c`c@sddljZddlZddlZddlZddlmZddlmZm Z m Z m Z ddl m Z ddlmZmZmZmZmZmZddlmZddlmZde fd YZd e fd YZdS( iN(tconfig(tPY2t IO_ObjecttIO_Object_ContentHandlertIO_Object_XMLGenerator(tlog(tuniqifyt checkUsertcheckUidt checkCommandt checkContextt u2b_if_py2(terrors(t FirewallErrort!lockdown_whitelist_ContentHandlercBseZdZdZRS(cCstj||t|_dS(N(Rt__init__tFalset whitelist(tselftitem((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR%scCstj||||jj|||dkr\|jrPttjdnt|_n[|dkr|jst j ddS|d}|jj |n|dkrH|jst j ddSd|kr"yt |d}Wn't k rt j d |ddSX|jj|qd|kr|jj|dqno|d kr|jsnt j d dSd |krt j d dS|jj|d nt j d|dSdS(NRsMore than one whitelist.tcommands)Parse Error: command outside of whitelisttnametusers&Parse Error: user outside of whitelisttids"Parse Error: %s is not a valid uidtselinuxs)Parse Error: selinux outside of whitelisttcontextsParse Error: no contextsUnknown XML element %s(Rt startElementRtparser_check_element_attrsRR R t PARSE_ERRORtTrueRterrort add_commandtintt ValueErrortadd_uidtadd_usert add_context(RRtattrsRtuid((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR)sJ                      (t__name__t __module__RR(((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR$s tLockdownWhitelistcBsxeZdZddgfddgfddgfddgffZdZdgZid*d 6d gd 6d*d 6d gd6Zidd gd 6ZdZ dZ dZ dZ dZ dZdZdZdZdZdZdZdZdZdZdZd Zd!Zd"Zd#Zd$Zd%Zd&Zd'Z d(Z!d)Z"RS(+s LockdownWhitelist class tcommandsttcontextstuserstuidsis (asasasai)t_RRRRRRRcCsMtt|j||_d|_g|_g|_g|_g|_ dS(N( tsuperR)RtfilenametNonetparserR*R,R-R.(RR1((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyRns     cCs|d kr4x|D]}|j||d qWn|dkrdt|sttj|qn|dkrt|sttj|qn`|dkrt|sttj|qn0|d krt |sttj |qndS( NR*R,R-R.iRRRR&(scommandsscontextssuserssuids( t _check_configR R R tINVALID_COMMANDR tINVALID_CONTEXTRt INVALID_USERRt INVALID_UID(RRRtx((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR4ys          cCs |j2|j2|j2|j2dS(N(R*R,R-R.(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytcleanupscCssg|jD]}t|^q |_g|jD]}t|^q/|_g|jD]}t|^qT|_dS(s HACK. I haven't been able to make sax parser return strings encoded (because of python 2) instead of in unicode. Get rid of it once we throw out python 2 support.N(R*R R,R-(RR9((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytencode_stringss%%cCs]t|s!ttj|n||jkrC|jj|nttjd|dS(Ns!Command "%s" already in whitelist(R R R R5R*tappendtALREADY_ENABLED(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyRs   cCs<||jkr"|jj|nttjd|dS(NsCommand "%s" not in whitelist.(R*tremoveR R t NOT_ENABLED(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytremove_commands cCs ||jkS(N(R*(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt has_commandscCsQxJ|jD]?}|jdr9|j|d rItSq ||kr tSq WtS(Nt*i(R*tendswitht startswithRR(RRt_command((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_commands cCs|jS(N(R*(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt get_commandsscCsct|s'ttjt|n||jkrI|jj|nttjd|dS(NsUid "%s" already in whitelist(RR R R8tstrR.R<R=(RR&((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR"s   cCs<||jkr"|jj|nttjd|dS(NsUid "%s" not in whitelist.(R.R>R R R?(RR&((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt remove_uids cCs ||jkS(N(R.(RR&((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pythas_uidscCs ||jkS(N(R.(RR&((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_uidscCs|jS(N(R.(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytget_uidsscCs]t|s!ttj|n||jkrC|jj|nttjd|dS(NsUser "%s" already in whitelist(RR R R7R-R<R=(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR#s   cCs<||jkr"|jj|nttjd|dS(NsUser "%s" not in whitelist.(R-R>R R R?(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt remove_users cCs ||jkS(N(R-(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pythas_userscCs ||jkS(N(R-(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_userscCs|jS(N(R-(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt get_usersscCs]t|s!ttj|n||jkrC|jj|nttjd|dS(Ns!Context "%s" already in whitelist(R R R R6R,R<R=(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR$"s   cCs<||jkr"|jj|nttjd|dS(NsContext "%s" not in whitelist.(R,R>R R R?(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytremove_context,s cCs ||jkS(N(R,(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt has_context3scCs ||jkS(N(R,(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_context6scCs|jS(N(R,(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt get_contexts9scCs|j|jjds8ttjd|jnt|}tj}|j |y|j |jWn2tj k r}ttj d|j nX~~tr|jndS(Ns.xmls'%s' is missing .xml suffixsNot a valid file: %s(R:R1RCR R t INVALID_NAMERtsaxt make_parsertsetContentHandlertparsetSAXParseExceptiont INVALID_TYPEt getExceptionRR;(RthandlerR3tmsg((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytread>s"      cCsHtjj|jreytj|jd|jWqetk ra}td|j|fqeXntjjtj stj tj dnt j |jdddd}t |}|j|jdi|jd xHt|jD]7}|jd |jd i|d 6|jd qWxNt|jD]=}|jd |jd it|d6|jd q<WxHt|jD]7}|jd |jd i|d 6|jd qWxHt|jD]7}|jd |jdi|d6|jd qW|jd|jd |j|j~dS(Ns%s.oldsBackup of '%s' failed: %sitmodetwttencodingsUTF-8Rs s RRRRRR(tostpathtexistsR1tshutiltcopy2t ExceptiontIOErrorRt ETC_FIREWALLDtmkdirtiotopenRt startDocumentRtignorableWhitespaceRR*t simpleElementR.RHR-R,t endElementt endDocumenttclose(RR^tfR]RR&RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytwriteQsB             N(#R'R(t__doc__tIMPORT_EXPORT_STRUCTUREtDBUS_SIGNATUREtADDITIONAL_ALNUM_CHARSR2tPARSER_REQUIRED_ELEMENT_ATTRStPARSER_OPTIONAL_ELEMENT_ATTRSRR4R:R;RR@RARFRGR"RIRJRKRLR#RMRNRORPR$RQRRRSRTR_Ru(((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR)WsP                   1     (txml.saxRVRcRlRftfirewallRtfirewall.core.io.io_objectRRRRtfirewall.core.loggerRtfirewall.functionsRRRR R R R tfirewall.errorsR RR)(((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyts   ".3