a `~8@sLdZddlZddlZddlZddlZddlmZddlZddl Z ddl m Z ddl mZddl mZddl mZddl mZdd l mZdd lmZdd lmZdd lmZdd lmZeeZddZddZedZ edej!Z"e j#$ej%Gddde&Z'Gddde'Z(Gddde&Z)Gddde&Z*ddZ+ddZ,dS) zPlugin common functions.N)util)List) achallenges) crypto_util)errors) interfaces)reverter) constants) filesystem)os) PluginStoragecCs|dS)9ArgumentParser options namespace (prefix of all options).-namerr8/usr/lib/python3/dist-packages/certbot/plugins/common.pyoption_namespacesrcCs|dddS);ArgumentParser dest namespace (prefix of all destinations).r_)replacerrrrdest_namespacesrzX(^127\.0\.0\.1)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)z3^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*[a-z]+$c@sbeZdZdZddZejddZeddZ e dd Z d d Z e d d Z ddZddZdS)PluginzGeneric plugin.cCs||_||_dSN)configr)selfrrrrr__init__0szPlugin.__init__cCsdS)zAdd plugin arguments to the CLI argument parser. :param callable add: Function that proxies calls to `argparse.ArgumentParser.add_argument` prepending options with unique plugin name prefix. Nr)clsaddrrradd_parser_arguments4szPlugin.add_parser_argumentscsfdd}||S)zYInject parser options. See `~.IPlugin.inject_parser_options` for docs. cs$jdt|g|Ri|S)Nz--{0}{1}) add_argumentformatr)Zarg_name_no_prefixargskwargsrparserrrrFsz)Plugin.inject_parser_options..add)r)rr%rrrr$rinject_parser_options>szPlugin.inject_parser_optionscCs t|jS)r )rrrrrrrLszPlugin.option_namespacecCs |j|S)z'Option name (include plugin namespace).)r)rrrrr option_nameQszPlugin.option_namecCs t|jS)r)rrr'rrrrUszPlugin.dest_namespacecCs|j|ddS)z.Find a destination for given variable ``var``.rr)rrrvarrrrdestZsz Plugin.destcCst|j||S)z0Find a configuration value for variable ``var``.)getattrrr+r)rrrconf`sz Plugin.confN)__name__ __module__ __qualname____doc__r jose_utilabstractclassmethodr classmethodr&propertyrr(rr+r-rrrrr*s    rcsleZdZdZfddZdddZddZd d Zd d ZdddZ e ddZ e ddZ ddZ ZS) InstallerzAn installer base class with reverter and ssl_dhparam methods defined. Installer plugins do not have to inherit from this class. cs8tt|j|i|t|j|j|_t|j|_dSr) superr6rr rrZstoragerZReverter)rr"r# __class__rrrkszInstaller.__init__Fc Cs^|r|jj}n|jj}z|||Wn4tjyX}ztt|WYd}~n d}~00dS)aAdd files to a checkpoint. :param set save_files: set of filepaths to save :param str save_notes: notes about changes during the save :param bool temporary: True if the files should be added to a temporary checkpoint rather than a permanent one. This is usually used for changes that will soon be reverted. :raises .errors.PluginError: when unable to add to checkpoint N)rZadd_to_temp_checkpointadd_to_checkpointr ReverterError PluginErrorstr)rZ save_filesZ save_notesZ temporaryZcheckpoint_funcerrrrrr:ps  zInstaller.add_to_checkpointc CsJz|j|Wn4tjyD}ztt|WYd}~n d}~00dS)zTimestamp and save changes made through the reverter. :param str title: Title describing checkpoint :raises .errors.PluginError: when an error occurs N)rfinalize_checkpointrr;r<r=)rtitler>rrrr?szInstaller.finalize_checkpointc CsHz|jWn4tjyB}ztt|WYd}~n d}~00dS)zRevert all previously modified files. Reverts all modified files that have not been saved as a checkpoint :raises .errors.PluginError: If unable to recover the configuration N)rrecovery_routinerr;r<r=rr>rrrrAszInstaller.recovery_routinec CsHz|jWn4tjyB}ztt|WYd}~n d}~00dS)zkRollback temporary checkpoint. :raises .errors.PluginError: when unable to revert config N)rrevert_temporary_configrr;r<r=rBrrrrCsz!Installer.revert_temporary_configc CsJz|j|Wn4tjyD}ztt|WYd}~n d}~00dS)zRollback saved checkpoints. :param int rollback: Number of checkpoints to revert :raises .errors.PluginError: If there is a problem with the input or the function is unable to correctly revert the configuration N)rrollback_checkpointsrr;r<r=)rZrollbackr>rrrrEs zInstaller.rollback_checkpointscCstj|jjtjS)z(Full absolute path to ssl_dhparams file.)r pathjoinr config_dirr ZSSL_DHPARAMS_DESTr'rrr ssl_dhparamsszInstaller.ssl_dhparamscCstj|jjtjS)z:Full absolute path to digest of updated ssl_dhparams file.)r rFrGrrHr ZUPDATED_SSL_DHPARAMS_DIGESTr'rrrupdated_ssl_dhparams_digestsz%Installer.updated_ssl_dhparams_digestcCst|j|jtjtjS)zJCopy Certbot's ssl_dhparams file into the system's config dir if required.)install_version_controlled_filerIrJr ZSSL_DHPARAMS_SRCZALL_SSL_DHPARAMS_HASHESr'rrrinstall_ssl_dhparamss zInstaller.install_ssl_dhparams)F)rD)r.r/r0r1rr:r?rArCrEr5rIrJrL __classcell__rrr8rr6es       r6c@sveZdZdZdddZeddZddZd d Zd d Z d dZ ddZ ddZ ddZ ddZddZddZdS)AddrzRepresents an virtual host address. :param str addr: addr part of vhost address :param str port: port number or \*, or "" FcCs||_||_dSr)tupipv6)rrOrPrrrrsz Addr.__init__cCs|drh|d}|d|d}d}t||dkrX||ddkrX||dd}|||fdd S|d}||d |dfSdS) zInitialize Addr from string.[]NrD:T)rPr) startswithrfindlen partition)rZstr_addrZendIndexZhostportrOrrr fromstrings    zAddr.fromstringcCs|jdrd|jS|jdS)NrDz%s:%srrOr'rrr__str__s  z Addr.__str__cCs|jr||jdfS|jS)z5Normalized representation of addr/port tuple rD)rPget_ipv6_explodedrOr'rrrnormalized_tupleszAddr.normalized_tuplecCs t||jr||kSdS)NF) isinstancer9r_)rotherrrr__eq__s z Addr.__eq__cCs t|jSr)hashrOr'rrr__hash__sz Addr.__hash__cCs |jdS)z Return addr part of Addr object.rr\r'rrrget_addrsz Addr.get_addrcCs |jdS)z Return port.rDr\r'rrrget_portsz Addr.get_portcCs||jd|f|jS)z6Return new address object with same addr and new port.r)r9rOrP)rrZrrr get_addr_objszAddr.get_addr_objcCs|d}|d}||S)z7Return IPv6 address in normalized form, helper functionrQrR)lstriprstrip _explode_ipv6)raddrrrr_normalize_ipv6 s  zAddr._normalize_ipv6cCs |jrd||jdSdS)zReturn IPv6 in normalized formrUrrS)rPrGrlrOr'rrrr^szAddr.get_ipv6_explodedcCsgd}|d}t|t|kr2|dt|}d}t|D]N\}}|sPd}q>t|dkrf|d}|sxt|||<q>t|||t|<q>|S)z#Explode IPv6 address for comparison)0rmrmrmrmrmrmrmrUrFTrDrm)splitrX enumeraterhr=)rrkresultZ addr_listZ append_to_endiblockrrrrjs   zAddr._explode_ipv6N)F)r.r/r0r1rr4r[r]r_rbrdrerfrgrlr^rjrrrrrNs  rNc@s*eZdZdZddZd ddZddZdS) ChallengePerformeravAbstract base for challenge performers. :ivar configurator: Authenticator and installer plugin :ivar achalls: Annotated challenges :vartype achalls: `list` of `.KeyAuthorizationAnnotatedChallenge` :ivar indices: Holds the indices of challenges from a larger array so the user of the class doesn't have to. :vartype indices: `list` of `int` cCs||_g|_g|_dSr) configuratorachallsindices)rrtrrrr:szChallengePerformer.__init__NcCs$|j||dur |j|dS)zStore challenge to be performed when perform() is called. :param .KeyAuthorizationAnnotatedChallenge achall: Annotated challenge. :param int idx: index to challenge in a larger array N)ruappendrv)rZachallidxrrr add_chall?s zChallengePerformer.add_challcCs tdS)zPerform all added challenges. :returns: challenge responses :rtype: `list` of `acme.challenges.KeyAuthorizationChallengeResponse` N)NotImplementedErrorr'rrrperformKszChallengePerformer.perform)N)r.r/r0r1rryr{rrrrrs.s  rscstfddfdd}tjs>|dSt}|krTdS||vrd|n`tjrtd}|}Wdn1s0Y|krdStddS)aCopy a file into an active location (likely the system's config dir) if required. :param str dest_path: destination path for version controlled file :param str digest_path: path to save a digest of the file in :param str src_path: path to version controlled file found in distribution :param list all_hashes: hashes of every released version of the file cs8td}|Wdn1s*0YdS)Nw)openwrite)f) current_hash digest_pathrr_write_current_hash`s z._write_current_hashcstdSr)shutilZcopyfiler)r dest_pathsrc_pathrr_install_current_fileds z>install_version_controlled_file.._install_current_fileNrzh%s has been manually modified; updated file saved to %s. We recommend updating %s for security purposes.) rZ sha256sumr rFisfiler}readloggerZwarning)rrrZ all_hashesrZactive_file_digestrZ saved_digestr)rrrrrrrKVs(     &rKcCsdd}|d}|d}|d}t|tjt|tjt|tjt|tjd|}t j |tj||dd|||fS) z5Setup the directories necessary for the configurator.cSstt|S)aReturn the real path of a temp directory with the specified prefix Some plugins rely on real paths of symlinks for working correctly. For example, certbot-apache uses real paths of configuration files to tell a virtual host from another. On systems where TMP itself is a symbolic link, (ex: OS X) such plugins will be confused. This function prevents such a case. )r realpathtempfileZmkdtemp)prefixrrrexpanded_tempdirs z#dir_setup..expanded_tempdirZtemprZworkZtestdataT)Zsymlinks) r chmodr ZCONFIG_DIRS_MODE pkg_resourcesZresource_filenamer rFrGrZcopytree)Ztest_dirpkgrZtemp_dirrHZwork_dirZ test_configsrrr dir_setups r)-r1ZloggingrerrZjosepyrr2rZzope.interfacezopeZacme.magic_typingrZcertbotrrrrrZcertbot._internalr Zcertbot.compatr r Zcertbot.plugins.storager Z getLoggerr.rrrcompileZprivate_ips_regex IGNORECASEZhostname_regexZ interfaceZ implementerZIPluginobjectrr6rNrsrKrrrrrsB             :gb(2