#fd|dddlZddlZddlZddlmZddlmZGddZGddeZGdd eZ Gd d eZ Gd d eZ GddeZ GddeZ GddeZGddeZGddZGddZdS)NUFWError)debugc$eZdZdZdZdZdZdS) UFWCommandz"Generic class for parser commands.cv||_g|_||jvr|j|||_dSN)commandtypesappendtype)selfr r s ,/usr/lib/python3/dist-packages/ufw/parser.py__init__zUFWCommand.__init__.s>  tz ! ! J  d # # # ct|dkrtt|d}|S)Nr)len ValueErrorUFWParserResponselowerrargvrs rparsezUFWCommand.parse5s9 t99q==,,  d1gmmoo . .rc td)Nz!UFWCommand.help: need to overrider)rargss rhelpzUFWCommand.help=s:;;;rN)__name__ __module__ __qualname____doc__rrrrrrr,sG,,<<<<|ddks|ddkrd}|dkr,||} ||=t|}d|vrtd}t|d|vrtd}t|d}d|vr| d}|t|dz krtd }t|||dz}d!|vrtd"}t |||dz=||=t|}|dks|d#krt |}| dkr|d$| zz }tj |dd|tj|%}| r| |_n,| dkr& || n#t$rwxYw|dkrxtj|drb tj|dn;#t$r.d&}|d|_||dd'YnwxYw|jdkr tj|d\}}n!#t $r}t|d}~wwxYwt/jd(|s(d)|vsd*|vrtd+}t||} ||||d'd&}nI#t$rtd,}t|wxYwn|dzdzdkrtd-}t|d.|vr*d/|vr&d|vr"d|vrtd0}t|gd1}| d/dks| d.dks| d2dks| d3dks}| ddksd| ddksK| d4dks2| d4dkr7| d2dkrtd5}t|d}d}|D]h}|dzdkr1|||vr'td6||z}t||d2krW|dz|kr0 |||dzn#t$rwxYwtd7}t||dks|dkr|dz|kr] |dkr |d||dzn%|dkr|d||dznf#t$rwxYwtd8|z}t||d.kr|dz|krw ||dz}|dkrd9}d}n%tj|d:rd;}nd<}||n#t$rwxYwd=}ntd>}t||d/kr|dz|krw ||dz}|dkrd9}d}n%tj|d:rd;}nd<}||n#t$rwxYwd'}n td?}t||d3ks|d4kr|dz|kr|dkr!td@|z}t|||dz}|d4kr|d=kr||_nN||_nFt/jd(|s1d)|vsd*|vrtd+}t||d=kr|}n|} |||n-#t$rwxYwtdA}t||dz }j|dkr |dkrd&}nA|dkr*|dkr$||krtdB}t||dkr|}n|dkr|}|dks|dkrd}|dkrM tj|}n,#t$rtdC}t|wxYw|dkr|dks|dkrM tj|}n#t$rtdC}t|wxYw tj|}n,#t$rtdC}t|wxYw|dks||kr|}n%|dkrntdD}t||jdkr||n7|dkr1|j|kr&tdE|jz}t||rL|jtjj vr|d&krtCdF|jzd<}|"|t |} |j#| j$dG<|| j$d<|| j$dH<| S)INanyFrr'deleterTz delete-%dinsert0z-1z#Cannot insert rule at position '%s'prependallowdenyrejectlimitinoutonzInvalid interface clauselogzlog-allzOption 'log' not allowed herez!Option 'log-all' not allowed herecommentz*Option 'comment' missing required argument'zComment may not contain "'" _) directionr>bothdstz^\d([0-9,:]*\d+)*$,:zPort ranges must be numericzBad portzWrong number of argumentsfromtozNeed 'to' or 'from' clause)protorGrHportappr9r:rIrJrKzImproper rule syntaxzInvalid token '%s'zInvalid 'proto' clausezInvalid '%s' clause 0.0.0.0/06v6v4srczInvalid 'from' clausezInvalid 'to' clausezNeed 'from' or 'to' with '%s'zInvalid 'port' clausez%Mixed IP versions for 'from' and 'to'zCould not find protocolzProtocol mismatch (from/to)z,Protocol mismatch with specified protocol %sz*Adjusting iptype to 'v4' for protocol '%s'r iptype)%rrremoveint ExceptionrrrArcountindexufwcommonUFWRuleutil hex_encode set_position applicationsvalid_profile_nameget_services_protodappset_portparse_port_protorematch set_protocol set_interface valid_addressset_srcset_dstsappprotocolipv4_only_protocolsrverifyr data) rractionr'r from_typeto_type from_service to_service insert_poslogtyperRrule_numrerr_msgnargsrule_direction has_interfacelog_idxr> comment_idx rule_actionrJrIekeysilocargfaddrsaddrtmps rrzUFWCommandRule.parseGsk     t99q==T!W]]__66 KKQ  t99q==Aw}}(**s4yy1}} DG$$$%"47||HH %%%!!WFFF%')+*@AAAH(aH,,t99q==$,,&!!W $$ d(:(: EFF!+-G"7+++GGGaI-- G!WF W  6!1!1f6H6H W  ,, D  199,,  199$q'--//T11q'--//U22!!W]]__N 199aDd1gmmoo.E.E.21gmmoo.F.F!!W]]__NQIIE 199$**T**Q..$**U2C2Ca2G2G233GAw}}$&&47==??e+C+Cw'''qyyDGMMOOt33w'''QIIE M  UQYYDGMMOOu,D,D,0GMMOOy,H,HGG QYYDGMMOOu447==??i77G Q;;7m))++GW IIE D==788G7## #   ;<>sU{{" --d1Q3i8888("""!" #$$<"="=&w///D[[C5LLsU{{""d{{ $ 2 24ac C C C C!$ $ 2 25$qs) D D D("""!" #$$9":":c"B&w///F]]sU{{ "$(1IOO$5$5E$~~(3,1 #&8#9#9%#E#E!504II04I LL////("""!"# #$$;"<"<&w///D[[sU{{ "$(1IOO$5$5E$~~(3*/#&8#9#9%#E#E!3.2GG.2G LL////("""!"# #$$9":":&w///F]]cUllsU{{"99&'(G&H&H),'.G"*7"3"33"1Q3i%<<"e||,/ ,/ !#*>!D!D1"czzSCZZ*+,I*J*J&.w&7&7 7"e||/2 -0 " MM#s3333("""!" #$$;"<"<&w///QE!!g&6&6e##5(8(8g%%CDDw'''e## E!!   |r11ER,H77 CCEE ,,, 9::G"7+++ , r!!E>>Ub[[0 # ; ;L I I$000#$$=">">&w/// 00!h99,GG$000#$$=">">&w/// 0 ~~# #"#$A"B"B&w///}%%!!%((((%DMU$:$:JKK!],w'''  } <<<v~~B}&''' KK    f % %vvxsCC10C1W W"%X885Y0/Y0?(Z(( [2[[-\66)]d22 d>5A g gA"i%% i1&A"l  l$o;; pr55)s4t)t=u!!)v c|j}|jdks |jdkr|jdks |jdkr|jdkr|jdkr|jdkr|jdkr|jdkr|jdkr |d|jzz }|j dkr |d|j zz }|j dkr%d|j vr|d|j zz }n3|d|j zz }n%|d|jzz }|j dkr |d |j zz }|j dkr|d | zz }nf|jdkr |d |jzz }|jdkr|d |jzz }n|jdkr |d|jzz }|j dkr |d|j zz }d D]}|dkr|j}|j}|j}d}n|j}|j}|j }d}|dks|dkrd}|dks |dks|dkr5|d|d|z }|dkrd|vr |d|zz }u|d|zz }~|dkr|d|zz }d|vrd|vr|jdkr|jdkr|dz }|j dkr#|j dkr|jdkr |d|j zz }|j dkr|d | zz }|S)zGet command string for rulerLz::/0r-r,r:z %s z '%s'z/%sz comment '%s'z in on %sz out on %s)rPrDrPrGrHz app '%s'z app %sz port %sz to z from z to anyz proto %s)rorDrPsportrj interface_in interface_outdportrBrur`rkr> get_comment)rresrrrJrKdirs r get_commandzUFWCommandRule.get_commands+h E[ AEVOO E[ AEVOO 7e   6R<< >R   ?b 7e  {e##uq{**yBuqy((v||!&==7QV++CC516>)CCuqw&:&&51:--CyB88~##{Q^33"$$|ao55%%uq{**yBuqy((# 1 1::%C7D&C CC%C7D&CC+%%C%<<45==C2IICsssCC00Cbyy#::;#44CC9s?2CCzD00 S  XS%8%8Nb((Q_-B-By zU""qv||" {QZ//yB88 rN)rr r!r"rrr staticmethodr#rrr%r%AsZ--111~~~@ LLLZ,{++KKKrr%ceZdZdZdZdZdS)UFWCommandRouteRulez)Class for parsing ufw route rule commandscJt||d|_dS)Nroute)r%rr )rr s rrzUFWCommandRouteRule.__init__s#g... rc|ddksJd|vrq|d}d}t||krG t||dztd}t |#t $rYnwxYwd}d}d}d|}d|vrd |vrd }|d |d krd }|||d z}|d|||||d zdz}nRtjd|s;tjd|s&d|vsd|vrtd}t ||}d|d<t ||}d|j vr7d|j d_ |r#|r!|j d |||S)Nrrr.r,rz9'route delete NUM' unsupported. Use 'delete NUM' instead.rz in on z out on r:r9r8r<z (in|out) on z app (in|out) z in z out z'Invalid interface clause for route ruler'T)rVrrSrArrjoinrcsearchr%rrnforwardrf) rridxrw rule_argv interfacestripsrs rrzUFWCommandRouteRule.parses"Aw'!!!! t  **X&&CG4yy3S1W &&& [\\G"7+++!D   HHTNN >>jAooEzz$$**U"3"333 TZZ..23IQtzz%0001DE9J9J19L9M9M4NNII+Q// ,a00 kkW\\ABBG7## #I !  y 1 1 QV  %)AF6N " ? ?v,,UI>>>s6A44 BBNrr r!r"rrr#rrrrs83388888rrceZdZdZdZdZdS) UFWCommandAppz*Class for parsing ufw application commandscBd}t|||dS)NrKr(r)s rrzUFWCommandApp.__init__Zs%D$00000rcd}d}d}|ddkrt|d=t|}|d}|dks|dkr{|dkr2|dd kr&d }|d t|}|d krtt |dd }|r|d z }|dkr|dkrt|dkr|d krt|ddkrd}nq|ddkrd}nP|ddkrd}n/|ddkrd}ntt |}|j|jd<||jd<|S)zParse applications command.r,FrrKinfoupdater<rz --add-newTr8z[']z -with-newlistdefaultr4 default-allowr5 default-denyr6default-rejectskipz default-skipr name) rrrrRstrrrr rn)rrrroaddnewrxrs rrzUFWCommandApp.parse^s 7e  ,,  GD a V  v11zzd1g44 K(((D qyy ll"tAw<<%%e,,D &+% V   ,,  Y  qyy ll"Aw}}'))(aF**'aH,,)aF**' ll" f % %vvrNrr#rrrrXs84411122222rrceZdZdZdZdZdS)UFWCommandBasicz$Class for parsing ufw basic commandscBd}t|||dS)Nbasicr(r)s rrzUFWCommandBasic.__init__s%D$00000rczt|dkrtt||S)Nr)rrrr)rrs rrzUFWCommandBasic.parses1 t99>>,, d+++rNrr#rrrrs8..111,,,,,rrceZdZdZdZdZdS)UFWCommandDefaultz&Class for parsing ufw default commandscBd}t|||dS)Nrr(r)s rrzUFWCommandDefault.__init__%D$00000rczt|dkrtd}d}t|dkr{|ddkr|ddkr|ddkrh|ddkrJ|ddkr,|ddkrt|dd rd}n|dd rd}nY|ddks|ddkrd}n|d}|d d krd }nP|d dkrd}n/|d dkrd}nt|d|zz }t |S)Nr8r,incominginputroutedroutputoutgoingr9r:rr5rr4rr6rz-%s)rrr startswithr)rrrorBs rrzUFWCommandDefault.parses t99q==,,  t99q==Aw}}*,,Aw}}'))Aw}}(**Aw}})++Aw}}(**Aw}}*,, ll"Aw}}))$// ,& a++E22 ,& aH,,Q 90L0L$  GMMOO  7==??f $ $#FF !W]]__ ' '$FF !W]]__ ( (%FF,, %9%% (((rNrr#rrrrs800111%)%)%)%)%)rrceZdZdZdZdZdS)UFWCommandLoggingz&Class for parsing ufw logging commandscBd}t|||dS)Nloggingr(r)s rrzUFWCommandLogging.__init__rrcrd}t|dkrt|ddkrd}n|ddksx|ddksZ|ddks<|dd ks|dd krAd }|ddkr |d |dzz }ntt|S) Nr,r8roffz logging-offr;lowmediumhighfullz logging-onrArrrrrrros rrzUFWCommandLogging.parses t99q==,,  !W]]__ % %"FF !W]]__ $ $Q 5(@(@ !W]]__ ( (DGMMOOv,E,E !W]]__ & &!FAw}}$&&#Q //,,  (((rNrr#rrrrs800111)))))rrceZdZdZdZdZdS)UFWCommandStatusz%Class for parsing ufw status commandscBd}t|||dS)Nstatusr(r)s rrzUFWCommandStatus.__init__s%D$00000rcLt||}t|dkrd|_nmt|dkrZ|ddkrd|_n4|ddkrd|_nt |S)Nrrverbosezstatus-verbosenumberedzstatus-numbered)rrrrorrrs rrzUFWCommandStatus.parses   T4 ( ( t99>>AHH YY]]Aw}})+++aJ.., ll"rNrr#rrrrs8//111     rrceZdZdZdZdZdS)UFWCommandShowz#Class for parsing ufw show commandscBd}t|||dS)Nshowr(r)s rrzUFWCommandShow.__init__r*rcd}t|dkrt|ddkrd}n|ddkrd}n|ddkrd}n|dd krd }n|dd krd }nq|dd krd}nP|ddkrd}n/|ddkrd}ntt|S)Nr,rrawzshow-rawz before-rulesz show-beforez user-rulesz show-userz after-rulesz show-afterz logging-rulesz show-loggingbuiltinsz show-builtins listeningzshow-listeningaddedz show-addedrrs rrzUFWCommandShow.parses( t99>>,,  !W]]__ % %FF !W]]__ . ."FF !W]]__ , , FF !W]]__ - -!FF !W]]__ / /#FF !W]]__ * *$FF !W]]__ + +%FF !W]]__ ' '!FF,,  (((rNrr#rrrrs8--111)))))rrceZdZdZdZdZdS)rzClass for ufw parser responsecb||_d|_d|_i|_dS)NF)rrodryrunforcern)rros rrzUFWParserResponse.__init__s*llnn    rcd|jz}t|j}||D]}|d|d|j|dz }|dz }t |S)Nz action='%s'rEz='r? )rorrnrsortrepr)rrrrs r__str__zUFWParserResponse.__str__!sx T[ )DINN$$%%  0 0A Aqqq$)A,,,/ /AA T AwwrN)rr r!r"rrr#rrrrs8'' rrc*eZdZdZdZdZdZdZdS) UFWParserzClass for ufw parserci|_dSr )commands)rs rrzUFWParser.__init__.s  rcV|t|jvrt |t|j|vrt |S)z=Return command if it is allowed, otherwise raise an exception)rrrrr)rr cmds rallowed_commandzUFWParser.allowed_command1s{ ::<> > >,, yy{{rcd}t|dkr;|ddkrd}||dd}t|dkrY|ddks|ddkrd}||dd}d}|d}t|dkr|t|jvrc|dt|j|vr|}|d}n|}t|jD]a}||j|vrPt |j||tr&t|j||d d kr]|}nb|dkrd }| ||}|j||}| |} || _ || _ | S) z(Parse command. Returns a UFWParserActionFrz --dry-runTz--forcez-fr,rr r') rrrRrrr isinstancer%getattrrrrr) rrrrrr rrroresponses r parse_commandzUFWParser.parse_command;s  t99q==T!W]]__ ;;F KKQ  t99q==d1gmmoo::"1gmmoo55E KKQ 1gmmoo t99q==SD););)=)=$>$>>>Q 4 c(:(?(?(A(A#B#BBBDq'--//CCC$-,,..//  $-***"$-"23"7HH!t}Q/4f==GG DE+rzz%%dC00mD!&)99T?? rc"|j |jdkr d|jz}n d|jz}|j|jvri|j|j<||j|jvr!td|z}t |||j|j|<dS)z"Register a command with the parserNr,z%szCommand '%s' already exists)r r rrAr)rckeyrws rregister_commandzUFWParser.register_commandis 9  R!&/CC!)$C 6 & &$&DM!& ! $-' ' '566#>G7## #%& afc"""rN)rr r!r"rrrrr#rrrr,sW,,,\ ' ' ' ' 'rr)rcufw.utilrWufw.applications ufw.commonrrrr%rrrrrrrrrr#rrrs3J <<<<<<<<*S,S,S,S,S,ZS,S,S,l>>>>>.>>>B88888J888v , , , , ,j , , ,+)+)+)+)+) +)+)+)\))))) )))0z()))))Z)))@&J'J'J'J'J'J'J'J'J'J'r