PNG
�
���
IHDR�������������x����sBIT����|�d��� pHYs�������+������tEXtSoftware�www.inkscape.org<���,tEXtComment�
File Manager
File Manager
Viewing File: configure.py
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2024 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT
import functools
import logging
import os
import pwd
import sys
from typing import TypeAlias
import yaml
import secureio
from clcagefslib.const import BASEDIR, ETC_CL_PHP_PATH, ETC_CL_ALT_PATH, ETC_CL_ALT_CAGEFS_PATH, SYMLINKS
from clcagefslib.io import make_userdir, switch_symlink
from clcagefslib.fs import get_user_prefix
from clcagefslib.selector.paths import get_alt_dirs
from clcagefslib.webisolation.jail_utils import full_website_path, get_website_id
from clcommon import clcaptain, clconfpars, clcagefs
from clcommon.utils import ExternalProgramFailed
IsError: TypeAlias = bool
@functools.cache
def is_ea4_enabled() -> bool:
"""
Return True if cPanel EasyApache4 (MultiPHP feature) is enabled
"""
return os.path.lexists('/etc/cpanel/ea4/is_ea4')
@functools.cache
def read_cpanel_ea4_php_conf() -> dict[str, str] | None:
"""
Read /etc/cpanel/ea4/php.conf
return something like {'default': 'ea-php54', 'ea-php56': 'suphp', 'ea-php54': 'cgi', 'ea-php55': 'suphp'}
return None if error has occured
"""
try:
with open('/etc/cpanel/ea4/php.conf', 'r') as f:
# conf = {'default': 'ea-php54', 'ea-php56': 'suphp', 'ea-php54': 'cgi', 'ea-php55': 'suphp'}
return yaml.load(f, yaml.SafeLoader)
except (yaml.YAMLError, IOError):
return None
def multiphp_system_default_is_ea_php() -> bool:
"""
Return True when default system php version selected via MultiPHP Manager in cPanel WHM is ea-php (not alt-php)
For details see CAG-774
"""
if is_ea4_enabled():
conf = read_cpanel_ea4_php_conf()
if conf:
try:
return conf['default'].startswith('ea-php')
except KeyError:
pass
return True
@functools.cache
def selector_modules_must_be_used():
"""
Return True if modules selected via PHP Selector (alt_php.ini) must be always used.
Never use modules selected in cPanel MultiPHP Manager.
See CAG-511 for details
"""
symlinks_rules_path = f'{ETC_CL_ALT_PATH}/symlinks.rules'
if clcagefs.in_cagefs():
symlinks_rules_path = f'{ETC_CL_ALT_CAGEFS_PATH}/symlinks.rules'
syml_rules = clconfpars.load_once(symlinks_rules_path, ignore_errors=True)
try:
return syml_rules['php.d.location'].lower() == 'selector'
except KeyError:
return False
# configure alt php - create .cagefs dir and create symlink
def configure_alt_php(pw: pwd.struct_passwd, php_version: str,
document_root: str | None = None,
write_log: bool = True,
drop_perm: bool = True,
force: bool = True,
configure_multiphp: bool = True) -> IsError:
"""
Create .cagefs directory in home directory of an user (if that dir does not exist),
and create symlinks to modules for alt-php
For details see CAG-447
Also switch symlinks that are used for integration with cPanel MultiPHP
For details please see CAG-445
drop_perm should be True when called as root, otherwise drop_perm should be False
Returns True if error has occured
:param pw: password file entry for an user
:param php_version: alt-php version selected for an user (for example 'native' or '5.6')
:param document_root: document root of the website (used for website isolation support)
:param write_log: write error messages to log or not
:param force: recreate symlinks even when they exist
"""
website_id = ""
if document_root:
website_id = get_website_id(document_root)
# create /home/user/.cagefs directory if it does not exist, set permissions/owner otherwise
real_homepath = os.path.realpath(pw.pw_dir)
path = os.path.join(pw.pw_dir, '.cagefs')
if website_id:
path = os.path.join(pw.pw_dir, '.cagefs', "websites", website_id)
if drop_perm:
if make_userdir(path, 0o771, pw.pw_uid, pw.pw_gid, real_homepath):
return True
elif not os.path.lexists(path):
try:
clcaptain.mkdir(path, 0o771)
except (OSError, ExternalProgramFailed) as e:
msg = f'Error: failed to create directory {path} : {str(e).replace("Errno", "Err code")}'
logging.error(msg, exc_info=e)
print(msg, file=sys.stderr)
return True
if drop_perm:
# drop privileges (switch to user)
secureio.set_user_perm(pw.pw_uid, pw.pw_gid)
error = _switch_symlink_for_alt_php_ini(php_version, pw, website_id, write_log, force)
if configure_multiphp:
error = _switch_symlink_for_cpanel_multi_php(pw, php_version, website_id, write_log, force) or error
if drop_perm:
# restore root privileges
secureio.set_root_perm()
return error
def _switch_symlink_for_alt_php_ini(
php_version: str,
pw: pwd.struct_passwd,
website_id: str = "",
write_log: bool = True,
force: bool = True) -> IsError:
"""
Switch symlink so it will point to directory with modules for alt-php
For details see CAG-447
Returns True if error has occured
Should be called as user (not root)!
:param php_version: alt-php version selected for an user (for example 'native' or '5.6')
:param pw: password file entry for an user
:param force: recreate symlinks even when they exist
"""
def _switch_symlink_for_dir(php_dir, base_path, website_id=""):
# create path to link, like /home/$USER/.cagefs/websites/<website_id>/opt/alt/php55/link/conf
if website_id:
link_path = os.path.join(base_path, '.cagefs/', "websites", website_id, 'opt/alt', php_dir, 'link/conf')
else:
# create path to link, like /home/$USER/.cagefs/opt/alt/php55/link/conf
link_path = os.path.join(base_path, '.cagefs/opt/alt', php_dir, 'link/conf')
dir_path = os.path.dirname(link_path)
if not os.path.lexists(dir_path):
try:
# os.makedirs(dir_path, 0700)
clcaptain.mkdir(dir_path, 0o700, recursive=True)
except (OSError, ExternalProgramFailed):
pass
selected_php_dir = 'php' + php_version.replace('.', '')
if not selector_modules_must_be_used() \
and (selected_php_dir != php_dir or not multiphp_system_default_is_ea_php()):
# path to default alt-php modules
link_to = '/opt/alt/%s/etc/php.d' % php_dir
else:
# path to user's custom modules selected via CloudLinux PHP Selector - like /etc/cl.php.d/alt-php55
link_to = os.path.join(ETC_CL_PHP_PATH, 'alt-' + php_dir)
return switch_symlink(link_to, link_path, write_log, force)
error = False
# get dirnames of all alt-php dirs as list
alt_php_dirs = get_alt_dirs()
# If document_root is provided, use the website-specific path
base_directory = pw.pw_dir
if website_id:
base_directory = os.path.join(pw.pw_dir, ".cagefs", "websites", website_id, "home")
# Switch symlinks for all alt-php versions in this website
for php_dir in alt_php_dirs:
if _switch_symlink_for_dir(php_dir, base_directory):
error = True
return error
def _get_default_native_version_selected(user_cagefs_path: str):
"""
Return string like ea-phpXX when symlinks have been created already and native version is selected
Return None otherwise
"""
try:
link_to = os.readlink(f'{user_cagefs_path}/etc/cl.selector/ea-php.ini')
except OSError:
return None
if link_to.startswith('/opt/cpanel/ea-php'):
return link_to.split('/')[3]
return None
def _switch_symlink_for_cpanel_multi_php(pw, selected_php_version: str, website_id: str = "",
write_log: bool = True, force: bool = True) -> IsError:
"""
Switch symlinks that are used for integration with cPanel MultiPHP:
when selected_php_vers == alt-php version, then create symlinks like /etc/cl.selector/ea-php -> php;
when selected_php_vers == native version, then create symlinks like
/etc/cl.selector/ea-php -> /opt/cpanel/ea-phpXX/root/usr/bin/php.cagefs;
For details please see CAG-445
Return True if error has occured
:param pw: password file entry for an user
:param selected_php_version: alt-php version selected for an user (for example 'native' or '5.6')
:param write_log: write error messages to log or not
:param force: recreate symlinks even when they exist
"""
if not is_ea4_enabled():
return False
conf = read_cpanel_ea4_php_conf()
if not conf:
return False
try:
# get default system php version selected via MultiPHP Manager in cPanel WHM
default_php = conf['default']
except KeyError:
return True
# LVEMAN-1170: do not configure PHP Selector when system default version is alt-php
if not default_php.startswith('ea-php'):
return False
username: str = pw.pw_name
user_cagefs_path = (
'/' if clcagefs.in_cagefs() else os.path.join(BASEDIR, get_user_prefix(username), username)
)
if not force:
old_eaphp_default = _get_default_native_version_selected(user_cagefs_path)
if old_eaphp_default is not None:
selected_php_version = 'native'
if old_eaphp_default != default_php:
# we should recreate symlinks when native version is selected actually
# and when default ea-php version is changed via cPanel MultiPHP
force = True
error = False
for sympath, link_to in SYMLINKS.items():
link_path = sympath % user_cagefs_path
if website_id:
link_path = link_path.replace('/etc/cl.selector', f'/etc/cl.selector/{website_id}')
if selected_php_version == 'native':
error = switch_symlink(link_to[1] % default_php, link_path, write_log, force) or error
else:
error = switch_symlink(link_to[0], link_path, write_log, force) or error
return error
�b�� �IDATxytVսϓ�22� ��A@�I�R�:hCi�Z[v*E:WũZA ^d�Q�e�Q @ !�jZ'>gsV仿$|?g)&x-E�IENT ;�@x�T.i%-X�}�Sv��S5.r/��UHz^_$-W"�w)Ɗ/�@Z &IoX��P$K}��JzX:;`�� �&, �ŋui,e6mX
�Եr��Kb1ԗ)����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A������݀!I*]R;I2$e�Z#ORZSrr�6mteffu*((Pu'v{����DIߔ4^pIm��'77WEEE�;vƎ�4-����$]'RI{���\I&G� ��:IHJ
�DWBB=\WRm�
��o$K(V�9��ABB.�}jѢv��`^?IOȅ}���ڶmG�}T#FJ`5��6$-���ھ}F�I&v;0(h;��Б����38CӧOWf!;�A
�i:F��_m�9s&�|��q�%=#���wZprrrl��a
�A� &��P\\СC[A#�!� {��olF}
`E2}�MK/v�V��)i�{��4BffV\|ۭX��`�b�@kɶ@��%i$K���z5zhmX���[��IXZ��` 'b%$�r5�M4º��/l
ԃ�ߖ��xhʔ)[@=}
K6IM}^��5k㏷݆z
ΗÿO:gdGBmyT/�@+Vɶ�纽zl.yit뭷zV��0[Y^�>Wsqs}\/�@$(T7f.Inݺi����R$푔n.�~?H))\Z��RW'Mo~v
Ov�6oԃ���xz!��S,&xm/yɞԟ?'ua�S�ѽb,�8GלKboi&3�t7Y,�)JJ�����c[nzӳd�E�&K�sZLӄ��I���?�@���&�%ӟ۶mSMMњ0�iؐSZ,���|J+N
�~�,0A�0!5%Q-�YQQa�3��}$_vVr�f9f?S��8`��z���D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����d�qP,تmMmg��1V?�rSI꒟]u|l
R�CyEf٢9�jURbztѰ!m5~tGj2DhG*{H9)꒟ר3:(+3\?/;TUݭʴ~S6lڧUJ�*�i$d(#=Yݺd{,p|3B))���q:vN0Y.jkק6;Sɶ�VzHJJЀ-utѹսk>QUU�\~]fFnK?�&ߡ�5b=z9)^|u�_k-[��y%ZNU6 7Mi�:]ۦ�tk�[n
�X(e6��Bb."8cۭ|~te��uu�w|ήI-5"~U�k;ZicEm�N/:]M>
��c�Q^uiƞ�??Ң�p�c#��TUU3UakNwA`�:�Y_V-8.KKfRi�tv*
�9S6ֿj,Ճ�NOMߤ]z^fOh|<>�@Å5���_�/Iu?{SY4hK�/2�]�4%it5�q]GGe��2%iR|
�W&�f��*^]??v�q[LgE_3f}Fxu~}qd-ږFxu~I N��>\;͗O֊:̗WJ�@���Bh�W�=y�|GgwܷH_NY�?)�Tdi'?խw�hlmQi� ��!SUUs�w4kӺe�4rfxu�-[nHt�MFj}H_u~w>)oV}(T'ebʒv3_[+vn����@Ȭ\S}ot}w=k�HFnxg�S 0eޢm�~l}u�qZf�F��oZuuEg
�`z�t~?�b;t%�>WTkķh[����2eG8LIWx,�^\thr�l^Ϊ�{�=dž�<}qV@ �⠨W�y^L�F_>0Uk��D�uʫuCs$)I��v�:IK�;��6ֲ4{^6����եm+l��3>݆�uM 9�u�����?>Zc�}g~qhKwڭ�e���FMM~pМuq�ǿz6Tb@8�@Y|jx]�(^]gf}�M"tG
����-w.@�vOqh~/HII�`���S[l.6nØXL9v�U���cOoB\�xo�Ǥ'T&I��Ǎ�Qw_wpv[kmO{w~>#=P1P�ɞa-we:iǏlHo꒟f9SzH?+shk%Fs:����q��VhqY�`jvO'ρ?PyX3lх]˾uV{ݞ]1,MzYNW~̈́�joYn}ȚF߾mS]F� z+EDxm/���d{F�{-W-4wY듏:??_gPf
^3��ecg ���ҵs�8R2מz�@T�A�N�Gj)}CNi/R~}c:5{!�ZHӋӾ�6}T]��G�]7W6^�n
9*,Y�qOZj�:P?Q� D���FL|?-^.Ɵ7��}fFhxe2Ps���cz1�&�5\��cn[=Vn�[ĶE鎀u�ˌd3GII ��k;lNmشOuuRVfBE]ۣ��e���Ӷu�
:X-[(�e�r4~LHi6�:Ѻ@ԅ��r���ST�0�trk%$Č�0���ez"� *�z�"�T/X9|8.C5Feg}�C�Q%͞�ˣJ�v�L/?�����j^��h��&��9xF`њZ�(��&��yF&Iݻf�g�����#W;3^{Wo^4'v������V[[K';+mӍִ]��AC�@��W?1^{එyh�����+^]fm~iԵ]��AB�@WTk̏t�uR?l.OIHiYyԶ]��Aˀ�7c:q}ힽaf6Z~қ�m(+sK4{^6}T�*UUu]�n.:kx{:2 ��_m=�sAߤU@?���Z-Vކе��z왍Nэ{�|5��� pڶn�b
p-@sPg]0G7fy-M{GCF'%{4`���=$-Ge\��eU:m+Zt'W�jO!O�AF�@ik&t݆�ϥ�_
e}=]��"���Wz_.͜E3leW�������Fih|t-wZۍ-uw=6���YN�{6|}��|�*={Ѽn.�S��.�z1z�jۻTH]흾 D�uD�v��mvK�.`���V]yY~sI@t?/ϓ. �����m&[�"��+P?MzovV�ЫG3-�G�RR��[�(!!\_,�^%?v�@���ҵő
m`Y)te�m8GM��x.))A]Y�i`ViW`��?^�~!�S#^+ѽ��GZj?Vģ����0.))AlzL*�]�OXrY���`DBBLOj{-MH'ii-ϰ�o�k7^��
�)쭡��b]UXS�ְmռY|5�*cֽk�0B7镹%ڽP#�8nȎq}mJr23�_>�l�E5$iwui+ ��H~F`�IjƵ�@q
��\�� ��@#qG�0"��.�0"����� l���������`������.�0!����� ,��AQ�HN6�qz�kKJ#�o;`Xv�2>,tێJJ7Z/*�A���.@fفjMzk�g�����@Tv�ZH3Zxu6Ra'%O?/�d���Q�5x�Yk�U]Rֽkق@���Da�S^RS�ּ5�|BeHNN͘p
��H�v���cYcC5:y
#`οb;�z����2��.!kr}gUWkyZn=�f ����P�v��s�n3p~�;4p˚=ē~NmI] ��¾�0lH[_L�hs�h_�ғߤ�c_њe��c)��g�7V�IZ5�yrgk̞W#IjӪv>՞y睝M8[��|�]\շ�8M�6%|@P����ZڨI-m>=k�=��'a�iRo-x�?>Q.����}�`Ȏ:Wsm�u u� ��>
.@,&;�+!!�˱tﭧD����Qw�RW\v�F\~Q7>sp���Yw�$�%A~;~}6���¾�g��&if_��=j,v+U���L�1(tW�a�ke�:�@Ș>j$Gq2t7S?v�L|]u/ .(�0�E��6Mk6hiۺzښOr�ifޱxm/Gx>� �Lal%%~{lBsR4*�}{0Z/�tN�IɚpV�^#�Lf:u@k#RS�u
=S^ZyuR/�.@n&z~B=0eg�뺆#�,Þ[����B�/?H �uUf7y
Wy}Bw�egל`�Wh(||`l`.;Ws�?V@"�c:iɍL֯PGv�6z�ctM̠':wuW��;d=;E�veD}9J�@���B(�0iհ���bvP1{\P&G7DIy�_$-Q��jm~Yrr&]C�Dv%��bh|�Yzni�_���R�;kg}nJOIIw��y�u�L}{ЌNj}:+3Y?:W�J/N+Rzd=hb�;d�j͒suݔ@NKMԄ�jqzC5�@y°h�L�m;*5ezᕏ=ep
�XL�n?מ:r`��۵�tŤZ|1v`V뽧_csج'ߤ%oTuumk%%%h)uy]Nk�[n
�'b2 ��l.=�͜E%�gf$[c;s:�V-͞WߤWh-j7]4��=F-X]>ZLSi[Y*We;�Zan(Ӈ�W|e(HNNP�5[=
r4tP�
�&0<�p�c#�`vTNV
GFqvTi�*�Tyam$ߏWyE*�VJKMTfF�w�����>'�$-ؽ.Ho.8c�"@���D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A~�j*�֘,��N;Pi3599h=g�oض��L��giJ5փy~�}&Zd9�p֚
e:|hL`�`b/d9�p?�fgg+%%hMg�Xosج�, �ΩOl0Zh=x�djL���mhݻ��o��O��[g_l,�8a]٭+ӧ0�$I�]����c]:粹:Teꢢ"5a^Kgh,&�=��=�՟�^߶ߢE�ܹS J}I%:8��
IDAT~,9/ʃ�PW'Mo�}zNƍ쨓zPb��NZ~^z�=4mswg;5 Y�~�SVMR��XUյڱRf?s:w
;�6��H:º���i�5�-maM�&O�3�;�1IKeam��Zh͛7+##v+c� ~u~ca]�GnF'ټL~����PPPbn
v�oC���4R,�ӟgg��%hq}�@#M4IÇ��� �Oy^xM��Zx
) ���yO�w��@HkN˖-Sǎ�mb]X�@�n+i͖��!++K3gd\��$mt$^���Yf��J�\�8PRF��)77Wא!Cl����$i:��@@_o�G��� I{$# ��8磌ŋ9�1A�(�Im7��֭>}ߴJq�7ޗt^� -[ԩSj*�}�%]&'
-��ɓ'ꫯVzzvB#;�a
�7@GxI{�jƌ�.LÇ�WBB7�`O"I$�/@R���@�eee@���۷��>}0���,ɒ2$53Xs|cS~r�pTYYY}� k�Hc��%&k�.], �@��A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A�����D���A������@lT<%''*Lo^={رc5h %$�+CnܸQ3fҥK}vUVVs9G�
R,_{�xˇ�3��o߾;TTTd�}�馛]uuuG~iԩ�@4����bn�vmv�fϞ�/Peeeq}}�z���a
�I~,誫{UWW뮻}_~YƍSMMMYχ��֝waw��\�ď�cxꩧtE�ƍ�կ_?۷5�@u���?�1kNׯWzz/wy>}zj3 k��(ٺu�q_Zvf̘:~��AB�Q&r|��!�%KҥKg�����Ԟ={<_X-z� !�C�yFUUz~��AB�QIIIjݺ�W��$���UXXDٳZ~��AB�Qƍec�W��$<�(~<��RSSvZujjjԧO�ZQu�@4 8m&&&jԩg��$�ď�1h ͟?_{768��@��g
�=�@���`)))5o6m�3����)��ѣƌ�J;wҿUTT��/KZR{��~a=�@��0o<*狔�iFɶ[ˎ�;T]]��OX�@�?K.ۈxN ����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������p����������pP���fl߾]��,{ァk۶mڿo5�����BTӦMӴiӴ|r D����B2e�|An�!D��y'tkΝ[A��� $***t5'
"���!駟�oa�D�����nΝ�:t֭[g�D����ШQ�0����6qD;@���� x M6v�(����Piizm�Z����4e�w��"��@��������̴ixf������[~-F���ٱc�&I�Z����2|n�!�?�$��@{[�HTɏ����#@h�����Ȏ����I�#�_m��(���F��/6Z3�z'\r,�����r!;�w2Z3j=~�G���Y�7"I$i����I.����p_"����?���p�����N`�����y�D���D�����?:��� �_����������������������� �G����ÿa���b7�����J�!���Bx���@0 ���Bo�����
����cG���������@`1C�����[���@0G����
����@`0C�����_���u�����V1 ���aC���X����>���W�` ���|�������`!���<�����S�`"���<�.�����`#���c�����`�?�����c�A����������C���4
?����c���� �p#����~���@0����?:���0���8&����_�M���Q1���J�h#����?���/`���7;����I����������q�7���a�w���Q����A����1�H���p
�!��#�<���8/#��@1Ul7��=S=K.4Z�?�E����_$i�@��������!���1�!E���4�?���`����P_�� ��������@��B���ă�1���0#���:�"����a�U,xb��F�Y1
[n��|��n
���#'��v��EH:`�x��b
��#��v����D��4�Y hi.i&�EΖv#��O�� H��4�IŶ�}:Ik��h��@�tZRF���#�(tXҙ��zZ ?�I3l7��q��@õ|ۍ�1,�G��puY�� �Ꮿ@�hJv#��x��xk$
v#�9��5�}_$��c �S#=+"K�{F�*m7`#�%H:NRS��p6I?sIՖ{A�p$I�$�I:QRv2$Z�@UJ*$]<��F�O4�����IENDB`