PK���ȼRY��������€��� �v3.phpUT �øŽg‰gñ“gux �õ��õ��½T]kÛ0}߯pEhìâÙM7X‰çv%”v0֐µ{)Aå:6S$!ÉMJèߕ?R÷!>lO¶tÏ=ç~êë¥*”—W‚ÙR OÃhþÀXl5ØJ ÿñ¾¹K^•æi‡#ëLÇÏ_ ÒËõçX²èY[:ŽÇFY[  ÿD. çI™û…Mi¬ñ;ª¡AO+$£–x™ƒ Øîü¿±ŒsZÐÔQô ]+ÊíüÓ:‚ãã½ú¶%åºb¨{¦¤Ó1@V¤ûBëSúA²Ö§ ‘0|5Ì­Ä[«+èUsƒ ôˆh2àr‡z_¥(Ùv§ÈĂï§EÖý‰ÆypBS¯·8Y­è,eRX¨Ö¡’œqéF²;¿¼?Ø?Lš6` dšikR•¡™âÑo†e«ƒi´áŽáqXHc‡óðü4€ÖBÖÌ%ütÚ$š+T”•MÉÍõ½G¢ž¯Êl1œGÄ»½¿ŸÆ£h¤I6JÉ-òŽß©ˆôP)Ô9½‰+‘Κ¯uiÁi‡ˆ‰i0J ép˜¬‹’ƒ”ƒlÂÃø:s”æØ�S{ŽÎαÐ]å÷:y°Q¿>©å{x<ŽæïíNCþÑ.Mf?¨«2ý}=ûõýî'=£§ÿu•Ü(—¾IIa­"éþ@¶�¿ä9?^-qìÇÞôvŠeÈc ðlacã®xèÄ'®âd¶ çˆSEæódP/ÍÆv{Ô)Ó ?>…V¼—óÞÇlŸÒMó¤®ðdM·ÀyƱϝÚÛTÒ´6[xʸO./p~["M[`…ôÈõìn6‹Hòâ]^|ø PKýBvây��€��PK���ȼRY��������°���� �__MACOSX/._v3.phpUT �øŽg‰gþ“gux �õ��õ��c`cg`b`ðMLVðVˆP€'qƒøˆŽ!!AP&HÇ %PDF-1.7 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R >> >> /MediaBox [0.000 0.000 595.280 841.890] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Producer (���d�o�m�p�d�f� �2�.�0�.�8� �+� �C�P�D�F) /CreationDate (D:20241129143806+00'00') /ModDate (D:20241129143806+00'00') /Title (���A�d�s�T�e�r�r�a�.�c�o�m� �i�n�v�o�i�c�e) >> endobj 6 0 obj << /Type /Page /MediaBox [0.000 0.000 595.280 841.890] /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Filter /FlateDecode /Length 904 >> stream x���]o�J���+F�ͩ����su\ �08=ʩzရ���lS��lc� "Ց� ���wޙ�%�R�DS��� �OI�a`� �Q�f��5����_���םO�`�7�_FA���D�Џ.j�a=�j����>��n���R+�P��l�rH�{0��w��0��=W�2D ����G���I�>�_B3ed�H�yJ�G>/��ywy�fk��%�$�2.��d_�h����&)b0��"[\B��*_.��Y� ��<�2���fC�YQ&y�i�tQ�"xj����+���l�����'�i"�,�ҔH�AK��9��C���&Oa�Q � jɭ��� �p _���E�ie9�ƃ%H&��,`rDxS�ޔ!�(�X!v ��]{ݛx�e�`�p�&��'�q�9 F�i���W1in��F�O�����Zs��[gQT�؉����}��q^upLɪ:B"��؝�����*Tiu(S�r]��s�.��s9n�N!K!L�M�?�*[��N�8��c��ۯ�b�� ��� �YZ���SR3�n�����lPN��P�;��^�]�!'�z-���ӊ���/��껣��4�l(M�E�QL��X ��~���G��M|�����*��~�;/=N4�-|y�`�i�\�e�T�<���L��G}�"В�J^���q��"X�?(V�ߣXۆ{��H[����P�� �c���kc�Z�9v�����? �a��R�h|��^�k�D4W���?Iӊ�]<��4�)$wdat���~�����������|�L��x�p|N�*��E� �/4�Qpi�x.>��d����,M�y|4^�Ż��8S/޾���uQe���D�y� ��ͧH�����j�wX � �&z� endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj xref 0 10 0000000000 65535 f 0000000009 00000 n 0000000074 00000 n 0000000120 00000 n 0000000284 00000 n 0000000313 00000 n 0000000514 00000 n 0000000617 00000 n 0000001593 00000 n 0000001700 00000 n trailer << /Size 10 /Root 1 0 R /Info 5 0 R /ID[] >> startxref 1812 %%EOF
Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 128

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 129

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 130

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 131
# -*- coding: utf-8 -*- # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2021 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENSE.TXT import grp import json import logging import os import pwd import socket import struct from functools import wraps from typing import Callable, Optional, Tuple, Any from clcommon.cpapi import get_main_username_by_uid from clcommon.lib.cledition import is_cl_solo_edition, is_cl_shared_pro_edition from xray import gettext as _ from .constants import user_tasks_count, fpm_reload_timeout from .exceptions import XRayError from .fpm_utils import FPMReloadController from .nginx_utils import NginxUserCache # --------- GLOBALS --------- logger = logging.getLogger('user_plugin_utils') _format = '>I' # --------- FUNCTIONS --------- def pack_request(_input: Any) -> 'json str': """ Pack input for sending """ return json.dumps(_input) def unpack_request(byte_command: bytes) -> Any: """ Unpack incoming command """ _command = byte_command.decode() logger.info('Command requested => %s', _command) return json.loads(_command) def pack_response(msg: bytes) -> bytes: """ Prefix message with a 4-byte length """ logger.debug('Packing message of %i length', len(msg)) return struct.pack(_format, len(msg)) + msg def unpack_response(sock_object: 'socket object') -> bytes: """ Read length-prefixed amount of data from socket """ chunk = 4096 msg = bytes() raw_msglen = sock_object.recv(4) if not raw_msglen: return sock_object.recv(chunk) msglen = struct.unpack(_format, raw_msglen)[0] while len(msg) != msglen: msg += sock_object.recv(chunk) return msg def extract_creds(sock_object: 'socket object') -> Tuple[Any, Any, Any]: """ Retrieve credentials from SO_PEERCRED option """ _format = '3i' creds = sock_object.getsockopt(socket.SOL_SOCKET, socket.SO_PEERCRED, struct.calcsize(_format)) _pid, _uid, _gid = struct.unpack(_format, creds) try: user, group = pwd.getpwuid(_uid).pw_name, grp.getgrgid(_gid).gr_name except KeyError: logger.info('Connected by proc %i of %i:%i', _pid, _uid, _gid) else: logger.info('Connected by proc %i of %i:%i (%s:%s)', _pid, _uid, _gid, user, group) return _pid, _uid, _gid def check_for_root(_uid: int = None) -> bool: """ Check for execution as root | command from root """ if _uid is None: _uid = os.geteuid() return _uid == 0 def get_xray_exec_user() -> Optional[str]: """ Retrieve the value of XRAYEXEC_UID env and resolve it to username """ proxyuid = os.getenv('XRAYEXEC_UID') if proxyuid is not None: _proxyuser = get_main_username_by_uid(int(proxyuid)) logger.info('Got XRAYEXEC_UID: %s (%s), working in USER_MODE', proxyuid, _proxyuser) return _proxyuser def sock_receive(sock_object: 'socket object') -> bytes: """ Read all data from socket object """ data = b'' while True: chunk = sock_object.recv(1024) if not chunk: logger.debug('All data read, connection ended') break data += chunk return data def error_response(msg: str) -> 'json str': """ Construct an appropriate formatted response in case of error """ return json.dumps({'result': msg}, ensure_ascii=False) def nginx_user_cache() -> Optional[bool]: """ Check nginx cache status for current user """ proxyuser = get_xray_exec_user() if proxyuser is not None: return NginxUserCache(proxyuser).is_enabled def root_execution_only_check() -> None: """ Check if utility is executed as root and throw error in case if no """ if not check_for_root(): raise SystemExit( error_response(_('Only root is allowed to execute this utility'))) # --------- DECORATORS --------- def user_mode_verification(func: Callable) -> Callable: """ Decorator aimed to verify domain owner in X-Ray Manager user mode Applies to get_domain_info method """ def verify(data): """ If exists, check XRAYEXEC_UID against domain owner """ proxyuser = get_xray_exec_user() if proxyuser is not None and data.user != proxyuser: logger.warning('%s does not belong to user %s', data, proxyuser) raise XRayError(_('%s cannot be found') % str(data)) @wraps(func) def wrapper(*args, **kwargs): """ Wraps func """ info = func(*args, **kwargs) verify(info) return info return wrapper def user_mode_restricted(func: Callable) -> Callable: """ Decorator aimed to check if user is not hitting limit of running tasks, set in X-Ray Manager user mode. Applies to start and continue methods. Limiting of user's running tasks is applied to Shared PRO only. """ def check(*args): """ If XRAYEXEC_UID exists, check if user does not exceed limit of running tasks """ # TODO: [unification] ensure is_cl_shared_pro_edition really needed here # https://cloudlinux.atlassian.net/browse/XRAY-244 - (seems yes) if not is_cl_shared_pro_edition(skip_jwt_check=True): return proxyuser = get_xray_exec_user() if proxyuser is not None: ui_api_cli_instanse = args[0].ui_api_client resp = ui_api_cli_instanse.get_task_list() list_of_tasks = resp.get('result') if list_of_tasks is not None: running_count = len([item for item in list_of_tasks if item.get('status') == 'running']) if running_count >= user_tasks_count: raise XRayError( _('Limit of running tasks is {}. ' 'You already have {} running task'.format(str(user_tasks_count), str(user_tasks_count)))) @wraps(func) def wrapper(*args, **kwargs): """ Wraps func """ check(*args) return func(*args, **kwargs) return wrapper def with_fpm_reload_restricted(func: Callable) -> Callable: """ Decorator aimed to restrict frequent reloads of FPM service Applies to get_domain_info method """ def check(*args, data): """ """ # TODO: [unification] ensure is_cl_solo_edition really needed here # https://cloudlinux.atlassian.net/browse/XRAY-244 (seems yes) if is_cl_solo_edition(skip_jwt_check=True): return proxyuser = get_xray_exec_user() if proxyuser is not None and data.panel_fpm: _fpm_service = args[0].fpm_service_name(data) if FPMReloadController(_fpm_service).restrict(): raise XRayError( _('The X-Ray User service is currently busy. Operation is temporarily not permitted. ' 'Try again in %s minute') % str(fpm_reload_timeout), flag='warning') @wraps(func) def wrapper(*args, **kwargs): """ Wraps func """ info = func(*args, **kwargs) check(*args, data=info) return info return wrapper def username_verification(func: Callable) -> Callable: def validate(username: str): """ If exists, check XRAYEXEC_UID against user passed param """ proxyuser = get_xray_exec_user() if proxyuser is not None and username != proxyuser: raise XRayError(_('Incorrect user for request')) @wraps(func) def wrapper(*args, **kwargs): response = func(*args, **kwargs) username = kwargs['username'] validate(username) return response return wrapper def user_mode_advice_verification(func: Callable) -> Callable: """ Decorator aimed to verify user in X-Ray Smart Advice user mode Applies to get_detailed_advice method, which takes part in advice_details and advice_apply methods """ def verify(data: dict) -> None: """ If exists, check XRAYEXEC_UID against user in metadata of an advice """ proxyuser = get_xray_exec_user() try: username = data['metadata']['username'] except KeyError: raise XRayError(_('Requested advice cannot be verified')) if proxyuser is not None and username != proxyuser: raise XRayError(_('Requested advice does not exist')) @wraps(func) def wrapper(*args, **kwargs): """ Wraps func """ advice_info, _ = func(*args, **kwargs) verify(advice_info) return advice_info, _ return wrapper