Yohohohohohooho | Sanrei Aya
Sanrei Aya


Server : LiteSpeed
System : Linux barito.iixcp.rumahweb.net 5.14.0-611.49.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Apr 21 16:39:08 EDT 2026 x86_64
User : elvh3918 ( 1528)
PHP Version : 8.2.31
Disable Function : mail
Directory :  /opt/cloudlinux/venv/lib/python3.11/site-packages/xray/internal/__pycache__/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //opt/cloudlinux/venv/lib/python3.11/site-packages/xray/internal/__pycache__/utils.cpython-311.pyc
�

e�"j|�
�J�dZddlZddlZddlZddlZddlZddlmZddlZddl	Z	ddl
Z
ddlZddlZddl
Z
ddlZddlZddlZddlmcmZddlmZddlmZmZddlmZddlmZddlmZmZmZm Z m!Z!m"Z"m#Z#dd	l$m%Z%m&Z&m'Z'ddl(Z(dd
l)m*Z*ddl+m,Z,ddl-m.Z.dd
l/m0Z0m1Z1m2Z2m3Z3ddl4m5Z5ddl6m7Z7ddl8m9Z9ddl:m;Z;ddl<m=Z=ddl>m?Z?ddl@mAZBddlCmDZDmEZEmFZFmGZGmHZHmIZIddlJmKZKmLZLe	jMd��ZNeOePejQfZRde%de%fd�ZSde%de%fd�ZTde%de%fd�ZUdeVfd�ZWdefd�ZXd eVdefd!�ZYdeZfd"�Z[d#e&e\deZfd$�Z]d#e&e\deZfd%�Z^deZfd&�Z_eFfd'eZd(eZddfd)�Z`eFfd(eZdeZfd*�ZadeZfd+�Zade'ebfd,�ZceUdeZfd-���Zdd.eZde'eZfd/�Zede'eZfd0�Zfd^d1�ZgeGfd2eZde'eZfd3�Zhejid4��Zjd5eZddfd6�Zkd5eZd7eldelfd8�Zmd9eZd:eZddfd;�Znd<eZdd=fd>�Zod?eVdeVfd@�Zpd5eZde'eqfdA�Zrd5eZde'eZfdB�Zsd_d5eZddfdC�Ztd5eZdebfdD�ZudebfdE�ZvdebfdF�ZwdGebddfdH�ZxdebfdI�ZydebfdJ�ZzdebfdK�Z{d.eZdebfdL�Z|dM�Z}ed`dP���Z~edadReZdSebfdT���ZedbdUeVddfdV���Z�e		dcdYeVdZeVdUeVddfd[���Z�ed\���Z�d]�Z�dS)dzB
This module contains helpful utility functions for X-Ray Manager
�N)�getuser)�contextmanager)�date�	timedelta��wraps)�glob)�socket�fromfd�AF_UNIX�SOCK_STREAM�
SOCK_DGRAM�AF_INET�AF_INET6)�Callable�List�Optional)�AtexitIntegration)�LoggingIntegration)�Feature)�is_panel_feature_supported�get_cp_description�	getCPName�is_wp2_environment)�get_cl_edition_readable)�UIConfig)�drop_privileges)�get_rhn_systemid_value)�get_hostname)�php_get_vhost_versions_user)�gettext�)�
sentry_dsn�local_tasks_storage�
agent_file�
logging_level�jwt_token_location�user_agent_sock)�	XRayError�XRayManagerExit�utils�func�returnc�F���d��t�����fd���}|S)zf
    Decorator aimed to update ini file in cagefs-skeleton
    Applies to task.add nd task.remove
    c��tj�|djd��}|�d��r8td��r)tj�d|dd���}n�|�d��r�td	��r�tj�d	|dd���}tj�tj�|����s1tjtj�|����ndStj�|��s�tj�	|��r�tj�
|��r t�d
d|i���dS	tj
|��dS#t$r7}t�d
|t|��d����Yd}~dSd}~wwxYwdS	tj�
|��r t�dd|i���dSt!|d��5}|���}ddd��n#1swxYwYtj|tjtjztjztjzd��}	tj||��tj|��dS#tj|��wxYw#t$r7}t�d|t|��d����Yd}~dSd}~wwxYw)zd
        Copy ini file to cagefs-skeleton
        Action takes place for cPanel ea-php only
        rzxray.iniz/opt/cpanelz/usr/share/cagefsz"/usr/share/cagefs/.cpanel.multiphpr"Nz
/usr/localz/usr/share/cagefs-skeletonz-Refusing to unlink symlink in cagefs-skeleton�xray_ini��extraz'Failed to unlink ini in cagefs-skeleton)r0�errz0Refusing to copy over symlink in cagefs-skeleton�rbi�z'Failed to copy ini into cagefs-skeleton)�os�path�join�ini_location�
startswithr	�exists�dirname�mkdir�lexists�islink�logger�warning�unlink�OSError�str�open�read�O_WRONLY�O_CREAT�O_TRUNC�
O_NOFOLLOW�write�close)�args�original_ini�skeleton_ini�e�src�	src_bytes�fds       �J/opt/cloudlinux/venv/lib64/python3.11/site-packages/xray/internal/utils.py�updatezskeleton_update.<locals>.updateMs���
�w�|�|�D��G�$8�*�E�E���"�"�=�1�1�	�d�#�7%�7%�	��7�<�<�(L�(4�Q�R�R�(8�:�:�L�L�
�
$�
$�\�
2�
2�	�t�,�8.�8.�	��7�<�<�(D�(4�Q�R�R�(8�:�:�L��7�>�>�"�'�/�/�,�"?�"?�@�@�
8��������6�6�7�7�7���F��w�~�~�l�+�+� 	6��w���|�,�,�

:��7�>�>�,�/�/���N�N�#R�*4�l�)C�#�E�E�E��F�:��I�l�+�+�+�+�+���:�:�:��N�N�#L�6B�14�Q���*9�*9�#�:�:�:�:�:�:�:�:�:�����:����

:�

:�
6��7�>�>�,�/�/���N�N�#U�*4�l�)C�#�E�E�E��F��,��-�-�+�� #���
�
�I�+�+�+�+�+�+�+�+�+�+�+����+�+�+�+��W�\��[�2�:�5��
�B�R�]�R�"�$�$��!��H�R��+�+�+��H�R�L�L�L�L�L��B�H�R�L�L�L�L������
6�
6�
6����H�2>�-0��V�V�&5�&5��6�6�6�6�6�6�6�6�6�����
6���ss�3G	�	
H
�,H�H
�=L�L�J�4L�J�L�J�A
L�K>�(L�>L�L�
M�!,M�Mc�"���|i|���|�dS)�
        Wraps func
        N�)rL�kwargsr,rTs  ��rS�wrapperz skeleton_update.<locals>.wrapper�s)���
	
��d��f�������
�
�
�
�r)r,rYrTs` @rS�skeleton_updater[GsK����36�36�36�j�4�[�[�������[���NrZc�P����d��d��t������fd���}|S)zs
    Decorator aimed to update DBM storage with fake_id:real_id mapping
    Applies to task.add nd task.remove
    c��|d}tt��5}|j||j<ddd��dS#1swxYwYdS)z-
        Update DBM storage contents
        rN)�dbm_storager$�task_id�fake_id)rL�
task_instance�task_storages   rSrTz"dbm_storage_update.<locals>.update�s����Q��
�
�,�
-�
-�	H��2?�2G�L��.�/�	H�	H�	H�	H�	H�	H�	H�	H�	H�	H�	H�	H����	H�	H�	H�	H�	H�	Hs
�:�>�>c���tt��5}	||dj���=n#t$rYnwxYwddd��dS#1swxYwYdS)z.
        Remove task from DBM storage
        rN)r^r$r`�encode�KeyError)rLrbs  rS�removez"dbm_storage_update.<locals>.remove�s����,�
-�
-�	��
� ��a���!7�!7�!9�!9�:�:���
�
�
���
����	�	�	�	�	�	�	�	�	�	�	�	����	�	�	�	�	�	s1�A� 8�A�
A�A�A�A�A�Ac�\��	�jdkr�|�n.#t$r!}tt|�����d}~wwxYw	�|i|��n#t$r�jdkr�|��wxYw	�jdkr�|�dSdS#t$r!}tt|�����d}~wwxYw)rV�addNrf)�__name__�RuntimeErrorr)rC�	Exception)rLrXrOr,rfrTs   ���rSrYz#dbm_storage_update.<locals>.wrapper�s���	$��}��%�%����
�
����	$�	$�	$��C��F�F�#�#�#�����	$����	��D�$�!�&�!�!�!�!���	�	�	��}��%�%����
�
��	����	$��}��(�(����
�
�
�
�)�(���	$�	$�	$��C��F�F�#�#�#�����	$���s4��
?�:�?�A�A(�,B�
B+�
B&�&B+r)r,rYrfrTs` @@rS�dbm_storage_updaterl�sb�����H�H�H�	�	�	��4�[�[�$�$�$�$�$�$��[�$�6�NrZc�F���d��t�����fd���}|S)z5
    Decorator aimed to validate given JWT token
    c�"�t��dS)z7
        Check if retrieved JWT token is valid
        N)�is_xray_supportedrWrZrS�checkzcheck_jwt.<locals>.check�s��	�����rZc�,���|i|��}���|S)rVrW)rLrX�tokenrpr,s   ��rSrYzcheck_jwt.<locals>.wrapper�s)���
��d�%�f�%�%��
������rZr)r,rYrps` @rS�	check_jwtrs�sJ����
����4�[�[�������[���NrZc�B�ttj����S)zJ
    Get current epoch timestamp as int
    :return: timestamp as int
    )�int�timerWrZrS�	timestamprw�s��
�t�y�{�{���rZc�J�tj��td���z
S)zC
    Pick a yesterday date
    :return: a datetime.date object
    r")�days)r�todayrrWrZrS�	prev_dater{�s ��
�:�<�<�)��+�+�+�+�+rZ�tsc�*�tj|��S)zy
    Get the datetime.date object for given int timestamp
    :param ts: timestamp
    :return: datetime.date object
    )r�
fromtimestamp)r|s rS�date_of_timestampr�s����b�!�!�!rZc�D�t���d��S)zj
    Get a formatted representation of yesterday date
    :return: str date in the form of dd/mm/YYYY
    z%d/%m/%Y)r{�strftimerWrZrS�get_formatted_dater��s��
�;�;���
�+�+�+rZ�linksc�f��d�d��fd�t|d��D����S)u�
    HTML formatted links.

    Both the domain (interpolated into the visible <a> body) and the
    link (interpolated into the href attribute) are passed through
    html.escape(..., quote=True) so HTML-special characters in either
    slot cannot break attribute parsing or inject tags. The href is
    also explicitly double-quoted — without quotes, whitespace in the
    link value would let any subsequent token be parsed as a new
    attribute (e.g. ``onmouseover=...``). Defense-in-depth: today the
    sole caller (continuous.tracing.generate_mail) passes
    url_split(task.url)[0] and task.shared_link, both of which are
    derived from controlled sources, but the template must remain
    safe for any future caller.
    z+<p>{num}) <a href="{link}">{domain}</a></p>�
c����g|]_\}}|���D]E\}}��|tj|d���tj|d��������F�`S)T)�quote)�num�link�domain)�items�format�html�escape)�.0�i�l�k�v�	html_items     �rS�
<listcomp>z,get_html_formatted_links.<locals>.<listcomp>s�������
�A�q�A�G�G�I�I�	��-1�A�q�	���Q�"�k�!�4�8�8�8� $��A�T� :� :� :�	�	<�	<����rZr"�r7�	enumerate)r�r�s @rS�get_html_formatted_linksr�sR��� >�I��9�9������e�Q�'�'�	�����rZc�f��d�d��fd�t|d��D����S)z
    Formatted links
    z{num}) {dom}: {link}r�c�z��g|]7\}}|���D]\}}��|||������8S))r��domr�)r�r�)r�r�r�r�r��	text_items     �rSr�z,get_text_formatted_links.<locals>.<listcomp>sk���A�A�A���A�67�g�g�i�i�A�A�.2�a�� �&�&�1�!�!�&�<�<�A�A�A�ArZr"r�)r�r�s @rS�get_text_formatted_linksr�sZ���'�I��9�9�A�A�A�A���q�)�)�A�A�A�B�B�BrZc��	tjd��}|���}|�d��j}tj��5}|�d|��ddd��n#1swxYwY|�d��S#ttj
f$r"}ttd����|�d}~wwxYw)ze
    Obtain system ID from /etc/sysconfig/rhn/systemid
    :return: system ID without ID- prefix
    z/etc/sysconfig/rhn/systemidz(.//member[name='system_id']/value/string�	system_idNzID-zFailed to retrieve system_id)
�ET�parse�getroot�find�text�
sentry_sdk�configure_scope�set_tag�lstriprB�
ParseErrorr)�_)�tree�root�whole_id�scoperOs     rS�read_sys_idr�"s��
B��x�5�6�6���|�|�~�~���9�9�G�H�H�M��
�
'�
)�
)�	1�U��M�M�+�x�0�0�0�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1����	1�	1�	1�	1����u�%�%�%���R�]�#�B�B�B���8�9�9�:�:��A�����B���s<�AB�A:�.B�:A>�>B�A>�B�C�0C
�
C�sys_id�agent_system_id_pathc�>�tj|tjtjztjztjzd��}	tj||�����tj|��dS#tj|��wxYw)zH
    Write system_id into file /usr/share/alt-php-xray/agent_sys_id
    �N)	r5rDrGrFrHrIrJrdrK)r�r�rRs   rS�write_sys_idr�2sw��
��%���b�k�)�B�J�6���F��
�
�B��
���V�]�]�_�_�%�%�%�
������������������s�	'B�Bc�B�	t|��5}|������cddd��S#1swxYwYdS#t$rC}t�ddt
|��i���t��cYd}~Sd}~wwxYw�zA
    Read system_id saved by agent during its initialization
    Nz8Failed to retrieve agent's system_id, returning real oner3r1)rDrE�striprBr?�inforCr�)r��agent_sysid_filerOs   rS�read_agent_sys_idr�?s����
�&�
'�
'�	3�+;�#�(�(�*�*�0�0�2�2�	3�	3�	3�	3�	3�	3�	3�	3�	3�	3�	3�	3����	3�	3�	3�	3�	3�	3���������F��#�a�&�&�/�	�	#�	#�	#��}�}�����������	���s?�A�&A�A�A�A�A�A�
B�8B�B�Bc�L�	tt��5}|������cddd��S#1swxYwYdS#t$rC}t
�ddt|��i���t��cYd}~Sd}~wwxYwr�)	rDr%rEr�rBr?r�rCr�)r�rOs  rSr�r�Ms����
�*�
�
�	3�!1�#�(�(�*�*�0�0�2�2�	3�	3�	3�	3�	3�	3�	3�	3�	3�	3�	3�	3����	3�	3�	3�	3�	3�	3���������F��#�a�&�&�/�	�	#�	#�	#��}�}�����������	���s?�A�&A	�A�	A
�
A�A
�A�
B#� 8B�B#�B#c�@�ttj��}|s�t��}t	��}t
�dt|��t|����ttd�
||�������dS)z9Raise XRayError in case of detected non-supported editionzMCurrent CloudLinux edition: %s or Control Panel: %s is not supported by X-RayzMCurrent CloudLinux edition: {} or Control Panel: {} is not supported by X-RayT)rr�XRAYrrr?r�rCr*r�r�)�is_supported�current_edition�
current_panels   rSroro\s���-�g�l�;�;�L��f�1�3�3��!���
����c���(�(�#�m�*<�*<�	>�	>�	>��a�!N�NT�f�Ud�Ub�Od�Od�e�e�f�f�	f��4rZc�8�	tt��5}|������cddd��S#1swxYwYdS#tt
f$r2t
td��tt��z���wxYw)zT
    Obtain jwt token from /etc/sysconfig/rhn/jwt.token
    :return: token read
    NzJWT file %s read error)	rDr'rEr�rB�IOErrorr)r�rC)�
token_files rS�read_jwt_tokenr�js���O�
�$�
%�
%�	-���?�?�$�$�*�*�,�,�	-�	-�	-�	-�	-�	-�	-�	-�	-�	-�	-�	-����	-�	-�	-�	-�	-�	-���W��O�O�O���2�3�3�c�:L�6M�6M�M�N�N�N�O���s.�A�&A	�A�	A
�
A�A
�A�AB�filepathc�&�	t|��5}|������}ddd��n#1swxYwYn#t$rYdSwxYwd�|�d��dd���pdS)z8Get version of package from file. alt-php-xray supportedN�.�z0.0-0)rDrEr�rBr7�split)r��v_file�versions   rS�pkg_versionr�ws����
�(�^�^�	,�v��k�k�m�m�)�)�+�+�G�	,�	,�	,�	,�	,�	,�	,�	,�	,�	,�	,����	,�	,�	,�	,���������������8�8�G�M�M�#�&�&�r��r�*�+�+�6�w�6s3�A�'A�A�A�A�A�A�
A�Ac� �td��S)z#Get version of alt-php-xray packagez/usr/share/alt-php-xray/version)r�rWrZrS�xray_versionr��s���8�9�9�9rZc�B���dtdtdtfd�}�fd�}dd�}d��dtf�fd	��ttjtj�
��}t
��pd}t|���}tj	t||d
||g���tj��5}dtd��p%���pt��p
t��i|_	||��n#t $rYnwxYwddd��dS#1swxYwYdS)u�
    Initialize Sentry client
    shutdown_timeout=0 disables Atexit integration as stated in docs:
    'it’s easier to disable it by setting the shutdown_timeout to 0'
    https://docs.sentry.io/platforms/python/default-integrations/#atexit
    On the other hand, docs say, that
    'Setting this value too low will most likely cause problems
    for sending events from command line applications'
    https://docs.sentry.io/error-reporting/configuration/?platform=python#shutdown-timeout
    �event�hintr-c��|d�ddi��|�di��}|�dd��}|r|g|d<|S)z�
        Add extra data into sentry event
        :param event: original event
        :param hint: additional data caught
        :return: updated event
        r2zxray.versionz
0.6-49.el9�fingerprintN)rT�get)r�r��
extra_datar�s    rS�add_infozsentry_init.<locals>.add_info�s`��	�g����~�|�<�=�=�=��Y�Y�w��+�+�
� �n�n�]�D�9�9���	1�$/�=�E�-� ��rZc���t��}|r|�d��nd}|r|�d��nd}t��rdnd}d|fd|fd|fdtj��fdtd	��fd
t
��fdtd��fd
���fdt��ff	}|D]}|j|��
dS)Nr��name�WP2zControl Panel NamezControl Panel VersionzControl Panel Product�kernelzCloudLinux version�
os_releasezCloudlinux edition�Architecture�architecture�
ip_address�username)	rr�r�platform�releaserrrr�)�sentry_scope�cp_description�
cp_version�cp_name�
cp_product�tags�tag�ip_addrs       �rS�set_tagszsentry_init.<locals>.set_tags�s���+�-�-��6D�N�^�'�'�	�2�2�2�$�
�0>�H�.�$�$�V�,�,�,�D��0�2�2�<�U�U��
�%�w�/�(�*�5�(�*�5��8�+�-�-�.�%�'=�l�'K�'K�L�%�'>�'@�'@�A��!7��!G�!G�H��w�w�y�y�)��W�Y�Y�'�	���	'�	'�C� �L� �#�&�&�&�	'�	'rZNc��dS�NrW)�pending�timeouts  rS�nopezsentry_init.<locals>.nope�s���rZc���t|t��5}	|�|df��|���d}n#t$rd}YnwxYwddd��n#1swxYwY|S)aI
        address_family - we can choose constants represent the address
                           (and protocol) families
                           (AF_INET for ipv4 and AF_INET6 for ipv6)
        private_ip - specify some private ip address. For instance:
                     ipv4 -> 10.255.255.255 or ipv6 -> fc00::
        r"rN)r
r�connect�getsocknamerk)�address_family�
private_ip�s�IPs    rS�
try_get_ipzsentry_init.<locals>.try_get_ip�s����N�J�
/�
/�	�1�
��	�	�:�q�/�*�*�*��]�]�_�_�Q�'�����
�
�
�����
����		�	�	�	�	�	�	�	�	�	�	����	�	�	�	��	s4�A(�1A
�	A(�
A�A(�A�A(�(A,�/A,c�`��tdftdff}|D]\}}�||��}|r|cS�dS)z&
        Retrieve server's IP
        z10.255.255.255zfc00::z	127.0.0.1)rr)�
ipversions�addr_fam�priv_ip�ipr�s    �rSr�zsentry_init.<locals>.ip_addr�sZ����/�0�8�X�2F�F�
�!+�	�	��H�g���H�g�.�.�B��
��	�	�	�
��{rZ)�level�event_levelzalt-php-xray@0.6-49.el9)�callbacki')�dsn�before_sendr��max_value_length�integrations�idr��r-N)�dictrCr�logging�INFO�WARNINGr�rr��initr#r�rrr�userrk)	r�r�r��sentry_logging�xray_ver�
silent_atexitr�r�r�s	       @@rS�sentry_initr�s��������D��T�����"'�'�'�'�'�*
�
�
�
���� 	�S�	�	�	�	�	�	�(�g�l�4;�O�E�E�E�N��~�~�:�!:�H�%�t�4�4�4�M��O�
��$�%*�"0�-�!@�B�B�B�B�
�	#�	%�	%����(��5�5�a�����a�l�n�n�a�X_�Xa�Xa�
��
�	��H�U�O�O�O�O���	�	�	��D�	����
��������������������s6�-=D�+C7�6D�7
D�D�D�D�D�D�lognamec�H�tjtjtjtjtjd�}t
��	tj|���g}|dkr&|�tj	����tj
|�|tj��dd|���n8#t$r+tj
tj
��g���YdSwxYw	tj|d	��n#t $rYnwxYw|S)
z[
    Configure logging and Sentry
    :param logname: path to log
    :return: logpath
    )�debugr�r@�error�critical)�filenamerz1%(asctime)s [%(threadName)s:%(name)s] %(message)sz%m/%d/%Y %I:%M:%S %p)r�r��datefmt�handlers)rNr�)r�DEBUGrr	�ERROR�CRITICALr�FileHandler�append�
StreamHandler�basicConfigr�rB�NullHandlerr5�chmod�PermissionError)rr��levelsrs    rS�configure_loggingr#�s7�������?����$���F��M�M�M�
����1�1�1�
���G����O�O�G�1�3�3�4�4�4���&�*�*�U�G�L�"A�"A�#V�$:�%-�	/�	/�	/�	/�	/��������g�&9�&;�&;�%<�=�=�=�=��������

�
���%� � � � ���
�
�
���
�����Ns%�
A8C�1C8�7C8�<D�
D�Dz"^[a-zA-Z0-9_][a-zA-Z0-9._-]{0,31}$r�c���|std���t�|��std|�����	tj|��dS#t
$rtd|����d�wxYw)z�Validate that username is a real system user.

    Raises ValueError with a clear message if username is empty,
    has an invalid format, or does not exist in the system user database.
    zusername must not be emptyzInvalid username: zsystem user does not exist: N)�
ValueError�_safe_username_pattern�match�pwd�getpwnamre)r�s rS�validate_system_userr*s����7��5�6�6�6�!�'�'��1�1�<��:�h�:�:�;�;�;�P���X��������P�P�P��D��D�D�E�E�4�O�P���s�A�A3�clwpos_argsc��t|��ttj��s-d�|D��}dd�|��z}dd|ddd|gSd	|d
g|zS)z�Build subprocess argv for /usr/bin/clwpos-user invocation.

    Non-CageFS: wraps in sudo -u <user> bash -c with shell-quoted args.
    CageFS: passes args directly via cagefs_enter_user argv.
    c�P�g|]#}tjt|������$SrW)�shlexr�rC)r��as  rSr�z)build_clwpos_user_cmd.<locals>.<listcomp>'s(��?�?�?�a�e�k�#�a�&�&�)�)�?�?�?rZz/usr/bin/clwpos-user � �sudo�-uz-sz	/bin/bashz-cz/sbin/cagefs_enter_userz/usr/bin/clwpos-user)r*rr�CAGEFSr7)r�r+�
safe_parts�	inner_cmds    rS�build_clwpos_user_cmdr6s|����"�"�"�%�g�n�5�5�6�?�?�;�?�?�?�
�+�c�h�h�z�.B�.B�B�	���h��k�4��K�K�)�8�&�(�*5�6�	6rZrP�dstc���	tj||��dS#t$rD}tt	d�||t
|��������|�d}~wwxYw)zZ
    Move file with error catching
    :param src: source
    :param dst: destination
    z Failed to move file {} to {}: {}N)�shutil�moverBr)r�r�rC)rPr7rOs   rS�	safe_mover;/sv��_���C���������_�_�_���<�C�C�C��c�RS�f�f�U�U�V�V�W�W�]^�^�����_���s��
A'�?A"�"A'�
sock_locationz
socket objectc���ttj�dd����}|dkr�t	��5	tj|��n#t$rYnwxYwtt��}|�	|��|�
��ddd��n#1swxYwYn/tdtt��}|�
��|S)z�
    Create world-writable socket in given sock_location
    or reuse existing one
    :param sock_location: socket address
    :return: socket object
    �
LISTEN_FDSrN�)
rur5�environr��umask_0rA�FileNotFoundErrorr
r�bind�listenrr
)r<�
listen_fds�sockobjs   rS�
create_socketrG;s���R�Z�^�^�L�!�4�4�5�5�J��Q���
�Y�Y�	�	�
��	�-�(�(�(�(��$�
�
�
���
�����W�o�o�G��L�L��'�'�'��N�N����	�	�	�	�	�	�	�	�	�	�	����	�	�	�	����G�[�1�1���������Ns7�B2�A�B2�
A&�#B2�%A&�&AB2�2B6�9B6�lve_idc�>�ttj��sdSd}d|�d�}	t|��5}|D]�}|�|��rut
�d|��t|����	|��d�����ccddd��S��	ddd��n#1swxYwYn@#t$r3}t
�d|t|����Yd}~nd}~wwxYwdS)	zX
    Retrieve current value of CPU throttled time.
    Return 0 in case of failures
    r�throttled_timez/sys/fs/cgroup/cpu,cpuacct/lvez	/cpu.statz%s���NzFailed to open %s: %s)
rr�LVErDr9r?rrur�r�rBrrC)rH�marker�	stat_file�stat_values�valuerOs      rS�get_current_cpu_throttling_timerQSs���
&�g�k�2�2���q�
�F�B��B�B�B�I�A�
�)�_�_�	H��$�
H�
H���#�#�F�+�+�H��L�L��u�-�-�-��u�{�{�}�}�2�2�6�:�:�2�>�D�D�F�F�G�G�G�G�		H�	H�	H�	H�	H�	H�	H�	H�H�
H�	H�	H�	H�	H�	H�	H�	H�	H�	H�	H�	H����	H�	H�	H�	H���
�A�A�A����,�i��Q���@�@�@�@�@�@�@�@�����A�����1sG�C�BC�6C�C�C�C�C�C�C�
D�')D�Dc���d}tj�|��sdS	tj|d|dgddd���}|j���|j���fS#tj$r6}t�
ddt|��i�	��Yd}~dSd}~wt$r3}t�
d
t|����Yd}~dSd}~wwxYw)z�
    'selectorctl -u username --user-current' command
    :param username: name of user
    :return: tuple(stdout, stderr) or None if command fails
    z/usr/bin/selectorctlNr2z--user-currentT��capture_outputr�rpz&Failed to get selectorctl user-currentr3r1z%selectorctl --user-current failed: %s)r5r6�isfile�
subprocess�run�stdoutr��stderr�CalledProcessErrorr?r@rC�subprocess_errorsr)r��_selectorctl�resultrOs    rS�_selectorctl_get_versionr^gsE��*�L�
�7�>�>�,�'�'���t�����!%�!)�!1�!3�04�$�d�	L�L�L��
�}�"�"�$�$�f�m�&9�&9�&;�&;�;�;���(�.�.�.����?�#�S��V�V�_�	�	.�	.�	.�	.�	.�	.�	.�	.�	.������������<���V�V�	�	�	�	�	�	�	�	�	��������s$�A
A3�3C3�+B3�3
C3�(C.�.C3c��d}tj�|��sdS	tj|d|gddd���}|j���S#tj$r6}t�	ddt|��i���Yd}~dSd}~wt$r3}t�d	t|����Yd}~dSd}~wwxYw)
z�
    'cagefsctl --get-prefix username' command
    :param username: name of user
    :return: cagefsctl prefix for given username
            or None if command fails
    �/usr/sbin/cagefsctlNz--getprefixTrSzFailed to get cagefsctl prefixr3r1z cagefsctl --getprefix failed: %s)
r5r6rUrVrWrXr�rZr?r@rCr[r�r��
_cagefsctlr]rOs    rS�cagefsctl_get_prefixrcs/��'�J�
�7�>�>�*�%�%���t�����!.�!)�!+�04�$�d�L�L�L���}�"�"�$�$�$���(�.�.�.����7�#�S��V�V�_�	�	.�	.�	.�	.�	.�	.�	.�	.�	.������������7���V�V�	�	�	�	�	�	�	�	�	��������s#�3A�C�(+B�
C�&(C�Cc���d}tj�|��sdS|�|ddg}n|d|g}	tj|dd���t
�d|��dS#tj$r6}t
�d	d
t|��i���Yd}~dSd}~wt$r3}t
�dt|����Yd}~dSd}~wwxYw)
z�
    'cagefsctl --remount username' or 'cagefsctl --remount-all' command
    :param username: name of user or None (for remount-all)
    r`Nz--wait-lockz
--remount-allz	--remountT)rprTzRemounted %szFailed to remount cagefsr3r1zcagefsctl --remount failed: %s)r5r6rUrVrWr?r�rZr@rCr[r)r�rbrLrOs    rS�_cagefsctl_remountre�s;��
'�J�
�7�>�>�*�%�%�������M�?�;����K��2�����t�4��=�=�=�=����N�H�-�-�-�-�-���(�.�.�.����1�#�S��V�V�_�	�	.�	.�	.�	.�	.�	.�	.�	.�	.������������5���V�V�	�	�	�	�	�	�	�	�	��������s#�2A&�&C&�5+B&�&
C&�3(C!�!C&c�4�d}tj�|��sdS	tj|d|gdd���}d|j���vS#t$r3}t�	dt|����Yd}~dSd}~wwxYw)	z�
    'cagefsctl --user-status username' command
    :param username: name of user
    :return: True if user has Enabled status, False otherwise
    r`Fz
--user-statusT)rTr��Enabledz"cagefsctl --user-status failed: %sN)r5r6rUrVrWrXr�r[r?rrCras    rS�_is_cagefs_enabledrh�s���'�J�
�7�>�>�*�%�%���u�����!0�!)�!+�04�$�@�@�@���F�M�/�/�1�1�1�1���������9���V�V�	�	�	�	�	�	�	�	�	��������s�4A�
B�$(B�Bc��	td��5}|���}ddd��n#1swxYwYn#t$rYdSwxYwd|vS)z`
    Check if there is php.d.location = selector
    set in /etc/cl.selector/symlinks.rules
    z/etc/cl.selector/symlinks.rulesNF�selector)rDrErB)�
rules_file�contentss  rS�_is_selector_phpd_location_setrm�s���
�
�3�
4�
4�	)�
�!���(�(�H�	)�	)�	)�	)�	)�	)�	)�	)�	)�	)�	)����	)�	)�	)�	)��������u�u�������!�!s'�>�2�>�6�>�6�>�
A�Ac��tt��5}t|�����dkcddd��S#1swxYwYdS)z:Check if there are no active tasks (== empty task storage)rN)r^r$�len�keys)rbs rS�no_active_tasksrq�s���	�(�	)�	)�-�\��<�$�$�&�&�'�'�1�,�-�-�-�-�-�-�-�-�-�-�-�-����-�-�-�-�-�-s�%A�A�A�enabledc�H�ttj��sdS	tddd���5}|�|rdnd��ddd��dS#1swxYwYdS#t
$r4}t�d|t|����Yd}~dSd}~wwxYw)	zb
    Switch on/off throttle statistics gathering by kmodlve
    :param enabled: True or False
    Nz!/proc/sys/kernel/sched_schedstats�wbr)�mode�	buffering�1�0z(Failed to set sched_schedstats to %s: %s)	rrrLrDrJrBr?r�rC)rr�frOs   rS�switch_schedstatsrz�s��
&�g�k�2�2����%�
�5�D�����	/�"#�
�G�G�G�-�D�D��.�.�.�	/�	/�	/�	/�	/�	/�	/�	/�	/�	/�	/�	/����	/�	/�	/�	/�	/�	/���%�%�%����>��S��V�V�	%�	%�	%�	%�	%�	%�	%�	%�	%�����%���s:�A#�A�	A#�A�A#�A�A#�#
B!�-)B�B!c�J�t���dd��duS)zG
    Check if end-users have access to X-Ray UI of End-User plugin
    �hideXrayApp�
uiSettingsF)r�	get_paramrWrZrS�is_xray_app_availabler�s#���:�:���
�|�<�<��E�ErZc���ttt��5}	|�t��n##t
tf$rYddd��dSwxYw	ddd��n#1swxYwYdS)z Check if User Agent is listeningNFT)r
rr
r�r(�ConnectionErrorrB)r�s rS�is_xray_user_agent_activer��s���	���	%�	%���	�
�I�I�o�&�&�&�&����)�	�	�	��	��������	����
'�������������������
�4s1�A(�8�A(�A�	A(�A�A(�(A,�/A,c�B�tj�d��S)z2Check if SSA is disabled by its internal flag-filez/usr/share/clos_ssa/ssa_enabled)r5r6rUrWrZrS�ssa_disabledr��s���w�~�~�?�@�@�@�@rZc�~�	t��tj|��jz
dkS#t$rYdSwxYw)z.Check is file was modified during the last dayi�QF)rwr5�stat�st_mtimerB)r�s rS�is_file_recently_modifiedr��sJ����{�{�R�W�X�.�.�7�7�%�?�?�������u�u����s�+.�
<�<c�p�t|��5t��}ddd��n#1swxYwY|Sr�)rr )rr]s  rS�get_user_php_versionr�su��	��	�	�/�/�,�.�.��/�/�/�/�/�/�/�/�/�/�/����/�/�/�/��Ms�+�/�/rR�'file object providing a fileno() methodc#��K�td��D]�}	tj|tjtjz��t
�d|��n�#t$rf}t
�dt|����|j	tj
tjfvr�tj
d��Yd}~��d}~wwxYwt|d��d����	dV�tj|tj��t
�d	|��dS#tj|tj��t
�d	|��wxYw)
uq
    Context manager for locking given file object
    :param fd: а file object providing a fileno() method
    �xzFile %s lockedzFailed to lock: %sg�?Nz%Failed to lock at all. Exiting threadr@)�flagzFile %s unlocked)�range�fcntl�flock�LOCK_EX�LOCK_NBr?r�rBrC�errno�EAGAIN�EACCESrv�sleepr)�LOCK_UN)rRr�rOs   rS�filelockr�s[�����3�Z�Z�
(�
(��		��K��E�M�E�M�9�:�:�:��K�K�(�"�-�-�-��E���	�	�	��K�K�,�c�!�f�f�5�5�5��w�u�|�U�\�:�:�:���J�s�O�O�O�O�O�O�O�O�����	�������A�B�B�&�(�(�(�	(�,�
����	��B��
�&�&�&����&��+�+�+�+�+��	��B��
�&�&�&����&��+�+�+�+���s%�AA�
C�(AC	�	C�,D,�,<E(Fr�	is_shelvec#�K�tj�|��}d}td��D]�}	|rt	j|��}nt
j|d��}t�d|��nd#tj	$r=}t�
d|||��|}tjd��Yd}~��d}~wwxYwtd|�d|�����	|V�|���t�d	|��dS#|���t�d	|��wxYw)
a1
    Context manager for waiting for lock to be released for DBM file storage,
    either plain DBM or a Shelf object
    (desired return value is controlled by _shelve_instance flag)
    :param filename: a DBM file to open
    :param is_shelve: if a shelve file should be opened instead of plain DBM
    N�d�czStorage %s openedz#[#%i] Failed to open storage %s: %sg333333�?zFailed to open z
 storage: zStorage %s closed)r5r6�basenamer��shelverD�dbmr?rrr�rvr�rjrK)rr��_file�_errr��storagerOs       rSr^r^-se����
�G���X�&�&�E��D�
�3�Z�Z�7�7��	��
2� �+�h�/�/����(�8�S�1�1���L�L�,�e�4�4�4��E���y�	�	�	��K�K�=�q��q�
"�
"�
"��D��J�s�O�O�O�O�O�O�O�O�����		�����5�e�5�5�t�5�5�7�7�	7�1��
�
�
��
�
�������(�%�0�0�0�0�0��	�
�
�������(�%�0�0�0�0���s$�AA?�?C�3C�C�$D�1E
�maskc#�bK�tj|��}dV�tj|��dS)z,
    Context manager for dropping umask
    N)r5�umask)r��prevs  rSrArAOs/����
�8�D�>�>�D�	�E�E�E��H�T�N�N�N�N�NrZr�T�
target_uid�
target_gidc#��K�tj��}tj��}td��}	tj|��}n#t
$rd}YnwxYw|�|�|}n|j}|�|�|}n|j}|�tj|��}	||krWtj	|��t�d|��|r&tj��|krt|���||krqtj|��t�d|��|r@tj��|kr)||krtj	|��t|���	dV�||kr/tj|��t�d|��||kr/tj	|��t�d|��|�tj|	��dSdS#||kr/tj|��t�d|��||kr/tj	|��t�d|��|�tj|	��wwxYw)aH
    Context manager to drop privileges during some operation
    and then restore them back.
    If target_uid or target_gid are given, use input values.
    Otherwise, stat target_uid and target_gid from given target_path.
    If no target_path given, use current directory.
    Use mask if given.
    :param target_uid: uid to set
    :param target_gid: gid to set
    :param target_path: directory or file to stat for privileges,
                       default -- current directory
    :param mask: umask to use
    :param with_check: check the result of switching privileges
    z6Unable to execute required operation: permission issueNzDropped GID privs to %szDropped UID privs to %szRestored UID privs to %szRestored GID privs to %s)r5�getuid�getgidr�r�rB�st_uid�st_gidr��setegidr?r�getegidr)�seteuid�geteuid)
r�r��target_pathr��
with_check�prev_uid�prev_gid�permission_issue_message�	stat_infor�s
          rS�set_privilegesr�Ys�����"�y�{�{�H��y�{�{�H� �!Y�Z�Z����G�K�(�(�	�	�������	�	�	���������!�J�J�"�)�J�����!�J�J�"�)�J����x��~�~���:���
�
�:�������.�
�;�;�;��	6�"�*�,�,�*�4�4��4�5�5�5��:���
�
�:�������.�
�;�;�;��	6�"�*�,�,�*�4�4��:�%�%��
�8�$�$�$��4�5�5�5��
�����z�!�!��J�x� � � ��L�L�3�X�>�>�>��z�!�!��J�x� � � ��L�L�3�X�>�>�>����H�T�N�N�N�N�N�����z�!�!��J�x� � � ��L�L�3�X�>�>�>��z�!�!��J�x� � � ��L�L�3�X�>�>�>����H�T�N�N�N�N����s�A�A�A�'G/�/BI2c#�K�	tj|��tj|��dV�tjd��tjd��dS#tjd��tjd��wxYw)z�
    Dive into user context by dropping permissions
    to avoid most of the security issues.

    Does not cover cagefs case because it also requires nsenter,
    which is only available with execve() call in our system
    Nr)r5r�r�)�uid�gids  rS�user_contextr��sn�����
�
�3����
�
�3����
����
�
�1�
�
�
�
�
�1�
�
�
�
�
��	�
�1�
�
�
�
�
�1�
�
�
�
���s�,A�*Bc������fd�}|S)z:
    Decorator to retry method on specific exceptions
    c�������fd�}|S)Nc�F��d}ttd��t���z��}|�krk	�|i|��S#t���$rG}|dz
}t	jdt|����|}t
jd��Yd}~nd}~wwxYw|�k�k|�)Nrz0Request to website failed even after %s retries.r"z'Retry to request website, exception: %s)r%r�rC�tuplerr@rvr�)rLrX�retries�	exceptionrO�exceptions_to_retryr,�max_retriess     ���rSrYz7retry_on_exceptions.<locals>.decorator.<locals>.wrapper�s�����G�"�1�%W�#X�#X�[^�_j�[k�[k�#k�l�l�I��K�'�'�"��4��0��0�0�0���0�1�1�"�"�"��q�L�G��O�$M�s�ST�v�v�V�V�V� !�I��J�q�M�M�M�M�M�M�M�M�����	"�����K�'�'��Os�?�B�=B�BrW)r,rYr�r�s` ��rS�	decoratorz&retry_on_exceptions.<locals>.decorator�s.����	�	�	�	�	�	�	��rZrW)r�r�r�s`` rS�retry_on_exceptionsr��s*����
�
�
�
�
�
��rZrr�)rRr�r-N)F)r)NNr�NT)��__doc__r�r�r�r(�re�getpassrr�rr5r�r9r.rVr�rv�xml.etree.ElementTree�etree�ElementTreer��
contextlibr�datetimerr�	functoolsrr	r
rrr
rrr�typingrrrr��sentry_sdk.integrations.atexitr�sentry_sdk.integrations.loggingr�clcommon.constr�clcommon.cpapirrrr�clcommon.lib.cleditionr�clcommon.ui_configr�clcommon.clpwdr�clcommon.utilsr�clcommon.lib.networkr�!xray.internal.clwpos_safe_importsr �xrayr!r��	constantsr#r$r%r&r'r(�
exceptionsr)r*�	getLoggerr?rBr%�SubprocessErrorr[r[rlrsrurwr{rrCr�rr�r�r�r�r��boolror�r�r�rr#�compiler&r*�listr6r;rGrQr�r^rcrerhrmrqrzrr�r�r�r�r�r^rAr�r�r�rWrZrS�<module>r�s	�����
�
�
���������
�
�
�
�	�	�	�	���������������	�	�	�	�
�
�
�
�
�
�
�
�����������������"�"�"�"�"�"�"�"�"�%�%�%�%�%�%�$�$�$�$�$�$�$�$�������������'�'�'�'�'�'�'�'�'�'�'�'�'�'�'�'�'�'�+�+�+�+�+�+�+�+�+�+�����<�<�<�<�<�<�>�>�>�>�>�>�"�"�"�"�"�"�h�h�h�h�h�h�h�h�h�h�h�h�:�:�:�:�:�:�'�'�'�'�'�'�*�*�*�*�*�*�1�1�1�1�1�1�-�-�-�-�-�-�I�I�I�I�I�I�����������������������3�2�2�2�2�2�2�2�
��	�7�	#�	#���Z��3���C�(�C�x�C�C�C�C�L5�X�5�(�5�5�5�5�p�H�������4�3�����,�4�,�,�,�,�"�#�"�$�"�"�"�"�,�C�,�,�,�,��D��J��3�����2B�D��J�B�3�B�B�B�B�
B�S�
B�
B�
B�
B� ;E�
�
��
�C�
��
�
�
�
�3=���C��������3������8�D�>������	O��	O�	O�	O���	O�7�#�7�(�3�-�7�7�7�7�:�h�s�m�:�:�:�:�_�_�_�_�D+8�"�"�s�"�H�S�M�"�"�"�"�J$���$I�J�J��
P�3�
P�4�
P�
P�
P�
P� 
6�C�
6�d�
6�t�
6�
6�
6�
6� 	_�3�	_�S�	_�T�	_�	_�	_�	_���������0
�C�
�C�
�
�
�
�(�s��x�������0�3��8�C�=�����0���������.��������(
"��
"�
"�
"�
"�-��-�-�-�-�%�t�%��%�%�%�%�$F�t�F�F�F�F��4�����A�d�A�A�A�A�
������������,�,�,���,�<�1�1�#�1�$�1�1�1���1�B���#��d��������=A�AE�H�H�s�H�s�H�*-�H�JN�H�H�H���H�V������&����rZ

Yohohohohohooho | Sanrei Aya