sysmo-bts
/
generic-poky
9
0
Fork 0
Code Pull Requests Releases Activity
generic-poky/scripts/lib/mic/3rdparty/pykickstart/commands/firewall.py

194 lines
7.3 KiB
Python
Raw Blame History

#
# Chris Lumens <clumens@redhat.com>
#
# Copyright 2005, 2006, 2007 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing to use, modify,
# copy, or redistribute it subject to the terms and conditions of the GNU
# General Public License v.2. This program is distributed in the hope that it
# will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the
# implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Software Foundation, Inc., 51
# Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Any Red Hat
# trademarks that are incorporated in the source code or documentation are not
# subject to the GNU General Public License and may only be used or replicated
# with the express permission of Red Hat, Inc.
#
from pykickstart.base import *
from pykickstart.errors import *
from pykickstart.options import *
import gettext
_ = lambda x: gettext.ldgettext("pykickstart", x)
class FC3_Firewall(KickstartCommand):
removedKeywords = KickstartCommand.removedKeywords
removedAttrs = KickstartCommand.removedAttrs
def __init__(self, writePriority=0, *args, **kwargs):
KickstartCommand.__init__(self, writePriority, *args, **kwargs)
self.op = self._getParser()
self.enabled = kwargs.get("enabled", None)
self.ports = kwargs.get("ports", [])
self.trusts = kwargs.get("trusts", [])
def __str__(self):
extra = []
filteredPorts = []
retval = KickstartCommand.__str__(self)
if self.enabled is None:
return retval
if self.enabled:
# It's possible we have words in the ports list instead of
# port:proto (s-c-kickstart may do this). So, filter those
# out into their own list leaving what we expect.
for port in self.ports:
if port == "ssh":
extra.append(" --ssh")
elif port == "telnet":
extra.append(" --telnet")
elif port == "smtp":
extra.append(" --smtp")
elif port == "http":
extra.append(" --http")
elif port == "ftp":
extra.append(" --ftp")
else:
filteredPorts.append(port)
# All the port:proto strings go into a comma-separated list.
portstr = ",".join(filteredPorts)
if len(portstr) > 0:
portstr = " --port=" + portstr
else:
portstr = ""
extrastr = "".join(extra)
truststr = ",".join(self.trusts)
if len(truststr) > 0:
truststr = " --trust=" + truststr
# The output port list consists only of port:proto for
# everything that we don't recognize, and special options for
# those that we do.
retval += "# Firewall configuration\nfirewall --enabled%s%s%s\n" % (extrastr, portstr, truststr)
else:
retval += "# Firewall configuration\nfirewall --disabled\n"
return retval
def _getParser(self):
def firewall_port_cb (option, opt_str, value, parser):
for p in value.split(","):
p = p.strip()
if p.find(":") == -1:
p = "%s:tcp" % p
parser.values.ensure_value(option.dest, []).append(p)
op = KSOptionParser(mapping={"ssh":["22:tcp"], "telnet":["23:tcp"],
"smtp":["25:tcp"], "http":["80:tcp", "443:tcp"],
"ftp":["21:tcp"]})
op.add_option("--disable", "--disabled", dest="enabled",
action="store_false")
op.add_option("--enable", "--enabled", dest="enabled",
action="store_true", default=True)
op.add_option("--ftp", "--http", "--smtp", "--ssh", "--telnet",
dest="ports", action="map_extend")
op.add_option("--high", deprecated=1)
op.add_option("--medium", deprecated=1)
op.add_option("--port", dest="ports", action="callback",
callback=firewall_port_cb, nargs=1, type="string")
op.add_option("--trust", dest="trusts", action="append")
return op
def parse(self, args):
(opts, extra) = self.op.parse_args(args=args, lineno=self.lineno)
if len(extra) != 0:
mapping = {"command": "firewall", "options": extra}
raise KickstartValueError, formatErrorMsg(self.lineno, msg=_("Unexpected arguments to %(command)s command: %(options)s") % mapping)
self._setToSelf(self.op, opts)
return self
class F9_Firewall(FC3_Firewall):
removedKeywords = FC3_Firewall.removedKeywords
removedAttrs = FC3_Firewall.removedAttrs
def _getParser(self):
op = FC3_Firewall._getParser(self)
op.remove_option("--high")
op.remove_option("--medium")
return op
class F10_Firewall(F9_Firewall):
removedKeywords = F9_Firewall.removedKeywords
removedAttrs = F9_Firewall.removedAttrs
def __init__(self, writePriority=0, *args, **kwargs):
F9_Firewall.__init__(self, writePriority, *args, **kwargs)
self.services = kwargs.get("services", [])
def __str__(self):
if self.enabled is None:
return ""
retval = F9_Firewall.__str__(self)
if self.enabled:
retval = retval.strip()
svcstr = ",".join(self.services)
if len(svcstr) > 0:
svcstr = " --service=" + svcstr
else:
svcstr = ""
return retval + "%s\n" % svcstr
else:
return retval
def _getParser(self):
def service_cb (option, opt_str, value, parser):
# python2.4 does not support action="append_const" that we were
# using for these options. Instead, we have to fake it by
# appending whatever the option string is to the service list.
if not value:
parser.values.ensure_value(option.dest, []).append(opt_str[2:])
return
for p in value.split(","):
p = p.strip()
parser.values.ensure_value(option.dest, []).append(p)
op = F9_Firewall._getParser(self)
op.add_option("--service", dest="services", action="callback",
callback=service_cb, nargs=1, type="string")
op.add_option("--ftp", dest="services", action="callback",
callback=service_cb)
op.add_option("--http", dest="services", action="callback",
callback=service_cb)
op.add_option("--smtp", dest="services", action="callback",
callback=service_cb)
op.add_option("--ssh", dest="services", action="callback",
callback=service_cb)
op.add_option("--telnet", deprecated=1)
return op
class F14_Firewall(F10_Firewall):
removedKeywords = F10_Firewall.removedKeywords + ["telnet"]
removedAttrs = F10_Firewall.removedAttrs + ["telnet"]
def _getParser(self):
op = F10_Firewall._getParser(self)
op.remove_option("--telnet")
return op
View Git Blame Copy Permalink