| Server IP : 209.38.156.173 / Your IP : 216.73.216.122 [ Web Server : Apache/2.4.52 (Ubuntu) System : Linux lakekumayuhotel 5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025 x86_64 User : root ( 0) PHP Version : 8.1.2-1ubuntu2.22 Disable Function : NONE Domains : 2 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /lib/python3/dist-packages/certbot/compat/__pycache__/ |
Upload File : |
o
����6��a�s�������������������
���@���s���d�Z�ddlmZ�ddlZddlZddlZddlZddlmZ�z
ddl Z ddl
Z
ddl
Z
ddl
Z
ddl
Z
ddlZddlZW�n
�eyG���dZY�nw�dZG�dd��d�Ze��Zd ed
ed
dfd
d
�Zded
efdd�Zdeded
ededed
df
dd�Z dRdedededed
df
dd�Zd ed
ed
efdd�Zd ed
efdd
�Z
d ed
ed
efd
d
�Z
dSd ed ed
ed
efd!d"�Z
dSd ed
ed
dfd#d$�Z dSd ed
ed
dfd%d&�Z deded
dfd'd(�Z!d ed
efd)d*�Z"d+ed
efd,d-�Z#d.ed
efd/d0�Z$d.ed
efd1d2�Z%d3ed4ed
efd5d6�Z&d7ed8ed
efd9d:�Z'd.ed;ed
efd<d=�Z(d>d?��Z)d@dA��Z*dTdBdC�Z+dDdE��Z,dFdG��Z-dHdI��Z.dJdK��Z/dLdM��Z0dNdO��Z1dPdQ��Z2dS�)Uz;Compat module to handle files security on Windows and Linux�����)�absolute_importN)�ListTFc�������������������@���s���e�Zd�ZdZdd��ZdS�)�
_WindowsUmaskz+Store the current umask to apply on Windowsc�����������������C���s
���d|�_�d�S�)N����)�mask)�self��r����;/usr/lib/python3/dist-packages/certbot/compat/filesystem.py�__init__ ���s���
z_WindowsUmask.__init__N)�__name__�
__module__�
__qualname__�__doc__r
���r���r���r���r ���r���
���s����
r���� file_path�mode�returnc�����������������C���s"���t�r
t�|�|��dS�t|�|��dS�)a[��
Apply a POSIX mode on given file_path:
- for Linux, the POSIX mode will be directly applied using chmod,
- for Windows, the POSIX mode will be translated into a Windows DACL that make sense for
Certbot context, and applied to the file using kernel calls.
The definition of the Windows DACL that correspond to a POSIX mode, in the context of Certbot,
is explained at https://github.com/certbot/certbot/issues/6356 and is implemented by the
method `_generate_windows_flags()`.
:param str file_path: Path of the file
:param int mode: POSIX mode to apply
N)�
POSIX_MODE�os�chmod�_apply_win_mode�r���r���r���r���r ���r���&���s���r���r���c�����������������C���s
���t�rt�|��S�tj}|�t_|S�)a$��
Set the current numeric umask and return the previous umask. On Linux, the built-in umask
method is used. On Windows, our Certbot-side implementation is used.
:param int mask: The user file-creation mode mask to apply.
:rtype: int
:return: The previous umask value.
)r���r����umask�_WINDOWS_UMASKr���)r����previous_umaskr���r���r ���r���;���s
���
r����src�dst� copy_user�
copy_groupc�����������������C���sV���t�r
t�|��}|r
|jnd}|r|jnd}t�|||��n|r$t|�|��t||��dS�)a���
Copy ownership (user and optionally group on Linux) from the source to the
destination, then apply given mode in compatible way for Linux and Windows.
This replaces the os.chown command.
:param str src: Path of the source file
:param str dst: Path of the destination file
:param int mode: Permission mode to apply on the destination file
:param bool copy_user: Copy user if `True`
:param bool copy_group: Copy group if `True` on Linux (has no effect on Windows)
���N)r���r����stat�st_uid�st_gid�chown�_copy_win_ownershipr���)r���r���r���r
���r
����stats�user_id�group_idr���r���r ����
copy_ownership_and_apply_modeU���s���
r'���c�����������������C���sd���t�r$t�|��}|r
|jnd}|r|jnd}t�|||��t||j��dS�|r+t|�|��t |�|��dS�)aU��
Copy ownership (user and optionally group on Linux) and mode/DACL
from the source to the destination.
:param str src: Path of the source file
:param str dst: Path of the destination file
:param bool copy_user: Copy user if `True`
:param bool copy_group: Copy group if `True` on Linux (has no effect on Windows)
r
���N)
r���r���r ���r ���r!���r"���r����st_moder#����_copy_win_mode)r���r���r
���r
���r$���r%���r&���r���r���r ����copy_ownership_and_modev���s���
r*���c�����������������C���s$���t�r
t�t�|��j�|kS�t|�|�S�)aa��
Check if the given mode matches the permissions of the given file.
On Linux, will make a direct comparison, on Windows, mode will be compared against
the security model.
:param str file_path: Path of the file
:param int mode: POSIX mode to test
:rtype: bool
:return: True if the POSIX mode matches the file permissions
)r���r ����S_IMODEr���r(����_check_win_moder���r���r���r ����
check_mode����s���
r-���c�����������������C���s8���t�r
t�|��jt���kS�t�|�tj�}|���}t ��|kS�)z�
Check if given file is owned by current user.
:param str file_path: File path to check
:rtype: bool
:return: True if given file is owned by current user, False otherwise.
)
r���r���r ���r ����getuid�
win32security�GetFileSecurity�OWNER_SECURITY_INFORMATION�GetSecurityDescriptorOwner�_get_current_user)r����security�userr���r���r ����
check_owner����s
���
r6���c�����������������C���s���t�|��ot|�|�S�)z�
Check if given file has the given mode and is owned by current user.
:param str file_path: File path to check
:param int mode: POSIX mode to check
:rtype: bool
:return: True if file has correct mode and owner, False otherwise.
)r6���r-���r���r���r���r ����check_permissions����s��� r7�������flagsc�����������
���
���C���s>��t�r t�|�||�S�|tj@�r�|tj@�rtjntj}t� ��}|j
}t
��}t
||t
j�}|�|d��|�d|d��d}zDzt�|�tjtjtj@�||dd�}W�n)�tjyu�} �z
| jtjkrbttj
| j
��| jtj
krottj | j
��| �d} ~ ww�W�|r}|� ���n|r�|� ���w�w�t�|�|tjA�tjA��S�t�|�|�}t!|�|��|S�)aw��
Wrapper of original os.open function, that will ensure on Windows that given mode
is correctly applied.
:param str file_path: The file path to open
:param int flags: Flags to apply on file while opened
:param int mode: POSIX mode to apply on file when opened,
Python defaults will be applied if ``None``
:returns: the file descriptor to the opened file
:rtype: int
:raise: OSError(errno.EEXIST) if the file already exists and os.O_CREAT & os.O_EXCL are set,
OSError(errno.EACCES) on Windows if the file already exists and is a directory, and
os.O_CREAT is set.
r�������N)"r���r����open�O_CREAT�O_EXCL�win32con�
CREATE_NEW�
CREATE_ALWAYSr/����SECURITY_ATTRIBUTES�SECURITY_DESCRIPTORr3����_generate_daclr���r����SetSecurityDescriptorOwner�SetSecurityDescriptorDacl� win32file�
CreateFile�
GENERIC_READ�FILE_SHARE_READ�FILE_SHARE_WRITE�
pywintypes�error�winerror�ERROR_FILE_EXISTS�OSError�errno�EEXIST�strerror�ERROR_SHARING_VIOLATION�EACCES�Closer���)
r���r9���r����
disposition�
attributesr4���r5����dacl�handle�errr���r���r ���r;�������sF���
�
���
��
�
r;���c�����������������C���sr���t�d�}z/t�|d|A�B���trt�|�|�W�t�|��S�tj}ztt_t�|�|�W�|t_W�t�|��S�|t_w�t�|��w�)a4��
Rewrite of original os.makedirs function, that will ensure on Windows that given mode
is correctly applied.
:param str file_path: The file path to open
:param int mode: POSIX mode to apply on leaf directory when created, Python defaults
will be applied if ``None``
r���r8���)r���r���r����makedirs�mkdir)r���r����
current_umask�
orig_mkdir_fnr���r���r ���r[�����s
���
�
�
r[���c��������������
���C���s����t�rt�|�|�S�t���}|j}t��}t||tj �}|�
|d��|�
d|d��z t
�
|�|��W�dS��tjyN�}�z|jtjkrHttj|j|�|j��|�d}~ww�)a,��
Rewrite of original os.mkdir function, that will ensure on Windows that given mode
is correctly applied.
:param str file_path: The file path to open
:param int mode: POSIX mode to apply on directory when created, Python defaults
will be applied if ``None``
Fr:���r���N)r���r���r\���r/���rA���rB���r3���rC���r���r���rD���rE���rF����CreateDirectoryrK���rL���rM����ERROR_ALREADY_EXISTSrO���rP���rQ���rR���)r���r���rW���r4���r5���rX���rZ���r���r���r ���r\���$��s"���
�
��r\���c�����������������C���s.���t�td�rttd�|�|��dS�t�|�|��dS�)z�
Rename a file to a destination path and handles situations where the destination exists.
:param str src: The current file path.
:param str dst: The new file path.
�replaceN)�hasattrr����getattr�rename)r���r���r���r���r ���ra���C��s���
ra���c�����������������C���s����|�}t�s tjdkr
tj�|��}tj�|�r
td�|���|S�g�}tj�|��rT|�}t� |��}�tj�
|��s>tj�
tj�
|�|��}�|�|v�rItd�|���|�
|���tj�|��s&tj�|��S�)a ��
Find the real path for the given path. This method resolves symlinks, including
recursive symlinks, and is protected against symlinks that creates an infinite loop.
:param str file_path: The path to resolve
:returns: The real path for the given path
:rtype: str
)��������zError, link {0} is a loop!)r����sys�
version_infor����path�realpath�islink�
RuntimeError�format�readlink�isabs�join�dirname�append�abspath)r����
original_pathri����inspected_paths� link_pathr���r���r ���rj���T��s"���
�
rj���rv���c�����������������C���s<���t��|��}ts
|�d�s|S�t|�dk�r|dd��S�td��)a��
Return a string representing the path to which the symbolic link points.
:param str link_path: The symlink path to resolve
:return: The path the symlink points to
:returns: str
:raise: ValueError if a long path (260> characters) is encountered on Windows
z\\?\i������Nz3Long paths are not supported by Certbot on Windows.)r���rn���r����
startswith�len�
ValueError)rv���ri���r���r���r ���rn���v��s
���
rn���ri���c�����������������C���s&���t�rtj�|��ot�|�tj�S�t|��S�)z�
Is path an executable file?
:param str path: path to test
:return: True if path is an executable file
:rtype: bool
)r���r���ri����isfile�access�X_OK�_win_is_executable)ri���r���r���r ����
is_executable���s���r���c�����������������C���sV���t�rtt�t�|��j�tj@��S�t�|�tj �}|�
��}t|�
tj
tj
t�d�d���S�)z�
Check if everybody/world has any right (read/write/execute) on a file given its path.
:param str path: path to test
:return: True if everybody/world has any right to the file
:rtype: bool
�S-1-1-0��
TrusteeForm�
TrusteeType�
Identifier)r����boolr ���r+���r���r(����S_IRWXOr/���r0����DACL_SECURITY_INFORMATION�GetSecurityDescriptorDacl�GetEffectiveRightsFromAcl�TRUSTEE_IS_SID�TRUSTEE_IS_USER�ConvertStringSidToSid)ri���r4���rX���r���r���r ����has_world_permissions���s���
�r�����old_key� base_modec�����������������C���s:���t�rt�t�|��j�tjtjB�tjB�tjB�@�}||B�S�|S�)a��
Calculate the POSIX mode to apply to a private key given the previous private key.
:param str old_key: path to the previous private key
:param int base_mode: the minimum modes to apply to a private key
:return: the POSIX mode to apply
:rtype: int
) r���r ���r+���r���r(����S_IRGRP�S_IWGRP�S_IXGRP�S_IROTH)r����r�����old_moder���r���r ����compute_private_key_mode���s
��� �r�����path1�path2c�����������������C���sd���t�rt�|��}t�|�}|j|jf|j|jfkS�t�|�tj�}|���}t�|tj�}|���}||kS�)as��
Return True if the ownership of two files given their respective path is the same.
On Windows, ownership is checked against owner only, since files do not have a group owner.
:param str path1: path to the first file
:param str path2: path to the second file
:return: True if both files have the same ownership, False otherwise
:rtype: bool
) r���r���r ���r ���r!���r/���r0���r1���r2���)r����r�����stats1�stats2� security1�user1� security2�user2r���r���r ����has_same_ownership���s���
r�����min_modec�����������
������C���s����t�rt�|��j}|||B�kS�t|��}�t�|�tjtjB��}|� ��}|�
��}t
||�}t
|�
���D�]#}|�|�}|d�} |d�}|�tjtj|d��}
|
|
| B�krR�dS�q/dS�)a���
Check if a file given its path has at least the permissions defined by the given minimal mode.
On Windows, group permissions are ignored since files do not have a group owner.
:param str path: path to the file to check
:param int min_mode: the minimal permissions expected
:return: True if the file matches the minimal permissions expectations, False otherwise
:rtype: bool
r:�������r����FT)r���r���r ���r(���rj���r/���r0���r1���r����r2���r����rC����range�
GetAceCount�GetAcer����r����r����)
ri���r����r(���r4���r5���rX����min_dacl�index�min_acer����effective_maskr���r���r ����has_min_permissions���s.���
�
�
�r����c�����������������C���sN���t�j�|��sdS�t�|�tj�}|���}|�tjtj t
��d��}|t
j
@�t
j
kS�)NFr����)
r���ri���r{���r/���r0���r����r����r����r����r����r3����
ntsecuritycon�FILE_GENERIC_EXECUTE)ri���r4���rX���r���r���r���r ���r~�����s���
�r~���c�����������������C���sJ���t�|��}�t�|�tj�}|���}t||�}|�d|d��t�|�tj|��dS�)z�
This function converts the given POSIX mode into a Windows ACL list, and applies it to the
file given its path. If the given path is a symbolic link, it will resolved to apply the
mode on the targeted file.
r:���r���N) rj���r/���r0���r1���r2���rC���rE����SetFileSecurityr����)r���r���r4���r5���rX���r���r���r ���r���&��s
���
r���c�����������
������C���s����|r|d|�@�}t�|�}t�d�}t�d�}t�d�}t���}|�||fvr5t|d��}|r5|�tj||���t|d��} | rE|�tj| |��tdddd��}
|�tj|
|��|�tj|
|��|S�) Nr8���zS-1-5-18z
S-1-5-32-544r����r5����allT��read�write�execute)�
_analyze_moder/���r�����ACL�_generate_windows_flags�AddAccessAllowedAce�
ACL_REVISION)
�user_sidr���r����analysis�system�admins�everyonerX����
user_flags�everybody_flags�full_permissionsr���r���r ���rC���9��s$���
rC���c�����������������C���s>���|�t�j@�|�t�j@�|�t�j@�d�|�t�j@�|�t�j@�|�t�j@�d�d�S�)Nr����)r5���r����)r ����S_IRUSR�S_IWUSR�S_IXUSRr�����S_IWOTH�S_IXOTH)r���r���r���r ���r����]��s������r����c�����������������C���sL���t�|��}�t�|�tj�}|���}t�|tj�}|�|d��t�|tj|��d�S��NF)rj���r/���r0���r1���r2���rD���r����)r���r����
security_src�user_src�
security_dstr���r���r ���r#���l��s
���
r#���c�����������������C���sN���t�|��}�t�|�tj�}|���}t�|tj�}|�d|d��t�|tj|��d�S�)Nr:���r���)rj���r/���r0���r����r����rE���r����)r���r���r����rX���r����r���r���r ���r)���{��s
���r)���c�����������������C���sJ���d}|�d�r
|t�jB�}|�d�r|t�jt�jA�t�jA�B�}|�d�r#|t�jB�}|S�)Nr���r����r����r����)r�����FILE_GENERIC_READ�FILE_ALL_ACCESSr����)�
rights_desc�flagr���r���r ���r�������s���
��
r����c�����������������C���sH���t�|��}�t�|�tjtjB��}|���}|���}|sdS�t||�}t||�S�r����) rj���r/���r0���r1���r����r����r2���rC����_compare_dacls)r���r���r4���rX���r5����ref_daclr���r���r ���r,������s���
�
r,���c��������������������s4�����fdd�t�������D���fdd�t������D��kS�)z�
This method compare the two given DACLs to check if they are identical.
Identical means here that they contains the same set of ACEs in the same order.
c������������������������g�|�]}����|��qS�r����r������.0r����)�dacl1r���r ����
<listcomp>��������z"_compare_dacls.<locals>.<listcomp>c��������������������r����r���r����r����)�dacl2r���r ���r�������r����)r����r�����r����r����r���r����r ���r�������s����r����c������������������C���s$���d��t���t����}�t�d|��d�S�)z=
Return the pySID corresponding to the current user.
z{0}\{1}Nr���)rm����win32api�
GetDomainName�
GetUserNamer/����LookupAccountName)�
account_namer���r���r ���r3������s���r3���)TT)r8���)N)3r����
__future__r���rP���r���r ���rg����typingr���r����r/���r>���r����rF���rK���rM����
ImportErrorr���r���r����str�intr���r���r����r'���r*���r-���r6���r7���r;���r[���r\���ra���rj���rn���r���r����r����r����r����r~���r���rC���r����r#���r)���r����r,���r����r3���r���r���r���r ����<module>���s|����
���
�"
���
�
E ""-
$