404

[ Avaa Bypassed ]




Upload:

Command:

elspacio@3.145.85.233: ~ $
# -*- coding: utf-8 -*-

# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT

from __future__ import print_function
from __future__ import absolute_import
from __future__ import division
import json
import os
import sys
import uuid
import signal
import secureio
from future.moves import configparser as ConfigParser
from stat import S_IRUSR, S_IWUSR, S_IRGRP, S_IROTH
from future.utils import iteritems
from pathlib import Path
import psutil

from .clselect import ClSelect
from .clselectexcept import ClSelectExcept
from clcommon import ClPwd, clcaptain
from .clselectprint import clprint
from . import utils
from clcommon.utils import ExternalProgramFailed
try:
    from clcagefslib.const import BASEDIR
    from clcagefslib.fs import get_user_prefix
    from clcagefslib.selector.configure import is_ea4_enabled, read_cpanel_ea4_php_conf, configure_alt_php
    from clcagefslib.selector.panel.da import da_change_user_php_ini
    from clcagefslib.selector.panel.isp import ispmanager_create_user_wrapper
except ImportError:
    pass


class ClUserSelect(ClSelect):
    CAGEFS_PATH = '/var/cagefs'
    SELECTOR_PATH = '/usr/selector'
    NATIVE_PATH = SELECTOR_PATH if utils.in_cagefs() else '/usr/share/cagefs-skeleton/usr/selector'
    CAGEFS_EXCLUDE = '/etc/cagefs/exclude'
    SELECTOR2_DIR = '.cl.selector/selector.path'


    def clean_crui_images(self, users=None):
        """
        Creates flags mod_lsapi_reset_me in users' home directories in order
        to recreate CRIU images when php version/extensions/options have changed
        For details see LVEMAN-1210
        :param users: list of usernames (strings)
        """

        # There is not reliable way to check if CRIU is enabled inside CageFS
        # So let's always create the "mod_lsapi_reset_me" flag
        if not utils.in_cagefs() and not os.path.isfile('/var/run/mod_lsapi/criu.enabled'):
            return
        for user in users:
            pw = self._clpwd.get_pw_by_name(user)
            path = os.path.join(pw.pw_dir, 'mod_lsapi_reset_me')
            if not os.path.isfile(path):
                previous_user_data = self._change_uid(user)
                try:
                    clcaptain.write(path)
                except (OSError, ExternalProgramFailed) as e:
                    raise ClSelectExcept.UnableToSaveData(path, e)
                finally:
                    ClUserSelect._restore_uid(previous_user_data)


    @staticmethod
    def switch_symlink_for_alt_php(version, pw, exit_on_error=True, configure_multiphp = True):
        """
        Switch symlink for alt php.
        Create .cagefs directory if not created
        Rerurn True if error has occured
        """
        if not os.path.isdir(BASEDIR) and not utils.in_cagefs():
            print('ERROR: CageFS not installed.')
            if exit_on_error:
                sys.exit(1)
            else:
                return True

        if configure_multiphp and is_ea4_enabled():
            conf = read_cpanel_ea4_php_conf()
            if conf:
                try:
                    # get default system php version selected via MultiPHP Manager in cPanel WHM
                    default_php = conf['default']
                    # LVEMAN-1170: do not configure PHP Selector when system default version is alt-php
                    if not default_php.startswith('ea-php'):
                        print('ERROR: system default PHP version is alt-php. '
                              'PHP Selector is disabled. Use cPanel MultiPHP manager instead.')
                        if exit_on_error:
                            sys.exit(1)
                        else:
                            return True
                except KeyError:
                    pass

        # configure alt php - create .cagefs dir and create symlink
        error = configure_alt_php(pw, version, write_log=False, drop_perm=(os.geteuid() == 0), configure_multiphp = configure_multiphp)
        if error and exit_on_error:
            sys.exit(1)
        return error

    def apply_symlinks_rules(self):
        if self.without_cagefs:
            print('ERROR: this option does not work in "single user" mode (when CageFS is disabled)')
            sys.exit(1)
        if os.geteuid() != 0:
            print('ERROR: root privileges required')
            sys.exit(1)
        users_vers_dict = self.get_user_version_map()
        for user, version in iteritems(users_vers_dict):
            print('Processing user', user)
            pw = self._clpwd.get_pw_by_name(user)
            ClUserSelect.switch_symlink_for_alt_php(version, pw, exit_on_error=False, configure_multiphp=False)

    def __init__(self, item='php', exclude_pid_list=None):
        ClSelect.__init__(self, item)
        self._clpwd = ClPwd()
        self._user_excludes = set()
        if exclude_pid_list:
            self.exclude_pid_list = exclude_pid_list
        else:
            self.exclude_pid_list = []

    def get_version(self, user, show_native_version=False):
        """
        Returns alternative version for a user
        @param user: string
        @return: string
        """
        self._check_user_in_cagefs(user)
        alt_path = self._compose_user_alt_path(user)
        native = self._compose_native_info(show_native_version)
        if not os.path.isdir(alt_path):
            return native
        alternatives = self.get_all_alternatives_data()
        full_path = os.path.join(alt_path, self._item)
        if not os.path.islink(full_path):
            return native
        link_dst = os.readlink(full_path)
        if self.without_cagefs:
            if not self._native_contents:
                self._load_native_contents(self._item)
            if link_dst == self._native_contents[self._item]:
                return native
        if os.path.dirname(link_dst) == self.SELECTOR_PATH:
            return native
        try:
            version = list(filter(
                (lambda i: alternatives[i]['data'][self._item] ==
                    link_dst),
                list(alternatives.keys())))[0]
            return (version,
                    alternatives[version]['version'],
                    alternatives[version]['data'][self._item])
        except (IndexError, KeyError):
            return native


    def create_dir(self, path, user):
        if not os.path.isdir(path):
            previous_user_data = self._change_uid(user)
            try:
                clcaptain.mkdir(path)
            except (OSError, ExternalProgramFailed) as e:
                raise ClSelectExcept.UnableToSaveData(path, e)
            finally:
                ClUserSelect._restore_uid(previous_user_data)


    def create_selector_symlinks(self, user):
        """
        Creates additional directory and symlinks for use in "without CageFS" mode
        """
        homedir = self._clpwd.get_homedir(user)
        path_in_home = os.path.join(homedir, self.SELECTOR2_DIR)
        cur_user = self._change_uid(user)
        self.create_dir(path_in_home, user)
        self._create_symlink('../php-cli', path_in_home+'/php', check_existence=True)
        self._create_symlink('../php', path_in_home+'/php-cgi', check_existence=True)
        self._restore_uid(cur_user)


    def get_default_version(self):
        if os.path.isfile(ClSelect.DEFAULTS_PATH):
            try:
                return self._dh.get('versions', self._item)
            except (ConfigParser.Error, IOError, KeyError):
                return 'native'
        return 'native'


    def set_version_from_backup(self, user):
        user_backup_path = os.path.join(self._clpwd.get_homedir(user), '.cl.selector', 'defaults.cfg')
        if not os.path.isfile(user_backup_path):
            self.set_version(user, self.get_default_version())
        else:
            try:
                dh = self._get_default_config_handler(user_backup_path)
                self.set_version(user, dh.get('versions', self._item))
            except (ConfigParser.Error, IOError, KeyError) as e:
                print('Error while restoring settings from backup', str(e))
                sys.exit(1)

    def set_version(self, user, version, return_summary=False, show_native_version=False, exit_on_error=True):
        """
        Sets alternative version for a users with the same uid
        @param user: string
        @return: None
        """
        if os.geteuid() != 0 and (message := self.get_version_selection_disabled_msg(user)):
            raise ClSelectExcept.VersionModificationBlocked(message)

        data = utils.apply_for_at_least_one_user(
            self._set_version,
            self._clpwd.get_names(self._clpwd.get_uid(user)),
            ClSelectExcept.NoUserSelector,
            version, return_summary, show_native_version, exit_on_error
        )

        if return_summary:
            return data

    def _set_version(self, user, version, return_summary=False, show_native_version=False, exit_on_error=True):
        """
        Sets alternative version for a user
        @param user: string
        @return: None
        """
        if self.without_cagefs:
            previous_user_data = self._change_uid(user)
        self._check_user_in_cagefs(user)
        alt_path = self._compose_user_alt_path(user)
        if not os.path.isdir(alt_path):
            if self.without_cagefs:
                self.create_dir(alt_path, user)
            else:
                raise ClSelectExcept.NoUserSelector(user)
        alternatives = self.get_all_alternatives_data()
        if version not in alternatives and version != 'native':
            raise ClSelectExcept.NoSuchAlternativeVersion(version)
        self._remove_alternatives_links(alt_path)
        pw = self._clpwd.get_pw_by_name(user)
        if version == 'native':
            if self.without_cagefs:
                if not self._native_contents:
                    self._load_native_contents(self._item)
                for item, native_path in iteritems(self._native_contents):
                    self._create_symlink(native_path, alt_path+'/'+item, user, version)
            else:
                ini = 'php.ini'
                new_ini_created = False
                new_ini_path = os.path.join("%s.etc" % (self.NATIVE_PATH,), ini)
                if os.path.exists(new_ini_path):
                    src = os.path.join("%s.etc" % self.SELECTOR_PATH, ini)
                    dst = os.path.join(alt_path, ini)
                    self._create_symlink(src, dst, user, version)
                    new_ini_created = True
                for filename in os.listdir(self.NATIVE_PATH):
                    if self._item not in filename:
                        continue
                    if filename.endswith('.ini') and new_ini_created:
                        continue
                    dst = os.path.join(alt_path, filename)
                    src = os.path.join(self.SELECTOR_PATH, filename)
                    self._create_symlink(src, dst, user, version)
        else:
            for item, path in iteritems(alternatives[version]['data']):
                self._create_symlink(path, os.path.join(alt_path, item), user, version)

        if self.without_cagefs:
            ClUserSelect._restore_uid(previous_user_data)
        else:
            ClUserSelect.switch_symlink_for_alt_php(version, pw, exit_on_error = exit_on_error)
            self._switch_php_da_isp(user, version)
        self._reload_processes(user)
        self._backup_settings(user)

        if return_summary:
            return self.get_summary(user, show_native_version)

    def get_version_selection_disabled_msg(self, username: str) -> str:
        """
        Returns a message indicating that the selection of the PHP version
        is disabled for the user, based on the configuration file.

        Args:
            username (str): The username for which to check the configuration.

        Returns:
            str: The message indicating that version selection is disabled,
                 or an empty string if the configuration file does not exist
                 or does not contain the message.
        """
        uid = self._clpwd.get_uid(username)
        config_file = Path(f'/var/cloudlinux/cl.selector/uids/{uid}/version_selection_conf.json')
        if not config_file.exists():
            return ''

        try:
            with config_file.open(encoding='utf-8') as f:
                config_data = json.load(f)
                return config_data.get('version_selection_disabled_msg', '')
        except (OSError, ValueError):
            return ''

    def get_summary(self, user, show_native_version=False):
        """
        Returns state of alternatives
        @param user: string
        @return: tuple
        """
        self._check_user_in_cagefs(user)
        alternatives = self.get_all_alternatives_data()
        native_info = self._compose_native_info(show_native_version)
        summary = {'native': {
            'enabled': True, 'default': False, 'selected': False}}
        alt_versions = sorted(alternatives.keys())
        alt_versions.append('native')
        selected_version = self.get_version(user)[0]
        for version in alt_versions:
            if version not in summary:
                summary[version] = {}
            summary[version]['enabled'] = not self._dh.has_option(
                "%s%s" % (self._item, version), 'state')
            summary[version]['default'] = False
            summary[version]['selected'] = False
        try:
            default_version = self._dh.get('versions', self._item)
        except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
            default_version = 'native'
        try:
            summary[default_version]['default'] = True
            summary[selected_version]['selected'] = True
        except KeyError:
            raise ClSelectExcept.NoSuchAlternativeVersion(default_version)
        summary[native_info[0]] = summary.pop('native')
        alt_versions.remove('native')
        alt_versions.append(native_info[0])
        for idx in range(len(alt_versions)):
            v = alt_versions[idx]
            alt_versions[idx] = (
                v,
                (summary[v]['enabled'],
                 summary[v]['default'],
                 summary[v]['selected']))
        return tuple(alt_versions)

    def change_to_version(self, new_version, current_version):
        """
        Changes users of a supplied version to specified_version
        @param version: string
        @param current_version: string
        """
        users = self.list_users(current_version)
        for user in users:
            try:
                self.set_version(user, new_version, exit_on_error = False)
            except Exception as e:     #catch every errors, print it and go to the next user
                clprint.print_diag('text', {'status': 'ERROR', 'message': str(e)})
                pass
        self.clean_crui_images(users)

    def list_users(self, version):
        """
        Returns users of a certain alternative
        """
        data = self.get_version_user_map()
        if version in data:
            return data[version]
        return []

    def list_all_users(self):
        """
        Returns all valid system users
        @return: list
        """
        if self.without_cagefs:
            from .clselectctlphp import get_cpanel_user
            return [get_cpanel_user()]
        return list(self._get_system_users().difference(
            self._get_user_excludes()))

    def cagefs_copy_etc(self, user):
        config = dict()
        config['init'] = 0
        config['reinit'] = 0
        config['verbose'] = 0
        LIBDIR = '/usr/share/cagefs'
        sys.path.append(LIBDIR)

        try:
            import cagefsctl
        except ImportError:
            print('ERROR: CageFS not installed.')
            sys.exit(1)

        cagefs_etc_path = os.path.join(BASEDIR, get_user_prefix(user), user, 'etc')
        if not os.path.exists(cagefs_etc_path + '/cl.selector') or \
                not os.path.exists(cagefs_etc_path + '/cl.php.d'):
            cagefsctl.cpetc_for_user(user, config)

    def get_user_version_map(self):
        """
        Returns user version map as dict
        @return: dict
        """
        actual_users = self.list_all_users()
        data = {}
        for user in actual_users:
            try:
                data[user] = self.get_version(user, False)[0]
            except ClSelectExcept.NotCageFSUser:
                continue
        return data

    def get_version_user_map(self, user_names = None):
        """
        Returns users grouped by version
        @return: dict
        """
        actual_users = user_names or self.list_all_users()
        data = {}
        for user in actual_users:
            try:
                version = self.get_version(user, False)[0]
                if not version in data:
                    data[version] = []
                data[version].append(user)
            except ClSelectExcept.NotCageFSUser:
                continue
        return data

    def _create_symlink(src, dst, user=None, version=None, check_existence=False):
        """
        Creates symlink from src to dst
        @param src: string
        @param dst: string
        @param user: string
        @param version: string
        @param check_existence: bool
        @return: None
        """
        try:
            if check_existence:
                if os.path.islink(dst):
                    if os.readlink(dst) != src:
                        os.unlink(dst)
                    else:
                        return
                else:
                    utils.remove_file_or_dir(dst)
            clcaptain.symlink(src, dst)
        except Exception as e:
            if user is not None and version is not None:
                raise ClSelectExcept.UnableToSetAlternative(user, version, e)
            raise ClSelectExcept.SelectorException(
                "Cannot create symlink from %s to %s (%s)" % (src, dst, e))
    _create_symlink = staticmethod(_create_symlink)

    def _get_user_excludes(self):
        """
        Returns list of user excludes
        @return: list
        """
        if self._user_excludes:
            return self._user_excludes
        if not os.path.isdir(self.CAGEFS_EXCLUDE):
            return set()
        for item in os.listdir(self.CAGEFS_EXCLUDE):
            full_item_path = os.path.join(self.CAGEFS_EXCLUDE, item)
            self._user_excludes.update(
                set(
                    map((lambda x: x.strip()),
                        utils.read_file_as_string(full_item_path).splitlines())))
        return self._user_excludes

    def _check_user_in_cagefs(self, user):
        """
        Check that cagefs enabled for user
        """
        if self.without_cagefs:
            return

        if utils.in_cagefs():
            return

        LIBDIR = '/usr/share/cagefs'
        sys.path.append(LIBDIR)
        try:
            import cagefsctl
        except ImportError:
            print('ERROR: CageFS not installed.')
            sys.exit(1)
        try:
            if not cagefsctl.is_user_enabled(user):
                raise ClSelectExcept.NotCageFSUser(user)
        except AttributeError:
            print('ERROR: CageFS version is unsupported. Please update CageFS.')
            sys.exit(1)

    def _remove_alternatives_links(self, path):
        """
        Removes all symlinks from directory
        @param path: string
        @return: None
        """
        for filename in os.listdir(path):
            if self._item not in filename:
                continue
            full_path = os.path.join(path, filename)
            if not os.path.islink(full_path):
                continue
            os.unlink(full_path)

    def _compose_user_alt_path(self, user):
        """
        Composes and returns user alternative directory path
        @param user: string
        @return: string
        """
        if self.without_cagefs:
            homedir = self._clpwd.get_homedir(user)
            return homedir + '/.cl.selector'
        uid = str(self._clpwd.get_uid(user))
        return (
            '/etc/cl.selector'
            if utils.in_cagefs() else
            os.path.join(self.CAGEFS_PATH, uid[-2:], user, 'etc', 'cl.selector')
        )

    def _get_system_users(self):
        """
        Returns set of system users
        @return: set
        """
        users_dict = self._clpwd.get_user_dict()
        return set(users_dict.keys())

    def _delete_if_symlink(file_path):
        """
        Deletes file to be written if it is a symlink
        """
        if os.path.islink(file_path):
            try:
                os.unlink(file_path)
            except OSError:
                raise ClSelectExcept.UnableToSaveData(
                    file_path,
                    "Cannot delete symlink while saving data")
    _delete_if_symlink = staticmethod(_delete_if_symlink)

    def _change_uid(self, user):
        """
        Changes to another uid and returns tuple of previous euid and egid
        @param user: string
        @return: tuple
        """
        entry = self._clpwd.get_pw_by_name(user)
        new_uid = entry.pw_uid
        new_gid = entry.pw_gid
        cur_euid = os.geteuid()
        cur_egid = os.getegid()
        if cur_euid == new_uid:
            return cur_euid, cur_egid
        try:
            os.setegid(new_gid)
            os.seteuid(new_uid)
            secureio.set_capability()
            return cur_euid, cur_egid
        except OSError as e:
            raise ClSelectExcept.UnableToChangeToAnotherUser(user, e)

    def _restore_uid(uid_and_gid):
        """
        Restores changed uid and gid to original ones
        @param uid_and_gid: tuple
        @return: None
        """
        if uid_and_gid[0] != os.geteuid():
            secureio.set_capability(clear=True)
            try:
                os.setegid(uid_and_gid[1])
                os.seteuid(uid_and_gid[0])
            except OSError as e:
                raise ClSelectExcept.UnableToChangeToAnotherUser(str(uid_and_gid[0]), e)
    _restore_uid = staticmethod(_restore_uid)

    def _write_to_file(self, user, file_contents, file_path, create=True):
        """
        Saves data to file
        @param user: string
        @param file_contents: string
        @param file_path: string
        @return: None
        """
        if not create and not os.path.exists(file_path):
            return
        self._delete_if_symlink(file_path)
        previous_user_data = self._change_uid(user)
        file_directory = os.path.dirname(file_path)
        try:
            # Replace tempfile.mkstemp with str(uuid.uuid4())
            dirname = 'clseltmp_%s' % str(uuid.uuid4())
            temp_path = os.path.join(file_directory, dirname)
            clcaptain.write(temp_path, "%s\n" % (file_contents,))
        except (IOError, OSError, ExternalProgramFailed) as e:
            try:
                if os.path.exists(temp_path):
                    os.unlink(temp_path)
            except:
                pass
            ClUserSelect._restore_uid(previous_user_data)
            raise ClSelectExcept.UnableToSaveData(file_path, e)
        else:
            try:
                mask = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH
                os.rename(temp_path, file_path)
                os.chmod(file_path, mask)
            except OSError:
                pass
        ClUserSelect._restore_uid(previous_user_data)

    def _reload_processes(self, user):
        """
        Reloads user process
        """
        try:
            next_parent = psutil.Process()
            for i in range(2):
                next_parent = next_parent.parent()
                if next_parent is not None:
                    self.exclude_pid_list.append(next_parent.pid)
                else:
                    break
        except psutil.NoSuchProcess:
            pass
        try:
            uid = ClPwd().get_uid(user)
        except (ClPwd.NoSuchUserException, ):
            # no such user
            return
        try:
            for proc in psutil.process_iter():
                try:
                    if uid not in [proc.uids().real, proc.uids().effective] or proc.name().find(self._item) == -1:
                        continue
                    pid = proc.pid
                except psutil.NoSuchProcess:
                    continue
                try:
                    if pid not in self.exclude_pid_list:
                        os.kill(pid, signal.SIGHUP)
                except (OSError, ):
                    continue
        except (OSError, IOError):
            # psutil reads /proc FS as usual FS, skip read errors
            pass

    def _skim_over_extensions(path):
        """
        Get extension names from user extensions file comments
        """
        extensions = []
        try:
            ini = open(path)
            for line in ini:
                if line.startswith(';---'):
                    ext = line[4:line.rfind('---')]
                    extensions.append(ext)
            ini.close()
        except (OSError, IOError):
            pass
        return extensions
    _skim_over_extensions = staticmethod(_skim_over_extensions)

    def _backup_settings(self, user):
        """
        Scans all user settings and backups'em in homedir as INI file
        @param user: string
        """
        self._check_user_in_cagefs(user)
        backup_contents = []
        user_alt_path = self._compose_user_alt_path(user)
        user_ext_path = os.path.join(os.path.dirname(user_alt_path), 'cl.php.d')
        alternatives = self.get_all_alternatives_data()
        user_backup_path = os.path.join(
            self._clpwd.get_homedir(user), '.cl.selector')
        if not os.path.isdir(user_backup_path):
            previous_user_data = self._change_uid(user)
            try:
                clcaptain.mkdir(user_backup_path)
            except (OSError, ExternalProgramFailed) as e:
                ClUserSelect._restore_uid(previous_user_data)
                raise ClSelectExcept.UnableToSaveData(user_backup_path, e)
            ClUserSelect._restore_uid(previous_user_data)
        user_backup_file = os.path.join(
            user_backup_path, 'defaults.cfg')
        if os.path.isdir(user_alt_path):
            version = '[versions]\n%s = %s\n' % (
                self._item, self.get_version(user)[0])
        else:
            version = '[versions]\n%s = native\n' % (self._item,)
        backup_contents.append(version)
        for alt in sorted(alternatives.keys()):
            if self.without_cagefs:
                curr_ext_path = user_alt_path + "/alt_php" + alt.replace('.', '') + '.ini'
            else:
                curr_ext_path = os.path.join(
                    user_ext_path, "alt-php%s" % (
                        (alt.replace('.', ''),)), 'alt_php.ini')
            extensions = self._skim_over_extensions(curr_ext_path)
            backup_contents.append(
                "[%s%s]\nmodules = %s\n" % (
                    self._item, alt, ','.join(sorted(extensions))))
        self._write_to_file(
            user, '\n'.join(backup_contents), user_backup_file)

    def _switch_php_da_isp(self, user, version):
        if self.without_cagefs:
            return
        da_change_user_php_ini(user, version)
        ispmanager_create_user_wrapper(user, version)

Filemanager

Name Type Size Permission Actions
__pycache__ Folder 0755
baseclselect Folder 0755
clselectnodejs Folder 0755
clselectnodejsuser Folder 0755
clselectphp Folder 0755
clselectphpuser Folder 0755
clselectpython Folder 0755
clselectpythonuser Folder 0755
clselectruby Folder 0755
__init__.py File 536 B 0644
clextselect.py File 19.71 KB 0644
clpassenger.py File 26.53 KB 0644
clselect.py File 21.77 KB 0644
clselectctl.py File 9.15 KB 0644
clselectctlnodejsuser.py File 20.71 KB 0644
clselectctlphp.py File 43.37 KB 0644
clselectctlpython.py File 43.87 KB 0644
clselectctlruby.py File 18.59 KB 0644
clselectexcept.py File 10.22 KB 0644
clselectprint.py File 5.39 KB 0644
clselectstatistics.py File 6.51 KB 0644
cluserextselect.py File 15.17 KB 0644
cluseroptselect.py File 23.62 KB 0644
cluserselect.py File 27 KB 0644
locked_extensions.ini File 1.2 KB 0644
utils.py File 16 KB 0644