????

Your IP : 216.73.217.84

Current Path : /opt/cloudlinux/venv/lib64/python3.11/site-packages/clcagefslib/__pycache__/
Upload File :
Current File : //opt/cloudlinux/venv/lib64/python3.11/site-packages/clcagefslib/__pycache__/cli.cpython-311.pyc

�

~���Gu����dZddlZddlZddlZddlZddlZddlmZeje	��Z
dZd�ZdZ
d�Zd�Zd	�Zdd
�Zd�ZdS)
z�
CLI helper utilities for CageFS user commands.

Provides functions for:
- Re-entering CageFS environment
- Calling commands via proxyexec for privilege escalation
�N)�clcagefsz/var/.cagefs/.cagefs.tokenc���	ttd��5}|������cddd��S#1swxYwYdS#tt
f$rYdSwxYw)zv
    Read the CageFS token from the token file.

    Returns:
        str: The CageFS token, or None if not found
    �rN)�open�CAGEFS_TOKEN_PATH�read�strip�IOError�OSError)�fs �Copt/cloudlinux/venv/lib/python3.11/site-packages/clcagefslib/cli.py�get_cagefs_tokenrs����
�#�S�
)�
)�	$�Q��6�6�8�8�>�>�#�#�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$����	$�	$�	$�	$�	$�	$���W������t�t����s3�A�&A
�A�
A�A�A�A�A,�+A,�/usr/sbin/proxyexecc��	tj��}tjd|z��}|�d��r|dt	d���}|t
kS#ttf$rYdSwxYw)z�
    Verify that the parent process is the proxyexec daemon
    by checking /proc/<ppid>/exe (kernel-controlled, not spoofable).

    Returns:
        bool: True if parent process is the proxyexec daemon
    z/proc/%d/exez
 (deleted)NF)�os�getppid�readlink�endswith�len�PROXYEXEC_DAEMON_PATHrr
)�ppid�
parent_exes  r
�_is_parent_proxyexecr.s�����z�|�|���[��$�!6�7�7�
����|�,�,�	9�#�$7�c�,�&7�&7�%7�$7�8�J��2�2�2���W������u�u����s�A!A$�$A9�8A9c�`�tj�d���dSt��S)aG
    Check if the script is running via proxyexec.

    Verifies both that the PROXYEXEC_UID environment variable is set
    and that the parent process is the proxyexec daemon binary.
    This prevents spoofing via environment variable injection.

    Returns:
        bool: True if running via proxyexec, False otherwise
    �
PROXYEXEC_UIDNF)r�environ�getr��r
�is_running_via_proxyexecr As)��
�z�~�~�o�&�&�.��u��!�!�!rc���t��}|st�d��dStjtj����j}tj��}ttj
����}ddd||||g|z}d|i}tj|tjtjtj|���}|���|jS)a,
    Call a command via proxyexec to execute with root privileges.

    Args:
        alias: The proxyexec command alias (e.g., "CAGEFSCTL_USER_SITE_ISOLATION_LIST")
        args_list: Additional arguments to pass

    Returns:
        int: Exit code from the proxyexec command, or None on error
    zFailed to read CageFS tokenNrz-czcagefs.sock�CAGEFS_TOKEN��stdout�stderr�stdin�env)r�logger�error�pwd�getpwuidr�getuid�pw_name�getcwd�str�getpid�
subprocess�Popen�sysr$r%r&�communicate�
returncode)	�alias�	args_list�token�username�cwd�pid�cmdr'�ps	         r
�call_via_proxyexecr>Qs���
���E������2�3�3�3��t��|�B�I�K�K�(�(�0�H�
�)�+�+�C�

�b�i�k�k�
�
�C�
	��m���
��
�	��C��5�
!�C����S�Z��
�#�)�Y\�]�]�]�A��M�M�O�O�O��<�rc���|�tj}dg|z}tj|tjtjtji���}|���|jS)z�
    Re-execute inside CageFS when running outside.

    Args:
        argv: Command line arguments to pass (defaults to sys.argv)

    Returns:
        int: Exit code from the re-executed command
    Nz/bin/cagefs_enterr#)	r3�argvr1r2r$r%r&r4r5)r@r<r=s   r
�reenter_cagefsrAwsT���|��x���
�$�
&�C����S�Z��
�#�)�Y[�\�\�\�A��M�M�O�O�O��<�rc�(�tj��S)zv
    Check if currently running inside CageFS.

    Returns:
        bool: True if inside CageFS, False otherwise
    )r�	in_cagefsrrr
rCrC�s������r)N)�__doc__�loggingrr*r1r3�clcommonr�	getLogger�__name__r(rrrrr r>rArCrrr
�<module>rIs���������	�	�	�	�
�
�
�
�����
�
�
�
�������	��	�8�	$�	$��0�����.�����&
"�
"�
"� #�#�#�L����& � � � � r