B u&`@s ddlmZddlmZddlmZddlmZddlZddlmZeddl Tddl Z ddl Z ddl Z ddl Z ddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlmZmZmZmZm Z dd lm!Z!m"Z"m#Z#m$Z$dd lm%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+ddl,Z,dd l-m.Z.m/Z/dd l0m1Z1m2Z2ddl3Z3dd l4m5Z5ddl6m7Z7m8Z8m9Z9ddl,m:Z:m;Z;Gddde<Z=dZ>de>Z?dZ@dZAdZBdZCdZDdZEdaFdZGdaHdZIdZJdZKdZLdZMd ZNd!eLZOd"ZPd#ZQd$ZRd%d&ZSdd'd(d)ZTdd'd*d+ZUdd'd,d-ZVd.d/ZWeXd'd0d1ZYeXd'd2d3ZZd4d5Z[d6d7Z\d8d9Z]d:d;Z^ej_dfdd?ZaeapeJZbgZcd@dAZddBdCZedDdEZfdFdGZgdZhdHZidHZjdHZkdIdJZldKdLZmiand{dMdNZodOdPZpdQdRZqdSdTZrdUdVZsgZtdWdXZudYdZZvd[d\Zwd]d^Zxd_d`ZydadbZzia{dcddZ|dedfZ}dgdhZ~didjZdkdlZiadmdnZdodpZd|drdsZiad}dtduZdvdwZd~dxdyZddzd{Zd|d}Zdd~dZdddZddZddZiaddZdddZdddZdddZdddddgdfddZddZdddZdddZddZddZddZddZddZdZdZiZiZddZddZddZdddZddddddadZdZdZdeZeddZdaddZddZdaddZddZddZddZddÄZdddńZddDŽZdZdddʄZdd̄Zddddddgdfdd΄ZddЄZddd҄ZdddԄZdddքZddd؄ZddڄZdd܄ZddބZdqdqgdgfddZdddZddZddZddZddZddZȐdddZddZddZddZ̐dddZddZddZdeCfddZddZddZҐddZӐddZԐdddZՐddZ֐d d Zאd d Zؐdd dZِddZڐddZdaܐddZiaސddZߐdddZdaddZdadddZddZdad d!Zd"d#Zd$d%Zd&ZdeZd'Zd(Zd)d*Ziad+d,Zd-d.Zd/d0Zdd1d2Zdadadd3d4Zdd5d6Zdd7d8Zd9d:Zd;d<Zdadadadad=d>Zdd?d@ZddAdBZddCdDZiadEdFZdGZdHdIZdJdKZdLdMZdNZ dOdPZ dQdRZ dSdTZ dUdVZ dWdXZdadYdZZd[d\Zd]d^Zd_d`ZdadbZdcddZdedfZdgZdhdiZdjdkZdldmZddndoZdpdqZddsdtZdudvZddwdxZdydzZ dS()print_function)absolute_import)division)unicode_literalsN)standard_library)*)read_file_securewrite_file_secure set_user_permopen_file_not_symlink set_root_perm)create_dir_secureclosefdset_owner_dir_secureset_perm_dir_secure) root_flag print_error get_groupsclpwd SILENT_FLAGloggingget_perm)byteify unicodeify)ClPwd clcaptain) sigterm_check)ExternalProgramFailedis_socket_file mod_makedirs)get_boolean_paramCL_CONFIG_FILEc@seZdZddZdS)CageFSExceptioncOstj|f||dS)N) Exception__init__)selfargskwargsr(/usr/share/cagefs/cagefslib.pyr$8szCageFSException.__init__N)__name__ __module__ __qualname__r$r(r(r(r)r"7sr"z .etc.version/z/etc/cagefs/cagefs.iniz/etc/cl.selector/php.confz/usr/share/cagefsz/usr/share/cagefs/etc.newz/var/run/cagefsFz!/var/log/cagefs-php-opt-check.logz/etc/psa/psa.confz/var/www/vhostsz/run/systemd/journal/dev-logz"/usr/share/cagefs-skeleton/dev/logz/dev/logz/etc/sysconfig/syslogz -a z/etc/rsyslog.confz(/etc/rsyslog.d/cagefs-syslog-socket.confz/etc/rsyslog.d/schroot.confcCs8yt|dWn"tk r2t|dYnXdS)z /bin/touch analog - update timestamp of a file if it exists or create a file otherwise :param fname: file path :type fname: string Na)osutimeOSErroropenclose)Zfnamer(r(r)touch_sr4)returncCsdd}tt}xt|D]|\}}||dr||tdkr||ddksb||ddkr||||td}|||<n|||td}|||<PqWtt|dd td d S) z_ Add syslog socket into CageFS, add it to syslog config and restart syslog service cSs|d||||dS)z5 Inserts new inside original at pos. Nr()originalnewposr(r(r)_insertqsz2_add_syslog_socket_for_syslog_pkg.._insertSYSLOGD_OPTIONS"'T) make_backupz)/sbin/service syslog restart &> /dev/nullN) read_fileSYSCONFIG_SYSLOG enumerate startswithfind CAGEFS_SOCKET write_file ExecuteSimple)r9linesi_tmpr(r(r)!_add_syslog_socket_for_syslog_pkgls  rLc Csdtd}tt}x@t|D]4\}}||d}|dkr|||d||<PqWtjtrt td}| }WdQRX||krt tt t|ddt t |gddtd dS) za Add syslog socket into CageFS, add it to rsyslog config and restart rsyslog service z$AddUnixListenSocket  z$ModLoad imuxsock)r;rNrT)r?z*/sbin/service rsyslog restart &> /dev/null) LOG_SOCKETr@ RSYSLOG_CONFrBrDr/pathisfileCHROOT_OLD_CONFr2readunlinkrF CHROOT_CONFrG)Zchroot_conf_contentrHrIrJr8fZ old_contentr(r(r)"_add_syslog_socket_for_rsyslog_pkgs*    rXcCsFtrtrBttdn&tjtr0tntjt rBt dS)z Add cagefs skeleton syslog socket to syslog config file. Create .conf file for rsyslog Restart syslog/rsyslog service z/usr/share/cagefs/need.remountN) is_new_syslog_socket_usedis_old_syslog_socket_in_cageremove_syslog_socketr4r/rQrRrArLrPrXr(r(r(r)add_syslog_sockets   r\c Cstjtrhtt}x /dev/nullZremoving:Nz*/sbin/service rsyslog restart &> /dev/null)r/rQrRrAr@rBrCreplacerErFrGrVrUr1rstr)rHrIrJrKer(r(r)r[s$  $r[cCs$tjto"tjttko"ttS)z File `/dev/log` is symlink to socket `/run/systemd/journal/dev-log` if server uses the newer version of syslog socket )r/rQislinkDEV_LOG_SOCKETrealpathSYSTEMD_JOURNAL_SOCKETrr(r(r(r)rYs rYcCsttS)zB Return True if CageFS has into self an old syslog socket )rrOr(r(r(r)rZsrZcCsy t|}Wntk r$d}YnXy t|}Wntk rJd}YnX|dks\|dkrv|dkrl||kS||kSn|dkr||kS||kSdS)Nr;r)int ValueError)Ztxt1Ztxt2opZi1Zi2r(r(r)getItems     ricCs|d}|d}t|t|kr.t|}nt|}x@t|D]4}t||||dr\dSt||||dr@dSq@Wt|t|krdSt|t|krdSdSdS)N.rr;)splitlenrangeri)baseZtestZlnrIr(r(r) verCompare s   rpcCs(yt|Wntk r"YnXdS)N)r/rUr1)rQr(r(r)rUsrUc CsHt}tst\}}tytdkrBtd}ttddat|tt j dd|d|rtdx|D]}td|dqxW|rtd x|D]}td|dqW|rtd x|D]}td|dqWWnBt t fk r2} ztd tt| tdWdd} ~ XYnX|sDt||dS) N?r.rkz%Y.%m.%d %H:%M:%Sz: rMz8 - The following options have been disabled as unknown: z * zF - The following options have been disabled as have incorrect values: zI - The following options have been disabled as invalid (have no values): z writing to )rrr php_log_optr/umaskr2PHP_OPTIONS_LOGFILEwritedatetimeZnowZstrftimer1IOErrorrr`sysexitr ) msgZunknown_options_listZinvalid_values_options_listZinvalid_options_listZroot_flag_saveduidgid umask_savedoptionrar(r(r)php_options_log_write$s6    "      rc Cst\}}}t|j}t|}|sXd||f}|dd}t||t|tjdnvy ddl}Wnt k rt } Yn X|} t |||d| x0| dD]} t|| t| tjdqWdS)Nz%s: %sErrnozErr code)filerrM)rxexc_infor` __class__r_syslogprintstderrStringIO ImportErrorio tracebackprint_exceptiongetvaluerl) levelZincludetracebackexctypeZ exceptionZ exctracebackZexcclassmessagerzrZexcfdliner(r(r)rDs"      rc Csby"ttd}|}WdQRXWntk r6dSXtd|tj}|sPdS|ddS)NZrtz^HTTPD_VHOSTS_D[ \t]+(\S+)$rr-) r2GLOBAL_PLESK_CFGrTr#research MULTILINEgroupsrstrip)rWdatamatchr(r(r)_read_vhosts_dir]s rcCs8t|}t|}x"tD]}t|}||rdSqWdS)NTF) strip_pathaddslash black_listrC)_fileZrfilerQr(r(r)is_in_black_listps  rcCs tjjS)z*Returns the current line number in program)inspectZ currentframef_backf_linenor(r(r(r)linenozsrcCs$|dkr |ddkr |ddS|S)Nr]r;r-r()_dirr(r(r) stripslashs  rcCs&|dkr dS|ddkr"d|fS|S)Nr]r-r;z%s/r()rr(r(r)rs   rr]cCsXttd}ttd}x|D]}|d|q W|t|ttddS)Nwz%s i)rr/rsr2FUSE_SAFE_LISTrur3chmod)Z safe_listr}rfilenamer(r(r)save_etc_safe_lists    rcCs,t}t|}|d||kr(||d}|S)N)SKELETONrm)rQZjailZjaillenr(r(r)rs  rcCsxt|D]r}tj||}|}|dkr:|t|d}|dkrJ||}d||<tj|r |sntj|s t||||dq WdS)Nrk)cut_pathadd_path)r/listdirrQjoinrmisdirrbadd_tree_to_list)src_listfollow_symlinksrrnamesrcnamerQr(r(r)rsrcCs&tjtjtj|tj|S)N)r/rQrrddirnamebasename)rQr(r(r) get_real_pathsrcCsv|drrt|ddrdS|ds.|dr2dS|dkrrtj|rrtj|rbt|t|nt|t|ddS)Nz/etc/T)etcz/etc/cl.php.d/z/etc/cl.selector/)z /etc/passwdz /etc/groupz /etc/shadowz /etc/cl.php.dz/etc/cl.selector) rCmove_to_alternativesr/rQexistsrR copy_fileETC_TEMPLATE_NEW_DIRcopytree)rQr(r(r)copy2etcs    rcCs^t|}t|}t||drZ|tkrVtj|rVdt|<tj|rVt |tddSdS)Nz/etc/rkTF) rrrrC white_listr/rQrrr)rQr(r(r)add_to_white_lists   rcCsx~|D]v}t|}t|}t|t|}||kr:t|tj|}||kr^||kr^t|tj|rt|}t|qWdS)N) rrrrr/rQrdrbreadlink)pathsrQpath2Zpath3linktor(r(r) copy_to_etcs    rcCs ||S)N)rC)rQmountr(r(r)$path_includes_mount_point_comparatorsrcCs ||S)N)rC)rQrr(r(r)path_is_mounted_comparator srcCst||pt||S)N)rr)rQrr(r(r)mounts_are_found_comparator srcCslt|}t|}|ds$|dr(dSx>tD]6}|dkr.|ddkr.|}t|}|||r.dSq.WdS)Nz/etc/z /var/log/Tr]rr-F)rrrCmountsr)rQZ comparatorrr(r(r)mounts_are_founds  rcCs t|tS)N)rr)rQr(r(r)path_is_mounted#srcCs t|tS)N)rr)rQr(r(r)path_includes_mount_point)srcCs |t|<dS)N) libs_list)binarylibsr(r(r)add_libs_to_list4srcCs"yt|Stk rdSXdS)N)rKeyError)rr(r(r)get_libs_from_list9srcCs$y t|=Wntk rYnXdS)N)rr)rr(r(r)del_libs_from_list@s rc CstyJtd}t|d}tjtt|dd|t|t |dWn0t k r}zt d|d|Wdd}~XYnXdS)Nrqwb)Zprotocoliz while saving-) rr/rsr2pickledumprrr3rr#r)rr}rerrr(r(r) save_libsHs   rc Csntj|rjy,t|d}ttj|tda | Wn0t k rh}zt d|d|Wdd}~XYnXdS)Nrb)encodingZloadingr) r/rQrRr2rrloadlocaleZgetpreferredencodingrr3r#r)rrrr(r(r) load_libsVs   rcCs t|}t|}t|}|tkS)N)rrr files_list)rQr(r(r)path_is_in_listfsrcCs@tr t|rdSt|}tj|rszget_ldd_libs..Z staticallyrkZlinkednotrZdynamic executablezlinux-gate.so.1zlinux-vdso.so.1foundz ldd returns non existing libraryforr-zfailed to parse ldd outputr;)structr2unpackrTr3 subprocessPopenPIPEr readlinesrlanyrmr/rQrr) rr retvalrWZ signatureZldd_pathZskip_err_patternspsplittedr()rr) get_ldd_libssV    rc Cs|dkr dSt|}d}|s0|d}|dd}d}d}x|D]}tj||}t|}t|jr>|d7}t|} | ddkrtj || }q>tj tjtj || } t |dkr| dt ||krt d| dt d| }q>Wtj||S) Nr-r]r;rrkzsymlink z points outside jail, ABORTzSymlink points outside jail) split_pathr/rQrrrrst_modernormpathrrmrr#) rQchrootZ include_filespathrretZ doscounterentrysbrdrKr(r(r)resolve_realpaths.       rcCst|}t|tj}|sR|tjtjB@rRtd|t||tj@tj@}t||tj |tj f|rt ||tj |tj t||dS)Nz,removing setuid and setgid permissions from )r/rS_IMODErrrrrr0ST_ATIMErchownrrr)rdst be_verbose allow_suidcopy_ownershipsbufmoder(r(r)copy_time_and_permissions8s r'cCs.|d}g}x|D]}|r||qW|S)Nr-)rlappend)rQrritemr(r(r)rHs   rcCs2t|dkrdSd}x|D]}|d|7}qW|S)Nrr-r])rm)rrrr(r(r) join_pathQs   r*cCs|dt|dt|S)NrJ)r`)rQcopy_permissionsr$r(r(r) gen_path_keyZsr,rkc Cs,tt|r||St|||}|tkr2t|St|}|}d} x| t|kr:tt|d| d} t| ||} | tkr(tj ||| } tj | sPt | |d} tj | sP| }|rt |syt | ||||Wn8tk r}ztd| d|d|jWdd}~XYnX|t| <nt| }| d7} qDWx| t|krtt|d| d} tj ||| }y t| }Wn8tk r}ztd| d|jdSd}~XYnXt|jry,t|}t|jst|t|Wntk rYnXtd|t|yt|d t|d Wn>tk rz}ztd |d |jt|Wdd}~XYnX|ryt | ||||Wn8tk r}ztd| d|d|jWdd}~XYnXn0t|jrt| }td |d|t|yt||Wn.tk rBtd|d|tdYnXt|d |ddkr|t||||||}t|t ntj!tj tj"||} t|dkr| dt||krtd| dt#d| t|d}t||||||}t|t |}| d7} q@Wt|d |t|<|S)Nrrkz*failed to copy time/permissions/owner fromtor^zfailed to lstat(z):zCreate directory iFz$Warning: failed to create directory z -- zCreating symlink z to zFailed to create symlink r-zsymlink z points outside jail, ABORTzSymlink points outside jail)$rrr, handled_dirrrmr*r/rQrrrrr'r1rstrerrorrrS_ISDIRrrrUrrmkdirrrrsymlinkcreate_parent_pathrrrrr#)rrQr"r+r#r$keyrZ existpathrIZorigpathZorigkeyZtmp1rKraZjailpathrinjailsbrealfiler(r(r)r3]s      &    ,*  $  r3c Cs t|r dSy*t|}t|jr4t|t|Wntt tj fk rRYnXd}|dkryt ||d}t |Wn$td|d|dYnX|dkry.t||t |ddt|||d|d Wn@tt tj fk r}ztd |d|d |jWdd}~XYnXdS) zKcopies/links the file and the permissions, except any setuid or setgid bitsNrkrzLinking z to z failed, will revert to copyingF)r)r#r$z$ERROR: copying file and permissions z: )rrrr0rrshutilrmtreerwr1Errorr/linkrrcopyfiler'r/)rr!r" try_hardlink retain_ownerr5Zdo_normal_copyrar(r(r)copy_with_permissionss2      r>c Cst|r dSyt|}Wn(tk rBtd|dt|dSXt|tj||ddddt |||}t |j rd}nt |j rd}nt |j rfy>t|}td|d |t|t|d d t||Wn.tk r td |d |tdYnX|dd kr:tjtjtj||}|dsbtj|rbt||||dSdS|jd}|jd} yptj|std||t|ttjdd|t|t|t| ntd|dt|t||d|dWn&tk rtd|tdYnXdS)NzDevice z does NOT exist in real systemrkr)r+r#r$cbzCreating symlink z to T) check_mountszFailed to create symlink r-z/proc/zCreating device mknodz does exist already)r#r$zFailed to create device )rr/rr1rrr3rQrrrS_ISCHRrS_ISBLKrrremove_file_or_dirr2rrrCr copy_devicest_rdevrspawnlpP_WAITr`r') rrQr"r=rZ chrootpathr&r6majorminorr(r(r)rGsJ      &rGc  Cstt|r|Sd} xt|D]} ttj|| } yht| } t| j rt || |dd|d} t | t t || |||||||d }n| tj|| f7} Wq"tk r}ztd| d|jWdd}~XYq"Xq"Wt|| |||||||d }trx| D]}t |t qW|S) zRcopies a directory and the permissions recursive, except any setuid or setgid bitsr(rkr)r"r+r#r$)updatez!failed to investigate source filer^N)rrr/rrQrrrr0rr3rrcopy_dir_recursiver1rr/copy_binaries_and_libsr)rrforce_overwriter" check_libsr<r= handledfilesrMZfiles2rrKr%epathrar)r(r(r)rN s*  & rNcCs2|ddkp0|ddkp0|tjtjBtjB@S)Nz/libr;z.so)rDrS_IXUSRS_IXGRPS_IXOTH)rr&r(r(r)libs_check_is_needed*srWc Csty|r^y4d|}t||t|tt|j Wnt t tj fk r\YnXt |d"}|srdnd}|||WdQRXWn2t t fk rtd|tdtdYnXdS)z Helper for write lines to file :param: filename `str` filename for write :param: lines `list` list with content lines :param: add_eol `bool` if True than add to end each line z{}.bakrr]rMNzError: failed to write rk)rformatr7r;r/rrrrrrwr1r9r2rurrrrxry)rrHadd_eolr?Z backup_namerWZsplitterr(r(r)rF/s    rFc Cs\yt|d}|}||Sttfk rVtd|td|sHtdYnXdS)z Helper for read file, process errors and make backup before read :param: filename `str` name of file for read :param: exit_on_error `bool` use sys.exit on error or raise exception rNzError: failed to read rkN) r2rr3r1rwrrrxry)r exit_on_errorrcontentr(r(r)r@Hs r@cCs|dkS)N) 0123456789r()nr(r(r)isdigitZsrgcCs&|sdSx|D]}t|sdSqWdS)NFT)rg)scharr(r(r)isdigits_s  rjcCsnt|}||}|dkrj|||d}d}x&|t|krTt||sJP|d7}q0W|d|}t|SdS)Nr;rrk)rmrDrgrf)rsignlengthr8endpos2verr(r(r) get_versionis    rpc Cs|dd}x,tt|D]}||d|}|||<qWtj|ryt|Wn2ttfk rt d|t dt dYnXt d}t||t |dS)NZALIASzError: failed to delete rkr)rnrmr_r/rQrRrUr1rwrrrxryrsrF)ZprogramaliascommandZscriptrIrKr}r(r(r)update_wrapperzs     rscCstj|sdSd}yltj|dd||gtjtjdd}|\}}|jdkrptd|d|d |t d dS|jd kr~dSWn4t k rtd |d|d |t d dSX|dkrt ||}||krd SdS)NTz /bin/grepz-mr])rrrrzError while executing z -m 1  rkrzError: failed to run F) r/rQrRr r r communicate returncoderrr1rp)rrversionrkZGREProutrJror(r(r)wrapper_not_installeds(       ryz/usr/share/cagefs/safeprograms/z #CageFS proxyexec wrapper - ver cCs&x |D]}t|t}|dkrPqW|S)Nr)rp SIGNATURE)proxyrrwr(r(r)get_proxy_versions   r|c Cst|}tj|sdSttt|}t|}tt ||t rTt |t |t |yt |t |ddddWn6ttfk rtdt |tdtdYnXdS)Nrrk)r"r#r$z*Error: failed to set permissions/owner to )rr/rQrRr@ PROXY_PATHwrappers_namesr|ryrrzrswrappersr'r1rwrrrxry)rr{Z proxy_verr(r(r)install_wrappers rcCs2tt|}|tkr.t|ddt|dSdS)NF)rT)rrrrr)rr(r(r)update_proxy_wrappers rc Csfyt|Wnttfk r&YnXtj|rb|r@t|sNt|dnt d|dt ddS)NTz"Error: failed to remove directory z because it includes mount pointsrk) r/rUr1rwrQrrr7r8rr)rQrAr(r(r)rFs  rFz/usr/bin/php-cgiz /usr/bin/phpz /etc/php.iniz/usr/local/bin/lsphpz/usr/local/sbin/php-fpm)phpzphp-clizphp.inilsphpzphp-fpmz /usr/selectorz/usr/selector.etcz cl.selectorz/etc/z native.confcCstdkrtjdatS)zI Return True if cPanel EasyApache4 (MultiPHP feature) is enabled Nz/etc/cpanel/ea4/is_ea4)is_ea4_enabled_cacher/rQrr(r(r(r)is_ea4_enableds rcCstr dS|dkS)z Returns True if php file for appropriate alias is mandatory for proper work of PHP Selector (i.e the file should exist and should be replaced with symlink successfully) :param alias: alias for php file :type alias: string F)rzphp-clizphp.ini)r)rqr(r(r) is_mandatory$srcCststjtrttd}x^|D]V}|ds |}|dd}t |dkr |d}|d}|t kr |t |<q W| dadS)NrN#=rkrrT) config_loadedr/rQrR NATIVE_CONFr2rCstriprlrm orig_binariesr3)rWrarrqrQr(r(r)read_native_conf4s         rcCs6tx*tD]}tj|}|drdSqWdS)Nz/etc/TF)rrvaluesr/rQrdrC)rQrr(r(r)is_etc_in_native_confFs   rcCs |dkrtd|Std|S)Nzphp.inir-)ALT_DEST_ETC_PATH ALT_DEST_PATH)rqr(r(r)get_usr_selector_pathPs rcCs(|dkr$|ds$tdd|gdddS)Nr]z.iniz/usr/bin/killallz-qF)check_return_code)endswithExecute) file_namer(r(r)kill_phpVsrc Cs|dkrtt}ntt}tj||}tj|sy|dkr dSt|}|ddddddd d d d d dddddthkS)Nr-Tz/binz/bootz/devz/etcz/libz /lost+foundz/mntz/procz/rootz/sbinz/sysz/tmpz/usrz/varz/homez/var/www/vhosts)rPLESK_VHOSTS_D)rQr(r(r)is_path_in_exclusionss*rz(/var/www/cgi-bin/cgi_wrapper/cgi_wrappercCsBtd|d|tdt|||r4t||n t||dS)NzCopying z to rk)rrr7r;r')ABCr(r(r)__copy_wrappers   rc Cstytrd}d}ttdtfdtttf|t|tf||tff}tjtt}tj|snt |dx|D]\}}}t |||qtWWn6t t fk r}zt dt|Wdd}~XYnXdS)Nz//var/www/cgi-bin/cgi_wrapper/cloudlinux_wrapperz9/usr/share/cagefs-plugins/plesk-cagefs/cloudlinux_wrapperz4/var/www/cgi-bin/cgi_wrapper/cgi_wrapper.orig.cagefsz2/usr/share/cagefs-plugins/plesk-cagefs/cgi_wrapperiz!failed to install Plesk wrapper: )r cldetectlibZis_pleskPLESK_ORIG_WRAPPER_FILENAMErr/rQrrrrr1rwrr`)ZCLOUDLINUX_WRAPPERZCLOUDLINUX_WRAPPER_PACKAGEZWRAPPERSdirpathrr!permrar(r(r)install_plesk_wrappers       rc Cs t|ddkr|dd}x|D]} t| |krcopies a list of executables and their libraries to the chrootr;r-Nrrkr)r<r=try_glob_matchingrRrMzSource file(s) z do not existz!failed to investigate source filer^)r+r#r$)rQr<rRrMz'failed to investigate destination file r]z" already exists, will not touch itzDestination file z$ exists, will delete to force updatezERROR: failed to deletezDestination dir z existsz needs updatezfailed to deletez does NOT need updateF)r)rQr<r=rRrMT)rAzCreating symlink z to z!Error : failed to create symlink z : rz: z!=zTrying to link zCopying )r<r=)9rrr/rQrRrbr(rrr1rglobrmrOrrrrrrr/r3rrrrrrrrrrrr0rS_ISREGrrUrrrwrrrrrWrrrFr2r`rrNr>rDrErG)rZ binarieslistrPr"rQr<r=rrRrMrrrarr)Z chrootrfileZphp_libsZchrootsbZchrootfile_existsr6r&rrSr(r(r)rOs^                        $($&              6            rOcCsNg}|||rJ|||}x,|dD]}|}|dkr(||g7}q(W|S)zretrieves a comma separated option from the configparser and splits it into a list, returning an empty list if it does not exist,r]) has_optiongetrlr)Z cfgparserZ sectionnameZ optionnamerZinputstrrKr)r(r(r)config_get_option_as_lists  rc Cs|ddkr|dd}tj|s\yt|dWn(tk rZtd|tdYnXt|dg}| |g}| |tj dddkrt |d d  t |d d  t |d d  t |d d  ntj |d st |d d}nt |d d}|}xt|dkr|d}t|dkr|d|ks^|d|krtd|dd|d t|y||dWntk rYnXy||dWntk rYnX|}qW|ddt|dkrt dd} | }xt|dkr|d}t|dkr|d|ksP|d|kr||td|dd|d t||d|kr||dg7}| }qW| | td|d ddddtj |dst |dd}nt |dd}|}xt|dkr|d} t| dkr| d|ksF| d|krtd| dd|dt|y|| dWntk rYnXy|| dWntk rYnX|}qW|ddt|dkrxt dd} | }xzt|dkrn|d} t| dkrb| d|ks8| d|krb||td| dd|dt|| }qW| | td|ddddddS)Nr;r-icreatingrkrZbsdz/passwdr.z/spwd.dbz/pwd.dbz/master.passwdrzr+rr^rrzuser z exists in z /etc/passwdrNz writing user z to )r"r#r$z/groupzgroup z /etc/groupzwriting group )r/rQrrr1rrxryrextendplatformr2r3rRreadlinermrlrrremovergseekrur') r users_list groups_listr"usersrfd2rpwstructfd groupstructr(r(r)init_passwd_and_groups                     rc Cs|ddkr|dd}td}tj|sfyt|dWn(tk rdtd|tdYnXt |dg}| |g}| |tj |dst |dd}nt |dd }| }|}xnt|d kr:||kr(td |d |dt|y||Wntk r&YnX| }|}qW|d d t|d krt dd} | }xt|d kr|d} t| dkr| d |ks| d |kr|| d dtd| d d|dt|| }qjW| |yt |ddWn.ttfk r>td|dtdYnXtj |dsbt |dd}nt |dd }| }|}xpt|d kr||krtd|d |dt|y||Wntk rYnX| }|}qW|d d t|d krt dd} | }xt|d kr|d} t| d kr| d |ksb| d |kr|| d dtd| d d|dt|| }q W| |yt |ddWn.ttfk rtd|dtdYnXt|dS)Nr;r-rirrkz /safe.usersrzr+rzuser z exists in rz /etc/passwdrNr^rrMz writing user z to iz$Error: failed to set permissions to z /safe.groupszgroup z /etc/groupzwriting group )r/rsrQrrr1rrxryrrrRr2rrrmrrrrgrrlrur3rw) rrrr"r}rrrrrrrr(r(r)init_safe_users_and_groupsTs                   rcCs|ddkr|dd}tj|s\yt|dWn(tk rZtd|tdYnXt|dg}| |tj |dst |dd}nt |dd}| }xt |d kr6|d }t |dkr,|d |kr,td |d d |dt|y||d Wntk r*YnX| }qW|d d t |d krt dd}| }xlt |d kr|d }t |dkr|d |kr||td|d d|dt|| }qfW||td|dd d dddS)Nr;r-izError while creatingrkz/shadowrzr+rr^zuser z exists in rz /etc/shadowrNz writing user z to )r"r#r$)r/rQrrr1rrxryrrrRr2rrmrlrrrrgrrur3r')rrr"rrrrrr(r(r) init_shadowsN              rcCst|}tj|ds0td|dtddStj|drXtd|dtddStdd}t|dd}|}xht |d kr| d d}t |dkr|d |kr| |td |d d |dt|P|}qzW| | dS) Nz/shadowzError: z/shadow does not existrkz/shadow is a symlinkz /etc/shadowrNr.rr^z Writing user z to ) rr/rQrRrrrbr2rrmrlrur3)ruserr"rdestrrr(r(r)add_user_to_shadows(       rcCsxt|dkst|dkrdStt|t|}d}x(|| krZ||||krPP|d8}q4W|dkrhdS||ddS)Nrr;rk)rmmin)s1s2Zmin_lenr8r(r(r)get_common_ends  rc Cstj|}tj|}t|}t|}|dksP|dksP|ddksP|ddkrltd|d|tddStt|t|}|dkryt|dWnt t fk rYnXdSt |}|dt | }|dt | }x|D]}|d|}|d|}yt|dWnt t fk r(YnXyt ||ddddWqt t fk r}z&td |d |d |jtddSd}~XYqXqWdS) Nr]rr-zError: invalid paths src = z dst = rki)r"r#r$z!ERROR: while copying permissions z to z: )r/rQrrrrrrrrwr1r*rmr'r/)rr!commonZ common_strZdst_pathZsrc_pathrrar(r(r) copy_paths<  (   "rc Cs(y t|Sttfk r"dSXdS)N)r/rrwr1)rQr(r(r)oslstat>s rc Cs||kr dSt|}yt|}t|jr4d} nb||kr@dSyt|WnBttfk r} z t d|dt | t ddSd} ~ XYnXd} Wnttfk rd} YnXd} | st ||dkrd} x|D]} tj || } tj || }yVt| }t|}|dk}|rt|jr|s8|r8w|rJ||krJwt| }|rt|jrvt|dn t|t||nt|jrt| |||||dkrPd} n|s|rw|r||krw|r|rt| |||sw|r2t|jrt|nt|jr2t|dt| |t| |ddddWqtttjfk r}z,t d| d |d t |t dd} Wdd}~XYqXqWyt||ddddWnPttfk r}z,t d |d |d t |t dd} Wdd}~XYnX| S) NrTzERROR: failed to delete file z : rkF)r"r#r$zERROR: while copying z to z: z!ERROR: while copying permissions )r/rrrr0rrUrwr1rr`rrrQrrrrrr7r8r2rrr;r'r9)rr!ZsymlinksZ overwriteZ skip_src_dirsrMZskip_dst_filesnamesdstbufZ dst_existsraerrorrrdstnamesrcbufdstname_existsrrr(r(r)rHs           $$rc Csbtyt|}t|jr"dSt|}|dk}|s`tj|}|dkr`|r`t tj||t |jrt |}|rt|jrt |dn t|t||n`|r|rt||||sdS|rt|jrt |dn t|t ||t||ddddWnNttt jfk r\} z&td|d|d| jtddSd} ~ XYnXdS) Nrkr-Tr)r"r#r$zERROR: while copying z to z: )rrrr0rrr/rQrrrrr7r8rUr2rr;r'rwr1r9rr/r) rrrrMrrrZ parent_dirrrar(r(r)rs<          "rcCsnyt|d}Wn dS|}xFt|dkrh|d}t||kr^|||kr^|dS|}q$WdS)NrNrr^rk)r2rrmrlr3)r)Znumrrrrr(r(r)test_numitem_exists  rcCs t|d|S)Nr)r)rZ passwdfiler(r(r)test_user_existsrcCs t|d|S)Nr)r)groupZ groupfiler(r(r)test_group_existsrcCs t|S)N)rZ get_names)r{r(r(r)get_all_users_with_uidsrcCst|S)z% Simple execute bash command )r/popenrT)rrr(r(r)rGsrGcCsyf|rtj|tjtjdd}ntj|tjtjdd}|\}}|rd|jdkrdtdd|tdWn:t k rtdd|td|rt dYnX|S)NT)rrrrzError while executing rtrkzError: failed to run ) r r rZSTDOUTrurvrrrr1rxry)rrr merge_stderrrZrrxrJr(r(r)rs   rcCsjt|}||}|dkrf|||d}d}x&|t|krTt||sJP|d7}q0W|d|}|SdS)Nr;rrkr])rmrDrg)rrkrlr8rmrnror(r(r)get_version_strs    rc Csd}d}tj|rt|}xtt|D]}||}|r*|ddkr*||dkr*|dd}|d}||kr*|d}|d} | dkr|d| }|}|d}|d }|}Pq*W|S) Nr]z#/var/lib/pgsql/data/postgresql.confrrr;rrkr>r=) r/rQrRr@rnrmrDrlr) r~valueZ PSQL_CONFZ psql_confrIrvZopt_namevalr8r(r(r)get_postgres_config s(        rcCsd}tj|rt|}x|D]}|}xtt|D]r}||}|d}|d}|dkr8y||d}Wn td|t dYnX|d}|d}|Sq8WqWt dS)Nz#/var/lib/pgsql/data/postmaster.optsr>r=z-prkzError while parsingport) r/rQrRr@rlrnrmrrrxryr)ZOPTSrHrrrIrhrr(r(r)get_postgres_port s&        rc Csd}t}|dkr(td|r(tdd|}|dkrJt||dgnDtj|ryt|Wn(t t fk rt||dgYnXdS)Nz#/usr/share/cagefs/pgsql.socket.namer]z)Port of PostgreSQL server is not detectedrkz/tmp/.s.PGSQL.Z5432rM) rrrxryrFr/rQrRrUr1rw)rZZPGSQL_SOCKET_CFGrZ socket_namer(r(r)detect_postgres7 s  rc Cst|dkrdSt|}xt|D]}tj||}yt|j}Wn tk rft d|w$YnXt |rtq$t |rt |q$|t jt jB@r$|rtd|q$td|q$WdS)Nz/proczlstat() failed for pathzMounted to skeleton:zCopied to skeleton:)rrr/rrQrrrr1rrrr0 print_suidsrrr)rZmountedrrr&r(r(r)rP s$      rcCsJi}tj|rFt|d}x"|D]}|dd}d||<q W||S)NrNr^rrk)r/rQrRr2rlr3)rQrZpfrrr(r(r)get_users_from_passwdg s    rc Cs@t|d}tj|sdSt|}|dkr:t|d}d}xtt|D]}||d}t|dkrL|ddkrL|dddd }g}d} x$|D]} | |kr| | qd } qW| rL|d d |d d} d |} | | d7} | ||<d }qLW|rt|D]0}tj||}tj|rt|}|||<qW|S)N)r/rQrrrrbr)Z cl_alt_dirlinksrrQlink_tor(r(r) read_symlinks s    rc Csvxp|D]h}y||}t||Wqttfk rl}z(td|dt|ddtddSd}~XYqXqWdS)Nz!Error : failed to create symlink z : rzErr coderkTF)r/r2r1rwrr`r_r)rrQrrar(r(r)write_symlinks s $rcCsBt||}|j}|j|kr$|tj@S|tj@r8|j|kp@|tj@S)N)rrst_uidrS_IWUSRS_IWGRPst_gidS_IWOTH)r%r{r|rr&r(r(r) is_writable s    rcCs$t|||||td}t||dkS)N)Zlogger)r rr)rQrr{r|rrr(r(r) make_userdir src Csd}yt|}Wntk r*d}YnX|rt|jsL|r^tj|r^|rZt||SdSyt |Wn8tt fk rtj |rt d|t ddSYnXyt||Wn8tt fk rtj|st d|t ddSYnXdS)a Create directory if it does not exist. Check for symlink (race conditions are not handled). Returns True if error has occured :param path: path to directory :type path: string :param perm: Linux permissions :type perm: int :param allow_symlink: True = allow path to be symlink, False = delete symlink and create directory :type allow_symlink: bool :param update_perm: True = set permissions when path exists :type update_perm: bool TFzError: failed to remove rkz#Error : failed to create directory )r/rr1rr0rrQrset_permrUrwrrrr)rQrZ allow_symlinkZ update_permZ path_existsr%r(r(r)make_dir s.       rc Cs>yt||dSttfk r8td|tddSXdS)NFz$Error: failed to set permissions to rkT)r/rr1rwrr)rQrr(r(r)r s  rc Cs@yt|||dSttfk r:td|tddSXdS)NFz"Error: failed to set ownership to rkT)r/r r1rwrr)rQr{r|r(r(r) set_owner s rc Cshxb|D]Z}t|}d}xH|D]@}tj||}tj||} t| |||} | dkrTPt| qWqWdS)Nr])rr/rQrrr) Zbasepath real_homepathr{r|personal_mountsrrrQrrrr(r(r)fix_owner_of_personal_mounts s  rc Cs |stsdSddl}g}|r:ddlm}|dd|dx|D]}yt|}Wntjk rjw@YnXt j |j }t j |j d} t j | d} t| |j|j|} | dkrq@t| d|| d} | dkrq@t| t|j|jt| t|||d|r@t| ||j|j|q@WdS) Nr) read_mpfileT)Z skip_errorsZskip_cpanel_checkrz.cagefsz.cagefs.enabledi)r)rZ is_ispmanagercagefs_ispmanager_lib cagefsctlrrget_pw_by_namerNoSuchUserExceptionr/rQrdpw_dirrrpw_uidpw_gidrrr rFr Z-ispmanager_create_user_wrapper_detect_php_verr) rZis_user_enabledZ fix_ownerrrrrpwrrQZ status_flagrr(r(r) update_status s8   rcCs td}td}t|d|dgS)Nzphp-clizphp.iniz-cz-i)rr)php_path php_ini_pathr(r(r) get_php_infoH srcCsbtd}td}y4tr,t|dgddd}nt|d|dgddd}Wntk r\d }YnX|S) Nzphp-clizphp.iniz-mTF)rrZz-cz-qmr])rrrr1)rrresultr(r(r)get_list_of_php_modulesN s rcCsZtdkrRttd}iax2|D]*}|r$|ds$|dd}dt|<q$WttS)NrM[rtrJrk) php_modulesrrrlrCr_lowerlist)rHrZ module_namer(r(r)get_php_modules` s   rcCs|tkrt|t|<t|S)N) files_cacher@)rQr(r(r)read_file_cachedq s r cCsd}i}tj|r~t|}x`|D]X}|}|dkr"|}t|dkr"|d}|dksj||ksj||r"|d}d||<q"W|S)Nz/etc/cl.selector/selector.confr]rrkr)r/rQrRr rrlrm) php_state CL_ALT_CONF alt_pathsrHrrversrQr(r(r) get_alt_paths{ s    rcCsztdkrvd}iatj|rvt|}xP|D]H}|}|dkr*|}t|dkr*|ddkr*|d}|dt|<q*WtS)Nz/etc/cl.selector/selector.confr]rrrrkr) alt_versionsr/rQrRr rrlrm)r rHrrrr(r(r)get_alt_versions s  rrc Cstdkrd}iatj|rt|}xn|D]f}|}|dkr*|}t|dkr*|d}|d}|d} |tkr|t|} ni} | | |<| t|<q*W|tkr|rtt| S|t|krt||SdS)Nz/etc/cl.selector/selector.confr]rrrkr) alt_confr/rQrRr rrlrmrkeys) rrq get_aliasesr rHrrZ cur_aliasZcur_versZcur_pathZtempr(r(r) get_alt_conf s0       rcCs0|dkrttSt|dd}|dkr(gS|SdS)NnativeT)r)rrr)raliasesr(r(r)get_alt_aliases s  rcCs`tdkrXt}iaxD|D]<}|d}|d}|drt|tddrdt|<qWttS)Nr-rrrk)alt_dirsrrlrCrjrmr)r rQrrr(r(r) get_alt_dirs s   rc Csd}g}g}xltD]b}d|}|d}|d}tj|r||nqtj|r`||tj|r||qWg}|r|t|g|ddgd|r|t|g|dd gdt}x,|D]$}|rxt |D]} | | qWqWt |S) Nz /usr/bin/findz /opt/alt/z/usr/binz /usr/sbinz-namez*.sorMz-typerW) rr/rQrr(rrrlsetraddr) ZFINDZaltpathsZbinpathsaltdirrQZbinpathZsbinpathrrlibr(r(r)get_alt_php_libs s2      "" rcCsddlm}m}|d||d|d}|d}tj|sX|d}tj|sXdSt|}|drpdS|d r|d d }|d| d}|SdS) Nr)get_user_prefixBASEDIRr-z/etc/cl.selector/rrz/usr/selector/rz /opt/alt/phpr]) rr r!r/rQrbrrCr_rD)Zusernamer r!rQZ user_php_filerphp_verr(r(r)get_php_version_for_user s      r#zcl.php.dz .cl.selectorz defaults.cfgc Csx||D]}|d}tj||}tjd|dd|}tj|s t|yt||Wq ttfk r}z(td|dt | ddt d Wdd}~XYq Xq WdS) Nz.iniz/opt/altrz php.d.allz!Error : failed to create symlink z : rzErr coderk) r/rQrrbrFr2r1rwrr`r_r) php_versrrrmodZ link_nameZ link_pathrrar(r(r)enable_extensions_symlinks1 s r&cCsB|tkr:i}tj|r2xt|D]}|d|}|dr*tj|r*|dtd }g||<t|}x|D]}| }| ds| drz|dr| dd}n|dr| dd}| d d }t|d krz|d d rztj |d }|dtd  }||krz|||qzWq*W|t|<t|S) al Return dependencies of php modules (extensions), determined by parsing of ini files in specified directory :param alt_dir: path to directory where ini files are (something like '/opt/alt/php54/etc/php.d.all') :type alt_dir: string :return: something like { 'mailparse' : ['mbstring'], 'xsl' : ['dom'], 'xmlreader' : ['dom'] } :rtype: dict r-z.iniN extensionZzend_extensionr=r]r>rrkrz.so) deps_cacher/rQrrrrRrmr rrCr_rlrlstripr()Zalt_dirdepsini_fileini_pathZextnamerrZextr(r(r)get_dependenciesA s0       r-cCs<||kr8x||D]}t|||qW||kr8||dS)N)get_load_orderr() load_orderr*r%depr(r(r)r.f s r.cCsJ||krFx*||D]}||kr||kr||qW||krF||dS)N)r()r/r*r%r0r(r(r)get_load_order_not_recursivep s r1c Cs|dkrt|}xttfD]}g}y^d||kr>|||dnd||krV|||dx$||D]}|dkr`||||q`WPWqtk r|stdtdYqXqW|S)aG :param php_vers: something like 'php5.4' :type php_vers: string :param php_modules: { 'php5.3' : ['dom', 'xmlreader'], 'php5.4' : ['dom', 'xsl'] } :type php_modules: dict :param ini_path: path to directory where ini files are (something like '/opt/alt/php54/etc/php.d.all') :type ini_path: string Nioncube_loaderioncube_loader_4)r2r3z^Error: cyclic dependencies of PHP modules detected. Depth of dependencies will be limited to 1rk)r-r.r1 RuntimeErrorrr)r$rr,r*quietfuncr/r%r(r(r)build_load_orderz s"    r7c Cs|dkr dStj|t|}tj|s,dSt|||dd}trts|tdkr|yt j t daWnt t fk rzdaYnXtr|S|st |}t} tj|| |d} tjstjstjr|rd|} nd} | d|d |7} |r| d |7} n| d 7} t| tjtjtjn|} | S) NF)rZ)Z phpconf_pathT)Zinput_phpini_linesr"zUser: z User: Unknownz; PHP version: z# Backup file: z( Destination file: z/ Destination file: Unknown)r/rQrCL_ALT_BACKUP_DIRrRrvalidate_alt_php_ini$bad_try_init_phpinivalidator_triggerphp_ini_validatorphpinivalidatorZPHPINIvalidatorPHP_CONFr1rwZ get_php_verrZvalidateZunknown_optionsZinvalid_values_optionsZinvalid_optionsr) homepathrr{r|r$ user_namealt_php_ini_file backup_pathZ php_ini_linesalt_versZoutput_lines_listZ log_messager(r(r)read_custom_php_settings s:     rCc Cs(tjd|dd}t|||} g} x~| D]v} | d| d|d| d} t| } x<| D]4}|}|r\|ds\|d 7}|| kr\| |q\W| d q(Wtj|d }y*t|d |d |||d d||d}Wnt t fk rd}YnX|dk r| || d t | |||dS)a Enable specified extensions for specific php version and user :param php_vers: php version, something like 'php5.4' :type php_vers: string :param php_modules: extesions enabled for different php version for the user specified like { 'php5.3' : ['dom', 'xmlreader'], 'php5.4' : ['dom', 'xsl'] } :type php_modules: dict :param dirpath: path where generated alt_php.ini file is written to (something like '/var/cagefs/prefix/user/etc/cl.php.d/alt-php54') :type dirpath: string :param dirname: name of directory for specified php version inside /opt/alt directory (something like 'php54') :type dirname: string :param uid: uid of user :type uid: int :param gid: gid of user :type gid: int :param homepath: path to home directory of user (something like '/home/user') :type homepath: string :param user_name: name of user :type user_name: string z/opt/altrz php.d.allz;---z--- r-z.ini;rMz alt_php.iniZalt_z.cfgrN)r$r?r@) r/rQrr7r(r rrCrCr1rwrr )r$rrrr{r|r>r?r,r/Z alt_php_inimoduleZmodule_ini_pathZ module_inir user_ini_pathZcustom_php_settingsr(r(r)enable_extensions s:          rGc  Cs2t} |dkrd}|dkrd}|dkr*i}|dkr6i}tj|} d}x| D]}d|}d|dd}d|}tj||}tj|d}tj|r| s| rLt|d||| rqL||ks| r||kr||||<nt}|||<d }t |||||||| d qLW|r|}n|}|s|r.t |||||dS) NrFrrjr]zalt-z alt_php.iniiT)r>r?) rr/rQrdr_rrrrrGwrite_cl_alt_to_backup)Zuserpathr>r{r|def_verscl_alt_def_modulesrZ vers_changedZ def_vers_oldforceZrebuildr?rBZ real_userpathZmodules_changedrr$rrrrFmodulesZnew_versr(r(r)select_default_php_modules sN     rMcCs,tj|tt}t||t|}t|S)N)r/rQrr8CL_ALT_DEFAULTSr read_cl_alt_backupr )r>r{r|rArr(r(r)read_cl_alt_backup_as_userW s  rPc Csy t|}Wnttfk r$dSXtjddd}y||Wntjk rXdSXyt|ddd}Wntk rdSXi}i}i}x| D]}| dd}| drt |t ddrt||d ||<||d rV||d  d rVd||t dd<q|d kri} x$||D]} ||| | | <q4W| ||<qWd |krd |d kr|d d  d rd|d<||||fS)N)NNNNF) interpolationstrictversionsrrrjr]rLstateZdisable)rSZ phpnativer)r r1rw configparser ConfigParserZreadfpr9r IndexErrorZsectionsr_rCrjrmrrrroptions) rAZ backup_fileZcfgrIrLr othersectionrrXr~r(r(r)rO_ s<  "* 4rOcCsRtdkr,tdkr,tdkr,tdkr,ttttfSttjtt \aaaattttfS)N) cl_alt_def_versrJcl_alt_def_php_statecl_alt_def_otherrOr/rQrrrNr(r(r(r)read_cl_alt_defaults s  r^cCsj|dkrtjtt}d}nBtj|t} tj|} t| d||| rJdStj|tt}d}g} | d| d|d|dkri}xl|D]d} | d| d| d d || d|dkr| t d d} | |kr|| s| d qW|dkrVxR|D]J} | d| dx0|| D]$}| |d || |dq(WqWt | ||||dS)NFiTz [versions] zphp=rMz [z] zmodules=rrzstate=disabled r) r/rQrrrNr8rdrr(rmr )r>rIrLr{r|rTrYrAZ drop_permZ backup_dirrZbackuprZrr~r(r(r)rH s6     *rHc Cstdd}g}x|D]}|ddkr|ddkr|}|d}|dd}|r`d |kr`q|rnd |krnq|td dks|r|d dks|d dkr|||d dqW||S)Nz /proc/mountsrNz cagefs-etcfsr;z cagefs-varfsrkrrZnosuidZror-z /var/cagefs/z /.cagefs/)r2rDrlrr(r3) Zall_cagefs_mountsZwithout_nosuidZrw_mounts_onlyrZ mounts_listrrZ mountpointZoptsr(r(r)get_mounted_dirs s    2r_cCstd}t}|rXxtdD]2}|t|}|r tj|r | | dq Wn>t }x4|D],}||j }||}|rf| | dqfW|S)zh Returns set of base home directories like {"/home0", "/home1", .., "/home9"} including "/home" z (/home\d?)/z/home*rk)rcompilerrrrr/rQrrrrZ get_user_dictr)Zuse_globpatterndirsrQmrrrr(r(r)get_homeN_dirs s    rdc Cs|t|}|tkrpy8t|}t|jr:t|}t|<n g}t|<Wqxtt fk rlg}t|<YqxXnt|}|S)N) r listdir_cacherrr0rr/rr1rw)rQr%rr(r(r)cached_listdir s rfz/etc/cagefs/custom.etc/cCsttS)N)rf CUSTOM_ETCr(r(r(r)get_custom_etc_list srhc Cs\i}|tkrXt|}y t|}Wnttfk r:|SXt|jrXt||||d|S)N)rr) rhrgrr1rwrr0rr)r user_etc_pathZetc_listrQr%r(r(r)get_custom_etc_files_for_user s   rjc Cs|tkrt|}y t|}Wnttfk r6dSXt|jrxt |D]}|t t t gkrP|d|}|d|}y t|}WnDttfk r}z"t d|dt|tdwPWdd}~XYnXt|jrt||ddqPt||ddqPWdS)Nr-zError: lstat() failed file z : rkT)rM)rhrgrr1rwrr0rr/r CL_ALT_NAMECL_PHP_DIR_NAMEETC_VERSION_NAMErr`rrr)rrirr%rrrrar(r(r) update_custom_etc_files_for_user s&       rnz/usr/share/cagefs/custom.etc/cCsttr dSdS)NTF)rfCUSTOM_ETC_LOGr(r(r(r)custom_etc_present4 srpc Csy tt}Wn8ttfk rDtd}ttdt|YnX|r^tt||ddn,ytt|Wnttfk rYnXdS)NriT)rY) rror1rwr/rsr1rFrU)r list_of_filesrJr}r(r(r)save_custom_etc_log= s   rrcCsvg}|ttkrrtt|}xL|D]D}|}||kr"|dts"|dts"|ts"||q"W| |S)Nr-) rfror@rrCrkrl ETC_VERSIONr(sort)rrqrZold_listrQr(r(r)get_custom_etc_files_to_deleteP s   &rucCs2t|}t}x|D]}|||dqW|S)N)rmrr)rrQZplenrrr(r(r)r^ s  rcCsVyt|}Wntk r"dSXt|js4dS|jdkpR|jdkpR|jtj@ S)NFr) r/rr1rrrrrr)rQr%r(r(r)is_path_secureg s rvcCsdtdk r dStjtr tts(dadStjdddayttWntj k r^daYnXdS)NF)rQrR) cagefs_ini_cfgr/rQrR CAGEFS_INIrvrUrVrTr9r(r(r(r)read_cagefs_iniw sryc Csdd}ttdkr|Sttdd}yt|d}|dkrtt}yt|dSttfk r<YnXdS)Nr) r/rQrRrr@rfrrgrW)r[r(r(r)read_last_update_time s rcCs0t}|dkrdSt}tt}|||kS)NrT)r|rrfr)Z update_periodZ last_updateZ current_timer(r(r)#update_of_cagefs_skeleton_is_needed s  rc Cst|}|sdSt|}|s dSt|jrt|jstk r}z td|dt|t dWdd}~XYnXytj |st ||WnFtk r}z(td|d |dt|t dWdd}~XYnXdS) z Create symlink /usr/share/cagefs-skeleton/var/run/utmp -> /var/run/cagefs/utmp needed for emulation of /var/run/utmp inside CageFS For details see CAG-706 Nz/utmpz /var/run/utmpiz"Error: failed to create directory z : rkz Error: failed to create symlink z -> ) r/rQrrVAR_RUN_CAGEFSrr1rr`rrbr2)Z utmp_cagefsZskel_cagefs_dirZ skel_utmprar(r(r)create_utmp_in_skeleton:s  . rc Csyt|}Wntjk r$dSX|jdt}|d}tj|st |j |j y,tj |stt j|dddt |dWn.tttfk rt|rtdYnXtdS) a Create user's personal /home/user/.cagefs/var/run/cagefs/utmp file For details see CAG-706 :param user: user name :type user: string :param exit_on_error: True == execute sys.exit(1) when error has occured :type exit_on_error: bool Nz/.cagefsz/utmpiT) recursiver]rk)rrrrrrr/rQrr rrrrr1rur1rwrrrxryr )rrZrZutmp_dirZ utmp_filer(r(r)create_utmp_for_userQs"   rcCsttdddsdSdS)zf Check clean_php_sessions parameter in config file By default sessions cleanup is enabled Zclean_user_php_sessionsT)Z default_valF)r r!r(r(r(r)"is_clean_user_php_sessions_enabledmsr)FNN)T)T)NNT)NNT)r]r)rrr)rrkrr)rrkr)rkrk)FF)T)F)F)N)r)r)r)r)TF)TFT)T)FT)F)N)rF)NF)NNN)NN)N)NN)FFF)F)T)r)T(!Z __future__rrrrrZfuturerZinstall_aliasesbuiltinsrrxr7stringrr rrrUrrrrrrvrr/Zsecureiorr r r r r rrrrrrrrrrrZclcommon.clfuncrrZclcommonrrr<Zsignals_handlersrZclcommon.utilsrrrr r!r#r"rmrsrxr=ZETC_TEMPLATE_DIRrrZ VERBOSE_FLAGr9rtrrrZFALLBACK_PLESK_VHOSTS_DrerOrcrArErPrVrSr4rLrXr\r[boolrYrZrirprUrZLOG_ERRrrrrrrrrrrZFUSE_WHITE_LISTrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr'rr*r.r,r3r>rGrNrWrFr@rgrjrprsryr}rzrr~r|rrrFrrrrkrrrrrrrrrrrrrrrrrOrrrrrrrrrrrrrrrGrrrrrrrrrrrrrrrrrrrrrr r rrrrrrrrrr#rlZETC_CL_PHP_PATHr8rNr&r(r-r.r1r7r;r:rCrGrMrPrOr[rJr\r]r^rHr_rdrerfrgrhrjrnrorprrrurrvrwryr|r}r~rrrrrrrrrrrrrr(r(r(r) s     $  "             # C   d +   &      I b g ^ 4 / N (   ) , +     $     % )T>  ) '     "