list of added sets log.debug1("helpers.getHelpers()") return self.fw.helper.get_helpers() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature=Helper.DBUS_SIGNATURE) @dbus_handle_exceptions def getHelperSettings(self, helper, sender=None): # pylint: disable=W0613 # returns helper settings for helper helper = dbus_to_python(helper, str) log.debug1("getHelperSettings(%s)", helper) return self.fw.helper.get_helper(helper).export_config() PK��,(�ZqiVY��Y�� server.pynu��[��# -- coding: utf-8 -- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner <twoerner@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # # signal handling and run_server derived from setroubleshoot # Copyright (C) 2006,2007,2008,2009 Red Hat, Inc. # Authors: # John Dennis <jdennis@redhat.com> # Thomas Liu <tliu@redhat.com> # Dan Walsh <dwalsh@redhat.com> __all__ = [ "run_server" ] import signal from gi.repository import GLib import dbus import dbus.service import dbus.mainloop.glib from firewall import config from firewall.core.logger import log from firewall.server.firewalld import FirewallD ############################################################################ # # signal handlers # ############################################################################ def sighup(service): service.reload() return True def sigterm(mainloop): mainloop.quit() ############################################################################ # # run_server function # ############################################################################ def run_server(debug_gc=False): """ Main function for firewall server. Handles D-Bus and GLib mainloop. """ service = None if debug_gc: from pprint import pformat import gc gc.enable() gc.set_debug(gc.DEBUG_LEAK) gc_timeout = 10 def gc_collect(): gc.collect() if len(gc.garbage) > 0: print("\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n") print("GARBAGE OBJECTS (%d):\n" % len(gc.garbage)) for x in gc.garbage: print(type(x), "\n ",) print(pformat(x)) print("\n<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n") GLib.timeout_add_seconds(gc_timeout, gc_collect) try: dbus.mainloop.glib.DBusGMainLoop(set_as_default=True) bus = dbus.SystemBus() name = dbus.service.BusName(config.dbus.DBUS_INTERFACE, bus=bus) service = FirewallD(name, config.dbus.DBUS_PATH) mainloop = GLib.MainLoop() if debug_gc: GLib.timeout_add_seconds(gc_timeout, gc_collect) # use unix_signal_add if available, else unix_signal_add_full if hasattr(GLib, 'unix_signal_add'): unix_signal_add = GLib.unix_signal_add else: unix_signal_add = GLib.unix_signal_add_full unix_signal_add(GLib.PRIORITY_HIGH, signal.SIGHUP, sighup, service) unix_signal_add(GLib.PRIORITY_HIGH, signal.SIGTERM, sigterm, mainloop) mainloop.run() except KeyboardInterrupt: log.debug1("Stopping..") except SystemExit: log.error("Raising SystemExit in run_server") except Exception as e: log.error("Exception %s: %s", e.__class__.__name__, str(e)) if service: service.stop() PK��,(�Zn�� config_policy.pynu��[��# -- coding: utf-8 -- # # SPDX-License-Identifier: GPL-2.0-or-later import dbus import dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_polkit_require_auth class FirewallDConfigPolicy(DbusServiceObject): persistent = True default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG @handle_exceptions def __init__(self, parent, conf, policy, item_id, args, kwargs): super(FirewallDConfigPolicy, self).__init__(args, *kwargs) self.parent = parent self.config = conf self.obj = policy self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.policy.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_POLICY) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_POLICY: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_POLICY: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_POLICY: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigPolicy, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_POLICY) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, out_signature="a{sv}") @dbus_handle_exceptions def getSettings(self, sender=None): """get settings for policy """ log.debug1("%s.getSettings()", self._log_prefix) settings = self.config.get_policy_object_config_dict(self.obj) return settings @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, in_signature="a{sv}") @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for policy """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_policy_object_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICY) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin policy """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_policy_object_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICY) @dbus_handle_exceptions def remove(self, sender=None): """remove policy """ log.debug1("%s.removePolicy()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_policy_object(self.obj) self.parent.removePolicy(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename policy """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_policy_object(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) PK��,(�Z��__init__.pynu��[��PK��,(�Zs�ԯD��D��config_helper.pynu��[��PK��,(�Z��ە�� jD��decorators.pynu��[��PK��,(�Z��5��&��<b��__pycache__/decorators.cpython-310.pycnu��[��PK��,(�ZP>�d��%��ux��__pycache__/firewalld.cpython-310.pycnu��[��PK��,(�Z�(�u'��u'��+��i�__pycache__/config_icmptype.cpython-310.pycnu��[��PK��,(�Z�H��-��-��)��9��__pycache__/config_helper.cpython-310.pycnu��[��PK��,(�Zھ�> �� "��!��__pycache__/server.cpython-310.pycnu��[��PK��,(�Z?X��$��__pycache__/__init__.cpython-310.pycnu��[��PK��,(�Z�~t�J��J����m��__pycache__/config_service.cpython-310.pycnu��[��PK��,(�Z�ku��)��*�__pycache__/config_policy.cpython-310.pycnu��[��PK��,(�Zi[�?l��?l��'��E�__pycache__/config_zone.cpython-310.pycnu��[��PK��,(�Z��u �� __pycache__/dbus.cpython-310.pycnu��[��PK��,(�Zpq)��"��__pycache__/config.cpython-310.pycnu��[��PK��,(�Zq��0��0��(��U�__pycache__/config_ipset.cpython-310.pycnu��[��PK��,(�Z4�7}�9��9��config_icmptype.pynu��[��PK��,(�ZLO�_u��_u��config_service.pynu��[��PK��,(�Z��I��6�dbus.pynu��[��PK��,(�Zxki��;�config_zone.pynu��[��PK��,(�ZO0�"�"� ��config.pynu��[��PK��,(�Z��ϬI��I��4�config_ipset.pynu��[��PK��,(�Z��{��Q�firewalld.pynu��[��PK��,(�ZqiVY��Y�� server.pynu��[��PK��,(�Zn�� &�config_policy.pynu��[��PK��,(�Z��%G�__init__.pynu��[��PK��f��`G��

| ver. 1.4 | Github | . | PHP 8.2.28 | Generation time: 0.03 | proxy | phpinfo | Settings