403Webshell
Server IP : 66.29.132.122  /  Your IP : 3.138.174.120
Web Server : LiteSpeed
System : Linux business142.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
User : admazpex ( 531)
PHP Version : 7.2.34
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /proc/self/root/proc/self/root/proc/thread-self/root/proc/thread-self/root/proc/self/root/proc/thread-self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/opt/imunify360/venv/lib64/python3.11/site-packages/defence360agent/subsys/panels/cpanel/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /proc/self/root/proc/self/root/proc/thread-self/root/proc/thread-self/root/proc/self/root/proc/thread-self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/opt/imunify360/venv/lib64/python3.11/site-packages/defence360agent/subsys/panels/cpanel//panel.py
import json
import logging
import os
import os.path
import pwd
import shutil
import sys
from collections import OrderedDict, defaultdict
from contextlib import suppress
from packaging.version import Version
from pathlib import Path
from typing import Dict, List, Set

from defence360agent.application.determine_hosting_panel import (
    is_cpanel_installed,
)
from defence360agent.contracts import config
from defence360agent.utils import (
    antivirus_mode,
    check_run,
    run,
    get_external_ip,
)
from defence360agent.utils.kwconfig import KWConfig

from .. import base
from . import packages
from .whm import WHMAPILicenseError, whmapi1

CPANEL_PACKAGE_EXTENSIONS_PATH = Path("/var/cpanel/packages/extensions")
CPANEL_HOOKS_PATH = Path("/usr/local/cpanel")
PREINSTALL_PACKAGE_EXTENSIONS_PATH = (
    Path(config.Packaging.DATADIR) / "cpanel/packages/extensions"
)
CPANEL_USERPLANS_PATH = "/etc/userplans"
CPANEL_USERDATADOMAINS_PATH = (
    "/etc/userdatadomains;/var/cpanel/userdata/{user}/cache"
)
AV_PLUGIN_NAME = "imunify-antivirus"
IM360_PLUGIN_NAME = "imunify360"
PLUGIN_NAME = AV_PLUGIN_NAME if antivirus_mode.enabled else IM360_PLUGIN_NAME

logger = logging.getLogger(__name__)

CONFIG_FILE_TEMPLATE = "/etc/sysconfig/imunify360/cpanel/{name}.conf"
TCP_PORTS_CPANEL = base.TCP_PORTS_COMMON + ["2086-2087"]

BASE_DIR = "/home"
WWWACT_CONF = "/etc/wwwacct.conf"

_CACHE = {"userplans": {}, "userdatadomains": {}}


class cPanelException(base.PanelException):
    pass


def forbid_dns_only(fn):
    """Decorator for functions on cPanel instance methods.

    Calls original function if _is_dns_only() returns False, otherwise
    throws cPanelException."""

    async def wrapper(self, *args, **kwargs):
        if self._is_dns_only():
            raise self.exception("Method is not allowed for dnsonly panel")
        return await fn(self, *args, **kwargs)

    return wrapper


class AccountConfig(KWConfig):
    SEARCH_PATTERN = r"^{}\s+(.*)?$"
    WRITE_PATTERN = "{} {}"
    DEFAULT_FILENAME = WWWACT_CONF


class cPanel(base.AbstractPanel):
    NAME = "cPanel"
    OPEN_PORTS = {
        "tcp": {
            "in": ["143", "465", "2077-2080", "2082-2083", "2095", "2096"]
            + TCP_PORTS_CPANEL,
            "out": [
                "37",
                "43",
                "113",
                "873",
                "2073",
                "2089",
                "2195",
                "2703",
                "6277",
                "24441",
            ]
            + TCP_PORTS_CPANEL,
        },
        "udp": {
            "in": ["20", "21", "53", "443"],
            "out": ["20", "21", "53", "113", "123", "873", "6277", "24441"],
        },
    }
    exception = cPanelException
    smtp_allow_users = ["cpanel"]  # type: List[str]
    USER_INFO_DIR = "/var/cpanel/users.cache/"

    @staticmethod
    def _is_dns_only():
        return os.path.isfile("/var/cpanel/dnsonly")

    @classmethod
    def get_server_ip(cls):
        ip_conf = "/var/cpanel/mainip"
        # fallback: in case there is not ip file
        if not os.path.exists(ip_conf):
            return get_external_ip()
        with open(ip_conf) as f:
            return f.read().strip()

    @classmethod
    def is_installed(cls):
        return is_cpanel_installed()

    @classmethod
    async def version(cls):
        _, data, _ = await run(["/usr/local/cpanel/cpanel", "-V"])
        version = data.decode().split()
        return version[0] if version else "unknown"

    @base.ensure_valid_panel()
    async def enable_imunify360_plugin(self, name=None):
        plugin_name = name or PLUGIN_NAME
        assert plugin_name in [AV_PLUGIN_NAME, IM360_PLUGIN_NAME]
        config_filename = CONFIG_FILE_TEMPLATE.format(name=plugin_name)
        new_conf = config_filename + ".rpmnew"
        if os.path.exists(new_conf):
            shutil.move(new_conf, config_filename)
        if Version(await self.version()) > Version("65.0"):
            os.system(
                '/bin/sed -i -e "s@^target=.*@target=%s@g" ' % "_self"
                + config_filename
            )
        # (re-) register plugin
        sys.stdout.write("cPanel: register_appconfig...\n")
        os.system(
            "/usr/local/cpanel/bin/register_appconfig " + config_filename
        )

    @base.ensure_valid_panel()
    async def disable_imunify360_plugin(self, plugin_name=None):
        config_filename = CONFIG_FILE_TEMPLATE.format(
            name=plugin_name or PLUGIN_NAME
        )
        if os.path.exists(config_filename):
            sys.stderr.write("cPanel: unregister_appconfig...\n")
            os.system(
                "/usr/local/cpanel/bin/unregister_appconfig " + config_filename
            )

    @forbid_dns_only
    async def get_user_domains(self):
        """
        :return: list: domains hosted on server via cpanel
        """
        return [
            domain
            for user in await self.get_users()
            for domain, user_path in self._userdomains(user)
        ]

    @classmethod
    def get_user_domains_details(
        cls, username, _path=CPANEL_USERDATADOMAINS_PATH, quiet=True
    ):
        domains = []

        def parser(path, d, domain_data):
            user_ = domain_data[0]
            if user_ != username:
                return
            doc_type = domain_data[2]
            docroot = domain_data[4]
            domains.append(
                {
                    "docroot": docroot,
                    "domain": d,
                    "type": doc_type,
                }
            )

        cls._parse_userdatadomains(_path, parser, quiet=quiet)
        return domains

    async def _do_get_users(self, userplans_path: str) -> List[str]:
        if not os.path.isfile(userplans_path):
            return []
        _cached_mtime = _CACHE["userplans"].get("mtime", 0)
        if _cached_mtime == os.path.getmtime(userplans_path):
            return _CACHE["userplans"]["users"]

        with open(
            userplans_path, encoding="utf-8", errors="surrogateescape"
        ) as f:
            users = []
            for line in f:
                if (
                    not line.startswith("#")
                    and line.count(":") == 1
                    and len(line.strip()) > 3
                ):
                    users.append(line.split(":")[0].strip())
        _CACHE["userplans"]["mtime"] = os.path.getmtime(userplans_path)
        _CACHE["userplans"]["users"] = users
        return users

    async def get_users(
        self,
    ) -> List[str]:
        return await self._do_get_users(CPANEL_USERPLANS_PATH)

    async def get_domain_to_owner(self) -> Dict[str, List[str]]:
        """
        Returns dict with domain to list of users pairs
        :return: dict domain to list of users:
        """
        domain_to_users = defaultdict(list)  # type: Dict[str, List[str]]
        for user in await self.get_users():
            for domain, _ in self._userdomains(user):
                domain_to_users[domain].append(user)
        return domain_to_users

    async def get_domains_per_user(self):
        """
        Returns dict with users to list of domains pairs
        :return: dict user to list of domains
        """
        user_to_domains = defaultdict(list)
        for user in await self.get_users():
            for domain, _ in self._userdomains(user):
                user_to_domains[user].append(domain)
        return user_to_domains

    async def get_user_details(self) -> Dict[str, Dict[str, str]]:
        """
        Returns dict with user to email and locale pairs
        """

        user_details = {}

        for user in await self.get_users():
            try:
                with open(os.path.join(self.USER_INFO_DIR, user)) as f:
                    user_info = json.load(f)
                    email = user_info.get("CONTACTEMAIL", "")
                    locale = user_info.get("LOCALE", "")
            except (FileNotFoundError, json.JSONDecodeError):
                email = ""
                locale = ""

            user_details[user] = {"email": email, "locale": locale}

        return user_details

    @classmethod
    def _get_max_mtime(cls, _path):
        """checks mtime of userdatadomains files (including cache)
        returns max mtime of all files"""

        _mtimes = []
        if "{user}" in _path:
            call_as_user = pwd.getpwuid(os.getuid()).pw_name
            _path = _path.replace("{user}", call_as_user)
        path_list = _path.split(";")
        for path_ in path_list:
            if os.path.exists(path_):
                _mtimes.append(os.path.getmtime(path_))
        return max(_mtimes) if _mtimes else 0

    @classmethod
    def _get_from_cache(cls, cpuser, _path):
        """check and invalidate cache if needed"""

        _cached_mtime = (
            _CACHE["userdatadomains"].get(cpuser, {}).get("mtime", 0)
        )

        if _cached_mtime < cls._get_max_mtime(_path):
            _CACHE["userdatadomains"][cpuser] = {}
            return None
        return _CACHE["userdatadomains"].get(cpuser, {}).get("domains", [])

    @classmethod
    def _userdomains(
        cls, cpuser, _path=CPANEL_USERDATADOMAINS_PATH, quiet=True
    ):
        cached_data = cls._get_from_cache(cpuser, _path)
        if cached_data is not None:
            return cached_data
        # use dict to avoid duplicates
        domains_tmp = OrderedDict()
        domains = OrderedDict()

        def parser(path, d, domain_data):
            user_ = domain_data[0]
            if user_ == cpuser:
                document_root = domain_data[4]
                if "main" == domain_data[2]:
                    # main domain must be first in list
                    domains.update({d: document_root})
                else:
                    domains_tmp.update({d: document_root})

        cls._parse_userdatadomains(_path, parser, quiet=quiet)
        domains.update(domains_tmp)
        _CACHE["userdatadomains"][cpuser] = {
            "mtime": cls._get_max_mtime(_path),
            "domains": domains.items(),
        }
        return domains.items()

    @staticmethod
    def _parse_userdatadomains(_path, parser, quiet=True):
        if "{user}" in _path:
            call_as_user = pwd.getpwuid(os.getuid()).pw_name
            _path = _path.replace("{user}", call_as_user)
        path_list = _path.split(";")
        for path_ in path_list:
            try:
                file_ = open(path_, "rb")
            except Exception as e:
                if not quiet:
                    logger.warning("Can't open file %s [%s]", path_, e)
                continue
            try:
                # example line:
                # test.russianguns.ru: russianguns==root==sub==russianguns.ru==
                # /home/russianguns/fla==192.168.122.40:80======0
                for i, line in enumerate(file_):
                    try:
                        line = line.decode()
                    except UnicodeDecodeError as e:
                        logger.warning(
                            'Broken %s line in file "%s"; line was ignored',
                            i,
                            path_,
                        )
                        continue
                    if not line.strip():  # ignore the empty string
                        continue
                    if line.count(": ") != 1:
                        if not quiet:
                            logger.warning(
                                "Can't parse %s line in file '%s'; "
                                "line was ignored",
                                i,
                                path_,
                            )
                        continue
                    domain, domain_raw_data = line.split(": ")
                    domain_data = domain_raw_data.strip().split("==")
                    parser(path_, domain, domain_data)
            finally:
                file_.close()

    @classmethod
    def is_extension_installed(cls, pkgs):
        return all(
            CPANEL_PACKAGE_EXTENSIONS_PATH.joinpath(file).is_file()
            for file in pkgs
        )

    @classmethod
    async def is_hook_installed(cls):
        try:
            hooks = await whmapi1("list_hooks")
            category = next(
                cat
                for cat in hooks["categories"]
                if cat["category"] == "Whostmgr"
            )

            for event_name in (
                "Accounts::change_package",
                "Accounts::Create",
                "Accounts::Modify",
            ):
                event = next(
                    ev
                    for ev in category["events"]
                    if ev["event"] == event_name
                )
                stage = next(
                    st for st in event["stages"] if st["stage"] == "post"
                )
                if not any(
                    action["hook"] == "ImunifyHook::hook_processing"
                    for action in stage["actions"]
                ):
                    return False
        except (StopIteration, WHMAPILicenseError):
            return False

        return True

    @classmethod
    async def install_extension(
        cls,
        extention_name: str,
        extention_files,
        **kwargs,
    ) -> None:
        # copy cpanel's package extension files
        CPANEL_PACKAGE_EXTENSIONS_PATH.mkdir(
            mode=0o700, parents=True, exist_ok=True
        )
        for filename in extention_files:
            shutil.copy2(
                PREINSTALL_PACKAGE_EXTENSIONS_PATH / filename,
                CPANEL_PACKAGE_EXTENSIONS_PATH,
            )

        # enable extension for all packages
        await packages.add_extension_for_all(extention_name, **kwargs)

        # add hooks for native feature management
        os.makedirs(config.Core.INBOX_HOOKS_DIR, mode=0o700, exist_ok=True)
        shutil.copy2(
            PREINSTALL_PACKAGE_EXTENSIONS_PATH / "ImunifyHook.pm",
            CPANEL_HOOKS_PATH,
        )
        await check_run(
            [
                "/usr/local/cpanel/bin/manage_hooks",
                "add",
                "module",
                "ImunifyHook",
            ]
        )

    @classmethod
    async def uninstall_extension(cls, extension_name: str, extention_files):
        # remove the hook
        await check_run(
            [
                "/usr/local/cpanel/bin/manage_hooks",
                "del",
                "module",
                "ImunifyHook",
            ]
        )
        with suppress(FileNotFoundError):
            (CPANEL_HOOKS_PATH / "ImunifyHook.pm").unlink()

        # remove the package extension from all packages
        await packages.remove_extension_from_all(extension_name)
        # remove cpanel's package extension files
        for filename in extention_files:
            with suppress(FileNotFoundError):
                (CPANEL_PACKAGE_EXTENSIONS_PATH / filename).unlink()

    @staticmethod
    def mounts():
        mounts = []
        with open("/proc/mounts", "r") as f:
            for line in f:
                values = line.strip().split()
                if len(values) > 1:
                    mounts.append(values[1])
        return mounts

    def basedirs(self) -> Set[str]:
        """Fetch list of basedirs.

        On cPanel, basedir is configured as HOMEDIR variable in
        /etc/wwwacct.conf.  Also, there is a way to specify additional mount
        points as containing user folders, through HOMEMATCH variable. If
        value from HOMEMATCH variable is contained within a mount point path,
        cPanel uses this directory too."""
        homedir = AccountConfig("HOMEDIR").get()
        homematch = AccountConfig("HOMEMATCH").get()
        homedir = BASE_DIR if homedir is None else homedir
        basedirs = {BASE_DIR, homedir}
        if homematch is None:
            return basedirs

        for mount in self.mounts():
            # exclude virtfs from basedirs (DEF-14266)
            if homematch in mount and not mount.startswith("/home/virtfs/"):
                basedirs.add(mount)

        return basedirs

    @classmethod
    async def notify(cls, *, message_type, params, user=None):
        """
        Notify a customer using cPanel iContact Notifications
        """
        if not config.AdminContacts.ENABLE_ICONTACT_NOTIFICATIONS:
            return False
        if not config.should_send_user_notifications(username=user):
            return False

        data = {"message_type": message_type, "params": params, "user": user}

        logger.info(f"{cls.__name__}.notify(%s)", data)

        cmd = (
            "/usr/local/cpanel/whostmgr/docroot/cgi"
            "/imunify/handlers/notify.cgi"
        )
        stdin = json.dumps(data)
        out = await check_run([cmd], input=stdin.encode())

        return json.loads(out.decode(errors="surrogateescape"))

    async def list_docroots(self) -> Dict[str, str]:
        result = dict()

        def parser(path, d, domain_data):
            result[domain_data[4]] = domain_data[3]

        self._parse_userdatadomains(
            CPANEL_USERDATADOMAINS_PATH, parser, quiet=True
        )

        return result

Youez - 2016 - github.com/yon3zu
LinuXploit