| Server IP : 184.154.167.98 / Your IP : 3.139.104.140 Web Server : Apache System : Linux pink.dnsnetservice.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 User : puertode ( 1767) PHP Version : 7.2.34 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/share/cagefs/ |
Upload File : |
#!/opt/cloudlinux/venv/bin/python3 -bb
from __future__ import absolute_import
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
from future import standard_library
standard_library.install_aliases()
from builtins import *
import os
import sys
import glob
import secureio
from clcommon import login_defs
from future.utils import iteritems, itervalues
sys.path.append('/usr/share/cagefs')
from cagefslib import (
clean_dir_from_old_session_files,
get_opts_from_php_ini, get_alt_dirs,
is_clean_user_php_sessions_enabled
)
VERSIONS = {}
EA_PATH = "/opt/cpanel/%s/root/etc/"
ALT_PATH = "/opt/alt/%s/etc/php.ini"
# default period 1440 sec = 24 min
_DEFAULT_TIMEOUT = 1440
def init_versions():
global VERSIONS
versions = lambda l: [os.path.basename(p) for p in l]
if len(VERSIONS) == 0:
VERSIONS["EA"] = versions(glob.glob("/etc/scl/prefixes/ea-php[0-9]*"))
VERSIONS["ALT"] = get_alt_dirs()
return VERSIONS
def get_ea_versions():
versions = init_versions()
return versions["EA"]
def get_alt_versions():
versions = init_versions()
return versions["ALT"]
def clean_user(pwnam, paths):
"""
Drop permissions to given user and clean all session files given with paths dict
:param object pwnam: pwnam object for some system user
:param dict paths: looks like {"path": maxlifetime} where path is str and maxlifetime is int
"""
# Drop permissions
res = secureio.set_user_perm(pwnam.pw_uid, pwnam.pw_gid, exit=False)
if res == -1:
return
for path, mlt in paths.items():
dir_path = os.path.join(pwnam.pw_dir, ".cagefs", path.lstrip("/"))
clean_dir_from_old_session_files(dir_path, mlt)
# get back root permissions
secureio.set_root_perm()
def main():
if not is_clean_user_php_sessions_enabled():
sys.exit(0)
paths = {}
def patch_paths(ini_path, default_path="/tmp"):
(path, mlt) = get_opts_from_php_ini(ini_path, _DEFAULT_TIMEOUT, default_path)
if path is None or mlt is None:
return
if path in paths and paths[path] > mlt:
paths[path] = mlt
elif paths.get(path) is None:
paths[path] = mlt
if os.path.exists('/etc/cpanel/ea4/is_ea4'):
for ea_php in get_ea_versions():
_path = EA_PATH % ea_php
# Since cPanel 65.9999, etc/php.d/local.ini is located now in etc/php.ini
old_cpanel_path = os.path.join(_path, "php.d/local.ini")
new_cpanel_path = os.path.join(_path, "php.ini")
if os.path.exists(old_cpanel_path):
ea_path = old_cpanel_path
else:
ea_path = new_cpanel_path
patch_paths(ea_path)
else:
# get sessions dir for EA3
patch_paths('/usr/local/lib/php.ini')
for alt_php in get_alt_versions():
patch_paths(ALT_PATH % alt_php)
min_uid = int(login_defs('UID_MIN', 500))
for pwnam in secureio.clpwd.get_user_dict().values():
if pwnam.pw_uid >= min_uid:
clean_user(pwnam, paths)
if __name__ == "__main__":
main()