fj *ddlZddlZddlZddlZddlZddlZddlZddlmZddl m Z m Z m Z m Z ddlmZddlmZmZddlmZddlmZmZdd lmZmZdd lmZdd lmZej d Z!d Z"de de#fdZ$de#de fdZ%de#de#fdZ&ddde#fdZ'ddde e e e ffdZ(d'de)de*fdZ+de e,fdZ-ddde#fdZ.de,ddfdZ/de e*fdZ0d(d Z1d!e de fd"Z2d!e de fd#Z3d!e de fd$Z4d!e de fd%Z5d!e de fd&Z6dS))Nwraps)CallableOptionalTupleAny)get_main_username_by_uid)is_cl_solo_editionis_cl_shared_pro_edition)gettext)user_tasks_countfpm_reload_timeout) XRayErrorXRayMissingDomain)FPMReloadController)NginxUserCacheuser_plugin_utilsz>I_inputreturnctj|}tjt t ||zS)z; Pack input for sending with length-prefix framing )jsondumpsencodestructpack_formatlen)rdatas V/opt/cloudlinux/venv/lib64/python3.11/site-packages/xray/internal/user_plugin_utils.py pack_requestr!$s< :f   $ $ & &D ;wD * *T 11 byte_commandc|}td|tj|S)z! Unpack incoming command zCommand requested => %s)decodeloggerinforloads)r#_commands r unpack_requestr*,s:""$$H KK)8444 :h  r"msgctdt|tjt t||zS)z- Prefix message with a 4-byte length zPacking message of %i length)r&debugrrrrr+s r pack_responser/5s< LL/S::: ;wC ) )C //r" sock_objectz socket objectcd}d}t}|d}|s||Stjt|d}||krt d|zt ||kr>||}|st d||z }t ||k>|S)z9 Read length-prefixed amount of data from socket iirz$Response message too large: %d bytesz.Connection closed before full message received)bytesrecvrunpackrConnectionErrorr)r0chunk max_msglenr+ raw_msglenmsglenparts r unpack_responser<=s E!J ''C!!!$$J '&&& ]7J / / 2F  2V ;== = c((V  && B!@BB B t  c((V   Jr"cd}|tjtjt j|}t j||\}}} tj|j tj |j }}td|||||n-#t$r td|||YnwxYw|||fS)z6 Retrieve credentials from SO_PEERCRED option 3iz%Connected by proc %i of %i:%i (%s:%s)zConnected by proc %i of %i:%i) getsockoptsocket SOL_SOCKET SO_PEERCREDrcalcsizer5pwdgetpwuidpw_namegrpgetgrgidgr_namer&r'KeyError)r0rcreds_pid_uid_gidusergroups r extract_credsrQWsG  " "6#4#)#5#)?7#;#; = =E}We44D$!l4((0#,t2D2D2Le  ;$% ! ! ! !  3 dD      t s2B,,'CCrMc8|tj}|dkS)z9 Check for execution as root | command from root Nr)osgeteuid)rMs r check_for_rootrUls |z|| 19r"ctjd}|:tt|}td|||SdS)zK Retrieve the value of XRAYEXEC_UID env and resolve it to username XRAYEXEC_UIDNz/Got XRAYEXEC_UID: %s (%s), working in USER_MODE)rSgetenvr intr&r')proxyuid _proxyusers r get_xray_exec_userr\usXy((H-c(mm<<  Ej * * * r"c|d} |d}|stdn||z }8|S)z* Read all data from socket object r"TizAll data read, connection ended)r4r&r-)r0rr7s r sock_receiver^sT D  &&  LL: ; ; ;     Kr"zjson strc2tjd|idS)zF Construct an appropriate formatted response in case of error resultF) ensure_ascii)rrr.s r error_responserbs :xoE : : ::r"cNt}|t|jSdS)z3 Check nginx cache status for current user N)r\r is_enabled) proxyusers r nginx_user_cacherfs.#$$Ii((33r"ctts)tttddS)zL Check if utility is executed as root and throw error in case if no z,Only root is allowed to execute this utilityN)rU SystemExitrb_r"r root_execution_only_checkrksH   O 1KLL M MOO OOOr"funcc<tfd}|S)zq Decorator aimed to verify domain owner in X-Ray Manager user mode Applies to get_domain_info method cxt}||i|S |i|}nC#t$r6}ttdd|jz}d|_|dd}~wwxYw|j|krHtd||ttdt|z|S) Wraps func Nz%s cannot be foundzDomain Tz%s does not belong to user %s) r\rrri domain_name_internal_missing_domainrOr&warningstr)argskwargsrer'eerrrls r wrapperz'user_mode_verification..wrappers '((  4((( ( 4(((DD    "&''*CAM*C*CCC,0C (4 + , 9 ! ! NN:D) L L LA233c$ii?@@ @ s$ A$1AA$r)rlrxs` r user_mode_verificationrys6  4[[$$$$[$L Nr"cFdtfd}|S)z Decorator aimed to check if user is not hitting limit of running tasks, set in X-Ray Manager user mode. Applies to start and continue methods. Limiting of user's running tasks is applied to Shared PRO only. c tdsdSt}||dj}|}|d}|zt d|D}|t krXttd tt tt dSdSdS)zf If XRAYEXEC_UID exists, check if user does not exceed limit of running tasks Tskip_jwt_checkNrr`cDg|]}|ddk|S)statusrunning)get).0items r z7user_mode_restricted..check..s;%F%F%Fd%)XXh%7%79%D%D&*%D%D%Dr"z>Limit of running tasks is {}. You already have {} running task) r r\ ui_api_client get_task_listrrrrriformatrs)rtreui_api_cli_instanseresp list_of_tasks running_counts r checkz#user_mode_restricted..checks(t<<<  F&((  "&q'"7 &4466D HHX..M( #%F%Fm%F%F%F!G!G  $444#==CVCHXDYDYDGHXDYDY>[>[\\]]] ! )(54r"c||i|Srorj)rtrurrls r rxz%user_mode_restricted..wrappers% t tT$V$$$r"rrlrxrs` @r user_mode_restrictedrsM]]]0 4[[%%%%%[% Nr"cFdtfd}|S)zk Decorator aimed to restrict frequent reloads of FPM service Applies to get_domain_info method c>tdrdSt}|v|jrq|d|}t |r7t tdttzddSdSdS)z Tr|NrzhThe X-Ray User service is currently busy. Operation is temporarily not permitted. Try again in %s minuterr)flag) r r\ panel_fpmfpm_service_namerrestrictrrirsr)rrtre _fpm_services r rz)with_fpm_reload_restricted..check s T 2 2 2  F&((  T^ 733D99L"<0099;; $/00256H2I2IJ"$$$$ !  $ $r"c(|i|}|d|i|S)rorrj)rtrur'rrls r rxz+with_fpm_reload_restricted..wrappers3 tT$V$$ t$ r"rrs` @r with_fpm_reload_restrictedrsJ $$$" 4[[[ Nr"cVdtfdtfd}|S)Nusernamecnt}|"||krttddSdS)zI If exists, check XRAYEXEC_UID against user passed param NzIncorrect user for request)r\rri)rres r validatez'username_verification..validate*sD'((  X%:%:A:;;<< < ! %:%:r"c:|d}||i|S)Nrrj)rtrurrlrs r rxz&username_verification..wrapper2s2*%tT$V$$$r")rsr)rlrxrs` @r username_verificationr)sV=3==== 4[[%%%%%[% Nr"cZdtddfdtfd}|S)z Decorator aimed to verify user in X-Ray Smart Advice user mode Applies to get_detailed_advice method, which takes part in advice_details and advice_apply methods rrNct} |dd}n*#t$rttdwxYw|"||krttddSdS)zU If exists, check XRAYEXEC_UID against user in metadata of an advice metadatarz#Requested advice cannot be verifiedNzRequested advice does not exist)r\rJrri)rrers r verifyz-user_mode_advice_verification..verifyBs'((  FJ' 3HH F F FACDDEE E F  X%:%:A?@@AA A ! %:%:s 'Ac8|i|\}}|||fSrrj)rtru advice_inforirlrs r rxz.user_mode_advice_verification..wrapperNs7 t.v.. Q{A~r")dictr)rlrxrs` @r user_mode_advice_verificationr;sc BT Bd B B B B 4[[[ Nr")N)rN)7rGrloggingrSrDr@r functoolsrtypingrrrrclcommon.cpapir clcommon.lib.cleditionr r xrayr ri constantsrr exceptionsrr fpm_utilsr nginx_utilsr getLoggerr&rr3r!r*r/r<rQrYboolrUrsr\r^rbrfrkryrrrrrjr"r rsS  111111111111333333OOOOOOOO;;;;;;;;44444444******''''''  . / /  222222  3    0u00000U45c33G* HSM     o %    ;; ;;;;4(4.4444OOOO--h----`(x(H((((V X (    FX$Xr"