3 \|@sddlZddlZddlZddlmZddlmZGdddZGdddeZGdd d eZ Gd d d eZ Gd d d eZ GdddeZ GdddeZ GdddeZGdddeZGdddZGdddZdS)N)UFWError)debugc@s(eZdZdZddZddZddZdS) UFWCommandz"Generic class for parser commands.cCs,||_g|_||jkr"|jj|||_dS)N)commandtypesappendtype)selfrrr ,/usr/lib/python3/dist-packages/ufw/parser.py__init__.s   zUFWCommand.__init__cCs&t|dkrtt|dj}|S)Nr)len ValueErrorUFWParserResponselower)r argvrr r r parse5s zUFWCommand.parsecCs tddS)Nz!UFWCommand.help: need to override)r)r argsr r r help=szUFWCommand.helpN)__name__ __module__ __qualname____doc__r rrr r r r r,src@s0eZdZdZddZddZddZeeZdS) UFWCommandRulez#Class for parsing ufw rule commandscCsd}tj|||dS)Nrule)rr )r rrr r r r CszUFWCommandRule.__init__c ACs d}d}d}d}d}d}d}d} d} d} t|dkrR|djdkrR|j|dt|dkr`|djdkrt|dkrd} |j|dd} yt|d} Wntk r|d}YnX| dk rtd | } | Sn~|djd kr|djdkrBd}|dkrf||j} ||=t|}d|krtd}t|d|krtd}t|d}d|kr|j d}|t|dkrtd}t|||d}d |krtd!}t|||d=||=t|}|dks&|d"kr,t|}| dkrF|d#| 7}t j j |dd|t jj|d$}| rr| |_n2| dkry|j| Wntk rYnX|dkrt jj|dr yt jj|dWn4tk rd%}|d|_|j|dd&YnX|jdk ryt jj|d\}}Wn,tk rZ}zt|WYdd}~XnXtjd'|sd(|ks~d)|krtd*}t||}y|j||j|d&d%}Wn&tk rtd+}t|YnXn|dddkrtd,}t|nd-|kr>d.|kr>d|kr>d|kr>td/}t|nd0d-d.d1d2ddg}|j d.dks|j d-dks|j d0dks|j d1dks|j ddks|j ddks|j d2dks|j d2dkr|j d0dkrtd3}t|d}d}xb|D]X}|ddkr:|||kr:td4||}t||d0kr|d|kry|j||dWntk rYnXntd5}t|n|dks|dkr0|d|kryB|dkr|jd||dn|dkr|jd||dWntk rYnXntd6|}t|n |d-kr|d|kryL||dj}|dkrnd7}d}nt jj|d8rd9}nd:}|j|Wntk rYnXd;}ntd<}t|n|d.k r^|d|k rLyL||dj}|dk rd7}d}nt jj|d8 rd9}nd:}|j|Wntk rDYnXd&}ntd=}t|n|d1k sr|d2k rP|d|k r@|dk rtd>|}t|||d}|d2k r|d;k r||_n||_nFtjd'| sd(|k sd)|k rtd*}t||d;k r|}n|}y|j||Wntk r<YnXntd?}t||d7}qW|dk rx|dk rxd%}nN|dk r|dk r||k rtd@}t|n|dk r|}n|dk r|}|dk s|dk r*d}|dk r yt jj|}Wn&tk rtdA}t|YnX|dk r|dk s>|dk rxyt jj|}Wn&tk rttdA}t|YnXnnyt jj|}Wn&tk rtdA}t|YnX|dk s||k r|}n|dk rntdB}t||jdk r|j|n,|dk r*|j|k r*tdC|j}t|| rf|jt jj k r\|d%k r\t!dD|jd:}|j"|t|} |j#| j$dE<|| j$d<|| j$dF<| S)HNanyFrrdeleter Tz delete-%dinsert0z-1z#Cannot insert rule at position '%s'ZprependallowdenyrejectlimitinoutonzInvalid interface clauselogzlog-allzOption 'log' not allowed herez!Option 'log-all' not allowed herecommentz*Option 'comment' missing required argument'zComment may not contain "'" _) directionr-Zbothdstz^\d([0-9,:]*\d+)*$,:zPort ranges must be numericzBad portzWrong number of argumentsfromtozNeed 'to' or 'from' clauseprotoportappzImproper rule syntaxzInvalid token '%s'zInvalid 'proto' clausezInvalid '%s' clausez 0.0.0.0/06Zv6Zv4srczInvalid 'from' clausezInvalid 'to' clausezNeed 'from' or 'to' with '%s'zInvalid 'port' clausez%Mixed IP versions for 'from' and 'to'zCould not find protocolzProtocol mismatch (from/to)z,Protocol mismatch with specified protocol %sz*Adjusting iptype to 'v4' for protocol '%s'rZiptype)%rrremoveint Exceptionrrr0rcountindexufwcommonZUFWRuleutilZ hex_encodeZ set_positionZ applicationsZvalid_profile_nameZget_services_protodappZset_portZparse_port_protorematchZ set_protocol set_interfaceZ valid_addressZset_srcZset_dstsappprotocolZipv4_only_protocolsrZverifyrdata) r ractionrrZ from_typeZto_typeZ from_serviceZ to_serviceZ insert_poslogtyper=Zrule_numrerr_msgnargsZrule_directionZ has_interfaceZlog_idxr-Z comment_idxZ rule_actionr8r7ekeysilocargZfaddrZsaddrtmpr r r rGs>     * *$"                                                         zUFWCommandRule.parsecCs|j}|jdks|jdko^|jdks.|jdko^|jdko^|jdko^|jdko^|jdko^|jdkr |jdkrz|d|j7}|j dkr|d|j 7}|j dkrd|j kr|d|j 7}q|d|j 7}n&|d|j7}|j dkr|d |j 7}|j dkr|d |j 7}n|jdkr&|d |j7}|jdkrB|d |j7}n|jdkr\|d|j7}|j dkrv|d|j 7}xdD]}|d kr|j}|j}|j}d}n|j}|j}|j }d}|dks|dkrd}|dks|dks|dkr||d||f7}|dkr.d|kr |d|7}n |d|7}n|dkr||d|7}q|Wd|kr~d|kr~|jdkr~|jdkr~|d7}|j dkr|j dkr|jdkr|d|j 7}|j dkr|d |j 7}|S)zGet command string for rulez 0.0.0.0/0z::/0rrr)z %s z '%s'z/%sz comment '%s'z in on %sz out on %sr;r2r5r6z %s %sz app '%s'z app %sz port %sz to z from z to anyz proto %s)r;r2)rLr2r;ZsportrIZ interface_inZ interface_outZdportr1rMrErJr-Z get_comment)rresrRrSr8r9dirr r r get_commandsr                    $ zUFWCommandRule.get_commandN)rrrrr rrY staticmethodr r r r rAsMrc@s eZdZdZddZddZdS)UFWCommandRouteRulez)Class for parsing ufw route rule commandscCstj||d|_dS)Nroute)rr r)r rr r r r s zUFWCommandRouteRule.__init__c Cs|ddkstd|krl|jd}d}t||krly$t||dtd}t|Wntk rjYnXd}d}d}dj|}d|krd |krd }|jd |jd krd }||j|d }|d|j|||j|d d}nJtj d| r0tj d| r0d|ksd|kr0td}t|n|}d|d<t j ||}d|j kr~d|j d_ |r~|r~|j dj|||S)Nrr\rrr z9'route delete NUM' unsupported. Use 'delete NUM' instead.rVz in on z out on r)r(r'r+z (in|out) on z app (in|out) z in z out z'Invalid interface clause for route rulerT)AssertionErrorrArr>r0rrjoinrFsearchrrrKforwardrH) r ridxrNZ rule_argvZ interfacestripsrr r r rsD    *     zUFWCommandRouteRule.parseN)rrrrr rr r r r r[sr[c@s eZdZdZddZddZdS) UFWCommandAppz*Class for parsing ufw application commandscCsd}tj|||dS)Nr9)rr )r rrr r r r ZszUFWCommandApp.__init__cCsPd}d}d}|ddkrt|d=t|}|dj}|dksH|dkr|dkrr|dd krrd }|jd t|}|d krtt|djd }|r|d 7}|dkr|dkrt|dkr.|d krt|djdkrd}nL|djdkrd}n6|djdkrd}n|djdkr(d}ntt|}|j|jd<||jd<|S)zParse applications command.rFrr9infoupdater+r z --add-newTr'z[']z -with-newlistdefaultr#z default-allowr$z default-denyr%zdefault-rejectskipz default-skiprname) rrrr=strrbrrrK)r rrjrLZaddnewrOrr r r r^sH      zUFWCommandApp.parseN)rrrrr rr r r r rdXsrdc@s eZdZdZddZddZdS)UFWCommandBasicz$Class for parsing ufw basic commandscCsd}tj|||dS)NZbasic)rr )r rrr r r r szUFWCommandBasic.__init__cCst|dkrttj||S)Nr )rrrr)r rr r r rs zUFWCommandBasic.parseN)rrrrr rr r r r rlsrlc@s eZdZdZddZddZdS)UFWCommandDefaultz&Class for parsing ufw default commandscCsd}tj|||dS)Nrh)rr )r rrr r r r szUFWCommandDefault.__init__cCsPt|dkrtd}d}t|dkr|djdkr|djdkr|djdkr|djdkr|djdkr|djdkrt|djjd rd}nJ|djjd rd}n2|djdks|djdkrd}n |dj}|d jd krd }n6|d jdkrd}n|d jdkr6d}nt|d|7}t|S)Nr'rZincominginputZroutedr`outputZoutgoingr(r)r r$z default-denyr#z default-allowr%zdefault-rejectz-%s)rrr startswithr)r rrLr1r r r rs8     zUFWCommandDefault.parseN)rrrrr rr r r r rmsrmc@s eZdZdZddZddZdS)UFWCommandLoggingz&Class for parsing ufw logging commandscCsd}tj|||dS)NZlogging)rr )r rrr r r r szUFWCommandLogging.__init__cCsd}t|dkrtn|djdkr.d}n|djdks~|djdks~|djdks~|djd ks~|djd krd }|djdkr|d |dj7}ntt|S) Nrr'r Zoffz logging-offr*ZlowZmediumZhighZfullz logging-onr0)rrrr)r rrLr r r rs   zUFWCommandLogging.parseN)rrrrr rr r r r rqsrqc@s eZdZdZddZddZdS)UFWCommandStatusz%Class for parsing ufw status commandscCsd}tj|||dS)Nstatus)rr )r rrr r r r szUFWCommandStatus.__init__cCsftj||}t|dkr d|_nBt|dkrb|djdkrDd|_n|djdkr\d|_nt|S)Nr rsverbosezstatus-verboseZnumberedzstatus-numbered)rrrrLrr)r rrr r r rs   zUFWCommandStatus.parseN)rrrrr rr r r r rrsrrc@s eZdZdZddZddZdS)UFWCommandShowz#Class for parsing ufw show commandscCsd}tj|||dS)NZshow)rr )r rrr r r r szUFWCommandShow.__init__cCsd}t|dkrtn|djdkr.d}n|djdkrDd}n|djdkrZd}nt|djd krpd }n^|djd krd }nH|djd krd}n2|djdkrd}n|djdkrd}ntt|S)Nrr rawzshow-rawz before-rulesz show-beforez user-rulesz show-userz after-rulesz show-afterz logging-rulesz show-loggingbuiltinsz show-builtinsZ listeningzshow-listeningZaddedz show-added)rrrr)r rrLr r r rs* zUFWCommandShow.parseN)rrrrr rr r r r rusruc@s eZdZdZddZddZdS)rzClass for ufw parser responsecCs |j|_d|_d|_i|_dS)NF)rrLdryrunforcerK)r rLr r r r s zUFWParserResponse.__init__cCsTd|j}t|jj}|jx"|D]}|d||j|f7}q&W|d7}t|S)Nz action='%s'z,%s='%s' )rLrgrKrQsortrepr)r rcrQrRr r r __str__!s  zUFWParserResponse.__str__N)rrrrr r}r r r r rsrc@s0eZdZdZddZddZddZdd Zd S) UFWParserzClass for ufw parsercCs i|_dS)N)commands)r r r r r .szUFWParser.__init__cCsD|jt|jjkrt|jt|j|jkr%s$  YA; .