Hackfut Security File Manager
Current Path:
/opt/cloudlinux/venv/lib/python3.11/site-packages
opt
/
cloudlinux
/
venv
/
lib
/
python3.11
/
site-packages
/
📁
..
📁
GitPython-3.1.32.dist-info
📁
Jinja2-3.0.3.dist-info
📁
Mako-1.2.4.dist-info
📁
MarkupSafe-2.1.3.dist-info
📁
PyJWT-2.8.0.dist-info
📁
PyMySQL-1.1.0.dist-info
📁
PyVirtualDisplay-3.0.dist-info
📁
PyYAML-6.0.1.dist-info
📁
__pycache__
📄
_cffi_backend.cpython-311-x86_64-linux-gnu.so
(267.63 KB)
📁
_distutils_hack
📄
_lvdmap.cpython-311-x86_64-linux-gnu.so
(18.09 KB)
📄
_pyrsistent_version.py
(23 B)
📁
_pytest
📁
_yaml
📁
aiohttp
📁
aiohttp-3.9.2.dist-info
📁
aiohttp_jinja2
📁
aiohttp_jinja2-1.5.dist-info
📁
aiohttp_security
📁
aiohttp_security-0.4.0.dist-info
📁
aiohttp_session
📁
aiohttp_session-2.9.0.dist-info
📁
aiosignal
📁
aiosignal-1.3.1.dist-info
📁
alembic
📁
alembic-1.11.1.dist-info
📁
astroid
📁
astroid-2.15.6.dist-info
📁
attr
📁
attrs
📁
attrs-23.1.0.dist-info
📁
backports
📁
certifi
📁
certifi-2023.7.22.dist-info
📁
cffi
📁
cffi-1.15.1.dist-info
📁
chardet
📁
chardet-5.2.0.dist-info
📁
charset_normalizer
📁
charset_normalizer-2.1.1.dist-info
📁
cl_dom_collector
📄
cl_proc_hidepid.py
(4.53 KB)
📁
cl_website_collector
📁
clcagefslib
📁
clcommon
📁
clconfig
📁
clconfigure
📄
clcontrollib.py
(51.73 KB)
📁
cldashboard
📄
cldetectlib.py
(18.4 KB)
📄
cldiaglib.py
(48.08 KB)
📁
clevents
📁
clflags
📄
clhooklib.py
(1.27 KB)
📄
cli_utils.py
(1.66 KB)
📁
cllicense
📄
cllicenselib.py
(9.1 KB)
📁
cllimits
📁
cllimits_validator
📁
cllimitslib_v2
📁
cllvectl
📁
clpackages
📁
clquota
📁
clselect
📁
clselector
📁
clsentry
📄
clsetuplib.py
(4.35 KB)
📄
clsudo.py
(14.42 KB)
📁
clsummary
📁
clveconfig
📁
clwizard
📁
configparser-5.0.2.dist-info
📄
configparser.py
(1.51 KB)
📁
contextlib2
📁
contextlib2-21.6.0.dist-info
📁
coverage
📁
coverage-7.2.7.dist-info
📁
cryptography
📁
cryptography-41.0.2.dist-info
📁
ddt-1.4.4.dist-info
📄
ddt.py
(12.43 KB)
📁
dill
📁
dill-0.3.7.dist-info
📁
distlib
📁
distlib-0.3.8.dist-info
📄
distutils-precedence.pth
(151 B)
📁
docopt-0.6.2.dist-info
📄
docopt.py
(19.48 KB)
📁
dodgy
📁
dodgy-0.2.1.dist-info
📁
filelock
📁
filelock-3.13.1.dist-info
📁
flake8
📁
flake8-5.0.4.dist-info
📁
flake8_polyfill
📁
flake8_polyfill-1.0.2.dist-info
📁
frozenlist
📁
frozenlist-1.4.0.dist-info
📁
future
📁
future-0.18.3.dist-info
📁
git
📁
gitdb
📁
gitdb-4.0.10.dist-info
📁
guppy
📁
guppy3-3.1.3.dist-info
📁
idna
📁
idna-3.4.dist-info
📁
iniconfig
📁
iniconfig-2.0.0.dist-info
📁
isort
📁
isort-5.12.0.dist-info
📁
jinja2
📁
jsonschema
📁
jsonschema-3.2.0.dist-info
📁
jwt
📁
lazy_object_proxy
📁
lazy_object_proxy-1.9.0.dist-info
📁
libfuturize
📁
libpasteurize
📁
lve_stats-2.0.dist-info
📁
lve_utils
📄
lveapi.py
(17.02 KB)
📄
lvectllib.py
(112.85 KB)
📁
lvemanager
📄
lvestat.py
(6.83 KB)
📁
lvestats
📁
lxml
📁
lxml-4.9.2.dist-info
📁
mako
📁
markupsafe
📁
mccabe-0.7.0.dist-info
📄
mccabe.py
(10.4 KB)
📁
mock
📁
mock-5.1.0.dist-info
📁
multidict
📁
multidict-6.0.4.dist-info
📁
numpy
📁
numpy-1.25.1.dist-info
📁
numpy.libs
📁
packaging
📁
packaging-23.1.dist-info
📄
pam.py
(7.38 KB)
📁
past
📁
pep8_naming-0.10.0.dist-info
📄
pep8ext_naming.py
(18.61 KB)
📁
pip
📁
pip-25.3.dist-info
📁
pkg_resources
📁
platformdirs
📁
platformdirs-3.11.0.dist-info
📁
pluggy
📁
pluggy-1.2.0.dist-info
📁
prettytable
📁
prettytable-3.8.0.dist-info
📁
prometheus_client
📁
prometheus_client-0.8.0.dist-info
📁
prospector
📁
prospector-1.10.2.dist-info
📁
psutil
📁
psutil-5.9.5.dist-info
📁
psycopg2
📁
psycopg2_binary-2.9.6.dist-info
📁
psycopg2_binary.libs
📄
py.py
(263 B)
📁
pycodestyle-2.9.1.dist-info
📄
pycodestyle.py
(101.08 KB)
📁
pycparser
📁
pycparser-2.21.dist-info
📁
pydocstyle
📁
pydocstyle-6.3.0.dist-info
📁
pyfakefs
📁
pyfakefs-5.10.2.dist-info
📁
pyflakes
📁
pyflakes-2.5.0.dist-info
📁
pylint
📁
pylint-2.17.4.dist-info
📁
pylint_celery
📁
pylint_celery-0.3.dist-info
📁
pylint_django
📁
pylint_django-2.5.3.dist-info
📁
pylint_flask
📁
pylint_flask-0.6.dist-info
📁
pylint_plugin_utils
📁
pylint_plugin_utils-0.7.dist-info
📁
pylve-2.1-py3.11.egg-info
📄
pylve.cpython-311-x86_64-linux-gnu.so
(25.53 KB)
📁
pymysql
📁
pyparsing
📁
pyparsing-3.0.9.dist-info
📁
pyrsistent
📁
pyrsistent-0.19.3.dist-info
📁
pytest
📁
pytest-7.4.0.dist-info
📁
pytest_check
📁
pytest_check-2.5.3.dist-info
📁
pytest_snapshot
📁
pytest_snapshot-0.9.0.dist-info
📁
pytest_subprocess
📁
pytest_subprocess-1.5.3.dist-info
📁
pytest_tap
📁
pytest_tap-3.5.dist-info
📁
python_pam-1.8.4.dist-info
📁
pyvirtualdisplay
📁
raven
📁
raven-6.10.0.dist-info
📄
remove_ubc.py
(5.73 KB)
📁
requests
📁
requests-2.31.0.dist-info
📁
requirements_detector
📁
requirements_detector-1.2.2.dist-info
📁
schema-0.7.5.dist-info
📄
schema.py
(29.51 KB)
📄
secureio.py
(19.09 KB)
📁
semver
📁
semver-3.0.1.dist-info
📁
sentry_sdk
📁
sentry_sdk-1.29.2.dist-info
📁
setoptconf
📁
setoptconf_tmp-0.3.1.dist-info
📁
setuptools
📁
setuptools-80.9.0.dist-info
📄
simple_rpm.so
(11.29 KB)
📁
simplejson
📁
simplejson-3.19.1.dist-info
📁
six-1.16.0.dist-info
📄
six.py
(33.74 KB)
📁
smmap
📁
smmap-5.0.0.dist-info
📁
snowballstemmer
📁
snowballstemmer-2.2.0.dist-info
📁
sqlalchemy
📁
sqlalchemy-1.3.24.dist-info
📁
ssa
📁
svgwrite
📁
svgwrite-1.4.3.dist-info
📁
tap
📁
tap_py-3.2.1.dist-info
📁
testfixtures
📁
testfixtures-7.1.0.dist-info
📁
toml
📁
toml-0.10.2.dist-info
📁
tomlkit
📁
tomlkit-0.11.8.dist-info
📁
typing_extensions-4.7.1.dist-info
📄
typing_extensions.py
(108.48 KB)
📁
unshare-0.22.dist-info
📄
unshare.cpython-311-x86_64-linux-gnu.so
(8.17 KB)
📁
urllib3
📁
urllib3-2.0.4.dist-info
📁
vendors_api
📁
virtualenv
📁
virtualenv-20.21.1.dist-info
📁
wcwidth
📁
wcwidth-0.2.6.dist-info
📁
websiteisolation
📁
wmt
📁
wrapt
📁
wrapt-1.15.0.dist-info
📁
yaml
📁
yarl
📁
yarl-1.9.2.dist-info
Editing: lveapi.py
#!/usr/bin/env python # -*- coding: utf-8 -*- # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENSE.TXT import os import syslog import pwd from typing import Optional # NOQA from clcommon.clproc import ProcLve from clcommon import cpapi, ClPwd from clcommon.cpapi.cpapiexceptions import NotSupported from clveconfig import ve_config from lve_utils.pylve_wrapper import PyLveError, PyLve # noqa: F401 — re-exported for callers from websiteisolation import config as _ws_config from websiteisolation import id_registry as _ws_id_registry from websiteisolation.exceptions import LvdError LVP_XML_TAG_NAME = "reseller" LVE_NO_UBC = 1 << 1 LVE_NO_MAXENTER = 1 << 2 class NameMapError(Exception): pass class NameMapConfigError(NameMapError): pass class NameMapNotInitialized(NameMapError): pass class NameMap: """ Container for backend storing resellers_name<=>resellers_id map As backend store use ve.cfg Usage: >>> name_map = NameMap() >>> name_map.link_xml_node() >>> name_map.id_list() [1001] """ def __init__(self, xml_tag_name=LVP_XML_TAG_NAME): self._xml_tag_name = xml_tag_name self._xml_node = None # Reseller name to id map (list of corteges) self._reseller_id_name_map = None def get_id(self, name): for name_, id_ in self.load_from_node(): if name_ == name: return id_ def get_name(self, id_): for name_, _id in self.load_from_node(): if id_ == _id: return name_ def id_list(self): return [id_ for _, id_ in self.load_from_node()] def link_xml_node(self, xml_node=None, use_cache=True): """ Initialize NameMap. If xml_node is none, config will be loaded automatically :param use_cache: Bool whether bypass ve.cfg xml cache :param xml_node: !! DEPRECATED PARAM !! this param is left only for compatibility with our old code """ if xml_node is None: # New mode, Load reseller_id, reseller_name pairs from ve.cfg to dictionary self._xml_node = None self._load_resellers_map_from_ve_cfg(use_cache) else: # For compatibility with our old code self._xml_node = xml_node self._reseller_id_name_map = None def _load_resellers_map_from_ve_cfg(self, use_cache): """ Fills self._reseller_id_name_map from ve.cfg file :return: """ self._reseller_id_name_map = [] ve_cfg, xml_node = self._try_get_xml_node(use_cache=use_cache) for el_ in xml_node: name = el_.getAttribute('user') id_ = int(el_.getAttribute('id')) if name and id_ and id_ not in self._reseller_id_name_map: self._reseller_id_name_map.append((id_, name)) # Force delete XML object to avoid high memory load del xml_node del ve_cfg def _try_get_xml_node(self, use_cache=True): try: ve_cfg, xml_node = ve_config.get_xml_config(use_cache=use_cache) except ve_config.BadVeConfigException as e: self._reseller_id_name_map = None raise NameMapConfigError("Error happened while loading data from ve.cfg") from e return ve_cfg, xml_node.getElementsByTagName(self._xml_tag_name) def load_from_node(self): """ Obtain data from xml node as (name, id_) list """ if self._xml_node is None and self._reseller_id_name_map is None: raise NameMapNotInitialized('Name map is not initialized. ' 'Use obj.link_xml_node() to get data from config') if self._xml_node: # For compatibility with our old code for el_ in self._xml_node.getElementsByTagName(self._xml_tag_name): name = el_.getAttribute('user') id_ = int(el_.getAttribute('id')) if name and id_: yield name, id_ if self._reseller_id_name_map: # New mode, use resellers map for id_, name in self._reseller_id_name_map: yield name, id_ class LvpMap: """ Container for storing information about lve:lvp mapping In which reseller container stored lve """ def __init__(self): self.name_map = NameMap() self._id_name_map = {} self._name_id_map = {} self._reseller_id_map_panel = None self._pwd = ClPwd() def _add_map(self, name, id_): self._id_name_map[id_] = name self._name_id_map[name] = id_ def pw_uid(self, name, default=None): try: return self._pwd.get_pw_by_name(name).pw_uid except ClPwd.NoSuchUserException: return default def _get_panel_reseller_id(self, reseller): # type: (str) -> Optional[int] uid = self.pw_uid(reseller) if uid is not None: return uid # in case when we cannot find reseller in passwd file # let's ask control panel for reseller's id if self._reseller_id_map_panel is None: self._reseller_id_map_panel = cpapi.get_reseller_id_pairs() return self._reseller_id_map_panel.get(reseller) def get_reseller_id(self, name): # type: (str) -> Optional[int] """ Convert reseller name to an LVE id. It supports resellers without a system account (for Plesk compatibility). """ uid = self.name_map.get_id(name) or self._name_id_map.get(name) if uid is not None: return uid try: uid = self._get_panel_reseller_id(name) except NotSupported: uid = None if uid is not None: self._add_map(name, uid) return uid def get_reseller_name(self, id_): """ Convert reseller id to reseller name It support resellers without system account (for Plesk compatibilyty) """ # add attribute fo in memory cache support name = self.name_map.get_name(id_) or self._id_name_map.get(id_) if name is not None: return name try: name = pwd.getpwuid(id_).pw_name if cpapi.is_reseller(name): self._add_map(name, id_) else: name = None except KeyError: name = None return name def lve_lvp_pairs(self): """ This method loops over all user:reseller pairs in control panel and returns appropriate lve_id:lvp_id pairs. THIS METHOD WON'T CHECK IF 'RESELLER LIMITS' IS ENABLED IN ve.cfg """ resellers = set(cpapi.resellers()) reseller_uids = {} for reseller in resellers: try: reseller_uids[reseller] = self.get_reseller_id(reseller) except NotSupported: syslog.syslog( syslog.LOG_WARNING, f"Reseller {reseller} still exists in control panel, " "but absent in /etc/passwd file") for cplogin, reseller in cpapi.cpinfo(keyls=('cplogin', 'reseller')): lve_id = self.pw_uid(cplogin) # for some reasons (process of destroying user died # or admin called 'pure' userdel), user may still exist in control panel # but absent in /etc/passwd file; we can do nothing with that, # so just skip and write a warning to syslog if lve_id is None: syslog.syslog( syslog.LOG_WARNING, f"user {cplogin} still exists in control panel, " "but absent in /etc/passwd file") continue lvp_id = reseller_uids.get(reseller, 0) yield lve_id, lvp_id @staticmethod def resellers(): for reseller_name in cpapi.resellers(): yield reseller_name @staticmethod def reseller_uids(name): """ Obtain from control panel resellers uids """ uids = [] reseller_users = cpapi.reseller_users(name) for user in reseller_users: try: id_ = pwd.getpwnam(user).pw_uid uids.append(id_) except KeyError: syslog.syslog( syslog.LOG_WARNING, f"user {user} still exists in control panel, " "but absent in /etc/passwd file") return uids def lvp_lve_id_list(self, lvp_id): reseller_name = self.get_reseller_name(lvp_id) return self.reseller_uids(reseller_name) class Lve: def __init__(self, proc=None, py=None, map=None): self.proc = proc or ProcLve() self.py = py or PyLve() self.map = map or LvpMap() def lve_id_lvp_id_pairs(self): """ Obtain {lve id}:{lvp id} pairs iterator based on ve.cfg config (detect enabled resellers containers) This method (unlike LvpMap.lve_lvp_pairs) will check if reseller is enabled in ve.cfg and return lvp_id=0 for users of reseller with disabled reseller limits """ enabled_lvp_id = set(self.map.name_map.id_list()) for lve_id, lvp_id in self.map.lve_lvp_pairs(): if lvp_id in enabled_lvp_id: # load map for enabled resellers only yield lve_id, lvp_id else: yield lve_id, 0 def lve2lvp(self, lve_id): """ Obtain lvp id based on ve.cfg config (detect enabled resellers containers) """ for lve_id_, lvp_id_ in self.lve_id_lvp_id_pairs(): if lve_id == lve_id_: return lvp_id_ return 0 def lve_destroy(self, lve_id, *args, **kwargs): """ safe destroy lve container with preserving lvp mapping """ if os.path.exists(self.proc.proc_lve_map()): lvp_id = self.proc.map().get(lve_id, 0) else: lvp_id = 0 self.py.lve_destroy(lve_id, *args, **kwargs) if lvp_id != 0: try: pwd.getpwuid(lve_id) self.py.lve_lvp_map(lvp_id, lve_id) except KeyError: pass def _map_domain_lves(self, lve_id, proc_map): """Place every domain LVE that belongs to *lve_id* under its user LVP. Uses lve_lvp_move for domain LVEs that already exist in the kernel, and falls back to lve_lvp_map for those that do not yet exist (so the kernel will place them under the correct LVP when lve_setup creates them later). *proc_map* is an lve_id→lvp_id dict (from /proc/lve/map) used to skip mappings that are already correct. Updated in-place so callers see the new state. """ config = _ws_config.load_config(lve_id) for d in config.domains: if not d.name: continue try: docroot = _ws_config.resolve_docroot(d.name) except LvdError as e: syslog.syslog(syslog.LOG_WARNING, f"failed to resolve docroot for domain '{d.name}': {e}") continue domain_id = _ws_id_registry.assign_domain_id(lve_id, docroot) if proc_map.get(domain_id) == lve_id: continue if domain_id in proc_map: # Domain LVE exists in the kernel — move it. self.py.lve_lvp_move(lve_id, domain_id) else: # Domain LVE does not exist yet — pre-register mapping. self.py.lve_lvp_map(lve_id, domain_id) proc_map[domain_id] = lve_id def apply_domain_lve_limits(self, lve_id): """Apply per-domain limits from domains.json to each domain LVE. Must be called after lve_set_default() resets all LVEs inside the user LVP to the user's defaults. Each domain LVE is set to its stored limits, or all-zeros (unlimited) when unconfigured. """ config = _ws_config.load_config(lve_id) for d in config.domains: if not d.name: continue try: docroot = _ws_config.resolve_docroot(d.name) except LvdError as e: syslog.syslog(syslog.LOG_WARNING, f"failed to resolve docroot for domain '{d.name}': {e}") continue domain_id = _ws_id_registry.assign_domain_id(lve_id, docroot) settings = self.py.liblve_settings() limits = d.limits.to_dict() if 'cpu' in limits: settings.ls_cpu = int(limits['cpu']) if 'pmem' in limits: pmem_bytes = int(limits['pmem']) settings.ls_memory_phy = pmem_bytes // 4096 if pmem_bytes else 0 if 'io' in limits: settings.ls_io = int(limits['io']) if 'nproc' in limits: settings.ls_nproc = int(limits['nproc']) if 'iops' in limits: settings.ls_iops = int(limits['iops']) self.py.lve_setup( domain_id, settings, err_msg=f'Can`t setup domain LVE {domain_id}; error code {{code}}', ) def _sync_map(self): """ Load lve_id:lvp_id map to kmod-lve. For users with per-domain isolation configured, builds a nested LVP hierarchy instead of a flat reseller mapping: lvp<0> [lvp<reseller_id>] ← reseller LVP (if enabled) lvp<user_id> ← user-level LVP with isolation lve<user_id> ← user LVE lve<domain_id> ... ← domain LVEs lvp<0> [lvp<reseller_id>] ← reseller LVP (without isolation) lve<user_id> ← user LVE (flat, existing behaviour) """ # load mapping information from kernel (/proc/lve/map) proc_map_dict = self.proc.map() # loop over user_id:reseller_id pairs # lve_id_lvp_id_pairs includes all control panel users # and checks for enabled resellers in ve.cfg # so user of reseller without reseller limits # will be listed in response like 'tuple(user_id, 0)' if self.py.domains_supported(): isolated_users = set(_ws_config.find_all_lve_ids_with_config()) else: isolated_users = set() for lve_id, lvp_id in self.lve_id_lvp_id_pairs(): if lve_id in isolated_users: # User has per-domain isolation: build nested LVP hierarchy. # Ensure the parent (reseller) LVP exists first. if lvp_id != 0 and not self.proc.exist_lvp(lvp_id=lvp_id): self.py.lve_lvp_create(lvp_id) # Create user LVP nested under the reseller (or at root # when there is no reseller). lve_apply_all() already # creates the nested LVP for reseller users; this handles # the non-reseller case and the standalone sync-map call. if not self.proc.exist_lvp(lvp_id=lve_id): if lvp_id: self.py.lve_lvp_create2(lve_id, lvp_id) else: self.py.lve_lvp_create(lve_id) # Move the user LVE under the user LVP (both share lve_id). if proc_map_dict.get(lve_id, 0) != lve_id: self.py.lve_lvp_move(lve_id, lve_id) proc_map_dict[lve_id] = lve_id self._map_domain_lves(lve_id, proc_map=proc_map_dict) else: # Standard behaviour: move user LVE under reseller/root LVP. if proc_map_dict.get(lve_id, 0) != lvp_id: # change map if needed only if not self.proc.exist_lvp(lvp_id=lvp_id): self.py.lve_lvp_create(lvp_id) self.py.lve_lvp_move(lvp_id, lve_id) proc_map_dict[lve_id] = lvp_id def sync_map(self): """ wrapped _sync_map function for prevent error if some cpapi not supported """ try: self._sync_map() except NotSupported: pass def is_panel_supported(self): """ Check if current panel supported for reseller's limits; :rtype: bool """ try: return cpapi.is_reseller_limits_supported() except NotSupported: return False def reseller_limit_supported(self): """ Check present all needed (kmod-lve, liblve, /proc/lve, panel) for manipulate resellers limits """ return all((self.py.resellers_supported(), self.proc.resellers_supported(), self.is_panel_supported())) def is_lve10(self): """ Check present all needed (kmod-lve, liblve, /proc/lve) for manipulate resellers limits """ return all((self.py.resellers_supported(), self.proc.resellers_supported()))
Upload File
Create Folder