Mini Shell

Direktori : /proc/self/root/usr/share/cagefs/__pycache__/
Current File : //proc/self/root/usr/share/cagefs/__pycache__/generic_hook_lib.cpython-311.opt-1.pyc
�

�o�i�A����ddlZddlZddlZddlZddlmZddlmZmZm	Z	m
Z
ddlmZddl
mZmZddlmZddlmZmZmZmZmZmZddlmZdd	lmZmZmZmZdd
l m!Z!ej"�#d��ddl$m%Z%m&Z&m'Z'm(Z(e��d
krdZ)ndZ)dZ*dZ+ej,d��Z-d�Z.d�Z/d�Z0d�Z1d�Z2d�Z3d�Z4de5fd�Z6d�Z7d$d�Z8d�Z9d�Z:d �Z;d%d!�Z<d"�Z=d#�Z>dS)&�N)�Path)�is_isolation_enabled�#get_websites_with_enabled_isolation�disable_website_isolation�(is_website_isolation_allowed_server_wide)�get_jail_config_path)�cleanup_stale_crontab_sections�migrate_crontab_docroot)�Feature)�	getCPName�
PLESK_NAME�is_admin�DIRECTADMIN_NAME�CPANEL_NAME�is_panel_feature_supported)�ClPwd)�get_file_lines�run_command�ExternalProgramFailed�is_user_present)�write_file_via_tempfilez/usr/share/cagefs)�get_min_uid�MIN_UID�get_user_prefix�is_user_enabled�DirectAdminz&/etc/cagefs/exclude/directadmin.adminsz /etc/cagefs/exclude/panel.adminsz/usr/sbin/cagefsctlz/usr/share/cagefs-skeleton/binzclcommon.public_hooksc�\�tj|tjtjdd�|��}|���\}}t�d|��|jdkrt�d||��n#t�d||j||��|jS)a
    This file is mostly a copy-paste from bash where
    return code of process was ignored. In order not to
    break servers, we decided to ignore exit codes in python too.

    This method runs subprocess and silently logs errors
    if exit code was not zero. No errors raised.
    T)�stderr�stdout�textzExecuting %srzstdout: `%s`
stderr:`%s`z>process %s dies with exit code %s and stdout: `%s`
stderr:`%s`)	�
subprocess�Popen�PIPE�communicate�logger�info�
returncode�debug�error)�args�kwargs�prrs     �d/builddir/build/BUILDROOT/cagefs-7.6.32-1.el8.cloudlinux.x86_64/usr/share/cagefs/generic_hook_lib.py�_call_with_loggingr.3s���	��	
�j�o���T�	5�	5�-3�	5�	5�A��]�]�_�_�N�F�F�
�K�K���%�%�%��|�q������0�&�&�A�A�A�A������q�|�V�V�	=�	=�	=�
�<��c��	t���|��}n(#tj$rtd|z��YdSwxYwt	��|t
krtd||t
fz��dSdS)z}
    Checks if user can be places inside cage by his uid.
    :param username: unix user name
    :return: True or False
    zERROR: No such user %sFz2SKIP: User %s uid is %d - too small. min_uid is %dT)r�get_uid�NoSuchUserException�printrr)�username�uids  r-� _is_user_uid_suitable_for_cagefsr6Ks�����g�g�o�o�h�'�'�����$����
�&��1�2�2�2��u�u������M�M�M�
�W�}�}�
�B�h�PS�U\�E]�]�^�^�^��u��4s�!$�!A	�A	c��tj�t��s
dtzSt	t��}|dz}||vr@|�|��t
d�|��tdd���dS)zV
    Remove admin name from cagefs exclude file
    :param admin_name: admin name
    z'WARNING: exclude list %s does not exist�
���tmp��suffix�OK)�os�path�exists�_CAGEFS_EXCLUDE_FILEr�remover�join)�
admin_name�f_lines�line_for_writes   r-�post_delete_admin_handlerrH]s���
�7�>�>�.�/�/�P�8�;O�O�O��1�2�2�G��$�&�N��� � ����~�&�&�&������ 0� 0�2F��W\�]�]�]�]��4r/c�D�tt��}|dz}||vr@|�|��td�|��tdd���	ttd|g��n)#t$r}dt|��zcYd}~Sd}~wwxYwd	S)
z]
    Triggered after creating new UNIX user for admin.
    :param admin_name: admin name
    r8r9r:r;r<z	--disablezcagefsctl utility failed: %sNr>)	rrB�appendrrDr�_CAGEFS_BINARYr�str)rErFrG�es    r-�post_create_admin_handlerrNms����1�2�2�G��$�&�N��W�$�$����~�&�&�&������ 0� 0�2F��W\�]�]�]�]�7��^�[�*�=�>�>�>�>�� �7�7�7�-��A���6�6�6�6�6�6�6�����7�����4s�A7�7
B�B�B�Bc�x�t��tko#tj�dd��dkS)a
    cPanel calls post_create_user_handler during restore process
    (transferring or restoring from backup)
    But we should not do some actions in that case.

    Detect restoration process by control panel name and
    env variable that we set in cllib.
    :return: boolean
    �CPANEL_RESTORE�0�1)rrr?�environ�get�r/r-�_is_cpanel_restore_processrV�s/���;�;�+�%�V�"�*�.�.�9I�3�*O�*O�SV�*V�Vr/c���t|��rd|zSt|��sdSttdd|g��t	��slttj��sttd|g��tj	�
t��rttdd|g��t��tkrttdd|g��dS)	ay
    Triggered after creating new user.
    :param username: account name

    It is important to have in mind that current handler
    is called twice during account restoring process on cPanel:
    first time - after account creation ("post_create_user" hook with envvar CPANEL_RESTORE = 1),
    second time - after the actual restore process ("post_restore_user" hook).
    zSKIP: User %s is admin�SKIP�--wait-lockz--set-default-user-statusz--create-namespace�--cpetc�--remount-virtmpr>)rr6r.rKrVrr�LVEr?r@�isdir�_CAGEFS_SKELETON_BINrr
�r4s r-�post_create_user_handlerr`�s�������3�'�(�2�2�
,�H�5�5���v���
�7R�T\�]�^�^�^�%�'�'�U�*�'�+�6�6�	Q���0D�h�O�P�P�P��7�=�=�-�.�.�	U���
�y�(�S�T�T�T��{�{�j� � ��N�M�;M�x�X�Y�Y�Y��4r/c�V�td|�d|����t|��rttd|g��t	��t
krdStj�t��rttdd|g��ttdd|g��dS)	z�
    Triggered after creating additional domains in control panel.
    :param username: owner of the domain
    :param domain: name of the domain
    z%Post create domain handler for user: z
, domain: �--site-isolation-regenerateNrYrZr[r>)
r3rr.rKrr
r?r@r]r^�r4�domains  r-�post_create_domain_handlerre�s���
�
N�(�
N�
N�f�
N�
N�O�O�O��H�%�%�V��N�,I�8�T�U�U�U��{�{�j� � ���

�w�}�}�)�*�*�Q��N�M�9�h�O�P�P�P���
�7I�8�T�U�U�U��4r/r4c��tj�t��sdSt	|��}d�||���}tj�|d��}tj�|d��}tdd|g��tdd|g��t|��rttdd	|g��d
S)z{
    Post restore action for directadmin. Cleans
    and rebuilds cl.selector files.
    :param username: account name
    zSKIP: no working cagefsz/var/cagefs/{prefix}/{username})�prefixr4zetc/cl.selectorzetc/cl.php.d�rmz-rfrYrZr>)
r?r@r]r^r�formatrDr.rrK)r4�user_prefix�cagefs_user_dir�cl_selector_path�
cl_php_d_paths     r-�_post_restore_user_directadminrn�s����7�=�=�-�.�.�)�(�(�!�(�+�+�K�7�>�>��X�?�/�/�O��w�|�|�O�5F�G�G���G�L�L��.�A�A�M���e�%5�6�7�7�7���e�]�3�4�4�4��x� � �Q��N�M�9�h�O�P�P�P��4r/c��t��tkrt|��St��tkrt	|��SdS)zK
    Triggered after restoring user.
    :param username: account name
    N)rrrnr
r`r_s r-�post_restore_user_handlerrp�sI���{�{�&�&�&�-�h�7�7�7�
���
�	"�	"�'��1�1�1�
#�	"r/c�"�t|p|��sdS|��t��tkr�t|��t	��rftt
|����}|jjj|zdz|jz}|�	��rttd|g��dS|��ttdd|p|g��ttdd|p|g��t	��rftt
|����}|jjj|zdz|jz}|�	��rttd|g��|�1t��tkrttdd|p|g��dS)	z8
    Triggered after any modifications made to user
    rXNz.cagefsrbr>rY�--update-etcz	--remount)r6rr
r`rrr�parent�namerAr.rK)r4�new_name�	new_owner�new_config_path�old_config_paths     r-�post_modify_user_handlerry�s���,�H�,@��A�A���v���	���z� 9� 9�	!��*�*�*�3�5�5�	^�"�#7��#A�#A�B�B�O�-�4�;�B�X�M�PY�Y�\k�\p�p�O��%�%�'�'�
^�"�N�4Q�S[�#\�]�]�]��t�	�	��N�M�>�8�K_�W_�`�a�a�a��N�M�;��H\�T\�]�^�^�^�3�5�5�	^�"�#7��#A�#A�B�B�O�-�4�;�B�X�M�PY�Y�\k�\p�p�O��%�%�'�'�
^�"�N�4Q�S[�#\�]�]�]���I�K�K�:�5�5��N�M�>�8�K_�W_�`�a�a�a��4r/c���t|��sdSt|��rt|d���ttd|g��t|��st�d|��dSdS)zf
    Triggered before control panel actually removes account.
    :param username: unix user name
    N)rdz	--unmountz*User %s does no longer exist after unmount)r6rrr.rKrr%r)r_s r-�pre_delete_user_handlerr{*s���
,�H�5�5�����H�%�%�9�!�(�4�8�8�8�8����X�>�?�?�?��8�$�$�M����A�8�L�L�L�L�L�M�Mr/c��td|����t|��r&ttd|g��t	|��t��tkrdSt|��sdSttdd|g��dS)a
    Triggered after deleting domain owned by system account.
    Not it is used only for plesk because of virt.mp file used
    to add domain-related data into cagefs and we should remount
    user on any change.
    :param username: account name
    :param domain: domain name
    z%Post delete domain handler for user: rbNrYr[)r3rr.rKr	rr
r6rcs  r-�post_delete_domain_handlerr}>s���
�
<�(�
<�
<�=�=�=��H�%�%�1��N�,I�8�T�U�U�U�&�x�0�0�0��{�{�j� � ���+�H�5�5������
�7I�8�T�U�U�U�U�Ur/c��t|��sd|zSt|||��}|r%t�d|||��d|�d|��SdS)a
    Triggered when document root changes for a domain.
    Migrates crontab entries from old docroot to new docroot.

    :param username: account name
    :param old_docroot: old document root path
    :param new_docroot: new document root path
    :return: status message
    z/SKIP: Website isolation not enabled for user %sz&Migrated crontab for user %s: %s -> %szOK: Migrated crontab from z to z!OK: No crontab entries to migrate)rr
r%r&)r4�old_docroot�new_docroot�successs    r-�post_modify_docroot_handlerr�Vsx�� ��)�)�L�@�8�K�K�%�h��[�I�I�G��3����4��k�;�	
�	
�	
�	
�8C�{�{�K�K�P�P�2�2r/c��t|��rA|r(|t|��vrttd|g��ttd|g��t	��t
krdSt
|��sdSttdd|g��||krttdd|g��dStd|�d|����dS)	a�
    Triggered after deleting domain owned by system account.
    Not it is used only for plesk because of virt.mp file used
    to add domain-related data into cagefs and we should remount
    user on any change.
    :param username: account name
    :param old_domain: old domain name
    :param new_domain: new domain name
    :param old_docroot: old document root path (optional)
    :param new_docroot: new document root path (optional)
    z--site-isolation-enablerbNrYrrr[z*INFO: Omitting remount because old_domain=z equals to new_domain=)rrr.rKrr
r6r3)r4�
old_domain�
new_domainrr�s     r-�post_modify_domain_handlerr�ns����H�%�%�V��	X�*�(K�H�(U�(U�U�U���0I�:�V�W�W�W��N�,I�8�T�U�U�U��{�{�j� � ���+�H�5�5����
��
�~�x�P�Q�Q�Q��Z����N�M�;M�x�X�Y�Y�Y�Y�Y�
���J�J�
�
�,�	-�	-�	-�	-�	-r/c��t��tkrdSt|��sdSt|��rt	t
d|g��dSdS)a!
    Triggered after deleting addon domain owned by system account.
    Not it is used only for plesk because of virt.mp file used
    to add domain-related data into cagefs and we should remount
    user on any change.
    :param username: account name
    :param domain: domain name
    Nrb�rrr6rr.rKrcs  r-� post_delete_addon_domain_handlerr��sh���{�{�k�!�!���+�H�5�5�����H�%�%�V��N�,I�8�T�U�U�U�U�U�V�Vr/c��t��tkrdSt|��sdSt|��rt	t
d|g��dSdS)z�
    Triggered after creating addon domain in control panel.
    :param username: owner of the domain
    :param domain: name of the domain
    Nrbr�rcs  r-� post_create_addon_domain_handlerr��sh���{�{�k�!�!���+�H�5�5�����H�%�%�V��N�,I�8�T�U�U�U�U�U�V�Vr/)NN)NNN)?r?r!�sys�logging�pathlibr�clcagefslib.domainrrrr�#clcagefslib.webisolation.jail_utilsr� clcagefslib.webisolation.crontabr	r
�clcommon.constr�clcommon.cpapirr
rrrr�clcommon.clpwdr�clcommon.utilsrrrr�secureiorr@rJ�	cagefsctlrrrrrBrKr^�	getLoggerr%r.r6rHrNrVr`rerLrnrpryr{r}r�r�r�r�rUr/r-�<module>r�s��
�	�	�	�����
�
�
�
�����������������������E�D�D�D�D�D���������#�"�"�"�"�"����������������� � � � � � �������������-�,�,�,�,�,�����#�$�$�$�L�L�L�L�L�L�L�L�L�L�L�L�
�9�;�;�-���C���=��&��7��	��	�2�	3�	3�����0���$
�
�
� ���*
W�
W�
W�)�)�)�X���<�S�����,
2�
2�
2� &�&�&�&�VM�M�M�(V�V�V�03�3�3�0#-�#-�#-�#-�LV�V�V�(V�V�V�V�Vr/