}CeChddlmZddlmZddlmZddlZddlZddlZddlZddlm Z ddl m Z ddl Z ddl mZmZmZmZmZmZmZmZmZmZejdZ ejd Zn#e$rejd ZYnwxYweZeZGd d eZeeZej Z eeege _!ee _"ej#Z#eege#_!ee#_"ej$Z$ege$_!ee$_"ej%Z%ege%_!ee%_"ej&Z&ege&_!de&_"ej'Z'ege'_!ee'_"ej(Z)eege)_!ee)_"egej*_!dej*_"ej+Z+ege+_!ee+_"ej,Z,eeege,_!ee,_"eeeegej-_!eej-_"eeeeegej._!eej._"eeeeeegej/_!eej/_"eeeeegej0_!eej0_"ej1Z1eege1_!ee1_"ej2Z2eege2_!ee2_"d a3dZ4dZ5dZ6dZ(dZ7dZ8dZ*d,dZ-d,dZ.d,dZ/d-dZ0d.dZ9d/dZ: d0dZ;d1dZd!Z?da@d"ZAe e5#ZBd$ZCdaDd2d%ZEd&ZFd3d'ZGd(ZHd)ZIejJd*ZKejJd+ZLdS)4)print_function)absolute_import)divisionN)ClPwd)drop_user_privileges) cdllc_long Structurec_ushortc_ubytec_charPOINTERc_intc_void_pc_char_pz libc.so.6zlibsecureio.so.0z liblve.so.0c6eZdZdefdefdefdefdedzfgZdS)DIRENTRYd_inod_offd_reclend_typed_nameN) __name__ __module__ __qualname__ino_toff_tr r r _fields_/builddir/build/BUILDROOT/alt-python27-cllib-3.3.7-2.el7.cloudlinux.x86_64/opt/cloudlinux/venv/lib/python3.11/site-packages/secureio.pyrr#sA % % X 7 6C< HHHr!rTz/var/log/cagefs-update.logiFcZtj|tjtjzSN)osopenO_RDONLY O_NOFOLLOWpaths r"open_not_symlinkr+s 74r}4 5 55r!cFtjt|dS)Nr)r%fdopenr+r)s r"open_file_not_symlinkr/s 9%d++S 1 11r!c6tj|}t|}|stdt |g} t |}|sn"|j}||j4t |t||S)z:Returns list of entries of directory pointed by descriptorzfdopendir error) r%dup fdopendir Exception rewinddirreaddircontentsappendrclosedir)fdfd2dirpdirlistentrypentrys r"flistdirr?s &**C S>>D +)*** dOOOG%  u|$$$ %dOOO TNNN Nr!cZ|( tj|dS#t$rYdSwxYwdSr$)r%closeOSError)r9s r"closefdrCsF ~  HRLLLLL    DD ~s  ((c|d}t||||}|dkr|S||d|zdddS)z{Sets permissions to directory (in secure manner) Returns descriptor if successful Returns None if error has occuredNrz.Error: failed to set permissions of directory FT)liblveset_perm_dir_secureencode)r*perm parent_pathr9loggers r"rGrGsn z   # #DKKMM4[=O=O=Q=Q R RB Avv  ?$FtTTT 4r!c|d}t|||||}|dkr|S||d|zdddS)zSets owner and group of directory (in secure manner) Returns descriptor if successful Returns None if error has occuredNrErz(Error: failed to set owner of directory FT)rFset_owner_dir_securerH)r*uidgidrJr9rKs r"rMrMsp z   $ $T[[]]Cb+BTBTBVBV W WB Avv  9D@%NNN 4r!c |d}t||||||}|dkr|S||d|zdddS)zCreates directory if it does not exist, sets permissions/owner otherwise Returns descriptor if successful Returns None if error has occuredNrEr#Error : failed to create directory FT)rFcreate_dir_securerH)r*rIrNrOrJr9rKs r"rRrRsr z   ! !$++--sC[EWEWEYEY Z ZB Avv  4t;UDIII 4r!ct|||||}|r|r|d|zdd|S)zeRecursive directory creation function Returns 0 if successful Returns -1 if error has occuredrQFT)rFmakedirs_securerH)r*rIrNrOrJrKress r"rTrTsc  c3 @R@R@T@T U UC JvJ4t;UDIII Jr!c||||td|duo|du}|rt|| t|}|}||rt |S#t tf$r_}|rt td|zdzt|ztd||stj dYd}~dSd}~wwxYw)z read file not following symlinksNzEread_file_secure: uid and gid should be both null or be both not nullzError: failed to read  : ) r3 set_user_permr/ readlinesrA set_root_permrBIOErrorloggingstr SILENT_FLAGsysexit) filenamerNrO exit_on_error write_log drop_perm file_objectcontentes r"read_file_secureris CK_```D7s$I c3 +H55 ''))   OOO W    OOO(83e;c!ffDkSTV_```    sAA<<C, AC''C,ctj|}|rt|| t jd|\}} tj|d} | d||s$|"| t|||rtdt||rtd| n#ttf$r} | n#YnxYw tj |n#YnxYw tj| n#YnxYw|rtt!d|zd zt#| d d zt&d |Yd} ~ d Sd} ~ wt($rD} t!d t#| zt&dt+jdYd} ~ nd} ~ wwxYwd} tj| |nl#t$r_} d } t!d|zd zt#| zt&d| tj| n#t$rYnwxYwYd} ~ nd} ~ wwxYw|rt| S)z!Returns True if error has occuredcagefs_)prefixdirwNz fchown failedz fchmod failedzError : failed to write file rWErrnozErr codeTzError: rXFz$Error: failed to rename tempfile to )r%r*dirnamerYtempfilemkstempr.writejoinfchownrBfchmodrAr\unlinkr[r]r^replacer_r3r`rarename) rgini_pathrNrOrerIrddirpathr9 temp_pathrfrherrors r"write_file_securer!sgooh''G c3 ( wGGG IiC(( "'''**+++ /S_b#s## /o... "d   +/** * W           D  HRLLLL  D  Ii   D   OOO/(:UBSVV^^T[]gEhEhhjuw{~G H H Httttt  CFF"K333   E )X&&&& 6AEICPQFFRT_abdmnnn  Ii     D   LsB/C$$G46D  F# D F#D('F#(D,*F#0EF#E AF## G40:G//G4:H I9/I4 II4 I,)I4+I,,I44I9rpc|%tj}t|ddtj|}d\}} t j|||\}} tj|dd 5} | |dddn #1swxYwYnu#ttf$ra||  tj |n#ttf$rYnwxYw tj | n#ttf$rYnwxYwwxYw tj | |tj| |nI#tttf$r/ tj | n#ttf$rYnwxYwwxYw|htj} tj| tjtj| d krtj|dSdSdS) aP Safely write string content to a file :param content: str :param dest_path: str -> path to a file :param perm: int -> permissions for the file :param prefix: str -> add to temporary file name :param suffix: str -> add to temporary file name :param as_user: str -> name of the user to drop privileges to NTF)effective_or_realset_envNN)rmsuffixrnrosurrogateescape)errorsr)r% getgroupsrr*rrrsrtr.rur\rBrArychmodr{ TypeErrorgetuidseteuidsetegidgetgid setgroups) rg dest_pathrIrmras_user old_groupsr}r9r~f_tempruids r"write_file_via_tempfilerXs\^^ WeLLLLgooi((GMB  (f';;; I Yr3'8 9 9 9 "V LL ! ! ! " " " " " " " " " " " " " " " W     :*   HRLLLL!    D   Ii !    D    D!!! )Y'''' Wi (  Ii !    D  y{{ 4 29;; 199 L $ $ $ $ $  9s 1B,>B  B, B$$B,'B$(B,,DCDC,)D+C,,D0DDDDDD"*E F%E:9F:F F FFc6 tj|ng#tf$rY}|rGtdt |zdzt |zt jdnYd}~dSYd}~nd}~wwxYwt||} tj|nS#tf$rE}|r3td|t |t jdnYd}~dSYd}~nd}~wwxYw tj |ng#tf$rY}|rGtdt |zdzt |zt jdnYd}~dSYd}~nd}~wwxYw|dkrda dSt d a dS) Nzfailed to set egid to z: rXrEz'failed to set supplementary groups to :zfailed to set euid to rTF) r%rrB print_errorr^r`ra get_groupsrr root_flagrFenable_quota_capability)rNrOrarhgroupss r"rYrYs 3 :   03s88;dBSVVK L L L HQKKKK22222 KKKKS ! !F V :   A63q66 R R R HQKKKK22222 KKKK 3 :   03s88;dBSVVK L L L HQKKKK22222 KKKK axx  &&((( sF A;A A66A;B$$ C4/5C//C48D E1A E,,E1c tjdnR#tf$rD}|r2tdt |t jdnYd}~dSYd}~nd}~wwxYw tjdnR#tf$rD}|r2tdt |t jdnYd}~dSYd}~nd}~wwxYwtdd} tj |nS#tf$rE}|r3td|t |t jdnYd}~dSYd}~nd}~wwxYwda dS)Nrzfailed to set euid to 0 :rXrEz Error: failed to set egid to 0 :z.Error: failed to set supplementary groups to :T) r%rrBrr^r`rarrrr)rarhrs r"r[r[s 1 :   3SVV < < < HQKKKK22222 KKKK 1 :   :CFF C C C HQKKKK22222 KKKK1  F V :   H&RUVWRXRX Y Y Y HQKKKK22222 KKKKIIIsD A&4A!!A&*A?? C 4C  C"C77 E5EEctddtj|D]}t|dtjttjdS)NzError: )endfile)r)printr`stderr)argsas r"rrs[ (#*---- ++ aSsz***** szr!cVt}t}t}|D]Y}||j}|D]G} ||j}n#t $rYwxYw||kr |||jHZ||t|S)z$Returns supplementary groups for uid) get_grp_dict get_pwd_dictsetgr_mempw_uidKeyErroraddgr_gidlist) rNrOgrpwrgroupmembersuser member_uids r"rrs B B UUF--U)" - -D X_     S   2e9+,,,  - JJsOOO <<s A AAcpt)iatj}|D]}|t|j<tSr$)grp_dictgrpgetgrallgr_name)rlines r"rrs; \^^ * *D%)HT\ " " Or!)min_uidc4tSr$)clpwd get_user_dictr r!r"rrs     r!cX|s|rt||rt}tst\}}t t>t jd}ttddat j|t |t dnU#ttf$rA}tdtt|tjdYd}~nd}~wwxYw|st!||dSdSdS)NrorX z writing to )rrget_permr[log_filer%umaskr&LOGFILErurBr\rr^r`rarY) msgsilentverboserdroot_flag_savedrNrO umask_savedrhs r"r]r]s/    #JJJ$# zzHC OOO  htnn a00%%% NN3    NN4 !     wA 7 7 7 HQKKKKKKKK  $ #s # # # # ##$$  $ $sA9B??D7D  Dc tj}tj}nI#tf$r;}t dt |t jdYd}~nd}~wwxYw||fS)Nzfailed to get (euid,egid)rX)r%geteuidgetegidrBrr^r`ra)rNrOrhs r"rr syjlljll :/Q888   8Os&) A/1A**A/cj|rtntS)z Set CAP_SYS_RESOURCE capability :param bool clear: Set on if it's true, set off otherwise :return: 0 for success, -1 otherwise :rtype: int )rFdisable_quota_capabilityr)clears r"set_capabilityr*s116 .6 * * , , ,  + + - -.r!cFtj|tS)a Change effective uid of current process and set CAP_SYS_RESOURCE capbality to prevent "Disk quota exceeded" error :param int euid: User ID to set it as current effective UID :return: 0 if capability was set successfuly, -1 otherwise :rtype: int )r%rr)rNs r" change_uidr6sJsOOO   r!cr|stdStdS)zZ Disable quota kernel check to allow us to write more than user can by quota. N)rFrrenableds r"_set_quota_checks_statusrCs< *&&((((('')))))r!c#~Ktd dVtddS#tdwxYw)NFrT)rr r!r" disable_quotarNsTU++++/  ...... .....s*<c#Ktj|} dVtj|dS#tj|wxYwr$)r%r) umask_value saved_umasks r" set_umaskrWsO(;''K  s 2Arr$)NNTT)TrjT)rprpN)T)FTT)F)M __future__rrrrr`rs contextlibclcommonrclcommon.clpwdrr%ctypesrr r r r r rrrr LoadLibrarylibcrFrBrrr DIRENTRY_Prwargtypesrestyperxr2r5r4r8r+_open_not_symlinkrC check_dirisdirrGrMrRrTget_path_from_descriptor is_subdirrrMIN_UIDr_r/r?rirrrYr[rrrrrrrr]rrrrcontextmanagerrrr r!r"rs&%%%%%&&&&&& ////// ////////////////////////t $$- T 0 1 1FF--- T m , ,FFF- yWX   %' %. N W   ,: N Z   =J+&1!!'   W    E8, (0x&H#%*")1%x'P$&+# &.ueUE8$T!#( $,UE5("K!& ":%*H$5!#+    )    &  6662228            24444pAE3%3%3%3%l$$$$ND"  g!!! $$$$4 . . . .   *** /// sA--BB