U ÝÁ]Q0ã@sTdZddlZddlZddlZddlZddlZddlZddlZddl Zddl m Z ddl m Z mZmZmZddlmZddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZdd lmZddlm Z e !e"¡Z#ej$ %ej&¡ej$ 'ej(¡Gdd„dej)ƒƒƒZ*Gdd„dej+ƒZ,Gdd„dej+ƒZ-dd„Z.dS)zWebroot plugin.éN)Ú challenges)ÚDictÚSetÚ DefaultDictÚList)Ú achallenges)Úcli)Úerrors)Ú interfaces)Úos)Ú filesystem)Úops)Úutil)Úcommon)Ú safe_opencs–eZdZdZdZdZdd„Zedd„ƒZdd „Z ‡fd d „Z d d „Z dd„Z dd„Z dd„Zdd„Zd!dd„Zdd„Zdd„Zdd„Zdd „Z‡ZS)"Ú AuthenticatorzWebroot Authenticator.z Place files in webroot directoryzôAuthenticator plugin that performs http-01 challenge by saving necessary validation resources to appropriate paths on the file system. It expects that there is some other HTTP server configured to serve all files under specified web root ({0}).cCs|j | d¡¡S)NÚpath)Ú MORE_INFOÚformatÚconf©Úself©rú9/usr/lib/python3/dist-packages/certbot/plugins/webroot.pyÚ more_info-szAuthenticator.more_infocCs&|ddgtdd|ditdddS)Nrz-wapublic_html / webroot path. This can be specified multiple times to handle different domains; each domain will have the webroot path that preceded it. For instance: `-w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.net -d m.thing.net` (default: Ask))ÚdefaultÚactionÚhelpÚmapa—JSON dictionary mapping domains to webroot paths; this implies -d for each entry. You may need to escape this from your shell. E.g.: --webroot-map '{"eg1.is,m.eg1.is":"/www/eg1/", "eg2.is":"/www/eg2"}' This option is merged with, but takes precedence over, -w / -d entries. At present, if you put webroot-map in a config file, it needs to be on a single line, like: webroot-map = {"example.com":"/var/www"}.)Ú_WebrootPathActionÚ_WebrootMapAction)ÚclsÚaddrrrÚadd_parser_arguments0s  ÿÿz"Authenticator.add_parser_argumentscCstjgS©N)rÚHTTP01)rÚdomainrrrÚget_chall_prefBszAuthenticator.get_chall_prefcs.tt|ƒj||Ži|_t t¡|_g|_dSr$) ÚsuperrÚ__init__Ú full_rootsÚ collectionsÚ defaultdictÚsetÚ performedÚ _created_dirs©rÚargsÚkwargs©Ú __class__rrr)Fs zAuthenticator.__init__cCsdSr$rrrrrÚprepareNszAuthenticator.preparecs$ˆ |¡ˆ ¡‡fdd„|DƒS)Ncsg|]}ˆ |¡‘qSr)Ú_perform_single)Ú.0ÚachallrrrÚ Vsz)Authenticator.perform..)Ú _set_webrootsÚ_create_challenge_dirs)rÚachallsrrrÚperformQs zAuthenticator.performc CsÈ| d¡rD| d¡d}t d|¡|D]}| d¡ |j|¡q(n€ttt | d¡¡ƒƒ}|D]b}|j| d¡kr`|  |j|¡}z|  |¡Wnt k r¤YnX|  d|¡|| d¡|j<q`dS)Nréÿÿÿÿz4Using the webroot path %s for all unmatched domains.rr) rÚloggerÚinfoÚ setdefaultr&Úlistr-ÚsixZ itervaluesÚ_prompt_for_webrootÚremoveÚ ValueErrorÚinsert)rr<Ú webroot_pathr8Úknown_webrootsZ new_webrootrrrr:Xs& ÿÿ zAuthenticator._set_webrootscCsBd}|dkr>|r0| ||¡}|dkr<| |¡}q| |d¡}q|S)NT)Ú_prompt_with_webroot_listÚ_prompt_for_new_webroot)rr&rIÚwebrootrrrrDns  z!Authenticator._prompt_for_webrootcCsrtj tj¡}d| d¡}|jd |¡dg||dd\}}|tj krTt   d¡‚q|dkr`dS||d SqdS) Nz--rzSelect the webroot for {0}:zEnter a new webrootT)Zcli_flagÚforce_interactiveúIEvery requested domain must have a webroot when using the webroot plugin.ré) ÚzopeZ componentZ getUtilityr ZIDisplayZ option_nameZmenurÚ display_utilÚCANCELr Ú PluginError)rr&rIZdisplayZ path_flagÚcodeÚindexrrrrJ}sý  ÿz'Authenticator._prompt_with_webroot_listFcCsDtjtd |¡dd\}}|tjkr8|s,dSt d¡‚nt|ƒSdS)NzInput the webroot for {0}:T)rMrN)r Zvalidated_directoryÚ_validate_webrootrrQrRr rS)rr&Z allowraiserTrLrrrrKsý  ÿz%Authenticator._prompt_for_new_webrootc CsZ| d¡}|st d¡‚| ¡D]2\}}tj |tjj ¡|j |<t   d|j |¡t  d¡}zètt |j |¡dd…tdD]Â}zrt |d¡|j |¡ztj||dddd Wn<ttfk rò}zt  d ¡t   d |¡W5d}~XYnXWq€tk r@}z*|jtjtjfkr0t d  ||¡¡‚W5d}~XYq€Xq€W5t  |¡Xq dS) NrzMissing parts of webroot configuration; please set either --webroot-path and --domains, or --webroot-map. Run with --help webroot for examples.z-Creating root challenges validation dir at %sér>)ÚkeyiíT)Z copy_userZ copy_groupz3Unable to change owner and uid of webroot directoryú Error was: %sz=Couldn't create root for {0} http-01 challenge responses: {1})rr rSÚitemsr rÚjoinrr%Z URI_ROOT_PATHr*r?ÚdebugÚumaskÚsortedrZ get_prefixesÚlenr Úmkdirr/ÚappendZcopy_ownership_and_apply_modeÚOSErrorÚAttributeErrorr@ÚerrnoZEEXISTZEISDIRr)rZpath_mapÚnamerÚ old_umaskÚprefixZ exceptionrrrr;œsH ÿÿ $  ÿ  "ÿÿz$Authenticator._create_challenge_dirscCstj ||j d¡¡S)NÚtoken)r rr[ZchallÚencode)rÚ root_pathr8rrrÚ_get_validation_pathÅsz"Authenticator._get_validation_pathc Csˆ| ¡\}}|j|j}| ||¡}t d|¡t d¡}z,t|ddd}|  |  ¡¡W5QRXW5t |¡X|j |  |¡|S)Nz#Attempting to save validation to %srWÚwbi¤)ÚmodeÚchmod) Zresponse_and_validationr*r&rkr?r\r r]rÚwriterir.r")rr8ZresponseZ validationrjÚvalidation_pathrfZvalidation_filerrrr6Ès      zAuthenticator._perform_singlec CsÔ|D]N}|j |jd¡}|dk r| ||¡}t d|¡t |¡|j| |¡qg}|j rÀ|j   ¡}zt  |¡WqXt k r¼}z(|  d|¡t d|¡t d|¡W5d}~XYqXXqX||_ t d¡dS)Nz Removing %srz3Challenge directory %s was not empty, didn't removerYzAll challenges cleaned up)r*Úgetr&rkr?r\r rEr.r/ÚpopÚrmdirrbrGr@)rr<r8rjrpZ not_removedrÚexcrrrÚcleanupÛs$       zAuthenticator.cleanup)F)Ú__name__Ú __module__Ú __qualname__Ú__doc__Z descriptionrrÚ classmethodr#r'r)r5r=r:rDrJrKr;rkr6ruÚ __classcell__rrr3rr s$   )rc@seZdZdZddd„ZdS)r z%Action class for parsing webroot_map.NcsHt t |¡¡D]2\}‰tˆƒ‰|j ‡fdd„t ||¡Dƒ¡qdS)Nc3s|]}|ˆfVqdSr$r)r7Úd©rHrrÚ ÷sz-_WebrootMapAction.__call__..) rCZ iteritemsÚjsonÚloadsrVÚ webroot_mapÚupdaterZ add_domains)rÚparserÚ namespacerÚ option_stringÚdomainsrr}rÚ__call__ôs  ÿz_WebrootMapAction.__call__)N)rvrwrxryr‡rrrrr ñsr cs*eZdZdZ‡fdd„Zddd„Z‡ZS)rz&Action class for parsing webroot_path.cstt|ƒj||Žd|_dS)NF)r(rr)Ú_domain_before_webrootr0r3rrr)þsz_WebrootPathAction.__init__NcCs\|jrt d¡‚|jr<|jd}|jD]}|j ||¡q&n |jrHd|_|j t|ƒ¡dS)NzPIf you specify multiple webroot paths, one of them must precede all domain flagsr>T) rˆr rSrHr†rrArarV)rrƒr„rHr…Z prev_webrootr&rrrr‡sÿ  z_WebrootPathAction.__call__)N)rvrwrxryr)r‡r{rrr3rrûs rcCs&tj |¡st |d¡‚tj |¡S)z·Validates and returns the absolute path of webroot_path. :param str webroot_path: path to the webroot directory :returns: absolute path of webroot_path :rtype: str z% does not exist or is not a directory)r rÚisdirr rSÚabspathr}rrrrVs rV)/ryÚargparser+rdrZloggingrCZzope.componentrPZzope.interfaceZacmerZacme.magic_typingrrrrZcertbotrrr r Zcertbot.compatr r Zcertbot.displayr rrQZcertbot.pluginsrZ certbot.utilrZ getLoggerrvr?Z interfaceZ implementerZIAuthenticatorZproviderZIPluginFactoryZPluginrZActionr rrVrrrrÚs:               P