Mini Shell

Direktori : /usr/share/cagefs/
Upload File :
Current File : //usr/share/cagefs/clean_user_php_sessions

#!/opt/cloudlinux/venv/bin/python3 -bb

from __future__ import absolute_import
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
from future import standard_library
standard_library.install_aliases()
from builtins import *
import os
import sys
import glob
import secureio
from clcommon import login_defs
from future.utils import iteritems, itervalues
sys.path.append('/usr/share/cagefs')
from cagefslib import (
    clean_dir_from_old_session_files,
    get_opts_from_php_ini, get_alt_dirs,
    is_clean_user_php_sessions_enabled
)

VERSIONS = {}
EA_PATH = "/opt/cpanel/%s/root/etc/"
ALT_PATH = "/opt/alt/%s/etc/php.ini"

# default period 1440 sec = 24 min
_DEFAULT_TIMEOUT = 1440


def init_versions():
    global VERSIONS
    versions = lambda l: [os.path.basename(p) for p in l]
    if len(VERSIONS) == 0:
        VERSIONS["EA"] = versions(glob.glob("/etc/scl/prefixes/ea-php[0-9]*"))
        VERSIONS["ALT"] = get_alt_dirs()
    return VERSIONS


def get_ea_versions():
    versions = init_versions()
    return versions["EA"]


def get_alt_versions():
    versions = init_versions()
    return versions["ALT"]


def clean_user(pwnam, paths):
    """
    Drop permissions to given user and clean all session files given with paths dict
    :param object pwnam: pwnam object for some system user
    :param dict paths: looks like {"path": maxlifetime} where path is str and maxlifetime is int
    """
    # Drop permissions
    res = secureio.set_user_perm(pwnam.pw_uid, pwnam.pw_gid, exit=False)
    if res == -1:
        return

    for path, mlt in paths.items():
        dir_path = os.path.join(pwnam.pw_dir, ".cagefs", path.lstrip("/"))
        clean_dir_from_old_session_files(dir_path, mlt)

    # get back root permissions
    secureio.set_root_perm()


def main():
    if not is_clean_user_php_sessions_enabled():
        sys.exit(0)
    paths = {}

    def patch_paths(ini_path, default_path="/tmp"):
        (path, mlt) = get_opts_from_php_ini(ini_path, _DEFAULT_TIMEOUT, default_path)
        if path is None or mlt is None:
            return
        if path in paths and paths[path] > mlt:
            paths[path] = mlt
        elif paths.get(path) is None:
            paths[path] = mlt

    if os.path.exists('/etc/cpanel/ea4/is_ea4'):
        for ea_php in get_ea_versions():
            _path = EA_PATH % ea_php
            # Since cPanel 65.9999, etc/php.d/local.ini is located now in etc/php.ini
            old_cpanel_path = os.path.join(_path, "php.d/local.ini")
            new_cpanel_path = os.path.join(_path, "php.ini")
            if os.path.exists(old_cpanel_path):
                ea_path = old_cpanel_path
            else:
                ea_path = new_cpanel_path
            patch_paths(ea_path)
    else:
        # get sessions dir for EA3
        patch_paths('/usr/local/lib/php.ini')

    for alt_php in get_alt_versions():
        patch_paths(ALT_PATH % alt_php)

    min_uid = int(login_defs('UID_MIN', 500))
    for pwnam in secureio.clpwd.get_user_dict().values():
        if pwnam.pw_uid >= min_uid:
            clean_user(pwnam, paths)


if __name__ == "__main__":
    main()

Zerion Mini Shell 1.0