a tU~h‰ã@sˆdZddlZddlZddlmZmZddlmZm Z ddl m Z m Z m Z ddlZddlmZddlmZddlmZGd d „d eƒZdS) úFixperms class for cPaneléN)ÚquoteÚjoin)ÚCalledProcessErrorÚ check_call)ÚS_ISLNKÚS_ISREGÚS_ISDIR)ÚPermMap)ÚArgs)ÚIDCachecs‚eZdZdZeeedœ‡fdd„ Zeedœdd„Z dd „Z d d œ‡fd d „ Z e j edœ‡fdd„ Zeedœdd„Zdd„Z‡ZS)Ú CpanelPermMapr)ÚidsÚargsÚuserc sštƒj|||t |¡jd|dfdtjdk|_|j t j   |j d¡¡|j t j   |j d¡¡g|_ |j|j}}| dd||f¡| d d ||f¡| d d d ¡| dd||f¡| dd||f¡| dd||f¡| dd||f¡| dd||f¡| dd ||f¡t j   |j d¡t j   |j d¡h|_d|j›ddg}t d  |¡¡|_|j t j   d|j¡t j   d |j¡t j   d!|j¡d"d#d$d%d&h |_dS)'NièZnobody)rrrZ all_docrootsZ docroot_chmodZ docroot_chownZsharedÚmailÚetcz"\/\.(?:accesshash|pgpass|my\.cnf)$)é€Nz\/\.imh\/nginx(?:$|\/))i´iýz\/\.imh(?:$|\/))i¤éí)rrz\/\.ssh(?:$|\/))riÀz\/\.pki(?:$|\/))Niàz\/.*\.(?:pl|cgi)$)rNú$)NiÉzx\/.+\/(?:(?:wp-config|conf|[cC]onfig|[cC]onfiguration|LocalSettings|settings)(?:\.inc)?\.php|local\.xml|mt-config\.cgi)$)i Nz\/z.cphorde/meta/latestZwwwz(?:z\/(?:etc|mail|logs)\/)z(?:.*\/\.ea-php-cli\.cache$)ú|z/usr/local/apache/domlogsz/etc/apache2/logs/domlogsz/var/log/apache2/domlogsz/home/shrusr/SharedHtDocsDirz/var/lib/mysql/mysql.sockz/var/run/postgres/.s.PGSQL.5432z/run/postgres/.s.PGSQL.5432z:/usr/local/cpanel/base/frontend/paper_lantern/styled/retro)ÚsuperÚ__init__ÚradsZUserDataZ all_rootsZIMH_ROLEÚ is_sharedÚskipÚaddÚosÚpathrÚhomedirÚ bad_linksÚuidÚgidZadd_ruleÚ safe_link_srcZhome_reÚreÚcompileÚsafe_link_src_rerÚsafe_link_dest)Úselfrrrr!r"r&©Ú __class__©ú%./usr/lib/fixperms/fixperms_cpanel.pyrsZ ú  ÿûþ þ÷zCpanelPermMap.__init__)rÚreturncCs‚|js dS||jvrdStj |¡|jvr.dS|j |¡r>dSt|ƒ›dtt  |¡ƒ›}|j   |¡|j   d|¡t |¡dS)z6Determine if a symlink is "unsafe" for a shared serverFz -> z*Potentially malicious symlink detected: %sT)rr#rrÚrealpathr'r&ÚmatchrÚreadlinkr ÚappendÚlogÚwarningÚunlink)r(rZbad_linkr+r+r,Ú link_unsafeTs    zCpanelPermMap.link_unsafec Cs˜|jjr dS| d|j¡| d|j d¡j¡ddd|jg}|j  dt |ƒ¡|jj r\dSz t |ƒWn*t tfy’|j dt |ƒ¡‚Yn0dS) zRun /scripts/mailpermNrrz"/usr/local/cpanel/scripts/mailpermz--skiplocaldomainsz --skipmxcheckz Running: %szError running: %s)rZ skip_mailÚ mailperm_fixr"rÚgetgrnamÚgr_gidrr2ÚdebugÚcmd_joinÚnooprrÚOSErrorÚerror)r(Zcmd_argsr+r+r,Ú mailpermsds"ü zCpanelPermMap.mailpermsN)r-cstƒ ¡| ¡| ¡dS©N)rÚfixpermsÚsend_strr>)r(r)r+r,r@ys zCpanelPermMap.fixperms)Ústatrcs*t|jƒr| |¡rdStƒ ||¡dSr?)rÚst_moder5rÚ check_path)r(rBrr)r+r,rD~szCpanelPermMap.check_path)ÚsubdirÚdir_gidc Cs(tj |j|¡}|j d¡j}|j|h}|j|ddD]ì\}}t |j ƒr¨|j |j|fvr^d}n|j}|j |j kr”|jdkr”|j |||j |fd¡q6| |||j |¡q6t|j ƒrä|j |vrÐ| |||j d¡n| |||j |¡q6t|j ƒr| |¡rüq6| |||j |j¡q6|j d|¡q6q6dS)z6Fix permissions not caught by cPanel's mailperm scriptrT)Z ignore_skipséÿÿÿÿéNz#Skipping unexpected path type at %s)rrrrrr7r8r"ÚwalkrrCÚst_gidr!Úst_uidÚst_nlinkZ hard_linksrÚlchownr rr5r2r3) r(rErFZtop_dirZmail_gidZdir_gidsrBrr"r+r+r,r6ƒs,      zCpanelPermMap.mailperm_fixc Cs¤|js dSd |j¡}d}|j d¡|jjr2dSz(tjdd|j›|›d|›dd WnDt yž}z,|j  t |ƒ¡|j d d |¡WYd}~n d}~00dS) zASend an email to str@imhadmin.net if malicious symlinks are foundNÚ z¤Fixperms detected and removed the following symlinks. While these symlinks have been removed from the account in question the account requires further investigationz/An STR will now be sent for review by T2S staffzstr@imhadmin.netzAUTO STR: bad symlinks on z T)Zto_addrZsubjectÚbodyZerrsz4Failed to send STR. An escalation must be sent to anz2available T2S. Include the following information ) r rr2Úinforr;rZ send_emailrr<r=Ústr)r(r ÚtopÚexcr+r+r,rA¡s, ÿ   ü ýzCpanelPermMap.send_str)Ú__name__Ú __module__Ú __qualname__Ú__doc__r r rQrÚboolr5r>r@rÚ stat_resultrDÚintr6rAÚ __classcell__r+r+r)r,r sDr )rWrr$Zshlexrrr:Ú subprocessrrrBrrr rZ fixperms_baser Z fixperms_clir Z fixperms_idsr r r+r+r+r,Ús