404

[ Avaa Bypassed ]




Upload:

Command:

elspacio@3.145.58.157: ~ $
#!/opt/cloudlinux/venv/bin/python3 -bb
# -*- coding: utf-8 -*-

# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT

import configparser as ConfigParser
import csv
import fcntl
import os
import pwd
import re
import tempfile
from collections import defaultdict
from stat import S_IRGRP, S_IROTH, S_IRUSR, S_IWUSR, ST_DEV
from typing import Dict, List, Optional, Tuple

import clcontrollib
import cldetectlib
from clcommon import FormattedException
# pylint: enable=E0611
from clcommon.clpwd import ClPwd
from clcommon.clquota import check_quota_enabled
from clcommon.cpapi import admin_packages, list_users, resellers_packages
from clcommon.cpapi.cpapiexceptions import CPAPIExternalProgramFailed, EncodingError
from clcommon.utils import (
    ExternalProgramFailed,
    get_file_lines,
    get_filesystem_type,
    run_command,
    write_file_lines,
)


IS_DA = clcontrollib.detect.is_da()
DEFAULT_PACKAGE = 'default'
VE_DEFAULT_PACKAGE = 'VE_DEFAULT'  # virtual package, alias for uid=0


class NoSuchPackageException(Exception):
    def __init__(self, package):
        Exception.__init__(self, "No such package (%s)" % (package,))


class NoSuchUserException(Exception):
    def __init__(self, user):
        Exception.__init__(self, "No such user (%s)" % (user,))


class InsufficientPrivilegesException(Exception):
    def __init__(self):
        Exception.__init__(self, "Insufficient privileges")


class IncorrectLimitFormatException(Exception):
    def __init__(self, limit):
        Exception.__init__(self, "Incorrect limit format (%s)" %(limit,))


class MalformedConfigException(FormattedException):
    """
    Raised when config files is malformed and
    cl-quota is not able to work with it
    """
    def __init__(self, error: ConfigParser.ParsingError):
        super(MalformedConfigException, self).__init__({
            'message':
                "cl-quota can't work because for malformed config. "
                "Please, contact CloudLinux support if you "
                "need help with resolving this issue. "
                "Details: %(error_message)s",
            'context': dict(
                error_message=str(error)
            )
        })


class GeneralException(Exception):
    def __init__(self, message):
        Exception.__init__(self, message)


class QuotaDisabledException(Exception):
    def __init__(self):
        super(QuotaDisabledException, self).__init__('Quota disabled for all users on server')


class UserQuotaDisabledException(QuotaDisabledException):
    """
    Raised when quota is disabled for one particular user
    """
    def __init__(self, uid=None, homedir=None, message=None):
        all_msg = 'Quota disabled'
        if uid:
            all_msg += ' for user id %s' % uid
        if homedir:
            all_msg += ' (home directory %s)' % homedir
        if message:
            all_msg += '; %s' % message
        Exception.__init__(self, all_msg)


def _is_sys_path(path):
    """
    >>> _is_sys_path('/home/username')
    False
    >>> _is_sys_path('/var/davecot')
    True
    """
    if path[-1] != '/':
        path += '/'
    sys_path_ = ('/root/', '/usr/', '/var/', '/sbin/', '/dev/', '/bin/', '/srv/', '/sys/', '/etc/ntp/')
    if path == '/':
        return True
    for path_ in sys_path_:
        if path.startswith(path_):
            return True


def _get_users_list():
    """
    Return no system users uid list
    """

    cl_pwd = ClPwd()
    pw_dict = cl_pwd.get_user_dict()
    users_uid = [pw_dict[usr].pw_uid for usr in pw_dict if not _is_sys_path(pw_dict[usr].pw_dir)]

    return users_uid


def is_quota_inheritance_enabled() -> bool:
    """
    Check `cl_quota_inodes_inheritance` parameter in the config file
    """
    res = cldetectlib.get_boolean_param(cldetectlib.CL_CONFIG_FILE, 'cl_quota_inodes_inheritance', default_val=False)
    return res


class QuotaWrapper(object):
    """
    Base quota class for inode quotas handling

    * Update system quotas via setquota
    * Retrieves system quotas via repquota
    * Stores current quotas in /etc/container/cl-quotas.dat file
    * Maintaines /etc/container/cl-quotas.cache file with resolved quotas. That file can be read by non-privileged users
    """
    PROC_MOUNTS = '/proc/mounts'
    QUOTASYNC  = '/usr/bin/quotasync'
    SETQUOTA  = '/usr/sbin/setquota'
    REPQUOTA  = '/usr/sbin/repquota'
    GETPACKS  = '/usr/bin/getcontrolpaneluserspackages'
    DATAFILE  = '/etc/container/cl-quotas.dat'
    CACHEFILE = '/etc/container/cl-quotas.cache'
    # File lock variables
    LOCK_FD = None
    LOCK_FILE = DATAFILE + '.lock'
    LOCK_WRITE = False

    def __init__(self):
        self._assert_file_exists(QuotaWrapper.PROC_MOUNTS)
        self._assert_file_exists(QuotaWrapper.REPQUOTA)
        self._assert_file_exists(QuotaWrapper.SETQUOTA)

        self._quota_enabled_list = list()
        self._panel_present = None
        self._grace = {}
        self._quota = {}
        self._device_quota = {}
        self._package_to_uids_map = {}  # type: Dict[str, List[str]]
        self._uid_to_packages_map = {}  # type: Dict[str, List[str]]
        self._uid_to_homedir_map = {}  # type: Dict[str, str]
        self._dh = self._get_saved_data_handler()
        self._fields = ['bytes_used', 'bytes_soft', 'bytes_hard', 'inodes_used', 'inodes_soft', 'inodes_hard']
        self._euid = os.geteuid()
        self._devices = self._load_quota_devices()
        self._mountpoint_device_mapped = self._get_mountpoint_device_map(self._devices)
        self._device_user_map = None
        # List of all packages (all admin's packages + all reseller packages)
        self._all_package_list = None

    @staticmethod
    def _assert_file_exists(path):
        """
        Checks if command is present and exits if no
        """
        if not os.path.exists(path):
            raise RuntimeError('No such command (%s)' % (path,))

    def __enter__(self):
        return self

    def __exit__(self, _type, _value, _traceback):
        if self.LOCK_FD is not None:
            self.LOCK_FD.close()

    def get_user_limits(self, uid):
        '''
        Returns user limits converted to tuples
        '''
        return self._convert_data_to_tuples(self._get_current_quotas(uid))

    def get_all_users_limits(self):
        '''
        Returns all user limits converted to tuples
        '''
        return self._convert_data_to_tuples(self._get_current_quotas())

    def get_package_limits(self, package):
        """
        :param packname: Package name for get limits. If None, returns all packages,
                          else - only supplied package
        Returns package limits converted to tuples (called only from main)
        """
        return self._convert_data_to_tuples(self._get_package_quotas(packname=package))

    def get_all_packages_limits(self, package=None):
        """
        Returns all packages limits converted to tuples (called only from main)
        """
        return self._convert_data_to_tuples(self._get_package_quotas(packname=package, all_packages=True))

    def _preprocess_limit(self, limit):
        """
        Preprocessed passed limit: 'default' --> '0', 'unlimited' --> -1, else calls _check_limit
        :param limit:
        :return:
        """
        if limit == 'default':
            return '0'
        if limit in ('unlimited', '-1'):
            return '-1'
        return self._check_limit(limit)

    def _get_package_from_dh(self, package):
        return self._dh.get('packages', package).split(':')

    def _get_all_packages_with_limits(self, clean_dead_packages=False):
        """
        Retrive all available packages with their limits
        :param clean_dead_packages: if True - remove all nonexistent packages from cl-quotas.dat
        :return: Dictionary: { 'package_name': (soft_limit, hard_limit) }
        """

        # result dictionary
        package_limits_dict = {}
        # Load packages limits from cl-quota.dat
        db_packages = {}
        if self._dh.has_section('packages') and len(self._dh.items('packages')) > 0:
            list_of_packages = self._get_all_package_list()
            for package in self._dh.options('packages'):
                if clean_dead_packages and package not in list_of_packages:
                    self._dh.remove_option('packages', package)
                    continue
                package_limits = self._get_package_from_dh(package)
                # Pass package, if limits not well-formed
                if len(package_limits) != 2:
                    continue
                db_packages[package] = package_limits[0], package_limits[1]
            if clean_dead_packages:
                self._write_data()
        # Put all panel packages to result dictionary
        self._get_package_to_users_map()
        for package in self._package_to_uids_map.keys():
            if package in db_packages:
                # if package present in cl-quota.dat, take limits
                package_limits_dict[package] = db_packages[package]
            else:
                package_limits_dict[package] = ('0', '0')
        return package_limits_dict

    def set_user_limit(
            self,
            uid: str,
            soft: Optional[str] = None,
            hard: Optional[str] = None,
            save: bool = True,
            force_save: bool = False,
            only_store: bool = False,
    ):
        """
        Set limits for users

        * Resolve limits according to those saved in cl-quota.dat
          Limits are resolved in the following order:
            user limits --> package limits --> root user (uid=0) limits
        * Apply new limits when resolved limits differ from those in cache or when `force_save` is True
        * Write updated values to cl-quota.dat if `save` is True
          Always update cl-quota.dat in case both zeroes or both unlimited are provided

        :param uid: user id
        :param soft: soft limit value
        :param hard: hard limit value
        :param save: save limits to cl-quota.dat
        :param force_save: save limits to cl-quota.dat even if they are not changed
        :param only_store: store limits in memory, but do not apply them

        :return: None
        """
        self._check_admin()

        # Validate limits value, convert 'unlimited' --> '-1', 'default' --> '0'
        soft_validated, hard_validated = self._preprocess_limit(soft), self._preprocess_limit(hard)

        # Derive limits from cl-quota.dat according to the limits inheritance rules
        soft_resolved, hard_resolved = self._combine_user_limits(uid=uid, soft=soft_validated, hard=hard_validated)

        # Convert limit to format acceptable by setquota utility
        soft_converted, hard_converted = self._convert_for_sys_utility(soft=soft_resolved, hard=hard_resolved)

        # Get data from repquota utility
        cached = self._get_current_quotas(uid)[uid]

        # Run cmd only if quota changed or force_save is True
        # If force_save is True it equals to --save-all-paramters in cloudlinux-limits
        if (soft_converted, hard_converted) != (cached["inodes_soft"], cached["inodes_hard"]) or force_save:
            # Don't apply limits to root user
            if uid != '0':
                device = self._get_home_device(self._fetch_homedir(uid))
                if only_store:
                    stdin = f'{uid} {cached["bytes_soft"]} {cached["bytes_hard"]} {soft_converted} {hard_converted}\n'
                    self._device_quota[device] = self._device_quota.get(device, '') + stdin
                else:
                    cmd = [
                        QuotaWrapper.SETQUOTA,
                        '-u', uid, cached['bytes_soft'], cached['bytes_hard'], soft_converted, hard_converted, device,
                    ]
                    run_command(cmd)
                    self._sync_quota_files(device)

            if save:
                soft_user_dat, hard_user_dat = self._get_user_limits_to_save(
                    uid, soft_validated, hard_validated, force_save=force_save)
                self._save_user_limits(uid, soft_user_dat, hard_user_dat)

        # Always update cl-quota.dat in case both zeroes or both unlimited are provided
        if (soft_validated == '0' and hard_validated == '0') or (soft_validated == '-1' and hard_validated == '-1'):
            self._save_user_limits(uid, soft_validated, hard_validated)

        if uid == '0':
            self._apply_all_limits()

    def set_package_limit(
            self,
            package: str,
            soft: Optional[str] = None,
            hard: Optional[str] = None,
            save: bool = True,
            only_store: bool = False
    ) -> None:
        """
        Sets limits for package

        :param package: package name
        :param soft: soft limit value
        :param hard: hard limit value
        :param save: save limits to cl-quota.dat
        :param only_store: store limits in memory, but do not apply them

        :return: None
        """

        self._check_admin()

        # Validate limits value, convert 'unlimited' --> '-1', 'default' --> '0'
        soft_validated, hard_validated = self._preprocess_limit(soft), self._preprocess_limit(hard)

        # Set limits for empty reseller package
        if save is True \
                and package in self._get_package_quotas(all_packages=True) \
                and package not in self._get_package_to_users_map():
            # Drive limits from cl-quota.dat according to the limits inheritance rules
            soft_resolved, hard_resolved = self._get_saved_package_limits_if_none(
                package, soft_validated, hard_validated)
            self._save_package_limits(package, soft_resolved, hard_resolved)
            return

        if not self._check_package_exists(package):
            return

        # Example: {'/dev/sda1': ['502', '504', '515', '521', '501']}
        device_user_map = self._get_device_user_map()
        cached_quotas = self._get_current_quotas()
        for device in device_user_map.keys():
            std_in = []
            for uid in self._get_package_to_users_map(package):
                if uid not in device_user_map[device]:
                    continue

                soft_resolved, hard_resolved = self._combine_package_limits(
                    uid=uid, package=package, soft=soft_validated, hard=hard_validated)

                soft_converted, hard_converted = self._convert_for_sys_utility(soft=soft_resolved, hard=hard_resolved)
                try:
                    soft_cached, hard_cached = cached_quotas[uid]['inodes_soft'], cached_quotas[uid]['inodes_hard']
                    if (soft_converted, hard_converted) != (soft_cached, hard_cached):
                        std_in.append(
                            f'{uid} '
                            f'{cached_quotas[uid]["bytes_soft"]} {cached_quotas[uid]["bytes_hard"]} '
                            f'{soft_converted} {hard_converted}'
                        )
                except KeyError:
                    pass  # skip error when quota is on but not configured

            if len(std_in) != 0:
                std_in = ('\n'.join(std_in) + '\n')
                self._device_quota[device] = self._device_quota.get(device, '') + std_in

        if save:
            soft_data, hard_data = self._get_package_limits_to_save(package, soft_validated, hard_validated)
            self._save_package_limits(package, soft_data, hard_data)

        if not only_store:
            self._flush_device_quota()

    def synchronize(self):
        """
        Read limits from file and applies them to packages and users
        """
        self._check_admin()

        package_limits = self._get_all_packages_with_limits(clean_dead_packages=True)
        for package, (soft, hard) in package_limits.items():
            self.set_package_limit(package, soft, hard, save=False, only_store=True)

        self._remove_unexisting_users()
        self._flush_device_quota()

    def save_user_cache(self):
        """
        Caches the limits to non-privileged user to see them
        """
        self._check_admin()

        # get data from repquota utility
        current_quotas = self._get_current_quotas()

        # form 2d array for writing to file
        cache_content = [
            [k] + [current_quotas[k][field] for field in self._fields]
            for k in sorted(current_quotas.keys(), key=int)
        ]

        self._get_global_lock(True)
        file_handler = self._prepare_writer(QuotaWrapper.CACHEFILE)
        csv_out = csv.writer(file_handler, quoting=csv.QUOTE_MINIMAL)
        csv_out.writerows(cache_content)
        self._end_writer(QuotaWrapper.CACHEFILE)
        self._release_lock()

    def _apply_all_limits(self, skip_root: bool = True):
        """Set limits for all users. Skip root user if skip_root is True"""
        for uid in self._get_uid_to_packages_map().keys():
            if uid == '0' and skip_root:
                continue
            self.set_user_limit(uid, soft=None, hard=None, save=False, only_store=True)
        self._flush_device_quota()

    def _flush_device_quota(self):
        """Write all device quotas to disk"""
        quotas_written: bool = False

        for device in self._device_quota.keys():
            cmd = [QuotaWrapper.SETQUOTA, '-bu', device]
            run_command(cmd, std_in=self._device_quota[device])
            quotas_written = True

        if quotas_written:
            self._sync_quota_files()

        self._device_quota = {}

    def _sync_quota_files(self, device: str | None = None):
        """
        In order to sync inodes limits in kernel with limits in user.quota file run `quotasync` command.
        Otherwise `repquota` called right after `setquota` may return old limits existed before `setquota` call.

        Skipped on the XFS filesystem because XFS does not require a separate quota synchronization step
        as it handles these operations in real-time. Additionally, the specific functionality required by `quotasync`
        to sync the disk quota information is not implemented, resulting in an error.
        """
        if device is not None:
            fs_type = get_filesystem_type(device)
            if fs_type.lower() == 'xfs':
                return
            cmd = [QuotaWrapper.QUOTASYNC, device]
        else:
            cmd = [QuotaWrapper.QUOTASYNC, '-a']
        run_command(cmd)

    def _remove_unexisting_users(self):
        """Remove all records from cl-quota.dat for users which do not exist"""
        if self._dh.has_section('users'):
            for uid in self._dh.options('users'):
                try:
                    # Check user presence
                    self._fetch_homedir(uid)
                except NoSuchUserException:
                    self._dh.remove_option('users', uid)
            self._write_data()

    def _check_package_exists(self, package):
        """Check whether package exists"""
        try:
            self._get_package_to_users_map(package)
        except NoSuchPackageException:
            return False
        else:
            return True

    def _get_user_limits_to_save(
            self,
            uid: str,
            soft_validated: Optional[str],
            hard_validated: Optional[str],
            force_save: bool = False,
    ) -> Tuple[Optional[str], Optional[str]]:
        """
        Derive package limit values to save to cl-quota.dat
        If None passed as limit to method, then replace it by the user's value from cl-quota.dat
        Update cl-quota.dat only if the derivation result changes
        """
        soft_user_dat, hard_user_dat = self._get_user_limits(uid=uid)

        soft_resolved, hard_resolved = self._combine_user_limits(uid=uid, soft=soft_validated, hard=hard_validated)
        soft_none_resolved, hard_none_resolved = self._combine_user_limits(uid=uid, soft=None, hard=None)

        if soft_resolved != soft_none_resolved or (force_save and soft_validated is not None):
            soft_user_dat = soft_validated
        if hard_resolved != hard_none_resolved or (force_save and soft_validated is not None):
            hard_user_dat = hard_validated

        return soft_user_dat, hard_user_dat

    def _get_package_limits_to_save(
            self, package: str, soft_validated: Optional[str], hard_validated: Optional[str]) -> Tuple[str, str]:
        """Derive package limit values to save to cl-quota.dat"""
        p_soft, p_hard = self._get_package_limits(package=package)

        # If new value is provided, then update package limit
        p_soft = soft_validated if soft_validated is not None else p_soft
        p_hard = hard_validated if hard_validated is not None else p_hard
        return p_soft, p_hard

    def _check_present_panel(self):
        """
        Return True if control panel present
        """
        if self._panel_present is None:
            self._panel_present = 'Unknown' != run_command(['/usr/bin/cldetect', '--detect-cp-nameonly']).rstrip()
        return self._panel_present

    def _check_admin(self):
        '''
        Raise exception if no admin user
        '''
        if self._euid != 0:
            raise InsufficientPrivilegesException()

    def _get_saved_data_handler(self) -> ConfigParser.ConfigParser:
        '''
        Gets ConfigParser handler for future use
        Loads saved quotas from /etc/container/cl-quotas.dat file
        '''
        self._get_global_lock(True)
        dh = ConfigParser.ConfigParser(interpolation=None, strict=False)
        dh.optionxform = str
        try:
            dh.read(QuotaWrapper.DATAFILE)
        except ConfigParser.ParsingError as e:
            raise MalformedConfigException(e)
        finally:
            self._release_lock()
        return dh

    def _get_device_user_map(self):
        """
        Returns dictionary mapping devices to lists of users
        """
        if self._device_user_map is not None:
            return self._device_user_map
        devices_map = {}
        device_user_pairs = []
        for uid in self._get_list_of_uids():
            try:
                device_user_pairs.append((self._get_home_device(self._fetch_homedir(uid)), uid))
            except KeyError:
                continue
        for pair in device_user_pairs:
            if pair[0] not in devices_map:
                devices_map[pair[0]] = []
            devices_map[pair[0]].append(pair[1])
        self._device_user_map = devices_map
        return self._device_user_map

    def _check_limit(self, limit: Optional[str]) -> Optional[str]:
        if limit is None or limit == '-1':
            return limit
        limit_pattern = re.compile(r'(\d+)')
        pattern_match = limit_pattern.search(limit)
        if not pattern_match:
            raise IncorrectLimitFormatException(limit)
        return pattern_match.group(1)

    def _combine_user_limits(self, uid: str, soft: Optional[str] = None, hard: Optional[str] = None) -> Tuple[str, str]:
        """
        Determines user limits by resolving them according to the limits inheritance rule:
            user limits ---(overridden by provided as method param if provided not None)--->
                ---> package limits ---> root user (uid=0) limits

        uid: user id
        soft: Optional[str] = None: limit value, can be:
            * None -- value not passed
            * "-1" -- unlimited
            * "0" -- default (next value from hierarchy should be considered)
            * "1", "2", ... -- precice limit values
        hard: soft: Optional[str] = None: limit value, values range the same as for soft

        return: Tuple[str, str]: (soft_limit, hard_limit), they can be:
            * "-1" -- unlimited
            * "1", "2", ... -- precice limit values
        """
        if uid == '0':
            soft, hard = self._get_user_limits_override_none(uid=uid, soft=soft, hard=hard)
            soft, hard = (soft if soft != '0' else '-1', hard if hard != '0' else '-1')
            return soft, hard

        soft, hard = self._get_user_limits_override_none(uid=uid, soft=soft, hard=hard)

        for package in self._get_uid_to_packages_map(uid):
            soft, hard = self._get_package_limits_override_default(package=package, soft=soft, hard=hard)

        soft, hard = self._get_user_limits_override_default(uid='0', soft=soft, hard=hard)
        soft, hard = (soft if soft != '0' else '-1', hard if hard != '0' else '-1')
        return soft, hard

    def _get_user_limits_override_none(self, uid: str, soft: Optional[str] = None, hard: Optional[str] = None) -> Tuple[str, str]:
        """Get user limits from cl-quota.dat. If limit is None, then override it by user's limit

        :param str uid: user id
        :param Optional[str] soft: limit value, can be:
            * None -- value not passed, should be overridden by user's limit
            * "-1" -- unlimited
            * "0" -- default (next value from hierarchy should be taken)
            * "1", "2", ... -- values
        :param Optional[str] hard: limit values same as for soft
        :return Tuple[str, str]: derived limits
        """
        user_soft, user_hard = self._get_user_limits(uid=uid)
        # Override by passed limits values
        soft = self._check_limit(limit=soft if soft is not None else user_soft)
        hard = self._check_limit(limit=hard if hard is not None else user_hard)
        return soft, hard

    def _get_user_limits_override_default(self, uid: str, soft: str, hard: str) -> Tuple[str, str]:
        """Get user limits from cl-quota.dat. If limit is default, then override it by user's limit

        :param str uid: user id
        :param Optional[str] soft: limit value, can be:
            * "-1" -- unlimited
            * "0" -- default (next value from hierarchy should be taken)
            * "1", "2", ... -- values
        :param Optional[str] hard: limit values same as for soft
        :return Tuple[str, str]: derived limits
        """
        user_soft, user_hard = self._get_user_limits(uid=uid)
        # Override by passed limits values
        soft = self._check_limit(limit=soft if soft != '0' else user_soft)
        hard = self._check_limit(limit=hard if hard != '0' else user_hard)
        return soft, hard

    def _get_user_limits(self, uid: str) -> Tuple[str, str]:
        """Try to get user's limits from cl-quota.dat"""
        try:
            user_soft, user_hard = self._dh.get('users', uid).split(':')
        except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
            user_soft, user_hard = '0', '0'
        return user_soft, user_hard

    def _get_package_limits_override_default(self, package: str, soft: str, hard: str) -> Tuple[str, str]:
        """Get package limits from cl-quota.dat. If passed limit is default, then override it by package's limit"""
        pack_soft, pack_hard = self._get_package_limits(package=package)
        soft = self._check_limit(limit=pack_soft if soft == '0' else soft)
        hard = self._check_limit(limit=pack_hard if hard == '0' else hard)
        return soft, hard

    def _get_package_limits(self, package: str) -> Tuple[str, str]:
        """Try to get package's limits from cl-quota.dat"""
        try:
            soft, hard = self._get_package_from_dh(package)
        except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
            soft, hard = '0', '0'
        return soft, hard

    @staticmethod
    def _convert_for_sys_utility(soft: Optional[str], hard: Optional[str]) -> Tuple[Optional[str], Optional[str]]:
        """Converts limits for setquota utility which threats 0 as unlimited"""
        if soft == '-1':
            soft = '0'
        if hard == '-1':
            hard = '0'
        return soft, hard

    def _combine_package_limits(
            self, package: str, uid: str, soft: Optional[str], hard: Optional[str]) -> Tuple[str, str]:
        """
        Determines package limits taking into account saved user and default ones
        """
        u_soft, u_hard = self._get_user_limits(uid=uid)

        if IS_DA and is_quota_inheritance_enabled():
            # Check the real user's package and save his quotas (instead of setting `DEFAULT` package ones)
            # This is only DA's specificall
            da_real_package = self._get_da_real_package(uid=uid)
            if da_real_package != package:
                da_real_quotas = self._get_package_quotas(packname=da_real_package, all_packages=True)
                soft = p_soft = da_real_quotas[da_real_package]['inodes_soft']
                hard = p_hard = da_real_quotas[da_real_package]['inodes_hard']
            else:
                p_soft, p_hard = self._get_package_limits(package=package)
        else:
            p_soft, p_hard = self._get_package_limits(package=package)

        # Combine package limits with new package limits
        # If user limit is non-default, take it, otherwise use package limit
        # Override package limit by the new one if it's possible
        soft = u_soft if u_soft != '0' else (soft if soft is not None else p_soft)
        hard = u_hard if u_hard != '0' else (hard if hard is not None else p_hard)

        # If package limits absent, use default limits
        soft, hard = self._get_user_limits_override_default(uid='0', soft=soft, hard=hard)
        soft, hard = (soft if soft != '0' else '-1', hard if hard != '0' else '-1')
        return soft, hard

    def _get_saved_package_limits_if_none(self, package, soft=None, hard=None):
        """
        Applies saved package limits if none has been passed
        """
        try:
            pack_soft, pack_hard = self._get_package_from_dh(package)
            if soft is None and pack_soft != '0':
                soft = pack_soft
            if hard is None and pack_hard != '0':
                hard = pack_hard
        except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
            pass
        soft = self._check_limit(soft)
        hard = self._check_limit(hard)
        return soft, hard

    def _get_da_real_package(self, uid: str) -> str:
        """
        Get real package name for DA user

        :param str uid: user id
        :return str: retrieved package name
        """
        username = ClPwd().get_names(int(uid))[0]
        return clcontrollib.DirectAdmin()._get_user_package(username)

    def _get_current_quotas(self, uid=None):
        """
        Retrieves current quotas.
        If euid == 0, use data from repquota utility, else from /etc/container/cl-quotas.cache file
        """
        if self._euid != 0:
            return self._load_user_cache()
        if not self._quota:
            # Retrieves quotas from repquota utility
            self._quota = self._load_current_quotas()
        if uid:
            try:
                return {uid: self._quota[uid]}
            except KeyError:
                self._check_if_quota_enabled(uid)
                raise NoSuchUserException(uid)
        return self._quota

    def _get_package_quotas(self, packname=None, all_packages=False):
        """
        Prepares package limits data for outputting
        (call only from get_package_limits/get_all_packages_limits - main)

        :param packname: Package name for get limits. If present, function returns
                            limits only for this package, else - all packages
        :param all_packages: If False reads only used and admin's packages, True - all packages
                                (including reseller packages without users)
        :return Dictionary of package limits:
            {package_name: {'inodes_used': 'xxx', 'inodes_soft': 'yyy', 'inodes_hard': 'zzz'}
        """
        q = {}
        if all_packages:
            # Get list of all packages
            list_of_packages = self._get_all_package_list()
        else:
            # Get list of used packages + all admin's packages
            list_of_packages = self._get_list_of_packages()
        for package in list_of_packages:
            values = ['-']
            try:
                if package == VE_DEFAULT_PACKAGE:
                    # Because "VE_DEFAULT" package is not a real package and just
                    # uses limits from LVE == 0 we should read it's limits
                    # from there
                    soft, hard = self._dh.get('users', '0').split(':')
                else:
                    soft, hard = self._dh.get('packages', package).split(':')
                soft = self._check_limit(soft)
                hard = self._check_limit(hard)
                if soft == '-1':
                    soft = '-'
                if hard == '-1':
                    hard = '-'
                values.extend([soft, hard])
            except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
                values.extend(['0', '0'])
            q.update(self._populate(package, values))
        if packname:
            try:
                return {packname: q[packname]}
            except KeyError:
                raise NoSuchPackageException(packname)
        return q

    def _populate(self, item, data):
        return {item: dict(list(map((lambda x: (x[1], data[x[0]])), enumerate(self._fields[3:]))))}

    def _get_list_of_packages(self):
        return list(self._get_package_to_users_map().keys())

    def _get_list_of_uids(self):
        return list(self._get_uid_to_packages_map().keys())

    def _get_package_to_users_map(self, package=None):
        if not self._package_to_uids_map:
            self._package_to_uids_map = self._load_package_uids_data()
        if package:
            try:
                return self._package_to_uids_map[package]
            except KeyError:
                raise NoSuchPackageException(package)
        return self._package_to_uids_map

    def _check_if_quota_enabled(self, uid):
        if uid in self._quota_enabled_list:
            return
        home_dir = self._fetch_homedir(uid)
        quota_disabled_message = check_quota_enabled(path=home_dir)
        if quota_disabled_message:
            raise UserQuotaDisabledException(uid=uid, homedir=home_dir, message=quota_disabled_message)
        else:
            self._quota_enabled_list.append(uid)

    def _get_uid_to_packages_map(self, uid=None):
        if not self._uid_to_packages_map:
            self._package_to_uids_map = self._load_package_uids_data()
        if uid:
            try:
                return self._uid_to_packages_map[uid]
            except KeyError:
                raise NoSuchUserException(uid)
        return self._uid_to_packages_map

    def _get_packages_uids_from_cpapi(self) -> Dict[str, List[str]]:
        """
        Retrieve package-uids map from cpapi. Only for custom panels. See LU-610 for details.
        Null packages coming from cpapi are considered to be 'default' package.

        :return: Dictionary with data.
        Example response:
            {'default': ['1038', '1043', '1046'], 'res1_pack1': ['1044'], 'pack1': ['1042']}
        Coorresponding self._uid_to_packages_map value:
            {'1038': ['default'], '1042': ['pack1'], '1043': ['default'], '1044': ['res1_pack1'], '1046': ['default']}
        """

        try:
            users_packages = list_users()
        except (OSError, CPAPIExternalProgramFailed, EncodingError) as e:
            raise ExternalProgramFailed('%s. Can not get users' % (str(e)))

        # Example of users_packages:
        #  {1000: {'reseller': 'root', 'package': 'Package1'},
        #   1001: {'reseller': 'res1', 'package': 'BusinessPackage'},
        #   1002: {'reseller': 'root', 'package': None}}

        packages_users = defaultdict(list)  # type: Dict[str, List[str]]
        self._uid_to_packages_map = defaultdict(list)  # type: Dict[str, List[str]]

        for uid, uid_data in users_packages.items():
            s_uid = str(uid)
            package = uid_data['package'] if uid_data['package'] is not None else VE_DEFAULT_PACKAGE
            packages_users[package].append(s_uid)
            self._uid_to_packages_map[s_uid].append(package)

        try:
            admin_pkgs = admin_packages(raise_exc=True)
        except (OSError, CPAPIExternalProgramFailed) as e:
            raise ExternalProgramFailed('%s. Can not get admin packages' % (str(e)))

        for package in admin_pkgs:
            packages_users.setdefault(package if package is not None else VE_DEFAULT_PACKAGE, [])

        packages_users.setdefault(VE_DEFAULT_PACKAGE, [])

        return packages_users

    def _load_package_uids_data(self) -> Dict[str, List[str]]:
        """
        Gets map of packages and users
        :rtype dict
        :return Dictionary with data. Example:
            {'default': ['1038', '1043', '1046'], 'res1_pack1': ['1044'], 'pack1': ['1042']}
        """
        packages = {}
        if self._euid != 0:
            return packages
        # if packages not supported all user has 'VE_DEFAULT' package
        if not self._check_present_panel():
            packages[VE_DEFAULT_PACKAGE] = list(map(str, _get_users_list()))
            self._uid_to_packages_map = {i: [VE_DEFAULT_PACKAGE] for i in packages[VE_DEFAULT_PACKAGE]}
            return packages

        return self._get_packages_uids_from_cpapi()

    def _get_all_package_list(self):
        """
        Retrives all (root and resellers) panel package list
        :return: List of package names
        """
        # If list already loaded - do nothing
        if self._all_package_list:
            return self._all_package_list
        try:
            self._all_package_list = []
            list_admin_packages = admin_packages(raise_exc=True)
            for package in list_admin_packages:
                self._all_package_list.append(package)
        except (OSError, CPAPIExternalProgramFailed) as e:
            raise ExternalProgramFailed('%s. Can not get admin packages' % (str(e)))
        try:
            dict_resellers_packages = resellers_packages(raise_exc=True)
            for packages_list in dict_resellers_packages.values():
                for package in packages_list:
                    self._all_package_list.append(package)
        except (OSError, CPAPIExternalProgramFailed) as e:
            raise ExternalProgramFailed('%s. Can not get reseller packages' % (str(e)))
        # Add 'VE_DEFAULT' package to list
        if VE_DEFAULT_PACKAGE not in self._all_package_list:
            self._all_package_list.append(VE_DEFAULT_PACKAGE)
        return self._all_package_list

    def _convert_data_to_tuples(self, data):
        '''
        Convert dict to tuples for passing to printing routines
        '''
        for key in data.keys():
            try:
                entry = tuple(map((lambda x: (x, data[key][x])), self._fields[3:]))
                data[key] = entry
            except KeyError:
                continue
        return data

    def _load_current_quotas(self):
        """
        Gets current quota settings from repqouta utility for further processing
        """
        q = {}
        device = None
        devices = self._devices
        cmd = [QuotaWrapper.REPQUOTA, '-una']
        data = run_command(cmd)
        grace_regex_pattern = re.compile(r'(block|inode)\sgrace\stime:?\s(\d[\w:]+)(?:;|$|\s)', re.IGNORECASE)
        for line in data.splitlines():
            if line.startswith('#'):
                if not device:
                    continue
                parts = line.split()
                if len(parts) != 8:
                    parts = self._remove_redundant_fields_from_input(parts)
                uid = parts[0][1:]
                if uid == '0':  # We do not want to limit root :)
                    continue
                try:
                    if device not in devices:
                        device = self._find_unknown_device(device)
                    if device in devices and self._is_home_device(self._fetch_homedir(uid), device):
                        q[uid] = dict(list(map((lambda x: (self._fields[x[0]], x[1])), enumerate(parts[2:]))))
                except (KeyError, IndexError, NoSuchUserException):
                    continue
            elif line.startswith('***'):
                device = line[line.find('/dev'):].strip()
            elif 'grace' in line:
                found = grace_regex_pattern.findall(line)
                if found:
                    self._grace.update(dict(list(map((lambda x: (x[0].lower(), x[1])), found))))
        q.update(self._add_default())
        return q

    def _remove_redundant_fields_from_input(self, parts):
        stripped_parts = parts[:2]
        is_digit_pattern = re.compile(r'^\d+$')
        stripped_parts.extend(
            [field for field in parts[2:] if is_digit_pattern.search(field)])
        return stripped_parts

    def _fetch_homedir(self, uid):
        if len(self._uid_to_homedir_map) == 0:
            self._uid_to_homedir_map.update({str(entry.pw_uid): entry.pw_dir for entry in pwd.getpwall()})
        try:
            return self._uid_to_homedir_map[uid]
        except KeyError:
            raise NoSuchUserException(uid)

    def _load_quota_devices(self):
        """
        Gets mounted filesystems list and picks ones with quota on

        Example of returned data structure:
            {'/dev/mapper/VolGroup-lv_root': [
                {'mountpoint': '/', 'quota_file': 'quota.user', 'quota_type': 'vfsv0'},
                {'mountpoint': '/var', 'quota_file': 'quota.user', 'quota_type': 'vfsv0'}
                ],
            '/dev/mapper/VolGroup-lv_root2': [
                {'mountpoint': '/', 'quota_file': 'quota.user', 'quota_type': 'vfsv0'},
                {'mountpoint': '/var', 'quota_file': 'quota.user', 'quota_type': 'vfsv0'}
            ]
            }
        """
        devices = {}  # type: Dict[str, List[Dict[str, str]]]
        proc_mounts_stream = open(QuotaWrapper.PROC_MOUNTS)
        split_patt = re.compile(r' |,')
        for line in proc_mounts_stream:
            if line.startswith('rootfs /'):
                continue
            line_splited = split_patt.split(line)
            device = line_splited[0]
            mountpoint_data = {'mountpoint':  line_splited[1]}
            for line_splited_element in line_splited:
                if line_splited_element.startswith('usrquota=') or line_splited_element.startswith('usruota='):
                    mountpoint_data['quota_file'] = line_splited_element.split('=')[1]
                elif line_splited_element.startswith('jqfmt='):
                    mountpoint_data['quota_type'] = line_splited_element.split('=')[1]
            if device in devices:
                devices[device].append(mountpoint_data)
            else:
                devices[device] = [mountpoint_data]
        proc_mounts_stream.close()
        if len(devices) == 0:
            # TODO: this only can happen when system HAS NO MOUNTS AT ALL
            raise QuotaDisabledException()
        return devices

    def _load_user_cache(self):
        '''
        For non-privileged user we outputting data from the file
        '''
        q = {}
        try:
            self._get_global_lock()
            fo = open(QuotaWrapper.CACHEFILE)
            cvs_in = csv.reader(fo, delimiter=',')
        except (OSError, IOError):
            # We don't want to confuse a panel with error messages.
            # Let the data be zeroes until they arrive
            return {str(self._euid): dict.fromkeys(self._fields, '0')}
        finally:
            self._release_lock()
        uid = str(self._euid)
        for row in cvs_in:
            if row[0] == uid:
                q.update({row[0]: dict(list(map(
                    (lambda x: (self._fields[x],
                                row[x+1])),
                    range(len(self._fields)))))})  # pylint: disable=range-builtin-not-iterating
                break
        # We want to prevent crazy cases like misedited cache file
        if not q:
            return {str(self._euid): dict.fromkeys(self._fields, '0')}
        return q

    def _get_mountpoint_device_map(self, devices) -> List[Tuple[str, str]]:
        """
        return list tuple ('mountpoin tpath', 'device') reverse sorted by deep mountpoint path
        [('/mountpoint_path/path', '/device'), ('/mountpoint_path', '/device')]
        """
        def sort_by_deep_path(device_mountpoint):
            if device_mountpoint[0] == '/':
                deep_path = 0
            else:
                deep_path = device_mountpoint[0].count('/')
            return deep_path
        mountpoint_device_map = []
        for device, mountpoint_data_list in devices.items():
            for mountpoint_data in mountpoint_data_list:
                mountpoint_path = mountpoint_data['mountpoint']
                mountpoint_device_map.append((mountpoint_path, device))
        mountpoint_device_map.sort(key=sort_by_deep_path, reverse=True)
        return mountpoint_device_map

    def _get_home_device(self, home):
        """
        Returns device user homedir is on
        """
        def _add_slash(path):
            if path and path[-1] != '/':
                path += '/'
            return path
        dirname = _add_slash(os.path.dirname(home))
        for mounpoint_path, device in self._mountpoint_device_mapped:
            if dirname.startswith(_add_slash(mounpoint_path)):
                return device

    def _is_home_device(self, home, device):
        """
        Checks if a device is user homedir device
        """
        return self._get_home_device(home) == device

    def _find_unknown_device(self, device):
        try:
            dev = os.stat(device)[ST_DEV]
            dev_to_find = (os.major(dev), os.minor(dev))
            for current_device in self._devices.keys():
                dev = os.stat(current_device)[ST_DEV]
                if dev_to_find == (os.major(dev), os.minor(dev)):
                    return current_device
        except OSError:
            return device

    def _add_default(self):
        """
        Insert 'default' quota.
        Calls only from _load_current_quotas, after parsing repquota's output
        """
        values = ['-', '0', '0', '-']
        try:
            user_soft, user_hard = self._dh.get('users', '0').split(':')
            # Replace -1 to 0 for set unlimited limit
            if user_soft == '-1':
                user_soft = '0'
            if user_hard == '-1':
                user_hard = '0'
            values.extend([user_soft, user_hard])
        except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
            values.extend(['0', '0'])
        return {'0': dict(list(map((lambda x: (x[1], values[x[0]])), enumerate(self._fields))))}

    def _save_user_limits(self, uid, soft, hard):
        """
        Saves user limits
        """
        if soft is None:
            soft = '0'
        if hard is None:
            hard = '0'

        # remove user limits if they are equal to default
        if soft == '0' and hard == '0' and self._dh.has_section('users'):
            self._dh.remove_option('users', uid)
        else:
            if not self._dh.has_section('users'):
                self._dh.add_section('users')
            self._dh.set('users', uid, '%s:%s' % (soft, hard))
        self._write_data()

    def _save_package_limits(self, package, soft, hard):
        """
        Saves package limits
        """
        if soft is None:
            soft = '0'
        if hard is None:
            hard = '0'

        if soft == '0' and hard == '0' and self._dh.has_section('packages'):
            self._dh.remove_option('packages', package)
        else:
            if not self._dh.has_section('packages'):
                self._dh.add_section('packages')
            self._dh.set('packages', package, '%s:%s' % (soft, hard))
        self._write_data()
        self._copy_package_limits_to_cpanel(package)

    def _copy_package_limits_to_cpanel(self, package):
        """
        Copy package quota limits from cl-quotas.dat to cpanel packages data
        """
        if not cldetectlib.is_cpanel():
            return  # skip func if panel not cPanel
        package_path = f'/var/cpanel/packages/{package}'
        cpanel_package_lines = get_file_lines(package_path)
        if len(cpanel_package_lines) == 0:
            return  # skip func if no cPanel package found
        old_cpanel_data, modified_cpanel_lines = self._parse_cpanel_package_data(cpanel_package_lines)
        if old_cpanel_data is None and modified_cpanel_lines is None:
            return  # skip func if no lve extension in package
        # don't rewrite cpanel package file if new quotas for package are the same
        quotas_data = self._get_package_quotas(package, all_packages=True)[package]
        # unlimited quotas for package are indicated as '-',
        # but in package we want to write '-1'
        for key, value in quotas_data.items():
            if value == '-':
                quotas_data[key] = '-1'
        old_cpanel_limits = (old_cpanel_data.get('inodes_soft', '0'), old_cpanel_data.get('inodes_hard', '0'))
        current_quota_limits = (quotas_data['inodes_soft'], quotas_data['inodes_hard'])
        if old_cpanel_limits == current_quota_limits:
            return
        for limit_type in ('inodes_soft', 'inodes_hard'):
            limit_string = 'lve_' + str(limit_type) + '=' + str(quotas_data[limit_type]) + '\n'
            modified_cpanel_lines.append(limit_string)
        write_file_lines(package_path, modified_cpanel_lines, 'w')

    @staticmethod
    def _parse_cpanel_package_data(cpanel_package_lines):
        """
        Process cpanel_package_lines - get values of all old lve_ limits
        and remove lines with limits that would be changed
        """
        cpanel_package_lines_modified = cpanel_package_lines[:]
        old_cpanel_data = {}
        for line in cpanel_package_lines:
            if line.startswith('lve_'):
                line_parts = line.strip().split('=')
                limit_name = line_parts[0].replace('lve_', '').strip()
                if line_parts[1] != 'DEFAULT':
                    old_cpanel_data[limit_name] = line_parts[1]
                if limit_name in ('inodes_soft', 'inodes_hard'):
                    cpanel_package_lines_modified.remove(line)
            if line.startswith('_PACKAGE_EXTENSIONS') and 'lve' not in line:
                return None, None
        return old_cpanel_data, cpanel_package_lines_modified

    def _save_data(self, soft, hard, item, item_type):
        '''
        Saves data to a file
        '''
        if soft == '0' and hard == '0':
            try:
                self._dh.remove_option(item_type, item)
            except ConfigParser.NoSectionError:
                pass
        else:
            if not self._dh.has_section(item_type):
                self._dh.add_section(item_type)
            self._dh.set(item_type, item, '%s:%s' % (soft, hard))
        self._write_data()

    def _prepare_writer(self, filepath):
        """
        Open temporary file for writing and return file object
        """
        path = os.path.dirname(filepath)
        try:
            fd, temp_path = tempfile.mkstemp(prefix='lvetmp_', dir=path)
            file_handler = os.fdopen(fd, 'w')
            self._tmp = temp_path
            return file_handler
        except (IOError, OSError):
            if os.path.exists(temp_path):
                os.unlink(temp_path)
            raise GeneralException("Could not save data")

    def _end_writer(self, path):
        '''
        Routines after writing to file
        '''
        try:
            mask = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH
            os.rename(self._tmp, path)
            os.chmod(path, mask)
        except OSError:
            pass

    def _write_data(self):
        '''
        Actual place of saving data to a file
        '''
        self._get_global_lock(True)
        file_handler = self._prepare_writer(QuotaWrapper.DATAFILE)
        self._dh.write(file_handler)
        self._end_writer(QuotaWrapper.DATAFILE)
        self._release_lock()

    ##########################
    # File lock functions
    def _get_global_lock(self, write=False):
        if write:
            QuotaWrapper.LOCK_WRITE = True
        if QuotaWrapper.LOCK_FD is None:
            try:
                QuotaWrapper.LOCK_FD = open(QuotaWrapper.LOCK_FILE, 'r')
            except (IOError, OSError):
                raise GeneralException("Can't open lock file for reading")
            try:
                fcntl.flock(QuotaWrapper.LOCK_FD.fileno(), fcntl.LOCK_EX)
            except IOError:
                raise GeneralException("Can't get lock")

    def _release_lock(self):
        if (not QuotaWrapper.LOCK_WRITE) and (QuotaWrapper.LOCK_FD is not None):
            QuotaWrapper.LOCK_FD.close()
            QuotaWrapper.LOCK_FD = None

Filemanager

Name Type Size Permission Actions
__pycache__ Folder 0755
__init__.py File 51.94 KB 0644
cl_quota.py File 10.04 KB 0644
utils.py File 2.54 KB 0644