M/ep>dZddlZddlZddlZddlZddlmZddlmZddlmZddlm Z ddlm Z ddlm Z dd lm Z dd lm Z dd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z!ddl"m#Z#ddl"m Z ddl$m%Z%ejLe'Z(dZ)ddgZ*Gdde#jVejXZ,Gdd ejZZ.Gd!d"ejZZ/d#e0d$e0fd%Z1y)&zWebroot plugin.N)Any)Callable) DefaultDict)Dict)Iterable)List)Optional)Sequence)Set)Type)Union) challenges) crypto_util)errors) interfaces)cli)AnnotatedChallenge) filesystem)os)ops)util)common) safe_opena! @20c5ca1bd58fa8ad5f07a2f1be8b7cbb707c20fcb607a8fc8db9393952846a97@8d31383d3a079d2098a9d0c0921f4ab87e708b9868dc3f314d54094c2fe70336ceZdZdZdZdZdefdZede dddfd Z d e e defd Z d edeeej"fd Zdededdffd Zd dZde e de ej,fdZdee ddfdZd ede edeefdZd ede edeefdZd!d ededeefdZd dZdede defdZde dej,fdZ de e ddfdZ!xZ"S)" AuthenticatorzWebroot Authenticator.zSaves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).zAuthenticator plugin that performs http-01 challenge by saving necessary validation resources to appropriate paths on the file system. It expects that there is some other HTTP server configured to serve all files under specified web root ({0}).returncV|jj|jdS)Npath) MORE_INFOformatconfselfs C/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py more_infozAuthenticator.more_infoFs ~~$$TYYv%677add).NNcF|ddgtd|ditdy)Nr z-wapublic_html / webroot path. This can be specified multiple times to handle different domains; each domain will have the webroot path that preceded it. For instance: `-w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.net -d m.thing.net` (default: Ask))defaultactionhelpmapaJSON dictionary mapping domains to webroot paths; this implies -d for each entry. You may need to escape this from your shell. E.g.: --webroot-map '{"eg1.is,m.eg1.is":"/www/eg1/", "eg2.is":"/www/eg2"}' This option is merged with, but takes precedence over, -w / -d entries. At present, if you put webroot-map in a config file, it needs to be on a single line, like: webroot-map = {"example.com":"/var/www"}.)_WebrootPathAction_WebrootMapAction)clsr)s r&add_parser_argumentsz"Authenticator.add_parser_argumentsIs0 FD"-?N O E2&7/ 0r(failed_achallscy)NzThe Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.)r%r3s r& auth_hintzAuthenticator.auth_hint[s%r(domainc$tjgSN)rHTTP01)r%r7s r&get_chall_prefzAuthenticator.get_chall_prefas!!""r(argskwargsc|t||i|i|_tjt |_g|_yr9)super__init__ full_roots collections defaultdictset performed _created_dirsr%r<r= __class__s r&r@zAuthenticator.__init__es7 $)&)*,DOD[D[\_D`(*r(cyr9r5r$s r&preparezAuthenticator.preparels r(achallsc|j||j|Dcgc]}|j|c}Scc}wr9) _set_webroots_create_challenge_dirs_perform_single)r%rKachalls r&performzAuthenticator.performos; 7# ##%;BC$$V,CCCsAcf|jdr]|jdd}tjd||D]-}|jdj|j|/yt t |jdj}|D]~}|j|jdvs!|j|j|} |j||jd|||jd|j<y#t$rY>wxYw)Nr z4Using the webroot path %s for all unmatched domains.r.r) r#loggerinfo setdefaultr7listrDvalues_prompt_for_webrootremove ValueErrorinsert)r%rK webroot_pathrPknown_webroots new_webroots r&rMzAuthenticator._set_webrootsvs 99V 99V,R0L KKN$ &! I % ++FMM<H I"#dii&6&=&=&?"@AN! B== %(88"&":":6==;I#KK&--k:#))![96ADIIe$V]]3 B&s D$$ D0/D0r^cd}|=|r&|j||}|$|j|}n|j|d}|=|S)NT)_prompt_with_webroot_list_prompt_for_new_webroot)r%r7r^webroots r&rYz!Authenticator._prompt_for_webrootsXo88P?"::6BG66vtDor(cd|jdz} tjdj|dg|z|d\}}|tjk(rt j d|dk(rdS||d z S) Nz--r TzSelect the webroot for {0}:zEnter a new webroot)cli_flagforce_interactiveIEvery requested domain must have a webroot when using the webroot plugin.r) option_name display_utilmenur"CANCELr PluginError)r%r7r^ path_flagcodeindexs r&raz'Authenticator._prompt_with_webroot_lists4++F33 &++-44V<&'.8"d>!A:4 D>%!)+D Dr( allowraisectjtdj|d\}}|tj k(r|syt jdt|S)NzInput the webroot for {0}:T)rfrg)rvalidated_directory_validate_webrootr"rjrlrrm)r%r7rqrorcs r&rbz%Authenticator._prompt_for_new_webrootse//  ( / / 7"$ g <&& &$$9: :!))r(c |jd}|stjd|jD]"\}}tj j |tj jtjj|j|<tjd|j|tjd5t!t#j$|j|ddt&D]o}tj j)|r# tj*|d|j,j/| tj0||ddd q dddtj:rctj j |j|d }tj j=|r%tj?d|j|tj?d|j|tA|dd5}|jCtDddd%y#t2t4f$r6}tj7d tjd |Yd}~!d}~wwxYw#t2$r*}tjd j9||d}~wwxYw#1swY^xYw#1swYxYw)Nr.zMissing parts of webroot configuration; please set either --webroot-path and --domains, or --webroot-map. Run with --help webroot for examples.z-Creating root challenges validation dir at %srS)keyiT) copy_user copy_groupz3Unable to change owner and uid of webroot directory Error was: %sz=Couldn't create root for {0} http-01 challenge responses: {1} web.configzPA web.config file has not been created in %s because another one already exists.zGCreating a web.config file in %s to allow IIS to serve challenge files.wmodechmod)#r#rrmitemsrr joinnormcaserr: URI_ROOT_PATHrArTdebugr temp_umasksortedr get_prefixeslenisdirmkdirrFappendcopy_ownership_and_apply_modeOSErrorAttributeErrorwarningr" POSIX_MODEexistsrUrwrite_WEB_CONFIG_CONTENT)r%path_mapnamer prefix exceptionweb_config_path web_configs r&rNz$Authenticator._create_challenge_dirss99U#$$01 1#..*. :JD$$&GGLLrww7G7G!!//81%2DOOD ! LLH. 0 &&u- P%T%6%6tt7L%Mcr%RX[\PFww}}V,!P #((7**11&9E&DD $fetPTVP P8(("$'',,tt/Dl"S77>>/2KK!IJN//Z^J_a 89=9NPSF:*$$%89::[. :6!(8E"NN+`a"LL)DDE#P$0077=vdI7NPPP+ P PH::saAK31J(%I ?K>K+ J% /+J J( J% %J(( K 1%K K KK( +K5 root_pathrPcttjj||jj dS)Ntoken)rr rchallencode)r%rrPs r&_get_validation_pathz"Authenticator._get_validation_paths&ww||Iv||':':7'CDDr(c|j\}}|j|j}|j||}tj d|t jd5t|dd5}|j|jdddddd|j|j||S#1swY1xYw#1swY5xYw)Nz#Attempting to save validation to %srvwbr}r~) response_and_validationrAr7rrTrrrrrrrEr))r%rPresponse validationrvalidation_pathvalidation_files r&rOzAuthenticator._perform_singles%==?*OOFMM2 33IvF :OL " "5 ) ;?UC ;%%j&7&7&9: ; ; y!%%f-  ; ; ; ;s$*C9 C C C CCc|D]8}|jj|jd}|-|j||}tj d|t j||j|j|tjrt jj|d}t jj|stj|}|t vr-tj#d|t j|#tj#d|;g}|j$r=|j$j'} t j(||j$r=||_tj dy#t*$rH} |j-d|tj#d|tj d| Yd} ~ vd} ~ wwxYw) Nz Removing %sr{z4Cleaning web.config file generated by Certbot in %s.zQNot cleaning up the web.config file in %s because it is not generated by Certbot.rz3Challenge directory %s was not empty, didn't removerzzAll challenges cleaned up)rAgetr7rrTrrrZrErrr rrr sha256sum_WEB_CONFIG_SHA256SUMSrUrFpoprmdirrr\) r%rKrPrrrr not_removedr excs r&cleanupzAuthenticator.cleanups ^F++FMM4@I$"&";";Iv"N ]O< /*y)008!,,&(ggll9l&KOww~~o6$/$9$9/$J $(>>"KK(^(13IIo6"KK)RS\^# ^("$   %%))+D 3  ) 01  3""1d+ QSWX _c22 3s(F'' G80>G33G8)rN)F)#__name__ __module__ __qualname____doc__ descriptionr!strr' classmethodrr2rrr6rr r Challenger;rr@rJChallengeResponserQrMr rYraboolrbrNrrOr __classcell__rHs@r&rr8s @K 6I 8380x ':0t00"&-?(@&S& #S#Xd:;O;O6P-Q#+c+S+T+ Dt$67DDA]A]<^DBX.@%ABdB, # tCy XVY]  E E26s) E@H  E *c *t *PXY\P] *5:nEcE;MERUE &8 Z=Y=Y 2t$672D2r(rc peZdZdZ d dej dej deee e dfde eddf dZ y) r0z%Action class for parsing webroot_map.Nparser namespace webroot_map option_stringrc|ytjt|jD]H\}t |j j fdtj||DJy)Nc3&K|]}|f ywr9r5).0dr]s r& z-_WebrootMapAction.__call__..,s)P&'L!)Ps) jsonloadsrrrtrupdater add_domains)r%rrrrdomainsr]s @r&__call__z_WebrootMapAction.__call__%st   %)ZZK0@%A%G%G%I P !G\,\:L  ! ! ( ()P+.??9g+N)P P Pr(r9) rrrrargparseArgumentParser Namespacer rr rr rr5r(r&r0r0"s[/15Px66P8CUCUP#C#$<=P ( P9=Pr(r0c eZdZdZdededdffd Z d dejdejd e e e edfd e e ddf d Z xZS) r/z&Action class for parsing webroot_path.r<r=rNc2t||i|d|_y)NF)r?r@_domain_before_webrootrGs r&r@z_WebrootPathAction.__init__3s $)&)&+#r(rrr]rc^|y|jrtjd|jr=|jd}|jD]}|j j || n|jrd|_|jjtt|y)NzPIf you specify multiple webroot paths, one of them must precede all domain flagsrST) rrrmr]rrrVrrtr)r%rrr]r prev_webrootr7s r&rz_WebrootPathAction.__call__7s     & &$$<= =  ! !%11"5L#++ G%%00F G   *.D '%%&7L8I&JKr(r9)rrrrrr@rrrr rr r rrrs@r&r/r/0sv0,c,S,T, 15Lx66L8CUCUL$S(3-%=>L ( L9=Lr(r/r]rctjj|stj|dztjj |S)zValidates and returns the absolute path of webroot_path. :param str webroot_path: path to the webroot directory :returns: absolute path of webroot_path :rtype: str z% does not exist or is not a directory)rr rrrmabspath)r]s r&rtrtMs> 77== &  0W!WXX 77??< ((r()2rrrBrloggingtypingrrrrrrr r r r r acmercertbotrrrcertbot._internalrcertbot.achallengesrcertbot.compatrrcertbot.displayrrrjcertbot.pluginsr certbot.utilr getLoggerrrTrrPluginrActionr0r/rrtr5r(r&rs !2%0" "   8 $  GF g2FMM:#;#;g2T P PLL: )C )C )r(