PK���ȼRY��������€��� �v3.phpUT
�øŽg‰gñ“gux�
õ
��õ
��½T]kÛ0}߯pEhìâÙM7X‰çv%”v0֐µ{)Aå:6S$!ÉMJèߕ?R÷!>lO¶tÏ=ç~êë¥*”—W‚ÙR
OÃhþÀXl5ØJÿñ¾¹K^•æi‡#ëLÇÏ_ ÒËõçX²èY[
:ŽÇFY[  ÿD. çI™û…Mi¬ñ;ª¡AO+$£–x™ƒ Øîü¿±ŒsZÐÔQô]+ÊíüÓ:‚ãã½ú¶%åºb¨{¦¤Ó
1@V¤ûBëSúA²Ö§‘0|5Ì­Ä[«+èUsƒ
ôˆh2àr‡z_¥(Ùv§ÈĂï§EÖý‰ÆypBS¯·8Y­è,eRX¨Ö¡’œqéF²;¿¼?Ø?Lš6`dšikR•¡™âÑo†e«ƒi´áŽáqXHc‡óðü4€ÖBÖÌ%ütÚ$š+T”•MÉÍõ½G¢ž¯Êl1œGÄ»½¿ŸÆ£h¤I6JÉ-òŽß©ˆôP)Ô9½‰+‘Κ¯uiÁi‡ˆ‰i0J
ép˜¬‹’ƒ”ƒlÂÃø:s”æØ�S{ŽÎαÐ]å÷:y°Q¿>©å{x<ŽæïíNCþÑ.Mf?¨«2ý}=ûõýî'=£§ÿu•Ü(—¾IIa­"éþ@¶�¿ä
9?^-qìÇÞôvŠeÈc ðlacã®xèÄ'®âd¶çˆSEæódP/ÍÆv{Ô)Ó
?>…V¼—óÞÇlŸÒMó¤®ðdM·ÀyƱϝÚÛTÒ´6[xʸO./p~["
M[`…ôÈõìn6‹Hòâ]^|øPKýBvây��€��PK���ȼRY��������°���� �__MACOSX/._v3.phpUT
�øŽg‰gþ“gux�
õ
��õ
��c`cg`b`ðMLVðVˆP€'
qƒøˆŽ!!AP&HÇ
%PDF-1.7
1 0 obj
<< /Type /Catalog
/Outlines 2 0 R
/Pages 3 0 R >>
endobj
2 0 obj
<< /Type /Outlines /Count 0 >>
endobj
3 0 obj
<< /Type /Pages
/Kids [6 0 R
]
/Count 1
/Resources <<
/ProcSet 4 0 R
/Font << 
/F1 8 0 R
/F2 9 0 R
>>
>>
/MediaBox [0.000 0.000 595.280 841.890]
 >>
endobj
4 0 obj
[/PDF /Text ]
endobj
5 0 obj
<<
/Producer (���d�o�m�p�d�f� �2�.�0�.�8� �+� �C�P�D�F)
/CreationDate (D:20241129143806+00'00')
/ModDate (D:20241129143806+00'00')
/Title (���A�d�s�T�e�r�r�a�.�c�o�m� �i�n�v�o�i�c�e)
>>
endobj
6 0 obj
<< /Type /Page
/MediaBox [0.000 0.000 595.280 841.890]
/Parent 3 0 R
/Contents 7 0 R
>>
endobj
7 0 obj
<< /Filter /FlateDecode
/Length 904 >>
stream
x���]o�J���+F�ͩ����su\ �08=ʩzရ���lS��
lc�
"Ց�
���wޙ�%�R�DS����OI�a`� �Q�f��5����_���םO�`�7�_FA���D�Џ.j�a=�j����>��n���R+�P��l�rH�{0��w��0��=W�2D
����G���I�>�_B3ed�H�yJ�G>/��ywy�fk��%�$�2.��d_�h����&)b0��"[\B��*_.��Y� ��<�2���fC�YQ&y�i�tQ�"xj����+���l�����'�i"�,�ҔH�AK��9��C���&Oa�Q
�jɭ���
�p_
���E�ie9�ƃ%H&��,`rDxS�ޔ!�(�X!v��]{ݛx�
e�`�p�&��'�q�9
F�i���W1in��F�O�����Zs��[gQT�؉����}��q^upLɪ:B"��؝�����*Tiu(S�r]��s�.��s9n�N!K!L�M�?�*[��N�8��c��ۯ�b������YZ���SR3�n�����lPN��P�;��^�]�!'�z-���ӊ���/��껣��4�l(M�E�QL��X��~���G��M|�����*��~�;/=N4�-|y�`�i�\�e�T�<���L��G}�"В�J^���q��"X�?(V�ߣXۆ{��H[����P���c���kc�Z�9v�����?�a��R�h|��^�k�D4W���?Iӊ�]<��4�)$wdat���~���������
��|�L��x�p|N�*��E��/4�Qpi�x.>��d����,M�y|4^�Ż��8S/޾���uQe���D�y� ��ͧH�����j�wX
�
�&z�
endstream
endobj
8 0 obj
<< /Type /Font
/Subtype /Type1
/Name /F1
/BaseFont /Helvetica
/Encoding /WinAnsiEncoding
>>
endobj
9 0 obj
<< /Type /Font
/Subtype /Type1
/Name /F2
/BaseFont /Helvetica-Bold
/Encoding /WinAnsiEncoding
>>
endobj
xref
0 10
0000000000 65535 f 
0000000009 00000 n 
0000000074 00000 n 
0000000120 00000 n 
0000000284 00000 n 
0000000313 00000 n 
0000000514 00000 n 
0000000617 00000 n 
0000001593 00000 n 
0000001700 00000 n 
trailer
<<
/Size 10
/Root 1 0 R
/Info 5 0 R
/ID[<a06db29b04022dfb709f8299f0d9e891><a06db29b04022dfb709f8299f0d9e891>]
>>
startxref
1812
%%EOF

<br />
<b>Warning</b>:  Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in <b>/home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php</b> on line <b>128</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in <b>/home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php</b> on line <b>129</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in <b>/home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php</b> on line <b>130</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in <b>/home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php</b> on line <b>131</b><br />
# -*- coding: utf-8 -*-
#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2021 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENCE.TXT
#
import os
import pathlib
import secrets
import shutil
from pathlib import Path

from clcommon import ClPwd
from clcommon.clpwd import drop_privileges

from clcagefslib.fs import get_user_var_cagefs_path
from clcagefslib.io import write_via_tmp

# FNV-1a 64-bit hash constants (must match jail C implementation)
_FNV_OFFSET_BASIS = 14695981039346656037
_FNV_PRIME = 1099511628211


def get_jail_config_path(user):
    cagefs_dir = get_user_var_cagefs_path(user)
    return pathlib.Path(f"{cagefs_dir}/.cagefs/isolates.mounts")


def get_website_id(document_root: str):
    """
    Generates unique id for an isolate website using FNV-1a 64-bit hash.
    FNV-1a has excellent avalanche properties and distribution.
    Must match the docroot_hash() function in jail C code.
    """
    hash_value = _FNV_OFFSET_BASIS
    for char in document_root.encode("utf-8"):
        hash_value ^= char
        hash_value = (hash_value * _FNV_PRIME) & 0xFFFFFFFFFFFFFFFF  # Keep 64-bit
    return f"{hash_value:016x}"


def create_website_token_directory(user: str, document_root: str):
    """
    Create website token directory structure and files in /var/cagefs.

    Creates:
    - /var/cagefs/<user>/.cagefs/website/<website_id>/ - token directory
    """
    pw = ClPwd().get_pw_by_name(user)
    website_id = get_website_id(document_root)

    # Token directory in /var/cagefs
    website_base_dir = Path(get_user_var_cagefs_path(user)) / ".cagefs/website"
    website_dir = website_base_dir / website_id

    # mode to prevent directory listing by other users
    website_base_dir.mkdir(exist_ok=True, parents=True, mode=0o751)
    # mode to allow user list /var/.cagefs when it's mounted for website
    website_dir.mkdir(exist_ok=True, mode=0o755)

    token = _generate_password(32)

    # create token file read-only for owner, others cannot read it
    # this replicates behavior of regular token
    # note: user can still use chown to change it
    token_file_path = f"{website_dir}/.cagefs.token"
    write_via_tmp(website_dir, token_file_path, token)
    os.chmod(token_file_path, 0o400)
    os.chown(token_file_path, pw.pw_uid, 0)

    # create file with document root path
    # that we can use as trusted source in proxyexec
    docroot_file_path = f"{website_dir}/.cagefs.website"
    write_via_tmp(website_dir, docroot_file_path, document_root)
    # only read permissions, without modification
    # we use this marker as a trusted source of document root
    # it should not be modifiable by user in any way
    os.chmod(docroot_file_path, 0o444)
    os.chown(docroot_file_path, 0, 0)


def create_overlay_storage_directory(user: str, document_root: str):
    """
    Create overlay storage directory in user's home.

    Creates:
    - <homedir>/.cagefs/websites/<website_id>/ - storage base for overlays

    Drops privileges to user before creating to ensure proper ownership.
    """
    pw = ClPwd().get_pw_by_name(user)
    if not Path(pw.pw_dir).exists():
        return
    storage_base = Path(full_website_path(pw.pw_dir, document_root))

    with drop_privileges(user):
        storage_base.mkdir(exist_ok=True, parents=True, mode=0o750)


def remove_website_token_directory(user: str, document_root: str):
    """
    Remove website token directory structure and files.
    """
    website_base_dir = Path(get_user_var_cagefs_path(user)) / ".cagefs/website"

    website_dir = website_base_dir / get_website_id(document_root)

    if website_dir.exists():
        shutil.rmtree(website_dir)


def website_suffix_with_hash(docroot):
    """
    Returns path: websites/<document_root_hash>
    """
    return os.path.join("websites", get_website_id(docroot))


def full_website_path(homedir, docroot):
    """
    Returns <homedir>/.cagefs/websites/<document_root_hash>
    """
    return os.path.join(homedir, ".cagefs", website_suffix_with_hash(docroot))


def invalidate_ns_cache(user: str, document_root: str):
    """
    Removes cached namespace from disk
    """
    website_base_dir = Path(get_user_var_cagefs_path(user)) / ".cagefs/website"
    website_dir = website_base_dir / get_website_id(document_root)
    (website_dir / ".cagefs.mnt").unlink(missing_ok=True)


def _generate_password(length):
    """
    Generate a random password/token using the same algorithm as the C function.
    Uses cryptographically secure random bytes and converts them to alphanumeric characters.
    """
    if length == 0 or length > 256:
        raise ValueError("Invalid buffer length requested")

    charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
    charset_size = len(charset)

    # Generate random bytes
    random_bytes = secrets.token_bytes(length)

    # Convert bytes to alphanumeric characters
    result = "".join(charset[b % charset_size] for b in random_bytes)
    return result