Na}{

File Content: `secureio.py`

#!/usr/bin/python
#
#Copyright (c) 2010 Cloud Linux LTD
#All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions
#are met:
#  * Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#  * Redistributions in binary form must reproduce the above
#    copyright notice, this list of conditions and the following
#    disclaimer in the documentation and/or other materials provided
#    with the distribution.
#  * The names of its contributors may not be used to endorse or
#    promote products derived from this software without specific
#    prior written permission.
#
#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
#"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
#LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
#FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
#COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
#INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
#CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
#LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
#ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
#POSSIBILITY OF SUCH DAMAGE.
#

# This module provides functions for secure I/O and filesystem operations

import os
from ctypes import *

libc = cdll.LoadLibrary("libc.so.6")
liblve = cdll.LoadLibrary("liblve.so.0")

# --- libc functions -----------------------------------------------

ino_t = c_long
off_t = c_long

class DIRENTRY(Structure):
	_fields_ = [
		('d_ino', ino_t),                 # inode number
		('d_off', off_t),                 # offset to the next dirent
		('d_reclen', c_ushort),           # length of this record
		('d_type', c_ubyte),              # type of file; not supported by all file system types
		('d_name', c_char * 256),         # filename
	]

DIRENTRY_P = POINTER(DIRENTRY)

fchown = libc.fchown
fchown.argtypes = [c_int, c_int, c_int]
fchown.restype = c_int

fchmod = libc.fchmod
fchmod.argtypes = [c_int, c_int]
fchmod.restype = c_int

fdopendir = libc.fdopendir
# accepts file/dir descriptor (integer)
fdopendir.argtypes = [c_int]
# returns pointer to DIR structure
fdopendir.restype = c_void_p

readdir = libc.readdir
# accepts pointer to DIR structure
readdir.argtypes = [c_void_p]
# returns pointer to DIRENTRY structure
readdir.restype = DIRENTRY_P

rewinddir = libc.rewinddir
# accepts pointer to DIR structure
rewinddir.argtypes = [c_void_p]
# returns void
rewinddir.restype = None

closedir = libc.closedir
# accepts pointer to DIR structure
closedir.argtypes = [c_void_p]
closedir.restype = c_int


# --- liblve functions -----------------------------------------------

# Opens path for reading not following symlinks and verifies that opened path is inside parent_path
# Returns:
# descriptor if successful
# -1 if path does not exist or is a symlink
# -2 if opened path is NOT inside parent_path or cannot be determined
# accepts path, parent_path
open_not_symlink = liblve.open_not_symlink
open_not_symlink.argtypes = [c_char_p, c_char_p]
open_not_symlink.restype = c_int

# Closes descriptor (if it is not equal -1)
# accepts file/dir descriptor (integer)
liblve.closefd.argtypes = [c_int]
# returns void
liblve.closefd.restype = None

# Tries to read first directory entry in order to ensure that descriptor is valid
# Returns 0 if reading succeeded or -1 if error has occured
check_dir = liblve.check_dir
# accepts descriptor
check_dir.argtypes = [c_int]
check_dir.restype = c_int

# Checks if path is a directory (in secure manner)
# Also opens path (if descriptor fd == -1) and then checks that opened path is inside parent_path
# Returns descriptor if path refers to directory
# Returns -1 if path does not exist or is not a directory
# Returns -2 if opened path is NOT inside parent_path or cannot be determined
isdir = liblve.isdir
# accepts path, descriptor, parent_path
isdir.argtypes = [c_char_p, c_int, c_char_p]
isdir.restype = c_int

# Sets permissions to directory (in secure manner)
# Returns descriptor if successful
# Returns -1 if error has occured
# Returns -2 if opened path is NOT inside parent_path or cannot be determined
# accepts: const char *path, mode_t perm, int fd, const char *parent_path
liblve.set_perm_dir_secure.argtypes = [c_char_p, c_int, c_int, c_char_p]
liblve.set_perm_dir_secure.restype = c_int

# Sets owner and group of directory (in secure manner)
# Returns descriptor if successful
# Returns -1 if error has occured
# Returns -2 if opened path is NOT inside parent_path or cannot be determined
# accepts: const char *path, uid_t uid, gid_t gid, int fd, const char *parent_path
liblve.set_owner_dir_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_char_p]
liblve.set_owner_dir_secure.restype = c_int

# Creates directory if it does not exist, sets permissions/owner otherwise
# Returns descriptor if successful
# Returns -1 if error has occured
# accepts: const char *path, mode_t perm, uid_t uid, gid_t gid, int fd, const char *parent_path
liblve.create_dir_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_int, c_char_p]
liblve.create_dir_secure.restype = c_int

# Recursive directory creation function
# Returns 0 if successful
# Returns -1 if error has occured
# accepts: const char *path, mode_t perm, uid_t uid, gid_t gid, const char *parent_path
liblve.makedirs_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_char_p]
liblve.makedirs_secure.restype = c_int

# Writes absolute path pointed by descriptor fd to buffer *buf
# Returns buf if successful
# Returns NULL if error has occured
get_path_from_descriptor = liblve.get_path_from_descriptor
get_path_from_descriptor.argtypes = [c_int, c_char_p]
get_path_from_descriptor.restype = c_char_p

# Returns 1 if subdir is subdirectory of dir, 0 otherwise
is_subdir = liblve.is_subdir
is_subdir.argtypes = [c_char_p, c_char_p]
is_subdir.restype = c_int


# Returns list of entries of directory pointed by descriptor
def flistdir(fd):
	# Duplicate descriptor, because closedir() closes descriptor associated with directory stream
	fd2 = os.dup(fd)

	# Open directory stream
	dirp = fdopendir(fd2)
	if not dirp:
		raise Exception("fdopendir error")

	# Reset position of directory stream
	# (so it will be possible to read content of directory multiple times
	# via other descriptors that refer to the directory)
	rewinddir(dirp)

	dirlist = []
	while True:
		entryp = readdir(dirp)
		if not entryp:
			break
		entry = entryp.contents
		dirlist.append(entry.d_name)

	rewinddir(dirp)
	closedir(dirp)
	return dirlist



def closefd(fd):
	if fd is not None:
		try:
			os.close(fd)
		except OSError:
			pass



# Sets permissions to directory (in secure manner)
# Returns descriptor if successful
# Returns None if error has occured
def set_perm_dir_secure(path, perm, parent_path, fd = None, logger = None):
	if fd == None:
		fd = -1
	fd = liblve.set_perm_dir_secure(path, perm, fd, parent_path)
	if fd > 0:
		return fd
	if logger is not None:
		logger('Error: failed to set permissions of directory ' + path, False, True)
	return None



# Sets owner and group of directory (in secure manner)
# Returns descriptor if successful
# Returns None if error has occured
def set_owner_dir_secure(path, uid, gid, parent_path, fd = None, logger = None):
	if fd == None:
		fd = -1
	fd = liblve.set_owner_dir_secure(path, uid, gid, fd, parent_path)
	if fd > 0:
		return fd
	if logger is not None:
		logger('Error: failed to set owner of directory ' + path, False, True)
	return None



# Creates directory if it does not exist, sets permissions/owner otherwise
# Returns descriptor if successful
# Returns None if error has occured
def create_dir_secure(path, perm, uid, gid, parent_path, fd = None, logger = None):
	if fd == None:
		fd = -1
	fd = liblve.create_dir_secure(path, perm, uid, gid, fd, parent_path)
	if fd > 0:
		return fd
	if logger is not None:
		logger('Error: failed to create directory ' + path, False, True)
	return None



# Recursive directory creation function
# Returns 0 if successful
# Returns -1 if error has occured
def makedirs_secure(path, perm, uid, gid, parent_path, logger = None):
	res = liblve.makedirs_secure(path, perm, uid, gid, parent_path)
	if res and logger:
		logger('Error: failed to create directory ' + path, False, True)
	return res


def set_capability(clear=False):
	"""
	Set CAP_SYS_RESOURCE capability

	:param bool clear: Set on if it's true, set off otherwise
	:return: 0 for success, -1 otherwise
	:rtype: int
	"""
	if clear:
		return liblve.disable_quota_capability()
	else:
		return liblve.enable_quota_capability()


def change_uid(uid):
	"""
	Change effective uid of current process and set CAP_SYS_RESOURCE capbality
	to prevent "Disk quota exceeded" error

	:param int euid: User ID to set it as current effective UID
	:return: 0 if capability was set successfuly, -1 otherwise
	:rtype: int
	"""
	os.setuid(uid)
	return set_capability()

Name	Size	Permission
Babel-0.9.6-py2.7.egg-info	---	0755
Jinja2-2.7.2-py2.7.egg-info	---	0755
_markerlib	---	0755
babel	---	0755
backports	---	0755
chardet	---	0755
chardet-2.2.1-py2.7.egg-info	---	0755
clcommon	---	0755
decorator-3.4.0-py2.7.egg-info	---	0755
iniparse	---	0755
isc	---	0755
javapackages	---	0755
javapackages-1.0.0-py2.7.egg-info	---	0755
jinja2	---	0755
kitchen	---	0755
kitchen-1.1.1-py2.7.egg-info	---	0755
ply	---	0755
procfs	---	0755
pyudev	---	0755
pyudev-0.15-py2.7.egg-info	---	0755
rhn	---	0755
rpmUtils	---	0755
setuptools	---	0755
setuptools-0.9.8-py2.7.egg-info	---	0755
tuned	---	0755
urlgrabber	---	0755
yum	---	0755
yumutils	---	0755
IPy-0.75-py2.7.egg-info	10061 bytes	0644
IPy.py	51270 bytes	0644
IPy.pyc	40873 bytes	0644
IPy.pyo	40873 bytes	0644
backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info	4051 bytes	0644
clsudo.py	12953 bytes	0644
clsudo.pyc	11285 bytes	0644
clsudo.pyo	11285 bytes	0644
configobj-4.7.2-py2.7.egg-info	2135 bytes	0644
configobj.py	88163 bytes	0644
configobj.pyc	66278 bytes	0644
configobj.pyo	66278 bytes	0644
decorator.py	10639 bytes	0644
decorator.pyc	8563 bytes	0644
decorator.pyo	8516 bytes	0644
easy_install.py	126 bytes	0644
easy_install.pyc	315 bytes	0644
easy_install.pyo	315 bytes	0644
hwdata.py	6033 bytes	0644
hwdata.pyc	4487 bytes	0644
hwdata.pyo	4487 bytes	0644
iniparse-0.4-py2.7.egg-info	1083 bytes	0644
ipaddress-1.0.16-py2.7.egg-info	783 bytes	0644
ipaddress.py	79904 bytes	0644
ipaddress.pyc	75525 bytes	0644
ipaddress.pyo	75335 bytes	0644
isc-2.0-py2.7.egg-info	267 bytes	0644
pciutils-1.7.3-py2.7.egg-info	267 bytes	0644
pkg_resources.py	101108 bytes	0644
pkg_resources.pyc	108033 bytes	0644
pkg_resources.pyo	108001 bytes	0644
ply-3.4-py2.7.egg-info	900 bytes	0644
pyparsing-1.5.6-py2.7.egg-info	670 bytes	0644
pyparsing.py	155429 bytes	0644
pyparsing.pyc	148895 bytes	0644
pyparsing.pyo	148895 bytes	0644
python_linux_procfs-0.4.9-py2.7.egg-info	350 bytes	0644
rhnlib-2.5.65-py2.7.egg-info	345 bytes	0644
secureio.py	9222 bytes	0644
secureio.pyc	4686 bytes	0644
secureio.pyo	4686 bytes	0644
urlgrabber-3.10-py2.7.egg-info	2265 bytes	0644
validate.py	46303 bytes	0644
validate.pyc	46711 bytes	0644
validate.pyo	46711 bytes	0644

File Content: secureio.py

File Content: `secureio.py`