diff options
Diffstat (limited to 'scripts/lib/mic/3rdparty/pykickstart/commands/firewall.py')
-rw-r--r-- | scripts/lib/mic/3rdparty/pykickstart/commands/firewall.py | 193 |
1 files changed, 193 insertions, 0 deletions
diff --git a/scripts/lib/mic/3rdparty/pykickstart/commands/firewall.py b/scripts/lib/mic/3rdparty/pykickstart/commands/firewall.py new file mode 100644 index 0000000000..24a01bd610 --- /dev/null +++ b/scripts/lib/mic/3rdparty/pykickstart/commands/firewall.py @@ -0,0 +1,193 @@ +# +# Chris Lumens <clumens@redhat.com> +# +# Copyright 2005, 2006, 2007 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing to use, modify, +# copy, or redistribute it subject to the terms and conditions of the GNU +# General Public License v.2. This program is distributed in the hope that it +# will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the +# implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 51 +# Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Any Red Hat +# trademarks that are incorporated in the source code or documentation are not +# subject to the GNU General Public License and may only be used or replicated +# with the express permission of Red Hat, Inc. +# +from pykickstart.base import * +from pykickstart.errors import * +from pykickstart.options import * + +import gettext +_ = lambda x: gettext.ldgettext("pykickstart", x) + +class FC3_Firewall(KickstartCommand): + removedKeywords = KickstartCommand.removedKeywords + removedAttrs = KickstartCommand.removedAttrs + + def __init__(self, writePriority=0, *args, **kwargs): + KickstartCommand.__init__(self, writePriority, *args, **kwargs) + self.op = self._getParser() + + self.enabled = kwargs.get("enabled", None) + self.ports = kwargs.get("ports", []) + self.trusts = kwargs.get("trusts", []) + + def __str__(self): + extra = [] + filteredPorts = [] + + retval = KickstartCommand.__str__(self) + + if self.enabled is None: + return retval + + if self.enabled: + # It's possible we have words in the ports list instead of + # port:proto (s-c-kickstart may do this). So, filter those + # out into their own list leaving what we expect. + for port in self.ports: + if port == "ssh": + extra.append(" --ssh") + elif port == "telnet": + extra.append(" --telnet") + elif port == "smtp": + extra.append(" --smtp") + elif port == "http": + extra.append(" --http") + elif port == "ftp": + extra.append(" --ftp") + else: + filteredPorts.append(port) + + # All the port:proto strings go into a comma-separated list. + portstr = ",".join(filteredPorts) + if len(portstr) > 0: + portstr = " --port=" + portstr + else: + portstr = "" + + extrastr = "".join(extra) + truststr = ",".join(self.trusts) + + if len(truststr) > 0: + truststr = " --trust=" + truststr + + # The output port list consists only of port:proto for + # everything that we don't recognize, and special options for + # those that we do. + retval += "# Firewall configuration\nfirewall --enabled%s%s%s\n" % (extrastr, portstr, truststr) + else: + retval += "# Firewall configuration\nfirewall --disabled\n" + + return retval + + def _getParser(self): + def firewall_port_cb (option, opt_str, value, parser): + for p in value.split(","): + p = p.strip() + if p.find(":") == -1: + p = "%s:tcp" % p + parser.values.ensure_value(option.dest, []).append(p) + + op = KSOptionParser(mapping={"ssh":["22:tcp"], "telnet":["23:tcp"], + "smtp":["25:tcp"], "http":["80:tcp", "443:tcp"], + "ftp":["21:tcp"]}) + + op.add_option("--disable", "--disabled", dest="enabled", + action="store_false") + op.add_option("--enable", "--enabled", dest="enabled", + action="store_true", default=True) + op.add_option("--ftp", "--http", "--smtp", "--ssh", "--telnet", + dest="ports", action="map_extend") + op.add_option("--high", deprecated=1) + op.add_option("--medium", deprecated=1) + op.add_option("--port", dest="ports", action="callback", + callback=firewall_port_cb, nargs=1, type="string") + op.add_option("--trust", dest="trusts", action="append") + return op + + def parse(self, args): + (opts, extra) = self.op.parse_args(args=args, lineno=self.lineno) + + if len(extra) != 0: + mapping = {"command": "firewall", "options": extra} + raise KickstartValueError, formatErrorMsg(self.lineno, msg=_("Unexpected arguments to %(command)s command: %(options)s") % mapping) + + self._setToSelf(self.op, opts) + return self + +class F9_Firewall(FC3_Firewall): + removedKeywords = FC3_Firewall.removedKeywords + removedAttrs = FC3_Firewall.removedAttrs + + def _getParser(self): + op = FC3_Firewall._getParser(self) + op.remove_option("--high") + op.remove_option("--medium") + return op + +class F10_Firewall(F9_Firewall): + removedKeywords = F9_Firewall.removedKeywords + removedAttrs = F9_Firewall.removedAttrs + + def __init__(self, writePriority=0, *args, **kwargs): + F9_Firewall.__init__(self, writePriority, *args, **kwargs) + self.services = kwargs.get("services", []) + + def __str__(self): + if self.enabled is None: + return "" + + retval = F9_Firewall.__str__(self) + if self.enabled: + retval = retval.strip() + + svcstr = ",".join(self.services) + if len(svcstr) > 0: + svcstr = " --service=" + svcstr + else: + svcstr = "" + + return retval + "%s\n" % svcstr + else: + return retval + + def _getParser(self): + def service_cb (option, opt_str, value, parser): + # python2.4 does not support action="append_const" that we were + # using for these options. Instead, we have to fake it by + # appending whatever the option string is to the service list. + if not value: + parser.values.ensure_value(option.dest, []).append(opt_str[2:]) + return + + for p in value.split(","): + p = p.strip() + parser.values.ensure_value(option.dest, []).append(p) + + op = F9_Firewall._getParser(self) + op.add_option("--service", dest="services", action="callback", + callback=service_cb, nargs=1, type="string") + op.add_option("--ftp", dest="services", action="callback", + callback=service_cb) + op.add_option("--http", dest="services", action="callback", + callback=service_cb) + op.add_option("--smtp", dest="services", action="callback", + callback=service_cb) + op.add_option("--ssh", dest="services", action="callback", + callback=service_cb) + op.add_option("--telnet", deprecated=1) + return op + +class F14_Firewall(F10_Firewall): + removedKeywords = F10_Firewall.removedKeywords + ["telnet"] + removedAttrs = F10_Firewall.removedAttrs + ["telnet"] + + def _getParser(self): + op = F10_Firewall._getParser(self) + op.remove_option("--telnet") + return op |