/usr/share/cagefs-skeleton/opt/cloudlinux/venv/lib/python3.11/site-packages
# coding=utf-8 # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2018 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENSE.TXT import os import pwd import grp import re import subprocess import tempfile from stat import S_IRUSR, S_IRGRP class NoSuchUser(Exception): def __init__(self, user): Exception.__init__(self, f'No such user ({user})') class NoSuchGroup(Exception): def __init__(self, group): Exception.__init__(self, f'No such group ({group})') class UnableToReadFile(Exception): def __init__(self): Exception.__init__(self, 'Cannot read sudoers file') class UnableToWriteFile(Exception): def __init__(self): Exception.__init__(self, 'Cannot modify sudoers file') SUDOERS_FILE = '/etc/sudoers' ALIAS_LVECTL_CMDS = ["/bin/ps", "/bin/grep", "/sbin/service", "/usr/bin/getcontrolpaneluserspackages", "/usr/sbin/lvectl", "/usr/local/directadmin/plugins/new_lvemanager/admin/GetDomains", "/usr/share/l.v.e-manager/utils/cloudlinux-cli.py"] ALIAS_LVECTL_USER_CMDS = ["/usr/share/l.v.e-manager/utils/cloudlinux-cli-user.py"] ALIAS_SELECTOR_CMDS = ["/usr/bin/cl-selector", "/usr/bin/piniset", "/usr/sbin/lveps", "/usr/bin/selectorctl"] DEFAULTS_REQUIRETTY = 'Defaults:%s !requiretty' # Patterns for group GROUP_LVECTL_SELECTOR = '%%%s ALL=NOPASSWD: LVECTL_CMDS, SELECTOR_CMDS' GROUP_DEFAULTS_REQUIRETTY = 'Defaults:%%%s !requiretty' class Clsudo: """ Adds CloudLinux users to sudoers file """ filepath = None sudoers_list = [] has_action = False has_group_action = False has_alias = False has_user_alias = False has_rights = False has_user_rights = False has_selector_alias = False has_selector_rights = False has_cagefs_alias = False has_cagefs_rights = False @staticmethod def add_user(user, sudoers_file=SUDOERS_FILE): """ Adds username to sudoers file (for lvemanager) """ # Update command lists for lvemanager Clsudo.update_commands_list(sudoers_file) Clsudo._check_user(user) Clsudo._get_contents(user) if not Clsudo.has_alias: Clsudo.sudoers_list.append('Cmnd_Alias LVECTL_CMDS = ' + ", ".join(ALIAS_LVECTL_CMDS)) if not Clsudo.has_user_alias: Clsudo.sudoers_list.append('Cmnd_Alias LVECTL_USER_CMDS = ' + ", ".join(ALIAS_LVECTL_USER_CMDS)) if not Clsudo.has_selector_alias: Clsudo.sudoers_list.append('Cmnd_Alias SELECTOR_CMDS = ' + ", ".join(ALIAS_SELECTOR_CMDS)) if not Clsudo.has_rights: Clsudo.sudoers_list.append(f'{user} ALL=NOPASSWD: LVECTL_CMDS') if not Clsudo.has_user_rights: Clsudo.sudoers_list.append(f'{user} ALL=(ALL) NOPASSWD: LVECTL_USER_CMDS') if not Clsudo.has_selector_rights: Clsudo.sudoers_list.append(f'{user} ALL=NOPASSWD: SELECTOR_CMDS') if not Clsudo.has_action: Clsudo.sudoers_list.append(DEFAULTS_REQUIRETTY % (user,)) Clsudo._write_contents() @staticmethod def add_cagefs_user(user, sudoers_file=SUDOERS_FILE): """ Adds username to sudoers file (for cagefs) """ Clsudo.filepath = sudoers_file Clsudo._check_user(user) Clsudo._get_contents(user) if not Clsudo.has_cagefs_alias: Clsudo.sudoers_list.append('Cmnd_Alias CAGEFS_CMDS = /usr/sbin/cagefsctl, ' '/bin/ps, /bin/grep, /sbin/service') if not Clsudo.has_cagefs_rights: Clsudo.sudoers_list.append(f'{user} ALL=NOPASSWD: CAGEFS_CMDS') if not Clsudo.has_action: Clsudo.sudoers_list.append(DEFAULTS_REQUIRETTY % (user,)) Clsudo._write_contents() @staticmethod def add_lvemanager_group(group_name, sudoers_file=SUDOERS_FILE): """ Adds group to sudoers file, grants access to LVE Manager """ # Update command lists for lvemanager Clsudo.update_commands_list(sudoers_file) Clsudo._check_group(group_name) Clsudo._get_contents_group(group_name) if not Clsudo.has_alias: Clsudo.sudoers_list.append('Cmnd_Alias LVECTL_CMDS = ' + ", ".join(ALIAS_LVECTL_CMDS)) if not Clsudo.has_selector_alias: Clsudo.sudoers_list.append('Cmnd_Alias SELECTOR_CMDS = ' + ", ".join(ALIAS_SELECTOR_CMDS)) if not Clsudo.has_action: Clsudo.sudoers_list.append(GROUP_LVECTL_SELECTOR % (group_name,)) if not Clsudo.has_group_action: Clsudo.sudoers_list.append(GROUP_DEFAULTS_REQUIRETTY % (group_name,)) # writes file Clsudo._write_contents() @staticmethod def remove_user(user, sudoers_file=SUDOERS_FILE): """ Removes username from sudoers file """ Clsudo.filepath = sudoers_file try: with open(Clsudo.filepath, encoding='utf-8') as f: Clsudo.sudoers_list = f.read().splitlines() idx = 0 removed = False while idx < len(Clsudo.sudoers_list): line = Clsudo.sudoers_list[idx] if ((f'{user} ALL=NOPASSWD:') in line) or ((DEFAULTS_REQUIRETTY % (user,)) in line): Clsudo.sudoers_list.remove(line) removed = True continue idx += 1 if removed: Clsudo._write_contents() except (IOError, OSError) as e: raise UnableToReadFile() from e @staticmethod def update_user(user, sudoers_file=SUDOERS_FILE): """ updates username in sudoers file :param user: username for caching :param sudoers_file: path to /etc/sudoers (only for tests) :return: None """ # Update command lists Clsudo.update_commands_list(sudoers_file) # For backward compatibility # Check user presence in system Clsudo._check_user(user) Clsudo._get_contents(user) @staticmethod def update_commands_list(sudoers_file=SUDOERS_FILE): """ Update command lists for lvemanager plugin If any required command absent in file, add it :param sudoers_file: path to /etc/sudoers :return: None """ # Read /etc/sudoers Clsudo.filepath = sudoers_file Clsudo.temp_dir = os.path.dirname(Clsudo.filepath) Clsudo._read_sudoers() cmnd_dict = {"Cmnd_Alias LVECTL_CMDS": ALIAS_LVECTL_CMDS, "Cmnd_Alias SELECTOR_CMDS": ALIAS_SELECTOR_CMDS} is_sudoer_change = False for idx, command_string in enumerate(Clsudo.sudoers_list): for aliase_key, aliase_list in cmnd_dict.items(): if aliase_key in command_string: command_string = command_string.replace(aliase_key, "").strip() cmnd_list = command_string.split(",") for aliase_cmnd_item in aliase_list: if aliase_cmnd_item not in cmnd_list: is_sudoer_change = True Clsudo.sudoers_list[idx] = f"{aliase_key} = {', '.join(aliase_list)}" break if is_sudoer_change: Clsudo._write_contents() @staticmethod def _check_user(user): """ Checks passwd database for username presence @param user: string """ try: pwd.getpwnam(user) except KeyError as e: raise NoSuchUser(user) from e @staticmethod def _check_group(group_name): """ Checks grp database for group_name presence @param group_name: string """ try: grp.getgrnam(group_name) except KeyError as e: raise NoSuchGroup(group_name) from e @staticmethod def _read_sudoers(): with open(Clsudo.filepath, encoding='utf-8') as f: Clsudo.sudoers_list = f.read().splitlines() @staticmethod def _get_contents(user): """ Reads file into list of strings @param user: string """ # Clear all status flags Clsudo.has_action = False Clsudo.has_group_action = False Clsudo.has_alias = False Clsudo.has_user_alias = False Clsudo.has_rights = False Clsudo.has_user_rights = False Clsudo.has_selector_alias = False Clsudo.has_selector_rights = False Clsudo.has_cagefs_alias = False Clsudo.has_cagefs_rights = False require_tty_pattern = re.compile(rf'Defaults:\s*{user}\s*!requiretty') try: # Read sudoers file Clsudo._read_sudoers() for idx, command_string in enumerate(Clsudo.sudoers_list): if "Cmnd_Alias LVECTL_CMDS" in command_string: Clsudo.has_alias = True continue if "Cmnd_Alias LVECTL_USER_CMDS" in command_string: Clsudo.has_user_alias = True continue if "Cmnd_Alias CAGEFS_CMDS" in command_string: Clsudo.has_cagefs_alias = True continue if f"{user} ALL=NOPASSWD: LVECTL_CMDS" in command_string: Clsudo.has_rights = True continue if f"{user} ALL=(ALL) NOPASSWD: LVECTL_USER_CMDS" in command_string: Clsudo.has_user_rights = True continue if f"{user} ALL=NOPASSWD: CAGEFS_CMDS" in command_string: Clsudo.has_cagefs_rights = True continue if "requiretty" in command_string: pattern_match = require_tty_pattern.search(command_string) if pattern_match: Clsudo.has_action = True continue if "Cmnd_Alias SELECTOR_CMDS" in command_string: if 'piniset' not in command_string: Clsudo.sudoers_list[idx] = command_string.replace( '/usr/bin/cl-selector', '/usr/bin/cl-selector, /usr/bin/piniset', ) if 'lveps' not in command_string: Clsudo.sudoers_list[idx] = command_string.replace( '/usr/bin/cl-selector, /usr/bin/piniset', '/usr/bin/cl-selector, /usr/bin/piniset, /usr/sbin/lveps', ) Clsudo.has_selector_alias = True continue if f"{user} ALL=NOPASSWD: SELECTOR_CMDS" in command_string: Clsudo.has_selector_rights = True continue except (IOError, OSError) as e: raise UnableToReadFile() from e @staticmethod def _get_contents_group(group_name): """ Reads file into list of strings @param group_name: string """ # Clear all status flags Clsudo.has_action = False Clsudo.has_group_action = False Clsudo.has_alias = False Clsudo.has_rights = False Clsudo.has_selector_alias = False Clsudo.has_selector_rights = False Clsudo.has_cagefs_alias = False Clsudo.has_cagefs_rights = False group_prefix = f"%{group_name}" group_action = f"Defaults:%{group_name}" group_pattern = re.compile(rf'{group_name}\s*ALL=NOPASSWD:\s*LVECTL_CMDS,\s*SELECTOR_CMDS') try: # Read sudoers file Clsudo._read_sudoers() for idx, command_string in enumerate(Clsudo.sudoers_list): if "Cmnd_Alias SELECTOR_CMDS" in command_string: if 'piniset' not in command_string: Clsudo.sudoers_list[idx] = command_string.replace( '/usr/bin/cl-selector', '/usr/bin/cl-selector, /usr/bin/piniset', ) if 'lveps' not in command_string: Clsudo.sudoers_list[idx] = command_string.replace( '/usr/bin/cl-selector, /usr/bin/piniset', '/usr/bin/cl-selector, /usr/bin/piniset, /usr/sbin/lveps', ) Clsudo.has_selector_alias = True continue if "Cmnd_Alias LVECTL_CMDS" in command_string: Clsudo.has_alias = True continue if "Cmnd_Alias CAGEFS_CMDS" in command_string: Clsudo.has_cagefs_alias = True continue if command_string.startswith(group_prefix): pattern_match = group_pattern.search(command_string) if pattern_match: Clsudo.has_action = True if command_string.startswith(group_action): Clsudo.has_group_action = True except (IOError, OSError) as e: raise UnableToReadFile() from e @staticmethod def _write_contents(): """ Writes data to temporary file then checks it and rewrites sudoers file """ try: temp_dir = os.path.dirname(Clsudo.filepath) temp_prefix = 'lve_sudoers_' fd, temp_path = tempfile.mkstemp(prefix=temp_prefix, dir=temp_dir) fo = os.fdopen(fd, 'w') fo.write('\n'.join(Clsudo.sudoers_list) + '\n') fo.close() mask = S_IRUSR | S_IRGRP os.chmod(temp_path, mask) if not Clsudo._is_file_valid(temp_path): raise IOError except (IOError, OSError) as e: try: if os.path.exists(temp_path): os.unlink(temp_path) except Exception: pass raise UnableToWriteFile() from e try: os.rename(temp_path, Clsudo.filepath) except OSError as e: raise UnableToWriteFile() from e @staticmethod def _is_file_valid(filename): cmd = [ '/usr/sbin/visudo', '-c', '-f', filename ] with subprocess.Popen( cmd, stdin=subprocess.DEVNULL, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, ) as proc: proc.communicate() if proc.returncode != 0: return False return True
.
Edit
..
Edit
GitPython-3.1.32.dist-info
Edit
Jinja2-3.0.3.dist-info
Edit
Mako-1.2.4.dist-info
Edit
MarkupSafe-2.1.3.dist-info
Edit
PyJWT-2.8.0.dist-info
Edit
PyMySQL-1.1.0.dist-info
Edit
PyVirtualDisplay-3.0.dist-info
Edit
PyYAML-6.0.1.dist-info
Edit
__pycache__
Edit
_cffi_backend.cpython-311-x86_64-linux-gnu.so
Edit
_distutils_hack
Edit
_pyrsistent_version.py
Edit
_pytest
Edit
_yaml
Edit
aiohttp
Edit
aiohttp-3.9.2.dist-info
Edit
aiohttp_jinja2
Edit
aiohttp_jinja2-1.5.dist-info
Edit
aiohttp_security
Edit
aiohttp_security-0.4.0.dist-info
Edit
aiohttp_session
Edit
aiohttp_session-2.9.0.dist-info
Edit
aiosignal
Edit
aiosignal-1.3.1.dist-info
Edit
alembic
Edit
alembic-1.11.1.dist-info
Edit
astroid
Edit
astroid-2.15.6.dist-info
Edit
attr
Edit
attrs
Edit
attrs-23.1.0.dist-info
Edit
backports
Edit
certifi
Edit
certifi-2023.7.22.dist-info
Edit
cffi
Edit
cffi-1.15.1.dist-info
Edit
chardet
Edit
chardet-5.2.0.dist-info
Edit
charset_normalizer
Edit
charset_normalizer-2.1.1.dist-info
Edit
cl_dom_collector
Edit
cl_proc_hidepid.py
Edit
cl_website_collector
Edit
clcagefslib
Edit
clcommon
Edit
clconfig
Edit
clconfigure
Edit
clcontrollib.py
Edit
cldashboard
Edit
cldetectlib.py
Edit
cldiaglib.py
Edit
clevents
Edit
clflags
Edit
clhooklib.py
Edit
cli_utils.py
Edit
cllicense
Edit
cllicenselib.py
Edit
cllimits
Edit
cllimits_validator
Edit
cllimitslib_v2
Edit
cllvectl
Edit
clpackages
Edit
clquota
Edit
clselect
Edit
clselector
Edit
clsentry
Edit
clsetuplib.py
Edit
clsudo.py
Edit
clsummary
Edit
clveconfig
Edit
clwizard
Edit
clwpos
Edit
configparser-5.0.2.dist-info
Edit
configparser.py
Edit
contextlib2
Edit
contextlib2-21.6.0.dist-info
Edit
coverage
Edit
coverage-7.2.7.dist-info
Edit
cryptography
Edit
cryptography-41.0.2.dist-info
Edit
ddt-1.4.4.dist-info
Edit
ddt.py
Edit
dill
Edit
dill-0.3.7.dist-info
Edit
distlib
Edit
distlib-0.3.8.dist-info
Edit
distutils-precedence.pth
Edit
docopt-0.6.2.dist-info
Edit
docopt.py
Edit
dodgy
Edit
dodgy-0.2.1.dist-info
Edit
filelock
Edit
filelock-3.13.1.dist-info
Edit
flake8
Edit
flake8-5.0.4.dist-info
Edit
flake8_polyfill
Edit
flake8_polyfill-1.0.2.dist-info
Edit
frozenlist
Edit
frozenlist-1.4.0.dist-info
Edit
future
Edit
future-0.18.3.dist-info
Edit
git
Edit
gitdb
Edit
gitdb-4.0.10.dist-info
Edit
guppy
Edit
guppy3-3.1.3.dist-info
Edit
idna
Edit
idna-3.4.dist-info
Edit
iniconfig
Edit
iniconfig-2.0.0.dist-info
Edit
isort
Edit
isort-5.12.0.dist-info
Edit
jinja2
Edit
jsonschema
Edit
jsonschema-3.2.0.dist-info
Edit
jwt
Edit
lazy_object_proxy
Edit
lazy_object_proxy-1.9.0.dist-info
Edit
libfuturize
Edit
libpasteurize
Edit
lve_stats-2.0.dist-info
Edit
lve_utils
Edit
lveapi.py
Edit
lvectllib.py
Edit
lvemanager
Edit
lvestat.py
Edit
lvestats
Edit
lxml
Edit
lxml-4.9.2.dist-info
Edit
mako
Edit
markupsafe
Edit
mccabe-0.7.0.dist-info
Edit
mccabe.py
Edit
mock
Edit
mock-5.1.0.dist-info
Edit
multidict
Edit
multidict-6.0.4.dist-info
Edit
numpy
Edit
numpy-1.25.1.dist-info
Edit
numpy.libs
Edit
packaging
Edit
packaging-23.1.dist-info
Edit
pam.py
Edit
past
Edit
pep8_naming-0.10.0.dist-info
Edit
pep8ext_naming.py
Edit
pip
Edit
pip-25.0.1.dist-info
Edit
pkg_resources
Edit
platformdirs
Edit
platformdirs-3.11.0.dist-info
Edit
pluggy
Edit
pluggy-1.2.0.dist-info
Edit
prettytable
Edit
prettytable-3.8.0.dist-info
Edit
prometheus_client
Edit
prometheus_client-0.8.0.dist-info
Edit
prospector
Edit
prospector-1.10.2.dist-info
Edit
psutil
Edit
psutil-5.9.5.dist-info
Edit
psycopg2
Edit
psycopg2_binary-2.9.6.dist-info
Edit
psycopg2_binary.libs
Edit
py.py
Edit
pycodestyle-2.9.1.dist-info
Edit
pycodestyle.py
Edit
pycparser
Edit
pycparser-2.21.dist-info
Edit
pydocstyle
Edit
pydocstyle-6.3.0.dist-info
Edit
pyfakefs
Edit
pyfakefs-5.2.3.dist-info
Edit
pyflakes
Edit
pyflakes-2.5.0.dist-info
Edit
pylint
Edit
pylint-2.17.4.dist-info
Edit
pylint_celery
Edit
pylint_celery-0.3.dist-info
Edit
pylint_django
Edit
pylint_django-2.5.3.dist-info
Edit
pylint_flask
Edit
pylint_flask-0.6.dist-info
Edit
pylint_plugin_utils
Edit
pylint_plugin_utils-0.7.dist-info
Edit
pylve-2.1-py3.11.egg-info
Edit
pylve.cpython-311-x86_64-linux-gnu.so
Edit
pymysql
Edit
pyparsing
Edit
pyparsing-3.0.9.dist-info
Edit
pyrsistent
Edit
pyrsistent-0.19.3.dist-info
Edit
pytest
Edit
pytest-7.4.0.dist-info
Edit
pytest_check
Edit
pytest_check-2.5.3.dist-info
Edit
pytest_snapshot
Edit
pytest_snapshot-0.9.0.dist-info
Edit
pytest_subprocess
Edit
pytest_subprocess-1.5.0.dist-info
Edit
pytest_tap
Edit
pytest_tap-3.5.dist-info
Edit
python_pam-1.8.4.dist-info
Edit
pyvirtualdisplay
Edit
raven
Edit
raven-6.10.0.dist-info
Edit
remove_ubc.py
Edit
requests
Edit
requests-2.31.0.dist-info
Edit
requirements_detector
Edit
requirements_detector-1.2.2.dist-info
Edit
schema-0.7.5.dist-info
Edit
schema.py
Edit
secureio.py
Edit
semver
Edit
semver-3.0.1.dist-info
Edit
sentry_sdk
Edit
sentry_sdk-1.29.2.dist-info
Edit
setoptconf
Edit
setoptconf_tmp-0.3.1.dist-info
Edit
setuptools
Edit
setuptools-78.1.0.dist-info
Edit
simple_rpm.so
Edit
simplejson
Edit
simplejson-3.19.1.dist-info
Edit
six-1.16.0.dist-info
Edit
six.py
Edit
smmap
Edit
smmap-5.0.0.dist-info
Edit
snowballstemmer
Edit
snowballstemmer-2.2.0.dist-info
Edit
sqlalchemy
Edit
sqlalchemy-1.3.24.dist-info
Edit
ssa
Edit
svgwrite
Edit
svgwrite-1.4.3.dist-info
Edit
tap
Edit
tap_py-3.2.1.dist-info
Edit
testfixtures
Edit
testfixtures-7.1.0.dist-info
Edit
toml
Edit
toml-0.10.2.dist-info
Edit
tomlkit
Edit
tomlkit-0.11.8.dist-info
Edit
typing_extensions-4.7.1.dist-info
Edit
typing_extensions.py
Edit
unshare-0.22.dist-info
Edit
unshare.cpython-311-x86_64-linux-gnu.so
Edit
urllib3
Edit
urllib3-2.0.4.dist-info
Edit
vendors_api
Edit
virtualenv
Edit
virtualenv-20.21.1.dist-info
Edit
wcwidth
Edit
wcwidth-0.2.6.dist-info
Edit
wmt
Edit
wrapt
Edit
wrapt-1.15.0.dist-info
Edit
xray
Edit
yaml
Edit
yarl
Edit
yarl-1.9.2.dist-info
Edit