| Server IP : 84.32.84.75 / Your IP : 216.73.216.217 Web Server : LiteSpeed System : Linux id-dci-web1986.main-hosting.eu 5.14.0-611.26.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jan 29 05:24:47 EST 2026 x86_64 User : u686484674 ( 686484674) PHP Version : 8.0.30 Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail MySQL : OFF | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /lib/python3.9/site-packages/firewall/core/ |
Upload File : |
# -*- coding: utf-8 -*-
#
# Copyright (C) 2011-2016 Red Hat, Inc.
#
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
__all__ = [ "FirewallPolicies" ]
from firewall import config
from firewall.core.logger import log
from firewall.core.io.lockdown_whitelist import LockdownWhitelist
from firewall import errors
from firewall.errors import FirewallError
class FirewallPolicies(object):
def __init__(self):
self._lockdown = False
self.lockdown_whitelist = LockdownWhitelist(config.LOCKDOWN_WHITELIST)
def __repr__(self):
return '%s(%r, %r)' % (self.__class__, self._lockdown,
self.lockdown_whitelist)
def cleanup(self):
self._lockdown = False
self.lockdown_whitelist.cleanup()
# lockdown
def access_check(self, key, value):
if key == "context":
log.debug2('Doing access check for context "%s"' % value)
if self.lockdown_whitelist.match_context(value):
log.debug3('context matches.')
return True
elif key == "uid":
log.debug2('Doing access check for uid %d' % value)
if self.lockdown_whitelist.match_uid(value):
log.debug3('uid matches.')
return True
elif key == "user":
log.debug2('Doing access check for user "%s"' % value)
if self.lockdown_whitelist.match_user(value):
log.debug3('user matches.')
return True
elif key == "command":
log.debug2('Doing access check for command "%s"' % value)
if self.lockdown_whitelist.match_command(value):
log.debug3('command matches.')
return True
return False
def enable_lockdown(self):
if self._lockdown:
raise FirewallError(errors.ALREADY_ENABLED, "enable_lockdown()")
self._lockdown = True
def disable_lockdown(self):
if not self._lockdown:
raise FirewallError(errors.NOT_ENABLED, "disable_lockdown()")
self._lockdown = False
def query_lockdown(self):
return self._lockdown