U ˜­“]¦!ã@s¼dZddlZddlZddlZddlmZddlmZddlmZddl m Z ddl m Z ddl mZdd l mZdd l mZe e¡Zej ej¡Gd d „d ejƒƒZGd d„dejƒZdS)zG Distribution specific override class for CentOS family (RHEL, Fedora) éN)Úerrors)Ú interfaces)Úutil)ÚMisconfigurationError)ÚList)Ú apache_util©Ú configurator)Úparsercs”eZdZdZedddddddgddgdd gdd gd d d d d de dd¡dZ‡fdd„Z‡fdd„Z ‡fdd„Z dd„Z ‡fdd„Z dd„Z ‡ZS)ÚCentOSConfiguratorz1CentOS specific ApacheConfigurator override classz /etc/httpdz/etc/httpd/conf.dz*.confz/var/log/httpdZ apachectlz-vZgracefulÚrestartZ configtestNz -le-ssl.confFÚcertbot_apachezcentos-options-ssl-apache.conf)Ú server_rootÚ vhost_rootZ vhost_filesZ logs_rootÚctlZ version_cmdZ restart_cmdÚrestart_cmd_altZ conftest_cmdZenmodZdismodZ le_vhost_extZhandle_modulesZ handle_sitesZchallenge_locationZMOD_SSL_CONF_SRCcsVt ¡}|d ¡dk}ztt|ƒ ¡Wn&tjk rP|rJ| ¡n‚YnXdS)a( Override config_test to mitigate configtest error in vanilla installation of mod_ssl in Fedora. The error is caused by non-existent self-signed certificates referenced by the configuration, that would be autogenerated during the first (re)start of httpd. rÚfedoraN) rZ get_os_infoÚlowerÚsuperr Ú config_testrrÚ_try_restart_fedora)ÚselfZos_infor©Ú __class__©ú@/usr/lib/python3/dist-packages/certbot_apache/override_centos.pyr.s zCentOSConfigurator.config_testc sZzt dddg¡Wn2tjk rF}zt t|ƒ¡‚W5d}~XYnXtt|ƒ ¡dS)z] Tries to restart httpd using systemctl to generate the self signed keypair. Z systemctlr ZhttpdN) rZ run_scriptrZSubprocessErrorrÚstrrr r)rÚerrrrrrAs  z&CentOSConfigurator._try_restart_fedoracs&tt|ƒ ¡| d¡|jdd<dS)z„ Override the options dictionary initialization in order to support alternative restart cmd used in CentOS. rrrN)rr Ú_prepare_optionsÚoptionZoptions©rrrrrNsz#CentOSConfigurator._prepare_optionscCst| d¡| d¡|j|dS)zInitializes the ApacheParserrrr)Ú CentOSParserrÚversionr rrrÚ get_parserVs þzCentOSConfigurator.get_parsercs(tt|ƒj||Ž|jdkr$| ¡dS)zÐ Override _deploy_cert in order to ensure that the Apache configuration has "LoadModule ssl_module..." before parsing the VirtualHost configuration that was created by Certbot )éérN)rr Ú _deploy_certr"Ú _deploy_loadmodule_ssl_if_needed©rÚargsÚkwargsrrrr&\s zCentOSConfigurator._deploy_certc Cs–|jjdddd}g}g}g}|D]š}| d¡d}|j |¡}|rZ||kr^d}t|ƒ‚n|}|j |¡r²|jjd|kr˜d | ¡ks’d | ¡kr˜d S| d ¡d} | | ¡q"| |¡q"|sÆd S|jj t  |jjd¡d dd} |j  | d d…d|¡| | d d…¡|j d7_ |D]n} |   d ¡d} |jj | ¡|jj| d ddd d…} | |kr"|j  | d|¡| | ¡|j d7_ q"d S)z Add "LoadModule ssl_module " to main httpd.conf if it doesn't exist there already. Z LoadModuleZ ssl_moduleF)Zexcludeú/rz¾Certbot encountered multiple LoadModule directives for LoadModule ssl_module with differing library paths. Please remove or comment out the one(s) that are not in use, and run Certbot again.Údefaultz ifmodule/z ifmodule[1]Nz /directiveú !mod_ssl.cT)Z beginningéÿÿÿÿz3Added LoadModule ssl_module to main configuration. zPWrapped pre-existing LoadModule ssl_module inside of block. )r Zfind_dirÚ rpartitionÚ get_all_argsrÚnot_modssl_ifmoduleZlocrÚappendZ create_ifmodZ get_aug_pathZadd_dirZ save_notesÚsplitZaugÚremoveZ get_ifmod) rZloadmodsZcorrect_ifmodsZ loadmod_argsZ loadmod_pathsÚmZ noarg_pathZ path_argsÚmsgZ nodir_pathZrootconf_ifmodZ loadmod_pathZ ssl_ifmodrrrr'fsV     ÿ  þ ÿÿ  z3CentOSConfigurator._deploy_loadmodule_ssl_if_needed)Ú__name__Ú __module__Ú __qualname__Ú__doc__ÚdictÚ pkg_resourcesZresource_filenameZ OS_DEFAULTSrrrr#r&r'Ú __classcell__rrrrr s8ÿð   r cs<eZdZdZ‡fdd„Z‡fdd„Zdd„Zdd „Z‡ZS) r!z+CentOS specific ApacheParser override classcsd|_tt|ƒj||ŽdS)Nz/etc/sysconfig/httpd)Úsysconfig_fileprr!Ú__init__r(rrrr?¬szCentOSParser.__init__cstt|ƒ ¡| ¡dS)z: Override for update_runtime_variables for custom parsing N)rr!Úupdate_runtime_variablesÚparse_sysconfig_varr rrrr@±sz%CentOSParser.update_runtime_variablescCs*t |jd¡}|D]}|||j|<qdS)z: Parses Apache CLI options from CentOS configuration file ZOPTIONSN)rZparse_define_filer>Z variables)rZdefinesÚkrrrrA·sz CentOSParser.parse_sysconfig_varcCs”d| ¡krdS| ¡}|r| d¡}|ds0q|d|d}|d d¡rd||d d¡d7}|dt|ƒ…}d| |¡kr†d S|d}qdS) z8Checks if the provided Augeas path has argument !mod_sslZifmoduleFrér$ú[r+r-T)rr/Ú startswithÚ partitionÚlenr0)rÚpathZworkpathÚpartsZ ifmod_pathZifmod_real_pathrrrr1½s   z CentOSParser.not_modssl_ifmodule) r7r8r9r:r?r@rAr1r=rrrrr!ªs   r!)r:Zloggingr<Zzope.interfaceÚzopeZcertbotrrrZcertbot.errorsrZacme.magic_typingrr rr r Z getLoggerr7ZloggerZ interfaceZproviderZIPluginFactoryZApacheConfiguratorr Z ApacheParserr!rrrrÚs