Your IP : 216.73.216.172


Current Path : /lib/python3/dist-packages/certbot/compat/__pycache__/
Upload File :
Current File : //lib/python3/dist-packages/certbot/compat/__pycache__/filesystem.cpython-38.pyc

U

�]9_�@s`dZddlmZddlZddlZddlZz<ddlZddlZddlZddl	Z	ddl
Z
ddlZddlZWne
k
r|dZYnXdZddlmZmZmZdd�Zd	d
�Zdd�Zd
d�Zdd�Zd8dd�Zd9dd�Zd:dd�Zdd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Z d$d%�Z!d&d'�Z"d(d)�Z#d*d+�Z$d,d-�Z%d.d/�Z&d0d1�Z'd2d3�Z(d4d5�Z)d6d7�Z*dS);z;Compat module to handle files security on Windows and Linux�)�absolute_importNTF)�List�Union�TuplecCs trt�||�n
t||�dS)a^
    Apply a POSIX mode on given file_path:
        * for Linux, the POSIX mode will be directly applied using chmod,
        * for Windows, the POSIX mode will be translated into a Windows DACL that make sense for
          Certbot context, and applied to the file using kernel calls.

    The definition of the Windows DACL that correspond to a POSIX mode, in the context of Certbot,
    is explained at https://github.com/certbot/certbot/issues/6356 and is implemented by the
    method _generate_windows_flags().

    :param str file_path: Path of the file
    :param int mode: POSIX mode to apply
    N)�
POSIX_MODE�os�chmod�_apply_win_mode��	file_path�mode�r
�;/usr/lib/python3/dist-packages/certbot/compat/filesystem.pyrsrcCsVtr:t�|�}|r|jnd}|r&|jnd}t�|||�n|rHt||�t||�dS)a�
    Copy ownership (user and optionally group on Linux) from the source to the
    destination, then apply given mode in compatible way for Linux and Windows.
    This replaces the os.chown command.
    :param str src: Path of the source file
    :param str dst: Path of the destination file
    :param int mode: Permission mode to apply on the destination file
    :param bool copy_user: Copy user if `True`
    :param bool copy_group: Copy group if `True` on Linux (has no effect on Windows)
    ���N)rr�stat�st_uid�st_gid�chown�_copy_win_ownershipr)�src�dstrZ	copy_userZ
copy_groupZstatsZuser_idZgroup_idr
r
r�copy_ownership_and_apply_mode8s

rcCs$trt�t�|�j�|kSt||�S)a`
    Check if the given mode matches the permissions of the given file.
    On Linux, will make a direct comparison, on Windows, mode will be compared against
    the security model.
    :param str file_path: Path of the file
    :param int mode: POSIX mode to test
    :rtype: bool
    :return: True if the POSIX mode matches the file permissions
    )rr�S_IMODEr�st_mode�_check_win_moder
r
r
r�
check_modePsrcCs8trt�|�jt��kSt�|tj�}|��}t	�|kS)z�
    Check if given file is owned by current user.
    :param str file_path: File path to check
    :rtype: bool
    :return: True if given file is owned by current user, False otherwise.
    )
rrrr�getuid�
win32security�GetFileSecurity�OWNER_SECURITY_INFORMATION�GetSecurityDescriptorOwner�_get_current_user)r�security�userr
r
r�check_owneras
r$cCst|�ot||�S)z�
    Check if given file has the given mode and is owned by current user.
    :param str file_path: File path to check
    :param int mode: POSIX mode to check
    :rtype: bool
    :return: True if file has correct mode and owner, False otherwise.
    )r$rr
r
r
r�check_permissionsts	r%�c

Cs:trt�|||�S|tj@�r |tj@r.tjntj}t�	�}|j
}t�}t||�}|�
|d�|�d|d�d}z�z$t�|tjtjtj@||dd�}Wn\tjk
r�}	z<|	jtjkr�ttj|	j��|	jtjkr�ttj|	j��|	�W5d}	~	XYnXW5|�r|��Xt�||tjAtjA�St�||�}t||�|S)az
    Wrapper of original os.open function, that will ensure on Windows that given mode
    is correctly applied.
    :param str file_path: The file path to open
    :param int flags: Flags to apply on file while opened
    :param int mode: POSIX mode to apply on file when opened,
        Python defaults will be applied if ``None``
    :returns: the file descriptor to the opened file
    :rtype: int
    :raise: OSError(errno.EEXIST) if the file already exists and os.O_CREAT & os.O_EXCL are set,
            OSError(errno.EACCES) on Windows if the file already exists and is a directory, and
                os.O_CREAT is set.
    r�N) rr�open�O_CREAT�O_EXCL�win32conZ
CREATE_NEWZ
CREATE_ALWAYSr�SECURITY_ATTRIBUTES�SECURITY_DESCRIPTORr!�_generate_dacl�SetSecurityDescriptorOwner�SetSecurityDescriptorDaclZClose�	win32fileZ
CreateFileZGENERIC_READZFILE_SHARE_READZFILE_SHARE_WRITE�
pywintypes�error�winerrorZERROR_FILE_EXISTS�OSError�errno�EEXIST�strerrorZERROR_SHARING_VIOLATIONZEACCESr)
r�flagsrZdisposition�
attributesr"r#�daclZhandle�errr
r
rr(�s>


�

r(cCs:trt�||�Stj}ztt_t�||�W�S|t_XdS)a3
    Rewrite of original os.makedirs function, that will ensure on Windows that given mode
    is correctly applied.
    :param str file_path: The file path to open
    :param int mode: POSIX mode to apply on leaf directory when created, Python defaults
                     will be applied if ``None``
    N)rr�makedirs�mkdir)rrZ
orig_mkdir_fnr
r
rr=�s	r=c
Cs�trt�||�St��}|j}t�}t||�}|�|d�|�	d|d�zt
�||�WnHtj
k
r�}z(|jtjkr�ttj|j||j��|�W5d}~XYnXdS)a+
    Rewrite of original os.mkdir function, that will ensure on Windows that given mode
    is correctly applied.
    :param str file_path: The file path to open
    :param int mode: POSIX mode to apply on directory when created, Python defaults
                     will be applied if ``None``
    Fr'rN)rrr>rr,r-r!r.r/r0r1ZCreateDirectoryr2r3r4ZERROR_ALREADY_EXISTSr5r6r7r8)rrr:r"r#r;r<r
r
rr>�s	
r>cCs,ttd�rttd�||�nt�||�dS)z�
    Rename a file to a destination path and handles situations where the destination exists.
    :param str src: The current file path.
    :param str dst: The new file path.
    �replaceN)�hasattrr�getattr�rename)rrr
r
rr?�s
r?cCs�|}tr2tj�|�}tj�|�r.td�|���|Sg}tj�|�r�|}t�|�}tj�|�srtj�	tj�
|�|�}||kr�td�|���|�|�q6tj�|�S)z�
    Find the real path for the given path. This method resolves symlinks, including
    recursive symlinks, and is protected against symlinks that creates an infinite loop.
    zError, link {0} is a loop!)
rr�path�realpath�islink�RuntimeError�format�readlink�isabs�join�dirname�append�abspath)rZ
original_pathrCZinspected_pathsZ	link_pathr
r
rrD
s 
rDcCs&trtj�|�ot�|tj�St|�S)z�
    Is path an executable file?
    :param str path: path to test
    :return: True if path is an executable file
    :rtype: bool
    )rrrC�isfile�access�X_OK�_win_is_executable)rCr
r
r�
is_executable/srRcCsVtr tt�t�|�j�tj@�St�|tj	�}|�
�}t|�tjtj
t�d�d���S)z�
    Check if everybody/world has any right (read/write/execute) on a file given its path
    :param str path: path to test
    :return: True if everybody/world has any right to the file
    :rtype: bool
    �S-1-1-0�ZTrusteeFormZTrusteeTypeZ
Identifier)r�boolrrrr�S_IRWXOrr�DACL_SECURITY_INFORMATION�GetSecurityDescriptorDacl�GetEffectiveRightsFromAcl�TRUSTEE_IS_SID�TRUSTEE_IS_USER�ConvertStringSidToSid)rCr"r;r
r
r�has_world_permissions=s�r]cCs:tr6t�t�|�j�tjtjBtjBtjB@}||BS|S)a
    Calculate the POSIX mode to apply to a private key given the previous private key
    :param str old_key: path to the previous private key
    :param int base_mode: the minimum modes to apply to a private key
    :return: the POSIX mode to apply
    :rtype: int
    )	rrrrr�S_IRGRP�S_IWGRP�S_IXGRP�S_IROTH)Zold_keyZ	base_modeZold_moder
r
r�compute_private_key_modeRs	�rbcCsdtr0t�|�}t�|�}|j|jf|j|jfkSt�|tj�}|��}t�|tj�}|��}||kS)ar
    Return True if the ownership of two files given their respective path is the same.
    On Windows, ownership is checked against owner only, since files do not have a group owner.
    :param str path1: path to the first file
    :param str path2: path to the second file
    :return: True if both files have the same ownership, False otherwise
    :rtype: bool

    )	rrrrrrrrr )Zpath1Zpath2Zstats1Zstats2Z	security1Zuser1Z	security2Zuser2r
r
r�has_same_ownershipgs

rccCs�trt�|�j}|||BkSt|�}t�|tjtjB�}|�	�}|�
�}t||�}t|�
��D]F}|�|�}|d}	|d}|�tjtj|d��}
|
|
|	Bkr^dSq^dS)a�
    Check if a file given its path has at least the permissions defined by the given minimal mode.
    On Windows, group permissions are ignored since files do not have a group owner.
    :param str path: path to the file to check
    :param int min_mode: the minimal permissions expected
    :return: True if the file matches the minimal permissions expectations, False otherwise
    :rtype: bool
    r'�rTFT)rrrrrDrrrrWr rXr.�range�GetAceCount�GetAcerYrZr[)rCZmin_moderr"r#r;Zmin_dacl�indexZmin_ace�maskZeffective_maskr
r
r�has_min_permissions�s.

�

�rjcCsNtj�|�sdSt�|tj�}|��}|�tjtj	t
�d��}|tj@tjkS)NFrT)
rrCrNrrrWrXrYrZr[r!�
ntsecuritycon�FILE_GENERIC_EXECUTE)rCr"r;rr
r
rrQ�s�rQcCsJt|�}t�|tj�}|��}t||�}|�d|d�t�|tj|�dS)z�
    This function converts the given POSIX mode into a Windows ACL list, and applies it to the
    file given its path. If the given path is a symbolic link, it will resolved to apply the
    mode on the targeted file.
    r'rN)	rDrrrr r.r0�SetFileSecurityrW)rrr"r#r;r
r
rr	�s
r	c
Cs�t|�}t�d�}t�d�}t�d�}t��}|||fkrZt|d�}|rZ|�tj||�t|d�}|rz|�tj||�tdddd��}	|�tj|	|�|�tj|	|�|S)NzS-1-5-18zS-1-5-32-544rSr#�allT��read�write�execute)�
_analyze_moderr\ZACL�_generate_windows_flagsZAddAccessAllowedAceZACL_REVISION)
Zuser_sidrZanalysis�systemZadminsZeveryoner;Z
user_flagsZeverybody_flagsZfull_permissionsr
r
rr.�s 


r.cCs>|tj@|tj@|tj@d�|tj@|tj@|tj@d�d�S)Nro)r#rn)r�S_IRUSR�S_IWUSR�S_IXUSRra�S_IWOTH�S_IXOTH)rr
r
rrs�s���rscCsDt�|tj�}|��}t�|tj�}|�|d�t�|tj|�dS�NF)rrrr r/rm)rrZsecurity_srcZuser_srcZsecurity_dstr
r
rrs
rcCsJd}|dr|tjB}|dr4|tjtjAtjAB}|drF|tjB}|S)Nrrprqrr)rkZFILE_GENERIC_READZFILE_ALL_ACCESSrl)Zrights_desc�flagr
r
rrt
s
��
rtcCsHt|�}t�|tjtjB�}|��}|��}|s4dSt||�}t||�Sr{)	rDrrrrWrXr r.�_compare_dacls)rrr"r;r#Zref_daclr
r
rr,s
�
rcs4�fdd�t����D��fdd�t����D�kS)z�
    This method compare the two given DACLs to check if they are identical.
    Identical means here that they contains the same set of ACEs in the same order.
    csg|]}��|��qSr
�rg��.0rh)�dacl1r
r�
<listcomp>Gsz"_compare_dacls.<locals>.<listcomp>csg|]}��|��qSr
r~r)�dacl2r
rr�Hs)rerf�r�r�r
r�rr}Bs�r}cCst�tj�}t�d|�dS)z=
    Return the pySID corresponding to the current user.
    Nr)�win32apiZ
GetUserNameExZNameSamCompatiblerZLookupAccountName)Zaccount_namer
r
rr!Ksr!)r&)r&)r&)+�__doc__Z
__future__rr6rrrkrr+r�r1r2r4�ImportErrorrZacme.magic_typingrrrrrrr$r%r(r=r>r?rDrRr]rbrcrjrQr	r.rsrrtrr}r!r
r
r
r�<module>sP

E

%-"