JFIF$        dd7 

Viewing File: /usr/lib/python3.9/site-packages/certbot/compat/__pycache__/filesystem.cpython-39.pyc

a

}|�gxt�@sdZddlmZddlmZddlZddlZddlZddlm	Z	ddlm
Z
ddlmZddlmZz<ddl
Z
ddlZddlZddlZddlZddlZddlZWney�d	ZYn0d
ZGdd�d�Ze�Zeedd
�dd�Zeed�dd�Zeeedd�dd��Zeeeeedd�dd�ZdZeeeedd�dd�Zeeed
�dd�Z eed�dd �Z!eeed
�d!d"�Z"d[eeeed$�d%d&�Z#d\eedd
�d'd(�Z$d]eedd
�d)d*�Z%eedd+�d,d-�Z&eed�d.d/�Z'eed0�d1d2�Z(eed3�d4d5�Z)eed3�d6d7�Z*eeed8�d9d:�Z+eeed;�d<d=�Z,eeed>�d?d@�Z-eed3�dAdB�Z.eedd
�dCdD�Z/d^e	eeee	dE�dFdG�Z0ee
ee
eeffdH�dIdJ�Z1eedd+�dKdL�Z2eedd+�dMdN�Z3e
eefedO�dPdQ�Z4eeed
�dRdS�Z5e	e	edT�dUdV�Z6e	dW�dXdY�Z7dS)_z;Compat module to handle files security on Windows and Linux�)�absolute_import)�contextmanagerN)�Any)�Dict)�	Generator)�OptionalTFc@seZdZdZdd�dd�ZdS)�
_WindowsUmaskz+Store the current umask to apply on WindowsN��returncCs
d|_dS)N�)�mask)�self�r�=/usr/lib/python3.9/site-packages/certbot/compat/filesystem.py�__init__"sz_WindowsUmask.__init__)�__name__�
__module__�__qualname__�__doc__rrrrrr sr)�	file_path�moder
cCs trt�||�n
t||�dS)a[
    Apply a POSIX mode on given file_path:

      - for Linux, the POSIX mode will be directly applied using chmod,
      - for Windows, the POSIX mode will be translated into a Windows DACL that make sense for
        Certbot context, and applied to the file using kernel calls.

    The definition of the Windows DACL that correspond to a POSIX mode, in the context of Certbot,
    is explained at https://github.com/certbot/certbot/issues/6356 and is implemented by the
    method `_generate_windows_flags()`.

    :param str file_path: Path of the file
    :param int mode: POSIX mode to apply
    N)�
POSIX_MODE�os�chmod�_apply_win_mode�rrrrrr)sr)rr
cCstrt�|�Stj}|t_|S)a$
    Set the current numeric umask and return the previous umask. On Linux, the built-in umask
    method is used. On Windows, our Certbot-side implementation is used.

    :param int mask: The user file-creation mode mask to apply.
    :rtype: int
    :return: The previous umask value.
    )rr�umask�_WINDOWS_UMASKr)rZprevious_umaskrrrr>s
	
r)NNNccs>d}z"t|�}dVW|dur:t|�n|dur8t|�0dS)z�
    Apply a umask temporarily, meant to be used in a `with` block. Uses the Certbot
    implementation of umask.

    :param int mask: The user file-creation mode mask to apply temporarily
    N)r)rZ	old_umaskrrr�
temp_umaskOs
�r)�src�dstr�	copy_user�
copy_groupr
cCsVtr:t�|�}|r|jnd}|r&|jnd}t�|||�n|rHt||�t||�dS)a�
    Copy ownership (user and optionally group on Linux) from the source to the
    destination, then apply given mode in compatible way for Linux and Windows.
    This replaces the os.chown command.

    :param str src: Path of the source file
    :param str dst: Path of the destination file
    :param int mode: Permission mode to apply on the destination file
    :param bool copy_user: Copy user if `True`
    :param bool copy_group: Copy group if `True` on Linux (has no effect on Windows)
    ���N)rr�stat�st_uid�st_gid�chown�_copy_win_ownershipr)rr rr!r"�stats�user_id�group_idrrr�copy_ownership_and_apply_modeis


r,)rr r!r"r
cCsbtrFt�|�}|r|jnd}|r&|jnd}t�|||�t||j�n|rTt||�t	||�dS)aU
    Copy ownership (user and optionally group on Linux) and mode/DACL
    from the source to the destination.

    :param str src: Path of the source file
    :param str dst: Path of the destination file
    :param bool copy_user: Copy user if `True`
    :param bool copy_group: Copy group if `True` on Linux (has no effect on Windows)
    r#N)
rrr$r%r&r'r�st_moder(�_copy_win_mode)rr r!r"r)r*r+rrr�copy_ownership_and_mode�s

r/cCs$trt�t�|�j�|kSt||�S)aa
    Check if the given mode matches the permissions of the given file.
    On Linux, will make a direct comparison, on Windows, mode will be compared against
    the security model.

    :param str file_path: Path of the file
    :param int mode: POSIX mode to test
    :rtype: bool
    :return: True if the POSIX mode matches the file permissions
    )rr$�S_IMODErr-�_check_win_moderrrr�
check_mode�sr2)rr
cCs8trt�|�jt��kSt�|tj�}|��}t	�|kS)z�
    Check if given file is owned by current user.

    :param str file_path: File path to check
    :rtype: bool
    :return: True if given file is owned by current user, False otherwise.
    )
rrr$r%�getuid�
win32security�GetFileSecurity�OWNER_SECURITY_INFORMATION�GetSecurityDescriptorOwner�_get_current_user)r�security�userrrr�check_owner�s
r;cCst|�ot||�S)z�
    Check if given file has the given mode and is owned by current user.

    :param str file_path: File path to check
    :param int mode: POSIX mode to check
    :rtype: bool
    :return: True if file has correct mode and owner, False otherwise.
    )r;r2rrrr�check_permissions�s	r<�)r�flagsrr
c
CsNtrt�|||�S|tj@�r4|tj@r.tjntj}t�	�}|j
}t�}t||t
j�}|�|d�|�d|d�d}z�z$t�|tjtjtj@||dd�}Wn^tjy�}	zD|	jtjkr�ttj|	j��|	jtjkr�ttj|	j��|	�WYd}	~	n
d}	~	00W|�r|� �n|�r|� �0t�||tjAtjA�St�||�}
t!||�|
S)aw
    Wrapper of original os.open function, that will ensure on Windows that given mode
    is correctly applied.

    :param str file_path: The file path to open
    :param int flags: Flags to apply on file while opened
    :param int mode: POSIX mode to apply on file when opened,
        Python defaults will be applied if ``None``
    :returns: the file descriptor to the opened file
    :rtype: int
    :raise: OSError(errno.EEXIST) if the file already exists and os.O_CREAT & os.O_EXCL are set,
            OSError(errno.EACCES) on Windows if the file already exists and is a directory, and
            os.O_CREAT is set.
    r�N)"rr�open�O_CREAT�O_EXCL�win32conZ
CREATE_NEWZ
CREATE_ALWAYSr4�SECURITY_ATTRIBUTES�SECURITY_DESCRIPTORr8�_generate_daclrr�SetSecurityDescriptorOwner�SetSecurityDescriptorDacl�	win32fileZ
CreateFileZGENERIC_READZFILE_SHARE_READZFILE_SHARE_WRITE�
pywintypes�error�winerrorZERROR_FILE_EXISTS�OSError�errno�EEXIST�strerrorZERROR_SHARING_VIOLATIONZEACCESZCloser)rr>rZdisposition�
attributesr9r:�daclZhandle�err�fdrrrr@�s<

�
�

r@cCs�td�}zjt|d|AB�tr4t�||�Wt|�Stj}z$tt_t�||�W|t_Wt|�S|t_0Wt|�n
t|�0dS)a4
    Rewrite of original os.makedirs function, that will ensure on Windows that given mode
    is correctly applied.

    :param str file_path: The file path to open
    :param int mode: POSIX mode to apply on leaf directory when created, Python defaults
                     will be applied if ``None``
    rr=N)rrr�makedirs�mkdir)rrZ
current_umaskZ
orig_mkdir_fnrrrrUs"	���
rUc
Cs�trt�||�St��}|j}t�}t||tj	�}|�
|d�|�d|d�zt�
||�WnJtjy�}z0|jtjkr�ttj|j||j��|�WYd}~n
d}~00dS)a,
    Rewrite of original os.mkdir function, that will ensure on Windows that given mode
    is correctly applied.

    :param str file_path: The file path to open
    :param int mode: POSIX mode to apply on directory when created, Python defaults
                     will be applied if ``None``
    Fr?rN)rrrVr4rDrEr8rFrrrGrHrIZCreateDirectoryrJrKrLZERROR_ALREADY_EXISTSrMrNrOrP)rrrQr9r:rRrSrrrrV8s	rV)rr r
cCs,ttd�rttd�||�nt�||�dS)z�
    Rename a file to a destination path and handles situations where the destination exists.

    :param str src: The current file path.
    :param str dst: The new file path.
    �replaceN)�hasattrr�getattr�rename)rr rrrrWWs
rWcCs.|}tj�|�}tj�|�r*td�|���|S)a 
    Find the real path for the given path. This method resolves symlinks, including
    recursive symlinks, and is protected against symlinks that creates an infinite loop.

    :param str file_path: The path to resolve
    :returns: The real path for the given path
    :rtype: str
    zError, link {0} is a loop!)r�path�realpath�islink�RuntimeError�format)rZ
original_pathr[rrrr\hs
	r\)�	link_pathr
cCs6t�|�}tr|St|�dkr*|dd�Std��dS)a
    Return a string representing the path to which the symbolic link points.

    :param str link_path: The symlink path to resolve
    :return: The path the symlink points to
    :returns: str
    :raise: ValueError if a long path (260> characters) is encountered on Windows
    i�Nz3Long paths are not supported by Certbot on Windows.)r�readlinkr�len�
ValueError)r`r[rrrrb}s	
	rb)r[r
cCs&trtj�|�ot�|tj�St|�S)z�
    Is path an executable file?

    :param str path: path to test
    :return: True if path is an executable file
    :rtype: bool
    )rrr[�isfile�access�X_OK�_win_is_executable)r[rrr�
is_executable�sricCsVtr tt�t�|�j�tj@�St�|tj	�}|�
�}t|�tjtj
t�d�d���S)z�
    Check if everybody/world has any right (read/write/execute) on a file given its path.

    :param str path: path to test
    :return: True if everybody/world has any right to the file
    :rtype: bool
    �S-1-1-0�ZTrusteeFormZTrusteeTypeZ
Identifier)r�boolr$r0rr-�S_IRWXOr4r5�DACL_SECURITY_INFORMATION�GetSecurityDescriptorDacl�GetEffectiveRightsFromAcl�TRUSTEE_IS_SID�TRUSTEE_IS_USER�ConvertStringSidToSid)r[r9rRrrr�has_world_permissions�s�rt)�old_key�	base_moder
cCs:tr6t�t�|�j�tjtjBtjBtjB@}||BS|S)a
    Calculate the POSIX mode to apply to a private key given the previous private key.

    :param str old_key: path to the previous private key
    :param int base_mode: the minimum modes to apply to a private key
    :return: the POSIX mode to apply
    :rtype: int
    )	rr$r0rr-�S_IRGRP�S_IWGRP�S_IXGRP�S_IROTH)rurvZold_moderrr�compute_private_key_mode�s	�r{)�path1�path2r
cCsdtr0t�|�}t�|�}|j|jf|j|jfkSt�|tj�}|��}t�|tj�}|��}||kS)as
    Return True if the ownership of two files given their respective path is the same.
    On Windows, ownership is checked against owner only, since files do not have a group owner.

    :param str path1: path to the first file
    :param str path2: path to the second file
    :return: True if both files have the same ownership, False otherwise
    :rtype: bool

    )	rrr$r%r&r4r5r6r7)r|r}Zstats1Zstats2Z	security1Zuser1Z	security2Zuser2rrr�has_same_ownership�s

r~)r[�min_moder
cCs�trt�|�j}|||BkSt|�}t�|tjtjB�}|�	�}|�
�}t||�}t|�
��D]F}|�|�}|d}	|d}|�tjtj|d��}
|
|
|	Bkr^dSq^dS)a�
    Check if a file given its path has at least the permissions defined by the given minimal mode.
    On Windows, group permissions are ignored since files do not have a group owner.

    :param str path: path to the file to check
    :param int min_mode: the minimal permissions expected
    :return: True if the file matches the minimal permissions expectations, False otherwise
    :rtype: bool
    r?�rkFT)rrr$r-r\r4r5r6rnr7rorF�range�GetAceCount�GetAcerprqrr)r[rr-r9r:rRZmin_dacl�indexZmin_acerZeffective_maskrrr�has_min_permissions�s,
�

�r�cCsNtj�|�sdSt�|tj�}|��}|�tjtj	t
�d��}|tj@tjkS)NFrk)
rr[rer4r5rnrorprqrrr8�
ntsecuritycon�FILE_GENERIC_EXECUTE)r[r9rRrrrrrhs�rhcCsJt|�}t�|tj�}|��}t||�}|�d|d�t�|tj|�dS)z�
    This function converts the given POSIX mode into a Windows ACL list, and applies it to the
    file given its path. If the given path is a symbolic link, it will resolved to apply the
    mode on the targeted file.
    r?rN)	r\r4r5r6r7rFrH�SetFileSecurityrn)rrr9r:rRrrrr-s
r)�user_sidrrr
cCs�|r|d|@}t|�}t�d�}t�d�}t�d�}t��}|||fvrjt|d�}|rj|�tj||�t|d�}	|	r�|�tj|	|�tdddd��}
|�tj|
|�|�tj|
|�|S)	Nr=zS-1-5-18zS-1-5-32-544rjr:�allT��read�write�execute)�
_analyze_moder4rsZACL�_generate_windows_flagsZAddAccessAllowedAceZACL_REVISION)r�rrZanalysis�systemZadminsZeveryonerRZ
user_flagsZeverybody_flagsZfull_permissionsrrrrF@s$


rF)rr
cCs>|tj@|tj@|tj@d�|tj@|tj@|tj@d�d�S)Nr�)r:r�)r$�S_IRUSR�S_IWUSR�S_IXUSRrz�S_IWOTH�S_IXOTH)rrrrr�ds���r�cCsLt|�}t�|tj�}|��}t�|tj�}|�|d�t�|tj|�dS�NF)r\r4r5r6r7rGr�)rr �security_srcZuser_src�security_dstrrrr(ssr(cCsNt|�}t�|tj�}|��}t�|tj�}|�d|d�t�|tj|�dS)Nr?r)r\r4r5rnrorHr�)rr r�rRr�rrrr.�sr.)�rights_descr
cCsJd}|dr|tjB}|dr4|tjtjAtjAB}|drF|tjB}|S)Nrr�r�r�)r�ZFILE_GENERIC_READZFILE_ALL_ACCESSr�)r��flagrrrr��s
��
r�cCsHt|�}t�|tjtjB�}|��}|��}|s4dSt||�}t||�Sr�)	r\r4r5r6rnror7rF�_compare_dacls)rrr9rRr:Zref_daclrrrr1�s
�
r1)�dacl1�dacl2r
cs4�fdd�t����D��fdd�t����D�kS)z�
    This method compare the two given DACLs to check if they are identical.
    Identical means here that they contains the same set of ACEs in the same order.
    csg|]}��|��qSr�r���.0r�)r�rr�
<listcomp>��z"_compare_dacls.<locals>.<listcomp>csg|]}��|��qSrr�r�)r�rrr��r�)r�r��r�r�rr�rr��s�r�r	cCs$d�t��t���}t�d|�dS)z=
    Return the pySID corresponding to the current user.
    z{0}\{1}Nr)r_�win32apiZ
GetDomainNameZGetUserNamer4ZLookupAccountName)Zaccount_namerrrr8�sr8)TT)r=)r=)r=)N)8rZ
__future__r�
contextlibrrNrr$�typingrrrrr�rJr�rCrIr4rL�ImportErrorrrr�str�intrrrrlr,r/r2r;r<r@rUrVrWr\rbrirtr{r~r�rhrrFr�r(r.r�r1r�r8rrrr�<module>sr
�"��E "-$ 

Back to Directory  nL+D550H?Mx ,D"v]qv;6*Zqn)ZP0!1 A "#a$2Qr D8 a Ri[f\mIykIw0cuFcRı?lO7к_f˓[C$殷WF<_W ԣsKcëIzyQy/_LKℂ;C",pFA:/]=H  ~,ls/9ć:[=/#f;)x{ٛEQ )~ =𘙲r*2~ a _V=' kumFD}KYYC)({ *g&f`툪ry`=^cJ.I](*`wq1dđ#̩͑0;H]u搂@:~וKL Nsh}OIR*8:2 !lDJVo(3=M(zȰ+i*NAr6KnSl)!JJӁ* %݉?|D}d5:eP0R;{$X'xF@.ÊB {,WJuQɲRI;9QE琯62fT.DUJ;*cP A\ILNj!J۱+O\͔]ޒS߼Jȧc%ANolՎprULZԛerE2=XDXgVQeӓk yP7U*omQIs,K`)6\G3t?pgjrmۛجwluGtfh9uyP0D;Uڽ"OXlif$)&|ML0Zrm1[HXPlPR0'G=i2N+0e2]]9VTPO׮7h(F*癈'=QVZDF,d߬~TX G[`le69CR(!S2!P <0x<!1AQ "Raq02Br#SCTb ?Ζ"]mH5WR7k.ۛ!}Q~+yԏz|@T20S~Kek *zFf^2X*(@8r?CIuI|֓>^ExLgNUY+{.RѪ τV׸YTD I62'8Y27'\TP.6d&˦@Vqi|8-OΕ]ʔ U=TL8=;6c| !qfF3aů&~$l}'NWUs$Uk^SV:U# 6w++s&r+nڐ{@29 gL u"TÙM=6(^"7r}=6YݾlCuhquympǦ GjhsǜNlɻ}o7#S6aw4!OSrD57%|?x>L |/nD6?/8w#[)L7+6〼T ATg!%5MmZ/c-{1_Je"|^$'O&ޱմTrb$w)R$& N1EtdU3Uȉ1pM"N*(DNyd96.(jQ)X 5cQɎMyW?Q*!R>6=7)Xj5`J]e8%t!+'!1Q5 !1 AQaqё#2"0BRb?Gt^## .llQT $v,,m㵜5ubV =sY+@d{N! dnO<.-B;_wJt6;QJd.Qc%p{ 1,sNDdFHI0ГoXшe黅XۢF:)[FGXƹ/w_cMeD,ʡcc.WDtA$j@:) -# u c1<@ۗ9F)KJ-hpP]_x[qBlbpʖw q"LFGdƶ*s+ډ_Zc"?%t[IP 6J]#=ɺVvvCGsGh1 >)6|ey?Lӣm,4GWUi`]uJVoVDG< SB6ϏQ@ TiUlyOU0kfV~~}SZ@*WUUi##; s/[=!7}"WN]'(L! ~y5g9T̅JkbM' +s:S +B)v@Mj e Cf jE 0Y\QnzG1д~Wo{T9?`Rmyhsy3!HAD]mc1~2LSu7xT;j$`}4->L#vzŏILS ֭T{rjGKC;bpU=-`BsK.SFw4Mq]ZdHS0)tLg