HEX
Server: LiteSpeed
System: Linux server318.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64
User: sahadove (2893)
PHP: 8.2.29
Disabled: NONE
$ pwd: /opt/cloudlinux/venv/lib/python3.11/site-packages/ssa/__pycache__/
Upload Files
File: //opt/cloudlinux/venv/lib/python3.11/site-packages/ssa/__pycache__/manager.cpython-311.pyc
�

�T9i�N����dZddlZddlZddlZddlZddlZddlZddlmZddl	m
Z
ddlmZddl
mZddlmZmZdd	lmZdd
lmZddlmZddlmZdd
lmZGd�d��Zdd�ZdS)zA
This module contains classes implementing SSA Manager behaviour
�N)�contextmanager)�iglob)�
disable_quota)�Tuple�)�load_validated_parser�load_configuration)�	flag_file)�SSAManagerError)�ssa_version)�
AutoTracer)�
DecisionMakerc��eZdZdZd�Zedefd���Zede	fd���Z
edefd���Zedefd���Z
dedefd	�Z	d+dedejfd�Zd
edefd�Zdefd�Zdefd�Zdefd�Zdefd�Zdefd�Zdedefd�Zdededefd�Zdedefd�Zdeeeefeffd�Ze d���Z!dedededdfd �Z"d,d!�Z#deeeefeffd"�Z$d,d#�Z%d,d$�Z&d,d%�Z'defd&�Z(d,d'�Z)d,d(�Z*defd)�Z+d,d*�Z,dS)-�Managerz
    SSA Manager class.
    c��tjd��|_d|_ddg|_ddg|_d|_d|_d	|_td
d����f|_
tttjf|_dS)
N�managerzclos_ssa.iniz!usr/lib64/php/modules/clos_ssa.soz0usr/lib/x86_64-linux-gnu/php/modules/clos_ssa.sozlib64/php/modules/clos_ssa.soz,lib/x86_64-linux-gnu/php/modules/clos_ssa.soz lib/php/extensions/*/clos_ssa.so)�php44�php51�php52�php53zphp\d+-imunifyzphp-internal)z /opt/alt/php[0-9][0-9]/link/confz+/opt/cpanel/ea-php[0-9][0-9]/root/etc/php.dz$/opt/plesk/php/[0-9].[0-9]/etc/php.dz'/usr/local/php[0-9][0-9]/lib/php.conf.dzM/usr/share/cagefs/.cpanel.multiphp/opt/cpanel/ea-php[0-9][0-9]/root/etc/php.dzA/usr/share/cagefs-skeleton/usr/local/php[0-9][0-9]/lib/php.conf.dz./var/cagefs/*/*/etc/cl.php.d/alt-php[0-9][0-9]c�\�tj|�d��d��S)N�/�)�pwd�getpwnam�split)�paths �B/opt/cloudlinux/venv/lib64/python3.11/site-packages/ssa/manager.py�<lambda>z"Manager.__init__.<locals>.<lambda>@s��3�<��
�
�3����0B�#C�#C��)r�user)�logging�	getLogger�logger�
ini_file_name�module_patterns_with_usr�module_patterns_no_usr�module_glob_pattern_directadmin�substrings_to_exclude_dir_paths�wildcard_ini_locations�dict�wildcard_ini_user_locations�OSError�
ValueError�
subprocess�SubprocessError�subprocess_errors��selfs r�__init__zManager.__init__$s����'�	�2�2���+���
0�>�)
��%�

,�:�'
��#�0R��,�0
��,�'
��#�
�F�C�C�
E�
E�
E�,
��(�

�Z��!;�"
����r �returnc��ddi}|�d�|���D����tj|��S)z@
        Form a success json response with given kwargs
        �result�successc��i|]\}}||��	S�r:)�.0�k�vs   r�
<dictcomp>z$Manager.response.<locals>.<dictcomp>Ls��=�=�=�d�a��Q��=�=�=r )�update�items�json�dumps)�args�kwargs�raw_responses   r�responsezManager.responseFsI��
!�)�,�����=�=�f�l�l�n�n�=�=�=�>�>�>��z�,�'�'�'r c�J�tj�t��S)z 
        Is SSA enabled
        )�osr�isfiler
r2s r�_enabledzManager._enabledOs��
�w�~�~�i�(�(�(r c�
�ddhS)zK
        Configuration settings required Request Processor restart
        �requests_duration�ignore_listr:r2s r�_restart_required_settingsz"Manager._restart_required_settingsVs��
$�]�3�3r c�
�hd�S)N>�time�correlation�domains_number�request_number�correlation_coefficientr:r2s r�solo_filtered_settingszManager.solo_filtered_settings]s��*�*�*�	*r �settingsc�6�|j�|��S)z�
        SSA Agent requires restart in case of changing these configuration:
            - requests_duration
            - ignore_list
        )rN�intersection)r3rVs  r�_restart_requiredzManager._restart_requiredbs���.�;�;�H�E�E�Er F�commandc��	tjdd|gdd|���}|j�d|�d����n#tj$r�}|j�dt
|j��t
|j��t
|j	��|j|j|j	|j
d��	��td
|j�d|j�d|j	p|j
�����d
}~w|j$rS}|j�dt
|��dt
|��i�	��td|�d|�����d
}~wwxYw|S)z�
        Run /sbin/service utility to make given operation with SSA Agent service
        :command: command to invoke
        :check_retcode: whether to run with check or not
        :return: subprocess info about completed process
        z
/sbin/servicez	ssa-agentT)�capture_output�text�checkz
ssa-agent z
 succeededz$SSA Agent %s failed with code %s: %s)�cmd�retcode�stdout�stderr��extraz
SSA Agent z failed with code z: Nz&Failed to run %s command for SSA Agent�errzFailed to run z for SSA Agent: )
r/�runr$�info�CalledProcessError�error�strr_�
returncoderarbrr1)r3rZ�
check_retcoder7�es     r�run_service_utilityzManager.run_service_utilityjs���	?��^�_�%0�%,�%.�48�d�*7�	9�9�9�F�

�K���=�'�=�=�=�>�>�>�>���,�		^�		^�		^��K���6��A�E�
�
��A�L�!�!��A�H�
�
��e���!"��Q�X�?�?�
�
@�
@�
@�"�\�Q�U�\�\�a�l�\�\�a�h�FZ�RS�RZ�\�\�^�^�
^������%�	?�	?�	?��K���F��G���%*�C��F�F�O�
�
5�
5�
5�!�=��=�=�!�=�=�?�?�
?�����	?����
�
s#�9=�E�BC(�(
E�5AE�ErCc��t��}|�|��	|���nO#t$rB}|j�ddt
|��i���td|�����d}~wwxYw|�|��r|�	dd���|�
��S)	z�
        Change SSA config and restart it.
        :args: dict to override current option values
        :return: JSON encoded result of the action
        z Failed to update SSA config filerercz"Failed to update SSA config file: N�restartT�rl)r�override�write_ssa_confr-r$rirjrrYrnrF)r3rC�configrms    r�
set_configzManager.set_config�s���'�(�(���������	L��!�!�#�#�#�#���	L�	L�	L��K���@�%*�C��F�F�O�
�
5�
5�
5�!�"J�q�"J�"J�K�K�K�����	L����
�!�!�$�'�'�	D��$�$�Y�d�$�C�C�C��}�}���s�:�
B�=B�Bc�J�t��}|�|���S)zV
        Get current SSA config.
        :return: JSON encoded current config
        )rt)r	rF)r3�full_configs  r�
get_configzManager.get_config�s#��
)�*�*���}�}�K�}�0�0�0r c�D�|jrdnd}|�|���S)zY
        Get current status of SSA.
        :return: JSON encoded current status
        �enabled�disabled)�
ssa_status)rJrF)r3�statuss  r�get_ssa_statuszManager.get_ssa_status�s(��
#�m�;������}�}��}�/�/�/r c��|js<|���|���|���|���S)a�
        Enable SSA:
            - add clos_ssa extension for each PHP version on server
            - add clos_ssa extension into cagefs for each user and each ver
            - start SSA Agent (if it is not already started)
            - restart Apache (etc.) and FPM, reset CRIU images
            - create flag_file indicating that SSA is enabled successfully
        :return: JSON encoded current status
        )rJ�
generate_inis�start_ssa_agent�create_flagr~r2s r�
enable_ssazManager.enable_ssa�sV���}�	���� � � �� � �"�"�"��������"�"�$�$�$r c��|jr<|���|���|���|���S)a{
        Disable SSA:
            - remove clos_ssa extension for each PHP version on server
            - remove clos_ssa extension from cagefs for each user and each ver
            - stop SSA Agent
            - restart Apache (etc.) and FPM, reset CRIU images
            - remove flag_file indicating that SSA is enabled
        :return: JSON encoded current status
        )rJ�remove_clos_inis�stop_ssa_agent�remove_flagr~r2s r�disable_ssazManager.disable_ssa�sV���=�	��!�!�#�#�#����!�!�!��������"�"�$�$�$r c��d�t�����D��}|�|t��|jrdnd|���t
��������S)z�
        Get SSA statistics.
        Includes:
        - config values
        - version
        - SSA status (enabled|disabled)
        - SSA Agent status (active|inactive)
        :return: JSON encoded current statistics
        c�X�i|]'\}}|t|�������(Sr:)rj�lower)r;�key�values   rr>z%Manager.get_stats.<locals>.<dictcomp>�s<��1�1�1�z�s�E�3��E�
�
�(�(�*�*�1�1�1r rzr{)rt�versionr}�agent_status�autotracing)r	r@rFrrJ�status_ssa_agentr
�	get_stats)r3�_configs  rr�zManager.get_stats�s���1�1�%�'�'�-�-�/�/�1�1�1���}�}���M�M� $�
�=�9�9�:��.�.�0�0�"���.�.�0�0��
�
�	
r �dir_pathc�.���fd�|jD��}|S)z6
        Checking for substrings in a string.
        c�>��g|]}tj|����|��Sr:)�re�search)r;�	substringr�s  �r�
<listcomp>z+Manager.unused_dir_path.<locals>.<listcomp>�s9���2�2�2�Y��)�I�x�0�0�2�y�2�2�2r )r))r3r��ress ` r�unused_dir_pathzManager.unused_dir_path�s2���2�2�2�2�$�*N�2�2�2���
r �php_root�patternsc���|D]E}tj�||��}tj�|��r|cS�F|r&tj�||d��ndS)z�
        Search for clos_ssa.so module in php_root using a list of patterns.
        Returns the first found module path, or the first pattern as expected path if none exist.
        r�)rHr�join�exists)r3r�r��pattern�module_paths     r�_find_module_in_rootzManager._find_module_in_root�su��
 �	#�	#�G��'�,�,�x��9�9�K��w�~�~�k�*�*�
#�"�"�"�"�
#�7?�F�r�w�|�|�H�h�q�k�2�2�2�B�Fr �ini_pathc��|�d��r:d|vr6|�d��d}|�||j��S|�d��rPd|vrL|�dd��}|�d��d}|�||j��S|�d	��r:d|vr6|�d��d}|�||j��S|�d
��r:d|vr6|�d��d}|�||j��S|�d��rjd|vrf|�d��d}t
ttj	�
||j������}|r|dSd
S|�d��rjd|vrf|�d��d}t
ttj	�
||j������}|r|dSd
S|�d��rXd|vrT|�d��d�d��d}d|��}|�||j��Sd
S)z�
        Determine the path to clos_ssa.so module based on ini_path.
        Returns the expected module path, or empty string if not found.
        z/opt/alt/phpz
/link/confrz4/usr/share/cagefs/.cpanel.multiphp/opt/cpanel/ea-phpz/root/etc/php.dz"/usr/share/cagefs/.cpanel.multiphpz/usr/share/cagefs-skeletonz
/etc/php.dz/opt/cpanel/ea-phpz/opt/plesk/php/z(/usr/share/cagefs-skeleton/usr/local/phpz/lib/php.conf.dr�z/usr/local/phpz/var/cagefs/z/etc/cl.php.d/alt-phprrz&/usr/share/cagefs-skeleton/opt/alt/php)�
startswithrr�r&�replacer'�listrrHrr�r()r3r�r��
skeleton_path�possible_paths�php_ver�
skeleton_roots       r�get_module_pathzManager.get_module_path�s������~�.�.�	V�<�8�3K�3K��~�~�l�3�3�A�6�H��,�,�X�t�7T�U�U�U����U�V�V�	V�[l�px�[x�[x�$�,�,�-Q�So�p�p�M�$�*�*�<�8�8��;�H��,�,�X�t�7T�U�U�U����3�4�4�	V�9J�h�9V�9V��~�~�l�3�3�A�6�H��,�,�X�t�7T�U�U�U����0�1�1�	T�l�h�6N�6N��~�~�l�3�3�A�6�H��,�,�X�t�7R�S�S�S����I�J�J�	�O`�dl�Ol�Ol��~�~�&7�8�8��;�H�!�%�����X�t�?c�(d�(d�"e�"e�f�f�N��
)�%�a�(�(��2�
���/�0�0�	�5F�(�5R�5R��~�~�&7�8�8��;�H�!�%�����X�t�?c�(d�(d�"e�"e�f�f�N��
)�%�a�(�(��2����~�.�.�	[�3J�h�3V�3V��n�n�%<�=�=�a�@�F�F�s�K�K�A�N�G�N�W�N�N�M��,�,�]�D�<Y�Z�Z�Z��rr c#�vK�|jD]0}t|��D]}|�|��r�d|fV���1|jD]v}t|d��D]^}|�|��r�	|d|��}|j|jf|fV��=#|j�d|��Y�\xYw�wdS)z�
        Generator of existing paths (matching known wildcard locations)
        for additional ini files
        Returns tuple of (uid, gid) and path.
        )rrrr!zhUnable to get information about user owning %s directory (maybe he`s already terminated?), skip updatingN)r*rr�r,�pw_uid�pw_gidr$rg)r3�locationr��	pw_records    r�existing_pathszManager.existing_paths9s0�����3�	'�	'�H�!�(�O�O�
'�
'���'�'��1�1����h�&�&�&�&�&�
'�
�8�	I�	I�H�!�(�6�"2�3�3�
I�
I���'�'��1�1���I� 0��� 0�� :� :�I�%�+�Y�-=�>��H�H�H�H�H��
��K�$�$�&5�6>�@�@�@��H����
I�	I�	Is�2B�B5c#�K�	tj|��tj|��dV�tjd��tjd��dS#tjd��tjd��wxYw)z�
        Dive into user context by dropping permissions
        to avoid most of the security issues.

        Does not cover cagefs case because it also requires nsenter,
        which is only available with execve() call in our system
        Nr)rH�setegid�seteuid)r3�uid�gids   r�
_user_contextzManager._user_contextSsn����	��J�s�O�O�O��J�s�O�O�O��E�E�E��J�q�M�M�M��J�q�M�M�M�M�M��
�J�q�M�M�M��J�q�M�M�M�M���s�,A�*Br�r�Nc�T�|�|��}|s|j�d|��dStj�|���s|j�d||��tj�||j��}tj�|��r�	|�	||��5tj
|��|j�d|��ddd��n#1swxYwYn@#t$r3}|j�d|t|����Yd}~nd}~wwxYwdStj�||j��}|�	||��5t��5t|d��5}|j�d|��|�d��ddd��n#1swxYwYddd��n#1swxYwYddd��dS#1swxYwYdS)	zB
        Enable SSA extension for single ini_path (given)
        z<Cannot determine module path for %s, skipping ini generationNz8Module %s does not exist, skipping ini generation for %sz&Removed ini file %s (module not found)z Failed to remove ini file %s: %s�wzGenerating %s file...zextension=clos_ssa.so
)r�r$�warningrHrr�rgr�r%r��unlink�	Exceptionrjr�open�write)	r3r�r�r�r��
ini_file_pathrmr�inis	         r�generate_single_inizManager.generate_single_inies)��
�*�*�8�4�4���	��K��� ^�`h�i�i�i��F��w�~�~�k�*�*�	��K���W�Yd�fn�o�o�o��G�L�L��4�3E�F�F�M��w�~�~�m�,�,�
c�c��+�+�C��5�5�b�b��	�-�0�0�0���(�(�)Q�S`�a�a�a�b�b�b�b�b�b�b�b�b�b�b����b�b�b�b���!�c�c�c��K�'�'�(J�M�[^�_`�[a�[a�b�b�b�b�b�b�b�b�����c�����F��w�|�|�H�d�&8�9�9��
�
�
��S�
)�
)�	1�	1����	1�	1��T�3���	1�#&��K���4�d�;�;�;��I�I�/�0�0�0�		1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1����	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1����	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1�	1����	1�	1�	1�	1�	1�	1s��6D�0D�<D�D�D�D�D�
E�)E�E�H� H�11G.�"H�.G2�2H�5G2�6H�9H�H		�	H�H		�
H�H!�$H!c	��|j�d��|���D]�\\}}}	|�|||���!#t$r|j�d|��Y�Ht
$r3}|j�d|t|����Yd}~�d}~wwxYw|j�d��dS)zj
        Place clos_ssa.ini into each existing Additional ini path,
        including cagefs ones
        z Generating clos_ssa.ini files...z>Unable to update file %s, possible permission misconfigurationz7Exception on generating clos_ssa.ini: "%s", error: "%s"N�	Finished!)r$rgr�r��PermissionErrorr�rirj)r3r�r�r�rms     rr�zManager.generate_inis�s
��
	
����;�<�<�<�$(�$7�$7�$9�$9�		�		� �J�S�#��
��(�(��c�8�<�<�<�<��"�
�
�
��� � �"H�IQ�S�S�S����
�
�
���!�!�"[�]e�gj�kl�gm�gm�n�n�n����������
����	
�����%�%�%�%�%s�A�%B3�7	B3�)B.�.B3c#��K�|���D]O\\}}}tj|��D]2}|j|vr�||ftj�||��fV��3�PdS)z�
        Generator function searching for clos_ssa.ini files
        in all existing Additional ini paths
        Returns tuple of (uid, gid) and path.
        N)r�rH�listdirr%rr�)r3r�r�r��names     r�find_clos_iniszManager.find_clos_inis�s�����%)�$7�$7�$9�$9�	?�	?� �J�S�#���
�8�,�,�
?�
?���%�T�1�1���C�j�"�'�,�,�x��">�">�>�>�>�>�>�
?�	?�	?r c	��|j�d��|���D]�\\}}}	|�||��5t	j|��ddd��n#1swxYwY�L#t$r3}|j�d|t|����Yd}~��d}~wwxYw|j�d��dS)z8
        Remove all gathered clos_ssa.ini files
        zRemoving clos_ssa.ini files...Nz5Exception on removing clos_ssa.ini: "%s", error: "%s"r�)	r$rgr�r�rHr�r��	exceptionrj)r3r�r��clos_inirms     rr�zManager.remove_clos_inis�s.��	
����9�:�:�:�$(�$7�$7�$9�$9�	�	� �J�S�#��
��'�'��S�1�1�(�(��I�h�'�'�'�(�(�(�(�(�(�(�(�(�(�(����(�(�(�(����
�
�
���%�%�&]�_g�il�mn�io�io�p�p�p����������
����	
�����%�%�%�%�%s;�A;�A/�#A;�/A3	�3A;�6A3	�7A;�;
B8�)B3�3B8c��|�d��}|jr|�dd���dS|�dd���dS)ze
        Start SSA Agent service
        or restart it if it is accidentally already running
        r}�startTrqrpN�rnrk�r3r�s  rr�zManager.start_ssa_agent�sa��
�/�/��9�9���"�	D��$�$�W�D�$�A�A�A�A�A��$�$�Y�d�$�C�C�C�C�Cr c�p�|�d��}|js|�dd���dSdS)z`
        Stop SSA Agent service
        or do nothing if it is accidentally not running
        r}�stopTrqNr�r�s  rr�zManager.stop_ssa_agent�sN��
�/�/��9�9���&�	A��$�$�V�4�$�@�@�@�@�@�	A�	Ar c�Z�	|�dd���n#t$rYdSwxYwdS)z:
        Get SSA Agent status: active or inactive
        r}Trq�inactive�active)rnrr2s rr�zManager.status_ssa_agent�sJ��	��$�$�X�T�$�B�B�B�B���	�	�	��:�:�	�����xs��
(�(c��ttd��5	ddd��n#1swxYwY|j�dt�d���dS)zE
        Create a flag file indicating successful enablement
        r�N�
Flag file z created)r�r
r$rgr2s rr�zManager.create_flag�s����)�S�
!�
!�	�	��	�	�	�	�	�	�	�	�	�	�	����	�	�	�	�����9�i�9�9�9�:�:�:�:�:s�$�(�(c	��	tjt��|j�dt�d���dS#t
$r=}|j�dt�dt|������Yd}~dSd}~wwxYw)z:
        Remove a flag file indicating enablement
        r�z removedz removal failed: N)rHr�r
r$rgr-r�rj)r3rms  rr�zManager.remove_flag�s���	C��I�i� � � ��K���=�)�=�=�=�>�>�>�>�>���	C�	C�	C��K���A�Y�A�A��Q���A�A�
C�
C�
C�
C�
C�
C�
C�
C�
C�����	C���s�<A�
B�
2B�Bc�\�t�����}|jdi|��S)zG
        Get last report.
        :return: JSON encoded report
        r:)r�get_json_reportrF)r3�reports  r�
get_reportzManager.get_report�s1��
���0�0�2�2���t�}�&�&�v�&�&�&r c�@�|jr|���dSdS)z@
        Regenerates clos_ssa inis while SSA is enabled
        N)rJr�r2s r�regenerate_iniszManager.regenerate_inis�s0���=�	!���� � � � � �	!�	!r )F)r5N)-�__name__�
__module__�__qualname__�__doc__r4�staticmethodrjrF�property�boolrJ�setrNrUr+rYr/�CompletedProcessrnrurxr~r�r�r�r�r�r�r�r�intr�rr�r�r�r�r�r�r�r�r�r�r�r�r:r rrrs��������� 
� 
� 
�D�(�S�(�(�(��\�(��)�$�)�)�)��X�)��4�C�4�4�4��X�4��*��*�*�*��X�*�F�$�F�3�F�F�F�F�+0���3��4>�4O�����@�t�������&1�C�1�1�1�1�0��0�0�0�0�%�C�%�%�%�%�"%�S�%�%�%�%�"
�3�
�
�
�
�(��������
G�S�
G�D�
G�S�
G�
G�
G�
G�@��@��@�@�@�@�DI��e�C��H�o�s�&:� ;�I�I�I�I�4����^��"1�s�1��1��1��1�1�1�1�<&�&�&�&�$
?��e�C��H�o�s�&:� ;�
?�
?�
?�
?�&�&�&�&� 	D�	D�	D�	D�A�A�A�A��#�����;�;�;�;�	C�	C�	C�	C�'�C�'�'�'�'�!�!�!�!�!�!r rr5�Manager instancec��t��S)zk
    Factory function for appropriate manager initialization
    :return: appropriate manager instance
    )rr:r r�initialize_managerr��s��
�9�9�r )r5r�)r�rAr"rHrr�r/�
contextlibr�globr�secureior�typingr�
configurationrr	�internal.constantsr
�internal.exceptionsr�internal.utilsr�modules.autotracerr
�modules.decision_makerrrr�r:r r�<module>r�sS������������	�	�	�	�
�
�
�
�	�	�	�	�����%�%�%�%�%�%�������"�"�"�"�"�"�������D�D�D�D�D�D�D�D�)�)�)�)�)�)�0�0�0�0�0�0�'�'�'�'�'�'�*�*�*�*�*�*�1�1�1�1�1�1�P!�P!�P!�P!�P!�P!�P!�P!�f�����r
@ Telegram