Spade
Mini Shell
�
�G�`c@s�ddljZddlZddlZddlZddlmZddlmZm Z m
Z
m
Z
ddl
m
Z
ddlmZmZmZmZmZmZddlmZddlmZde
fd ��YZd
e fd
��YZdS(
i����N(tconfig(tPY2t IO_ObjecttIO_Object_ContentHandlertIO_Object_XMLGenerator(tlog(tuniqifyt checkUsertcheckUidt
checkCommandt
checkContextt
u2b_if_py2(terrors(t
FirewallErrort!lockdown_whitelist_ContentHandlercBseZd�Zd�ZRS(cCs
tj||�t|_dS(N(Rt__init__tFalset whitelist(tselftitem((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR%scCs�tj|||�|jj||�|dkr\|jrPttjd��nt|_n[|dkr�|js�t j
d�dS|d}|jj
|�n|dkrH|js�t j
d�dSd|kr"yt
|d�}Wn't
k
rt j
d |d�dSX|jj|�q�d|kr�|jj|d�q�no|d
kr�|jsnt j
d
�dSd
|kr�t j
d
�dS|jj|d
�nt j
d|�dSdS(NRsMore than one whitelist.tcommands)Parse Error:
command outside of whitelisttnametusers&Parse Error: user outside of
whitelisttids"Parse Error: %s is not a valid uidtselinuxs)Parse
Error: selinux outside of whitelisttcontextsParse Error: no
contextsUnknown XML element
%s(Rt
startElementRtparser_check_element_attrsRR
R
t
PARSE_ERRORtTrueRterrort
add_commandtintt
ValueErrortadd_uidtadd_usert
add_context(RRtattrsRtuid((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR)sJ
(t__name__t
__module__RR(((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR$s tLockdownWhitelistcBsxeZdZddgfddgfddgfddgffZdZdgZid*d 6d
gd
6d*d
6d
gd6Zidd
gd
6Zd�Z d�Z
d�Z
d�Z
d�Z
d�Zd�Zd�Zd�Zd�Zd�Zd�Zd
�Zd
�Zd
�Zd �Zd
�Zd!�Zd"�Zd#�Z
d$�Z
d%�Z
d&�Z d'�Z
d(�Z!d)�Z"RS(+s LockdownWhitelist class
tcommandsttcontextstuserstuidsis
(asasasai)t_RRRRRRRcCsMtt|�j�||_d|_g|_g|_g|_g|_ dS(N(
tsuperR)RtfilenametNonetparserR*R,R-R.(RR1((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyRns cCs�|d
kr4x�|D]}|j||d
�qWn�|dkrdt|�s�ttj|��q�n�|dkr�t|�s�ttj|��q�n`|dkr�t|�s�ttj|��q�n0|d kr�t |�s�ttj
|��q�ndS(
NR*R,R-R.i����RRRR&(scommandsscontextssuserssuids(
t
_check_configR R
R
tINVALID_COMMANDR
tINVALID_CONTEXTRt
INVALID_USERRt
INVALID_UID(RRRtx((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR4ys
cCs
|j2|j2|j2|j2dS(N(R*R,R-R.(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytcleanup�scCssg|jD]}t|�^q
|_g|jD]}t|�^q/|_g|jD]}t|�^qT|_dS(s� HACK. I
haven't been able to make sax parser return
strings encoded (because of python 2) instead of in unicode.
Get rid of it once we throw out python 2
support.N(R*R
R,R-(RR9((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytencode_strings�s%%cCs]t|�s!ttj|��n||jkrC|jj|�nttjd|��dS(Ns!Command
"%s" already in
whitelist(R R
R
R5R*tappendtALREADY_ENABLED(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR �s
cCs<||jkr"|jj|�nttjd|��dS(Ns
Command
"%s" not in
whitelist.(R*tremoveR
R
t
NOT_ENABLED(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytremove_command�s cCs
||jkS(N(R*(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt
has_command�scCsQxJ|jD]?}|jd�r9|j|d
�rItSq
||kr
tSq
WtS(Nt*i����(R*tendswitht
startswithR
R(RRt_command((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt
match_command�s
cCs|jS(N(R*(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt
get_commands�scCsct|�s'ttjt|���n||jkrI|jj|�nttjd|��dS(Ns
Uid
"%s" already in
whitelist(RR
R
R8tstrR.R<R=(RR&((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR"�s
cCs<||jkr"|jj|�nttjd|��dS(NsUid
"%s" not in
whitelist.(R.R>R
R
R?(RR&((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt
remove_uid�s cCs
||jkS(N(R.(RR&((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pythas_uid�scCs
||jkS(N(R.(RR&((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt match_uid�scCs|jS(N(R.(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytget_uids�scCs]t|�s!ttj|��n||jkrC|jj|�nttjd|��dS(Ns
User
"%s" already in
whitelist(RR
R
R7R-R<R=(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR#�s
cCs<||jkr"|jj|�nttjd|��dS(NsUser
"%s" not in
whitelist.(R-R>R
R
R?(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt
remove_user�s cCs
||jkS(N(R-(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pythas_user�scCs
||jkS(N(R-(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt
match_user�scCs|jS(N(R-(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt get_users�scCs]t|�s!ttj|��n||jkrC|jj|�nttjd|��dS(Ns!Context
"%s" already in whitelist(R
R
R
R6R,R<R=(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR$"s
cCs<||jkr"|jj|�nttjd|��dS(Ns
Context
"%s" not in
whitelist.(R,R>R
R
R?(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytremove_context,s cCs
||jkS(N(R,(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt
has_context3scCs
||jkS(N(R,(RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt
match_context6scCs|jS(N(R,(R((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt
get_contexts9scCs�|j�|jjd�s8ttjd|j��nt|�}tj�}|j |�y|j
|j�Wn2tj
k
r�}ttj
d|j
���nX~~tr�|j�ndS(Ns.xmls'%s'
is missing .xml suffixsNot a valid file:
%s(R:R1RCR
R
t
INVALID_NAMERtsaxt
make_parsertsetContentHandlertparsetSAXParseExceptiont
INVALID_TYPEt
getExceptionRR;(RthandlerR3tmsg((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytread>s"
cCsHtjj|j�rey
tj|jd|j�Wqetk
ra}td|j|f��qeXntjjtj �s�tj
tj d�nt
j
|jdddd�}t
|�}|j�|jdi�|jd �xHt|j�D]7}|jd
�|jd
i|d
6�|jd �q�WxNt|j�D]=}|jd
�|jd
it|�d6�|jd �q<WxHt|j�D]7}|jd
�|jd
i|d
6�|jd �q�WxHt|j�D]7}|jd
�|jdi|d6�|jd �q�W|jd�|jd �|j�|j�~dS(Ns%s.oldsBackup
of '%s' failed: %si�tmodetwttencodingsUTF-8Rs
s
RRRRRR(tostpathtexistsR1tshutiltcopy2t ExceptiontIOErrorRt
ETC_FIREWALLDtmkdirtiotopenRt
startDocumentRtignorableWhitespaceRR*t
simpleElementR.RHR-R,t
endElementt
endDocumenttclose(RR^tfR]RR&RR((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pytwriteQsB
N(#R'R(t__doc__tIMPORT_EXPORT_STRUCTUREtDBUS_SIGNATUREtADDITIONAL_ALNUM_CHARSR2t
PARSER_REQUIRED_ELEMENT_ATTRSt
PARSER_OPTIONAL_ELEMENT_ATTRSRR4R:R;R R@RARFRGR"RIRJRKRLR#RMRNRORPR$RQRRRSRTR_Ru(((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyR)WsP
1
(txml.saxRVRcRlRftfirewallRtfirewall.core.io.io_objectRRRRtfirewall.core.loggerRtfirewall.functionsRRRR R
R
R
tfirewall.errorsR
RR)(((sG/usr/lib/python2.7/site-packages/firewall/core/io/lockdown_whitelist.pyt<module>s
".3