Edit File by line
/home/barbar84/public_h.../wp-conte.../plugins/sujqvwi/AnonR/anonr.TX.../lib/fixperms
File: fixperms_main.py
"""Main logic for fixperms"""
[0] Fix | Delete
import sys
[1] Fix | Delete
import re
[2] Fix | Delete
from functools import partial
[3] Fix | Delete
from subprocess import run, PIPE, CalledProcessError
[4] Fix | Delete
from concurrent.futures import ProcessPoolExecutor, as_completed
[5] Fix | Delete
import traceback
[6] Fix | Delete
import rads
[7] Fix | Delete
from fixperms_cpanel import CpanelPermMap
[8] Fix | Delete
from fixperms_cwp import CwpPermMap
[9] Fix | Delete
from fixperms_wp3 import WP3PermMap
[10] Fix | Delete
from fixperms_cli import parse_args, Args
[11] Fix | Delete
from fixperms_ids import IDCache
[12] Fix | Delete
[13] Fix | Delete
[14] Fix | Delete
def check_dso_without_modruid2(role: str):
[15] Fix | Delete
"""Check if DSO is installed and modruid2 is disabled"""
[16] Fix | Delete
if rads.IMH_ROLE == 'shared':
[17] Fix | Delete
return # no need to check on shared
[18] Fix | Delete
if role not in ('CWP', 'cPanel'):
[19] Fix | Delete
return
[20] Fix | Delete
run_cmd = partial(run, encoding='UTF-8', stdout=PIPE, check=False)
[21] Fix | Delete
# pylint: disable=unsupported-membership-test
[22] Fix | Delete
if role == 'CWP':
[23] Fix | Delete
mods = run_cmd(['/usr/local/apache/bin/httpd', '-M']).stdout
[24] Fix | Delete
# this is the same way /scripts/dso_handler_remove scans for DSO
[25] Fix | Delete
if not re.search(r'php\d+_module', mods):
[26] Fix | Delete
return
[27] Fix | Delete
good_mods = 'mod_ruid2 or mod_mpm_itk'
[28] Fix | Delete
kb_url = "http://wiki.centos-webpanel.com/dso-php-handler-for-cwp"
[29] Fix | Delete
else:
[30] Fix | Delete
php = run_cmd(
[31] Fix | Delete
['/usr/local/cpanel/bin/rebuild_phpconf', '--current']
[32] Fix | Delete
).stdout
[33] Fix | Delete
if 'SAPI: dso' not in php:
[34] Fix | Delete
return
[35] Fix | Delete
mods = run_cmd(['/usr/sbin/httpd', '-M']).stdout
[36] Fix | Delete
good_mods = 'ea-apache24-mod_ruid2 or ea-apache24-mod_mpm_itk'
[37] Fix | Delete
kb_url = "https://go.cpanel.net/EA4RecDSO"
[38] Fix | Delete
if 'ruid2_module (shared)' in mods or 'mpm_itk_module (shared)' in mods:
[39] Fix | Delete
return
[40] Fix | Delete
# CWP users might need to build it with /usr/local/apache/bin/apxs
[41] Fix | Delete
sys.exit(
[42] Fix | Delete
f"""Please install the modruid2 Apache module.
[43] Fix | Delete
[44] Fix | Delete
fixperms detected a security issue and exited.
[45] Fix | Delete
PHP DSO runs as the nobody user by default. In a shared hosting environment,
[46] Fix | Delete
this is a security issue. We strongly recommend that you install either the
[47] Fix | Delete
{good_mods} Apache
[48] Fix | Delete
module unless you have single-user system. If you use suPHP, you will add
[49] Fix | Delete
some security, but may experience performance issues on your server.
[50] Fix | Delete
[51] Fix | Delete
For more information, see: {kb_url}"""
[52] Fix | Delete
)
[53] Fix | Delete
[54] Fix | Delete
[55] Fix | Delete
def main():
[56] Fix | Delete
"""Main program logic: iterate over each user and run fixperms"""
[57] Fix | Delete
args = parse_args()
[58] Fix | Delete
try:
[59] Fix | Delete
ids = IDCache(args.role)
[60] Fix | Delete
except KeyError as exc:
[61] Fix | Delete
args.logger.critical('%s. Cannot continue.', exc)
[62] Fix | Delete
sys.exit(1)
[63] Fix | Delete
check_dso_without_modruid2(args.role)
[64] Fix | Delete
if len(args.users) > 1 and args.procs > 1:
[65] Fix | Delete
parallel_execute(args, ids)
[66] Fix | Delete
else:
[67] Fix | Delete
serial_execute(args, ids)
[68] Fix | Delete
[69] Fix | Delete
[70] Fix | Delete
def parallel_execute(args: Args, ids: IDCache):
[71] Fix | Delete
"""Fork processes to handle each user"""
[72] Fix | Delete
exit_code = 0
[73] Fix | Delete
with ProcessPoolExecutor(max_workers=args.procs) as pool:
[74] Fix | Delete
futures = []
[75] Fix | Delete
for user in args.users:
[76] Fix | Delete
try:
[77] Fix | Delete
perm_map = get_perm_map(args, ids, user)
[78] Fix | Delete
except Exception as exc:
[79] Fix | Delete
if not isinstance(exc, CalledProcessError):
[80] Fix | Delete
args.logger.debug(traceback.format_exc())
[81] Fix | Delete
args.logger.error(str(exc))
[82] Fix | Delete
exit_code = 1
[83] Fix | Delete
continue
[84] Fix | Delete
future = pool.submit(perm_map.run)
[85] Fix | Delete
futures.append(future)
[86] Fix | Delete
for future in as_completed(futures):
[87] Fix | Delete
try:
[88] Fix | Delete
future.result()
[89] Fix | Delete
except Exception as exc:
[90] Fix | Delete
if not isinstance(exc, CalledProcessError):
[91] Fix | Delete
args.logger.debug(traceback.format_exc())
[92] Fix | Delete
args.logger.error(str(exc))
[93] Fix | Delete
exit_code = 1
[94] Fix | Delete
continue
[95] Fix | Delete
sys.exit(exit_code)
[96] Fix | Delete
[97] Fix | Delete
[98] Fix | Delete
def serial_execute(args: Args, ids: IDCache):
[99] Fix | Delete
"""Handle each user in the main process"""
[100] Fix | Delete
exit_code = 0
[101] Fix | Delete
for user in args.users:
[102] Fix | Delete
try:
[103] Fix | Delete
get_perm_map(args, ids, user).run()
[104] Fix | Delete
except Exception as exc:
[105] Fix | Delete
if not isinstance(exc, CalledProcessError):
[106] Fix | Delete
args.logger.debug(traceback.format_exc())
[107] Fix | Delete
args.logger.error(str(exc))
[108] Fix | Delete
exit_code = 1
[109] Fix | Delete
continue
[110] Fix | Delete
sys.exit(exit_code)
[111] Fix | Delete
[112] Fix | Delete
[113] Fix | Delete
def get_perm_map(args: Args, ids: IDCache, user: str):
[114] Fix | Delete
"""Return a PermMap subclass object"""
[115] Fix | Delete
if args.role == 'CWP':
[116] Fix | Delete
return CwpPermMap(ids, args, user)
[117] Fix | Delete
if args.role == 'cPanel':
[118] Fix | Delete
return CpanelPermMap(ids, args, user)
[119] Fix | Delete
if args.role == 'WP3':
[120] Fix | Delete
return WP3PermMap(ids, args)
[121] Fix | Delete
sys.exit(f"BUG in get_perm_map(): {args.role=}")
[122] Fix | Delete
[123] Fix | Delete
[124] Fix | Delete
if __name__ == '__main__':
[125] Fix | Delete
main()
[126] Fix | Delete
[127] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function