B u&ù`Á&ã@sÒddlmZddlmZddlmZddlmZddlmZe ¡ddlTddl Z ddl Z ddl Z ddl Z ddl Z ddlZddlmZdd lmZdd lmZdd lmZmZmZmZmZmZmZmZdd lmZd Z y ddl!m"Z"m#Z#m$Z$m%Z%m&Z&Wn8e'k r0dZ dZ$dZ%dZ&dZ(edddgƒZ#YnXdd„Z)de)_*dd„Z+de+_*dd„Z,de,_*d d!„Z-d"e-_*d#d$„Z.d%d&„Z/d'e/_*d(d)„Z0d*e0_*d+d,„Z1d-e1_*d.d/„Z2d0e2_*e)e+e,e-e/e0e1e2fZ3d1d2„Z4d3d4„Z5dS)5é)Úprint_function)Úabsolute_import)Údivision)Úunicode_literals)Ústandard_library)Ú*N)Ú clconfpars)Úchain)Ú namedtuple)Ú read_mpfileÚ DISABLE_ETCFSÚget_cagefs_usersÚ enabled_dirÚ disabled_dirÚbuild_wrappers_dictsÚis_ea4_enabledÚread_cpanel_ea4_php_conf)ÚCageFSExceptionT)ÚrunnerÚ ChkResultÚOKÚFAILEDÚSKIPPEDFrrrÚINTERNAL_TEST_ERRORrÚresÚmsgcCsttdddd}|d|d}}g}x0t||ƒD]"}| ¡}tj |¡s0| |¡q0W|rjttd  |¡ƒStt dƒS)NT)Z skip_errorsZ ignore_cacheZreturn_all_mountsréz"There are missing mount points: {}zNo missing mount points found) r r ÚstripÚosÚpathÚisdirÚappendrrÚformatr)Zall_mounts_tupleZmountsZsplitted_mountsZmissingÚpÚt©r%ú!/usr/share/cagefs/sanity_check.pyÚ check_cagefs_mount_points_exists8s r'z Check cagefs mount points existscCs8tj t¡r(tj t¡s(ttd t¡ƒSttd t¡ƒS)Nz{} is not a directoryz {} is fine) rrÚexistsrr rrr"rr%r%r%r&Ú check_cagefs_enabled_users_isdirMsr)z'Check cagefs users.enabled is directorycCs8tj t¡r(tj t¡s(ttd t¡ƒSttd t¡ƒS)Nz{} is not a directoryz {} is fine) rrr(rr rrr"rr%r%r%r&Ú!check_cagefs_disabled_users_isdirTsr*z(Check cagefs users.disabled is directorycCs,tj t¡sttd t¡ƒSttd t¡ƒS)Nz{} doesn't existsz {} exists)rrr(r rrr"rr%r%r%r&Ú"check_cagefs_disabled_etcfs_exists[s r+z!Check cagefs disable.etcfs existsc Cstƒ}tƒ}t d¡}x€|D]x}yt |¡}Wntk rDwYnX| |j¡x@|jD]6}yt   |¡}Wntk r‚wZYnX| |j ¡qZWqWxb|D]Z}|  |¡r®qžyt   |¡}Wntk rÒwžYnX|j } |j } | |ksž| |kròqž|| fSWdS)aX Filter out users that are in super groups and return username and uid of cagefs user for test :param groups: list of super groups :type groups: list of str :param all_enabled_users: list of cagefs users to filter :type all_enabled_users: list of str :rtype tuple (user, uid) or (None, None) when user not found z^cldiaguser_[a-f0-9]{21}$)NN)ÚsetÚreÚcompileÚgrpZgetgrnamÚKeyErrorÚaddZgr_gidZgr_memÚpwdÚgetpwnamZpw_uidÚmatchZpw_gid) ÚgroupsÚall_enabled_usersZ super_gidsZ super_uidsZ re_patternÚgroupÚgÚuserr#ÚuidÚgidr%r%r&Úget_cagefs_user_for_testbs8        r<c Cs&ytdd}Wntk r(ttdƒSX|s8ttdƒSyt d¡}Wn2ttfk rx}zttd  |¡ƒSd}~XYnX|dkrŒttdƒSt |j |ƒ\}}|dkr®ttdƒSd  |¡}d   ||¡}yt j |t jddd  ¡Wn:t jk r}zttd   ||j ¡¡ƒSd}~XYnXttd ƒS) NT)Úraise_exceptionzNo users with cagefs enabledz /etc/pam.d/suz*Error parsing /etc/pam.d/su config file {}z?pam_lve configuration is not found in /etc/pam.d/su config filezCNo users with cagefs enabled (all enabled users are in super group)zYecho -n "Logged in as: $(whoami) - $(id -u) "; [ "$(id -u)" == "{0}" ] && ls /var/.cagefsz.unset BASH_ENV; su '{0}' -s /bin/bash -c '{1}')ÚstderrÚshellÚtextz{}; Output was: "{}"z,Several tested users really can enter cagefs)r rrrrZparse_pam_lve_configÚIOErrorÚ ValueErrorrr"r<r5Ú subprocessZ check_outputZSTDOUTrZCalledProcessErrorÚoutputr)r6ZcfgÚer9r:ÚinnerÚcmdr%r%r&Úcheck_users_can_enter_cagefs‹s0      &rHz#Check cagefs users can enter cagefsc CsLytddWn2tk r@}zttd t|ƒ¡ƒSd}~XYnXttdƒS)NT)r=z)Proxy commands config parsing error: "{}"z%Syntax looks fine. Files are parsable)rÚ Exceptionrrr"Úreprr)rEr%r%r&Ú)check_proxy_commands_configs_are_parsableªsrKz0Check cagefs proxy commands configs are parsablec CsŽg}t d¡}|sttdƒSxX|D]P}t|dƒ}| ¡}WdQRXt|ƒdkr\| |¡q"|ddkr"| |¡q"W|r„tt|ƒSttdƒS)Nz/var/cagefs/*/*/virt.mpzNo virt.mp files foundZrtrú@zvirt.mp files syntax is fine) ÚglobrrÚopenÚreadÚlenr!rr)ZwrongÚfilesZvirt_mpÚfÚconfr%r%r&Úcheck_all_virt_mp_files_syntax»s        rTz!Check cagefs virt.mp files syntaxcCsddd„}tƒrZ|ƒsZtƒ}|rZy |d}| d¡s.php_selector_is_disabledÚdefaultzea-phpznChoose one of ea-php versions instead of alt-php in cPanel MultiPHP Manager for PHP Selector to start working.z*Cannot get MultiPHP system default versionzVMultiPHP system default PHP version is NOT alt-php. PHP Selector should work normally.)rrÚ startswithrrr0r)rXrSZ default_phpr%r%r&Úcheck_multiphp_system_defaultÖs   r[z)Check MultiPHP system default php versionc Cs°g}g}xžtD]–}y|ƒ}|j|j}}Wn0tk rZ}ztt|ƒ}}Wdd}~XYnX|tkrz| d |j |¡¡q|t fkrŽ| |¡| d |j ||¡¡qW||fS)Nz {}... {} z {}... {}: {} ) ÚCAGEFS_CHECKERSrrrIrrJrr!r"Ú__name__r)ÚerrorsrDrRZchk_resrZdetailsrEr%r%r&Ú run_testsús    r_cCslt ¡dkrtdƒtdƒtr*ttƒn>tdƒtƒ\}}td |¡ƒtd  t |ƒ¡ƒ|rhtdƒdS)Nrz&This script should be run by root useréz*** Starting sanity check *** Ú z*** There are {} errors ***é) rÚgeteuidÚprintÚexitÚcldiaglib_foundrr\r_Újoinr"rP)r^Úoutr%r%r&Úcheck s   ri)6Z __future__rrrrZfuturerZinstall_aliasesÚbuiltinsrr2r/rMrCr-ZclcommonrÚ itertoolsr Ú collectionsr Z cagefsctlr r r rrrrrZ cagefslibrrfZ cldiaglibrrrrrÚ ImportErrorrr'Z pretty_namer)r*r+r<rHrKrTr[r\r_rir%r%r%r&Úsp        (  )