File: //opt/cloudlinux/venv/lib64/python3.11/site-packages/xray/user_agent.py
# -*- coding: utf-8 -*-
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2021 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT
"""
This module contains X-Ray User Manager service implementation
"""
import json
import logging
import re
import socket
import subprocess
from threading import Thread, current_thread
from typing import Tuple
from xray.console_utils.run_user.runners import get_runner, Runner
from xray.internal.constants import user_agent_sock, user_agent_log
from xray.internal.exceptions import XRayError
from xray import gettext as _
from xray.internal.user_plugin_utils import (
unpack_request,
pack_response,
extract_creds,
check_for_root,
error_response
)
from xray.internal.utils import create_socket, read_sys_id, configure_logging
from clcommon.clwpos_lib import get_locale_from_envars
logger = logging.getLogger('user_agent')
def general_exec_error() -> Tuple[bytes, bytes]:
"""
General format of message in case of errors during manager execution
"""
_err = _('X-Ray User Plugin failed to execute your request. Please, contact your server administrator')
return error_response(_err).encode(), b''
def log_truncate(orig_msg: bytes) -> str:
"""
Cut data field from the original message, because it could be huge
"""
return re.sub('(?<="data": {).+(?=}, "result")', '...', orig_msg.decode())
def duplicate_warning_cast(orig_msg: bytes) -> bytes:
"""
Extend warning 'Task is duplicated by URL' for end user
"""
def gen(m):
"""
Add more text for duplicate warning, leave others unchanged
"""
additional = b""". \
In case if you do not see running task for the same URL in your list of tasks below, \
contact your server administrator and ask him to check whether the requested URL \
is in the tasks list of X-Ray Admin Plugin or is scheduled for continuous tracing."""
warn = m.group(0)
if warn == b'Task is duplicated by URL':
return warn + additional
return warn
return re.sub(b'(?<="warning": ").+(?="})', gen, orig_msg)
def execute_manager(command: dict, user: str, runner: Runner) -> Tuple[bytes, bytes]:
"""
Trigger runner.target utility with requested parameters
"""
if runner.name == 'manager':
try:
command['system_id'] = read_sys_id()
except XRayError:
return general_exec_error()
def runner_cast_opt(opt):
"""runner may define a special cast for each option"""
return runner.option_cast[opt](
opt) if opt in runner.option_cast else opt
def hide_true_val(v):
"""Hide True value from cmd representation for bool-flag options"""
return '' if v is True else f'={v}'
api_version_key = 'api_version'
locale_option = 'lang'
# options that is not needed to be passed to utility
skip_options = [api_version_key, locale_option]
api_version = command.get(api_version_key)
# could be passed from WordPress Plugin; guard against None to avoid
# TypeError in subprocess.run() when LANG=None in the env dict.
target_locale = command.get(locale_option, get_locale_from_envars())
if not isinstance(target_locale, str):
target_locale = get_locale_from_envars() or 'C.UTF-8'
if api_version:
casted_api_version = runner_cast_opt(api_version_key)
cmd = [f'/usr/sbin/{runner.target}', f'--{casted_api_version}', api_version, command.pop('command')]
else:
cmd = [f'/usr/sbin/{runner.target}', command.pop('command')]
# bool options are added only if they are True
cmd.extend([f'--{runner_cast_opt(k)}{hide_true_val(v)}' for k, v in
command.items() if v and k not in skip_options])
with_env = {'XRAYEXEC_UID': user, 'LANG': target_locale}
logger.info('Going to execute: %s, with environment: %s', cmd, str(with_env))
try:
p = subprocess.run(cmd, capture_output=True,
env=with_env)
except (OSError, ValueError, TypeError, subprocess.SubprocessError):
return general_exec_error()
byte_out, byte_err = p.stdout.strip(), p.stderr.strip()
if byte_out:
logger.info('[%s] Proxied command stdout: %s', current_thread().name,
log_truncate(byte_out))
if byte_err:
logger.info('[%s] Proxied command stderr: %s', current_thread().name,
byte_err.decode())
return duplicate_warning_cast(byte_out), byte_err
def handle(connection: 'socket object') -> None:
"""
Handle incoming connection
:param connection: socket object usable to
send and receive data on the connection
"""
root_error = json.dumps({
'result': _('Commands from root are not accepted')
}, ensure_ascii=False)
with connection:
connection.settimeout(5.0)
_pid, _uid, _gid = extract_creds(connection)
if check_for_root(_uid):
connection.sendall(pack_response(root_error.encode()))
return
try:
data = connection.recv(65536)
if not data:
return
try:
args = unpack_request(data)
except (json.JSONDecodeError, UnicodeDecodeError) as e:
connection.sendall(pack_response(
json.dumps({'result': str(e)}, ensure_ascii=False).encode()))
return
try:
runner = get_runner(args.pop('runner'))
except XRayError as e:
connection.sendall(pack_response(str(e).encode()))
return
try:
runner.validator(args)
except SystemExit as e:
connection.sendall(pack_response(str(e).encode()))
return
_out, _err = execute_manager(args, str(_uid), runner)
connection.sendall(pack_response(_out or _err))
except (OSError, socket.timeout):
return
def run() -> None:
"""
Run listening service
"""
configure_logging(user_agent_log)
with create_socket(user_agent_sock) as s:
while True:
conn, _ = s.accept()
t = Thread(target=handle, args=(conn,))
t.start()
logger.info('[%s] Started', t.name)