????

Your IP : 216.73.216.152

Current Path : /proc/self/root/proc/self/root/lib/python2.7/site-packages/firewall/
Upload File :
Current File : //proc/self/root/proc/self/root/lib/python2.7/site-packages/firewall/functions.pyc

�
`q^c%@stdddddddddd	d
ddd
ddddddddddddddddddd d!d"d#d$g%Zd%d&lZd%d&lZd%d&lZd%d&lZd%d&lZd%d&lZd%d&lZd%d&lZd%d'l	m
Z
d%d(lmZd%d)l
mZmZmZejd*kZd+�Zd,�Zd-d.�Zd/�Zd0�Zd1�Zd2�Zd3�Zd4�Zd5�Zd6�Zd7�Zd8�Zd9�Z d:�Z!d;�Z"d<�Z#d=�Z$d>�Z%d?�Z&d@�Z'dA�Z(dB�Z)dC�Z*dD�Z+dE�Z,dF�Z-dG�Z.dH�Z/dI�Z0dJ�Z1dK�Z2dL�Z3dM�Z4dN�Z5dO�Z6dP�Z7d&S(QtPY2t	getPortIDtgetPortRangetportStrtgetServiceNametcheckIPtcheckIP6tcheckIPnMaskt
checkIP6nMaskt
checkProtocoltcheckInterfacetcheckUINT32tfirewalld_is_activettempFiletreadfilet	writefiletenable_ip_forwardingtget_nf_conntrack_helper_settingtset_nf_conntrack_helper_settingtget_nf_conntrack_helperstget_nf_nat_helperst
check_portt
check_addresstcheck_single_addresst	check_mactuniqifytppid_of_pidtmax_zone_name_lent	checkUsertcheckUidtcheckCommandtcheckContexttjoinArgst	splitArgstb2utu2bt
u2b_if_py2i����N(tlog(trunProg(tFIREWALLD_TEMPDIRtFIREWALLD_PIDFILEtCOMMANDSt3cCs�t|t�r|}nd|r-|j�}nyt|�}Wn<tk
r{ytj|�}Wq|tjk
rwdSXnX|dkr�dS|S(s� Check and Get port id from port string or port id using socket.getservbyname

    @param port port string or port id
    @return Port id if valid, -1 if port can not be found and -2 if port is too big
    i����i��i����(t
isinstancetinttstript
ValueErrortsockett
getservbynameterror(tportt_id((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR0s	
	c	Cs>t|t�s|j�r>t|�}|dkr:|fS|S|jd�}t|�dkr�|dj�r�|dj�r�t|d�}t|d�}|dkr�|dkr�||kr�||fS||kr�||fS|fSq�ng}xtt|�dd�D]�}tdj|| ��}dj||�}t|�dkr�t|�}|dkr|dkr||kr�|j||f�q�||kr�|j||f�q�|j|f�qq|dkr|j|f�|t|�krPqqqWt|�dkr dSt|�dkr6dS|dS(sI Get port range for port range string or single port id

    @param ports an integer or port string or port range string
    @return Array containing start and end port id for a valid range or -1 if port can not be found and -2 if port is too big for integer input or -1 for invalid ranges or None if the range is ambiguous.
    it-iii����N(
R+R,tisdigitRtsplittlentrangetjointappendtNone(tportstid1tsplitstid2tmatchedtitport2((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRGsH2


t:cCsr|dkrdSt|�}t|t�r;|dkr;dSt|�dkrUd|Sd|d||dfSdS(s Create port and port range string

    @param port port or port range int or [int, int]
    @param delimiter of the output string for port ranges, default ':'
    @return Port or port range string, empty string if port isn't specified, None if port or port range is not valid
    tiis%ss%s%s%sN(RR+R,R;R7(R2t	delimitert_range((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR}scCs�t|�}t|�}t|�dkr>|t|d�kSt|�dkr�|t|d�kr�|t|d�kr�tStS(Niii(RRR7tTruetFalse(R2R8t_portRF((s6/usr/lib/python2.7/site-packages/firewall/functions.pytportInPortRange�s,cCs8ytjt|�|�}Wntjk
r3dSX|S(s� Check and Get service name from port and proto string combination using socket.getservbyport

    @param port string or id
    @param protocol string
    @return Service name if port and protocol are valid, else None
    N(R/t
getservbyportR,R1R;(R2tprototname((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s
cCs3ytjtj|�Wntjk
r.tSXtS(sl Check IPv4 address.
    
    @param ip address string
    @return True if address is valid, else False
    (R/t	inet_ptontAF_INETR1RHRG(tip((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s
cCs3ytjtj|�Wntjk
r.tSXtS(sl Check IPv6 address.
    
    @param ip address string
    @return True if address is valid, else False
    (R/RNtAF_INET6R1RHRG(RP((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s
cCs�d|kra||jd� }||jd�d}t|�dksZt|�dkrmtSn|}d}t|�s}tS|r�d|kr�t|�Syt|�}Wntk
r�tSX|dks�|dkr�tSntS(Nt/it.ii (tindexR7RHR;RR,R.RG(RPtaddrtmaskRA((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s&$

cCs�d|kra||jd� }||jd�d}t|�dksZt|�dkrmtSn|}d}t|�s}tS|r�yt|�}Wntk
r�tSX|dks�|dkr�tSntS(NRRiii�(RTR7RHR;RR,R.RG(RPRURVRA((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s"$
cCsmyt|�}Wn:tk
rLytj|�Wqitjk
rHtSXnX|dkse|dkritStS(Nii�(R,R.R/tgetprotobynameR1RHRG(tprotocolRA((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR	�s
	cCsN|st|�dkrtSx*ddddgD]}||kr0tSq0WtS(s� Check interface string

    @param interface string
    @return True if interface is valid (maximum 16 chars and does not contain ' ', '/', '!', ':', '*'), else False
    it RRt!t*(R7RHRG(tifacetch((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR
�scCsHyt|d�}Wntk
r'tSX|dkrD|dkrDtStS(Nil��(R,R.RHRG(tvaltx((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRs
cCs�tjjt�stSy(ttd��}|j�}WdQXWntk
rRtSXtjjd|�smtSy,td|d��}|j�}WdQXWntk
r�tSXd|kr�tStS(sv Check if firewalld is active

    @return True if there is a firewalld pid file and the pid is used by firewalld
    trNs/proc/%ss/proc/%s/cmdlinet	firewalld(	tostpathtexistsR(RHtopentreadlinet	ExceptionRG(tfdtpidtcmdline((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRs"

c	CsyyKtjjt�s(tjtd�ntjdddddtdt�SWn'tk
rt}t	j
d|��nXdS(	Ni�tmodetwttprefixstemp.tdirtdeletes#Failed to create temporary file: %s(RbRcRdR'tmkdirttempfiletNamedTemporaryFileRHRgR%R1R;(tmsg((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR
8scCsWy&t|d��}|j�SWdQXWn*tk
rR}tjd||f�nXdS(NR`sFailed to read file "%s": %s(Ret	readlinesRgR%R1R;(tfilenametfte((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRDscCs[y)t|d��}|j|�WdQXWn+tk
rV}tjd||f�tSXtS(Ntws Failed to write to file "%s": %s(RetwriteRgR%R1RHRG(RutlineRvRw((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRLscCs6|dkrtdd�S|dkr2tdd�StS(Ntipv4s/proc/sys/net/ipv4/ip_forwards1
tipv6s&/proc/sys/net/ipv6/conf/all/forwarding(RRH(tipv((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRUs


c	Cs�tj�d}d|}i}tjj|�r�xottj|��D]U}|jd�scqHn|jd�d}tt	d|g�\}}|dkr�qHn|jd�r|jd�dj
�}|jdd	�}|jd
d�}|j|g�j
|�qHnx�|jd�D]z}|jd
�rd|kr|jd�dj
�}|jdd�}|jdd	�}|j|g�j
|�qqWqHWn|S(Nis%/lib/modules/%s/kernel/net/netfilter/t
nf_conntrack_RSitmodinfotnf_conntrack_proto_t_R4s
nf-conntrack-RDs
salias:s-helper-RCisnfct-helper-(RbtunameRctisdirtsortedtlistdirt
startswithR6R&R)R-treplacet
setdefaultR:(	tkverRcthelpersRutmoduletstatustretthelperRz((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR\s0
'c	Cs�tj�d}i}x�d|d|d|gD]q}tjj|�r2xVttj|��D]<}|jd�s{q`n|jd�d}tt	d|g�\}}|dkr�q`n|jd	�r'|jd�dj
�}|jd
d�}|jdd
�}|j|g�j
|�q`nxr|jd�D]a}|jd�r7d|kr7|jdd
�}|jd
d�}|j|g�j
|�q7q7Wq`Wq2q2W|S(Nis%/lib/modules/%s/kernel/net/netfilter/s*/lib/modules/%s/kernel/net/ipv4/netfilter/s*/lib/modules/%s/kernel/net/ipv6/netfilter/tnf_nat_RSiRt
nf_nat_proto_R�R4snf-nat-RDs
sdescription:s
NAT helper(RbR�RcR�R�R�R�R6R&R)R-R�R�R:(	R�R�RcRuR�R�R�R�Rz((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRzs2
+cCs>yttd�d�SWntk
r9tjd�dSXdS(Ns+/proc/sys/net/netfilter/nf_conntrack_helperis3Failed to get and parse nf_conntrack_helper setting(R,RRgR%twarning(((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s


cCstd|rdnd�S(Ns+/proc/sys/net/netfilter/nf_conntrack_helpers1
s0
(R(tflag((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�scCs�t|�}|dksV|dksV|dksVt|�dkr�|d|dkr�|dkrvtjd|�nz|dkr�tjd|�nZ|dkr�tjd|�n:t|�dkr�|d|dkr�tjd	|�ntStS(
Ni����i����iiis'%s': port > 65535s'%s': port is invalids'%s': port is ambiguouss'%s': range start >= end(RR;R7R%tdebug2RHRG(R2RF((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s$&&cCs4|dkrt|�S|dkr,t|�StSdS(NR{R|(RRRH(R}tsource((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s


cCs4|dkrt|�S|dkr,t|�StSdS(NR{R|(RRRH(R}R�((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s


cCsgt|�dkrcx"dD]}||dkrtSqWx%dD]}||tjkr>tSq>WtStS(NiiiiiiRCiiiiiii	i
i
iii(iiiii(iiiiiii	i
ii
ii(R7RHtstringt	hexdigitsRG(tmacRA((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s

cCs7g}x*|D]"}||kr
|j|�q
q
W|S(N(R:(t_listtoutputR_((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s

cCsVy=tjd|�}t|j�dj��}|j�Wntk
rQdSX|S(s Get parent for pid sps -o ppid -h -p %d 2>/dev/nulliN(RbtpopenR,RtR-tcloseRgR;(RiRv((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s
cCs=ddlm}ttt|j���}d|td�S(s�
    Netfilter limits length of chain to (currently) 28 chars.
    The longest chain we create is FWDI_<zone>_allow,
    which leaves 28 - 11 = 17 chars for <zone>.
    i����(t	SHORTCUTSit__allow(tfirewall.core.baseR�tmaxtmapR7tvalues(R�tlongest_shortcut((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�sc	Cstt|�dks-t|�tjd�kr1tSx<|D]4}|tjkr8|tjkr8|dkr8tSq8WtS(NitSC_LOGIN_NAME_MAXRSR4R�t$(RSR4R�R�(R7RbtsysconfRHR�t
ascii_letterstdigitsRG(tusertc((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s-
cCsWt|t�r7yt|�}Wq7tk
r3tSXn|dkrS|dkrStStS(Niiiill��(R+tstrR,R.RHRG(tuid((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s
cCsjt|�dks$t|�dkr(tSx'dddgD]}||kr8tSq8W|ddkrftStS(Niit|s
tiRR(R7RHRG(tcommandR]((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR�s$cCs�|jd�}t|�d
kr%tS|ddkrM|dddkrMtS|ddd	kretS|d
ddkr}tSt|d�dkr�tStS(NRCiiitrooti����t_uit_rit_ti(ii(R6R7RHRG(tcontextR>((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR	s$cCsDdtt�kr)djd�|D��Sdjd�|D��SdS(NtquoteRYcss|]}tj|�VqdS(N(tshlexR�(t.0ta((s6/usr/lib/python2.7/site-packages/firewall/functions.pys	<genexpr>scss|]}tj|�VqdS(N(tpipesR�(R�R�((s6/usr/lib/python2.7/site-packages/firewall/functions.pys	<genexpr>s(RnR�R9(targs((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR scCsNtr=t|t�r=t|�}tj|�}tt|�Stj|�SdS(N(RR+tunicodeR#R�R6R�R"(t_stringR>((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR!!s

cCs#t|t�r|jdd�S|S(s bytes to unicode sUTF-8R�(R+tbytestdecode(R�((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR"*scCs#t|t�s|jdd�S|S(s unicode to bytes sUTF-8R�(R+R�tencode(R�((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR#0scCs)tr%t|t�r%|jdd�S|S(s" unicode to bytes only if Python 2sUTF-8R�(RR+R�R�(R�((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR$6s(8t__all__R/Rbtos.pathR�R�R�tsysRqtfirewall.core.loggerR%tfirewall.core.progR&tfirewall.configR'R(R)tversionRRRRRJRRRRRR	R
RRR
RRRRRRRRRRRRRRRRRRR R!R"R#R$(((s6/usr/lib/python2.7/site-packages/firewall/functions.pyt<module>sv					6