U ]s@szdZddlZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z ddl m Z ddl mZddlmZmZmZmZmZmZeeZGdd d eZd d Zdz>NginxParser is a member object of the NginxConfigurator class.N)errors)os)obj) nginxparser)UnionDictSetAnyListTuplec@seZdZdZddZddZddZdd Zd d Zd d Z ddZ ddZ ddZ d.ddZ ddZd/ddZddZdd Zd0d!d"Zd1d#d$Zd2d&d'Zd(d)Zd*d+Zd3d,d-Zd%S)4 NginxParserzClass handles the fine details of parsing the Nginx Configuration. :ivar str root: Normalized absolute path to the server root directory. Without trailing slash. :ivar dict parsed: Mapping of file paths to parsed trees cCs*i|_tj||_||_|dSN)parsedrpathabspathroot_find_config_root config_rootload)selfrr6/usr/lib/python3/dist-packages/certbot_nginx/parser.py__init__s zNginxParser.__init__cCsi|_||jdS)z/Loads Nginx files into a parsed tree. N)r_parse_recursivelyr)rrrrr(szNginxParser.loadcCs||}||}|D]}|D]}t|r<||dq |ddgksX|ddgkr |dD]\}t|r|||dq`|ddgkr`|ddgkr`|dD]}t|r||dqq`q qdS)aParses nginx config files recursively by looking at 'include' directives inside 'http' and 'server' blocks. Note that this only reads Nginx files that potentially declare a virtual host. :param str filepath: The path to the files to parse, as a glob rZhttpserverN)abs_path _parse_files_is_include_directiver)rfilepathtreestreeentryZsubentryZ server_entryrrrr/s    zNginxParser._parse_recursivelycCs0tj|s$tjtj|j|Stj|S)zConverts a relative path to an absolute path relative to the root. Does nothing for paths that are already absolute. :param str path: The path :returns: The absolute path :rtype: str )rrisabsnormpathjoinr)rrrrrrKs zNginxParser.abs_pathc Csn|}i}|D]X}||D]J\}}t|}|dD]0}|}||krR|j||<|jp^||||<q4qq|S)zSBuilds a map from address to whether it listens on ssl in any server block addrs)_get_raw_servers_parse_server_rawnormalized_tuplessl) rservers addr_to_sslfilenamer_ parsed_serveraddrZ addr_tuplerrr_build_addr_to_sslXs  zNginxParser._build_addr_to_sslcszi}|jD]j}|j|}g||<||t|ddfddt||D]&\}\}}||}||f|||<qLq |S)z0Get a map of unparsed all server blocks cSst|dko|ddgkS)Nrrlen)xrrruz.NginxParser._get_raw_servers..cs|d|fS)Nr)append)r5yZsrvrrr6vr7)r_do_for_subarray enumerate_get_included_directives)rr+r-r!irr new_serverrr:rr'is     zNginxParser._get_raw_serversc Csnd}|}g}|D]J}||D]<\}}t|}t||d|d||d||}||q q|||S)a=Gets list of all 'virtual hosts' found in Nginx configuration. Technically this is a misnomer because Nginx does not have virtual hosts, it has 'server blocks'. :returns: List of :class:`~certbot_nginx.obj.VirtualHost` objects found in configuration :rtype: list Tr&r*names)r'r(rZ VirtualHostr8_update_vhosts_addrs_ssl) rZenabledr+vhostsr-rrr/vhostrrr get_vhosts~s"  zNginxParser.get_vhostscCs<|}|D]*}|jD]}|||_|jrd|_qq dS)zPUpdate a list of raw parsed vhosts to include global address sslishness TN)r1r&r)r*)rrBr,rCr0rrrrAs  z$NginxParser._update_vhosts_addrs_sslc Csht|}|D]T}t|rt||d}|D].}z||j|Wq2tk r^Yq2Xq2q|S)zReturns array with the "include" directives expanded out by concatenating the contents of the included file to the block. :param list block: :rtype: list r)copydeepcopyrglobrextendrKeyError)rblockresult directiveZincluded_filesZinclrrrr=s   z$NginxParser._get_included_directivesFc Cst|}g}|D]}||jkr&|s&qz6t|$}t|}||j|<||W5QRXWqtk r|td|Yqt j k r}zt d||W5d}~XYqXq|S)zParse files from a glob :param str filepath: Nginx config file path :param bool override: Whether to parse a file that has been parsed :returns: list of parsed tree structures :rtype: list zCould not open file: %s"Could not parse file: %s due to %sN) rGropenrrr8IOErrorloggerwarning pyparsingZParseExceptiondebug) rroverridefilesr item_filererrrrrrs    "zNginxParser._parse_filescCsJdg}|D]0}tjtj|j|r tj|j|Sq tddS)z)Return the Nginx Configuration Root file.z nginx.confz9Could not find Nginx root configuration file (nginx.conf)N)rrisfiler%rrZNoInstallationError)rlocationnamerrrrszNginxParser._find_config_roottmpTc Cs|jD]}|j|}|r(|tjj|}zL|r:|s:Wqt|}td||t |d}| |W5QRXWqt k rt d|YqXqdS)zDumps parsed configurations into files. :param str ext: The file extension to use for the dumped files. If empty, this overrides the existing conf files. :param bool lazy: Only write files that have been modified z!Writing nginx conf tree to %s: %swz#Could not open file for writing: %sN) rrrextsepZis_dirtyrdumpsrPrSrNwriterOerror)rZextZlazyr-r!outrWrrrfiledumps     zNginxParser.filedumpcCs|}t|}t|||S)zParses a list of server directives, accounting for global address sslishness. :param list server: list of directives in a server block :rtype: dict )r1r(_apply_global_addr_ssl)rrr,r/rrr parse_servers zNginxParser.parse_servercCs*|j}|D]}|sq q t|r dSq dS)zDoes vhost have ssl on for all ports? :param :class:`~certbot_nginx.obj.VirtualHost` vhost: The vhost in question :returns: True if 'ssl on' directive is included :rtype: bool TF)raw_is_ssl_on_directive)rrCrrLrrrhas_ssl_on_directives z NginxParser.has_ssl_on_directivecCs||tt||dS)aAdd directives to the server block identified by vhost. This method modifies vhost to be fully consistent with the new directives. ..note :: It's an error to try and add a nonrepeatable directive that already exists in the config block with a conflicting value. ..todo :: Doesn't match server blocks whose server_name directives are split across multiple conf files. :param :class:`~certbot_nginx.obj.VirtualHost` vhost: The vhost whose information we use to match on :param list directives: The directives to add :param bool insert_at_top: True if the directives need to be inserted at the top of the server block instead of the bottom N)_modify_server_directives functoolspartial_add_directivesrrC directives insert_at_toprrradd_server_directivess z!NginxParser.add_server_directivescCs||tt||dS)aRAdd or replace directives in the server block identified by vhost. This method modifies vhost to be fully consistent with the new directives. ..note :: When a directive with the same name already exists in the config block, the first instance will be replaced. Otherwise, the directive will be appended/prepended to the config block as in add_server_directives. ..todo :: Doesn't match server blocks whose server_name directives are split across multiple conf files. :param :class:`~certbot_nginx.obj.VirtualHost` vhost: The vhost whose information we use to match on :param list directives: The directives to add :param bool insert_at_top: True if the directives need to be inserted at the top of the server block instead of the bottom N)rirjrk_update_or_add_directivesrmrrrupdate_or_add_server_directives-s z+NginxParser.update_or_add_server_directivesNcCs||tt||dS)abRemove all directives of type directive_name. :param :class:`~certbot_nginx.obj.VirtualHost` vhost: The vhost to remove directives from :param string directive_name: The directive type to remove :param callable match_func: Function of the directive that returns true for directives to be deleted. N)rirjrk_remove_directives)rrCdirective_name match_funcrrrremove_server_directivesCs  z$NginxParser.remove_server_directivescCs<||}||}|d|_|d|_|d|_||_dS)Nr&r*r@)r=rer&r*r@rf)rrCZdirectives_listr?r/rrr%_update_vhost_based_on_new_directivesOs      z1NginxParser._update_vhost_based_on_new_directivesc Cs|j}z^|j|}|jD] }||}qt|trsz/NginxParser.duplicate_vhost..)rErFrrxrr UnspacedListr8rwr4r&rrsetr})rZvhost_templateZremove_singleton_listen_paramsZonly_directivesZ new_vhostZenclosing_blockr}Z raw_in_parsedZnew_directivesrLr0ZexcludeZparamkeysrrrduplicate_vhostfs4          zNginxParser.duplicate_vhost)F)r\T)F)F)N)FN)__name__ __module__ __qualname____doc__rrrrr1r'rDrAr=rrrcrerhrprrrvrwrirrrrrr s.  !       r c Cs|dk rz,t|}t|W5QRWSQRXWnPtk rTtd|Yn2tjk r}ztd||W5d}~XYnXgS)Nz"Missing NGINX TLS options file: %srM) rNrrrOrPrQrRZParseBaseExceptionrS)Z ssl_optionsrWrXrrr_parse_ssl_optionss " rcCsT|dkr g}t|trP||r*|||n&t|D]\}}t|||||gq2dS)a(Executes a function for a subarray of a nested array if it matches the given condition. :param list entry: The list to iterate over :param function condition: Returns true iff func should be executed on item :param function func: The function to call for each matching item N)ryrzr<r;)r"Z conditionfuncrr}rVrrrr;s   r;cCsg}g}g}g}|D]^}t||r.||qt||drF||qt||dr^||qt||r||q|rt|td}d|fS|rt|td}d|fS|rt|td}d|fS|r|d}d|fSd S) ahFinds the best match for target_name out of names using the Nginx name-matching rules (exact > longest wildcard starting with * > longest wildcard ending with * > regex). :param str target_name: The name to match :param set names: The candidate server names :returns: Tuple of (type of match, the name that matched) :rtype: tuple TF)keyexactwildcard_start wildcard_endrregex)NN) _exact_matchr8_wildcard_match _regex_matchminr4max) target_namer@rrrrr[matchrrrget_best_matchs4            rcCs||kpd||kS)N.r)rr[rrrrsrcCst|dkr dS|d}|d}|s4|||d}|dkrR|dkrRdSd|}d|}|d|S)N*TrrF)rreversepopr%endswith)rr[startpartsZ match_partsfirstrrrrs     rcCsZt|dks|ddkrdSz t|dd}t||WStjk rTYdSXdS)Nr2r~Fr)r4recompilerra)rr[rrrrrsrcCs2t|to0t|dko0|ddko0t|dtjS)zChecks if an nginx parsed entry is an 'include' directive. :param list entry: the parsed entry :returns: Whether it's an 'include' directive :rtype: bool r2rincluder)ryrzr4six string_typesr"rrrrs   rcCs.t|to,t|dko,|ddko,|ddkS)zChecks if an nginx parsed entry is an 'ssl on' directive. :param list entry: the parsed entry :returns: Whether it's an 'ssl on' directive :rtype: bool r2rr*rZon)ryrzr4rrrrrgs    rgcCs:|D]}t|||q|r6d|dkr6|tddS)z"Adds directives to a config block. r~N)_add_directiver8rrrnrorJrLrrrrl+srlcCs:|D]}t|||q|r6d|dkr6|tddS)z.Adds or replaces directives in a config block.rr~N)_update_or_add_directiver8rrrrrrrq2srqr server_namerZrewriteZ add_headerz managed by Certbot #cCs|dt|kr||dnd}t|trv|rvt|dkrV|ddkrVt|dkrVdSt|tjrn|jd}n|d}||dtdd|dk rd|kr||dddS) zAdd a ``#managed by Certbot`` comment to the end of the line at location. :param list block: The block containing the directive to be commented :param int location: The location within ``block`` of the directive to be commented rNr2rr~rr) r4ryrzCOMMENTrrspacedinsert COMMENT_BLOCK)rJrZZ next_entryrrrcomment_directive?s $  rc Csd|}||}tg}||t|}|d|}t|}d} |djd|ddkrhd} |dj| d|djdt|}t|}|d||<dS)z=Comment out the line at location, with a note of explanation.z duplicated in {0}z #rrz# ;N)formatrrr8r_loadsrr) rJrZZinclude_locationZcomment_messagerLZ new_dir_blockZdumpedZ commentedZnew_dirZinsert_locationrrr_comment_out_directiveRs        rcstfddt|DdS)zeFinds the index of the first instance of directive_name in block. If no line exists, use None.c3s6|].\}}|r|dkrdks*|r|VqdS)rNr)rr}linertrurr ls  z!_find_location..N)nextr<)rJrtrurrr_find_locationisrcCst|dkp|ddkS)z;Is this directive either a whitespace or comment directive?rrr3rLrrr_is_whitespace_or_commentosrc CsJt|tjst|}t|r,||dSt||d}|d}dd}d}|tkrt|d}|D]`}t||d} |d} t|sf|| | sf|| |krt | ||| qft || |dqf|||r"|r| dtd| d|t |dn||t |t|dn$|||krFt | |||dS)NrcSs|dkpt|tjo|tkS)z, Can we append this directive to the block? N)ryrrREPEATABLE_DIRECTIVES)ZlocZdir_namerrr can_appendsz"_add_directive..can_appendz          rcCs|||<t||dSr )r)rJrLrZrrr_update_directivesrcCsbt|tjst|}t|r,||dSt||d}|dk rRt|||dSt|||dS)Nr)ryrrrr8rrr)rJrLrorZrrrrs    rcCsd|kot|kS)Nr)rrrrr_is_certbot_commentsrcCsPt|||d}|dkrdS|dt|krDt||drD||d=||=qdS)zYRemoves directives of name directive_name from a config block if match_func matches. )ruNr)rr4r)rtrurJrZrrrrss   rscCs.|dD] }|||_|jrd|d<qdS)zCApply global sslishness information to the parsed server block r&Tr*N)r)r*)r,r/r0rrrrds rdcCst}d}t}d}|D]}|s"q|ddkrbtjd|dd}|r|||jrd}q|ddkr|d d |ddDqt|rd}d}q|r|D] }d|_q|||d S) zxParses a list of server directives. :param list server: list of directives in a server block :rtype: dict FrrrrNTrcss|]}|dVqdS)z"'N)striprrrrrsz$_parse_server_raw..)r&r*r@) rrZAddrZ fromstringr%addr*updaterg)rr&r*r@Zapply_ssl_to_all_addrsrLr0rrrr(s2   r()N)N)5rrErjrGZloggingrrRrZcertbotrZcertbot.compatrZ certbot_nginxrrZacme.magic_typingrrrr r r Z getLoggerrrPobjectr rr;rrrrrrgrlrqrrrrrrrrrrrrrrsrdr(rrrrsT        .    7