????

Your IP : 18.218.229.244

Current Path : /opt/cloudlinux/venv/lib/python3.11/site-packages/xray/internal/__pycache__/
Upload File :
Current File : //opt/cloudlinux/venv/lib/python3.11/site-packages/xray/internal/__pycache__/utils.cpython-311.pyc

�

-ڠg9m�
���dZddlZddlZddlmZddlZddlZddlZddlZddl	Z	ddl
Z
ddlZddlZddl
mcmZddlmZddlmZmZddlmZddlmZddlmZmZmZmZmZmZmZdd	l m!Z!m"Z"m#Z#ddl$Z$dd
l%m&Z&ddl'm(Z(ddl)m*Z*dd
l+m,Z,m-Z-m.Z.m/Z/ddl0m1Z1ddl2m3Z3ddl4m5Z5ddl6m7Z7ddl8m9Z9ddl:m;Z;ddl<m=Z>ddl?m@Z@mAZAmBZBmCZCmDZDmEZEddlFmGZGmHZHejId��ZJeKeLe
jMfZNde!de!fd�ZOde!de!fd�ZPde!de!fd�ZQdeRfd�ZSdefd�ZTd eRdefd!�ZUdeVfd"�ZWd#e"eXdeVfd$�ZYd#e"eXdeVfd%�ZZdeVfd&�Z[eBfd'eVd(eVddfd)�Z\eBfd(eVdeVfd*�Z]deVfd+�Z]de#e^fd,�Z_eQdeVfd-���Z`d.eVde#eVfd/�Zade#eVfd0�ZbdZd1�ZceCfd2eVde#eVfd3�Zdd4eVd5eVddfd6�Zed7eVdd8fd9�Zfd:eRdeRfd;�Zgd<eVde#ehfd=�Zid<eVde#eVfd>�Zjd[d<eVddfd?�Zkd<eVde^fd@�Zlde^fdA�Zmde^fdB�ZndCe^ddfdD�Zode^fdE�Zpde^fdF�Zqde^fdG�Zrd.eVde^fdH�ZsdI�Zted\dL���Zued]dNeVdOe^fdP���Zved^dQeRddfdR���Zwe		d_dUeRdVeRdQeRddfdW���ZxedX���ZydY�ZzdS)`zB
This module contains helpful utility functions for X-Ray Manager
�N)�getuser)�contextmanager)�date�	timedelta��wraps)�glob)�socket�fromfd�AF_UNIX�SOCK_STREAM�
SOCK_DGRAM�AF_INET�AF_INET6)�Callable�List�Optional)�AtexitIntegration)�LoggingIntegration)�Feature)�is_panel_feature_supported�get_cp_description�	getCPName�is_wp2_environment)�get_cl_edition_readable)�UIConfig)�drop_privileges)�get_rhn_systemid_value)�get_hostname)�php_get_vhost_versions_user)�gettext�)�
sentry_dsn�local_tasks_storage�
agent_file�
logging_level�jwt_token_location�user_agent_sock)�	XRayError�XRayManagerExit�utils�func�returnc�F���d��t�����fd���}|S)zf
    Decorator aimed to update ini file in cagefs-skeleton
    Applies to task.add nd task.remove
    c�X�tj�|djd��}|�d��r8td��r)tj�d|dd���}n�|�d��r�td	��r�tj�d	|dd���}tj�tj�|����s1tjtj�|����ndStj�|��s|tj�|��r[	tj	|��dS#t$r7}t�d
|t|��d����Yd}~dSd}~wwxYwdS	tj||��dS#t$r7}t�d
|t|��d����Yd}~dSd}~wwxYw)zd
        Copy ini file to cagefs-skeleton
        Action takes place for cPanel ea-php only
        rzxray.iniz/opt/cpanelz/usr/share/cagefsz"/usr/share/cagefs/.cpanel.multiphpr"Nz
/usr/localz/usr/share/cagefs-skeletonz'Failed to unlink ini in cagefs-skeleton)�xray_ini�err��extraz'Failed to copy ini into cagefs-skeleton)�os�path�join�ini_location�
startswithr	�exists�dirname�mkdir�unlink�OSError�logger�warning�str�shutil�copy)�args�original_ini�skeleton_ini�es    �J/opt/cloudlinux/venv/lib64/python3.11/site-packages/xray/internal/utils.py�updatezskeleton_update.<locals>.updateIsV��
�w�|�|�D��G�$8�*�E�E���"�"�=�1�1�	�d�#�7%�7%�	��7�<�<�(L�(4�Q�R�R�(8�:�:�L�L�
�
$�
$�\�
2�
2�	�t�,�8.�8.�	��7�<�<�(D�(4�Q�R�R�(8�:�:�L��7�>�>�"�'�/�/�,�"?�"?�@�@�
8��������6�6�7�7�7���F��w�~�~�l�+�+�	6��w�~�~�l�+�+�
:�:��I�l�+�+�+�+�+���:�:�:��N�N�#L�6B�14�Q���*9�*9�#�:�:�:�:�:�:�:�:�:�����:����
:�
:�
6���L�,�7�7�7�7�7���
6�
6�
6����H�2>�-0��V�V�&5�&5��6�6�6�6�6�6�6�6�6�����
6���s0�4F
�

G�,G�G�G(�(
H)�2,H$�$H)c�"���|i|���|�dS)�
        Wraps func
        N�)rC�kwargsr,rHs  ��rG�wrapperz skeleton_update.<locals>.wrapperls)���
	
��d��f�������
�
�
�
�r)r,rMrHs` @rG�skeleton_updaterOCsK����!6�!6�!6�F�4�[�[�������[���NrNc�P����d��d��t������fd���}|S)zs
    Decorator aimed to update DBM storage with fake_id:real_id mapping
    Applies to task.add nd task.remove
    c��|d}tt��5}|j||j<ddd��dS#1swxYwYdS)z-
        Update DBM storage contents
        rN)�dbm_storager$�task_id�fake_id)rC�
task_instance�task_storages   rGrHz"dbm_storage_update.<locals>.update}s����Q��
�
�,�
-�
-�	H��2?�2G�L��.�/�	H�	H�	H�	H�	H�	H�	H�	H�	H�	H�	H�	H����	H�	H�	H�	H�	H�	Hs
�:�>�>c���tt��5}	||dj���=n#t$rYnwxYwddd��dS#1swxYwYdS)z.
        Remove task from DBM storage
        rN)rRr$rT�encode�KeyError)rCrVs  rG�removez"dbm_storage_update.<locals>.remove�s����,�
-�
-�	��
� ��a���!7�!7�!9�!9�:�:���
�
�
���
����	�	�	�	�	�	�	�	�	�	�	�	����	�	�	�	�	�	s1�A� 8�A�
A�A�A�A�A�Ac�\��	�jdkr�|�n.#t$r!}tt|�����d}~wwxYw	�|i|��n#t$r�jdkr�|��wxYw	�jdkr�|�dSdS#t$r!}tt|�����d}~wwxYw)rJ�addNrZ)�__name__�RuntimeErrorr)r@�	Exception)rCrLrFr,rZrHs   ���rGrMz#dbm_storage_update.<locals>.wrapper�s���	$��}��%�%����
�
����	$�	$�	$��C��F�F�#�#�#�����	$����	��D�$�!�&�!�!�!�!���	�	�	��}��%�%����
�
��	����	$��}��(�(����
�
�
�
�)�(���	$�	$�	$��C��F�F�#�#�#�����	$���s4��
?�:�?�A�A(�,B�
B+�
B&�&B+r)r,rMrZrHs` @@rG�dbm_storage_updater`wsb�����H�H�H�	�	�	��4�[�[�$�$�$�$�$�$��[�$�6�NrNc�F���d��t�����fd���}|S)z5
    Decorator aimed to validate given JWT token
    c�"�t��dS)z7
        Check if retrieved JWT token is valid
        N)�is_xray_supportedrKrNrG�checkzcheck_jwt.<locals>.check�s��	�����rNc�,���|i|��}���|S)rJrK)rCrL�tokenrdr,s   ��rGrMzcheck_jwt.<locals>.wrapper�s)���
��d�%�f�%�%��
������rNr)r,rMrds` @rG�	check_jwtrg�sJ����
����4�[�[�������[���NrNc�B�ttj����S)zJ
    Get current epoch timestamp as int
    :return: timestamp as int
    )�int�timerKrNrG�	timestamprk�s��
�t�y�{�{���rNc�J�tj��td���z
S)zC
    Pick a yesterday date
    :return: a datetime.date object
    r")�days)r�todayrrKrNrG�	prev_datero�s ��
�:�<�<�)��+�+�+�+�+rN�tsc�*�tj|��S)zy
    Get the datetime.date object for given int timestamp
    :param ts: timestamp
    :return: datetime.date object
    )r�
fromtimestamp)rps rG�date_of_timestamprs�s����b�!�!�!rNc�D�t���d��S)zj
    Get a formatted representation of yesterday date
    :return: str date in the form of dd/mm/YYYY
    z%d/%m/%Y)ro�strftimerKrNrG�get_formatted_daterv�s��
�;�;���
�+�+�+rN�linksc�f��d�d��fd�t|d��D����S)z
    HTML formatted links
    z)<p>{num}) <a href={link}>{domain}</a></p>�
c�z��g|]7\}}|���D]\}}��|||������8S))�num�link�domain��items�format)�.0�i�l�k�v�	html_items     �rG�
<listcomp>z,get_html_formatted_links.<locals>.<listcomp>�sk���A�A�A�D�A�q�67�g�g�i�i�A�A�.2�a�� �&�&�1�1�Q�&�?�?�A�A�A�ArNr"�r6�	enumerate)rwr�s @rG�get_html_formatted_linksr��sZ���<�I��9�9�A�A�A�A���q�)�)�A�A�A�B�B�BrNc�f��d�d��fd�t|d��D����S)z
    Formatted links
    z{num}) {dom}: {link}ryc�z��g|]7\}}|���D]\}}��|||������8S))r{�domr|r~)r�r�r�r�r��	text_items     �rGr�z,get_text_formatted_links.<locals>.<listcomp>�sk���A�A�A���A�67�g�g�i�i�A�A�.2�a�� �&�&�1�!�!�&�<�<�A�A�A�ArNr"r�)rwr�s @rG�get_text_formatted_linksr��sZ���'�I��9�9�A�A�A�A���q�)�)�A�A�A�B�B�BrNc��	tjd��}|���}|�d��j}tj��5}|�d|��ddd��n#1swxYwY|�d��S#ttj
f$r"}ttd����|�d}~wwxYw)ze
    Obtain system ID from /etc/sysconfig/rhn/systemid
    :return: system ID without ID- prefix
    z/etc/sysconfig/rhn/systemidz(.//member[name='system_id']/value/string�	system_idNzID-zFailed to retrieve system_id)
�ET�parse�getroot�find�text�
sentry_sdk�configure_scope�set_tag�lstripr=�
ParseErrorr)�_)�tree�root�whole_id�scoperFs     rG�read_sys_idr��s��
B��x�5�6�6���|�|�~�~���9�9�G�H�H�M��
�
'�
)�
)�	1�U��M�M�+�x�0�0�0�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1����	1�	1�	1�	1����u�%�%�%���R�]�#�B�B�B���8�9�9�:�:��A�����B���s<�AB�A:�.B�:A>�>B�A>�B�C�0C
�
C�sys_id�agent_system_id_pathc��t|d��5}|�|��ddd��dS#1swxYwYdS)zH
    Write system_id into file /usr/share/alt-php-xray/agent_sys_id
    �wN)�open�write)r�r��outs   rG�write_sys_idr�s���
�"�C�	(�	(��C��	�	�&������������������������s�4�8�8c�B�	t|��5}|������cddd��S#1swxYwYdS#t$rC}t�ddt
|��i���t��cYd}~Sd}~wwxYw�zA
    Read system_id saved by agent during its initialization
    Nz8Failed to retrieve agent's system_id, returning real oner1r2)r��read�stripr=r>�infor@r�)r��agent_sysid_filerFs   rG�read_agent_sys_idr�s����
�&�
'�
'�	3�+;�#�(�(�*�*�0�0�2�2�	3�	3�	3�	3�	3�	3�	3�	3�	3�	3�	3�	3����	3�	3�	3�	3�	3�	3���������F��#�a�&�&�/�	�	#�	#�	#��}�}�����������	���s?�A�&A�A�A�A�A�A�
B�8B�B�Bc�L�	tt��5}|������cddd��S#1swxYwYdS#t$rC}t
�ddt|��i���t��cYd}~Sd}~wwxYwr�)	r�r%r�r�r=r>r�r@r�)r�rFs  rGr�r�"s����
�*�
�
�	3�!1�#�(�(�*�*�0�0�2�2�	3�	3�	3�	3�	3�	3�	3�	3�	3�	3�	3�	3����	3�	3�	3�	3�	3�	3���������F��#�a�&�&�/�	�	#�	#�	#��}�}�����������	���s?�A�&A	�A�	A
�
A�A
�A�
B#� 8B�B#�B#c�@�ttj��}|s�t��}t	��}t
�dt|��t|����ttd�
||�������dS)z9Raise XRayError in case of detected non-supported editionzMCurrent CloudLinux edition: %s or Control Panel: %s is not supported by X-RayzMCurrent CloudLinux edition: {} or Control Panel: {} is not supported by X-RayT)rr�XRAYrrr>r�r@r*r�r�)�is_supported�current_edition�
current_panels   rGrcrc1s���-�g�l�;�;�L��f�1�3�3��!���
����c���(�(�#�m�*<�*<�	>�	>�	>��a�!N�NT�f�Ud�Ub�Od�Od�e�e�f�f�	f��4rNc�8�	tt��5}|������cddd��S#1swxYwYdS#tt
f$r2t
td��tt��z���wxYw)zT
    Obtain jwt token from /etc/sysconfig/rhn/jwt.token
    :return: token read
    NzJWT file %s read error)	r�r'r�r�r=�IOErrorr)r�r@)�
token_files rG�read_jwt_tokenr�?s���O�
�$�
%�
%�	-���?�?�$�$�*�*�,�,�	-�	-�	-�	-�	-�	-�	-�	-�	-�	-�	-�	-����	-�	-�	-�	-�	-�	-���W��O�O�O���2�3�3�c�:L�6M�6M�M�N�N�N�O���s.�A�&A	�A�	A
�
A�A
�A�AB�filepathc�&�	t|��5}|������}ddd��n#1swxYwYn#t$rYdSwxYwd�|�d��dd���pdS)z8Get version of package from file. alt-php-xray supportedN�.�z0.0-0)r�r�r�r=r6�split)r��v_file�versions   rG�pkg_versionr�Ls����
�(�^�^�	,�v��k�k�m�m�)�)�+�+�G�	,�	,�	,�	,�	,�	,�	,�	,�	,�	,�	,����	,�	,�	,�	,���������������8�8�G�M�M�#�&�&�r��r�*�+�+�6�w�6s3�A�'A�A�A�A�A�A�
A�Ac� �td��S)z#Get version of alt-php-xray packagez/usr/share/alt-php-xray/version)r�rKrNrG�xray_versionr�Vs���8�9�9�9rNc�B���dtdtdtfd�}�fd�}dd�}d��dtf�fd	��ttjtj�
��}t
��pd}t|���}tj	t||d
||g���tj��5}dtd��p%���pt��p
t��i|_	||��n#t $rYnwxYwddd��dS#1swxYwYdS)u�
    Initialize Sentry client
    shutdown_timeout=0 disables Atexit integration as stated in docs:
    'it’s easier to disable it by setting the shutdown_timeout to 0'
    https://docs.sentry.io/platforms/python/default-integrations/#atexit
    On the other hand, docs say, that
    'Setting this value too low will most likely cause problems
    for sending events from command line applications'
    https://docs.sentry.io/error-reporting/configuration/?platform=python#shutdown-timeout
    �event�hintr-c��|d�ddi��|�di��}|�dd��}|r|g|d<|S)z�
        Add extra data into sentry event
        :param event: original event
        :param hint: additional data caught
        :return: updated event
        r3zxray.versionz
0.6-32.el9�fingerprintN)rH�get)r�r��
extra_datar�s    rG�add_infozsentry_init.<locals>.add_infofs`��	�g����~�|�<�=�=�=��Y�Y�w��+�+�
� �n�n�]�D�9�9���	1�$/�=�E�-� ��rNc���t��}|r|�d��nd}|r|�d��nd}t��rdnd}d|fd|fd|fdtj��fdtd	��fd
t
��fdtd��fd
���fdt��ff	}|D]}|j|��
dS)Nr��name�WP2zControl Panel NamezControl Panel VersionzControl Panel Product�kernelzCloudLinux version�
os_releasezCloudlinux edition�Architecture�architecture�
ip_address�username)	rr�r�platform�releaserrrr�)�sentry_scope�cp_description�
cp_version�cp_name�
cp_product�tags�tag�ip_addrs       �rG�set_tagszsentry_init.<locals>.set_tagsws���+�-�-��6D�N�^�'�'�	�2�2�2�$�
�0>�H�.�$�$�V�,�,�,�D��0�2�2�<�U�U��
�%�w�/�(�*�5�(�*�5��8�+�-�-�.�%�'=�l�'K�'K�L�%�'>�'@�'@�A��!7��!G�!G�H��w�w�y�y�)��W�Y�Y�'�	���	'�	'�C� �L� �#�&�&�&�	'�	'rNNc��dS�NrK)�pending�timeouts  rG�nopezsentry_init.<locals>.nope�s���rNc���t|t��5}	|�|df��|���d}n#t$rd}YnwxYwddd��n#1swxYwY|S)aI
        address_family - we can choose constants represent the address
                           (and protocol) families
                           (AF_INET for ipv4 and AF_INET6 for ipv6)
        private_ip - specify some private ip address. For instance:
                     ipv4 -> 10.255.255.255 or ipv6 -> fc00::
        r"rN)r
r�connect�getsocknamer_)�address_family�
private_ip�s�IPs    rG�
try_get_ipzsentry_init.<locals>.try_get_ip�s����N�J�
/�
/�	�1�
��	�	�:�q�/�*�*�*��]�]�_�_�Q�'�����
�
�
�����
����		�	�	�	�	�	�	�	�	�	�	����	�	�	�	��	s4�A(�1A
�	A(�
A�A(�A�A(�(A,�/A,c�`��tdftdff}|D]\}}�||��}|r|cS�dS)z&
        Retrieve server's IP
        z10.255.255.255zfc00::z	127.0.0.1)rr)�
ipversions�addr_fam�priv_ip�ipr�s    �rGr�zsentry_init.<locals>.ip_addr�sZ����/�0�8�X�2F�F�
�!+�	�	��H�g���H�g�.�.�B��
��	�	�	�
��{rN)�level�event_levelzalt-php-xray@0.6-32.el9)�callbacki')�dsn�before_sendr��max_value_length�integrations�idr��r-N)�dictr@r�logging�INFO�WARNINGr�rr��initr#r�rrr�userr_)	r�r�r��sentry_logging�xray_ver�
silent_atexitr�r�r�s	       @@rG�sentry_initrZs��������D��T�����"'�'�'�'�'�*
�
�
�
���� 	�S�	�	�	�	�	�	�(�g�l�4;�O�E�E�E�N��~�~�:�!:�H�%�t�4�4�4�M��O�
��$�%*�"0�-�!@�B�B�B�B�
�	#�	%�	%����(��5�5�a�����a�l�n�n�a�X_�Xa�Xa�
��
�	��H�U�O�O�O�O���	�	�	��D�	����
��������������������s6�-=D�+C7�6D�7
D�D�D�D�D�D�lognamec�H�tjtjtjtjtjd�}t
��	tj|���g}|dkr&|�tj	����tj
|�|tj��dd|���n8#t$r+tj
tj
��g���YdSwxYw	tj|d	��n#t $rYnwxYw|S)
z[
    Configure logging and Sentry
    :param logname: path to log
    :return: logpath
    )�debugr�r?�error�critical)�filenamerz1%(asctime)s [%(threadName)s:%(name)s] %(message)sz%m/%d/%Y %I:%M:%S %p)r�r��datefmt�handlers)r
Ni�)r��DEBUGr�r��ERROR�CRITICALr�FileHandler�append�
StreamHandler�basicConfigr�r=�NullHandlerr4�chmod�PermissionError)rr��levelsr
s    rG�configure_loggingr�s7�������?����$���F��M�M�M�
����1�1�1�
���G����O�O�G�1�3�3�4�4�4���&�*�*�U�G�L�"A�"A�#V�$:�%-�	/�	/�	/�	/�	/��������g�&9�&;�&;�%<�=�=�=�=��������

�
���%� � � � ���
�
�
���
�����Ns%�
A8C�1C8�7C8�<D�
D�D�src�dstc���	tj||��dS#t$rD}tt	d�||t
|��������|�d}~wwxYw)zZ
    Move file with error catching
    :param src: source
    :param dst: destination
    z Failed to move file {} to {}: {}N)rA�mover=r)r�r�r@)rrrFs   rG�	safe_mover�sv��_���C���������_�_�_���<�C�C�C��c�RS�f�f�U�U�V�V�W�W�]^�^�����_���s��
A'�?A"�"A'�
sock_locationz
socket objectc���ttj�dd����}|dkr�t	��5	tj|��n#t$rYnwxYwtt��}|�	|��|�
��ddd��n#1swxYwYn/tdtt��}|�
��|S)z�
    Create world-writable socket in given sock_location
    or reuse existing one
    :param sock_location: socket address
    :return: socket object
    �
LISTEN_FDSrN�)
rir4�environr��umask_0r<�FileNotFoundErrorr
r�bind�listenrr
)r�
listen_fds�sockobjs   rG�
create_socketr*�s���R�Z�^�^�L�!�4�4�5�5�J��Q���
�Y�Y�	�	�
��	�-�(�(�(�(��$�
�
�
���
�����W�o�o�G��L�L��'�'�'��N�N����	�	�	�	�	�	�	�	�	�	�	����	�	�	�	����G�[�1�1���������Ns7�B2�A�B2�
A&�#B2�%A&�&AB2�2B6�9B6�lve_idc�>�ttj��sdSd}d|�d�}	t|��5}|D]�}|�|��rut
�d|��t|����	|��d�����ccddd��S��	ddd��n#1swxYwYn@#t$r3}t
�d|t|����Yd}~nd}~wwxYwdS)	zX
    Retrieve current value of CPU throttled time.
    Return 0 in case of failures
    r�throttled_timez/sys/fs/cgroup/cpu,cpuacct/lvez	/cpu.statz%s���NzFailed to open %s: %s)
rr�LVEr�r8r>rrir�r�r=r	r@)r+�marker�	stat_file�stat_values�valuerFs      rG�get_current_cpu_throttling_timer4s���
&�g�k�2�2���q�
�F�B��B�B�B�I�A�
�)�_�_�	H��$�
H�
H���#�#�F�+�+�H��L�L��u�-�-�-��u�{�{�}�}�2�2�6�:�:�2�>�D�D�F�F�G�G�G�G�		H�	H�	H�	H�	H�	H�	H�	H�H�
H�	H�	H�	H�	H�	H�	H�	H�	H�	H�	H�	H����	H�	H�	H�	H���
�A�A�A����,�i��Q���@�@�@�@�@�@�@�@�����A�����1sG�C�BC�6C�C�C�C�C�C�C�
D�')D�Dr�c���d}tj�|��sdS	tj|d|dgddd���}|j���|j���fS#tj$r6}t�
ddt|��i�	��Yd}~dSd}~wt$r3}t�
d
t|����Yd}~dSd}~wwxYw)z�
    'selectorctl -u username --user-current' command
    :param username: name of user
    :return: tuple(stdout, stderr) or None if command fails
    z/usr/bin/selectorctlNz-uz--user-currentT��capture_outputr�rdz&Failed to get selectorctl user-currentr1r2z%selectorctl --user-current failed: %s)r4r5�isfile�
subprocess�run�stdoutr��stderr�CalledProcessErrorr>r?r@�subprocess_errorsr	)r��_selectorctl�resultrFs    rG�_selectorctl_get_versionrAsE��*�L�
�7�>�>�,�'�'���t�����!%�!)�!1�!3�04�$�d�	L�L�L��
�}�"�"�$�$�f�m�&9�&9�&;�&;�;�;���(�.�.�.����?�#�S��V�V�_�	�	.�	.�	.�	.�	.�	.�	.�	.�	.������������<���V�V�	�	�	�	�	�	�	�	�	��������s$�A
A3�3C3�+B3�3
C3�(C.�.C3c��d}tj�|��sdS	tj|d|gddd���}|j���S#tj$r6}t�	ddt|��i���Yd}~dSd}~wt$r3}t�d	t|����Yd}~dSd}~wwxYw)
z�
    'cagefsctl --get-prefix username' command
    :param username: name of user
    :return: cagefsctl prefix for given username
            or None if command fails
    �/usr/sbin/cagefsctlNz--getprefixTr6zFailed to get cagefsctl prefixr1r2z cagefsctl --getprefix failed: %s)
r4r5r8r9r:r;r�r=r>r?r@r>r	�r��
_cagefsctlr@rFs    rG�cagefsctl_get_prefixrF1s/��'�J�
�7�>�>�*�%�%���t�����!.�!)�!+�04�$�d�L�L�L���}�"�"�$�$�$���(�.�.�.����7�#�S��V�V�_�	�	.�	.�	.�	.�	.�	.�	.�	.�	.������������7���V�V�	�	�	�	�	�	�	�	�	��������s#�3A�C�(+B�
C�&(C�Cc���d}tj�|��sdS|�|ddg}n|d|g}	tj|dd���t
�d|��dS#tj$r6}t
�d	d
t|��i���Yd}~dSd}~wt$r3}t
�dt|����Yd}~dSd}~wwxYw)
z�
    'cagefsctl --remount username' or 'cagefsctl --remount-all' command
    :param username: name of user or None (for remount-all)
    rCNz--wait-lockz
--remount-allz	--remountT)rdr7zRemounted %szFailed to remount cagefsr1r2zcagefsctl --remount failed: %s)r4r5r8r9r:r>r�r=r?r@r>r	)r�rErCrFs    rG�_cagefsctl_remountrHIs;��
'�J�
�7�>�>�*�%�%�������M�?�;����K��2�����t�4��=�=�=�=����N�H�-�-�-�-�-���(�.�.�.����1�#�S��V�V�_�	�	.�	.�	.�	.�	.�	.�	.�	.�	.������������5���V�V�	�	�	�	�	�	�	�	�	��������s#�2A&�&C&�5+B&�&
C&�3(C!�!C&c�4�d}tj�|��sdS	tj|d|gdd���}d|j���vS#t$r3}t�	dt|����Yd}~dSd}~wwxYw)	z�
    'cagefsctl --user-status username' command
    :param username: name of user
    :return: True if user has Enabled status, False otherwise
    rCFz
--user-statusT)r7r��Enabledz"cagefsctl --user-status failed: %sN)r4r5r8r9r:r;r�r>r>r	r@rDs    rG�_is_cagefs_enabledrK`s���'�J�
�7�>�>�*�%�%���u�����!0�!)�!+�04�$�@�@�@���F�M�/�/�1�1�1�1���������9���V�V�	�	�	�	�	�	�	�	�	��������s�4A�
B�$(B�Bc��	td��5}|���}ddd��n#1swxYwYn#t$rYdSwxYwd|vS)z`
    Check if there is php.d.location = selector
    set in /etc/cl.selector/symlinks.rules
    z/etc/cl.selector/symlinks.rulesNF�selector)r�r�r=)�
rules_file�contentss  rG�_is_selector_phpd_location_setrPts���
�
�3�
4�
4�	)�
�!���(�(�H�	)�	)�	)�	)�	)�	)�	)�	)�	)�	)�	)����	)�	)�	)�	)��������u�u�������!�!s'�>�2�>�6�>�6�>�
A�Ac��tt��5}t|�����dkcddd��S#1swxYwYdS)z:Check if there are no active tasks (== empty task storage)rN)rRr$�len�keys)rVs rG�no_active_tasksrT�s���	�(�	)�	)�-�\��<�$�$�&�&�'�'�1�,�-�-�-�-�-�-�-�-�-�-�-�-����-�-�-�-�-�-s�%A�A�A�enabledc�H�ttj��sdS	tddd���5}|�|rdnd��ddd��dS#1swxYwYdS#t
$r4}t�d|t|����Yd}~dSd}~wwxYw)	zb
    Switch on/off throttle statistics gathering by kmodlve
    :param enabled: True or False
    Nz!/proc/sys/kernel/sched_schedstats�wbr)�mode�	buffering�1�0z(Failed to set sched_schedstats to %s: %s)	rrr/r�r�r=r>r�r@)rU�frFs   rG�switch_schedstatsr]�s��
&�g�k�2�2����%�
�5�D�����	/�"#�
�G�G�G�-�D�D��.�.�.�	/�	/�	/�	/�	/�	/�	/�	/�	/�	/�	/�	/����	/�	/�	/�	/�	/�	/���%�%�%����>��S��V�V�	%�	%�	%�	%�	%�	%�	%�	%�	%�����%���s:�A#�A�	A#�A�A#�A�A#�#
B!�-)B�B!c�J�t���dd��duS)zG
    Check if end-users have access to X-Ray UI of End-User plugin
    �hideXrayApp�
uiSettingsF)r�	get_paramrKrNrG�is_xray_app_availablerb�s#���:�:���
�|�<�<��E�ErNc���ttt��5}	|�t��n##t
tf$rYddd��dSwxYw	ddd��n#1swxYwYdS)z Check if User Agent is listeningNFT)r
rr
r�r(�ConnectionErrorr=)r�s rG�is_xray_user_agent_activere�s���	���	%�	%���	�
�I�I�o�&�&�&�&����)�	�	�	��	��������	����
'�������������������
�4s1�A(�8�A(�A�	A(�A�A(�(A,�/A,c�B�tj�d��S)z2Check if SSA is disabled by its internal flag-filez/usr/share/clos_ssa/ssa_enabled)r4r5r8rKrNrG�ssa_disabledrg�s���w�~�~�?�@�@�@�@rNc�~�	t��tj|��jz
dkS#t$rYdSwxYw)z.Check is file was modified during the last dayi�QF)rkr4�stat�st_mtimer=)r�s rG�is_file_recently_modifiedrk�sJ����{�{�R�W�X�.�.�7�7�%�?�?�������u�u����s�+.�
<�<c�p�t|��5t��}ddd��n#1swxYwY|Sr�)rr )rr@s  rG�get_user_php_versionrm�su��	��	�	�/�/�,�.�.��/�/�/�/�/�/�/�/�/�/�/����/�/�/�/��Ms�+�/�/�fd�'file object providing a fileno() methodc#��K�td��D]�}	tj|tjtjz��t
�d|��n�#t$rf}t
�dt|����|j	tj
tjfvr�tj
d��Yd}~��d}~wwxYwt|d��d����	dV�tj|tj��t
�d	|��dS#tj|tj��t
�d	|��wxYw)
uq
    Context manager for locking given file object
    :param fd: а file object providing a fileno() method
    �xzFile %s lockedzFailed to lock: %sg�?Nz%Failed to lock at all. Exiting threadr?)�flagzFile %s unlocked)�range�fcntl�flock�LOCK_EX�LOCK_NBr>r�r=r@�errno�EAGAIN�EACCESrj�sleepr)�LOCK_UN)rnr�rFs   rG�filelockr}�s[�����3�Z�Z�
(�
(��		��K��E�M�E�M�9�:�:�:��K�K�(�"�-�-�-��E���	�	�	��K�K�,�c�!�f�f�5�5�5��w�u�|�U�\�:�:�:���J�s�O�O�O�O�O�O�O�O�����	�������A�B�B�&�(�(�(�	(�,�
����	��B��
�&�&�&����&��+�+�+�+�+��	��B��
�&�&�&����&��+�+�+�+���s%�AA�
C�(AC	�	C�,D,�,<E(Fr�	is_shelvec#�K�tj�|��}d}td��D]�}	|rt	j|��}nt
j|d��}t�d|��nd#tj	$r=}t�
d|||��|}tjd��Yd}~��d}~wwxYwtd|�d|�����	|V�|���t�d	|��dS#|���t�d	|��wxYw)
a1
    Context manager for waiting for lock to be released for DBM file storage,
    either plain DBM or a Shelf object
    (desired return value is controlled by _shelve_instance flag)
    :param filename: a DBM file to open
    :param is_shelve: if a shelve file should be opened instead of plain DBM
    N�d�czStorage %s openedz#[#%i] Failed to open storage %s: %sg333333�?zFailed to open z
 storage: zStorage %s closed)r4r5�basenamers�shelver��dbmr>rr	r�rjr{r^�close)rr~�_file�_errr��storagerFs       rGrRrR�se����
�G���X�&�&�E��D�
�3�Z�Z�7�7��	��
2� �+�h�/�/����(�8�S�1�1���L�L�,�e�4�4�4��E���y�	�	�	��K�K�=�q��q�
"�
"�
"��D��J�s�O�O�O�O�O�O�O�O�����		�����5�e�5�5�t�5�5�7�7�	7�1��
�
�
��
�
�������(�%�0�0�0�0�0��	�
�
�������(�%�0�0�0�0���s$�AA?�?C�3C�C�$D�1E
�maskc#�bK�tj|��}dV�tj|��dS)z,
    Context manager for dropping umask
    N)r4�umask)r��prevs  rGr$r$s/����
�8�D�>�>�D�	�E�E�E��H�T�N�N�N�N�NrNr�T�
target_uid�
target_gidc#��K�tj��}tj��}td��}	tj|��}n#t
$rd}YnwxYw|�|�|}n|j}|�|�|}n|j}|�tj|��}	||krWtj	|��t�d|��|r&tj��|krt|���||krqtj|��t�d|��|r@tj��|kr)||krtj	|��t|���dV�||kr/tj|��t�d|��||kr/tj	|��t�d|��|�tj|	��dSdS)aH
    Context manager to drop privileges during some operation
    and then restore them back.
    If target_uid or target_gid are given, use input values.
    Otherwise, stat target_uid and target_gid from given target_path.
    If no target_path given, use current directory.
    Use mask if given.
    :param target_uid: uid to set
    :param target_gid: gid to set
    :param target_path: directory or file to stat for privileges,
                       default -- current directory
    :param mask: umask to use
    :param with_check: check the result of switching privileges
    z6Unable to execute required operation: permission issueNzDropped GID privs to %szDropped UID privs to %szRestored UID privs to %szRestored GID privs to %s)r4�getuid�getgidr�rir=�st_uid�st_gidr��setegidr>r�getegidr)�seteuid�geteuid)
r�r��target_pathr��
with_check�prev_uid�prev_gid�permission_issue_message�	stat_infor�s
          rG�set_privilegesr�s����"�y�{�{�H��y�{�{�H� �!Y�Z�Z����G�K�(�(�	�	�������	�	�	���������!�J�J�"�)�J�����!�J�J�"�)�J����x��~�~���:���
�
�:�������.�
�;�;�;��	6�"�*�,�,�*�4�4��4�5�5�5��:���
�
�:�������.�
�;�;�;��	6�"�*�,�,�*�4�4��:�%�%��
�8�$�$�$��4�5�5�5�	�E�E�E��:���
�
�8�������/��:�:�:��:���
�
�8�������/��:�:�:���
���������s�A�A�Ac#�K�	tj|��tj|��dV�tjd��tjd��dS#tjd��tjd��wxYw)z�
    Dive into user context by dropping permissions
    to avoid most of the security issues.

    Does not cover cagefs case because it also requires nsenter,
    which is only available with execve() call in our system
    Nr)r4r�r�)�uid�gids  rG�user_contextr�Nsn�����
�
�3����
�
�3����
����
�
�1�
�
�
�
�
�1�
�
�
�
�
��	�
�1�
�
�
�
�
�1�
�
�
�
���s�,A�*Bc������fd�}|S)z:
    Decorator to retry method on specific exceptions
    c�������fd�}|S)Nc�F��d}ttd��t���z��}|�krk	�|i|��S#t���$rG}|dz
}t	jdt|����|}t
jd��Yd}~nd}~wwxYw|�k�k|�)Nrz0Request to website failed even after %s retries.r"z'Retry to request website, exception: %s)�
ValueErrorr�r@�tupler�r?rjr{)rCrL�retries�	exceptionrF�exceptions_to_retryr,�max_retriess     ���rGrMz7retry_on_exceptions.<locals>.decorator.<locals>.wrappergs�����G�"�1�%W�#X�#X�[^�_j�[k�[k�#k�l�l�I��K�'�'�"��4��0��0�0�0���0�1�1�"�"�"��q�L�G��O�$M�s�ST�v�v�V�V�V� !�I��J�q�M�M�M�M�M�M�M�M�����	"�����K�'�'��Os�?�B�=B�BrK)r,rMr�r�s` ��rG�	decoratorz&retry_on_exceptions.<locals>.decoratorfs.����	�	�	�	�	�	�	��rNrK)r�r�r�s`` rG�retry_on_exceptionsr�bs*����
�
�
�
�
�
��rNr�r�)rnror-N)F)r)NNr�NT){�__doc__r�rx�getpassrrtr�r4r�rAr9r�rj�xml.etree.ElementTree�etree�ElementTreer��
contextlibr�datetimerr�	functoolsrr	r
rrr
rrr�typingrrrr��sentry_sdk.integrations.atexitr�sentry_sdk.integrations.loggingr�clcommon.constr�clcommon.cpapirrrr�clcommon.lib.cleditionr�clcommon.ui_configr�clcommon.clpwdr�clcommon.utilsr�clcommon.lib.networkr�clwpos.papir �xrayr!r��	constantsr#r$r%r&r'r(�
exceptionsr)r*�	getLoggerr>r=r��SubprocessErrorr>rOr`rgrirkrorsr@rvr�r�r�r�r�r��boolrcr�r�r�rrrr*r4r�rArFrHrKrPrTr]rbrergrkrmr}rRr$r�r�r�rKrNrG�<module>r�so�����
�
�
�������������������	�	�	�	�
�
�
�
�
�
�
�
�������������"�"�"�"�"�"�"�"�"�%�%�%�%�%�%�$�$�$�$�$�$�$�$�������������'�'�'�'�'�'�'�'�'�'�'�'�'�'�'�'�'�'�+�+�+�+�+�+�+�+�+�+�����<�<�<�<�<�<�>�>�>�>�>�>�"�"�"�"�"�"�h�h�h�h�h�h�h�h�h�h�h�h�:�:�:�:�:�:�'�'�'�'�'�'�*�*�*�*�*�*�1�1�1�1�1�1�-�-�-�-�-�-�3�3�3�3�3�3�����������������������3�2�2�2�2�2�2�2�
��	�7�	#�	#���Z��3���1�(�1�x�1�1�1�1�h5�X�5�(�5�5�5�5�p�H�������4�3�����,�4�,�,�,�,�"�#�"�$�"�"�"�"�,�C�,�,�,�,�B�D��J�B�3�B�B�B�B�B�D��J�B�3�B�B�B�B�
B�S�
B�
B�
B�
B� ;E�����C�������3=���C��������3������8�D�>������	O��	O�	O�	O���	O�7�#�7�(�3�-�7�7�7�7�:�h�s�m�:�:�:�:�_�_�_�_�D+8�"�"�s�"�H�S�M�"�"�"�"�J	_�3�	_�S�	_�T�	_�	_�	_�	_���������0
�C�
�C�
�
�
�
�(�s��x�������0�3��8�C�=�����0���������.��������(
"��
"�
"�
"�
"�-��-�-�-�-�%�t�%��%�%�%�%�$F�t�F�F�F�F��4�����A�d�A�A�A�A�
������������,�,�,���,�<�1�1�#�1�$�1�1�1���1�B���#��d��������=A�AE�?�?�s�?�s�?�*-�?�JN�?�?�?���?�D������&����rN