2014-12-16 02:52:18 -05:00
|
|
|
"""Module contains classes used by the Apache Configurator."""
|
2015-07-21 20:16:46 -04:00
|
|
|
import re
|
|
|
|
|
|
2015-07-15 17:34:24 -04:00
|
|
|
from letsencrypt.plugins import common
|
|
|
|
|
|
2015-07-21 20:16:46 -04:00
|
|
|
|
2015-07-15 17:34:24 -04:00
|
|
|
class Addr(common.Addr):
|
2015-07-19 05:22:10 -04:00
|
|
|
"""Represents an Apache address."""
|
2015-07-15 17:34:24 -04:00
|
|
|
def __eq__(self, other):
|
|
|
|
|
"""This is defined as equalivalent within Apache.
|
|
|
|
|
|
|
|
|
|
ip_addr:* == ip_addr
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
if isinstance(other, self.__class__):
|
|
|
|
|
return ((self.tup == other.tup) or
|
2015-09-06 05:20:41 -04:00
|
|
|
(self.tup[0] == other.tup[0] and
|
|
|
|
|
self.is_wildcard() and other.is_wildcard()))
|
2015-07-15 17:34:24 -04:00
|
|
|
return False
|
|
|
|
|
|
2015-07-19 22:49:44 -04:00
|
|
|
def __ne__(self, other):
|
|
|
|
|
return not self.__eq__(other)
|
|
|
|
|
|
2015-07-23 04:34:51 -04:00
|
|
|
def _addr_less_specific(self, addr):
|
|
|
|
|
"""Returns if addr.get_addr() is more specific than self.get_addr()."""
|
2015-07-24 18:47:38 -04:00
|
|
|
# pylint: disable=protected-access
|
2015-07-23 04:34:51 -04:00
|
|
|
return addr._rank_specific_addr() > self._rank_specific_addr()
|
|
|
|
|
|
|
|
|
|
def _rank_specific_addr(self):
|
2015-07-24 18:47:38 -04:00
|
|
|
"""Returns numerical rank for get_addr()
|
|
|
|
|
|
|
|
|
|
:returns: 2 - FQ, 1 - wildcard, 0 - _default_
|
|
|
|
|
:rtype: int
|
|
|
|
|
|
|
|
|
|
"""
|
2015-07-23 04:34:51 -04:00
|
|
|
if self.get_addr() == "_default_":
|
|
|
|
|
return 0
|
|
|
|
|
elif self.get_addr() == "*":
|
|
|
|
|
return 1
|
|
|
|
|
else:
|
|
|
|
|
return 2
|
|
|
|
|
|
|
|
|
|
def conflicts(self, addr):
|
2015-08-22 10:30:59 -04:00
|
|
|
r"""Returns if address could conflict with correct function of self.
|
2015-07-23 04:34:51 -04:00
|
|
|
|
|
|
|
|
Could addr take away service provided by self within Apache?
|
|
|
|
|
|
|
|
|
|
.. note::IP Address is more important than wildcard.
|
|
|
|
|
Connection from 127.0.0.1:80 with choices of *:80 and 127.0.0.1:*
|
2015-08-22 10:30:59 -04:00
|
|
|
chooses 127.0.0.1:\*
|
2015-07-23 04:34:51 -04:00
|
|
|
|
|
|
|
|
.. todo:: Handle domain name addrs...
|
|
|
|
|
|
|
|
|
|
Examples:
|
2015-08-22 10:30:59 -04:00
|
|
|
|
|
|
|
|
========================================= =====
|
|
|
|
|
``127.0.0.1:\*.conflicts(127.0.0.1:443)`` True
|
|
|
|
|
``127.0.0.1:443.conflicts(127.0.0.1:\*)`` False
|
|
|
|
|
``\*:443.conflicts(\*:80)`` False
|
|
|
|
|
``_default_:443.conflicts(\*:443)`` True
|
|
|
|
|
========================================= =====
|
2015-07-23 04:34:51 -04:00
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
if self._addr_less_specific(addr):
|
|
|
|
|
return True
|
|
|
|
|
elif self.get_addr() == addr.get_addr():
|
|
|
|
|
if self.is_wildcard() or self.get_port() == addr.get_port():
|
|
|
|
|
return True
|
|
|
|
|
return False
|
|
|
|
|
|
2015-07-15 17:34:24 -04:00
|
|
|
def is_wildcard(self):
|
2015-07-19 05:22:10 -04:00
|
|
|
"""Returns if address has a wildcard port."""
|
|
|
|
|
return self.tup[1] == "*" or not self.tup[1]
|
2015-07-15 17:34:24 -04:00
|
|
|
|
|
|
|
|
def get_sni_addr(self, port):
|
|
|
|
|
"""Returns the least specific address that resolves on the port.
|
|
|
|
|
|
2015-08-22 10:30:59 -04:00
|
|
|
Examples:
|
|
|
|
|
|
|
|
|
|
- ``1.2.3.4:443`` -> ``1.2.3.4:<port>``
|
|
|
|
|
- ``1.2.3.4:*`` -> ``1.2.3.4:*``
|
2015-07-15 17:34:24 -04:00
|
|
|
|
|
|
|
|
:param str port: Desired port
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
if self.is_wildcard():
|
|
|
|
|
return self
|
|
|
|
|
|
|
|
|
|
return self.get_addr_obj(port)
|
|
|
|
|
|
2014-12-16 02:52:18 -05:00
|
|
|
|
2015-01-25 05:23:21 -05:00
|
|
|
class VirtualHost(object): # pylint: disable=too-few-public-methods
|
2014-12-16 02:52:18 -05:00
|
|
|
"""Represents an Apache Virtualhost.
|
|
|
|
|
|
|
|
|
|
:ivar str filep: file path of VH
|
|
|
|
|
:ivar str path: Augeas path to virtual host
|
2015-06-02 09:55:16 -04:00
|
|
|
:ivar set addrs: Virtual Host addresses (:class:`set` of
|
|
|
|
|
:class:`common.Addr`)
|
2015-07-21 20:16:46 -04:00
|
|
|
:ivar str name: ServerName of VHost
|
|
|
|
|
:ivar list aliases: Server aliases of vhost
|
2014-12-16 02:52:18 -05:00
|
|
|
(:class:`list` of :class:`str`)
|
|
|
|
|
|
|
|
|
|
:ivar bool ssl: SSLEngine on in vhost
|
|
|
|
|
:ivar bool enabled: Virtual host is enabled
|
|
|
|
|
|
2015-07-23 04:34:51 -04:00
|
|
|
https://httpd.apache.org/docs/2.4/vhosts/details.html
|
2015-08-22 10:30:59 -04:00
|
|
|
|
2015-07-23 04:34:51 -04:00
|
|
|
.. todo:: Any vhost that includes the magic _default_ wildcard is given the
|
2015-08-22 10:30:59 -04:00
|
|
|
same ServerName as the main server.
|
2015-07-21 20:16:46 -04:00
|
|
|
|
2014-12-16 02:52:18 -05:00
|
|
|
"""
|
2015-07-21 20:16:46 -04:00
|
|
|
# ?: is used for not returning enclosed characters
|
|
|
|
|
strip_name = re.compile(r"^(?:.+://)?([^ :$]*)")
|
|
|
|
|
|
2015-07-24 18:47:38 -04:00
|
|
|
def __init__(self, filep, path, addrs, ssl, enabled, name=None, aliases=None):
|
2015-01-25 05:23:21 -05:00
|
|
|
# pylint: disable=too-many-arguments
|
2014-12-16 02:52:18 -05:00
|
|
|
"""Initialize a VH."""
|
|
|
|
|
self.filep = filep
|
|
|
|
|
self.path = path
|
|
|
|
|
self.addrs = addrs
|
2015-07-21 20:16:46 -04:00
|
|
|
self.name = name
|
2015-07-24 18:47:38 -04:00
|
|
|
self.aliases = aliases if aliases is not None else set()
|
2014-12-16 02:52:18 -05:00
|
|
|
self.ssl = ssl
|
|
|
|
|
self.enabled = enabled
|
|
|
|
|
|
2015-07-21 20:16:46 -04:00
|
|
|
def get_names(self):
|
2015-07-22 05:05:01 -04:00
|
|
|
"""Return a set of all names."""
|
2015-07-24 18:47:38 -04:00
|
|
|
all_names = set()
|
|
|
|
|
all_names.update(self.aliases)
|
2015-07-21 20:16:46 -04:00
|
|
|
# Strip out any scheme:// and <port> field from servername
|
|
|
|
|
if self.name is not None:
|
|
|
|
|
all_names.add(VirtualHost.strip_name.findall(self.name)[0])
|
|
|
|
|
|
|
|
|
|
return all_names
|
2014-12-16 02:52:18 -05:00
|
|
|
|
|
|
|
|
def __str__(self):
|
2015-06-25 21:57:10 -04:00
|
|
|
return (
|
2015-06-26 17:47:03 -04:00
|
|
|
"File: {filename}\n"
|
|
|
|
|
"Vhost path: {vhpath}\n"
|
|
|
|
|
"Addresses: {addrs}\n"
|
2015-07-21 20:16:46 -04:00
|
|
|
"Name: {name}\n"
|
|
|
|
|
"Aliases: {aliases}\n"
|
2015-06-26 17:47:03 -04:00
|
|
|
"TLS Enabled: {tls}\n"
|
|
|
|
|
"Site Enabled: {active}".format(
|
|
|
|
|
filename=self.filep,
|
|
|
|
|
vhpath=self.path,
|
|
|
|
|
addrs=", ".join(str(addr) for addr in self.addrs),
|
2015-07-21 20:16:46 -04:00
|
|
|
name=self.name if self.name is not None else "",
|
|
|
|
|
aliases=", ".join(name for name in self.aliases),
|
2015-06-26 17:47:03 -04:00
|
|
|
tls="Yes" if self.ssl else "No",
|
|
|
|
|
active="Yes" if self.enabled else "No"))
|
2014-12-16 02:52:18 -05:00
|
|
|
|
|
|
|
|
def __eq__(self, other):
|
|
|
|
|
if isinstance(other, self.__class__):
|
|
|
|
|
return (self.filep == other.filep and self.path == other.path and
|
|
|
|
|
self.addrs == other.addrs and
|
2015-07-21 20:16:46 -04:00
|
|
|
self.get_names() == other.get_names() and
|
2014-12-16 02:52:18 -05:00
|
|
|
self.ssl == other.ssl and self.enabled == other.enabled)
|
|
|
|
|
|
|
|
|
|
return False
|
2015-07-21 20:16:46 -04:00
|
|
|
|
|
|
|
|
def __ne__(self, other):
|
|
|
|
|
return not self.__eq__(other)
|
|
|
|
|
|
|
|
|
|
def conflicts(self, addrs):
|
|
|
|
|
"""See if vhost conflicts with any of the addrs.
|
|
|
|
|
|
|
|
|
|
This determines whether or not these addresses would/could overwrite
|
|
|
|
|
the vhost addresses.
|
|
|
|
|
|
|
|
|
|
:param addrs: Iterable Addresses
|
|
|
|
|
:type addrs: Iterable :class:~obj.Addr
|
|
|
|
|
|
2015-07-23 04:34:51 -04:00
|
|
|
:returns: If addresses conflicts with vhost
|
2015-07-21 20:16:46 -04:00
|
|
|
:rtype: bool
|
|
|
|
|
|
|
|
|
|
"""
|
2015-07-23 04:34:51 -04:00
|
|
|
for pot_addr in addrs:
|
|
|
|
|
for addr in self.addrs:
|
|
|
|
|
if addr.conflicts(pot_addr):
|
|
|
|
|
return True
|
2015-07-21 20:16:46 -04:00
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
def same_server(self, vhost):
|
|
|
|
|
"""Determines if the vhost is the same 'server'.
|
|
|
|
|
|
|
|
|
|
Used in redirection - indicates whether or not the two virtual hosts
|
|
|
|
|
serve on the exact same IP combinations, but different ports.
|
|
|
|
|
|
|
|
|
|
.. todo:: Handle _default_
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
if vhost.get_names() != self.get_names():
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
# If equal and set is not empty... assume same server
|
2015-07-23 04:34:51 -04:00
|
|
|
if self.name is not None or self.aliases:
|
2015-07-21 20:16:46 -04:00
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
# Both sets of names are empty.
|
|
|
|
|
|
|
|
|
|
# Make conservative educated guess... this is very restrictive
|
|
|
|
|
# Consider adding more safety checks.
|
|
|
|
|
if len(vhost.addrs) != len(self.addrs):
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
# already_found acts to keep everything very conservative.
|
|
|
|
|
# Don't allow multiple ip:ports in same set.
|
|
|
|
|
already_found = set()
|
|
|
|
|
|
|
|
|
|
for addr in vhost.addrs:
|
|
|
|
|
for local_addr in self.addrs:
|
|
|
|
|
if (local_addr.get_addr() == addr.get_addr() and
|
2015-07-23 04:34:51 -04:00
|
|
|
local_addr != addr and
|
|
|
|
|
local_addr.get_addr() not in already_found):
|
2015-07-21 20:16:46 -04:00
|
|
|
|
|
|
|
|
# This intends to make sure we aren't double counting...
|
2015-07-23 04:34:51 -04:00
|
|
|
# e.g. 127.0.0.1:* - We require same number of addrs
|
|
|
|
|
# currently
|
2015-07-21 20:16:46 -04:00
|
|
|
already_found.add(local_addr.get_addr())
|
|
|
|
|
break
|
|
|
|
|
else:
|
|
|
|
|
return False
|
|
|
|
|
|
2015-07-24 18:47:38 -04:00
|
|
|
return True
|
