3 گab>@sdZddlZddlZddlZddlZddlmZddlmZddlmZddlm Z ddlm Z ddlm Z dd lm Z dd lm Z dd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z ddlm!Z"ddl#m$Z$ddl#m!Z!ddl%m&Z&ej'e(Z)dZ*ddgZ+Gddde$j,ej-Z-Gdd d ej.Z/Gd!d"d"ej.Z0e1e1d#d$d%Z2dS)&zWebroot plugin.N)Any)Callable) DefaultDict)Dict)Iterable)List)Optional)Sequence)Set)Type)Union) challenges) crypto_util)errors) interfaces)cli)"KeyAuthorizationAnnotatedChallenge) filesystem)os)ops)util)common) safe_opena! Z@20c5ca1bd58fa8ad5f07a2f1be8b7cbb707c20fcb607a8fc8db9393952846a97Z@8d31383d3a079d2098a9d0c0921f4ab87e708b9868dc3f314d54094c2fe70336csTeZdZdZdZdZedddZee d/dd d d Z e e ed d dZ ee eejdddZeeddfdd ZddddZe e eejdddZe e ddddZeeeeedddZeeeeeddd Zd0eeeed"d#d$Zddd%d&Zee ed'd(d)Ze ejd*d+d,Z e e ddd-d.Z!Z"S)1 AuthenticatorzWebroot Authenticator.z Place files in webroot directoryzAuthenticator plugin that performs http-01 challenge by saving necessary validation resources to appropriate paths on the file system. It expects that there is some other HTTP server configured to serve all files under specified web root ({0}).)returncCs|jj|jdS)Npath) MORE_INFOformatconf)selfr /usr/lib/python3.6/webroot.py more_infoCszAuthenticator.more_info.N)addrcCs&|ddgtdd|ditdddS)Nrz-wapublic_html / webroot path. This can be specified multiple times to handle different domains; each domain will have the webroot path that preceded it. For instance: `-w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.net -d m.thing.net` (default: Ask))defaultactionhelpmapaJSON dictionary mapping domains to webroot paths; this implies -d for each entry. You may need to escape this from your shell. E.g.: --webroot-map '{"eg1.is,m.eg1.is":"/www/eg1/", "eg2.is":"/www/eg2"}' This option is merged with, but takes precedence over, -w / -d entries. At present, if you put webroot-map in a config file, it needs to be on a single line, like: webroot-map = {"example.com":"/var/www"}.)_WebrootPathAction_WebrootMapAction)clsr#r r r!add_parser_argumentsFs z"Authenticator.add_parser_arguments)failed_achallsrcCsdS)NzThe Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.r )rr,r r r! auth_hintXszAuthenticator.auth_hint)domainrcCstjgS)N)r HTTP01)rr.r r r!get_chall_pref^szAuthenticator.get_chall_pref)argskwargsrcs*tj||i|_tjt|_g|_dS)N)super__init__ full_roots collections defaultdictset performed _created_dirs)rr1r2) __class__r r!r4bs zAuthenticator.__init__cCsdS)Nr )rr r r!prepareiszAuthenticator.prepare)achallsrcs$j|jfdd|DS)Ncsg|]}j|qSr )_perform_single).0achall)rr r! qsz)Authenticator.perform..) _set_webroots_create_challenge_dirs)rr=r )rr!performls zAuthenticator.performc Cs|jdrH|jdd}tjd|x|D]}|jdj|j|q*Wntt|jdj}xj|D]b}|j|jdkrd|j|j|}y|j |Wnt k rYnX|j d|||jd|j<qdWdS)Nrz4Using the webroot path %s for all unmatched domains.r'r) rloggerinfo setdefaultr.listr8values_prompt_for_webrootremove ValueErrorinsert)rr= webroot_pathr@known_webrootsZ new_webrootr r r!rBss"    zAuthenticator._set_webroots)r.rQrcCsFd}x<|dkr@|r2|j||}|dkr>|j|}q|j|d}qW|S)NT)_prompt_with_webroot_list_prompt_for_new_webroot)rr.rQwebrootr r r!rLs   z!Authenticator._prompt_for_webrootcCsbd|jd}xNtjdj|dg||dd\}}|tjkrFtjd|dkrRdS||d SdS) Nz--rzSelect the webroot for {0}:zEnter a new webrootT)Zcli_flagforce_interactivezIEvery requested domain must have a webroot when using the webroot plugin.rrE)Z option_name display_utilZmenurCANCELr PluginError)rr.rQZ path_flagcodeindexr r r!rRs z'Authenticator._prompt_with_webroot_listF)r. allowraisercCs>tjtdj|dd\}}|tjkr6|s,dStjdt|S)NzInput the webroot for {0}:T)rUzIEvery requested domain must have a webroot when using the webroot plugin.)rZvalidated_directory_validate_webrootrrVrWrrX)rr.r[rYrTr r r!rSs  z%Authenticator._prompt_for_new_webrootc Cs|jd}|stjdx|jD]\}}tjj|tjjtj j |j |<t j d|j |tjd}zxttj|j |ddtdD]}tjj|rqyttj|d|jj|ytj||dddd Wn>ttfk r}zt jd t j d |WYdd}~XnXWqtk rJ}ztjd j||WYdd}~XqXqWWdtj|Xtjs$tjj|j |d }tjj|rt jd|j |q$t jd|j |t |ddd}|j!t"WdQRXq$WdS)Nr'zMissing parts of webroot configuration; please set either --webroot-path and --domains, or --webroot-map. Run with --help webroot for examples.z-Creating root challenges validation dir at %srE)keyiT)Z copy_userZ copy_groupz3Unable to change owner and uid of webroot directoryz Error was: %sz=Couldn't create root for {0} http-01 challenge responses: {1}z web.configzPA web.config file has not been created in %s because another one already exists.zGCreating a web.config file in %s to allow IIS to serve challenge files.wi)modechmodrF)#rrrXitemsrrjoinnormcaser r/Z URI_ROOT_PATHr5rGdebugrumasksortedrZ get_prefixeslenisdirmkdirr:appendZcopy_ownership_and_apply_modeOSErrorAttributeErrorZwarningr POSIX_MODEexistsrHrwrite_WEB_CONFIG_CONTENT) rZpath_mapnamer old_umaskprefixZ exceptionweb_config_pathZ web_configr r r!rCsL   &    "$   z$Authenticator._create_challenge_dirs) root_pathr@rcCstjj||jjdS)Ntoken)rrrcZchallencode)rrvr@r r r!_get_validation_pathsz"Authenticator._get_validation_path)r@rcCs|j\}}|j|j}|j||}tjd|tjd}z,t|ddd}|j |j WdQRXWdtj|X|j |j ||S)Nz#Attempting to save validation to %sr]wbi)r`ra) Zresponse_and_validationr5r.ryrGrerrfrrprxr9r#)rr@ZresponseZ validationrvvalidation_pathrsZvalidation_filer r r!r>s      zAuthenticator._perform_singlec Cs6x|D]}|jj|jd}|dk r|j||}tjd|tj||j|j|t j stj j |d}tj j |rtj|}|tkrtjd|tj|qtjd|qWg}xn|jr |jj}ytj|Wqtk r} z*|jd|tjd|tjd| WYdd} ~ XqXqW||_tjddS) Nz Removing %sz web.configz4Cleaning web.config file generated by Certbot in %s.zQNot cleaning up the web.config file in %s because it is not generated by Certbot.rz3Challenge directory %s was not empty, didn't removez Error was: %szAll challenges cleaned up)r5getr.ryrGrerrMr9rrnrrcror sha256sum_WEB_CONFIG_SHA256SUMSrHr:poprmdirrlrO) rr=r@rvr{rur}Z not_removedrexcr r r!cleanups8            "zAuthenticator.cleanup).N)F)#__name__ __module__ __qualname____doc__ descriptionrstrr" classmethodrr+rAnnotatedChallenger-r r Z Challenger0rr4r<rZChallengeResponserDrBrrLrRboolrSrCryr>r __classcell__r r )r;r!r8s( :rc@s>eZdZdZdejejeee e dfe eddddZ dS)r)z%Action class for parsing webroot_map.N)parser namespace webroot_map option_stringrcsZ|dkr dSxHtjt|jD]2\}t|jjfddtj||Dq WdS)Nc3s|]}|fVqdS)Nr )r?d)rPr r! 1sz-_WebrootMapAction.__call__..) jsonloadsrrbr\rupdaterZ add_domains)rrrrrdomainsr )rPr!__call__)s z_WebrootMapAction.__call__)N) rrrrargparseArgumentParser Namespacer rr rrrr r r r!r)&sr)csXeZdZdZeeddfdd Zd ejeje e e edfe e ddddZ ZS) r(z&Action class for parsing webroot_path.N)r1r2rcstj||d|_dS)NF)r3r4_domain_before_webroot)rr1r2)r;r r!r47sz_WebrootPathAction.__init__)rrrPrrcCsp|dkr dS|jrtjd|jrL|jd}x*|jD]}|jj||q4Wn |jrXd|_|jjtt |dS)NzPIf you specify multiple webroot paths, one of them must precede all domain flagsrETrF) rrrXrPrrrIrkr\r)rrrrPrZ prev_webrootr.r r r!r;s  z_WebrootPathAction.__call__)N)rrrrrr4rrrr rr rrrr r )r;r!r(4sr()rPrcCs&tjj|stj|dtjj|S)zValidates and returns the absolute path of webroot_path. :param str webroot_path: path to the webroot directory :returns: absolute path of webroot_path :rtype: str z% does not exist or is not a directory)rrrirrXabspath)rPr r r!r\Qs r\)3rrr6rZloggingZtypingrrrrrrrr r r r Zacmer ZcertbotrrrZcertbot._internalrZcertbot.achallengesrrZcertbot.compatrrZcertbot.displayrrrVZcertbot.pluginsrZ certbot.utilrZ getLoggerrrGrqr~ZPluginrZActionr)r(rr\r r r r!sJ                         o