fjv BdZddlZddlZddlZddlZddlmZddlZddlZddl Z ddl Z ddl Z ddl Z ddl Z ddlZddlZddlmcmZddlmZddlmZmZddlmZddlmZddlmZmZmZmZm Z m!Z!m"Z"dd l#m$Z$m%Z%m&Z&ddl'Z'dd l(m)Z)dd l*m+Z+dd l,m-Z-dd l.m/Z/m0Z0m1Z1m2Z2ddl3m4Z4ddl5m6Z6ddl7m8Z8ddl9m:Z:ddl;mZ>ddl?m@ZAddlBmCZCmDZDmEZEmFZFmGZGmHZHddlImJZJmKZKejLdZMeNeOe jPfZQde$de$fdZRde$de$fdZSde$de$fdZTdeUfdZVdefdZWd eUdefd!ZXdeYfd"ZZd#e%e[deYfd$Z\d#e%e[deYfd%Z]deYfd&Z^eEfd'eYd(eYddfd)Z_eEfd(eYdeYfd*Z`deYfd+Z`de&eafd,ZbeTdeYfd-Zcd.eYde&eYfd/Zdde&eYfd0Zed^d1ZfeFfd2eYde&eYfd3Zgejhd4Zid5eYddfd6Zjd5eYd7ekdekfd8Zld9eYd:eYddfd;ZmdZnd?eUdeUfd@Zod5eYde&epfdAZqd5eYde&eYfdBZrd_d5eYddfdCZsd5eYdeafdDZtdeafdEZudeafdFZvdGeaddfdHZwdeafdIZxdeafdJZydeafdKZzd.eYdeafdLZ{dMZ|ed`dPZ}edadReYdSeafdTZ~edbdUeUddfdVZe dcdYeUdZeUdUeUddfd[Zed\Zd]ZdS)dzB This module contains helpful utility functions for X-Ray Manager N)getuser)contextmanager)date timedeltawraps)glob)socketfromfdAF_UNIX SOCK_STREAM SOCK_DGRAMAF_INETAF_INET6)CallableListOptional)AtexitIntegration)LoggingIntegration)Feature)is_panel_feature_supportedget_cp_description getCPNameis_wp2_environment)get_cl_edition_readable)UIConfig)drop_privileges)get_rhn_systemid_value) get_hostname)php_get_vhost_versions_user)gettext) sentry_dsnlocal_tasks_storage agent_file logging_leveljwt_token_locationuser_agent_sock) XRayErrorXRayManagerExitutilsfuncreturncFdtfd}|S)zf Decorator aimed to update ini file in cagefs-skeleton Applies to task.add nd task.remove ctj|djd}|dr8t dr)tjd|dd}n|drt d rtjd |dd}tjtj|s1tjtj|ndStj|stj |rtj |r t d d |i dS tj |dS#t$r7}t d |t|d Yd}~dSd}~wwxYwdS tj |r t dd |i dSt!|d5}|}dddn #1swxYwYtj|tjtjztjztjzd} tj||tj|dS#tj|wxYw#t$r7}t d|t|d Yd}~dSd}~wwxYw)zd Copy ini file to cagefs-skeleton Action takes place for cPanel ea-php only rzxray.iniz /opt/cpanelz/usr/share/cagefsz"/usr/share/cagefs/.cpanel.multiphpr"Nz /usr/localz/usr/share/cagefs-skeletonz-Refusing to unlink symlink in cagefs-skeletonxray_iniextraz'Failed to unlink ini in cagefs-skeleton)r0errz0Refusing to copy over symlink in cagefs-skeletonrbiz'Failed to copy ini into cagefs-skeleton)ospathjoin ini_location startswithr existsdirnamemkdirlexistsislinkloggerwarningunlinkOSErrorstropenreadO_WRONLYO_CREATO_TRUNC O_NOFOLLOWwriteclose)args original_ini skeleton_iniesrc src_bytesfds J/opt/cloudlinux/venv/lib64/python3.11/site-packages/xray/internal/utils.pyupdatezskeleton_update..updateLs w||DG$8*EE  " "= 1 1 d#7%7% 7<<(L(4QRR(8::LL  $ $\ 2 2 t,8.8. 7<<(D(4QRR(8::L7>>"'//,"?"?@@ 866777 Fw~~l++ 6w|,, :7>>,//NN#R*4l)C#EEEF:Il+++++:::NN#L6B14Q*9*9#:::::::::: : : 67>>,//NN#U*4l)C#EEEF,--+ # I+++++++++++++++W\[2:5 BR]R"$$!HR+++HRLLLLLBHRLLLL 6 6 6H2>-0VV&5&5666666666 6ss3G H ,HH =LLJ4 LJLJA LK>(L>LL M!,MMc"|i||dS) Wraps func N)rLkwargsr,rTs rSwrapperz skeleton_update..wrappers) df r)r,rYrTs` @rSskeleton_updater[FsK 363636j 4[[[ NrZcPddtfd}|S)zs Decorator aimed to update DBM storage with fake_id:real_id mapping Applies to task.add nd task.remove c|d}tt5}|j||j<ddddS#1swxYwYdS)z- Update DBM storage contents rN) dbm_storager$task_idfake_id)rL task_instance task_storages rSrTz"dbm_storage_update..updatesQ , - - H2?2GL. / H H H H H H H H H H H H H H H H H Hs :>>ctt5} ||dj=n#t$rYnwxYwddddS#1swxYwYdS)z. Remove task from DBM storage rN)r^r$r`encodeKeyError)rLrbs rSremovez"dbm_storage_update..removes, - -   a!7!7!9!9::                      s1A 8A AAAAAAc\ jdkr|n.#t$r!}tt|d}~wwxYw |i|n#t$rjdkr|wxYw jdkr|dSdS#t$r!}tt|d}~wwxYw)rVaddNrf)__name__ RuntimeErrorr)rC Exception)rLrXrOr,rfrTs rSrYz#dbm_storage_update..wrappers  $}%%  $ $ $CFF## # $  D$ !& ! ! ! !   }%%    $}(( )( $ $ $CFF## # $s4 ?:?A A(,B B+ B&&B+r)r,rYrfrTs` @@rSdbm_storage_updaterlsb HHH    4[[$$$$$$[$6 NrZcFdtfd}|S)z5 Decorator aimed to validate given JWT token c"tdS)z7 Check if retrieved JWT token is valid N)is_xray_supportedrWrZrScheckzcheck_jwt..checks rZc,|i|}|S)rVrW)rLrXtokenrpr,s rSrYzcheck_jwt..wrappers) d%f%%  rZr)r,rYrps` @rS check_jwtrssJ   4[[[ NrZcBttjS)zJ Get current epoch timestamp as int :return: timestamp as int )inttimerWrZrS timestamprws ty{{  rZcJtjtdz S)zC Pick a yesterday date :return: a datetime.date object r")days)rtodayrrWrZrS prev_dater{s :<<)+++ ++rZtsc*tj|S)zy Get the datetime.date object for given int timestamp :param ts: timestamp :return: datetime.date object )r fromtimestamp)r|s rSdate_of_timestamprs  b ! !!rZcDtdS)zj Get a formatted representation of yesterday date :return: str date in the form of dd/mm/YYYY z%d/%m/%Y)r{strftimerWrZrSget_formatted_daters ;;   + ++rZlinkscfddfdt|dDS)z HTML formatted links z)

{num}) {domain}

 czg|]7\}}|D]\}}|||8S))numlinkdomainitemsformat).0ilkv html_items rS z,get_html_formatted_links..skAAADAq67ggiiAA.2a &&11Q&??AAAArZr"r7 enumerate)rrs @rSget_html_formatted_linksrsZ. skAAAA67ggiiAA.2a &&1!!&<<AAAArZr"r)rrs @rSget_text_formatted_linksrsZ'I 99AAAAq))AAA B BBrZc tjd}|}|dj}t j5}|d|dddn #1swxYwY|dS#ttj f$r"}ttd|d}~wwxYw)ze Obtain system ID from /etc/sysconfig/rhn/systemid :return: system ID without ID- prefix z/etc/sysconfig/rhn/systemidz(.//member[name='system_id']/value/string system_idNzID-zFailed to retrieve system_id) ETparsegetrootfindtext sentry_sdkconfigure_scopeset_taglstriprB ParseErrorr)_)treerootwhole_idscoperOs rS read_sys_idrs Bx566||~~99GHHM  ' ) ) 1U MM+x 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1u%%% R] #BBB899::ABs<ABA:. B:A>>BA>BC0C  Csys_idagent_system_id_pathc>tj|tjtjztjztjzd} tj||tj|dS#tj|wxYw)zH Write system_id into file /usr/share/alt-php-xray/agent_sys_id N) r5rDrGrFrHrIrJrdrK)rrrRs rS write_sys_idr!sw %bk)BJ6F  B V]]__%%%   s 'BBcB t|5}|cdddS#1swxYwYdS#t$rC}tddt |itcYd}~Sd}~wwxYwzA Read system_id saved by agent during its initialization Nz8Failed to retrieve agent's system_id, returning real oner3r1)rDrEstriprBr?inforCr)ragent_sysid_filerOs rSread_agent_sys_idr.s & ' ' 3+;#((**0022 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3  F#a&&/  # # #}} s?A&A AAA A A B8BBBcL tt5}|cdddS#1swxYwYdS#t$rC}t ddt|itcYd}~Sd}~wwxYwr) rDr%rErrBr?rrCr)rrOs rSrr<s *   3!1#((**0022 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3  F#a&&/  # # #}} s?A&A  A A  AA A B# 8BB#B#c@ttj}|st}t }t dt|t|ttd ||dS)z9Raise XRayError in case of detected non-supported editionzMCurrent CloudLinux edition: %s or Control Panel: %s is not supported by X-RayzMCurrent CloudLinux edition: {} or Control Panel: {} is not supported by X-RayT) rrXRAYrrr?rrCr*rr) is_supportedcurrent_edition current_panels rSroroKs-gl;;L f133!  c((#m*<*< > > >a!NNTfUdUbOdOdeeff f 4rZc8 tt5}|cdddS#1swxYwYdS#tt f$r2t tdttzwxYw)zT Obtain jwt token from /etc/sysconfig/rhn/jwt.token :return: token read NzJWT file %s read error) rDr'rErrBIOErrorr)rrC) token_files rSread_jwt_tokenrYs O $ % % -??$$**,, - - - - - - - - - - - - - - - - - - W OOO233c:L6M6MMNNNOs.A&A  A A  AA AABfilepathc& t|5}|}dddn #1swxYwYn#t$rYdSwxYwd|dddpdS)z8Get version of package from file. alt-php-xray supportedN.z0.0-0)rDrErrBr7split)rv_fileversions rS pkg_versionrfs (^^ ,vkkmm))++G , , , , , , , , , , , , , , ,  88GMM#&&rr* + + 6w6s3A'A AAA A A AAc tdS)z#Get version of alt-php-xray packagez/usr/share/alt-php-xray/version)rrWrZrS xray_versionrps 8 9 99rZcBdtdtdtfd}fd}dd}ddtffd ttjtj }t pd }t| }tj t||d ||gtj 5}dtdp%ptp ti|_ ||n#t $rYnwxYwddddS#1swxYwYdS)u Initialize Sentry client shutdown_timeout=0 disables Atexit integration as stated in docs: 'it’s easier to disable it by setting the shutdown_timeout to 0' https://docs.sentry.io/platforms/python/default-integrations/#atexit On the other hand, docs say, that 'Setting this value too low will most likely cause problems for sending events from command line applications' https://docs.sentry.io/error-reporting/configuration/?platform=python#shutdown-timeout eventhintr-c|dddi|di}|dd}|r|g|d<|S)z Add extra data into sentry event :param event: original event :param hint: additional data caught :return: updated event r2z xray.versionz 0.6-48.el9 fingerprintN)rTget)rr extra_datars rSadd_infozsentry_init..add_infos` g~|<===YYw++  nn]D99  1$/=E-  rZc t}|r|dnd}|r|dnd}trdnd}d|fd|fd|fdtjfdt d fd t fd t d fd fdtff }|D] }|j| dS)NrnameWP2zControl Panel NamezControl Panel VersionzControl Panel ProductkernelzCloudLinux version os_releasezCloudlinux edition Architecture architecture ip_addressusername) rrrplatformreleaserrrr) sentry_scopecp_description cp_versioncp_name cp_producttagstagip_addrs rSset_tagszsentry_init..set_tagss+--6DN^'' 222$ 0>H.$$V,,,D022'@'@A!7!G!GHwwyy)WYY'  ' 'C L # & & & ' 'rZNcdSNrW)pendingtimeouts rSnopezsentry_init..nopes rZct|t5} ||df|d}n#t$rd}YnwxYwdddn #1swxYwY|S)aI address_family - we can choose constants represent the address (and protocol) families (AF_INET for ipv4 and AF_INET6 for ipv6) private_ip - specify some private ip address. For instance: ipv4 -> 10.255.255.255 or ipv6 -> fc00:: r"rN)r rconnect getsocknamerk)address_family private_ipsIPs rS try_get_ipzsentry_init..try_get_ipsNJ / / 1  :q/***]]__Q'                      s4A(1A  A( AA(AA((A,/A,c`tdftdff}|D]\}}||}|r|cSdS)z& Retrieve server's IP z10.255.255.255zfc00::z 127.0.0.1)rr) ipversionsaddr_fampriv_ipiprs rSrzsentry_init..ip_addrsZ/08X2FF !+   HgHg..B   {rZ)level event_levelzalt-php-xray@0.6-48.el9)callbacki')dsn before_sendrmax_value_length integrationsidrr-N)dictrCrloggingINFOWARNINGrrrinitr#rrrruserrk) rrrsentry_loggingxray_ver silent_atexitrrrs @@rS sentry_initr tsDT"'''''*     S      (gl4;OEEEN~~:!:H%t444MO $%*"0-!@BBBB  # % % (55aalnnaX_XaXa    HUOOOO    D  s6-=D+ C76D7 DDDDDDlognamecHtjtjtjtjtjd}t  tj|g}|dkr&|tj tj | |tjdd|n8#t$r+tj tj gYdSwxYw tj|d n#t $rYnwxYw|S) z[ Configure logging and Sentry :param logname: path to log :return: logpath )debugrr@errorcritical)filenamerz1%(asctime)s [%(threadName)s:%(name)s] %(message)sz%m/%d/%Y %I:%M:%S %p)rrdatefmthandlers)rNr)rDEBUGrrERRORCRITICALr  FileHandlerappend StreamHandler basicConfigrrB NullHandlerr5chmodPermissionError)rrlevelsrs rSconfigure_loggingr!s7 ?$ FMMM    1 1 1  G   OOG133 4 4 4&**UGL"A"A#V$:%- / / / / / g&9&;&;%<====   %         Ns% A8C1C87C8<D DDz"^[a-zA-Z0-9_][a-zA-Z0-9._-]{0,31}$rc|stdt|std| tj|dS#t $rtd|dwxYw)zValidate that username is a real system user. Raises ValueError with a clear message if username is empty, has an invalid format, or does not exist in the system user database. zusername must not be emptyzInvalid username: zsystem user does not exist: N) ValueError_safe_username_patternmatchpwdgetpwnamre)rs rSvalidate_system_userr(s 75666 ! ' ' 1 1<:h::;;;P X PPPDDDEE4OPs AA3 clwpos_argsct|ttjs-d|D}dd|z}dd|ddd|gSd |d g|zS) zBuild subprocess argv for /usr/bin/clwpos-user invocation. Non-CageFS: wraps in sudo -u bash -c with shell-quoted args. CageFS: passes args directly via cagefs_enter_user argv. cPg|]#}tjt|$SrW)shlexquoterC)ras rSrz)build_clwpos_user_cmd..s(???aek#a&&))???rZz/usr/bin/clwpos-user  sudo-uz-sz /bin/bashz-cz/sbin/cagefs_enter_userz/usr/bin/clwpos-user)r(rrCAGEFSr7)rr) safe_parts inner_cmds rSbuild_clwpos_user_cmdr5s| """ %gn 5 56??;??? +chhz.B.BB hk4KK)8&(*56 6rZrPdstc  tj||dS#t$rD}tt d||t ||d}~wwxYw)zZ Move file with error catching :param src: source :param dst: destination z Failed to move file {} to {}: {}N)shutilmoverBr)rrrC)rPr6rOs rS safe_mover:sv _ C ___<CCCcRSffUUVVWW]^^_s A'?A""A' sock_locationz socket objectcttjdd}|dkrt 5 tj|n#t $rYnwxYwtt}| || dddn #1swxYwYn/tdtt}| |S)z Create world-writable socket in given sock_location or reuse existing one :param sock_location: socket address :return: socket object LISTEN_FDSrN) rur5environrumask_0rAFileNotFoundErrorr r bindlistenr r )r; listen_fdssockobjs rS create_socketrF*sRZ^^L!4455JQ YY    -(((($    WooG LL ' ' ' NN                  G[11 Ns7B2AB2 A&#B2%A&&AB22B69B6lve_idc>ttjsdSd}d|d} t|5}|D]}||rut d|t| |dccdddS dddn #1swxYwYn@#t$r3}t d|t|Yd}~nd}~wwxYwdS) zX Retrieve current value of CPU throttled time. Return 0 in case of failures rthrottled_timez/sys/fs/cgroup/cpu,cpuacct/lvez /cpu.statz%sNzFailed to open %s: %s) rrLVErDr9r?rrurrrBrrC)rGmarker stat_file stat_valuesvaluerOs rSget_current_cpu_throttling_timerPBs &gk 2 2q FBBBBIA )__ H $ H H##F++HLLu---u{{}}226::2>DDFFGGGG  H H H H H H H HH H H H H H H H H H H H H H H H H AAA ,iQ@@@@@@@@A 1sGCBC6 CC CCCCC D')DDcd}tj|sdS tj|d|dgddd}|j|jfS#tj$r6}t ddt|i Yd}~dSd}~wt$r3}t d t|Yd}~dSd}~wwxYw) z 'selectorctl -u username --user-current' command :param username: name of user :return: tuple(stdout, stderr) or None if command fails z/usr/bin/selectorctlNr1z--user-currentTcapture_outputrrpz&Failed to get selectorctl user-currentr3r1z%selectorctl --user-current failed: %s)r5r6isfile subprocessrunstdoutrstderrCalledProcessErrorr?r@rCsubprocess_errorsr)r _selectorctlresultrOs rS_selectorctl_get_versionr]VsE *L 7>>, ' 't !%!)!1!304$d LLL }""$$fm&9&9&;&;;;  (...?#SVV_  . . . . . . . . .  <VV         s$A A33C3+B33 C3(C..C3cd}tj|sdS tj|d|gddd}|jS#tj$r6}t ddt|iYd}~dSd}~wt$r3}t d t|Yd}~dSd}~wwxYw) z 'cagefsctl --get-prefix username' command :param username: name of user :return: cagefsctl prefix for given username or None if command fails /usr/sbin/cagefsctlNz --getprefixTrRzFailed to get cagefsctl prefixr3r1z cagefsctl --getprefix failed: %s) r5r6rTrUrVrWrrYr?r@rCrZrr _cagefsctlr\rOs rScagefsctl_get_prefixrbns/'J 7>>* % %t !.!)!+04$dLLL}""$$$  (...7#SVV_  . . . . . . . . .  7VV         s#3AC(+B C&(CCcd}tj|sdS||ddg}n|d|g} tj|ddt d|dS#tj$r6}t d d t|i Yd}~dSd}~wt$r3}t d t|Yd}~dSd}~wwxYw) z 'cagefsctl --remount username' or 'cagefsctl --remount-all' command :param username: name of user or None (for remount-all) r_Nz --wait-lockz --remount-allz --remountT)rprSz Remounted %szFailed to remount cagefsr3r1zcagefsctl --remount failed: %s) r5r6rTrUrVr?rrYr@rCrZr)rrarLrOs rS_cagefsctl_remountrds; 'J 7>>* % %M?;K2t4==== NH-----  (...1#SVV_  . . . . . . . . .  5VV         s#2A&&C&5+B&& C&3(C!!C&c4d}tj|sdS tj|d|gdd}d|jvS#t$r3}t dt|Yd}~dSd}~wwxYw) z 'cagefsctl --user-status username' command :param username: name of user :return: True if user has Enabled status, False otherwise r_Fz --user-statusT)rSrEnabledz"cagefsctl --user-status failed: %sN) r5r6rTrUrVrWrrZr?rrCr`s rS_is_cagefs_enabledrgs 'J 7>>* % %u!0!)!+04$@@@FM//1111  9VV         s4A B$(BBc td5}|}dddn #1swxYwYn#t$rYdSwxYwd|vS)z` Check if there is php.d.location = selector set in /etc/cl.selector/symlinks.rules z/etc/cl.selector/symlinks.rulesNFselector)rDrErB) rules_filecontentss rS_is_selector_phpd_location_setrls  3 4 4 ) !((H ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) uu  !!s'>2 >6>6> A  A ctt5}t|dkcdddS#1swxYwYdS)z:Check if there are no active tasks (== empty task storage)rN)r^r$lenkeys)rbs rSno_active_tasksrps ( ) )-\<$$&&''1,------------------s%AA A enabledcHttjsdS tddd5}||rdndddddS#1swxYwYdS#t $r4}t d|t|Yd}~dSd}~wwxYw) zb Switch on/off throttle statistics gathering by kmodlve :param enabled: True or False Nz!/proc/sys/kernel/sched_schedstatswbr)mode buffering10z(Failed to set sched_schedstats to %s: %s) rrrKrDrJrBr?rrC)rqfrOs rSswitch_schedstatsrys &gk 2 2% 5D /"# GGG-DD . . . / / / / / / / / / / / / / / / / / / %%% >SVV % % % % % % % % %%s:A#A A#AA#AA## B!-)BB!cJtddduS)zG Check if end-users have access to X-Ray UI of End-User plugin hideXrayApp uiSettingsF)r get_paramrWrZrSis_xray_app_availabler~s# ::   | < < EErZcttt5} |tn##t t f$rYddddSwxYw dddn #1swxYwYdS)z Check if User Agent is listeningNFT)r r r rr(ConnectionErrorrB)rs rSis_xray_user_agent_activers  % %  IIo & & & &)      ' 4s1A(8A(A A(AA((A,/A,cBtjd S)z2Check if SSA is disabled by its internal flag-filez/usr/share/clos_ssa/ssa_enabled)r5r6rTrWrZrS ssa_disabledrsw~~?@@ @@rZc~ ttj|jz dkS#t$rYdSwxYw)z.Check is file was modified during the last dayiQF)rwr5statst_mtimerB)rs rSis_file_recently_modifiedrsJ{{RWX..77%?? uus +. <<cpt|5t}dddn #1swxYwY|Sr)rr )r r\s rSget_user_php_versionrsu   //,../////////////// Ms +//rR'file object providing a fileno() methodc#KtdD]} tj|tjtjzt d|n#t$rf}t dt||j tj tj fvrtj dYd}~d}~wwxYwt|dd dVtj|tjt d |dS#tj|tjt d |wxYw) uq Context manager for locking given file object :param fd: а file object providing a fileno() method xzFile %s lockedzFailed to lock: %sg?Nz%Failed to lock at all. Exiting threadr@)flagzFile %s unlocked)rangefcntlflockLOCK_EXLOCK_NBr?rrBrCerrnoEAGAINEACCESrvsleepr)LOCK_UN)rRrrOs rSfilelockrs[3ZZ ( (  KEMEM9 : : : KK(" - - - E    KK,c!ff 5 5 5wu|U\::: JsOOOOOOOO  ABB&((( (,   B &&& &+++++  B &&& &++++s%AA C(AC  C,D,,s/ 8D>>D EEEHTNNNNNrZrT target_uid target_gidc#Ktj}tj}td} tj|}n#t $rd}YnwxYw| ||}n|j}| ||}n|j}|tj|} ||krWtj |t d||r&tj |krt|||krqtj|t d||r@tj|kr)||krtj |t|dV||kr/tj|t d|||kr/tj |t d||tj| dSdS)aH Context manager to drop privileges during some operation and then restore them back. If target_uid or target_gid are given, use input values. Otherwise, stat target_uid and target_gid from given target_path. If no target_path given, use current directory. Use mask if given. :param target_uid: uid to set :param target_gid: gid to set :param target_path: directory or file to stat for privileges, default -- current directory :param mask: umask to use :param with_check: check the result of switching privileges z6Unable to execute required operation: permission issueNzDropped GID privs to %szDropped UID privs to %szRestored UID privs to %szRestored GID privs to %s)r5getuidgetgidrrrBst_uidst_gidrsetegidr?rgetegidr)seteuidgeteuid) rr target_pathr with_checkprev_uidprev_gidpermission_issue_message stat_infors rSset_privilegesrHs"y{{Hy{{H !YZZGK((    !JJ")J  !JJ")J x~~: : . ;;;  6"*,,*44455 5: : . ;;;  6"*,,*44:%% 8$$$455 5 EEE: 8 /:::: 8 /:::  sA AAc#K tj|tj|dVtjdtjddS#tjdtjdwxYw)z Dive into user context by dropping permissions to avoid most of the security issues. Does not cover cagefs case because it also requires nsenter, which is only available with execve() call in our system Nr)r5rr)uidgids rS user_contextrsn 3 3  1  1  1  1 s ,A*Bcfd}|S)z: Decorator to retry method on specific exceptions cfd}|S)NcFd}ttdtz}|krk |i|S#t$rG}|dz }t jdt||}t jdYd}~nd}~wwxYw|kk|)Nrz0Request to website failed even after %s retries.r"z'Retry to request website, exception: %s)r#rrCtuplerr@rvr)rLrXretries exceptionrOexceptions_to_retryr, max_retriess rSrYz7retry_on_exceptions..decorator..wrappersG"1%W#X#X[^_j[k[k#kllIK''"40000011"""qLGO$MsSTvvVVV !IJqMMMMMMMM "K''Os?B=BBrW)r,rYrrs` rS decoratorz&retry_on_exceptions..decorators.       rZrW)rrrs`` rSretry_on_exceptionsrs*       rZrr)rRrr-N)F)r)NNrNT)__doc__rrr&regetpassrrrr5rr8r,rUrrvxml.etree.ElementTreeetree ElementTreer contextlibrdatetimerr functoolsrr r r r r rrrtypingrrrrsentry_sdk.integrations.atexitrsentry_sdk.integrations.loggingrclcommon.constrclcommon.cpapirrrrclcommon.lib.cleditionrclcommon.ui_configrclcommon.clpwdrclcommon.utilsrclcommon.lib.networkr!xray.internal.clwpos_safe_importsr xrayr!r constantsr#r$r%r&r'r( exceptionsr)r* getLoggerr?rBr#SubprocessErrorrZr[rlrsrurwr{rrCrrrrrrrboolrorrrr r!compiler$r(listr5r:rFrPrr]rbrdrgrlrpryr~rrrrrr^r@rrrrWrZrSrs    """""""""%%%%%%$$$$$$$$''''''''''''''''''++++++++++<<<<<<>>>>>>""""""hhhhhhhhhhhh::::::''''''******111111------IIIIII32222222  7 # # Z3C(CxCCCCL5X5(5555pH43,4,,,,"#"$"""",C,,,,BDJB3BBBBBDJB3BBBB BS B B B B ;E   C     3=  C      3     8D>      O O O O  O7#7(3-7777:hsm::::____D+8""s"HSM""""J$$IJJ P3 P4 P P P P 6C 6d 6t 6 6 6 6 _3 _S _T _ _ _ _0 C C    (sx038C=0.( " " " " "----- %t%%%%%$FtFFFF4AdAAAA ,,,,<11#1$1111B#d=AAE??s?s?*-?JN????D&rZ