8889841có  c‰`c@sóddljZddlZddlZddlZddlmZddlmZm Z m Z m Z ddl m Z ddlmZmZmZmZmZmZddlmZddlmZde fd „ƒYZd e fd „ƒYZdS( iÿÿÿÿN(tconfig(tPY2t IO_ObjecttIO_Object_ContentHandlertIO_Object_XMLGenerator(tlog(tuniqifyt checkUsertcheckUidt checkCommandt checkContextt u2b_if_py2(terrors(t FirewallErrort!lockdown_whitelist_ContentHandlercBseZd„Zd„ZRS(cCstj||ƒt|_dS(N(Rt__init__tFalset whitelist(tselftitem((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR%scCs»tj|||ƒ|jj||ƒ|dkr\|jrPttjdƒ‚nt|_n[|dkrŸ|js‚t j dƒdS|d}|jj |ƒn|dkrH|jsÅt j dƒdSd|kr"yt |dƒ}Wn't k rt j d |dƒdSX|jj|ƒq·d|kr·|jj|dƒq·no|d kr¢|jsnt j d ƒdSd |kr‹t j d ƒdS|jj|d ƒnt j d|ƒdSdS(NRsMore than one whitelist.tcommands)Parse Error: command outside of whitelisttnametusers&Parse Error: user outside of whitelisttids"Parse Error: %s is not a valid uidtselinuxs)Parse Error: selinux outside of whitelisttcontextsParse Error: no contextsUnknown XML element %s(Rt startElementRtparser_check_element_attrsRR R t PARSE_ERRORtTrueRterrort add_commandtintt ValueErrortadd_uidtadd_usert add_context(RRtattrsRtuid((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR)sJ                      (t__name__t __module__RR(((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR$s tLockdownWhitelistcBsxeZdZddgfddgfddgfddgffZdZdgZid*d 6d gd 6d*d 6d gd6Zidd gd 6Zd„Z d„Z d„Z d„Z d„Z d„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd „Zd!„Zd"„Zd#„Zd$„Zd%„Zd&„Zd'„Z d(„Z!d)„Z"RS(+s LockdownWhitelist class tcommandsttcontextstuserstuidsis (asasasai)t_RRRRRRRcCsMtt|ƒjƒ||_d|_g|_g|_g|_g|_ dS(N( tsuperR)RtfilenametNonetparserR*R,R-R.(RR1((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyRns     cCsø|d kr4xå|D]}|j||d ƒqWnÀ|dkrdt|ƒsôttj|ƒ‚qôn|dkr”t|ƒsôttj|ƒ‚qôn`|dkrÄt|ƒsôttj|ƒ‚qôn0|d krôt |ƒsôttj |ƒ‚qôndS( NR*R,R-R.iÿÿÿÿRRRR&(scommandsscontextssuserssuids( t _check_configR R R tINVALID_COMMANDR tINVALID_CONTEXTRt INVALID_USERRt INVALID_UID(RRRtx((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR4ys          cCs |j2|j2|j2|j2dS(N(R*R,R-R.(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytcleanupŠscCssg|jD]}t|ƒ^q |_g|jD]}t|ƒ^q/|_g|jD]}t|ƒ^qT|_dS(s» HACK. I haven't been able to make sax parser return strings encoded (because of python 2) instead of in unicode. Get rid of it once we throw out python 2 support.N(R*R R,R-(RR9((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytencode_strings’s%%cCs]t|ƒs!ttj|ƒ‚n||jkrC|jj|ƒnttjd|ƒ‚dS(Ns!Command "%s" already in whitelist(R R R R5R*tappendtALREADY_ENABLED(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyRœs   cCs<||jkr"|jj|ƒnttjd|ƒ‚dS(NsCommand "%s" not in whitelist.(R*tremoveR R t NOT_ENABLED(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytremove_command¥s cCs ||jkS(N(R*(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt has_command¬scCsQxJ|jD]?}|jdƒr9|j|d ƒrItSq ||kr tSq WtS(Nt*iÿÿÿÿ(R*tendswitht startswithRR(RRt_command((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_command¯s cCs|jS(N(R*(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt get_commands¹scCsct|ƒs'ttjt|ƒƒ‚n||jkrI|jj|ƒnttjd|ƒ‚dS(NsUid "%s" already in whitelist(RR R R8tstrR.R<R=(RR&((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR"¾s   cCs<||jkr"|jj|ƒnttjd|ƒ‚dS(NsUid "%s" not in whitelist.(R.R>R R R?(RR&((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt remove_uidÈs cCs ||jkS(N(R.(RR&((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pythas_uidÏscCs ||jkS(N(R.(RR&((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_uidÒscCs|jS(N(R.(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytget_uidsÕscCs]t|ƒs!ttj|ƒ‚n||jkrC|jj|ƒnttjd|ƒ‚dS(NsUser "%s" already in whitelist(RR R R7R-R<R=(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR#Ús   cCs<||jkr"|jj|ƒnttjd|ƒ‚dS(NsUser "%s" not in whitelist.(R-R>R R R?(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt remove_useräs cCs ||jkS(N(R-(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pythas_userëscCs ||jkS(N(R-(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_userîscCs|jS(N(R-(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt get_usersñscCs]t|ƒs!ttj|ƒ‚n||jkrC|jj|ƒnttjd|ƒ‚dS(Ns!Context "%s" already in whitelist(R R R R6R,R<R=(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR$"s   cCs<||jkr"|jj|ƒnttjd|ƒ‚dS(NsContext "%s" not in whitelist.(R,R>R R R?(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytremove_context,s cCs ||jkS(N(R,(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt has_context3scCs ||jkS(N(R,(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_context6scCs|jS(N(R,(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt get_contexts9scCsÃ|jƒ|jjdƒs8ttjd|jƒ‚nt|ƒ}tjƒ}|j |ƒy|j |jƒWn2tj k r¥}ttj d|j ƒƒ‚nX~~tr¿|jƒndS(Ns.xmls'%s' is missing .xml suffixsNot a valid file: %s(R:R1RCR R t INVALID_NAMERtsaxt make_parsertsetContentHandlertparsetSAXParseExceptiont INVALID_TYPEt getExceptionRR;(RthandlerR3tmsg((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytread>s"      cCsHtjj|jƒreytj|jd|jƒWqetk ra}td|j|fƒ‚qeXntjjtj ƒstj tj dƒnt j |jddddƒ}t |ƒ}|jƒ|jdiƒ|jd ƒxHt|jƒD]7}|jd ƒ|jd i|d 6ƒ|jd ƒqñWxNt|jƒD]=}|jd ƒ|jd it|ƒd6ƒ|jd ƒq<WxHt|jƒD]7}|jd ƒ|jd i|d 6ƒ|jd ƒqWxHt|jƒD]7}|jd ƒ|jdi|d6ƒ|jd ƒqØW|jdƒ|jd ƒ|jƒ|jƒ~dS(Ns%s.oldsBackup of '%s' failed: %siètmodetwttencodingsUTF-8Rs s RRRRRR(tostpathtexistsR1tshutiltcopy2t ExceptiontIOErrorRt ETC_FIREWALLDtmkdirtiotopenRt startDocumentRtignorableWhitespaceRR*t simpleElementR.RHR-R,t endElementt endDocumenttclose(RR^tfR]RR&RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytwriteQsB             N(#R'R(t__doc__tIMPORT_EXPORT_STRUCTUREtDBUS_SIGNATUREtADDITIONAL_ALNUM_CHARSR2tPARSER_REQUIRED_ELEMENT_ATTRStPARSER_OPTIONAL_ELEMENT_ATTRSRR4R:R;RR@RARFRGR"RIRJRKRLR#RMRNRORPR$RQRRRSRTR_Ru(((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR)WsP                   1     (txml.saxRVRcRlRftfirewallRtfirewall.core.io.io_objectRRRRtfirewall.core.loggerRtfirewall.functionsRRRR R R R tfirewall.errorsR RR)(((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyts   ".3