ok
Mini Shell
�
I/�f�9���ddlZddlZddlZddlZddlZddlZddlmZmZGd�de ��Z
Gd�de ��ZGd�de ��ZGd �d
e ��Z
dZgd�Zd
gZgd�ZdZdZdZGd�d��ZdS)�N)�S_IRUSR�S_IRGRPc��eZdZd�ZdS)�
NoSuchUserc�D�t�|d|�d���dS)NzNo such user (�)�� Exception�__init__)�self�users ��/builddir/build/BUILDROOT/alt-python27-cllib-3.4.11-1.el8.cloudlinux.x86_64/opt/cloudlinux/venv/lib/python3.11/site-packages/clsudo.pyrzNoSuchUser.__init__s*�����4�!9�$�!9�!9�!9�:�:�:�:�:�N��__name__�
__module__�__qualname__r�rrrrs#������;�;�;�;�;rrc��eZdZd�ZdS)�NoSuchGroupc�D�t�|d|�d���dS)NzNo such group (rr )r�groups rrzNoSuchGroup.__init__s*�����4�!;�5�!;�!;�!;�<�<�<�<�<rNrrrrrr�#������=�=�=�=�=rrc��eZdZd�ZdS)�UnableToReadFilec�<�t�|d��dS)NzCannot read sudoers filer �rs rrzUnableToReadFile.__init__s�����4�!;�<�<�<�<�<rNrrrrrrrrrc��eZdZd�ZdS)�UnableToWriteFilec�<�t�|d��dS)NzCannot modify sudoers filer rs rrzUnableToWriteFile.__init__!s�����4�!=�>�>�>�>�>rNrrrrrr s#������?�?�?�?�?rrz/etc/sudoers)z/bin/psz /bin/grepz
/sbin/servicez%/usr/bin/getcontrolpaneluserspackagesz/usr/sbin/lvectlz>/usr/local/directadmin/plugins/new_lvemanager/admin/GetDomainsz0/usr/share/l.v.e-manager/utils/cloudlinux-cli.pyz5/usr/share/l.v.e-manager/utils/cloudlinux-cli-user.py)�/usr/bin/cl-selectorz/usr/bin/pinisetz/usr/sbin/lvepsz/usr/bin/selectorctlzDefaults:%s !requirettyz-%%%s ALL=NOPASSWD: LVECTL_CMDS, SELECTOR_CMDSzDefaults:%%%s !requirettyc�x�eZdZdZdZgZdZdZdZdZ dZ
dZdZdZ
dZdZeefd���Zeefd���Zeefd���Zeefd���Zeefd���Zeefd ���Zed
���Zed���Zed���Zed
���Zed���Zed���Zed���ZdS)�Clsudoz/
Adds CloudLinux users to sudoers file
NFc���t�|��t�|��t�|��tjs:tj�dd�t��z��tj s:tj�dd�t��z��tjs:tj�dd�t��z��tj
s"tj�|�d���tjs"tj�|�d���tjs"tj�|�d���tjs(tj�t"|fz��t���dS) z@
Adds username to sudoers file (for lvemanager)
�Cmnd_Alias LVECTL_CMDS = �, zCmnd_Alias LVECTL_USER_CMDS = �Cmnd_Alias SELECTOR_CMDS = � ALL=NOPASSWD: LVECTL_CMDS�% ALL=(ALL) NOPASSWD: LVECTL_USER_CMDS� ALL=NOPASSWD: SELECTOR_CMDSN)r#�update_commands_list�_check_user�
_get_contents� has_alias�sudoers_list�append�join�ALIAS_LVECTL_CMDS�has_user_alias�ALIAS_LVECTL_USER_CMDS�has_selector_alias�ALIAS_SELECTOR_CMDS�
has_rights�has_user_rights�has_selector_rights�
has_action�DEFAULTS_REQUIRETTY�_write_contents�r
�sudoers_files r�add_userzClsudo.add_userEs��� �#�#�L�1�1�1����4� � � ����T�"�"�"��� c���&�&�'B�T�Y�Y�O`�Ea�Ea�'a�b�b�b��$� m���&�&�'G�$�)�)�Tj�Jk�Jk�'k�l�l�l��(� g���&�&�'D�t�y�y�Qd�Ge�Ge�'e�f�f�f�� � L���&�&�$�'J�'J�'J�K�K�K��%� W���&�&�$�'U�'U�'U�V�V�V��)� N���&�&�$�'L�'L�'L�M�M�M�� � F���&�&�':�d�W�'D�E�E�E���� � � � � rc���|t_t�|��t�|��tjstj�d��tjs"tj�|�d���tjs(tj�t|fz��t�
��dS)z<
Adds username to sudoers file (for cagefs)
zOCmnd_Alias CAGEFS_CMDS = /usr/sbin/cagefsctl, /bin/ps, /bin/grep, /sbin/service� ALL=NOPASSWD: CAGEFS_CMDSN)r#�filepathr,r-�has_cagefs_aliasr/r0�has_cagefs_rightsr:r;r<r=s r�add_cagefs_userzClsudo.add_cagefs_user_s���
'������4� � � ����T�"�"�"��&� L���&�&�(K�
L�
L�
L��'� L���&�&�$�'J�'J�'J�K�K�K�� � F���&�&�':�d�W�'D�E�E�E���� � � � � rc��t�|��t�|��t�|��tjs:tj�dd�t��z��tj s:tj�dd�t��z��tjs(tj�t|fz��tj
s(tj�t|fz��t���dS)zJ
Adds group to sudoers file, grants access to LVE Manager
r%r&r'N)r#r+�_check_group�_get_contents_groupr.r/r0r1r2r5r6r:�GROUP_LVECTL_SELECTOR�has_group_action�GROUP_DEFAULTS_REQUIRETTYr<)�
group_namer>s r�add_lvemanager_groupzClsudo.add_lvemanager_groupps�� �#�#�L�1�1�1����J�'�'�'��"�"�:�.�.�.��� c���&�&�'B�T�Y�Y�O`�Ea�Ea�'a�b�b�b��(� g���&�&�'D�t�y�y�Qd�Ge�Ge�'e�f�f�f�� � N���&�&�'<�
�}�'L�M�M�M��&� R���&�&�'@�J�=�'P�Q�Q�Q���� � � � � rc��|t_ ttjd���5}|������t_ddd��n#1swxYwYd}d}|t
tj��krjtj|}|�d�|vs
t|fz|vr"tj�|��d}�e|dz
}|t
tj��k�j|rt� ��dSdS#ttf$r}t��|�d}~wwxYw) z5
Removes username from sudoers file
�utf-8��encodingNrFz ALL=NOPASSWD:T�)
r#rB�open�read�
splitlinesr/�lenr;�remover<�IOError�OSErrorr)r
r>�f�idx�removed�line�es r�remove_userzClsudo.remove_user�s���
'��� ,��f�o��8�8�8�
<�A�&'�f�f�h�h�&9�&9�&;�&;��#�
<�
<�
<�
<�
<�
<�
<�
<�
<�
<�
<����
<�
<�
<�
<��C��G���F�/�0�0�0�0��*�3�/���,�,�,��5�5�<O�SW�RY�<Y�^b�;b�;b��'�.�.�t�4�4�4�"�G���q���
��F�/�0�0�0�0��
)��&�&�(�(�(�(�(�
)�
)����!� ,� ,� ,�"�$�$�!�+����� ,���s;�D�1A&�D�&A*�*D�-A*�.B)D�E�,D;�;Ec��t�|��t�|��t�|��dS)z�
updates username in sudoers file
:param user: username for caching
:param sudoers_file: path to /etc/sudoers (only for tests)
:return: None
N)r#r+r,r-r=s r�update_userzClsudo.update_user�sH�� �#�#�L�1�1�1� ���4� � � ����T�"�"�"�"�"rc�j�|t_tj�tj��t_t���ttd�}d}ttj
��D]�\}}|���D]z\}}||vrq|�|d���
��}|�d��}|D]1}||vr+d}|�dd�|����tj
|<n�2�{|rt�����dS) z�
Update command lists for lvemanager plugin
If any required command absent in file, add it
:param sudoers_file: path to /etc/sudoers
:return: None
)�Cmnd_Alias LVECTL_CMDS�Cmnd_Alias SELECTOR_CMDSF��,Tz = r&N)r#rB�os�path�dirname�temp_dir�
_read_sudoersr2r6� enumerater/�items�replace�strip�splitr1r<) r>� cmnd_dict�is_sudoer_changer[�command_string�
aliase_key�aliase_list� cmnd_list�aliase_cmnd_items rr+zClsudo.update_commands_list�sE��'����'�/�/�&�/�:�:���������/@�1D�F�F� � ��#,�V�-@�#A�#A� )� )��C��+4�?�?�+<�+<�
"�
"�'�
�K���/�/�%3�%;�%;�J��%K�%K�%Q�%Q�%S�%S�N� .� 4� 4�S� 9� 9�I�,7�"�"�(�+�9�<�<�/3�,�:D�7a�7a����S^�I_�I_�7a�7a�F�/��4�!�E�=�� �
)��&�&�(�(�(�� )� )rc�t� tj|��dS#t$r}t|��|�d}~wwxYw)zZ
Checks passwd database for username presence
@param user: string
N)�pwd�getpwnam�KeyErrorr)r
r^s rr,zClsudo._check_user�sL�� *��L��������� *� *� *��T�"�"��)����� *������
7�2�7c�t� tj|��dS#t$r}t|��|�d}~wwxYw)z_
Checks grp database for group_name presence
@param group_name: string
N)�grp�getgrnamr{r)rLr^s rrGzClsudo._check_group�sL�� 1��L��$�$�$�$�$��� 1� 1� 1��j�)�)�q�0����� 1���r|c���ttjd���5}|������t_ddd��dS#1swxYwYdS)NrOrP)rSr#rBrTrUr/)rZs rrkzClsudo._read_sudoers�s���
�&�/�G�
4�
4�
4� 8��"#�&�&�(�(�"5�"5�"7�"7�F�� 8� 8� 8� 8� 8� 8� 8� 8� 8� 8� 8� 8���� 8� 8� 8� 8� 8� 8s�1A�A�!Ac��dt_dt_dt_dt_dt_dt_dt_dt_dt_ dt_
tjd|�d���} t�
��ttj��D�]\}}d|vr
dt_�d|vr
dt_�(d|vr
dt_ �9|�d�|vr
dt_�M|�d �|vr
dt_�a|�d
�|vr
dt_
�ud|vr$|�|��}|rdt_��d|vr[d
|vr#|�dd��tj|<d|vr#|�dd��tj|<dt_��|�d�|vrdt_����dS#t$t&f$r}t)��|�d}~wwxYw)zM
Reads file into list of strings
@param user: string
FzDefaults:\s*z\s*!requirettyrcTzCmnd_Alias LVECTL_USER_CMDS�Cmnd_Alias CAGEFS_CMDSr(r)rA�
requirettyrd�pinisetr!�&/usr/bin/cl-selector, /usr/bin/piniset�lveps�7/usr/bin/cl-selector, /usr/bin/piniset, /usr/sbin/lvepsr*N)r#r:rJr.r3r7r8r5r9rCrD�re�compilerkrlr/�searchrnrXrYr)r
�require_tty_patternr[rs�
pattern_matchr^s rr-zClsudo._get_contents�sQ��"���"'��� ��� %���!���!&���$)��!�%*��"�"'���#(�� � �j�)M��)M�)M�)M�N�N��, ,�� � �"�"�"�'0��1D�'E�'E�'
�'
�#��^�+�~�=�=�'+�F�$��0�N�B�B�,0�F�)��+�~�=�=�.2�F�+���6�6�6�.�H�H�(,�F�%���A�A�A�^�S�S�-1�F�*���6�6�6�.�H�H�/3�F�,���>�1�1�$7�$>�$>�~�$N�$N�M�$�1�,0��)��-��?�?� ��6�6�3A�3I�3I�2�D�4�4��+�C�0��n�4�4�3A�3I�3I�D�U�4�4��+�C�0�15�F�-���8�8�8�N�J�J�15�F�.��K�K'
�'
��P��!� ,� ,� ,�"�$�$�!�+����� ,���s�EG�G>�*G9�9G>c�~�dt_dt_dt_dt_dt_dt_dt_dt_d|��}d|��}tj
|�d���} t���ttj
��D]�\}}d|vr[d|vr#|�dd��tj
|<d |vr#|�dd
��tj
|<dt_�dd|vr
dt_�ud
|vr
dt_��|�|��r#|�|��}|rdt_|�|��rdt_��dS#t"t$f$r}t'��|�d}~wwxYw)zS
Reads file into list of strings
@param group_name: string
F�%z
Defaults:%z/\s*ALL=NOPASSWD:\s*LVECTL_CMDS,\s*SELECTOR_CMDSrdr�r!r�r�r�Trcr�N)r#r:rJr.r7r5r9rCrDr�r�rkrlr/rn�
startswithr�rXrYr)rL�group_prefix�group_action�
group_patternr[rsr�r^s rrHzClsudo._get_contents_group"s���"���"'��� ���!���$)��!�%*��"�"'���#(�� �'�:�'�'��0�J�0�0���
�z�#b�#b�#b�c�c�
� ,�� � �"�"�"�'0��1D�'E�'E�
3�
3�#��^�-��?�?� ��6�6�3A�3I�3I�2�D�4�4��+�C�0��n�4�4�3A�3I�3I�D�U�4�4��+�C�0�15�F�-��+�~�=�=�'+�F�$��+�~�=�=�.2�F�+��!�,�,�\�:�:�1�$1�$8�$8��$H�$H�M�$�1�,0��)�!�,�,�\�:�:�3�.2�F�+��3
3�
3��4��!� ,� ,� ,�"�$�$�!�+����� ,���s�DF�F<�(F7�7F<c�4� tj�tj��}d}tj||���\}}tj|d��}|�d� tj
��dz��|���ttz}tj||��t�|��st �nm#t t"f$rY} tj�|��rtj|��n#t($rYnwxYwt+��|�d}~wwxYw tj|tj��dS#t"$r}t+��|�d}~wwxYw)zX
Writes data to temporary file then checks it and rewrites sudoers file
�lve_sudoers_)�prefix�dir�w�
N)rgrhrir#rB�tempfile�mkstemp�fdopen�writer1r/�closerr�chmod�_is_file_validrXrY�exists�unlinkr
r�rename)rj�temp_prefix�fd� temp_path�fo�maskr^s rr<zClsudo._write_contentsUs���
-��w���v��7�7�H�(�K�$�,�K�X�N�N�N�M�B� ���2�s�#�#�B��H�H�T�Y�Y�v�2�3�3�d�:�;�;�;��H�H�J�J�J��W�$�D��H�Y��%�%�%��(�(��3�3�
��
�
����!� -� -� -�
��7�>�>�)�,�,�)��I�i�(�(�(����
�
�
���
����#�%�%�1�,�����
-���� -��I�i���1�1�1�1�1��� -� -� -�#�%�%�1�,����� -���sN�C'C*�*E�<3D0�/E�0
D=�:E�<D=�=E�E�E9�9
F�F�Fc�
�ddd|g}tj|tjtjtj���5}|���|jdkr ddd��dS ddd��n#1swxYwYdS)Nz/usr/sbin/visudoz-cz-f)�stdin�stdout�stderrrFT)�
subprocess�Popen�DEVNULL�PIPE�STDOUT�communicate�
returncode)�filename�cmd�procs rr�zClsudo._is_file_validqs���
���(�
��
�
���$��?��$�
�
�
� �
���������!�#�#�� � � � � � � � �$� � � � � � � � � � � ���� � � � ��ts�!A8�8A<�?A<)rrr�__doc__rBr/r:rJr.r3r7r8r5r9rCrD�staticmethod�SUDOERS_FILEr?rErMr_rar+r,rGrkr-rHr<r�rrrr#r#4s����������H��L��J����I��N��J��O����������$0�!�!�!��\�!�2�+7�!�!�!��\�!� �6B�!�!�!��\�!�&�'3�,�,�,��\�,�,�'3�#�#�#��\�#��*6�)�)�)��\�)�6�*�*��\�*��1�1��\�1��8�8��\�8��>,�>,��\�>,�@�0,�0,��\�0,�d�-�-��\�-�6����\���rr#)rgryr~r�r�r��statrrr
rrrrr�r2r4r6r;rIrKr#rrr�<module>r�s���
� � � �
�
�
�
�
�
�
�
� � � � ���������!�!�!�!�!�!�!�!�;�;�;�;�;��;�;�;�
=�=�=�=�=�)�=�=�=�
=�=�=�=�=�y�=�=�=�
?�?�?�?�?� �?�?�?�
��I�I�I��R�R��m�m�m��/��G��7��M�M�M�M�M�M�M�M�M�Mr
Zerion Mini Shell 1.0