shell bypass 403
UnknownSec Shell
:
/
opt
/
cloudlinux
/
venv
/
lib
/
python3.11
/
site-packages
/
clselect
/
clselectpython
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
apps_manager.py
# coding=utf-8 # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENSE.TXT from __future__ import print_function from __future__ import division from __future__ import absolute_import import logging import os import pwd import json from typing import AnyStr, Optional # NOQA from future.utils import iteritems import secureio from clselect.utils import get_abs_rel, run_process_in_cagefs from clcommon.clpwd import drop_privileges from clselect.baseclselect import ( BaseSelectorError, MissingVirtualenvError, MissingAppRootError, ) from clselect.clpassenger import WSGI_PATH from clselect import ClSelectExcept, clpassenger, clselectctl from clselect.baseclselect.apps_manager import BaseApplicationsManager from clselect.clselectpython.python_manager import PythonManager class PythonAppFormatVersion(object): """ Class represents possible python application versions. """ # application that was created in old selector # does not support version change and env variables LEGACY = 1 # new application, supports all selector features STABLE = 2 class PythonVenvFormatVersion(object): """ Class represents possible python application venv path versions. """ # venv that was created in old selector # and was transformed like 'app/test_1' -> 'app_test__1' LEGACY = 1 # any application (old & new) that does not contain # replacements in venv path STABLE = 2 class ApplicationsManager(BaseApplicationsManager): _USER_CONFIG = '.cl.selector/python-selector.json' _IMPORT_STATUS_ADMIN = '/var/lve/.py.migration.status' _IMPORT_STATUS_USER = '.cl.selector/.py.migration.status' _IMPORT_LOG_FILE = '/var/log/cloudlinux/py-selector/app_imports.log' _IMPORT_REQUIREMENTS_FILE = 'imported_pip_requirements.txt' INTERPRETER = 'python' VENV_DIR = 'virtualenv' BINARY_NAME = 'python' def __init__(self): super(ApplicationsManager, self).__init__(PythonManager()) # TODO: replace with real implementation (LVEMAN-1324) def _find_config_files(self, user_name, app_directory, patterns=()): return super(ApplicationsManager, self)._find_config_files(user_name, app_directory, patterns=patterns) @staticmethod def get_interpreter_specific_passenger_lines(binary_path, app_config): """ Return lines for htaccess that are specific to the python interpreter :param binary_path: path to the environment's python binary :param app_config: application's config dictionary """ specific_lines = ['PassengerPython "{}"\n'.format(binary_path)] return specific_lines def _get_legacy_applications(self, user, logger): """ Search server for old applications (created in old python selector) and add them to new config. :param user: user to search applications :param logger: logger to write messages to :return: tuple(list[applications], list[errors]) """ from clselect.clselectctlpython import WSGI_PATTERN applications = {} errors = {} user_config_data = self.get_user_config_data(user) for directory, data in iteritems(clpassenger.summary(user)): if data['interpreter'] != self.INTERPRETER: continue # noinspection PyBroadException try: app_wsgi = os.path.join(data['directory'], clpassenger.WSGI_PATH) # skip app if wsgi file was not found if not os.path.isfile(app_wsgi): logger.warning('Application %s was skipped during import, because wsgi file was not found', directory) continue with open(app_wsgi) as f: wsgi_conf = f.read() match = WSGI_PATTERN.search(wsgi_conf) if match: groupdict = match.groupdict() wsgi_path = groupdict['script'] callable_object = groupdict['callable'] else: wsgi_path = callable_object = '' py_version = os.path.basename(os.path.dirname( os.path.dirname(data['binary']))) domain = data['domains'][0] # LVEMAN-1502. if application already present in apps list use its app_version try: app_ver = user_config_data[directory][u'app_version'] except KeyError: app_ver = PythonAppFormatVersion.LEGACY app_info = { u'python_version': py_version, u'app_version': app_ver, u'domain': domain, u'app_uri': data['alias'], u'app_status': 'started', u'startup_file': wsgi_path or WSGI_PATH, u'config_files': [], u'env_vars': {}, u'entry_point': callable_object or 'application' } applications[directory] = app_info except Exception: logger.exception('Unable to import application %s', directory) errors.setdefault(directory, []).append( 'Unexpected issue during application "%s" import. ' 'Your python app will work as before, but you wo\'t be able ' 'to control it from Python Selector UI. Please, ask your system ' 'administrator to contact CloudLinux support ' 'to resolve this issue.' % directory ) continue return applications, errors def _setup_import_logger(self): """ Setup logger for application import. """ app_logger = logging.getLogger('import_apps') app_logger.setLevel(logging.DEBUG) fh = logging.FileHandler(self._IMPORT_LOG_FILE) fh.formatter = logging.Formatter( '[%(levelname)s | %(asctime)s]: %(message)s') cl = logging.StreamHandler() cl.setLevel(logging.INFO) app_logger.addHandler(fh) # app_logger.addHandler(cl) return app_logger def import_legacy_applications_to_config(self, user=None): """ Scan users for legacy applications (created by old python selector) and import them into config file. Done automatically by spec file. """ app_logger = self._setup_import_logger() users_info = self.get_users_dict(user) logging.debug('Start applications import for users %s', list(users_info.keys())) failed_users = [] skipped_users_count = 0 apps_errors = None for user, pw in iteritems(users_info): # Skip user if '.cl.selector' directory absent in his homedir cl_selector_dir = os.path.join(pw.pw_dir, '.cl.selector') if not os.path.isdir(cl_selector_dir): skipped_users_count += 1 app_logger.warning('User %s is skipped due to %s directory absent' % (user, cl_selector_dir)) continue app_logger.info('Importing user %s', user) try: # disable quota here, because clpassanger.summary creates htaccess_cache file # see clpassenger._summary for details. Will be fixed in LVEMAN-1524 with drop_privileges(user), secureio.disable_quota(): try: config = self.read_user_selector_config_json( pw.pw_dir, pw.pw_uid, pw.pw_gid) except BaseSelectorError: config = {} # take applications from clpassanger.summary and import them apps, apps_errors = self._get_legacy_applications(user, app_logger) if not apps: continue for app_root, app_config in iteritems(apps): if app_root in config: # save fields that were probably set before app_config['config_files'] = config[app_root]['config_files'] app_config['env_vars'] = config[app_root]['env_vars'] # generate pip requirements file for each legacy app self.generate_pip_requirements(user, app_root, app_logger) requirements_file = os.path.join(pw.pw_dir, app_root, self._IMPORT_REQUIREMENTS_FILE) if os.path.isfile(requirements_file) and \ self._IMPORT_REQUIREMENTS_FILE not in app_config['config_files']: # add this newly generated pip requirements file to config files app_config['config_files'].append(self._IMPORT_REQUIREMENTS_FILE) config[app_root] = app_config # case when hoster downgraded package for some time # and user destroyed some of applications # we should remove them from config file destroyed_apps = set(config.keys()) - set(apps.keys()) for app_root in destroyed_apps: config.pop(app_root) with drop_privileges(user), secureio.disable_quota(): self.write_full_user_config_data(user, config) self._set_user_legacy_import_status(pw, is_import_failed=False, apps_errors=apps_errors) except Exception as e: import_error = 'Unable to import user `%s` to new python selector. ' + \ 'Already created applications work as before, ' + \ 'but user won\'t be able to manage them. Error is: `%s`' app_logger.exception(import_error, user, e) with drop_privileges(user), secureio.disable_quota(): self._set_user_legacy_import_status(pw, is_import_failed=True, apps_errors=apps_errors) failed_users.append(user) self._set_admin_legacy_import_status(failed_users) if skipped_users_count != 0: app_logger.warning('Some users skipped... see import log') def _get_legacy_import_status(self, user=None): """ Read import log which contains information about failed users or apps depending on current user. """ if user is None: if not os.path.exists(self._IMPORT_STATUS_ADMIN): return None with open(self._IMPORT_STATUS_ADMIN) as f: return json.load(f) else: user_pw = pwd.getpwnam(user) marker = os.path.join(user_pw.pw_dir, self._IMPORT_STATUS_USER) if not os.path.isfile(marker): return with open(marker) as f: return json.load(f) def _set_user_legacy_import_status(self, user_pw, is_import_failed, apps_errors): """ Save information that some applications were not imported automatically to show warning for user in the future. """ if not os.path.exists(os.path.join(user_pw.pw_dir, '.cl.selector')): return try: marker = os.path.join(user_pw.pw_dir, self._IMPORT_STATUS_USER) secureio.write_file_via_tempfile(json.dumps({ 'is_import_failed': is_import_failed, 'apps_lookup_failed': apps_errors }), marker, 0o600) except (IOError, OSError): # sad, but not critical, go further logging.exception('Unable to save migration status file') def _set_admin_legacy_import_status(self, failed_users): """ Save information that some users were not imported automatically to show warning for admin in the future. """ packed = json.dumps({'failed_users': failed_users}) secureio.write_file_via_tempfile(packed, self._IMPORT_STATUS_ADMIN, 0o600) def _get_admin_legacy_import_warning(self): config = self._get_legacy_import_status() if config is None or not config['failed_users']: return None warning_msg = 'Unexpected issue(s) happened during importing python ' \ 'applications for the following users: "{users}". ' \ 'Everything will work as before, but listed users wo\'t be able ' \ 'to control applications from Python Selector UI. ' \ 'Please, contact CloudLinux support and send them log file located at ' \ '`{log_file_path}` to investigate and ' \ 'resolve this issue. Also you can hide this warning ' \ 'by deleting `{import_warning_marker}` file' \ ''.format(users=','.join(config['failed_users']), log_file_path=self._IMPORT_LOG_FILE, import_warning_marker=self._IMPORT_STATUS_ADMIN) return warning_msg def _get_user_legacy_import_warning(self, username): config = self._get_legacy_import_status(user=username) if config is None: return None what_to_do_msg = \ 'Everything will work as before, but you won\'t be able to control ' \ 'listed applications from Python Selector UI. ' \ 'Please, ask you hoster to contact CloudLinux support ' \ 'to investigate and ' \ 'resolve this issue.\nAlso you can hide this warning ' \ 'by deleting `~/{import_warning_marker}` file.' \ ''.format(import_warning_marker=self._IMPORT_STATUS_USER) if config['is_import_failed']: return 'Unexpected issue(s) happened during importing python ' \ 'applications. ' \ '%s' % what_to_do_msg elif config['apps_lookup_failed']: return 'Unexpected issue(s) happened during importing following python ' \ 'applications: "%s". ' \ '%s' % (','.join(config['apps_lookup_failed']), what_to_do_msg) return None def _get_legacy_import_warning_or_none(self, user=None): if user is None: return self._get_admin_legacy_import_warning() else: return self._get_user_legacy_import_warning(user) def migrate_application(self, user, app_root): """ Update environment of specific application to support features of new python selector """ from clselect.clselectctlpython import _get_environment application = self.get_app_config(user, app_root) if application is None: raise ClSelectExcept.WrongData("Application %s does not exist" % app_root) if application['app_version'] == PythonAppFormatVersion.STABLE: raise ClSelectExcept.WrongData( "Application %s is already new version " "and does not need any updates" % app_root) environment = _get_environment(user, app_root, apps_manager=self) try: environment.configure_environment(auto_restore=True) except Exception as e: raise ClSelectExcept.WrongData( "Unable to migrate application %s. " "Error is '%s', everything restored to work as before migration. " "Try again later or ask your hoster " "to contact CloudLinux support if the issue persists." "" % (app_root, e)) application['app_version'] = PythonAppFormatVersion.STABLE self.add_app_to_config(user, app_root, application) def get_applications_users_info(self, user=None): result = super(ApplicationsManager, self). \ get_applications_users_info(user) warning = self._get_legacy_import_warning_or_none(user) if warning is not None: result['warning'] = warning return result def generate_pip_requirements(self, user, app_root, app_logger): # type: (AnyStr, AnyStr, logging.Logger) -> Optional[AnyStr] """ Generates requirements file from python apps :param user: username :param app_root: app root :param app_logger: app logger """ app_path, _ = get_abs_rel(user, app_root) req_path = os.path.join(app_path, self._IMPORT_REQUIREMENTS_FILE) if os.path.exists(req_path): return from clselect.clselectctlpython import _get_environment with drop_privileges(user): environment = _get_environment( user, app_root, apps_manager=self) pip_path = environment.pip() user_home = pwd.getpwnam(user).pw_dir env_vars = {'HOME': user_home} modules = '' # need to pass users home as env var directly during running as user result = run_process_in_cagefs(user, pip_path, ['freeze', '-l'], env_vars=env_vars) if result['returncode'] != 0: app_logger.warning('Error during generation pip requirements file. ' + str(result['output'])) # like in `check_output` raise ClSelectExcept.ExternalProgramFailed(result['output']) elif not result['failed']: modules = result['output'] # write stdout to file with disabled quota with drop_privileges(user), secureio.disable_quota(): f = open(req_path, 'w') f.write(modules) f.close() def get_app_folders(self, username, app_root, chk_env=True, chk_app_root=True): """ Calculate, check exists and return application folders This method does not check that application exists in config. :raises: NoSuchUserException, MissingVirtualenvError, MissingAppRootError :return: tuple(app_root, app_venv) with absolute paths """ user_home = self._pwd.get_pw_by_name(username).pw_dir _, rel_path = get_venv_rel_path(username, app_root) app_venv = os.path.join(user_home, rel_path) if chk_env and not os.path.exists(app_venv): raise MissingVirtualenvError(app_venv) app_root = os.path.join(user_home, app_root) if chk_app_root and not os.path.exists(app_root): raise MissingAppRootError(app_root) return app_root, app_venv def get_binary_path(self, user, app_root, user_dir, binary_name=None): """ Return a path to the environment's interpreter binary Get interpreter path for application :param user: owner of the application :param app_root: app path relative to user home (app-root) :param user_dir: User's home directory :param binary_name: name of binary in virtual environemnt (python, npm, node) :return: path to interpreter binary in virtual environment """ version = self.get_interpreter_version_for_app(user, app_root) if binary_name is None: binary_name = self.BINARY_NAME _, rel_path = get_venv_rel_path(user, app_root) return os.path.join(user_dir, rel_path, version, 'bin', binary_name) # TODO: we definitely should refactor this one time def get_venv_rel_path(user, directory, version=None): """ Get path to users VENV relative to home dir. Old python selector transforms app_root using get_prefix() method before creating venv directory. We should handle both cases: - when app is from old selector - when app is from new selector and return right env directory. If both old and new vevns exist we use old one. Return tuple with two values: - detected version of venv path (LEGACY for path with replacements "/" -> "_" & "_" => "__" and STABLE in other case) - path to venv relative to user's home dir """ _, new_rel_dir = get_abs_rel(user, os.path.join(ApplicationsManager.VENV_DIR, directory)) old_abs_dir, old_rel_dir = get_abs_rel( user, os.path.join(ApplicationsManager.VENV_DIR, clselectctl.get_prefix(directory))) if version is None: if os.path.exists(old_abs_dir) and directory != clselectctl.get_prefix(directory): return PythonVenvFormatVersion.LEGACY, old_rel_dir return PythonVenvFormatVersion.STABLE, new_rel_dir elif version == PythonVenvFormatVersion.LEGACY: return PythonVenvFormatVersion.LEGACY, old_rel_dir elif version == PythonVenvFormatVersion.STABLE: return PythonVenvFormatVersion.STABLE, new_rel_dir else: raise ValueError("unknown version `%s`" % version)
© 2024 UnknownSec