î ÍbSýyã@s1ddlZddlZddlZddlmZddlmZGdd„dƒZGdd„deƒZGdd „d eƒZ Gd d „d eƒZ Gd d „d eƒZ Gdd„deƒZ Gdd„deƒZ Gdd„deƒZGdd„deƒZGdd„dƒZGdd„dƒZdS)éN)ÚUFWError)Údebugc@s:eZdZdZdd„Zdd„Zdd„ZdS) Ú UFWCommandz"Generic class for parser commands.cCsA||_g|_||jkr4|jj|ƒn||_dS)N)ÚcommandÚtypesÚappendÚtype)Úselfrr©r ú,/usr/lib/python3/dist-packages/ufw/parser.pyÚ__init__-s   zUFWCommand.__init__cCs8t|ƒdkrtƒ‚nt|djƒƒ}|S)Nér)ÚlenÚ ValueErrorÚUFWParserResponseÚlower)r ÚargvÚrr r r Úparse4s zUFWCommand.parsecCstdƒ‚dS)Nz!UFWCommand.help: need to override)r)r Úargsr r r Úhelp<szUFWCommand.helpN)Ú__name__Ú __module__Ú __qualname__Ú__doc__r rrr r r r r+s   rc@sFeZdZdZdd„Zdd„Zdd„ZeeƒZdS) ÚUFWCommandRulez#Class for parsing ufw rule commandscCsd}tj|||ƒdS)NÚrule)rr )r rrr r r r AszUFWCommandRule.__init__c<CsJd}d}d}d}d}d}d}d} d} d} t|ƒdkrx|djƒdkrx|j|dƒnt|ƒdkr¬|djƒdkr%t|ƒdkr%d} |j|dƒd} yt|dƒ} Wntk r|d}YnX| dkrŸtd | ƒ} | Snz|djƒd krŸt|ƒd krYtƒ‚n|d} | d krŽtd ƒ| }t|ƒ‚n|d=|d=n|d}n|dkrè|dkrè|dkrè|dkrètƒ‚nt|ƒ}|dkr tƒ‚nd}|dkr]|djƒdksJ|djƒdkr]|djƒ}n|dkrË|ddkrË|djƒdks¥|djƒdkrË|djƒ}|d=t|ƒ}nd}|dkr›|j dƒdks|j dƒdkr›tdƒ}|djƒdkrN|djƒdkrNt|ƒ‚n|dksp|djƒdkrt|ƒ‚n|d=t|ƒ}d}nd}|rè|dkrè|djƒdksß|djƒdkrèd}nA|dkr)|djƒdks |djƒdkr)d}n|dkr[||jƒ} ||=t|ƒ}nd|kr‚tdƒ}t|ƒ‚nd|kr©tdƒ}t|ƒ‚n|dksÁ|dkrÍtƒ‚n|}| dkrð|d| 7}nt j j |ddd|ƒ}| r | |_n8| dkrXy|j | ƒWqXtk rT‚YqXXn|dkrt jj|dƒrÑyt jj|dƒWqÑtk rÍd}|d|_|j|dd ƒYqÑXn|jdkrÒy t jj|dƒ\}}Wn*tk r,td!ƒ}t|ƒ‚YnXtjd"|ƒs{d#|ksWd$|krrtd%ƒ}t|ƒ‚n|}ny'|j|ƒ|j|d ƒd}WqÒtk rÎtd!ƒ}t|ƒ‚YqÒXn|jdGkr< td)ƒ|j}t|ƒ‚q< n6|dddkr5td*ƒ}t|ƒ‚nd+|kr€d,|kr€d|kr€d|kr€td-ƒ}t|ƒ‚n¼d.d+d,d/d0ddg}|j d,ƒdksX|j d+ƒdksX|j d.ƒdksX|j d/ƒdksX|j dƒdksX|j dƒdksX|j d0ƒdksX|j d0ƒdkrs|j d.ƒdkrstd1ƒ}t|ƒ‚nd}d}x0|D](}|ddkrÏ|||krÏtd2ƒ||}t|ƒ‚n|d.kr: |d|kr y|j||dƒWq7 tk r ‚Yq7 Xq¤ td3ƒ}t|ƒ‚nj|dksR |dkrî |d|krÏ yR|dkrŒ |jd||dƒn'|dkr³ |jd||dƒnWqë tk rË ‚Yqë Xq¤ td4ƒ|}t|ƒ‚n¶|d+krª |d|kr yd||djƒ}|dkr< d5}d}n$t jj|d6ƒrZ d7}nd8}|j|ƒWntk r… ‚YnXd9}q¤ td:ƒ}t|ƒ‚nú|d,krf |d|krK yd||djƒ}|dkrø d5}d}n$t jj|d6ƒr d7}nd8}|j|ƒWntk rA ‚YnXd }q¤ td;ƒ}t|ƒ‚n>|d/ks~ |d0kr¤ |d|kr‰ |dkr¹ td<ƒ|}t|ƒ‚n||d}|d0kr÷ |d9krë ||_qZ ||_nctjd"|ƒsZ d#|ks! d$|kr< td%ƒ}t|ƒ‚n|d9krQ |}qZ |}ny|j||ƒWq¡ tk r… ‚Yq¡ Xq¤ td=ƒ}t|ƒ‚n|d7}q†W|dkrÓ |dkrÓ d}ni|dkr |dkr ||kr td>ƒ}t|ƒ‚n*|dkr' |}n|dkr< |}n|dksT |dkrd}|dkr¬ yt jj|ƒ}Wq¬ tk r¨ td?ƒ}t|ƒ‚Yq¬ Xn|dkr¤|dksÐ |dkryt jj|ƒ}Wq¡tk rtd?ƒ}t|ƒ‚Yq¡Xq¤yt jj|ƒ}Wn*tk rXtd?ƒ}t|ƒ‚YnX|dksq||krz|}q¤|dkr‰q¤td@ƒ}t|ƒ‚n|jdkrÃ|j|ƒq|dkr|j|krtdAƒ|j}t|ƒ‚qn|rX|jdkrX|jdks6|jdkrXtdBƒ|j}t|ƒ‚n|jd&kr¾|d7kr•tdCƒ|j}t|ƒ‚q¾|dkr¾tdD|jƒd8}q¾n|jdHkr|jdksë|j dkrtd)ƒ|j}t|ƒ‚qnt|ƒ} |j!| j"dE<|| j"d<|| j"dF<| S)INÚÚanyFrrZdeleter Tz delete-%dÚinsertéÚ0z#Cannot insert rule at position '%s'ÚallowÚdenyÚrejectÚlimitéÚinÚoutÚonzInvalid interface clauseéÚlogzlog-allzOption 'log' not allowed herez!Option 'log-all' not allowed hereé Ú_Ú directionZbothÚdstzBad portz^\d([0-9,:]*\d+)*$ú,ú:zPort ranges must be numericÚipv6ÚespÚahzInvalid port with protocol '%s'zWrong number of argumentsÚfromÚtozNeed 'to' or 'from' clauseÚprotoÚportÚappzImproper rule syntaxzInvalid token '%s'zInvalid 'proto' clausezInvalid '%s' clausez 0.0.0.0/0Ú6Zv6Zv4ÚsrczInvalid 'from' clausezInvalid 'to' clausezNeed 'from' or 'to' with '%s'zInvalid 'port' clausez%Mixed IP versions for 'from' and 'to'zCould not find protocolzProtocol mismatch (from/to)z,Protocol mismatch with specified protocol %sz3Improper rule syntax ('%s' specified with app rule)z'Invalid IPv6 address with protocol '%s'z*Adjusting iptype to 'v4' for protocol '%s'rZiptype)r2r3r4)r2r3r4)#rrÚremoveÚintÚ Exceptionrrr-rÚcountÚufwZcommonZUFWRuleZ set_positionZ applicationsZvalid_profile_nameÚutilZget_services_protoÚdappZset_portZparse_port_protoÚreÚmatchZ set_protocolÚprotocolÚ set_interfaceZ valid_addressZset_srcZset_dstÚsapprÚdportÚsportrÚdata)r rÚactionrrZ from_typeZto_typeZ from_serviceZ to_serviceZ insert_posÚlogtyper<Zrule_numrÚerr_msgÚnargsZrule_directionZ has_interfaceZlog_idxZ rule_actionr8r7ÚkeysÚiÚlocÚargZfaddrZsaddrÚtmpr r r rEs>((        $     "26 ,"  ( "                            $  *                                                                       zUFWCommandRule.parsecCs‚|j}|jdks'|jdkrS|jdksE|jdkrS|jdkrS|jdkrS|jdkrS|jdkrS|jdkrS|jdkr³|d|j7}n|j dkrÖ|d|j 7}n|j dkrd|j kr|d|j 7}qP|d|j 7}q~|d|j7}|j dkr~|d |j 7}q~n+|jdkrv|d |j7}n|jdkr™|d |j7}n#|jdkr¼|d|j7}n|j dkrß|d|j 7}nxd d gD] }|d kr"|j}|j}|j}d}n!|j}|j}|j }d}|dks[|dkrdd}n|dksˆ|dksˆ|dkrì|d||f7}|dkrÖd|krÅ|d|7}qó|d|7}qö|dkrö|d|7}qöqìqìWd|kr=d|kr=|jdkr=|jdkr=|d7}n|j dkr~|j dkr~|jdkr~|d|j 7}n|S)zGet command string for rulez 0.0.0.0/0z::/0rrr(z %sú z '%s'z/%sz in on %sz out on %sr;r/r5r6z %s %sz app '%s'z app %sz port %sz to z from z to anyz proto %s) rKr/r;rIrGZ interface_inZ interface_outrHr.rLrBrE)rÚresrPrQr8r9Údirr r r Ú get_commandÄsj          $    -zUFWCommandRule.get_commandN)rrrrr rrWÚ staticmethodr r r r r?s   ÿ€ Hrc@s.eZdZdZdd„Zdd„ZdS)ÚUFWCommandRouteRulez)Class for parsing ufw route rule commandscCstj||ƒd|_dS)NÚroute)rr r)r rr r r r szUFWCommandRouteRule.__init__cCs|ddkst‚d}d}d}dj|ƒ}d|krÊd|krÊd}|jdƒ|jdƒkr|d}n||j|ƒd}|d|j|ƒ…||j|ƒd d…}n_tjd |ƒ r#tjd |ƒ r#d |ksd |kr#tdƒ}t|ƒ‚n|}d|d%s   ÿÑ1;-