Submit
Path:
~
/
/
opt
/
alt
/
python37
/
lib
/
python3.7
/
site-packages
/
File Content:
clsudo.py
# coding=utf-8 # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2018 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENSE.TXT from __future__ import absolute_import from __future__ import division from __future__ import print_function import os import pwd import grp import re import subprocess import tempfile from stat import S_IRUSR, S_IRGRP class NoSuchUser(Exception): def __init__(self, user): #message = 'No such user (%s)' % user Exception.__init__(self, 'No such user (%s)' % (user,)) class NoSuchGroup(Exception): def __init__(self, group): message = 'No such group (%s)' % group Exception.__init__(self, message) class UnableToReadFile(Exception): def __init__(self): Exception.__init__(self, 'Cannot read sudoers file') class UnableToWriteFile(Exception): def __init__(self): Exception.__init__(self, 'Cannot modify sudoers file') SUDOERS_FILE = '/etc/sudoers' ALIAS_LVECTL_CMDS = ["/bin/ps", "/bin/grep", "/sbin/service", "/usr/bin/getcontrolpaneluserspackages", "/usr/sbin/lvectl", "/usr/local/directadmin/plugins/new_lvemanager/admin/GetDomains", "/usr/share/l.v.e-manager/utils/cloudlinux-cli.py"] ALIAS_LVECTL_USER_CMDS = ["/usr/share/l.v.e-manager/utils/cloudlinux-cli-user.py"] ALIAS_SELECTOR_CMDS = ["/usr/bin/cl-selector", "/usr/bin/piniset", "/usr/sbin/lveps", "/usr/bin/selectorctl"] DEFAULTS_REQUIRETTY = 'Defaults:%s !requiretty' # Patterns for group GROUP_LVECTL_SELECTOR = '%%%s ALL=NOPASSWD: LVECTL_CMDS, SELECTOR_CMDS' GROUP_DEFAULTS_REQUIRETTY = 'Defaults:%%%s !requiretty' class Clsudo: """ Adds CloudLinux users to sudoers file """ filepath = None sudoers_list = [] has_action = False has_group_action = False has_alias = False has_user_alias = False has_rights = False has_user_rights = False has_selector_alias = False has_selector_rights = False has_cagefs_alias = False has_cagefs_rights = False @staticmethod def add_user(user, sudoers_file=SUDOERS_FILE): """ Adds username to sudoers file (for lvemanager) """ # Update command lists for lvemanager Clsudo.update_commands_list(sudoers_file) Clsudo._check_user(user) Clsudo._get_contents(user) if not Clsudo.has_alias: Clsudo.sudoers_list.append('Cmnd_Alias LVECTL_CMDS = ' + ", ".join(ALIAS_LVECTL_CMDS)) if not Clsudo.has_user_alias: Clsudo.sudoers_list.append('Cmnd_Alias LVECTL_USER_CMDS = ' + ", ".join(ALIAS_LVECTL_USER_CMDS)) if not Clsudo.has_selector_alias: Clsudo.sudoers_list.append('Cmnd_Alias SELECTOR_CMDS = ' + ", ".join(ALIAS_SELECTOR_CMDS)) if not Clsudo.has_rights: Clsudo.sudoers_list.append('%s ALL=NOPASSWD: LVECTL_CMDS' % (user,)) if not Clsudo.has_user_rights: Clsudo.sudoers_list.append('%s ALL=(ALL) NOPASSWD: LVECTL_USER_CMDS' % (user,)) if not Clsudo.has_selector_rights: Clsudo.sudoers_list.append('%s ALL=NOPASSWD: SELECTOR_CMDS' % (user,)) if not Clsudo.has_action: Clsudo.sudoers_list.append(DEFAULTS_REQUIRETTY % (user,)) Clsudo._write_contents() @staticmethod def add_cagefs_user(user, sudoers_file=SUDOERS_FILE): """ Adds username to sudoers file (for cagefs) """ Clsudo.filepath = sudoers_file Clsudo._check_user(user) Clsudo._get_contents(user) if not Clsudo.has_cagefs_alias: Clsudo.sudoers_list.append('Cmnd_Alias CAGEFS_CMDS = /usr/sbin/cagefsctl, ' '/bin/ps, /bin/grep, /sbin/service') if not Clsudo.has_cagefs_rights: Clsudo.sudoers_list.append('%s ALL=NOPASSWD: CAGEFS_CMDS' % (user,)) if not Clsudo.has_action: Clsudo.sudoers_list.append(DEFAULTS_REQUIRETTY % (user,)) Clsudo._write_contents() @staticmethod def add_lvemanager_group(group_name, sudoers_file=SUDOERS_FILE): """ Adds group to sudoers file, grants access to LVE Manager """ # Update command lists for lvemanager Clsudo.update_commands_list(sudoers_file) Clsudo._check_group(group_name) Clsudo._get_contents_group(group_name) if not Clsudo.has_alias: Clsudo.sudoers_list.append('Cmnd_Alias LVECTL_CMDS = ' + ", ".join(ALIAS_LVECTL_CMDS)) if not Clsudo.has_selector_alias: Clsudo.sudoers_list.append('Cmnd_Alias SELECTOR_CMDS = ' + ", ".join(ALIAS_SELECTOR_CMDS)) if not Clsudo.has_action: Clsudo.sudoers_list.append(GROUP_LVECTL_SELECTOR % (group_name,)) if not Clsudo.has_group_action: Clsudo.sudoers_list.append(GROUP_DEFAULTS_REQUIRETTY % (group_name,)) # writes file Clsudo._write_contents() @staticmethod def remove_user(user, sudoers_file=SUDOERS_FILE): """ Removes username from sudoers file """ Clsudo.filepath = sudoers_file try: f = open(Clsudo.filepath) Clsudo.sudoers_list = f.read().splitlines() f.close() idx = 0 removed = False while idx < len(Clsudo.sudoers_list): line = Clsudo.sudoers_list[idx] if (('%s ALL=NOPASSWD:' % (user,)) in line) or ((DEFAULTS_REQUIRETTY % (user,))in line): Clsudo.sudoers_list.remove(line) removed = True continue idx += 1 if removed: Clsudo._write_contents() except (IOError, OSError): raise UnableToReadFile() @staticmethod def update_user(user, sudoers_file=SUDOERS_FILE): """ updates username in sudoers file :param user: username for caching :param sudoers_file: path to /etc/sudoers (only for tests) :return: None """ # Update command lists Clsudo.update_commands_list(sudoers_file) # For backward compatibility # Check user presence in system Clsudo._check_user(user) Clsudo._get_contents(user) @staticmethod def update_commands_list(sudoers_file=SUDOERS_FILE): """ Update command lists for lvemanager plugin If any required command absent in file, add it :param sudoers_file: path to /etc/sudoers :return: None """ # Read /etc/sudoers Clsudo.filepath = sudoers_file Clsudo.temp_dir = os.path.dirname(Clsudo.filepath) Clsudo._read_sudoers() cmnd_dict = {"Cmnd_Alias LVECTL_CMDS": ALIAS_LVECTL_CMDS, "Cmnd_Alias SELECTOR_CMDS": ALIAS_SELECTOR_CMDS} is_sudoer_change = False for idx in range(len(Clsudo.sudoers_list)): command_string = Clsudo.sudoers_list[idx] for aliase_key, aliase_list in cmnd_dict.items(): if aliase_key in command_string: command_string = command_string.replace(aliase_key, "").strip() cmnd_list = command_string.split(",") for aliase_cmnd_item in aliase_list: if aliase_cmnd_item not in cmnd_list: is_sudoer_change = True Clsudo.sudoers_list[idx] = "{0} = {1}".format( aliase_key, ", ".join(aliase_list) ) break if is_sudoer_change: Clsudo._write_contents() @staticmethod def _check_user(user): """ Checks passwd database for username presence @param user: string """ try: pwd.getpwnam(user) except KeyError: raise NoSuchUser(user) @staticmethod def _check_group(group_name): """ Checks grp database for group_name presence @param group_name: string """ try: grp.getgrnam(group_name) except KeyError: raise NoSuchGroup(group_name) @staticmethod def _read_sudoers(): i = open(Clsudo.filepath) Clsudo.sudoers_list = i.read().splitlines() i.close() @staticmethod def _get_contents(user): """ Reads file into list of strings @param user: string """ # Clear all status flags Clsudo.has_action = False Clsudo.has_group_action = False Clsudo.has_alias = False Clsudo.has_user_alias = False Clsudo.has_rights = False Clsudo.has_user_rights = False Clsudo.has_selector_alias = False Clsudo.has_selector_rights = False Clsudo.has_cagefs_alias = False Clsudo.has_cagefs_rights = False require_tty_pattern = re.compile(r'Defaults:\s*%s\s*!requiretty' % user) try: # Read sudoers file Clsudo._read_sudoers() for idx in range(len(Clsudo.sudoers_list)): if "Cmnd_Alias LVECTL_CMDS" in Clsudo.sudoers_list[idx]: Clsudo.has_alias = True continue if "Cmnd_Alias LVECTL_USER_CMDS" in Clsudo.sudoers_list[idx]: Clsudo.has_user_alias = True continue if "Cmnd_Alias CAGEFS_CMDS" in Clsudo.sudoers_list[idx]: Clsudo.has_cagefs_alias = True continue if "%s ALL=NOPASSWD: LVECTL_CMDS" % (user,) in Clsudo.sudoers_list[idx]: Clsudo.has_rights = True continue if "%s ALL=(ALL) NOPASSWD: LVECTL_USER_CMDS" % (user,) in Clsudo.sudoers_list[idx]: Clsudo.has_user_rights = True continue if "%s ALL=NOPASSWD: CAGEFS_CMDS" % (user,) in Clsudo.sudoers_list[idx]: Clsudo.has_cagefs_rights = True continue if "requiretty" in Clsudo.sudoers_list[idx]: pattern_match = require_tty_pattern.search(Clsudo.sudoers_list[idx]) if pattern_match: Clsudo.has_action = True continue if "Cmnd_Alias SELECTOR_CMDS" in Clsudo.sudoers_list[idx]: if 'piniset' not in Clsudo.sudoers_list[idx]: Clsudo.sudoers_list[idx] = Clsudo.sudoers_list[idx].replace( '/usr/bin/cl-selector', '/usr/bin/cl-selector, /usr/bin/piniset') if 'lveps' not in Clsudo.sudoers_list[idx]: Clsudo.sudoers_list[idx] = Clsudo.sudoers_list[idx].replace( '/usr/bin/cl-selector, /usr/bin/piniset', '/usr/bin/cl-selector, /usr/bin/piniset, /usr/sbin/lveps') Clsudo.has_selector_alias = True continue if "%s ALL=NOPASSWD: SELECTOR_CMDS" % (user,) in Clsudo.sudoers_list[idx]: Clsudo.has_selector_rights = True continue except (IOError, OSError): raise UnableToReadFile() @staticmethod def _get_contents_group(group_name): """ Reads file into list of strings @param group_name: string """ # Clear all status flags Clsudo.has_action = False Clsudo.has_group_action = False Clsudo.has_alias = False Clsudo.has_rights = False Clsudo.has_selector_alias = False Clsudo.has_selector_rights = False Clsudo.has_cagefs_alias = False Clsudo.has_cagefs_rights = False group_prefix = "%%%s" % group_name group_action = "Defaults:%%%s" % group_name group_pattern = re.compile(r'%s\s*ALL=NOPASSWD:\s*LVECTL_CMDS,\s*SELECTOR_CMDS' % (group_name,)) try: # Read sudoers file Clsudo._read_sudoers() for idx in range(len(Clsudo.sudoers_list)): if "Cmnd_Alias SELECTOR_CMDS" in Clsudo.sudoers_list[idx]: if 'piniset' not in Clsudo.sudoers_list[idx]: Clsudo.sudoers_list[idx] = Clsudo.sudoers_list[idx].replace( '/usr/bin/cl-selector', '/usr/bin/cl-selector, /usr/bin/piniset') if 'lveps' not in Clsudo.sudoers_list[idx]: Clsudo.sudoers_list[idx] = Clsudo.sudoers_list[idx].replace( '/usr/bin/cl-selector, /usr/bin/piniset', '/usr/bin/cl-selector, /usr/bin/piniset, /usr/sbin/lveps') Clsudo.has_selector_alias = True continue if "Cmnd_Alias LVECTL_CMDS" in Clsudo.sudoers_list[idx]: Clsudo.has_alias = True continue if "Cmnd_Alias CAGEFS_CMDS" in Clsudo.sudoers_list[idx]: Clsudo.has_cagefs_alias = True continue if Clsudo.sudoers_list[idx].startswith(group_prefix): pattern_match = group_pattern.search(Clsudo.sudoers_list[idx]) if pattern_match: Clsudo.has_action = True if Clsudo.sudoers_list[idx].startswith(group_action): Clsudo.has_group_action = True except (IOError, OSError): raise UnableToReadFile() @staticmethod def _write_contents(): """ Writes data to temporary file then checks it and rewrites sudoers file """ try: temp_dir = os.path.dirname(Clsudo.filepath) temp_prefix = 'lve_sudoers_' fd, temp_path = tempfile.mkstemp(prefix=temp_prefix, dir=temp_dir) fo = os.fdopen(fd, 'w') fo.write('\n'.join(Clsudo.sudoers_list) + '\n') fo.close() mask = S_IRUSR | S_IRGRP os.chmod(temp_path, mask) if not Clsudo._is_file_valid(temp_path): raise IOError except (IOError, OSError): try: if os.path.exists(temp_path): os.unlink(temp_path) except: pass raise UnableToWriteFile() try: os.rename(temp_path, Clsudo.filepath) except OSError: raise UnableToWriteFile() @staticmethod def _is_file_valid(filename): cmd = [ '/usr/sbin/visudo', '-c', '-f', filename ] rv = subprocess.Popen( cmd, stdin=open('/dev/null'), stdout=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True) rv.communicate() if rv.returncode != 0: return False return True
Edit
Rename
Chmod
Delete
FILE
FOLDER
Name
Size
Permission
Action
Babel-2.9.1-py3.7.egg-info
---
0755
Beaker-1.11.0-py3.7.egg-info
---
0755
Jinja2-3.0.3-py3.7.egg-info
---
0755
Mako-1.1.0-py3.7.egg-info
---
0755
OpenSSL
---
0755
Paste-1.7.5.1-py3.7.egg-info
---
0755
PyJWT-1.7.1-py3.7.egg-info
---
0755
Tempita-0.5.1-py3.7.egg-info
---
0755
__pycache__
---
0755
_distutils_hack
---
0755
aiosignal
---
0755
aiosignal-1.2.0a0-py3.7.egg-info
---
0755
alembic
---
0755
alembic-0.8.3-py3.7.egg-info
---
0755
asn1crypto
---
0755
asn1crypto-0.22.0-py3.7.egg-info
---
0755
async_timeout
---
0755
async_timeout-4.0.2-py3.7.egg-info
---
0755
attr
---
0755
attrs-17.4.0-py3.7.egg-info
---
0755
babel
---
0755
beaker
---
0755
beautifulsoup4-4.5.1-py3.7.egg-info
---
0755
bs4
---
0755
certifi
---
0755
certifi-2018.4.16-py3.7.egg-info
---
0755
chardet
---
0755
chardet-3.0.4-py3.7.egg-info
---
0755
charset_normalizer
---
0755
charset_normalizer-2.0.12-py3.7.egg-info
---
0755
cl_dom_collector
---
0755
clcommon
---
0755
clconfig
---
0755
clconfigure
---
0755
cldashboard
---
0755
clevents
---
0755
cllicense
---
0755
cllimits
---
0755
cllimits_validator
---
0755
cllimitslib_v2
---
0755
clpackages
---
0755
clquota
---
0755
clselect
---
0755
clselector
---
0755
clsentry
---
0755
clsummary
---
0755
clveconfig
---
0755
clwizard
---
0755
clwpos
---
0755
cssselect
---
0755
cssselect-0.9.2-py3.7.egg-info
---
0755
distlib
---
0755
docopt-0.6.2-py3.7.egg-info
---
0755
filelock
---
0755
filelock-0.0.0-py3.7.egg-info
---
0755
future
---
0755
future-0.17.0-py3.7.egg-info
---
0755
html5lib
---
0755
html5lib-1.0.1-py3.7.egg-info
---
0755
idna
---
0755
idna-2.5-py3.7.egg-info
---
0755
importlib_metadata
---
0755
importlib_metadata-0.0.0-py3.7.egg-info
---
0755
jinja2
---
0755
jsonschema
---
0755
jsonschema-3.2.0-py3.7.egg-info
---
0755
jwt
---
0755
libfuturize
---
0755
libpasteurize
---
0755
lve_utils
---
0755
lvemanager
---
0755
lvestats
---
0755
mako
---
0755
nose
---
0755
nose-1.3.7-py3.7.egg-info
---
0755
packaging
---
0755
packaging-16.8-py3.7.egg-info
---
0755
past
---
0755
paste
---
0755
pip
---
0755
pip-20.2.4.dist-info
---
0755
pkg_resources
---
0755
platformdirs
---
0755
platformdirs-0.0.0-py3.7.egg-info
---
0755
ply
---
0755
ply-3.8-py3.7.egg-info
---
0755
prettytable-0.7.2-py3.7.egg-info
---
0755
pyOpenSSL-17.3.0-py3.7.egg-info
---
0755
pycparser
---
0755
pycparser-2.14-py3.7.egg-info
---
0755
pyparsing-2.1.10-py3.7.egg-info
---
0755
python_editor-0.4-py3.7.egg-info
---
0755
pytz
---
0755
pytz-2017.2-py3.7.egg-info
---
0755
raven
---
0755
raven-6.3.0-py3.7.egg-info
---
0755
requests
---
0755
requests-2.26.0-py3.7.egg-info
---
0755
schema-0.7.1-py3.7.egg-info
---
0755
sentry_sdk
---
0755
sentry_sdk-0.19.4-py3.7.egg-info
---
0755
setuptools
---
0755
setuptools-58.3.0.dist-info
---
0755
six-1.15.0-py3.7.egg-info
---
0755
ssa
---
0755
svgwrite
---
0755
svgwrite-1.3.0-py3.7.egg-info
---
0755
tempita
---
0755
typing_extensions-3.7.4.3-py3.7.egg-info
---
0755
urllib3
---
0755
urllib3-1.26.6-py3.7.egg-info
---
0755
vendors_api
---
0755
virtualenv
---
0755
virtualenv-20.13.0-py3.7.egg-info
---
0755
webencodings
---
0755
webencodings-0.5.1-py3.7.egg-info
---
0755
wmt
---
0755
zipp-0.0.0-py3.7.egg-info
---
0755
Paste-1.7.5.1-py3.7-nspkg.pth
534 bytes
0644
PySocks-1.5.7-py3.7.egg-info
322 bytes
0644
cl_proc_hidepid.py
4549 bytes
0644
clcontrollib.py
53127 bytes
0644
cldetectlib.py
18745 bytes
0644
cldiaglib.py
48675 bytes
0644
clhooklib.py
1432 bytes
0644
cli_utils.py
1775 bytes
0644
cllicenselib.py
8220 bytes
0644
clsetuplib.py
4422 bytes
0644
clsudo.py
15049 bytes
0644
cpanel.py
29687 bytes
0644
distlib-0.3.4-py3.7.egg-info
1162 bytes
0644
distutils-precedence.pth
152 bytes
0644
docopt.py
19946 bytes
0644
editor.py
2550 bytes
0755
lve_stats-2.0-py3.7.egg-info
185 bytes
0644
lveapi.py
19697 bytes
0644
lvectllib.py
94545 bytes
0644
lvestat.py
7106 bytes
0644
prettytable.py
54204 bytes
0644
pyparsing.py
229867 bytes
0644
remove_ubc.py
5670 bytes
0755
schema.py
29198 bytes
0644
secureio.py
17387 bytes
0644
six.py
34159 bytes
0644
socks.py
29952 bytes
0644
sockshandler.py
2913 bytes
0644
typing_extensions.py
83727 bytes
0644
zipp.py
8425 bytes
0644
N4ST4R_ID | Naxtarrr
