e| ddlZddlZddlZddlmZddlmZGddZGddeZGdd eZ Gd d eZ Gd d eZ GddeZ GddeZ GddeZGddeZGddZGddZy)NUFWError)debugc"eZdZdZdZdZdZy) UFWCommandz"Generic class for parser commands.c||_g|_||jvr|jj|||_yN)commandtypesappendtype)selfr r s ,/usr/lib/python3/dist-packages/ufw/parser.py__init__zUFWCommand.__init__.s5  tzz ! JJ  d # cnt|dkr tt|dj}|S)Nr)len ValueErrorUFWParserResponselowerrargvrs rparsezUFWCommand.parse5s. t9q=,  d1gmmo .rctd)Nz!UFWCommand.help: need to overrider)rargss rhelpzUFWCommand.help=s:;;rN)__name__ __module__ __qualname____doc__rrrrrrr,s, |dk(r|j5d||dzn|dk(r|j5d||dzntd8|z}t||d.k(ry|dz|kr[ ||dzj}|dk(rd9}d}n%tjj7|d:rd;}nd<}|j9|d=}nMtd>}t||d/k(rx|dz|krZ ||dzj}|dk(rd9}d}n%tjj7|d:rd;}nd<}|j;|d'}ntd?}t||d3k(s|d4k(r|dz|kr|dk(rtd@|z}t|||dz}|d4k(r|d=k(r||_nF||_n>t/j0d(|s(d)|vsd*|vrtd+}t||d=k(r|}n|} |j+||ntdA}t||dz }|dk(r|dk(rd&}n4|dk7r |dk7r||k7rtdB}t||dk7r|}n|dk7r|}|dk7s|dk7rd}|dk7r tjj'|}|dk7rt|dk(s|dk(r! tjj'|}nI tjj'|}|dk(s||k(r|}n|dk(rntdD}t||j>dk(r|j3|n7|dk7r2|j>|k7r#tdE|j>z}t||rV|j>tjj@vr|d&k(rtCdF|j>zd<}|jE|t |} |jF| jHdG<|| jHd<|| jHdH<| S#t$r |d}Y GwxYw#t$rwxYw#t$r%d&}|d|_|j+|dd'YpwxYw#t $r}t|d}~wwxYw#t$rtd,}t|wxYw#t$rwxYw#t$rwxYw#t$rwxYw#t$rwxYw#t$rwxYw#t$rtdC}t|wxYw#t$rtdC}t|wxYw#t$rtdC}t|wxYw)INanyFrr'deleterTz delete-%dinsert0z-1z#Cannot insert rule at position '%s'prependallowdenyrejectlimitinoutonzInvalid interface clauselogzlog-allzOption 'log' not allowed herez!Option 'log-all' not allowed herecommentz*Option 'comment' missing required argument'zComment may not contain "'" _) directionr>bothdstz^\d([0-9,:]*\d+)*$,:zPort ranges must be numericzBad portzWrong number of argumentsfromtozNeed 'to' or 'from' clause)protorGrHportappr9r:rIrJrKzImproper rule syntaxzInvalid token '%s'zInvalid 'proto' clausezInvalid '%s' clause 0.0.0.0/06v6v4srczInvalid 'from' clausezInvalid 'to' clausezNeed 'from' or 'to' with '%s'zInvalid 'port' clausez%Mixed IP versions for 'from' and 'to'zCould not find protocolzProtocol mismatch (from/to)z,Protocol mismatch with specified protocol %sz*Adjusting iptype to 'v4' for protocol '%s'r iptype)%rrremoveint ExceptionrrrArcountindexufwcommonUFWRuleutil hex_encode set_position applicationsvalid_profile_nameget_services_protodappset_portparse_port_protorematch set_protocol set_interface valid_addressset_srcset_dstsappprotocolipv4_only_protocolsrverifyr data) rractionr'r from_typeto_type from_service to_service insert_poslogtyperRrule_numrerr_msgnargsrule_direction has_interfacelog_idxr> comment_idx rule_actionrJrIekeysilocargfaddrsaddrtmps rrzUFWCommandRule.parseGs      t9q=T!W]]_6 KKQ  t9q=Aw}}(*s4y1} DG$%"47|H ')+*@AAHaH,t9q=$,&!!W $ d(: EF!+-G"7++GGaI- G!WF W 6!1f6H W , D  19,  19$q'--/T1q'--/U2!!W]]_N 19aDd1gmmo.E.21gmmo.F!!W]]_NQIE 19$**T*Q.$**U2Ca2G23GAw}}$&47==?e+Cw''qyDGMMOt3w''QIE M UQYDGMMOu,D,0GMMOy,HG QYDGMMOu47==?i7G Q;7m))+GW IE D=78G7# #  ;sU{" --d1Q3i8#$$<"=&w//D[C5LsU{""d{ $ 2 24ac C!$ $ 2 25$qs) D#$$9":c"B&w//F]sU{ "$(1IOO$5E$~(3,1 #&88#9#9%#E04I04I LL/$ #$$;"<&w//D[sU{ "$(1IOO$5E$~(3*/#&88#9#9%#E.2G.2G LL/$ #$$9":&w//F]cUlsU{"9&'(G&H),'.G"*7"33"1Q3i%<"e|,/ ,/ !#*?!E"czSCZ*+,I*J&.w&7 7"e|/2 -0 " MM#s3#$$;"<&w//QWk \E!g&6e#5(8g%CDw''e# E!  |r1ER,HH77 CEr!E>Ub[0 # ; ;L I0!hh99,G~# #"#$A"B&w//}}%!!%(%DMMU$:JK!]],w'' }} < <<v~B}}&' KK  f %vvxO !%!!WF%l  !2!D $QDIMM$q'512"&"1+%& , mG"7++,H )"!" )"!"* )"!", )"!"B )"!"8!, 9:G"7++ ,%0#$$=">&w// 0%0#$$=">&w// 0sk!k1"k? %l0)%m (m/*;m=An  An n'n5?o o;k.-k.1 k<?*l-,l-0 m 9 mm  m,/ m:= n n n$' n25 o o8; pcl|j}|jdk(s|jdk(rK|jdk(s|jdk(r,|jdk(r|jdk(r |j dk(r|j dk(r|jdk7r|jdk(r|d|jzz }|jdk7r|d|jzz }|jdk7r4d|jvr|d|jzz }nF|d|jzz }n3|d|jzz }|jdk7r|d |jzz }|jdk7r|d |jzz }|S|j dk7r|d |j zz }|j dk7r|d |j zz }n!|jdk(r|d|jzz }|jdk7r|d|jzz }d D]}|dk(r'|j}|j}|j}d}n&|j}|j}|j}d}|dk(s|dk(rd}|dk7s |dk7s|dk7sq|d|d|z }|dk7rd|vr |d|zz }|d|zz }|dk7s|d|zz }d|vr'd|vr#|j dk(r|j dk(r|dz }|jdk7r0|jdk(r!|jdk(r|d|jzz }|jdk7r|d |jzz }|S)zGet command string for rulerLz::/0r-r,r:z %s z '%s'z/%sz comment '%s'z in on %sz out on %s)rPrDrPrGrHz app '%s'z app %sz port %sz to z from z to anyz proto %s)rorDrPsportrj interface_in interface_outdportrBrur`rkr> get_comment)rresrrrJrKdirs r get_commandzUFWCommandRule.get_commandshh EE[ AEEVO EE[ AEEVO 77e  66R< >>R  ??b 77e {{e#uq{{**yyBuqyy((vv|!&&=7QVV++C5166>)Cuqww&::&51::--CyyB88d _~~#{Q^^33"$|aoo55%uq{{**yyBuqyy((# 1:%%C77D&&C C%%C77D&&CC+%C%<45=C2IsC00Cby#:;#44C9s?2CzD00/ 18S XS%8NNb(Q__-By zzU"qvv|" {QZZ//yyB88 rN)rr r!r"rrr staticmethodr#rrr%r%As$-1~@ LZ{+Krr%ceZdZdZdZdZy)UFWCommandRouteRulez)Class for parsing ufw route rule commandsc>tj||d|_y)Nroute)r%rr )rr s rrzUFWCommandRouteRule.__init__sg. rc@|ddk(sJd|vrI|jd}d}t||kDr( t||dztd}t |d}d}d}dj |}d|vrod |vrkd }|jd |jd kDrd }||j|d z}|d|j|||j|d zdz}nLtjd|s4tjd|sd|vsd|vrtd}t ||}d|d<tj||}d|jvr7d|jd_ |r!|r|jdj|||S#t $rYDwxYw)Nrrr.r,rz9'route delete NUM' unsupported. Use 'delete NUM' instead.rz in on z out on r:r9r8r<z (in|out) on z app (in|out) z in z out z'Invalid interface clause for route ruler'T)rVrrSrArrjoinrcsearchr%rrnforwardrf) rridxrw rule_argv interfacestripsrs rrzUFWCommandRouteRule.parsesAw'!"! t **X&CG4y3S1W & [\G"7++   HHTN >jAoEzz$$**U"33 TZZ.23IQtzz%01DE9J19L9M4NNI+Q/,a0kW\ABG7# #I !  y 1 QVV %)AFF6N "v,,UI>W"s'F FFNrr r!r"rrr#rrrrs38rrceZdZdZdZdZy) UFWCommandAppz*Class for parsing ufw application commandsc6d}tj|||y)NrKr(r)s rrzUFWCommandApp.__init__ZsD$0rcd}d}d}|ddk7r t|d=t|}|dj}|dk(s|dk(r^|dk\r&|dd k(rd }|jd t|}|d kr tt |dj d }|r|d z }|dk(r|dk7r t|dk(r}|d kr t|djdk(rd}nU|djdk(rd}n<|djdk(rd}n#|djdk(rd}n tt |}|j|jd<||jd<|S)zParse applications command.r,FrrKinfoupdater<rz --add-newTr8z[']z -with-newlistdefaultr4 default-allowr5 default-denyr6default-rejectskipz default-skipr name) rrrrRstrrrr rn)rrrroaddnewrxrs rrzUFWCommandApp.parse^ss 7e ,  GD a V v1zd1g4 K(D qy l"tAw<%%e,D+% V  ,  Y qy l"Aw}}')(aF*'aH,)aF*' l" f %vvrNrr#rrrrXs412rrceZdZdZdZdZy)UFWCommandBasicz$Class for parsing ufw basic commandsc6d}tj|||y)Nbasicr(r)s rrzUFWCommandBasic.__init__sD$0rc^t|dk7r ttj||S)Nr)rrrr)rrs rrzUFWCommandBasic.parses( t9>, d++rNrr#rrrrs.1,rrceZdZdZdZdZy)UFWCommandDefaultz&Class for parsing ufw default commandsc6d}tj|||y)Nrr(r)s rrzUFWCommandDefault.__init__D$0rc\t|dkr td}d}t|dkDr|djdk7rx|djdk7rb|djdk7rL|djdk7r6|djdk7r |djdk7r t|djjd rd}ng|djjd rd}nB|djdk(s|djdk(rd}n|dj}|d jd k(rd }n<|d jdk(rd}n#|d jdk(rd}n t|d|zz }t |S)Nr8r,incominginputroutedroutputoutgoingr9r:rr5rr4rr6rz-%s)rrr startswithr)rrrorBs rrzUFWCommandDefault.parsesz t9q=,  t9q=Aw}}*,Aw}}')Aw}}(*Aw}})+Aw}}(*Aw}}*, l"Aw}}))$/& a++E2& aH,Q 90L$  GMMO  7==?f $#F !W]]_ '$F !W]]_ (%F, %9%% ((rNrr#rrrrs01%)rrceZdZdZdZdZy)UFWCommandLoggingz&Class for parsing ufw logging commandsc6d}tj|||y)Nloggingr(r)s rrzUFWCommandLogging.__init__rrcd}t|dkr t|djdk(r d}t|S|djdk(sX|djdk(sB|djdk(s,|djd k(s|djd k(rAHY]Aw}})++  aJ.,!l"rNrr#rrrrs/1 rrceZdZdZdZdZy)UFWCommandShowz#Class for parsing ufw show commandsc6d}tj|||y)Nshowr(r)s rrzUFWCommandShow.__init__r*rczd}t|dk(r t|djdk(r d}t|S|djdk(r d}t|S|djdk(r d}t|S|djd k(r d }t|S|djd k(r d }t|S|djd k(r d}t|S|djdk(r d}t|S|djdk(r d}t|St)Nr,rrawzshow-rawz before-rulesz show-beforez user-rulesz show-userz after-rulesz show-afterz logging-rulesz show-loggingbuiltinsz show-builtins listeningzshow-listeningaddedz show-addedrrs rrzUFWCommandShow.parsesR t9>,  !W]]_ %F$!((#!W]]_ ."F !((!W]]_ , F!((!W]]_ -!F!((!W]]_ /#F!((!W]]_ *$F!((!W]]_ +%F !(( !W]]_ '!F!((, rNrr#rrrrs-1)rrceZdZdZdZdZy)rzClass for ufw parser responsecX|j|_d|_d|_i|_y)NF)rrodryrunforcern)rros rrzUFWParserResponse.__init__s$lln    rcd|jz}t|jj}|j |D]}|d|d|j|dz }|dz }t |S)Nz action='%s'rEz='r? )rorrnrsortrepr)rrrrs r__str__zUFWParserResponse.__str__!sf T[[ )DIINN$%  0A q$))A,/ /A 0 T AwrN)rr r!r"rrr#rrrrs' rrc(eZdZdZdZdZdZdZy) UFWParserzClass for ufw parserci|_yr )commands)rs rrzUFWParser.__init__.s  rc|jt|jjvr t |jt|j|jvr t |jS)z=Return command if it is allowed, otherwise raise an exception)rrrrr)rr cmds rallowed_commandzUFWParser.allowed_command1sc :: >, yy{rcd}t|dkDr,|djdk(rd}|j|dd}t|dkDrB|djdk(s|djdk(rd}|j|dd}d}|dj}t|dkDrt|t|jj vrO|djt|j|j vr|}|dj}n|}t|jj D]W}||j|vst |j||tr t|j||d d k7rU|}n|dk(rd }|j||}|j||}|j|} || _ || _ | S) z(Parse command. Returns a UFWParserActionFrz --dry-runTz--forcez-fr,rr r') rrrRrrr isinstancer%getattrrrrr) rrrrrr rrroresponses r parse_commandzUFWParser.parse_command;s t9q=T!W]]_ ;F KKQ  t9q=d1gmmo:"1gmmo5E KKQ 1gmmo t9q=SD););)=$>>Q 4 c(:(?(?(A#BBDq'--/CC$--,,./ $--**"$--"23"7Ht}}Q/4f=G D rz%%dC0mmD!&)99T? rcz|j|jdk(rd|jz}nd|jz}|j|jvri|j|j<||j|jvrtd|z}t |||j|j|<y)z"Register a command with the parserNr,z%szCommand '%s' already exists)r r rrAr)rckeyrws rregister_commandzUFWParser.register_commandis 99  R!&&/C!))$C 66 &$&DMM!&& ! $--' '56#>G7# #%& affc"rN)rr r!r"rrrrr#rrrr,s,\ 'rr)rcufw.utilrWufw.applications ufw.commonrrrr%rrrrrrrrrr#rrrsJ <<*S,ZS,l>.>B8J8v ,j ,+) +)\) )0z()Z)@&J'J'r