o 6a >@sTdZddlmZddlmZddlZddlZddlZddlZddlm Z ddl Z ddl m Z ddl m Z ddl mZdd l mZdd lmZdd lmZdd lmZdd lmZddlmZddlmZeeZddZddZ e!dZ"e!dej#Z$GdddeedZGdddeeedZGdddZ%GdddZ&dd Z'd!d"Z(dS)#zPlugin common functions.)ABCMeta)abstractmethodN)List) achallenges) crypto_util)errors)reverter) constants) filesystem)os) Installer)Plugin) PluginStoragecCs|dS)9ArgumentParser options namespace (prefix of all options).-namerr8/usr/lib/python3/dist-packages/certbot/plugins/common.pyoption_namespacesrcCs|dddS);ArgumentParser dest namespace (prefix of all destinations).r_)replacerrrrdest_namespacesrzX(^127\.0\.0\.1)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)z3^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*[a-z]+$cseZdZdZfddZeeddZeddZe dd Z d d Z e d d Z ddZ ddZdeejdefddZZS)r zGeneric plugin.cst||||_||_dSN)super__init__configr)selfrr __class__rrr.s zPlugin.__init__cCsdS)zAdd plugin arguments to the CLI argument parser. :param callable add: Function that proxies calls to `argparse.ArgumentParser.add_argument` prepending options with unique plugin name prefix. Nr)clsaddrrradd_parser_arguments3szPlugin.add_parser_argumentscsfdd}||S)zkInject parser options. See `~.certbot.interfaces.Plugin.inject_parser_options` for docs. cs$jdt|g|Ri|S)Nz--{0}{1}) add_argumentformatr)arg_name_no_prefixargskwargsrparserrrr"Fsz)Plugin.inject_parser_options..add)r#)r!r*rr"rr)rinject_parser_options>s zPlugin.inject_parser_optionscC t|jS)r)rrrrrrrL zPlugin.option_namespacecCs |j|S)z'Option name (include plugin namespace).)r)rrrrr option_nameQ zPlugin.option_namecCr,)r)rrr-rrrrUr.zPlugin.dest_namespacecCs|j|ddS)z.Find a destination for given variable ``var``.rr)rrrvarrrrdestZsz Plugin.destcCst|j||S)z0Find a configuration value for variable ``var``.)getattrrr3r1rrrconf`sz Plugin.conffailed_achallsreturncCs(dtdd|D}dj|j|dS)a9Human-readable string to help the user troubleshoot the authenticator. Shown to the user if one or more of the attempted challenges were not a success. Should describe, in simple language, what the authenticator tried to do, what went wrong and what the user should try as their "next steps". TODO: auth_hint belongs in Authenticator but can't be added until the next major version of Certbot. For now, it lives in .Plugin and auth_handler will only call it on authenticators that subclass .Plugin. For now, inherit from `.Plugin` to implement and/or override the method. :param list failed_achalls: List of one or more failed challenges (:class:`achallenges.AnnotatedChallenge` subclasses). :rtype str: z and cSsh|]}|jqSr)typ).0achallrrr xsz#Plugin.auth_hint..zThe Certificate Authority couldn't externally verify that the {name} plugin completed the required {challs} challenges. Ensure the plugin is configured correctly and that the changes it makes are accessible from the internet.)rchalls)joinsortedr%r)rr6r<rrr auth_hintdszPlugin.auth_hint)__name__ __module__ __qualname____doc__r classmethodrr#r+propertyrr/rr3r5rrAnnotatedChallengestrr? __classcell__rrrrr +s       r ) metaclasscsleZdZdZfddZdddZddZd d Zd d ZdddZ e ddZ e ddZ ddZ ZS)r zAn installer base class with reverter and ssl_dhparam methods defined. Installer plugins do not have to inherit from this class. cs4tj|i|t|j|j|_t|j|_dSr)rrrrrstoragerReverter)rr'r(rrrrszInstaller.__init__Fc CsP|r|jj}n|jj}z|||WdStjy'}ztt|d}~ww)aAdd files to a checkpoint. :param set save_files: set of filepaths to save :param str save_notes: notes about changes during the save :param bool temporary: True if the files should be added to a temporary checkpoint rather than a permanent one. This is usually used for changes that will soon be reverted. :raises .errors.PluginError: when unable to add to checkpoint N)radd_to_temp_checkpointadd_to_checkpointr ReverterError PluginErrorrG)r save_files save_notes temporarycheckpoint_funcerrrrrrMs zInstaller.add_to_checkpointc C<z |j|WdStjy}ztt|d}~ww)zTimestamp and save changes made through the reverter. :param str title: Title describing checkpoint :raises .errors.PluginError: when an error occurs N)rfinalize_checkpointrrNrOrG)rtitlerTrrrrVs zInstaller.finalize_checkpointc C:z|jWdStjy}ztt|d}~ww)zRevert all previously modified files. Reverts all modified files that have not been saved as a checkpoint :raises .errors.PluginError: If unable to recover the configuration N)rrecovery_routinerrNrOrGrrTrrrrYs zInstaller.recovery_routinec CrX)zkRollback temporary checkpoint. :raises .errors.PluginError: when unable to revert config N)rrevert_temporary_configrrNrOrGrZrrrr[s z!Installer.revert_temporary_configc CrU)zRollback saved checkpoints. :param int rollback: Number of checkpoints to revert :raises .errors.PluginError: If there is a problem with the input or the function is unable to correctly revert the configuration N)rrollback_checkpointsrrNrOrG)rrollbackrTrrrr]s  zInstaller.rollback_checkpointscCtj|jjtjS)z(Full absolute path to ssl_dhparams file.)r pathr=r config_dirr SSL_DHPARAMS_DESTr-rrr ssl_dhparamszInstaller.ssl_dhparamscCr_)z:Full absolute path to digest of updated ssl_dhparams file.)r r`r=rrar UPDATED_SSL_DHPARAMS_DIGESTr-rrrupdated_ssl_dhparams_digestrdz%Installer.updated_ssl_dhparams_digestcCst|j|jtjtjS)zJCopy Certbot's ssl_dhparams file into the system's config dir if required.)install_version_controlled_filercrfr SSL_DHPARAMS_SRCALL_SSL_DHPARAMS_HASHESr-rrrinstall_ssl_dhparamss zInstaller.install_ssl_dhparamsF)r\)r@rArBrCrrMrVrYr[r]rErcrfrjrHrrrrr s      r c@sveZdZdZdddZeddZddZd d Zd d Z d dZ ddZ ddZ ddZ ddZddZddZdS)AddrzRepresents an virtual host address. :param str addr: addr part of vhost address :param str port: port number or \*, or "" FcCs||_||_dSr)tupipv6)rrmrnrrrrs z Addr.__init__cCs|dr4|d}|d|d}d}t||dkr,||ddkr,||dd}|||fdd S|d}||d |dfS) zInitialize Addr from string.[]Nr\:T)rnr) startswithrfindlen partition)r!str_addrendIndexhostportrmrrr fromstrings    zAddr.fromstringcCs|jdr d|jS|jdS)Nr\z%s:%srrmr-rrr__str__s   z Addr.__str__cCs|jr ||jdfS|jS)z5Normalized representation of addr/port tuple r\)rnget_ipv6_explodedrmr-rrrnormalized_tupleszAddr.normalized_tuplecCs t||jr||kSdS)NF) isinstancer r)rotherrrr__eq__ s z Addr.__eq__cCr,r)hashrmr-rrr__hash__s z Addr.__hash__cC |jdS)z Return addr part of Addr object.rr}r-rrrget_addrr0z Addr.get_addrcCr)z Return port.r\r}r-rrrget_portr0z Addr.get_portcCs||jd|f|jS)z6Return new address object with same addr and new port.r)r rmrn)rr{rrr get_addr_objszAddr.get_addr_objcCs|d}|d}||S)z7Return IPv6 address in normalized form, helper functionrorp)lstriprstrip _explode_ipv6)raddrrrr_normalize_ipv6#s   zAddr._normalize_ipv6cCs |jrd||jdSdS)zReturn IPv6 in normalized formrsrrq)rnr=rrmr-rrrr)szAddr.get_ipv6_explodedcCsgd}|d}t|t|kr|dt|}d}t|D]'\}}|s(d}qt|dkr3|d}|s._write_current_hashcstdSr)shutilcopyfiler)r dest_pathsrc_pathrr_install_current_file~s  z>install_version_controlled_file.._install_current_fileNrzh%s has been manually modified; updated file saved to %s. We recommend updating %s for security purposes.) r sha256sumr r`isfilerreadloggerwarning)rrr all_hashesractive_file_digestr saved_digestr)rrrrrrrgps*       rgcCsdd}|d}|d}|d}t|tjt|tjt|tjt|tjd|}t j |tj||dd|||fS) z5Setup the directories necessary for the configurator.cSstt|S)aReturn the real path of a temp directory with the specified prefix Some plugins rely on real paths of symlinks for working correctly. For example, certbot-apache uses real paths of configuration files to tell a virtual host from another. On systems where TMP itself is a symbolic link, (ex: OS X) such plugins will be confused. This function prevents such a case. )r realpathtempfilemkdtemp)prefixrrrexpanded_tempdirs z#dir_setup..expanded_tempdirtemprworktestdataT)symlinks) r chmodr CONFIG_DIRS_MODE pkg_resourcesresource_filenamer r`r=rcopytree)test_dirpkgrtemp_dirrawork_dir test_configsrrr dir_setups  r))rCabcrrloggingrerrtypingrrcertbotrrrrcertbot._internalr certbot.compatr r certbot.interfacesr AbstractInstallerr AbstractPlugincertbot.plugins.storager getLoggerr@rrrcompileprivate_ips_regex IGNORECASEhostname_regexrlrrgrrrrrsD              Tgb( 2