# # Chris Lumens # # Copyright 2005, 2006, 2007 Red Hat, Inc. # # This copyrighted material is made available to anyone wishing to use, modify, # copy, or redistribute it subject to the terms and conditions of the GNU # General Public License v.2. This program is distributed in the hope that it # will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the # implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along with # this program; if not, write to the Free Software Foundation, Inc., 51 # Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Any Red Hat # trademarks that are incorporated in the source code or documentation are not # subject to the GNU General Public License and may only be used or replicated # with the express permission of Red Hat, Inc. # from pykickstart.base import * from pykickstart.errors import * from pykickstart.options import * import gettext _ = lambda x: gettext.ldgettext("pykickstart", x) class FC3_Firewall(KickstartCommand): removedKeywords = KickstartCommand.removedKeywords removedAttrs = KickstartCommand.removedAttrs def __init__(self, writePriority=0, *args, **kwargs): KickstartCommand.__init__(self, writePriority, *args, **kwargs) self.op = self._getParser() self.enabled = kwargs.get("enabled", None) self.ports = kwargs.get("ports", []) self.trusts = kwargs.get("trusts", []) def __str__(self): extra = [] filteredPorts = [] retval = KickstartCommand.__str__(self) if self.enabled is None: return retval if self.enabled: # It's possible we have words in the ports list instead of # port:proto (s-c-kickstart may do this). So, filter those # out into their own list leaving what we expect. for port in self.ports: if port == "ssh": extra.append(" --ssh") elif port == "telnet": extra.append(" --telnet") elif port == "smtp": extra.append(" --smtp") elif port == "http": extra.append(" --http") elif port == "ftp": extra.append(" --ftp") else: filteredPorts.append(port) # All the port:proto strings go into a comma-separated list. portstr = ",".join(filteredPorts) if len(portstr) > 0: portstr = " --port=" + portstr else: portstr = "" extrastr = "".join(extra) truststr = ",".join(self.trusts) if len(truststr) > 0: truststr = " --trust=" + truststr # The output port list consists only of port:proto for # everything that we don't recognize, and special options for # those that we do. retval += "# Firewall configuration\nfirewall --enabled%s%s%s\n" % (extrastr, portstr, truststr) else: retval += "# Firewall configuration\nfirewall --disabled\n" return retval def _getParser(self): def firewall_port_cb (option, opt_str, value, parser): for p in value.split(","): p = p.strip() if p.find(":") == -1: p = "%s:tcp" % p parser.values.ensure_value(option.dest, []).append(p) op = KSOptionParser(mapping={"ssh":["22:tcp"], "telnet":["23:tcp"], "smtp":["25:tcp"], "http":["80:tcp", "443:tcp"], "ftp":["21:tcp"]}) op.add_option("--disable", "--disabled", dest="enabled", action="store_false") op.add_option("--enable", "--enabled", dest="enabled", action="store_true", default=True) op.add_option("--ftp", "--http", "--smtp", "--ssh", "--telnet", dest="ports", action="map_extend") op.add_option("--high", deprecated=1) op.add_option("--medium", deprecated=1) op.add_option("--port", dest="ports", action="callback", callback=firewall_port_cb, nargs=1, type="string") op.add_option("--trust", dest="trusts", action="append") return op def parse(self, args): (opts, extra) = self.op.parse_args(args=args, lineno=self.lineno) if len(extra) != 0: mapping = {"command": "firewall", "options": extra} raise KickstartValueError, formatErrorMsg(self.lineno, msg=_("Unexpected arguments to %(command)s command: %(options)s") % mapping) self._setToSelf(self.op, opts) return self class F9_Firewall(FC3_Firewall): removedKeywords = FC3_Firewall.removedKeywords removedAttrs = FC3_Firewall.removedAttrs def _getParser(self): op = FC3_Firewall._getParser(self) op.remove_option("--high") op.remove_option("--medium") return op class F10_Firewall(F9_Firewall): removedKeywords = F9_Firewall.removedKeywords removedAttrs = F9_Firewall.removedAttrs def __init__(self, writePriority=0, *args, **kwargs): F9_Firewall.__init__(self, writePriority, *args, **kwargs) self.services = kwargs.get("services", []) def __str__(self): if self.enabled is None: return "" retval = F9_Firewall.__str__(self) if self.enabled: retval = retval.strip() svcstr = ",".join(self.services) if len(svcstr) > 0: svcstr = " --service=" + svcstr else: svcstr = "" return retval + "%s\n" % svcstr else: return retval def _getParser(self): def service_cb (option, opt_str, value, parser): # python2.4 does not support action="append_const" that we were # using for these options. Instead, we have to fake it by # appending whatever the option string is to the service list. if not value: parser.values.ensure_value(option.dest, []).append(opt_str[2:]) return for p in value.split(","): p = p.strip() parser.values.ensure_value(option.dest, []).append(p) op = F9_Firewall._getParser(self) op.add_option("--service", dest="services", action="callback", callback=service_cb, nargs=1, type="string") op.add_option("--ftp", dest="services", action="callback", callback=service_cb) op.add_option("--http", dest="services", action="callback", callback=service_cb) op.add_option("--smtp", dest="services", action="callback", callback=service_cb) op.add_option("--ssh", dest="services", action="callback", callback=service_cb) op.add_option("--telnet", deprecated=1) return op class F14_Firewall(F10_Firewall): removedKeywords = F10_Firewall.removedKeywords + ["telnet"] removedAttrs = F10_Firewall.removedAttrs + ["telnet"] def _getParser(self): op = F10_Firewall._getParser(self) op.remove_option("--telnet") return op