§ گ]"¾}ك8مَخ—ddlZddlZddlZddlZddlmZddlmZddlmZddl m Z ddlmZdZ dZd „Zd efd„Zded efd „Zded efd„Zded efd„Zd„Zd„Zded efd„Zd„ZdS)éN)عPath)عClPwd)عdrop_privileges)عget_user_var_cagefs_path)ع write_via_tmpl%#D’s”_l³cَN—t|¦«}tj|›d‌¦«S)Nz/.cagefs/isolates.mounts)rعpathlibr)عuserع cagefs_dirs ْWopt/cloudlinux/venv/lib/python3.11/site-packages/clcagefslib/webisolation/jail_utils.pyعget_jail_config_pathr s(€ف)¨$ر/ش/€JفŒ<ک:ذ?ذ?ذ?ر@ش@ذ@َع document_rootcَl—t}| d¦«D]}||z}|tzdz}Œ|d›S)zة Generates unique id for an isolate website using FNV-1a 64-bit hash. FNV-1a has excellent avalanche properties and distribution. Must match the docroot_hash() function in jail C code. zutf-8lےےےےع016x)ع_FNV_OFFSET_BASISعencodeع _FNV_PRIME)rع hash_valueعchars rعget_website_idrsP€ُ#€Jط×$ز$ Wر-ش-ًDًDˆطگdرˆ ط ¥:ر-ذ1CرCˆ ˆ طذذذrr cَآ—t¦« |¦«}t|¦«}tt |¦«¦«dz}||z}| ddd¬¦«| dd¬¦«t jt|¦«dd¦«t j t|¦«d¦«td¦«}|›d ‌}t|||¦«t j |d ¦«t j||jd¦«|›d‌}t|||¦«t j |d¦«t j|dd¦«d S)z£ Create website token directory structure and files in /var/cagefs. Creates: - /var/cagefs//.cagefs/website// - token directory ْ.cagefs/websiteTié©عexist_okعparentsعmodeiي)rrré z/.cagefs.tokenéz/.cagefs.websitei$N) rعget_pw_by_namerrrعmkdirعosعchownعstrعchmodع_generate_passwordrعpw_uid) r rعpwع website_idعwebsite_base_dirعwebsite_dirعtokenعtoken_file_pathعdocroot_file_paths rعcreate_website_token_directoryr/+sj€ُ ‰Œ× ز ر %ش %€Bف ر.ش.€Jُص4°Tر:ش:ر;ش;ذ>OرOذط" Zر/€Kً×ز D°$¸UذرCشCذCà×زکt¨%ذر0ش0ذ0ُ„HچSگر ش کq !ر$ش$ذ$ف„HچSگر ش کuر%ش%ذ%هکrر"ش"€Eً %ذ4ذ4ذ4€Oفگ+ک°ر6ش6ذ6ف„Hˆ_کeر$ش$ذ$ف„Hˆ_کbœi¨ر+ش+ذ+ً'ذ8ذ8ذ8ذفگ+ذ0°-ر@ش@ذ@ُ„Hذ ر&ش&ذ&ف„Hذ 1ر%ش%ذ%ذ%ذ%rcَ\—t¦« |¦«}t|j¦« ¦«sdStt|j|¦«¦«}t |¦«5| ddd¬¦«ddd¦«dS#1swxYwYdS)zف Create overlay storage directory in user's home. Creates: - /.cagefs/websites// - storage base for overlays Drops privileges to user before creating to ensure proper ownership. NTièr)rr rعpw_dirعexistsعfull_website_pathrr!)r rr(عstorage_bases rع create_overlay_storage_directoryr5Zs÷€ُ ‰Œ× ز ر %ش %€Bفگ” ‰?Œ?×!ز!ر#ش#ًطˆفص)¨"¬)°]رCشCرDشD€Lه کر ش ًDًDط×ز D°$¸UذرCشCذCًDًDًDٌDôDًDًDًDًDًDًDًDًّّّDًDًDًDًDًDsء;B!آ!B%آ(B%cَ¼—tt|¦«¦«dz}|t|¦«z}| ¦«rt j|¦«dSdS)z= Remove website token directory structure and files. rN)rrrr2عshutilعrmtree©r rr*r+s rعremove_website_token_directoryr:lsg€ُص4°Tر:ش:ر;ش;ذ>OرOذà"¥^°Mر%Bش%BرB€Kà×زرشً#فŒ گkر"ش"ذ"ذ"ذ"ً#ً#rcَ\—tj dt|¦«¦«S)z5 Returns path: websites/ عwebsites)r"عpathعjoinr)عdocroots rعwebsite_suffix_with_hashr@xs"€ُŒ7ڈ<ٹ<ک ¥N°7ر$;ش$;ر<ش<ذ/.cagefs/websites/ z.cagefs)r"r=r>r@)عhomedirr?s rr3r3s%€ُŒ7ڈ<ٹ<ک ص,DہWر,Mش,MرNشNذNrcَڑ—tt|¦«¦«dz}|t|¦«z}|dz d¬¦«dS)z, Removes cached namespace from disk rz.cagefs.mntT)ع missing_okN)rrrعunlinkr9s rعinvalidate_ns_cacherF†sU€ُص4°Tر:ش:ر;ش;ذ>OرOذط"¥^°Mر%Bش%BرB€Kطگ=ر ×(ز(°Dذ(ر9ش9ذ9ذ9ذ9rcَخ‡‡—|dks|dkrtd¦«‚dٹt‰¦«ٹtj|¦«}d ˆˆfd„|D¦«¦«}|S)z³ Generate a random password/token using the same algorithm as the C function. Uses cryptographically secure random bytes and converts them to alphanumeric characters. rrzInvalid buffer length requestedع>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzعc3َ.•K—|]}‰|‰zV—ŒdS)N©)ع.0عbعcharsetعcharset_sizes €€rْ z%_generate_password..‍s-ّèè€ذEذE°1گWکQ ر-ش.ذEذEذEذEذEذEr)ع ValueErrorعlenعsecretsعtoken_bytesr>)عlengthعrandom_bytesعresultrNrOs @@rr&r&ڈsxّّ€ً گ‚{€{گfکs’lگlفذ:ر;ش;ذ;àN€Gفگw‘<”<€Lُش& vر.ش.€LًڈWٹWذEذEذEذEذE¸ذEرEشEر Eش E€Fط€Mr)r"r rSr7rعclcommonrعclcommon.clpwdrعclcagefslib.fsrعclcagefslib.iorrrr r$rr/r5r:r@r3rFr&rKrrْr\sˆًً € € € ط€€€ط€€€ط € € € طذذذذذàذذذذذط*ذ*ذ*ذ*ذ*ذ*à3ذ3ذ3ذ3ذ3ذ3ط(ذ(ذ(ذ(ذ(ذ(ً)ذط € ًAًAًAً #ً ً ً ً ً,&¨ً,&¸Sً,&ً,&ً,&ً,&ً^D¨3ًD¸sًDًDًDًDً$ #¨ً #¸Sً #ً #ً #ً #ً=ً=ً=ًOًOًOً:کcً:°#ً:ً:ً:ً:ًًًًًr