10b8af757b67ee795deef9523f1fd72ca28721e22Eric Paris#! /usr/bin/python -Es 2c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh# Copyright (C) 2012-2013 Red Hat 3c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh# AUTHOR: Miroslav Grepl <mgrepl@redhat.com> 4c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh# AUTHOR: David Quigley <selinux@davequigley.com> 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# see file 'COPYING' for use and warranty information 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# semanage is a tool for managing SELinux configuration files 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This program is free software; you can redistribute it and/or 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# modify it under the terms of the GNU General Public License as 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# published by the Free Software Foundation; either version 2 of 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# the License, or (at your option) any later version. 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This program is distributed in the hope that it will be useful, 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# but WITHOUT ANY WARRANTY; without even the implied warranty of 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# GNU General Public License for more details. 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# You should have received a copy of the GNU General Public License 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# along with this program; if not, write to the Free Software 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 02111-1307 USA 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 24c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh# 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshimport argparse 27c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshimport seobject 28c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshimport sys 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport gettext 30c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan WalshPROGNAME="policycoreutils" 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletry: 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle gettext.install(PROGNAME, 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle localedir="/usr/share/locale", 34c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh unicode=True, 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle codeset = 'utf-8') 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleexcept IOError: 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle import __builtin__ 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __builtin__.__dict__['_'] = unicode 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 40c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh# define custom usages for selected main actions 41c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_login = "semanage login [-h] [-n] [-N] [-s STORE] [" 42c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_login_dict = {' --add':('-s SEUSER','-r RANGE','LOGIN',),' --modify':('-s SEUSER','-r RANGE','LOGIN',),' --delete':('LOGIN',), ' --list':('-C',),' --extract':('',), ' --deleteall':('',)} 43c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 44c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_fcontext = "semanage fcontext [-h] [-n] [-N] [-s STORE] [" 45c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_fcontext_dict = {' --add':('(','-t TYPE','-f FTYPE','-r RANGE','-s SEUSER', '|','-e EQUAL', ')','FILE_SPEC',')' ,),' --delete':('(','-t TYPE','-f FTYPE','|','-e EQUAL',')','FILE_SPEC', ')',),' --modify':('(','-t TYPE','-f FTYPE','-r RANGE','-s SEUSER','|','-e EQUAL',')','FILE_SPEC )',),' --list':('-C',), ' --extract':('',), ' --deleteall':('',)} 46c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 47c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_user = "semanage user [-h] [-n] [-N] [-s STORE] [" 48c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_user_dict = {' --add':('(','-L LEVEL','-R ROLES','-r RANGE','-s SEUSER','selinux_name'')'),' --delete':('selinux_name',),' --modify':('(','-L LEVEL','-R ROLES','-r RANGE','-s SEUSER','selinux_name',')'),' --list':('-C',), ' --extract':('',), ' --deleteall':('',)} 49c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 50c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_port = "semanage port [-h] [-n] [-N] [-s STORE] [" 51c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_port_dict = {' --add':('-t TYPE','-p PROTOCOL','-r RANGE','(','port_name','|','port_range',')'),' --modify':('-t TYPE','-p PROTOCOL','-r RANGE','(','port_name','|','port_range',')'), ' --delete':('-p PROTOCOL','(','port_name','|','port_range',')'),' --list':('-C',), ' --extract':('',), ' --deleteall':('',)} 52c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 53c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_node = "semanage node [-h] [-n] [-N] [-s STORE] [" 54c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_node_dict = {' --add':('-M NETMASK','-p PROTOCOL','-t TYPE','-r RANGE','node'),' --modify':('-M NETMASK','-p PROTOCOL','-t TYPE','-r RANGE','node'), ' --delete':('-M NETMASK','-p PROTOCOL','node'),' --list':('-C',), ' --extract':('',), ' --deleteall':('',)} 55c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 56c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_interface = "semanage interface [-h] [-n] [-N] [-s STORE] [" 57c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_interface_dict = {' --add':('-t TYPE','-r RANGE','interface'),' --modify':('-t TYPE','-r RANGE','interface'), ' --delete':('interface',),' --list':('-C',), ' --extract':('',), ' --deleteall':('',)} 58c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 59c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_boolean = "semanage boolean [-h] [-n] [-N] [-s STORE] [" 60c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshusage_boolean_dict = {' --modify':('(','--on','|','--off',')','boolean'), ' --list':('-C',), ' --extract':('',), ' --deleteall':('',)} 61c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 62c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshimport sepolicy 63c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshclass CheckRole(argparse.Action): 64c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh def __call__(self, parser, namespace, value, option_string=None): 65c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh newval = getattr(namespace, self.dest) 66c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if not newval: 67c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh newval = [] 68c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh roles = sepolicy.get_all_roles() 69c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for v in value.split(): 70c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if v not in roles: 71c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh raise ValueError("%s must be an SELinux role:\nValid roles: %s" % (v, ", ".join(roles))) 72c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh newval.append(v) 73c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setattr(namespace, self.dest, newval) 74c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 75c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshstore = '' 76c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshclass SetStore(argparse.Action): 77c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh def __call__(self, parser, namespace, values, option_string=None): 78c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh global store 79c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh store=values 80c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setattr(namespace, self.dest, values) 81c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 82c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshclass seParser(argparse.ArgumentParser): 83c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh def error(self, message): 84c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if len(sys.argv) == 2: 85c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh self.print_help() 86c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(2) 87c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh self.print_usage() 88c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh self.exit(2, ('%s: error: %s\n') % (self.prog, message)) 89c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 90c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshclass SetExportFile(argparse.Action): 91c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh def __call__(self, parser, namespace, values, option_string=None): 92c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if values: 93c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if values is not "-": 94c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh try: 95c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.stdout = open(values, 'w') 96c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except: 97c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) 98c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(1) 99c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setattr(namespace, self.dest, values) 100c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 101c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshclass SetImportFile(argparse.Action): 102c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh def __call__(self, parser, namespace, values, option_string=None): 103c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if values and values is not "-": 104c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh try: 105c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.stdin = open(values, 'r') 106c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except IOError,e: 107c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) 108c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(1) 109c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setattr(namespace, self.dest, values) 110c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 111c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh# functions for OBJECT initialization 112c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef login_ini(): 113c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = seobject.loginRecords(store) 114c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return OBJECT 115c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 116c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef user_ini(): 117c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = seobject.seluserRecords(store) 118c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return OBJECT 119c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 120c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef port_ini(): 121c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = seobject.portRecords(store) 122c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return OBJECT 123c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 124c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef module_ini(): 125c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = seobject.moduleRecords(store) 126c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return OBJECT 127c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 128c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef interface_ini(): 129c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = seobject.interfaceRecords(store) 130c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return OBJECT 131c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 132c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef node_ini(): 133c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = seobject.nodeRecords(store) 134c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return OBJECT 135c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 136c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef fcontext_ini(): 137c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = seobject.fcontextRecords(store) 138c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return OBJECT 139c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 140c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef boolean_ini(): 141c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = seobject.booleanRecords(store) 142c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return OBJECT 143c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 144c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef permissive_ini(): 145c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = seobject.permissiveRecords(store) 146c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return OBJECT 147c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 148c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef dontaudit_ini(): 149c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = seobject.dontauditClass(store) 150c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return OBJECT 151c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 152c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh# define dictonary for seobject OBEJCTS 153c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshobject_dict = {'login':login_ini, 'user':user_ini, 'port':port_ini, 'module':module_ini, 'interface':interface_ini, 'node':node_ini, 'fcontext':fcontext_ini, 'boolean':boolean_ini,'permissive':permissive_ini, 'dontaudit':dontaudit_ini} 154c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 155c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef generate_custom_usage(usage_text,usage_dict): 156c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh # generate custom usage from given text and dictonary 157c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sorted_keys = [] 158c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for i in usage_dict.keys(): 159c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sorted_keys.append(i) 160c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sorted_keys.sort() 161c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for k in sorted_keys: 162c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh usage_text += "%s %s |" % (k,(" ".join(usage_dict[k]))) 163c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh usage_text = usage_text[:-1] + "]" 164c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh usage_text = _(usage_text) 165c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 166c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return usage_text 167c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 168c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handle_opts(args,dict,target_key): 169c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh # handle conflict and required options for given dictonary 170c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh # {action:[conflict_opts,require_opts]} 171c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 172c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh # first we need to catch conflicts 173c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for k in args.__dict__.keys(): 174c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh try: 175c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if k in dict[target_key][0] and args.__dict__[k]: 176c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print("%s option can not be used with --%s" % (target_key,k)) 177c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(2) 178c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except KeyError: 179c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh continue 180c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 181c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for k in args.__dict__.keys(): 182c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh try: 183c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if k in dict[target_key][1] and not args.__dict__[k]: 184c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print("%s option is needed for %s" % (k,target_key)) 185c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(2) 186c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except KeyError: 187c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh continue 188c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 189c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handleLogin(args): 190c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh # {action:[conflict_opts,require_opts]} 191c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh login_args = {'list':[('login','seuser'),('')],'add':[('locallist'),('seuser','login')],'modify':[('locallist'),('login')], 'delete':[('locallist'),('login')],'extract':[('locallist','login','seuser'),('')],'deleteall':[('locallist'),('')]} 192c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 193c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh handle_opts(args,login_args,args.action) 194c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 195c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = object_dict['login']() 196c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.set_reload(args.noreload) 197c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 198c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "add": 199c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.add(args.login, args.seuser, args.range) 200c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "modify": 201c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.modify(args.login, args.seuser, args.range) 202c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "delete": 203c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.delete(args.login) 204c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "list": 205c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.list(args.noheading, args.locallist) 206c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "deleteall": 207c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.deleteall() 208c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "extract": 209c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for i in OBJECT.customized(): 210c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print "login %s" % (str(i)) 211c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 212c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_store(parser, name): 213c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-S', '--store', action=SetStore, help=_("Select an alternate SELinux Policy Store to manage")) 214c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 2152ff279e21e4715ac49e094b5fae8bc8e84b9e417Jason Danadef parser_add_priority(parser, name): 2162ff279e21e4715ac49e094b5fae8bc8e84b9e417Jason Dana parser.add_argument('-P', '--priority', type=int, default=400, help=_("Select a priority for module operations")) 2172ff279e21e4715ac49e094b5fae8bc8e84b9e417Jason Dana 218c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_noheading(parser, name): 219c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-n', '--noheading', action='store_false', default=True, help=_("Do not print heading when listing %s object types") % name ) 220c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 221c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_noreload(parser, name): 222c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-N', '--noreload', action='store_false', default=True, help=_('Do not reload policy after commit')) 223c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 224c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_locallist(parser, name): 225c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-C', '--locallist', action='store_true', default=False, help=_("List %s local customizations") % name ) 226c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 227c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_add(parser, name): 228c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-a', '--add', dest='action', action='store_const', const='add', help=_("Add a record of the %s object type") % name ) 229c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 230c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_type(parser, name): 231c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-t', '--type', help=_('SELinux Type for the object')) 232c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_level(parser, name): 233c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-L', '--level', default='s0', help=_('Default SELinux Level for SELinux user, s0 Default. (MLS/MCS Systems only)')) 234c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_range(parser, name): 235c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-r', '--range', default="s0", 236c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh help=_(''' 237c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan WalshMLS/MCS Security Range (MLS/MCS Systems only) 238c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan WalshSELinux Range for SELinux login mapping 239c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdefaults to the SELinux user record range. 240c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan WalshSELinux Range for SELinux user defaults to s0. 241c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh''')) 242c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_proto(parser, name): 243c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-p', '--proto', help=_(''' 244c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh Protocol for the specified port (tcp|udp) or internet protocol 245c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh version for the specified node (ipv4|ipv6). 246c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh''')) 247c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 248c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_modify(parser, name): 249c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-m', '--modify', dest='action', action='store_const', const='modify', help=_("Modify a record of the %s object type") % name ) 250c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 251c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_list(parser, name): 252c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-l', '--list', dest='action', action='store_const', const='list', help=_("List records of the %s object type") % name ) 253c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 254c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_delete(parser, name): 255c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-d', '--delete', dest='action', action='store_const', const='delete', help=_("Delete a record of the %s object type") % name ) 256c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 257c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_extract(parser, name): 258c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-E', '--extract', dest='action', action='store_const', const='extract', help=_("Extract customizable commands, for use within a transaction")) 259c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 260c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_deleteall(parser, name): 261c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-D', '--deleteall', dest='action', action='store_const', const='deleteall', help=_('Remove all %s objects local customizations') % name ) 262c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 263c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef parser_add_seuser(parser, name): 264c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser.add_argument('-s', '--seuser', default="", help=_("SELinux user name")) 265c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 266c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef setupLoginParser(subparsers): 267c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh generated_usage = generate_custom_usage(usage_login, usage_login_dict) 268c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh loginParser = subparsers.add_parser('login', usage=generated_usage, help=_("Manage login mappings between linux users and SELinux confined users")) 269c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_locallist(loginParser, "login") 270c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noheading(loginParser, "login") 271c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noreload(loginParser, "login") 272c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_store(loginParser, "login") 273c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_range(loginParser, "login") 274c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 275c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh login_action = loginParser.add_mutually_exclusive_group(required=True) 276c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 277c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_add(login_action, "login") 278c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_delete(login_action, "login") 279c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_modify(login_action, "login") 280c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_list(login_action, "login") 281c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_extract(login_action, "login") 282c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_deleteall(login_action, "login") 283c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_seuser(loginParser, "login") 284c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 285c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh loginParser.add_argument('login', nargs='?', default=None, help=_("login_name | %%groupname")) 286c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 287c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh loginParser.set_defaults(func=handleLogin) 288c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 289c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handleFcontext(args): 290c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh fcontext_args = {'list':[('equal','ftype','seuser','type'),('')],'add':[('locallist'),('type','file_spec')],'modify':[('locallist'),('type','file_spec')], 'delete':[('locallist'), ('file_spec')],'extract':[('locallist','equal','ftype','seuser','type'),('')],'deleteall':[('locallist'),('')]} 291c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh # we can not use mutually for equal because we can define some actions together with equal 292c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh fcontext_equal_args = {'equal':[('list','locallist','type','ftype','seuser','deleteall','extract'),()]} 293c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 294c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is None: 295c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print("usage: "+"%s" % generate_custom_usage(usage_fcontext, usage_fcontext_dict)) 296c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(2) 297c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh elif args.action and args.equal: 298c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh handle_opts(args, fcontext_equal_args, "equal") 299c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh else: 300c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh handle_opts(args, fcontext_args, args.action) 301c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 302c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = object_dict['fcontext']() 303c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.set_reload(args.noreload) 304c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 305c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "add": 306c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.equal: 307c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.add_equal(args.file_spec, args.equal) 308c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh else: 309c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.add(args.file_spec, args.type, args.ftype, args.range, args.seuser) 310c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "modify": 311c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.equal: 312c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.add_equal(args.file_spec, args.equal) 313c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh else: 314c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.modify(args.file_spec, args.type, args.ftype, args.range, args.seuser) 315c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "delete": 316c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.equal: 317c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.delete(args.file_spec, args.equal) 318c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh else: 319c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.delete(args.file_spec,args.ftype) 320c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "list": 321c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.list(args.noheading, args.locallist) 322c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "deleteall": 323c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.deleteall() 324c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "extract": 325c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for i in OBJECT.customized(): 326c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print "fcontext %s" % str(i) 327c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 328c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef setupFcontextParser(subparsers): 329c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh ftype_help = ''' 330c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan WalshFile Type. This is used with fcontext. Requires a file type 331c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshas shown in the mode field by ls, e.g. use -d to match only 332c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdirectories or -- to match only regular files. The following 333c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshfile type options can be passed: 334c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh-- (regular file),-d (directory),-c (character device), 335c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh-b (block device),-s (socket),-l (symbolic link),-p (named pipe) 336c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan WalshIf you do not specify a file type, the file type will default to "all files". 337c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh''' 338c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh generate_usage = generate_custom_usage(usage_fcontext, usage_fcontext_dict) 339c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh fcontextParser = subparsers.add_parser('fcontext',usage=generate_usage, help=_("Manage file context mapping definitions")) 340c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_locallist(fcontextParser, "fcontext") 341c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noheading(fcontextParser, "fcontext") 342c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noreload(fcontextParser, "fcontext") 343c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_store(fcontextParser, "fcontext") 344c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 345c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh fcontext_action = fcontextParser.add_mutually_exclusive_group(required=False) 346c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_add(fcontext_action, "fcontext") 347c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_delete(fcontext_action, "fcontext") 348c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_modify(fcontext_action, "fcontext") 349c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_list(fcontext_action, "fcontext") 350c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_extract(fcontext_action, "fcontext") 351c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_deleteall(fcontext_action, "fcontext") 352c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 353c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh fcontextParser.add_argument('-e', '--equal', help=_('''Substitute target path with sourcepath when generating default 354c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh label. This is used with fcontext. Requires source and target 355c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh path arguments. The context labeling for the target subtree is 356c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh made equivalent to that defined for the source.''')) 357c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh fcontextParser.add_argument('-f', '--ftype', default="", choices=["a","f","d","c","b","s","l","p"], help=_(ftype_help)) 358c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_seuser(fcontextParser, "fcontext") 359c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_type(fcontextParser, "fcontext") 360c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_range(fcontextParser, "fcontext") 361c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('file_spec')) 362c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh fcontextParser.set_defaults(func=handleFcontext) 363c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 364c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handleUser(args): 365c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh user_args = {'list':[('selinux_name','seuser','roles'),('')],'add':[('locallist'),('roles','selinux_name')],'modify':[('locallist'),('selinux_name')], 'delete':[('locallist'),('selinux_name')],'extract':[('locallist','selinux_name','seuser','role'),('')],'deleteall':[('locallist'),('')]} 366c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 367c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh handle_opts(args,user_args,args.action) 368c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 369c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = object_dict['user']() 370c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.set_reload(args.noreload) 371c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 372c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "add": 373c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.add(args.selinux_name, args.roles, args.level, args.range, args.prefix) 374c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "modify": 375c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.modify(args.selinux_name, args.roles, args.level, args.range, args.prefix) 376c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "delete": 377c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.delete(args.selinux_name) 378c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "list": 379c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.list(args.noheading, args.locallist) 380c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "deleteall": 381c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.deleteall() 382c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "extract": 383c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for i in OBJECT.customized(): 384c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print "user %s" % str(i) 385c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 386c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef setupUserParser(subparsers): 387c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh generated_usage = generate_custom_usage(usage_user, usage_user_dict) 388c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh userParser = subparsers.add_parser('user', usage=generated_usage,help=_('Manage SELinux confined users (Roles and levels for an SELinux user)')) 389c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_locallist(userParser, "user") 390c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noheading(userParser, "user") 391c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noreload(userParser, "user") 392c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_store(userParser, "user") 393c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 394c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh user_action = userParser.add_mutually_exclusive_group(required=True) 395c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_add(user_action, "user") 396c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_delete(user_action, "user") 397c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_modify(user_action, "user") 398c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_list(user_action, "user") 399c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_extract(user_action, "user") 400c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_deleteall(user_action, "user") 401c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 402c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_level(userParser, "user") 403c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_range(userParser, "user") 404c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh userParser.add_argument('-R', '--roles', default=[], 405c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh action=CheckRole, 406c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh help=_(''' 407c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan WalshSELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times. 408c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh''')) 409c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh userParser.add_argument('-P', '--prefix', default="user", help=argparse.SUPPRESS) 410c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh userParser.add_argument('selinux_name', nargs='?', default=None, help=_('selinux_name')) 411c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh userParser.set_defaults(func=handleUser) 412c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 413c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handlePort(args): 414c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh port_args = {'list':[('port','type','proto'),('')],'add':[('locallist'),('type','port','proto')],'modify':[('localist'),('port','proto')], 'delete':[('locallist'),('port','proto')],'extract':[('locallist','port','type','proto'),('')],'deleteall':[('locallist'),('')]} 415c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 416c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh handle_opts(args,port_args,args.action) 417c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 418c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = object_dict['port']() 419c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.set_reload(args.noreload) 420c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 421c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "add": 422c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.add(args.port, args.proto, args.range, args.type) 423c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "modify": 424c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.modify(args.port, args.proto, args.range, args.type) 425c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "delete": 426c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.delete(args.port, args.proto) 427c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "list": 428c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.list(args.noheading, args.locallist) 429c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "deleteall": 430c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.deleteall() 431c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "extract": 432c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for i in OBJECT.customized(): 433c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print "port %s" % str(i) 434c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 435c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef setupPortParser(subparsers): 436c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh generated_usage = generate_custom_usage(usage_port, usage_port_dict) 437c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh portParser = subparsers.add_parser('port', usage=generated_usage, help=_('Manage network port type definitions')) 438c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_locallist(portParser, "port") 439c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noheading(portParser, "port") 440c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noreload(portParser, "port") 441c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_store(portParser, "port") 442c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 443c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh port_action = portParser.add_mutually_exclusive_group(required=True) 444c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_add(port_action, "port") 445c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_delete(port_action, "port") 446c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_modify(port_action, "port") 447c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_list(port_action, "port") 448c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_extract(port_action, "port") 449c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_deleteall(port_action, "port") 450c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_type(portParser, "port") 451c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_range(portParser, "port") 452c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_proto(portParser, "port") 453c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh portParser.add_argument('port', nargs='?', default=None, help=_('port | port_range')) 454c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh portParser.set_defaults(func=handlePort) 455c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 456c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handleInterface(args): 457c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh interface_args = {'list':[('interface'),('')],'add':[('locallist'),('type','interface')],'modify':[('locallist'),('type','interface')], 'delete':[('locallist'),('interface')],'extract':[('locallist','interface','type'),('')],'deleteall':[('locallist'),('')]} 458c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 459c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh handle_opts(args,interface_args,args.action) 460c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 461c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = object_dict['interface']() 462c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.set_reload(args.noreload) 463c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 464c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "add": 465c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.add(args.interface, args.range, args.type) 466c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "modify": 467c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.add(args.interface, args.range, args.type) 468c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "delete": 469c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.delete(args.interface) 470c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "list": 471c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.list(args.noheading, args.locallist) 472c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "deleteall": 473c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.deleteall() 474c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "extract": 475c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for i in OBJECT.customized(): 476c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print "interface %s" % str(i) 477c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 478c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef setupInterfaceParser(subparsers): 479c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh generated_usage = generate_custom_usage(usage_interface, usage_interface_dict) 480c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh interfaceParser = subparsers.add_parser('interface', usage=generated_usage, help=_('Manage network interface type definitions')) 481c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_locallist(interfaceParser, "interface") 482c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noheading(interfaceParser, "interface") 483c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noreload(interfaceParser, "interface") 484c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_store(interfaceParser, "interface") 485c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_type(interfaceParser, "interface") 486c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_range(interfaceParser, "interface") 487c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 488c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh interface_action = interfaceParser.add_mutually_exclusive_group(required=True) 489c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_add(interface_action, "interface") 490c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_delete(interface_action, "interface") 491c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_modify(interface_action, "interface") 492c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_list(interface_action, "interface") 493c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_extract(interface_action, "interface") 494c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_deleteall(interface_action, "interface") 495c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh interfaceParser.add_argument('interface', nargs='?', default=None, help=_('interface_spec')) 496c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh interfaceParser.set_defaults(func=handleInterface) 497c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 498c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handleModule(args): 499c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = seobject.moduleRecords(store) 500c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.set_reload(args.noreload) 501c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action == "add": 5022ff279e21e4715ac49e094b5fae8bc8e84b9e417Jason Dana OBJECT.add(args.module_name, args.priority) 503c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action == "enable": 5042ff279e21e4715ac49e094b5fae8bc8e84b9e417Jason Dana OBJECT.set_enabled(args.module_name, True) 505c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action == "disable": 5062ff279e21e4715ac49e094b5fae8bc8e84b9e417Jason Dana OBJECT.set_enabled(args.module_name, False) 507c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action == "remove": 5082ff279e21e4715ac49e094b5fae8bc8e84b9e417Jason Dana OBJECT.delete(args.module_name, args.priority) 509c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "deleteall": 510c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.deleteall() 511c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action == "list": 512c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.list(args.noheading, args.locallist) 513c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "extract": 514c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for i in OBJECT.customized(): 515c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print "module %s" % str(i) 516c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 517c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef setupModuleParser(subparsers): 518c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh moduleParser = subparsers.add_parser('module', help=_('Manage SELinux policy modules')) 519c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noheading(moduleParser, "module") 520c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noreload(moduleParser, "module") 521c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_store(moduleParser, "module") 522c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_locallist(moduleParser, "module") 5232ff279e21e4715ac49e094b5fae8bc8e84b9e417Jason Dana parser_add_priority(moduleParser, "module") 524c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 525c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh mgroup = moduleParser.add_mutually_exclusive_group(required=True) 526c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_add(mgroup, "module") 527c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_list(mgroup, "module") 528c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_extract(mgroup, "module") 529c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_deleteall(mgroup, "module") 530c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh mgroup.add_argument('-r', '--remove', dest='action', action='store_const', const='remove', help=_("Remove a module")) 531c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh mgroup.add_argument('-d', '--disable', dest='action', action='store_const', const='disable', help=_("Disable a module")) 532c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh mgroup.add_argument('-e', '--enable', dest='action', action='store_const', const='enable', help=_("Enable a module")) 533c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh moduleParser.add_argument('module_name', nargs='?', default=None, help=_('Name of the module to act on')) 534c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh moduleParser.set_defaults(func=handleModule) 535c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 536c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handleNode(args): 537c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh node_args = {'list':[('node','type','proto','netmask'),('')],'add':[('locallist'),('type','node','proto','netmask')],'modify':[('locallist'),('node','netmask','proto')], 'delete':[('locallist'),('node','netmask','prototype')],'extract':[('locallist','node','type','proto','netmask'),('')],'deleteall':[('locallist'),('')]} 538c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh handle_opts(args,node_args,args.action) 539c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 540c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = object_dict['node']() 541c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.set_reload(args.noreload) 542c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 543c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "add": 544c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.add(args.node, args.netmask, args.proto, args.range, args.type) 545c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "modify": 546c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.add(args.node, args.netmask, args.proto, args.range, args.type) 547c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "delete": 548c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.delete(args.node, args.netmask, args.proto) 549c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "list": 550c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.list(args.noheading, args.locallist) 551c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "deleteall": 552c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.deleteall() 553c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "extract": 554c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for i in OBJECT.customized(): 555c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print "node %s" % str(i) 556c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 557c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef setupNodeParser(subparsers): 558c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh generated_usage = generate_custom_usage(usage_node, usage_node_dict) 559c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh nodeParser = subparsers.add_parser('node', usage=generated_usage, help=_('Manage network node type definitions')) 560c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_locallist(nodeParser, "node") 561c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noheading(nodeParser, "node") 562c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noreload(nodeParser, "node") 563c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_store(nodeParser, "node") 564c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 565c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh node_action = nodeParser.add_mutually_exclusive_group(required=True) 566c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_add(node_action, "node") 567c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_delete(node_action, "node") 568c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_modify(node_action, "node") 569c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_list(node_action, "node") 570c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_extract(node_action, "node") 571c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_deleteall(node_action, "node") 572c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 573c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh nodeParser.add_argument('-M', '--netmask', help=_('Network Mask')) 574c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_type(nodeParser, "node") 575c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_range(nodeParser, "node") 576c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_proto(nodeParser, "node") 577c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh nodeParser.add_argument('node', nargs='?', default=None, help=_('node')) 578c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh nodeParser.set_defaults(func=handleNode) 579c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 580c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handleBoolean(args): 581c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh boolean_args = {'list':[('state','boolean'),('')],'modify':[('localist'),('')], 'extract':[('locallist','state','boolean'),('')],'deleteall':[('locallist'),('')],'state':[('locallist','list','extract','deleteall'),('modify')]} 582c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is None: 583c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print("Usage: "+"%s" % generate_custom_usage(usage_boolean, usage_boolean_dict)) 584c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(2) 585c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh # TODO: should be added to handle_opts logic 586c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh elif args.action is "modify" and not args.boolean: 587c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print "boolean name required " 588c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(1) 589c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh elif args.action is "modify" and args.boolean and not args.state: 590c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print "state option is needed" 591c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(1) 592c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh else: 593c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh handle_opts(args,boolean_args,args.action) 594c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 595c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = object_dict['boolean']() 596c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.set_reload(args.noreload) 597c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 598c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "modify": 599c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.boolean: 600c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.modify(args.boolean, args.state, False) 601c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "list": 602c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.list(args.noheading, args.locallist) 603c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "deleteall": 604c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.deleteall() 605c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "extract": 606c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for i in OBJECT.customized(): 607c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print "boolean %s" % str(i) 608c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 609c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef setupBooleanParser(subparsers): 610c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh generated_usage = generate_custom_usage(usage_boolean, usage_boolean_dict) 611c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh booleanParser = subparsers.add_parser('boolean',usage=generated_usage, help=_('Manage booleans to selectively enable functionality')) 612c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_locallist(booleanParser, "boolean") 613c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noheading(booleanParser, "boolean") 614c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noreload(booleanParser, "boolean") 615c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_store(booleanParser, "boolean") 616c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh booleanParser.add_argument('boolean', nargs="?", default=None, help=_('boolean')) 617c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 618c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh boolean_action = booleanParser.add_mutually_exclusive_group(required=False) 619c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh #add_add(boolean_action) 620c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_modify(boolean_action, "boolean") 621c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_list(boolean_action, "boolean") 622c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_extract(boolean_action, "boolean") 623c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_deleteall(boolean_action, "boolean") 624c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 625c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh booleanGroup = booleanParser.add_mutually_exclusive_group(required=False) 626c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh booleanGroup.add_argument('-1', '--on', dest='state', action='store_const', const='on', help=_('Enable the boolean')) 627c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh booleanGroup.add_argument('-0', '--off', dest='state', action='store_const', const='off', help=_('Disable the boolean')) 628c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 629c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh booleanParser.set_defaults(func=handleBoolean) 630c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 631c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handlePermissive(args): 632c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = object_dict['permissive']() 633c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.set_reload(args.noreload) 634c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 635c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "add": 636c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.add(args.type) 637c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "list": 638c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.list(args.noheading) 639c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if args.action is "delete": 640c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.delete(args.type) 641c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 642c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef setupPermissiveParser(subparsers): 643c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh permissiveParser = subparsers.add_parser('permissive', help=_('Manage process type enforcement mode')) 644c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 645c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh pgroup = permissiveParser.add_mutually_exclusive_group(required=True) 646c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_add(pgroup, "permissive") 647c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_delete(pgroup, "permissive") 648c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_list(pgroup, "permissive") 649c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh #TODO: probably should be also added => need to implement own option handling 650c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh #parser_add_deleteall(pgroup) 651c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 652c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noheading(permissiveParser, "permissive") 653c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noreload(permissiveParser, "permissive") 654c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_store(permissiveParser, "permissive") 655c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh permissiveParser.add_argument('type', nargs='?', default=None, help=_('type')) 656c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh permissiveParser.set_defaults(func=handlePermissive) 657c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 658c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handleDontaudit(args): 659c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT = object_dict['dontaudit']() 660c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.set_reload(args.noreload) 661c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh OBJECT.toggle(args.action) 662c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 663c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef setupDontauditParser(subparsers): 664c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh dontauditParser = subparsers.add_parser('dontaudit', help=_('Disable/Enable dontaudit rules in policy')) 665c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noreload(dontauditParser, "dontaudit") 666c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_store(dontauditParser, "dontaudit") 667c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh dontauditParser.add_argument('action', choices=["on", "off"]) 668c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh dontauditParser.set_defaults(func=handleDontaudit) 669c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 670c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handleExport(args): 671c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh manageditems=[ "boolean", "login", "interface", "user", "port", "node", "fcontext", "module"] 672c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for i in manageditems: 673c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print "%s -D" % i 674cc131892c74f10739b04509ec30880b6f6185e25Dan Walsh for i in manageditems: 675cc131892c74f10739b04509ec30880b6f6185e25Dan Walsh OBJECT = object_dict[i]() 676c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for c in OBJECT.customized(): 677c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh print "%s %s" % (i, str(c)) 678c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 679c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(0) 680c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 681c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef setupExportParser(subparsers): 682c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh exportParser = subparsers.add_parser('export', help=_('Output local customizations')) 683c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_store(exportParser, "export") 684c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh exportParser.add_argument('-f', '--output_file', dest='output_file', action=SetExportFile, help=_('Output file')) 685c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh exportParser.set_defaults(func=handleExport) 686c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 687c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshimport re 688c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef mkargv(line): 689c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh dquote = "\"" 690c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh squote = "\'" 691c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh l = line.split() 692c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh ret = [] 693c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh i = 0 694c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh while i < len(l): 695c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh cnt = len(re.findall(dquote, l[i])) 696c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if cnt > 1: 697c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh ret.append(l[i].strip(dquote)) 698c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh i = i + 1 699c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh continue 700c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if cnt == 1: 701c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh quote = [ l[i].strip(dquote) ] 702c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh i = i + 1 703c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 704c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh while i < len(l) and dquote not in l[i]: 705c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh quote.append(l[i]) 706c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh i = i + 1 707c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh quote.append(l[i].strip(dquote)) 708c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh ret.append(" ".join(quote)) 709c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh i = i + 1 710c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh continue 711c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 712c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh cnt = len(re.findall(squote, l[i])) 713c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if cnt > 1: 714c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh ret.append(l[i].strip(squote)) 715c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh i = i + 1 716c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh continue 717c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if cnt == 1: 718c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh quote = [ l[i].strip(squote) ] 719c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh i = i + 1 720c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh while i < len(l) and squote not in l[i]: 721c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh quote.append(l[i]) 722c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh i = i + 1 723c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 724c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh quote.append(l[i].strip(squote)) 725c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh ret.append(" ".join(quote)) 726c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh i = i + 1 727c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh continue 728c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 729c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh ret.append(l[i]) 730c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh i = i + 1 731c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 732c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return ret 733c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 734c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef handleImport(args): 735c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh trans = seobject.semanageRecords(store) 736c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh trans.start() 737c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 738c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for l in sys.stdin.readlines(): 739c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if len(l.strip()) == 0: 740c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh continue 741c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 742c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh try: 743c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh commandParser = createCommandParser() 744c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args = commandParser.parse_args(mkargv(l)) 745c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args.func(args) 746c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except ValueError,e: 747c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) 748c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(1) 749c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except IOError,e: 750c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) 751c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(1) 752c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except KeyboardInterrupt: 753c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(0) 754c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 755c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh trans.set_reload(args.noreload) 756c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh trans.finish() 757c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 758c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef setupImportParser(subparsers): 759c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh importParser = subparsers.add_parser('import', help=_('Output local customizations')) 760c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_noreload(importParser, "import") 761c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh parser_add_store(importParser, "import") 762c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh importParser.add_argument('-f', '--input_file', dest='input_file', action=SetImportFile, help=_('Input file')) 763c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh importParser.set_defaults(func=handleImport) 764c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 765c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef createCommandParser(): 766c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh commandParser = seParser(prog='semanage', 767c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh formatter_class=argparse.ArgumentDefaultsHelpFormatter, 768c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh description='''semanage is used to configure certain elements 769c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh of SELinux policy with-out requiring modification 770c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh to or recompilation from policy source.''') 771c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 772c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh #To add a new subcommand define the parser for it in a function above and call it here. 773c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh subparsers = commandParser.add_subparsers(dest='subcommand') 774c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setupImportParser(subparsers) 775c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setupExportParser(subparsers) 776c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setupLoginParser(subparsers) 777c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setupUserParser(subparsers) 778c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setupPortParser(subparsers) 779c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setupInterfaceParser(subparsers) 780c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setupModuleParser(subparsers) 781c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setupNodeParser(subparsers) 782c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setupFcontextParser(subparsers) 783c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setupBooleanParser(subparsers) 784c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setupPermissiveParser(subparsers) 785c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh setupDontauditParser(subparsers) 786c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 787c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return commandParser 788c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 789c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef make_io_args(args): 790c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh # import/export backward compability 791c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args_origin = ["-S", "-o", "-i", "targeted", "minumum", "mls"] 792c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args_file = [] 793c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args_ie = [] 794c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args_subcommand = [] 795c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 796c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh for i in args: 797c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if i == "-o": 798c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args_subcommand = ["export"] 799c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh continue 800c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if i == "-i": 801c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args_subcommand = ["import"] 802c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh continue 803c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if i not in args_origin: 804c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args_file = ["-f", i] 805c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh continue 806c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args_ie.append(i) 807c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 808c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return args_subcommand+args_ie+args_file 809c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 810c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef make_args(sys_args): 811c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args = [] 812c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh if "-o" in sys_args[1:] or "-i" in sys_args[1:]: 813c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args=make_io_args(sys_args[1:]) 814c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh else: 815c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args=sys_args[1:] 816c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 817c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh return args 818c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 819c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walshdef do_parser(): 820c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh try: 821c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh commandParser = createCommandParser() 822c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args = commandParser.parse_args(make_args(sys.argv)) 823c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh args.func(args) 824c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(0) 825c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except IOError,e: 826c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) 827c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(1) 828c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except KeyboardInterrupt: 829c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(0) 830c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except ValueError, e: 831c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.stderr.write("%s: %s\n" % (e.__class__.__name__, e.args[0])) 832c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(1) 833c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except KeyError, e: 834c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.stderr.write("%s: %s\n" % (e.__class__.__name__, e.args[0])) 835c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(1) 836c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except OSError, e: 837c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.stderr.write("%s: %s\n" % (e.__class__.__name__, e.args[1])) 838c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(1) 839c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh except RuntimeError, e: 840c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.stderr.write("%s: %s\n" % (e.__class__.__name__, e.args[0])) 841c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh sys.exit(1) 842c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh 84313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleif __name__ == '__main__': 844c1f763e2933cc6bd4e89e7bbd603ae1de08d081cDan Walsh do_parser() 845