| Server IP : 127.0.0.2 / Your IP : 18.118.253.134 Web Server : Apache/2.4.18 (Ubuntu) System : User : www-data ( ) PHP Version : 7.0.33-0ubuntu0.16.04.16 Disable Function : disk_free_space,disk_total_space,diskfreespace,dl,exec,fpaththru,getmyuid,getmypid,highlight_file,ignore_user_abord,leak,listen,link,opcache_get_configuration,opcache_get_status,passthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,php_uname,phpinfo,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,pclose,popen,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,shell_exec,source,show_source,system,virtual MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/lib/python3/dist-packages/ufw/ |
Upload File : |
'''applications.py: common classes for ufw'''
#
# Copyright 2008-2012 Canonical Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3,
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import os
import re
import stat
import ufw.util
from ufw.util import debug, warn
from ufw.common import UFWError
import sys
if sys.version_info[0] < 3: # pragma: no cover
import ConfigParser
else: # pragma: no cover
import configparser
def get_profiles(profiles_dir):
'''Get profiles found in profiles database. Returns dictionary with
profile name as key and tuples for fields
'''
if not os.path.isdir(profiles_dir):
err_msg = _("Profiles directory does not exist")
raise UFWError(err_msg)
max_size = 10 * 1024 * 1024 # 10MB
profiles = {}
files = os.listdir(profiles_dir)
files.sort()
total_size = 0
pat = re.compile(r'^\.')
for f in files:
abs_path = profiles_dir + "/" + f
if not os.path.isfile(abs_path):
continue
if pat.search(f):
debug("Skipping '%s': hidden file" % (f))
continue
if f.endswith('.dpkg-new') or f.endswith('.dpkg-old') or \
f.endswith('.dpkg-dist') or f.endswith('.rpmnew') or \
f.endswith('.rpmsave') or f.endswith('~'):
debug("Skipping '%s'" % (f))
continue
# Try to gracefully handle huge files for the user (no security
# benefit, just usability)
size = 0
try:
size = os.stat(abs_path)[stat.ST_SIZE]
except Exception:
warn_msg = _("Skipping '%s': couldn't stat") % (f)
warn(warn_msg)
continue
if size > max_size:
warn_msg = _("Skipping '%s': too big") % (f)
warn(warn_msg)
continue
if total_size + size > max_size:
warn_msg = _("Skipping '%s': too many files read already") % (f)
warn(warn_msg)
continue
total_size += size
if sys.version_info[0] < 3: # pragma: no cover
cdict = ConfigParser.RawConfigParser()
else: # pragma: no cover
cdict = configparser.RawConfigParser()
try:
cdict.read(abs_path)
except Exception:
warn_msg = _("Skipping '%s': couldn't process") % (f)
warn(warn_msg)
continue
# If multiple occurences of profile name, use the last one
for p in cdict.sections():
if len(p) > 64:
warn_msg = _("Skipping '%s': name too long") % (p)
warn(warn_msg)
continue
if not valid_profile_name(p):
warn_msg = _("Skipping '%s': invalid name") % (p)
warn(warn_msg)
continue
try:
ufw.util.get_services_proto(p)
warn_msg = _("Skipping '%s': also in /etc/services") % (p)
warn(warn_msg)
continue
except Exception:
pass
skip = False
for key, value in cdict.items(p):
if len(key) > 64:
warn_msg = _("Skipping '%s': field too long") % (p)
warn(warn_msg)
skip = True
break
if len(value) > 1024:
warn_msg = _("Skipping '%(value)s': value too long for " \
"'%(field)s'") % \
({'value': p, 'field': key})
warn(warn_msg)
skip = True
break
if skip:
continue
if p in profiles:
warn_msg = _("Duplicate profile '%s', using last found") % (p)
warn(warn_msg)
pdict = {}
for key, value in cdict.items(p):
#debug("add '%s' = '%s' to '%s'" % (key, value, p))
pdict[key] = value
try:
verify_profile(p, pdict)
profiles[p] = pdict
except UFWError as e:
warn(e)
return profiles
def valid_profile_name(name):
'''Only accept a limited set of characters for name'''
# Reserved profile name
if name == "all":
return False
# Don't allow integers (ports)
try:
int(name)
return False
except:
pass
# Require first character be alpha, so we can avoid collisions with port
# numbers.
if re.match(r'^[a-zA-Z0-9][a-zA-Z0-9 _\-\.+]*$', name):
return True
return False
def verify_profile(name, profile):
'''Make sure profile has everything needed'''
app_fields = ['title', 'description', 'ports']
for f in app_fields:
if f not in profile:
err_msg = _("Profile '%(fn)s' missing required field '%(f)s'") % \
({'fn': name, 'f': f})
raise UFWError(err_msg)
elif not profile[f]:
err_msg = _("Profile '%(fn)s' has empty required field '%(f)s'") \
% ({'fn': name, 'f': f})
raise UFWError(err_msg)
ports = profile['ports'].split('|')
try:
for p in ports:
(port, proto) = ufw.util.parse_port_proto(p)
# quick checks if error in profile
if proto == "any" and (':' in port or ',' in port):
raise UFWError(err_msg)
rule = ufw.common.UFWRule("ACCEPT", proto, port)
debug(rule)
except Exception as e:
debug(e)
err_msg = _("Invalid ports in profile '%s'") % (name)
raise UFWError(err_msg)
return True
def get_title(profile):
'''Retrieve the title from the profile'''
s = ""
field = 'title'
if field in profile and profile[field]:
s = profile[field]
return s
def get_description(profile):
'''Retrieve the description from the profile'''
s = ""
field = 'description'
if field in profile and profile[field]:
s = profile[field]
return s
def get_ports(profile):
'''Retrieve a list of ports from a profile'''
ports = []
field = 'ports'
if field in profile and profile[field]:
ports = profile[field].split('|')
return ports