a

��\�|�@s�dd
lZdd
l
Zdd
lZddlmZ
ddl
mZ
Gdd�d�ZGdd�de�ZGdd	�d	e�Z	Gd
d�de�Z
Gdd
�d
e�ZGdd�de�ZGdd�de�Z
Gdd�de�ZGdd�de�ZGdd�d�ZGdd�d�Zd
S)�N�
�UFWError)
�debugc@s(eZ
dZd
Zdd�Zdd�Zdd�ZdS)	�
UFWCommandz"Generic class for parser commands.cCs,||_g|_
|
|j
v
r"|j
�|
�

|
|_dS�
N)�command�types�append�type)�selfr
r�r�,/usr/lib/python3/dist-packages/ufw/parser.py�__init__.s






zUFWCommand.__init__cCs&t|
�
d
krt
��
t|
d���
}|S)N�
r
)�len�
ValueError�UFWParserResponse�lower�r�argv�
rrrr
�parse5s

zUFWCommand.parsecCstd
�
�
dS)Nz!UFWCommand.help: need to overrider)r�argsrrr
�help=s
zUFWCommand.helpN)�__name__�
__module__�__qualname__�__doc__rrrrrrr
r,s

rc@s0eZ
dZd
Zdd�Zdd�Zdd�Zee�
ZdS)	�UFWCommandRulez#Class for parsing ufw rule commandscCsd
}t�
|||
�
dS)N�rule�rr�rrr
rrr
rCs

zUFWCommandRule.__init__c 
Csld
}d
}d
}d}d}d
}d
}d
}	d
}
d}t|
�
dkrR|
d�
�dkrR|
�|
d�

t|
�
dk�
r^|
d�
�dkr�t|
�
dkr�d}|
�|
d�

d}zt|
d�
}Wnty�


|
d}Yn0|du
r�td	|�
}
|
Sn~|
d�
�d
k�
r:t|
�
dkr�t��
|
d}	|	dk�
s|	d
k�
r,td�
|	}t|�
�
|
d=|
d=n|
d�
�dk�
rVd}	|
d=|
d}|dk�
r�|dk�
r�|dk�
r�|dk�
r�t��
t|
�
}|dk�
r�t��
d}|dk�
r�|
d�
�dk�
s�|
d�
�dk�
r�|
d�
�}|dk�r8|
ddk�r8|
d�
�dk�s|
d�
�dk�r8|
d�
�}|
d=t|
�
}d}|dk�r�|
�	d�
dk�sf|
�	d�
dk�r�td�
}|
d�
�dk�r�|
d�
�dk�r�t|�
�
|dk�s�|
d�
�dk�r�t|�
�
|
d=t|
�
}d}d}|�r|dk�r|
d�
�dk�s|
d�
�dk�rd}n2|dk�r@|
d�
�dk�s<|
d�
�dk�r@d}|dk�rd|
|�
�}
|
|=t|
�
}d|
v�r~td�
}t|�
�
d|
v�r�td�
}t|�
�
d
}d|
v�r|
�
d�
}|t|
�
dk�r�td �
}t|�
�
|
|d}d!|v�r�td"�
}t|�
�
|
|d=|
|=t|
�
}|dk�s$|d#k�r*t��
|}|
d
k�rD|d$|
7}tjj
|dd|tj�|�
d%�}|�rp||_n0|	d
k�r�z|�|	�

Wnt�y�


�Yn0|dk�r�tj�|
d�
�rztj�|
d�

Wn2t�y


d&}|
d|_|�|
dd'�
Yn0|jd
k�
r�ztj�|
d�
\}}Wn.t�yV
}
zt|�
�
WYd}~n
d}~00t�d(|��s�d)|v�szd*|v�r�td+�
}t|�
�
|}z|�|�

|�|d'�
d&}Wn$t�y�


td,�
}t|�
�
Yn0�n�|dddk�r�td-�
}t|�
�
�n�d.|
v
�r8d/|
v
�r8d|
v
�r8d|
v
�r8td0�
}t|�
�
�nngd1�
}|
�	d/�
dk�s�|
�	d.�
dk�s�|
�	d2�
dk�s�|
�	d3�
dk�s�|
�	d�
dk�s�|
�	d�
dk�s�|
�	d4�
dk�s�|
�	d4�
dk�r�|
�	d2�
dk�r�td5�
}t|�
�
d}d
}|
D�]N}|ddk�r&|
||v
�r&td6�
|
|}t|�
�
|d2k�r�|d|k�rnz|�|
|d�

Wnt�yj


�Yn0ntd7�
}t|�
�
�n�|dk�s�|dk�r|d|k�rzB|dk�r�|�d|
|d�
n|dk�r�|�d|
|d�
Wnt�y�


�Yn0ntd8�
|}t|�
�
�n|d.k�r�|d|k�r�zL|
|d�
�}|dk�rVd9}d}ntj�|d:��rld;}nd<}|�|�

Wnt�y�


�Yn0d=}ntd>�
}t|�
�
�
n�|d/k�	rB|d|k�	r0zL|
|d�
�}|dk�r�d9}d}ntj�|d:��	rd;}nd<}|�|�

Wnt�	y(


�Yn0d'}ntd?�
}t|�
�
n�|d3k�	sV|d4k�
r2|d|k�
r"|d
k�	r�td@�
|}t|�
�
|
|d}|d4k�	r�|d=k�	r�||_n||_nFt�d(|��	s�d)|v�	s�d*|v�	r�td+�
}t|�
�
|d=k�	r�|}n|}z|�||�
Wnt�
y


�Yn0ntdA�
}t|�
�
|d7}�q�|dk�
rX|dk�
rXd&}nN|dk�
r�|dk�
r�||k�
r�tdB�
}t|�
�
n|dk�
r�|}n|dk�
r�|}|d
k�
s�|d
k�rd
}|d
k�
r�ztj�|�
}Wn$t�
y�


tdC�
}t|�
�
Yn0|d
k�r�|dk�s|d
k�rTztj�|�
}Wn$t�yP


tdC�
}t|�
�
Yn0nlztj�|�
}Wn$t�y�


tdC�
}t|�
�
Yn0|dk�s�||k�r�|}n|dk�r�ntdD�
}t|�
�
|jdk�r�|�|�

n,|dk�r|j|k�rtdE�
|j}t|�
�
|�r@|jtjj v�r6|d&k�r6t!dF|j�

d<}|�"|�

t|�
}
|j#|
j$dG<||
j$d<||
j$dH<|
S)IN��anyFr
r�deleterTz	delete-%d�insert��
0z-1z#Cannot insert rule at position '%s'�prepend����allow�deny�reject�limit��in�out�onzInvalid interface clause��logzlog-allzOption 'log' not allowed herez!Option 'log-all' not allowed here�commentz*Option 'comment' missing required argument�
'zComment may not contain "'"�
�
_)�	directionr4�both�dstz^\d([0-9,:]*\d+)*$�
,�
:zPort ranges must be numericzBad portzWrong number of arguments�from�tozNeed 'to' or 'from' clause)�protor=r>�port�appr/r0r?r@rAzImproper rule syntaxzInvalid token '%s'zInvalid 'proto' clausezInvalid '%s' clause�	0.0.0.0/0�
6�v6�v4�srczInvalid 'from' clausezInvalid 'to' clausezNeed 'from' or 'to' with '%s'zInvalid 'port' clausez%Mixed IP versions for 'from' and 'to'zCould not find protocolzProtocol mismatch (from/to)z,Protocol mismatch with specified protocol %sz*Adjusting iptype to 'v4' for protocol '%s'r
�iptype)%rr�remove�int�	Exceptionrrr7r�count�index�ufw�common�UFWRule�util�
hex_encode�set_position�applications�valid_profile_name�get_services_proto�dapp�set_port�parse_port_proto�re�match�set_protocol�
set_interface�
valid_address�set_src�set_dst�sapp�protocol�ipv4_only_protocolsr�verifyr
�data) rr�actionrr
Z	from_typeZto_typeZfrom_serviceZ
to_serviceZ
insert_pos�logtyperHZrule_numr�err_msg�nargsZrule_directionZ
has_interfaceZlog_idxr4Zcomment_idxZrule_actionr@r?�
e�keys�
i�loc�argZfaddrZsaddr�tmprrr
rGsj

























�



�




�*
�


*
$





"
�

�






























�



































�

��������

































































�




















�


































�

�
�





zUFWCommandRule.parsec
Cs�|j}
|j
d
ks|j
dk�
r|jd
ks2|jdk�
r|jdk�
r|jdk�
r|jdk�
r|jdk�
r|jdk�
r|jdkr�|
d|j7}
|j	dkr�|
d|j	7}
|j
dkr�d|j
vr�|
d|j
7}
q�|
d|j
7}
n&|
d|j7}
|jdkr�|
d	|j7}
|jdk�r�|
d
|�
�7}
�
n�|jdk�
r2|
d|j7}
|jdk�
rN|
d|j7}
n|jdk�
rh|
d|j7}
|j	dk�
r�|
d|j	7}
d
D]�}|dk�
r�|j}|j}|j}d}n|j
}|j}|j
}d}|d
k�
s�|dk�
r�d}|dk�
s�|dk�
s�|dk�
r�|
d||f7}
|dk�r8d|v�r*|
d|7}
n|
d|7}
n|dk�
r�|
d|7}
�
q�d|
v
�r�d|
v
�r�|jdk�r�|jdk�r�|
d7}
|jdk�r�|j
dk�r�|jdk�r�|
d|j7}
|jdk�r�|
d
|�
�7}
|
S)zGet command string for rulerBz::/0r#r"r0z %s�
 z '%s'z/%sz
 comment '%s'z	 in on %sz
 out on %s)rFr:rFr=r>z %s %sz	 app '%s'z app %sz port %sz to z from z to anyz	 proto %s)rer:rF�sportr`�interface_in�
interface_out�dportr8rfrVrar4�get_comment)r�resrkrlr@rA�dirrrr
�get_command�
s�
�
������









































�
�$

zUFWCommandRule.get_commandN)rrrrrrrw�staticmethodrrrr
rAs

Mrc@s eZ
dZd
Zdd�Zdd�ZdS)�UFWCommandRouteRulez)Class for parsing ufw route rule commandscCst�
||
�
d
|_dS)N�route)rrr
)rrrrr
rs

zUFWCommandRouteRule.__init__c	Cs|
|
d
dksJ�
d|
vrj|
�d�
}d}t
|
�
|krjz$t|
|d�

td�
}t|�
�
Wntyh


Yn0d}d}d}d�|
�
}d|vr�d	|vr�d
}|
�d�
|
�d
�
kr�d}|
|
�|�
d}|
d
|
�|�
�|
|
�|�
d
d�}nFt�d|��
s*t�d|��
s*d|v�
sd|v�
r*td�
}t|�
�
n|
}d|d
<t	�
||�}d|jv�
rxd|jd_|�
rx|�
rx|jd�
||�
|S)Nr
rzr$r"rz9'route delete NUM' unsupported. Use 'delete NUM' instead.roz in on z out on r0r/r.r2z
 (in|out) on z app (in|out) z in z out z'Invalid interface clause for route rulerT)rLrrIr7rr�joinrY�searchrrrd�forwardr\)	rr�idxrgZ	rule_argvZ	interface�strip�
srrrr
rsL
















*


���






zUFWCommandRouteRule.parseN�rrrrrrrrrr
rys

ryc@s eZ
dZd
Zdd�Zdd�ZdS)�
UFWCommandAppz*Class for parsing ufw application commandscCsd
}t�
|||
�
dS)NrAr r!rrr
rZs

zUFWCommandApp.__init__cCsP
d
}d
}d}|
ddkrt��
|
d=t
|
�
}|
d��}|dksH|dkr�|dkrr|
dd	krrd
}|
�d	�

t
|
�
}|dkr�t��
t|
d�
�d�
}|r�|d
7}|dkr�|dkr�t��
|dk�
r.|dkr�t��
|
d��dkr�d}nL|
d��dkr�d}n6|
d��dk�
rd}n|
d��dk�
r(d}nt��
t|�
}|j|jd<||jd<|S)zParse applications command.r"Fr
rA�info�updater2rz	--add-newTr.z[']z	-with-new�list�defaultr*�
default-allowr+�default-denyr,�default-reject�skipzdefault-skipr
�name)	rrrrH�strrrr
rd)rrr�reZaddnewrhrrrr
r^sH


























zUFWCommandApp.parseNr�rrrr
r�Xs

r�c@s eZ
dZd
Zdd�Zdd�ZdS)�UFWCommandBasicz$Class for parsing ufw basic commandscCsd
}t�
|||
�
dS)NZbasicr r!rrr
r�s

zUFWCommandBasic.__init__cCst|
�
d
krt
��
t�||
�S)Nr)rrrr)rrrrr
r�s


zUFWCommandBasic.parseNr�rrrr
r��s

r�c@s eZ
dZd
Zdd�Zdd�ZdS)�UFWCommandDefaultz&Class for parsing ufw default commandscCsd
}t�
|||
�
dS)Nr�r r!rrr
r�s

zUFWCommandDefault.__init__cCsP
t|
�
d
krt
��
d}d}t|
�
d
kr�|
d
��dkr�|
d
��dkr�|
d
��dkr�|
d
��dkr�|
d
��dkr�|
d
��dkr�t
��
|
d
���d	�
r�d}nJ|
d
���d
�
r�d}n2|
d
��dks�|
d
��dkr�d}n|
d
��}|
d��dk�
rd
}n6|
d��dk�
rd}n|
d��dk�
r6d}nt
��
|d|7}t|�
S)Nr.r"�incoming�input�routedr}�output�outgoingr/r0rr+r�r*r�r,r�z-%s)rrr�
startswithr)rrrer8rrr
r�sB




�����




 





zUFWCommandDefault.parseNr�rrrr
r��s

r�c@s eZ
dZd
Zdd�Zdd�ZdS)�UFWCommandLoggingz&Class for parsing ufw logging commandscCsd
}t�
|||
�
dS)N�loggingr r!rrr
r�s

zUFWCommandLogging.__init__cCs�d
}t|
�
dkrt
��
n�|
d��dkr.d}n�|
d��dks~|
d��dks~|
d��dks~|
d��d	ks~|
d��d
kr�d}|
d��dkr�|d|
d��7}nt
��
t|�
S)
Nr"r.r�offzlogging-offr1�low�medium�high�fullz
logging-onr7�rrrr�rrrerrr
r�s"





 
�
��

zUFWCommandLogging.parseNr�rrrr
r��s

r�c@s eZ
dZd
Zdd�Zdd�ZdS)�UFWCommandStatusz%Class for parsing ufw status commandscCsd
}t�
|||
�
dS)N�statusr r!rrr
r�s

zUFWCommandStatus.__init__cCsft�
||
�}t|
�
d
kr d|_nBt|
�
d
krb|
d
��dkrDd|_n|
d
��dkr\d|_nt��
|S)Nrr��verbosezstatus-verbose�numberedzstatus-numbered)rrrrerrrrrr
r�s








zUFWCommandStatus.parseNr�rrrr
r��s

r�c@s eZ
dZd
Zdd�Zdd�ZdS)�UFWCommandShowz#Class for parsing ufw show commandscCsd
}t�
|||
�
dS)N�showr r!rrr
r�s

zUFWCommandShow.__init__cCs�d
}t|
�
dkrt
��
n�|
d��dkr.d}n�|
d��dkrDd}n�|
d��dkrZd}nt|
d��d	krpd
}n^|
d��dkr�d}nH|
d��d
kr�d}n2|
d��dkr�d}n|
d��dkr�d}nt
��
t|�
S)Nr"r�rawzshow-rawzbefore-ruleszshow-beforez
user-rulesz	show-userzafter-rulesz
show-afterz
logging-ruleszshow-logging�builtinsz
show-builtins�	listeningzshow-listening�addedz
show-addedr�r�rrr
r�s*


















zUFWCommandShow.parseNr�rrrr
r��s

r�c@s eZ
dZd
Zdd�Zdd�ZdS)rzClass for ufw parser responsecCs |
��|_
d
|_d
|_i|_dS)NF)rre�dryrun�forcerd)rrerrr
rs




zUFWParserResponse.__init__c
CsPd
|j}
t
|j���
}|��
|D]}|
d||j|f7}
q$|
d7}
t|
�
S)Nzaction='%s'z,%s='%s'�

)rer�rdrj�sort�repr)rr�rjrkrrr
�__str__!s






zUFWParserResponse.__str__N)rrrrrr�rrrr
rs

rc@s0eZ
dZd
Zdd�Zdd�Zdd�Zdd	�Zd
S)�	UFWParserzClass for ufw parserc

Cs
i|_dSr)
�commands)
rrrr
r.s
zUFWParser.__init__cCsD|
��t
|j���
v
rt��
|��t
|j|
���
v
r<t��
|��S)
z=Return command if it is allowed, otherwise raise an exception)rr�r�rjr)rr
�cmdrrr
�allowed_command1s


zUFWParser.allowed_commandc
Csz
d
}t|
�
dkr2|
d�
�dkr2d}|
�|
d�

d
}t|
�
dkrt|
d�
�dksb|
d�
�dkrtd}|
�|
d�

d}d}|
d�
�}t|
�
dkr�|t|j���
vr�|
d�
�t|j|���
vr�|}|
d�
�}np|}t|j���
D]N}||j|vr�t|j||t��
r,t|j||d	�d
k�
r,q�|}
�
q8q�|dk�
rFd
}|�	||�}|j||}|�
|
�
}	||	_||	_|	S)z(Parse command. Returns a UFWParserActionFr
z	--dry-runTz--forcez-fr"rr
r)
rrrHr�r�rj�
isinstancer�getattrr�rr�r�)
rrr�r�r�r
rnrkreZresponserrr
�
parse_command;sF




�



�



�








zUFWParser.parse_commandcCsz|
jd
us|
jdkr d|
j
}n
d|
j}|
j
|jv
rBi|j|
j
<||j|
j
vrftd�
|}t|�
�
|
|j|
j
|<d
S)z"Register a command with the parserNr"z%szCommand '%s' already exists)rr
r�r7r)r�
c�keyrgrrr
�register_commandis





zUFWParser.register_commandN)rrrrrr�r�r�rrrr
r�,s



.r�)rY�ufw.utilrM�ufw.applications�
ufw.commonrrrrryr�r�r�r�r�r�rr�rrrr
�<module>%s$



YA;.