Directory:~$ /lib/python2.7/site-packages/certbot/compat/

Upload File

[Home] [System Details] [Kill Me]

�
���_c@@s�
dZd
dl
mZ
d
dlZd
dlZd
dlZd
dlmZ
yXd
dlZd
dl	Z	d
dl
Z
d
dlZd
dlZd
dl
Z
d
dlZWnek
r�


eZnXeZdd#d��YZe�Zd�Zd�Zd	�Zeed
�Zd�Zd�Zd
�Zdd�
Zdd�
Zdd�
Zd�Zd�Z
d�Z!d�Z"d�Z#d�Z$d�Z%d�Z&d�Z'dd�
Z)d�Z*d�Z+d�Z,d�Z-d
�Z.d!�Z/d"�Z0dS($s;Compat module to handle files security on
Windows and
Linuxi(
tabsolute_importN(
tListt
_WindowsUmaskc
B@seZ
dZd
�ZRS(s+Store
the current umask to apply on
Windowsc

C@s
d
|_dS(Ni(
tmask(
tself((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyt__init__s
(t__name__t
__module__t__doc__R(((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyRs

cC@s*trt
j||
�
n
t||
�
d
S(s[
    Apply a POSIX mode on given file_path:

      - for Linux, the POSIX mode will be directly applied using chmod,
      - for Windows, the POSIX mode will be translated into a Windows DACL
that make sense for
        Certbot context, and applied to the file using kernel calls.

    The definition of the Windows DACL that correspond to a POSIX mode, in
the context of Certbot,
    is explained at https://github.com/certbot/certbot/issues/6356 and is
implemented by the
    method `_generate_windows_flags()`.

    :param str file_path: Path of the file
    :param int mode: POSIX mode to apply
    N(t
POSIX_MODEtostchmodt_apply_win_mode(t	file_pathtmode((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyR&s
c
C@s)trt
j|�
Stj}
|t_|
S(
s$

    Set the current numeric umask and return the previous umask. On Linux,
the built-in umask
    method is used. On Windows, our Certbot-side implementation is used.

    :param int mask: The user file-creation mode mask to apply.
    :rtype: int
    :return: The previous umask value.
    (R	R
tumaskt_WINDOWS_UMASKR(Rtprevious_umask((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyR<s



	
	
cC@s|trUt
j|�
}|r$|jnd
}|r9|jnd
}t
j|
||�
n|rkt||
�
nt|
|�
dS(s�

    Copy ownership (user and optionally group on Linux) from the source to
the
    destination, then apply given mode in compatible way for Linux and
Windows.
    This replaces the os.chown command.

    :param str src: Path of the source file
    :param str dst: Path of the destination file
    :param int mode: Permission mode to apply on the destination file
    :param bool copy_user: Copy user if `True`
    :param bool copy_group: Copy group if `True` on Linux (has no effect on
Windows)
    i����N(R	R
tstattst_uidtst_gidtchownt_copy_win_ownershipR(tsrctdstRt	copy_usert
copy_grouptstatstuser_idtgroup_id((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pytcopy_ownership_and_apply_modeWs




cC@s�tret
j|�
}|r$|jnd
}|r9|jnd
}t
j|
||�
t|
|j�
n#|r{t||
�
nt	||
�
dS(sU

    Copy ownership (user and optionally group on Linux) and mode/DACL
    from the source to the destination.

    :param str src: Path of the source file
    :param str dst: Path of the destination file
    :param bool copy_user: Copy user if `True`
    :param bool copy_group: Copy group if `True` on Linux (has no effect on
Windows)
    i����N(
R	R
RRRRRtst_modeRt_copy_win_mode(RRRRRRR((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pytcopy_ownership_and_modexs




cC@s2tr%t
jtj
|�
j�
|
kSt||
�S(
sa

    Check if the given mode matches the permissions of the given file.
    On Linux, will make a direct comparison, on Windows, mode will be
compared against
    the security model.

    :param str file_path: Path of the file
    :param int mode: POSIX mode to test
    :rtype: bool
    :return: True if the POSIX mode matches the file permissions
    (R	RtS_IMODER
Rt_check_win_mode(R
R((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyt
check_mode�s
c
C@sPtr"t
j|�
jt
j�kStj|tj�}
|
j�}t	�|kS(
s�
    Check if given file is owned by current user.

    :param str file_path: File path to check
    :rtype: bool
    :return: True if given file is owned by current user, False otherwise.
    (
R	R
RRtgetuidt
win32securitytGetFileSecuritytOWNER_SECURITY_INFORMATIONtGetSecurityDescriptorOwnert_get_current_user(R
tsecuritytuser((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pytcheck_owner�s
	
cC@st|�
ot
||
�S(
s�
    Check if given file has the given mode and is owned by current user.

    :param str file_path: File path to check
    :param int mode: POSIX mode to check
    :rtype: bool
    :return: True if file has correct mode and owner, False otherwise.
   
(R-R$(R
R((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pytcheck_permissions�s
i�
c
C@s�
trt
j||
|�S|
t
j@r
|
t
j@r<tjntj}tj	�}|j
}t�}t||t
j�}|j|d
�
|jd|d
�
d}z�y2tj|tjtjtj@||d
d�}Wnptjk
rH

}	
|	jtjkr
ttj|	j��
n|	jtjkr?
ttj
|	j��
n|	�
n
XWd|r`
|j!�
nXt
j||
t
jAt
jA�St
j||
�}t"||�
|S(sw
    Wrapper of original os.open function, that will ensure on Windows that
given mode
    is correctly applied.

    :param str file_path: The file path to open
    :param int flags: Flags to apply on file while opened
    :param int mode: POSIX mode to apply on file when opened,
        Python defaults will be applied if ``None``
    :returns: the file descriptor to the opened file
    :rtype: int
    :raise: OSError(errno.EEXIST) if the file already exists and os.O_CREAT
& os.O_EXCL are set,
            OSError(errno.EACCES) on Windows if the file already exists and
is a directory, and
            os.O_CREAT is set.
    ii
N(#R	R
topentO_CREATtO_EXCLtwin32cont
CREATE_NEWt
CREATE_ALWAYSR&tSECURITY_ATTRIBUTEStSECURITY_DESCRIPTORR*t_generate_daclRRtSetSecurityDescriptorOwnertSetSecurityDescriptorDacltNonet	win32filet
CreateFiletGENERIC_READtFILE_SHARE_READtFILE_SHARE_WRITEt
pywintypesterrortwinerrortERROR_FILE_EXISTStOSErrorterrnotEEXISTtstrerrortERROR_SHARING_VIOLATIONtEACCEStCloseR(
R
tflagsRtdispositiont
attributesR+R,tdaclthandleterr((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyR/�s8

	
	














cC@s}td
�
}z_t|d|
AB�

t
r7tj||
�Stj}ztt_tj||
�SWd|t_XWdt|�

XdS(s4

    Rewrite of original os.makedirs function, that will ensure on Windows
that given mode
    is correctly applied.

    :param str file_path: The file path to open
    :param int mode: POSIX mode to apply on leaf directory when created,
Python defaults
                     will be applied if ``None``
    ii�
N(RR	R
tmakedirstmkdir(R
Rt
current_umaskt
orig_mkdir_fn((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyRQ

s


	
	
cC@s�trt
j||
�Stj�}|j}t�}t||
tj	�}|j
|t�
|jd
|d�
yt
j||�
WnOtjk
r�
}
|jtjkr�ttj|j||j��
n|�
n
XdS(s,

    Rewrite of original os.mkdir function, that will ensure on Windows that
given mode
    is correctly applied.

    :param str file_path: The file path to open
    :param int mode: POSIX mode to apply on directory when created, Python
defaults
                     will be applied if ``None``
    i
iN(R	R
RRR&R5R6R*R7RRR8tFalseR9R;tCreateDirectoryR@RARBtERROR_ALREADY_EXISTSRDRERFRGR:(R
RRMR+R,RNRP((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyRR.
s


	
	





!

cC@s<tt
d
�r(tt
d
�||
�
nt
j||
�
dS(s�
    Rename a file to a destination path and handles situations where the
destination exists.

    :param str src: The current file path.
    :param str dst: The new file path.
    treplaceN(thasattrR
tgetattrtrename(RR((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyRXN
sc
C@s�|}
trLt
jj|�
}t
jj|�
rHtd
j|
�
�
�
n|Sg}x�t
jj|�
r�|}t
j|�
}t
jj|�
s�t
jj	t
jj
|�
|�}n||kr�td
j|
�
�
�
n|j|�

qUWt
jj|�
S(s 

    Find the real path for the given path. This method resolves symlinks,
including
    recursive symlinks, and is protected against symlinks that creates an
infinite loop.

    :param str file_path: The path to resolve
    :returns: The real path for the given path
    :rtype: str
    sError, link {0} is a loop!(
R	R
tpathtrealpathtislinktRuntimeErrortformattreadlinktisabstjointdirnametappendtabspath(R
t
original_pathR\tinspected_pathst	link_path((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyR]`
s









$


c

C@s5tr+t
jj|�
o*t
j|t
j�St|�
S(
s�
    Is path an executable file?

    :param str path: path to test
    :return: True if path is an executable file
    :rtype: bool
    (R	R
R\tisfiletaccesstX_OKt_win_is_executable(
R\((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyt
is_executable�
s	
%c
C@s�tr,t
tjtj|�
j�
tj@�
Stj|tj	�}
|
j
�}t
|jitjd
6tj
d6tjd�
d6�
�
S(s�
    Check if everybody/world has any right (read/write/execute) on a file
given its path.

    :param str path: path to test
    :return: True if everybody/world has any right to the file
    :rtype: bool
    tTrusteeFormtTrusteeTypesS-1-1-0t
Identifier(R	tboolRR"R
RtS_IRWXOR&R'tDACL_SECURITY_INFORMATIONtGetSecurityDescriptorDacltGetEffectiveRightsFromAcltTRUSTEE_IS_SIDtTRUSTEE_IS_USERtConvertStringSidToSid(R\R+RN((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pythas_world_permissions�
s	
&





cC@sItrEt
jtj
|�
j�
t
jt
jBt
jBt
jB@}|
|BS|
S(
s

    Calculate the POSIX mode to apply to a private key given the previous
private key.

    :param str old_key: path to the previous private key
    :param int base_mode: the minimum modes to apply to a private key
    :return: the POSIX mode to apply
    :rtype: int
    (	R	RR"R
RtS_IRGRPtS_IWGRPtS_IXGRPtS_IROTH(told_keyt	base_modetold_mode((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pytcompute_private_key_mode�
s



cC@s�trFt
j|�
}t
j|
�
}|j|jf|j|jfkStj|tj�}|j�}tj|
tj�}|j�}||kS(
ss

    Return True if the ownership of two files given their respective path
is the same.
    On Windows, ownership is checked against owner only, since files do not
have a group owner.

    :param str path1: path to the first file
    :param str path2: path to the second file
    :return: True if both files have the same ownership, False otherwise
    :rtype: bool

    (	R	R
RRRR&R'R(R)(tpath1tpath2tstats1tstats2t	security1tuser1t	security2tuser2((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pythas_same_ownership�
s


"

cC@s�tr&t
j|�
j}|||
BkSt|�
}tj|tjtjB�}|j	�}|j
�}t||
�}x{t|j
��
D]g}|j|�
}|d
}	|d}|jitjd6tjd6|d6�
}
|
|
|	Bkr�tSq�WtS(s�

    Check if a file given its path has at least the permissions defined by
the given minimal mode.
    On Windows, group permissions are ignored since files do not have a
group owner.

    :param str path: path to the file to check
    :param int min_mode: the minimal permissions expected
    :return: True if the file matches the minimal permissions expectations,
False otherwise
    :rtype: bool
    i
iRoRpRq(R	R
RRR]R&R'R(RtR)RuR7trangetGetAceCounttGetAceRvRwRxRUtTrue(R\tmin_modeRR+R,RNtmin_dacltindextmin_aceRteffective_mask((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pythas_min_permissions�
s(









	






c
C@sxtj
j|�
stStj|tj�}
|
j�}|jitj	d
6tj
d6t�d6�
}|tj
@tj
kS(NRoRpRq(R
R\RjRUR&R'RtRuRvRwRxR*t
ntsecuritycontFILE_GENERIC_EXECUTE(R\R+RNR((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyRms


	




cC@sit|�
}t
j|t
j�}|j�}t||
�}|jd
|d�
t
j|t
j|�
dS(s�
    This function converts the given POSIX mode into a Windows ACL list,
and applies it to the
    file given its path. If the given path is a symbolic link, it will
resolved to apply the
    mode on the targeted file.
   
i
iN(	R]R&R'R(R)R7R9tSetFileSecurityRt(R
RR+R,RN((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyRs

cC@s

|r|
d
|@}
nt|
�
}t
jd�
}t
jd�
}t
jd�
}t
j�}|||gkr�t|d�
}|r�|jt
j||�
q�nt|d�
}	|	r�|jt
j|	|�
ntitd6td6td	6�
}
|jt
j|
|�
|jt
j|
|�
|S(
Ni�
sS-1-5-18sS-1-5-32-544sS-1-1-0R,talltreadtwritetexecute(t
_analyze_modeR&RytACLt_generate_windows_flagstAddAccessAllowedAcetACL_REVISIONR�(tuser_sidRRtanalysistsystemtadminsteveryoneRNt
user_flagsteverybody_flagstfull_permissions((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyR7/s$








!

c

C@sfii|tj
@d
6|tj@d6|tj@d6d6i|tj@d
6|tj@d6|tj@d6d6S(NR�R�R�R,R�(RtS_IRUSRtS_IWUSRtS_IXUSRR~tS_IWOTHtS_IXOTH(
R((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyR�Ss







cC@slt|�
}t
j|t
j�}|j�}t
j|
t
j�}|j|t�
t
j|
t
j|�
dS(
N(R]R&R'R(R)R8RUR�(RRtsecurity_srctuser_srctsecurity_dst((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyRbs
cC@sot|�
}t
j|t
j�}|j�}t
j|
t
j�}|jd
|d�
t
j|
t
j|�
dS(Ni
i(R]R&R'RtRuR9R�(RRR�RNR�((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyR
qs


c
C@sfd
}
|dr
|
tj
B}
n|drH|
tjtj
AtjAB}
n|drb|
tjB}
n|
S(NiR�R�R�(R�tFILE_GENERIC_READtFILE_ALL_ACCESSR�(trights_desctflag((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyR�~s








cC@sft|�
}t
j|t
jt
jB�}|j�}|j�}|sJtSt||
�}t	||�S(
N(
R]R&R'R(RtRuR)RUR7t_compare_dacls(R
RR+RNR,tref_dacl((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyR#�s


cC@sZgt|j
��
D]}|j|�
^qgt|
j
��
D]}|
j|�
^q>kS(
s�
    This method compare the two given DACLs to check if they are identical.
    Identical means here that they contains the same set of ACEs in the
same order.
   
(R�R�R�(tdacl1tdacl2R�((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyR��s+
c
C@s2d
jt
j�t
j��}tjd|�dS(s=
    Return the pySID corresponding to the current user.
   
s{0}\{1}iN(R`twin32apit
GetDomainNametGetUserNameR&tLookupAccountNameR:(
taccount_name((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyR*�s((1Rt
__future__RRER
Rtacme.magic_typingR
R�R&R2R�R;R@RBtImportErrorR�R	RURRRRRR!R$R-R.R/RQRRRXR]RnRzR�R�R�RmRR:R7R�RR
R�R#R�R*(((s=/usr/lib/python2.7/site-packages/certbot/compat/filesystem.pyt<module>
sZ













				!			
F! 		)					.		$