Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

403WebShell
403Webshell
Server IP : 66.29.132.124  /  Your IP : 3.137.189.236
Web Server : LiteSpeed
System : Linux business141.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
User : wavevlvu ( 1524)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /opt/imunify360/venv/lib/python3.11/site-packages/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /opt/imunify360/venv/lib/python3.11/site-packages/secureio.py
# coding=utf-8

# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2018 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT

# This module provides functions for secure I/O and filesystem operations

import grp
import sys
import tempfile
import contextlib
import os
from functools import lru_cache
from typing import TYPE_CHECKING
from ctypes import (cdll, c_long, Structure, c_ushort, c_ubyte, c_char, POINTER,
                    c_int, c_void_p, c_char_p)

from clcommon import ClPwd
from clcommon.clpwd import drop_user_privileges


def __getattr__(name):
    # NOTE(vlebedev): Delay shared libraries loading until they are actually used.
    #                 It makes module loadable even in case those shared libraries are not available
    #                 and that is useful for e.g. unit testing on local non-CL system.
    if name == 'libc':
        return _load_libc()
    elif name == 'liblve':
        return _load_liblve()
    raise AttributeError(f"module {__name__} has no attribute {name}")


def __dir__():
    return ['libc', 'liblve', *globals().keys()]


# --- libc functions -----------------------------------------------
@lru_cache(maxsize=None)
def _load_libc():
    libc = cdll.LoadLibrary("libc.so.6")

    libc.fchown.argtypes = [c_int, c_int, c_int]
    libc.fchown.restype = c_int

    libc.fchmod.argtypes = [c_int, c_int]
    libc.fchmod.restype = c_int

    # accepts file/dir descriptor (integer)
    libc.fdopendir.argtypes = [c_int]
    # returns pointer to DIR structure
    libc.fdopendir.restype = c_void_p

    # accepts pointer to DIR structure
    libc.readdir.argtypes = [c_void_p]
    # returns pointer to DIRENTRY structure
    libc.readdir.restype = DIRENTRY_P

    # accepts pointer to DIR structure
    libc.rewinddir.argtypes = [c_void_p]
    # returns void
    libc.rewinddir.restype = None

    # accepts pointer to DIR structure
    libc.closedir.argtypes = [c_void_p]
    libc.closedir.restype = c_int

    return libc


if TYPE_CHECKING:
    libc = _load_libc()


ino_t = c_long
off_t = c_long


class DIRENTRY(Structure):
    _fields_ = [
        ('d_ino', ino_t),  # inode number
        ('d_off', off_t),  # offset to the next dirent
        ('d_reclen', c_ushort),  # length of this record
        ('d_type', c_ubyte),  # type of file; not supported by all file system types
        ('d_name', c_char * 256),  # filename
    ]


DIRENTRY_P = POINTER(DIRENTRY)


def fchown(fd, uid, gid):
    return _load_libc().fchown(fd, uid, gid)


def fchmod(fd, mode):
    return _load_libc().fchmod(fd, mode)


def fdopen(fd):
    return _load_libc().fdopen(fd)


def readdir(dirp):
    return _load_libc().readdir(dirp)


def rewinddir(dirp):
    return _load_libc().rewinddir(dirp)


def closedir(dirp):
    return _load_libc().closedir(dirp)


class StubLVE:
    """Stub implementation of LVE functions for systems without liblve"""

    def open_not_symlink(self, path, parent_path):
        return -1

    def check_dir(self, fd):
        return -1

    def isdir(self, path, descriptor, parent_path):
        return -1

    def set_perm_dir_secure(self, path, perm, fd, parent_path):
        return -1

    def set_owner_dir_secure(self, path, uid, gid, fd, parent_path):
        return -1

    def create_dir_secure(self, path, perm, uid, gid, fd, parent_path):
        return -1

    def makedirs_secure(self, path, perm, uid, gid, parent_path):
        return -1

    def get_path_from_descriptor(self, fd, buf):
        return None

    def is_subdir(self, dir, subdir):
        return 0

    def enable_quota_capability(self):
        return 0

    def disable_quota_capability(self):
        return 0


# --- liblve functions -----------------------------------------------
@lru_cache(maxsize=None)
def _load_liblve():
    """Load liblve if available, otherwise return stub implementation"""
    try:
        liblve = cdll.LoadLibrary("libsecureio.so.0")
    except OSError:
        try:
            liblve = cdll.LoadLibrary("liblve.so.0")
        except OSError:
            return StubLVE()

    # Opens path for reading not following symlinks and verifies that opened path is inside parent_path
    # Returns:
    # descriptor if successful
    # -1 if path does not exist or is a symlink
    # -2 if opened path is NOT inside parent_path or cannot be determined
    # accepts path, parent_path
    liblve.open_not_symlink.argtypes = [c_char_p, c_char_p]
    liblve.open_not_symlink.restype = c_int

    # Closes descriptor (if it is not equal -1)
    # accepts file/dir descriptor (integer)
    liblve.closefd.argtypes = [c_int]
    # returns void
    liblve.closefd.restype = None

    # Tries to read first directory entry in order to ensure that descriptor is valid
    # Returns 0 if reading succeeded or -1 if error has occured
    # accepts descriptor
    liblve.check_dir.argtypes = [c_int]
    liblve.check_dir.restype = c_int

    # Checks if path is a directory (in secure manner)
    # Also opens path (if descriptor fd == -1) and then checks that opened path is inside parent_path
    # Returns descriptor if path refers to directory
    # Returns -1 if path does not exist or is not a directory
    # Returns -2 if opened path is NOT inside parent_path or cannot be determined
    # accepts path, descriptor, parent_path
    liblve.isdir.argtypes = [c_char_p, c_int, c_char_p]
    liblve.isdir.restype = c_int

    # Sets permissions to directory (in secure manner)
    # Returns descriptor if successful
    # Returns -1 if error has occured
    # Returns -2 if opened path is NOT inside parent_path or cannot be determined
    # accepts: const char *path, mode_t perm, int fd, const char *parent_path
    liblve.set_perm_dir_secure.argtypes = [c_char_p, c_int, c_int, c_char_p]
    liblve.set_perm_dir_secure.restype = c_int

    # Sets owner and group of directory (in secure manner)
    # Returns descriptor if successful
    # Returns -1 if error has occured
    # Returns -2 if opened path is NOT inside parent_path or cannot be determined
    # accepts: const char *path, uid_t uid, gid_t gid, int fd, const char *parent_path
    liblve.set_owner_dir_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_char_p]
    liblve.set_owner_dir_secure.restype = c_int

    # Creates directory if it does not exist, sets permissions/owner otherwise
    # Returns descriptor if successful
    # Returns -1 if error has occured
    # accepts: const char *path, mode_t perm, uid_t uid, gid_t gid, int fd, const char *parent_path
    liblve.create_dir_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_int, c_char_p]
    liblve.create_dir_secure.restype = c_int

    # Recursive directory creation function
    # Returns 0 if successful
    # Returns -1 if error has occured
    # accepts: const char *path, mode_t perm, uid_t uid, gid_t gid, const char *parent_path
    liblve.makedirs_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_char_p]
    liblve.makedirs_secure.restype = c_int

    # Writes absolute path pointed by descriptor fd to buffer *buf
    # Returns buf if successful
    # Returns NULL if error has occured
    liblve.get_path_from_descriptor.argtypes = [c_int, c_char_p]
    liblve.get_path_from_descriptor.restype = c_char_p

    # Returns 1 if subdir is subdirectory of dir, 0 otherwise
    liblve.is_subdir.argtypes = [c_char_p, c_char_p]
    liblve.is_subdir.restype = c_int

    return liblve


if TYPE_CHECKING:
    liblve = _load_liblve()


def _open_not_symlink(path, parent_path):
    return _load_liblve().open_not_symlink(path, parent_path)


def check_dir(fd):
    return _load_liblve().check_dir(fd)


def isdir(path, descriptor, parent_path):
    return _load_liblve().isdir(path, descriptor, parent_path)


def get_path_from_descriptor(fd, buf):
    return _load_liblve().get_path_from_descriptor(fd, buf)


def is_subdir(dir, subdir):
    return _load_liblve().is_subdir(dir, subdir)


# True :  euid/egid == 0/0
# False : euid/egid == user/user
# set by set_user_perm() and set_root_perm() functions
root_flag = True

LOGFILE = "/var/log/cagefs-update.log"

MIN_UID = 500

SILENT_FLAG = False


def open_not_symlink(path):
    return os.open(path, os.O_RDONLY | os.O_NOFOLLOW)


def open_file_not_symlink(path):
    return os.fdopen(open_not_symlink(path), 'r')


def flistdir(fd):
    """Returns list of entries of directory pointed by descriptor"""
    # Duplicate descriptor, because closedir() closes descriptor associated with directory stream
    fd2 = os.dup(fd)

    # Open directory stream
    dirp = fdopendir(fd2)  # NOQA
    if not dirp:
        raise RuntimeError("fdopendir error")

    # Reset position of directory stream
    # (so it will be possible to read content of directory multiple times
    # via other descriptors that refer to the directory)
    rewinddir(dirp)

    dirlist = []
    while True:
        entryp = readdir(dirp)
        if not entryp:
            break
        entry = entryp.contents
        dirlist.append(entry.d_name)

    rewinddir(dirp)
    closedir(dirp)
    return dirlist


def closefd(fd):
    if fd is not None:
        try:
            os.close(fd)
        except OSError:
            pass


def set_perm_dir_secure(path, perm, parent_path, fd=None, logger=None):
    """Sets permissions to directory (in secure manner)
    Returns descriptor if successful
    Returns None if error has occured"""
    if fd is None:
        fd = -1
    fd = _load_liblve().set_perm_dir_secure(path.encode(), perm, fd, parent_path.encode())
    if fd > 0:
        return fd
    if logger is not None:
        logger('Error: failed to set permissions of directory ' + path, False, True)
    return None


def set_owner_dir_secure(path, uid, gid, parent_path, fd=None, logger=None):
    """Sets owner and group of directory (in secure manner)
    Returns descriptor if successful
    Returns None if error has occured"""
    if fd is None:
        fd = -1
    fd = _load_liblve().set_owner_dir_secure(path.encode(), uid, gid, fd, parent_path.encode())
    if fd > 0:
        return fd
    if logger is not None:
        logger('Error: failed to set owner of directory ' + path, False, True)
    return None


def create_dir_secure(path, perm, uid, gid, parent_path, fd=None, logger=None):
    """Creates directory if it does not exist, sets permissions/owner otherwise
    Returns descriptor if successful
    Returns None if error has occured"""
    if fd is None:
        fd = -1
    fd = _load_liblve().create_dir_secure(path.encode(), perm, uid, gid, fd, parent_path.encode())
    if fd > 0:
        return fd
    if logger is not None:
        logger('Error : failed to create directory ' + path, False, True)
    return None


def makedirs_secure(path, perm, uid, gid, parent_path, logger=None):
    """Recursive directory creation function
    Returns 0 if successful
    Returns -1 if error has occured"""
    res = _load_liblve().makedirs_secure(path.encode(), perm, uid, gid, parent_path.encode())
    if res and logger:
        logger('Error : failed to create directory ' + path, False, True)
    return res


def read_file_secure(filename, uid=None, gid=None, exit_on_error=True, write_log=True):
    """read file not following symlinks"""
    if (uid is None and gid is not None) or (uid is not None and gid is None):
        raise RuntimeError("read_file_secure: uid and gid should be both null or be both not null")

    drop_perm = (uid is not None) and (gid is not None)
    if drop_perm:
        set_user_perm(uid, gid)

    try:
        file_object = open_file_not_symlink(filename)
        content = file_object.readlines()
        file_object.close()
        if drop_perm:
            set_root_perm()
        return content
    except (OSError, IOError) as e:
        if drop_perm:
            set_root_perm()
        logging('Error: failed to read ' + filename + ' : ' + str(e), SILENT_FLAG, 1, write_log)
        if not exit_on_error:
            raise
        sys.exit(1)


def write_file_secure(content, ini_path, uid, gid, drop_perm=True, perm=0o644, write_log=True):
    """Returns True if error has occured"""
    dirpath = os.path.dirname(ini_path)

    if drop_perm:
        set_user_perm(uid, gid)

    fd = None
    temp_path = None
    try:
        fd, temp_path = tempfile.mkstemp(prefix='cagefs_', dir=dirpath)
        file_object = os.fdopen(fd, 'w')
        file_object.write(''.join(content))
        if not drop_perm and uid is not None and gid is not None:
            if fchown(fd, uid, gid):
                raise OSError('fchown failed')
        if fchmod(fd, perm):
            raise OSError('fchmod failed')
        file_object.close()
    except (IOError, OSError) as e:
        try:
            file_object.close()
        except Exception:
            pass
        try:
            os.close(fd)
        except Exception:
            pass
        try:
            os.unlink(temp_path)
        except Exception:
            pass
        if drop_perm:
            set_root_perm()
        logging(
            f"Error: failed to write file {ini_path} : {str(e).replace('Errno', 'Err code')}",
            SILENT_FLAG,
            1,
            write_log,
        )
        return True
    except Exception as e:
        logging(f'Error: {str(e)}', SILENT_FLAG, 1)
        sys.exit(1)

    error = False
    try:
        os.rename(temp_path, ini_path)
    except OSError as e:
        error = True
        logging('Error: failed to rename tempfile to ' + ini_path + ' : ' + str(e), SILENT_FLAG, 1, write_log)
        try:
            os.unlink(temp_path)
        except OSError:
            pass

    if drop_perm:
        set_root_perm()

    return error


def write_file_via_tempfile(
        content, dest_path, perm, prefix='', suffix='', as_user=None):
    """
    Safely write string content to a file
    :param content: str
    :param dest_path: str -> path to a file
    :param perm: int -> permissions for the file
    :param prefix: str -> add to temporary file name
    :param suffix: str -> add to temporary file name
    :param as_user: str -> name of the user to drop privileges to
    """
    if as_user is not None:
        old_groups = os.getgroups()
        drop_user_privileges(as_user, effective_or_real=True, set_env=False)

    dirpath = os.path.dirname(dest_path)
    fd, temp_path = None, None
    try:
        fd, temp_path = tempfile.mkstemp(
                prefix=prefix, suffix=suffix, dir=dirpath)
        with os.fdopen(fd, 'w', errors='surrogateescape') as f_temp:
            f_temp.write(content)
    except (IOError, OSError):
        if fd is None or temp_path is None:
            raise
        try:
            os.close(fd)
        except (IOError, OSError):
            pass
        try:
            os.unlink(temp_path)
        except (IOError, OSError):
            pass
        raise

    try:
        os.chmod(temp_path, perm)
        os.rename(temp_path, dest_path)
    except (OSError, IOError, TypeError):
        try:
            os.unlink(temp_path)
        except (OSError, IOError):
            pass
        raise

    if as_user is not None:
        ruid = os.getuid()
        os.seteuid(ruid)
        os.setegid(os.getgid())
        # All of the above can be called from user named as_user
        if ruid == 0:
            os.setgroups(old_groups)


def set_user_perm(uid, gid, exit=True):
    global root_flag

    try:
        os.setegid(gid)
    except (OSError,) as e:
        if exit:
            print_error('failed to set egid to ' + str(gid) + ': ' + str(e))
            sys.exit(1)
        else:
            return -1

    groups = get_groups(uid, gid)
    try:
        os.setgroups(groups)
    except (OSError,) as e:
        if exit:
            print_error('failed to set supplementary groups to :', groups, str(e))
            sys.exit(1)
        else:
            return -1

    try:
        os.seteuid(uid)
    except (OSError,) as e:
        if exit:
            print_error('failed to set euid to ' + str(uid) + ': ' + str(e))
            sys.exit(1)
        else:
            return -1

    if uid == 0:
        root_flag = True
    else:
        # If it's possible, switch on CAP_SYS_RESOURCE
        _load_liblve().enable_quota_capability()
        root_flag = False


def set_root_perm(exit=True):
    global root_flag

    try:
        os.seteuid(0)
    except (OSError,) as e:
        if exit:
            print_error('failed to set euid to 0 :', str(e))
            sys.exit(1)
        else:
            return -1

    try:
        os.setegid(0)
    except (OSError,) as e:
        if exit:
            print_error('Error: failed to set egid to 0 :', str(e))
            sys.exit(1)
        else:
            return -1

    groups = get_groups(0, 0)
    try:
        os.setgroups(groups)
    except (OSError,) as e:
        if exit:
            print_error('Error: failed to set supplementary groups to :', groups, str(e))
            sys.exit(1)
        else:
            return -1

    root_flag = True


def print_error(*args):
    print("Error:", end=' ', file=sys.stderr)
    for a in args:
        print(a, end=' ', file=sys.stderr)
    print(file=sys.stderr)


def get_groups(uid, gid):
    """Returns supplementary groups for uid"""
    gr = get_grp_dict()
    pw = get_pwd_dict()
    groups = set()
    for group in gr:
        members = gr[group].gr_mem
        for user in members:
            try:
                member_uid = pw[user].pw_uid
            except KeyError:
                continue
            if member_uid == uid:
                groups.add(gr[group].gr_gid)
    groups.add(gid)
    return list(groups)


grp_dict = None


def get_grp_dict():
    global grp_dict
    if grp_dict is None:
        grp_dict = {}
        gr = grp.getgrall()
        for line in gr:
            grp_dict[line.gr_name] = line
    return grp_dict


clpwd = ClPwd(min_uid=MIN_UID)


def get_pwd_dict():
    return clpwd.get_user_dict()



log_file = None

def logging(msg, silent=False, verbose=True, write_log=True):
    global log_file
    if not silent:
        if verbose:
            print(msg)

    if write_log:
        root_flag_saved = root_flag
        if not root_flag:
            uid, gid = get_perm()
            set_root_perm()
        try:
            if log_file is None:
                umask_saved = os.umask(0o22)
                # log_file is opened in "line buffered" mode
                log_file = open(LOGFILE, 'w', 1)  # NOQA
                os.umask(umask_saved)
            log_file.write(msg)
            log_file.write("\n")
        except (OSError, IOError) as e:
            print_error("writing to ", LOGFILE, str(e))
            sys.exit(1)
        if not root_flag_saved:
            set_user_perm(uid, gid)


def get_perm():
    try:
        uid = os.geteuid()
        gid = os.getegid()
    except (OSError,) as e:
        print_error('failed to get (euid,egid)', str(e))
        sys.exit(1)
    return uid, gid


def set_capability(clear=False):
    """
    Set CAP_SYS_RESOURCE capability

    :param bool clear: Set on if it's true, set off otherwise
    :return: 0 for success, -1 otherwise
    :rtype: int
    """
    return _load_liblve().disable_quota_capability() if clear \
        else _load_liblve().enable_quota_capability()


def change_uid(uid):
    """
    Change effective uid of current process and set CAP_SYS_RESOURCE capbality
    to prevent "Disk quota exceeded" error

    :param int euid: User ID to set it as current effective UID
    :return: 0 if capability was set successfuly, -1 otherwise
    :rtype: int
    """
    os.seteuid(uid)
    return set_capability()


def _set_quota_checks_status(enabled):
    """
    Disable quota kernel check to allow us to write
    more than user can by quota.
    """
    if not enabled:
        _load_liblve().enable_quota_capability()
    else:
        _load_liblve().disable_quota_capability()


@contextlib.contextmanager
def disable_quota():
    _set_quota_checks_status(enabled=False)
    try:
        yield
    finally:
        _set_quota_checks_status(enabled=True)


@contextlib.contextmanager
def set_umask(umask_value):
    saved_umask = os.umask(umask_value)
    try:
        yield
    finally:
        os.umask(saved_umask)

Youez - 2016 - github.com/yon3zu
LinuXploit