0x0000000000000000 " l=J*h}A Aqţ L import dbus import tuned.logs log = tuned.logs.get() class polkit(): def __init__(self): self._bus = dbus.SystemBus() self._proxy = self._bus.get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority', follow_name_owner_changes = True) self._authority = dbus.Interface(self._proxy, dbus_interface='org.freedesktop.PolicyKit1.Authority') def check_authorization(self, sender, action_id): """Check authorization, return codes: 1 - authorized 2 - polkit error, but authorized with fallback method 0 - unauthorized -1 - polkit error and unauthorized by the fallback method -2 - polkit error and unable to use the fallback method """ if sender is None or action_id is None: return False details = {} flags = 1 # AllowUserInteraction flag cancellation_id = "" # No cancellation id subject = ("system-bus-name", {"name" : sender}) try: ret = self._authority.CheckAuthorization(subject, action_id, details, flags, cancellation_id)[0] except (dbus.exceptions.DBusException, ValueError) as e: log.error("error querying polkit: %s" % e) # No polkit or polkit error, fallback to always allow root try: uid = self._bus.get_unix_user(sender) except dbus.exceptions.DBusException as e: log.error("error using falback authorization method: %s" % e) return -2 if uid == 0: return 2 else: return -1 return 1 if ret else 0 "lY>C] f!)F |.## -*- coding: utf-8 -*- # # Copyright (C) 2015-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """ipset backend""" __all__ = [ "FirewallIPSet" ] from firewall.core.logger import log from firewall.core.ipset import remove_default_create_options as rm_def_cr_opts from firewall.core.io.ipset import IPSet from firewall import errors from firewall.errors import FirewallError class FirewallIPSet(object): def __init__(self, fw): self._fw = fw self._ipsets = { } def __repr__(self): return '%s(%r)' % (self.__class__, self._ipsets) # ipsets def cleanup(self): self._ipsets.clear() def check_ipset(self, name): if name not in self.get_ipsets(): raise FirewallError(errors.INVALID_IPSET, name) def query_ipset(self, name): return name in self.get_ipsets() def get_ipsets(self): return sorted(self._ipsets.keys()) def has_ipsets(self): return len(self._ipsets) > 0 def get_ipset(self, name, applied=False): self.check_ipset(name) obj = self._ipsets[name] if applied: self.check_applied_obj(obj) return obj def _error2warning(self, f, name, *args): # transform errors into warnings try: f(name, *args) except FirewallError as error: msg = str(error) log.warning("%s: %s" % (name, msg)) def backends(self): backends = [] if self._fw.nftables_enabled: backends.append(self._fw.nftables_backend) if self._fw.ipset_enabled: backends.append(self._fw.ipset_backend) return backends def add_ipset(self, obj): if obj.type not in self._fw.ipset_supported_types: raise FirewallError(errors.INVALID_TYPE, "'%s' is not supported by ipset." % obj.type