b%~ddlZddlmZmZddlmZddlmZddlZddl m Z ddl m Z dZ dZGd d e ZdS) N)PopenPIPE)blake2b)which) gp_pol_ext)logctd}|a|g}|t|t|tt}|\}}|j|fSdS)Nz firewall-cmd)stdoutstderr)zfirewall-cmd not found)rextendlistrr communicate returncode)argsfw_cmdcmdp stdoutdata_s ;/usr/lib/python3/dist-packages/samba/gp/gp_firewalld_ext.py firewall_cmdrsl > " "F h 4:: #d4 0 0 0  A|Z''++ct|tr |d|dzS|ddd|DdS)N= c"g|] \}}|d| S)r).0kvs r z&rule_segment_parse..*s'HHH41aAA&HHHr) isinstancestrjoinitems)name rule_segments rrule_segment_parser)%sn,$$K44.#5544 HHHH<3E3E3G3GHHH I I I IK Krc,eZdZdZdZdZdZdZdS)gp_firewalld_extcdS)NzSecurity/Firewalldr)selfs r__str__zgp_firewalld_ext.__str__-s##rctdd|zd}|dkrtjd|n,|jt |d|z|td\}}|dkrtjd||D]F}tdd|zd |z}|dkrtjd|GdS) N --permanentz --new-zone=%srzFailed to add new zonezzone:%sz--list-interfacesz!Failed to set interfaces for zone --zone=%sz--add-interface=%s) rrerrorgp_dbstorer$stripsplitdecode)r-zoneretout interfaces r apply_zonezgp_firewalld_ext.apply_zone0s =/D*@AA!D !88 I. 5 5 5 5 J  SYY D(8$ ? ? ? 344S !88 I94 @ @ @**,, E EI}kD.@3i6F6F6H6HHJJCaxx =tDDD  E Erc  |D]\}}|D]}d|vrtd|d}nd}dD]@ fd|D}|D]}|t|||z }Atgd}t|} || } t | dkr@|tt | d|t | dz }ntjdtd d |zd | d} | dkrtjd |[t|  } |jt!|d |d| |dS)Nrulezrule ) source destinationserviceportprotocolz icmp-block masqueradez icmp-typez forward-portz source-portrauditc>g|]}||Sr) startswith)rssegments rr"z0gp_firewalld_ext.apply_rules..Ks*MMM1q||G7L7LMQMMMr)acceptrejectdropmarkrzInvalid firewall rule syntaxr0r1z--add-rich-rulezFailed to add firewall rulezrule::)r&r)keysset intersectionlenrrr2rr5rencode hexdigestr3r4r$)r- rule_dictr8rulesr> rule_parsednamesr'actionssegmentsactionr9rhashrIs @r apply_ruleszgp_firewalld_ext.apply_rules@s$??,, 2 2KD% 2 2T>>"4VT&\"J"JKK")K 0LLGNMMM MMME %LL#'9$T 'K'KK LBBBCCtyy{{++ --h77v;;!###5d6ll1o6:4<<?6K$M$MMKKI<==="=+2D#4k6G6G6I6IKKKLN!88I;[IIII#K$6$6$8$899CCEEEJ$$SYYYee0L%022225 2 2 2rch|D]z\}}|j|t||vr/|t|D]\}}|dr^t dd|zd}|dkrt jd|P|jt||y|drx| d\}} }t dd| zd |d}|dkrt jd ||jt|||j ||D]/} | j r$d } |j| j d } tj| j | } || }|sk|jD]}|j| r|jd r-|t+j|jc|jdr&|jdkr||j|j 1dS)Nr8r0z--delete-zone=%srzFailed to remove zoner>rOr1z--remove-rich-rulezFailed to remove firewall rule/Software\Policies\Samba\Unix Settings\FirewalldMACHINE/Registry.polRulesZonesz **delvals.)r3set_guidr$r&rGrrr2deleter6commit file_sys_pathr'ospathr%parseentrieskeynameendswithr^jsonloadsdata valuenamer<)r-deleted_gpo_listchanged_gpo_listguidsettings attributevaluer9rr8gposectionpol_fileripol_confes rprocess_group_policyz%gp_firewalld_ext.process_group_policy_s.  ND( J   % % %4yyH$$(0T(;(A(A(C(CDD$Iu ++F33D*=+=+EGGGHJ!88I&=uEEEE J--c$iiCCCC"--f55D%.__S%9%9 4*=+:L+?HHHIK!88I&FNNNN J--c$iiCCC J      # $ $C  $O ##CH---1w||C$5x@@::d++!)44Ay++G4449--g664 ,,TZ-?-?@@@@Y//884 {l:: ( OOAF333 !!#### $ $rc`i}d}d}|jrtj|j|}||}|s|S|jD]}|j|r|jdr'$'$'$Rrr+)rh subprocessrrhashlibrshutilrrnsamba.gp.gpclassrsamba.gp.util.loggingrrr)r+rrrrs" """""""" ''''''%%%%%% , , ,KKKooooozooooor