crypt/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-01-26 07:41:33 +03:00
Code Activity

Remove dead code

Browse Source
This commit is contained in:
Brad Warren
2017-08-29 10:38:53 -07:00
parent a339de80f4
commit 142bc33545
1 changed files with 1 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
certbot-postfix/certbot_postfix/installer.py
View File

@@ -38,8 +38,7 @@ class Installer(plugins_common.Installer):
def __init__(self, *args, **kwargs):
super(Installer, self).__init__(*args, **kwargs)
self.fixup = False
self.config_dir = None
self.config_dir = None
self.proposed_changes = {}
self.save_notes = []
@@ -299,108 +298,6 @@ class Installer(plugins_common.Installer):
util.check_call(cmd)
def ensure_cf_var(self, var, ideal, also_acceptable):
"""
Ensure that existing postfix config @var is in the list of @acceptable
values; if not, set it to the ideal value.
:raises .errors.MisconfigurationError: if conflicting existing values
are found for var
"""
acceptable = [ideal] + also_acceptable
l = [(num,line) for num,line in enumerate(self.cf)
if line.startswith(var)]
if not any(l):
self.additions.append(var + " = " + ideal)
else:
values = map(parse_line, l)
if len(set(values)) > 1:
if self.fixup:
conflicting_lines = [num for num,_var,val in values]
self.deletions.extend(conflicting_lines)
self.additions.append(var + " = " + ideal)
else:
raise errors.MisconfigurationError(
"Conflicting existing config values {0}".format(l)
)
val = values[0][2]
if val not in acceptable:
if self.fixup:
self.deletions.append(values[0][0])
self.additions.append(var + " = " + ideal)
else:
raise errors.MisconfigurationError(
"Existing config has %s=%s"%(var,val)
)
def wrangle_existing_config(self):
"""
Try to ensure/mutate that the config file is in a sane state.
Fixup means we'll delete existing lines if necessary to get there.
"""
# Check we're currently accepting inbound STARTTLS sensibly
self.ensure_cf_var("smtpd_use_tls", "yes", [])
# Ideally we use it opportunistically in the outbound direction
self.ensure_cf_var("smtp_tls_security_level", "may", ["encrypt","dane"])
# Maximum verbosity lets us collect failure information
self.ensure_cf_var("smtp_tls_loglevel", "1", [])
# Inject a reference to our per-domain policy map
# policy_cf_entry = "texthash:" + self.policy_file
# self.ensure_cf_var("smtp_tls_policy_maps", policy_cf_entry, [])
# self.ensure_cf_var("smtp_tls_CAfile", self.ca_file, [])
# Disable SSLv2 and SSLv3. Syntax for `smtp_tls_protocols` changed
# between Postfix version 2.5 and 2.6, since we only support => 2.11
# we don't use nor support legacy Postfix syntax.
# - Server:
self.ensure_cf_var("smtpd_tls_protocols", "!SSLv2, !SSLv3", [])
self.ensure_cf_var("smtpd_tls_mandatory_protocols", "!SSLv2, !SSLv3", [])
# - Client:
self.ensure_cf_var("smtp_tls_protocols", "!SSLv2, !SSLv3", [])
self.ensure_cf_var("smtp_tls_mandatory_protocols", "!SSLv2, !SSLv3", [])
def maybe_add_config_lines(self):
if not self.additions:
return
if self.fixup:
logger.info('Deleting lines: {}'.format(self.deletions))
self.additions[:0]=["#",
"# New config lines added by STARTTLS Everywhere",
"#"]
new_cf_lines = "\n".join(self.additions) + "\n"
logger.info('Adding to {}:'.format(self.fn))
logger.info(new_cf_lines)
if self.raw_cf[-1][-1] == "\n": sep = ""
else: sep = "\n"
for num, line in enumerate(self.raw_cf):
if self.fixup and num in self.deletions:
self.new_cf += "# Line removed by STARTTLS Everywhere\n# " + line
else:
self.new_cf += line
self.new_cf += sep + new_cf_lines
with open(self.fn, "w") as f:
f.write(self.new_cf)
def save(self, title=None, temporary=False):
"""Saves all changes to the configuration files.
Both title and temporary are needed because a save may be
intended to be permanent, but the save is not ready to be a full
checkpoint. If an exception is raised, it is assumed a new
checkpoint was not created.
:param str title: The title of the save. If a title is given, the
configuration will be saved as a new checkpoint and put in a
timestamped directory. `title` has no effect if temporary is true.
:param bool temporary: Indicates whether the changes made will
be quickly reversed in the future (challenges)
:raises .PluginError: when save is unsuccessful
"""
self.maybe_add_config_lines()
def get_config_var(self, name, default=False):
"""Return the value of the specified Postfix config parameter.
@@ -490,50 +387,3 @@ class Installer(plugins_common.Installer):
cmd.extend(("-c", self.conf("config-dir"),))
return cmd
# def update_CAfile(self):
# os.system("cat /usr/share/ca-certificates/mozilla/*.crt > " + self.ca_file)
#
# def set_domainwise_tls_policies(self):
# all_acceptable_mxs = self.policy_config.acceptable_mxs
# for address_domain, properties in all_acceptable_mxs.items():
# mx_list = properties.accept_mx_domains
# if len(mx_list) > 1:
# logger.warn('Lists of multiple accept-mx-domains not yet '
# 'supported.')
# logger.warn('Using MX {} for {}'.format(mx_list[0],
# address_domain)
# )
# logger.warn('Ignoring: {}'.format(', '.join(mx_list[1:])))
# mx_domain = mx_list[0]
# mx_policy = self.policy_config.get_tls_policy(mx_domain)
# entry = address_domain + " encrypt"
# if mx_policy.min_tls_version.lower() == "tlsv1":
# entry += " protocols=!SSLv2:!SSLv3"
# elif mx_policy.min_tls_version.lower() == "tlsv1.1":
# entry += " protocols=!SSLv2:!SSLv3:!TLSv1"
# elif mx_policy.min_tls_version.lower() == "tlsv1.2":
# entry += " protocols=!SSLv2:!SSLv3:!TLSv1:!TLSv1.1"
# else:
# logger.warn('Unknown minimum TLS version: {} '.format(
# mx_policy.min_tls_version)
# )
# self.policy_lines.append(entry)
# with open(self.policy_file, "w") as f:
# f.write("\n".join(self.policy_lines) + "\n")
def parse_line(line_data):
"""
Return the (line number, left hand side, right hand side) of a stripped
postfix config line.
Lines are like:
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
"""
num,line = line_data
left, sep, right = line.partition("=")
if not sep:
return None
return (num, left.strip(), right.strip())