IdvddlZddlmZmZddlmZddlmZddlZddl m Z ddl m Z dZ dZGd d e Zy) N)PopenPIPE)blake2b)which) gp_pol_ext)logctd}|T|g}|jt|t|tt}|j \}}|j |fSy)Nz firewall-cmd)stdoutstderr)zfirewall-cmd not found)rextendlistrr communicate returncode)argsfw_cmdcmdp stdoutdata_s ;/usr/lib/python3/dist-packages/samba/gp/gp_firewalld_ext.py firewall_cmdrsX > "F h 4: #d4 0  A||Z''+c t|tr |d|dzS|ddj|jDcgc] \}}|d|c}}dScc}}w)N= ) isinstancestrjoinitems)name rule_segmentkvs rrule_segment_parser%%sW,$.#55 HH<3E3E3GH41aA&H IK KHsAc*eZdZdZdZdZdZdZy)gp_firewalld_extcy)NzSecurity/Firewalld)selfs r__str__zgp_firewalld_ext.__str__-s#rctdd|zd}|dk7rtjd|n)|jj t |d|z|td\}}|dk7rtjd||j jD]?}tdd|zd |jz}|dk7s*tjd|Ay) N --permanentz --new-zone=%srzFailed to add new zonezzone:%sz--list-interfacesz!Failed to set interfaces for zone --zone=%sz--add-interface=%s) rrerrorgp_dbstorerstripsplitdecode)r*zoneretout interfaces r apply_zonezgp_firewalld_ext.apply_zone0s=/D*@A!D !8 II. 5 JJ  SY D(8$ ? 34S !8 II94 @**, EI}kD.@3i6F6F6HHJCax =tD  Erc L|jD]\}}|D]}d|vrtd|d}nd}dD]J}|jDcgc]}|j|s|}}|D]} |t| || z }Lt gd} t |j} | j | } t | dk(r+|tt| d|t| dz }ntjdtdd |zd |jd} | dk7rtjd |-t|jj}|jj!t#|d |d ||ycc}w)Nrulezrule ) source destinationserviceportprotocolz icmp-block masqueradez icmp-typez forward-portz source-portraudit)acceptrejectdropmarkrzInvalid firewall rule syntaxr-r.z--add-rich-rulezFailed to add firewall rulezrule::)r r%keys startswithset intersectionlenrrr/rr2rencode hexdigestr0r1r)r* rule_dictr5rulesr; rule_parsedsegmentsnamesr!actionssegmentsactionr6rhashs r apply_ruleszgp_firewalld_ext.apply_rules@s$??, 2KD% 2T>"4VT&\"JK")K 0LG)- M1q||G7LQMEM %L#'9$T 'KK L LBCtyy{+ --h7v;!##5d6l1o6:4<?6K$MMKII<="=+2D#4k6G6G6IKKLN!8II;[I#K$6$6$89CCEEJJ$$SYe0L%025 2 2Ns F! "F! cV|D]N\}}|jj|t||vr|t|jD]\}}|j drTt dd|zd}|dk7rt jd|E|jjt||k|j ds}|jd\}} }t dd| zd |d}|dk7rt jd ||jjt|||jjQ|D]O} | jsd } |jj| jd } tjj| j| } |j!| }|sx|j"D]}|j$j | s|j$j'd r/|j)t+j,|j.i|j$j'ds|j0dk(r|j3|j.|jjRy)Nr5r-z--delete-zone=%srzFailed to remove zoner;rHr.z--remove-rich-rulezFailed to remove firewall rule/Software\Policies\Samba\Unix Settings\FirewalldMACHINE/Registry.polRulesZones **delvals.)r0set_guidrr rJrrr/deleter3commit file_sys_pathr!ospathrparseentrieskeynameendswithrZjsonloadsdata valuenamer9)r*deleted_gpo_listchanged_gpo_listguidsettings attributevaluer6rr5gposectionpol_filerfpol_confes rprocess_group_policyz%gp_firewalld_ext.process_group_policy_s8. ND( JJ   %4yH$(0T(;(A(A(CD$Iu ++F3*=+=+EGGHJ!8II&=uE JJ--c$iC"--f5%.__S%9 4*=+:L+?HHIK!8II&FN JJ--c$iCD JJ   ' *$ $C  O ##CHH-1ww||C$5$5x@::d+!))4Ayy++G499--g6 ,,TZZ-?@YY//8 {{l: ( OOAFF34 !!## $rci}d}d}|jr1tjj|j|}|j |}|s|S|j D]}|j j|s|j jdrF|jdk(rJd|jvrg|d<|dj|j|j jdsd|jvrg|d<|djtj|j|S)Nr]r\r_r`r^)rdrerfrrgrhrirJrjrnrIappendrmrkrl)r*ruoutputrwrvrfrxrys rrsopzgp_firewalld_ext.rsops)G   77<< 1 18'$Rrr')re subprocessrrhashlibrshutilrrksamba.gp.gpclassrsamba.gp.util.loggingrrr%r'r)rrrs5" " '% ,Kqzqr