Gecko [ dallasfobana2023.variationbd.com ]

Name	Size	Permission
GitPython-3.1.32.dist-info	[ DIR ]	drwxr-xr-x
Jinja2-3.0.3.dist-info	[ DIR ]	drwxr-xr-x
Mako-1.2.4.dist-info	[ DIR ]	drwxr-xr-x
MarkupSafe-2.1.3.dist-info	[ DIR ]	drwxr-xr-x
PyJWT-2.8.0.dist-info	[ DIR ]	drwxr-xr-x
PyMySQL-1.1.0.dist-info	[ DIR ]	drwxr-xr-x
PyVirtualDisplay-3.0.dist-info	[ DIR ]	drwxr-xr-x
PyYAML-6.0.1.dist-info	[ DIR ]	drwxr-xr-x
SQLAlchemy-1.3.24.dist-info	[ DIR ]	drwxr-xr-x
__pycache__	[ DIR ]	drwxr-xr-x
_distutils_hack	[ DIR ]	drwxr-xr-x
_pytest	[ DIR ]	drwxr-xr-x
_yaml	[ DIR ]	drwxr-xr-x
aiohttp	[ DIR ]	drwxr-xr-x
aiohttp-3.9.2.dist-info	[ DIR ]	drwxr-xr-x
aiosignal	[ DIR ]	drwxr-xr-x
aiosignal-1.3.1.dist-info	[ DIR ]	drwxr-xr-x
alembic	[ DIR ]	drwxr-xr-x
alembic-1.11.1.dist-info	[ DIR ]	drwxr-xr-x
annotated_types	[ DIR ]	drwxr-xr-x
annotated_types-0.6.0.dist-inf...	[ DIR ]	drwxr-xr-x
astroid	[ DIR ]	drwxr-xr-x
astroid-2.15.6.dist-info	[ DIR ]	drwxr-xr-x
async_timeout	[ DIR ]	drwxr-xr-x
async_timeout-4.0.3.dist-info	[ DIR ]	drwxr-xr-x
attr	[ DIR ]	drwxr-xr-x
attrs	[ DIR ]	drwxr-xr-x
attrs-23.1.0.dist-info	[ DIR ]	drwxr-xr-x
certifi	[ DIR ]	drwxr-xr-x
certifi-2023.7.22.dist-info	[ DIR ]	drwxr-xr-x
cffi	[ DIR ]	drwxr-xr-x
cffi-1.15.1.dist-info	[ DIR ]	drwxr-xr-x
chardet	[ DIR ]	drwxr-xr-x
chardet-5.2.0.dist-info	[ DIR ]	drwxr-xr-x
charset_normalizer	[ DIR ]	drwxr-xr-x
charset_normalizer-2.1.1.dist-...	[ DIR ]	drwxr-xr-x
cl_dom_collector	[ DIR ]	drwxr-xr-x
clcagefslib	[ DIR ]	drwxr-xr-x
clcommon	[ DIR ]	drwxr-xr-x
clconfig	[ DIR ]	drwxr-xr-x
clconfigure	[ DIR ]	drwxr-xr-x
cldashboard	[ DIR ]	drwxr-xr-x
clevents	[ DIR ]	drwxr-xr-x
clflags	[ DIR ]	drwxr-xr-x
cllicense	[ DIR ]	drwxr-xr-x
cllimits	[ DIR ]	drwxr-xr-x
cllimits_validator	[ DIR ]	drwxr-xr-x
cllimitslib_v2	[ DIR ]	drwxr-xr-x
cllvectl	[ DIR ]	drwxr-xr-x
clpackages	[ DIR ]	drwxr-xr-x
clquota	[ DIR ]	drwxr-xr-x
clselect	[ DIR ]	drwxr-xr-x
clselector	[ DIR ]	drwxr-xr-x
clsentry	[ DIR ]	drwxr-xr-x
clsummary	[ DIR ]	drwxr-xr-x
clveconfig	[ DIR ]	drwxr-xr-x
clwizard	[ DIR ]	drwxr-xr-x
colorama	[ DIR ]	drwxr-xr-x
colorama-0.4.6.dist-info	[ DIR ]	drwxr-xr-x
contextlib2	[ DIR ]	drwxr-xr-x
contextlib2-21.6.0.dist-info	[ DIR ]	drwxr-xr-x
coverage	[ DIR ]	drwxr-xr-x
coverage-7.2.7.dist-info	[ DIR ]	drwxr-xr-x
cryptography	[ DIR ]	drwxr-xr-x
cryptography-41.0.2.dist-info	[ DIR ]	drwxr-xr-x
ddt-1.4.4.dist-info	[ DIR ]	drwxr-xr-x
dill	[ DIR ]	drwxr-xr-x
dill-0.3.7.dist-info	[ DIR ]	drwxr-xr-x
distlib	[ DIR ]	drwxr-xr-x
distlib-0.3.8.dist-info	[ DIR ]	drwxr-xr-x
docopt-0.6.2.dist-info	[ DIR ]	drwxr-xr-x
dodgy	[ DIR ]	drwxr-xr-x
dodgy-0.2.1.dist-info	[ DIR ]	drwxr-xr-x
filelock	[ DIR ]	drwxr-xr-x
filelock-3.13.1.dist-info	[ DIR ]	drwxr-xr-x
flake8	[ DIR ]	drwxr-xr-x
flake8-5.0.4.dist-info	[ DIR ]	drwxr-xr-x
flake8_polyfill	[ DIR ]	drwxr-xr-x
flake8_polyfill-1.0.2.dist-inf...	[ DIR ]	drwxr-xr-x
frozenlist	[ DIR ]	drwxr-xr-x
frozenlist-1.4.0.dist-info	[ DIR ]	drwxr-xr-x
future	[ DIR ]	drwxr-xr-x
future-0.18.3.dist-info	[ DIR ]	drwxr-xr-x
git	[ DIR ]	drwxr-xr-x
gitdb	[ DIR ]	drwxr-xr-x
gitdb-4.0.10.dist-info	[ DIR ]	drwxr-xr-x
guppy	[ DIR ]	drwxr-xr-x
guppy3-3.1.3.dist-info	[ DIR ]	drwxr-xr-x
hc_json_rpc_client	[ DIR ]	drwxr-xr-x
hc_json_rpc_client-1.0.1.dist-...	[ DIR ]	drwxr-xr-x
idna	[ DIR ]	drwxr-xr-x
idna-3.4.dist-info	[ DIR ]	drwxr-xr-x
iniconfig	[ DIR ]	drwxr-xr-x
iniconfig-2.0.0.dist-info	[ DIR ]	drwxr-xr-x
isort	[ DIR ]	drwxr-xr-x
isort-5.12.0.dist-info	[ DIR ]	drwxr-xr-x
jinja2	[ DIR ]	drwxr-xr-x
jsonschema	[ DIR ]	drwxr-xr-x
jsonschema-3.2.0.dist-info	[ DIR ]	drwxr-xr-x
jwt	[ DIR ]	drwxr-xr-x
lazy_object_proxy	[ DIR ]	drwxr-xr-x
lazy_object_proxy-1.9.0.dist-i...	[ DIR ]	drwxr-xr-x
libfuturize	[ DIR ]	drwxr-xr-x
libpasteurize	[ DIR ]	drwxr-xr-x
lve_stats-2.0.dist-info	[ DIR ]	drwxr-xr-x
lve_utils	[ DIR ]	drwxr-xr-x
lvemanager	[ DIR ]	drwxr-xr-x
lvestats	[ DIR ]	drwxr-xr-x
lxml	[ DIR ]	drwxr-xr-x
lxml-4.9.2.dist-info	[ DIR ]	drwxr-xr-x
mako	[ DIR ]	drwxr-xr-x
markupsafe	[ DIR ]	drwxr-xr-x
mccabe-0.7.0.dist-info	[ DIR ]	drwxr-xr-x
mock	[ DIR ]	drwxr-xr-x
mock-5.1.0.dist-info	[ DIR ]	drwxr-xr-x
multidict	[ DIR ]	drwxr-xr-x
multidict-6.0.4.dist-info	[ DIR ]	drwxr-xr-x
numpy	[ DIR ]	drwxr-xr-x
numpy-1.25.1.dist-info	[ DIR ]	drwxr-xr-x
numpy.libs	[ DIR ]	drwxr-xr-x
packaging	[ DIR ]	drwxr-xr-x
packaging-23.1.dist-info	[ DIR ]	drwxr-xr-x
past	[ DIR ]	drwxr-xr-x
pep8_naming-0.10.0.dist-info	[ DIR ]	drwxr-xr-x
pip	[ DIR ]	drwxr-xr-x
pip-24.1.2.dist-info	[ DIR ]	drwxr-xr-x
pkg_resources	[ DIR ]	drwxr-xr-x
platformdirs	[ DIR ]	drwxr-xr-x
platformdirs-3.11.0.dist-info	[ DIR ]	drwxr-xr-x
pluggy	[ DIR ]	drwxr-xr-x
pluggy-1.2.0.dist-info	[ DIR ]	drwxr-xr-x
prettytable	[ DIR ]	drwxr-xr-x
prettytable-3.8.0.dist-info	[ DIR ]	drwxr-xr-x
prometheus_client	[ DIR ]	drwxr-xr-x
prometheus_client-0.8.0.dist-i...	[ DIR ]	drwxr-xr-x
prospector	[ DIR ]	drwxr-xr-x
prospector-1.10.2.dist-info	[ DIR ]	drwxr-xr-x
psutil	[ DIR ]	drwxr-xr-x
psutil-5.9.5.dist-info	[ DIR ]	drwxr-xr-x
psycopg2	[ DIR ]	drwxr-xr-x
psycopg2_binary-2.9.6.dist-inf...	[ DIR ]	drwxr-xr-x
psycopg2_binary.libs	[ DIR ]	drwxr-xr-x
pycodestyle-2.9.1.dist-info	[ DIR ]	drwxr-xr-x
pycparser	[ DIR ]	drwxr-xr-x
pycparser-2.21.dist-info	[ DIR ]	drwxr-xr-x
pydantic	[ DIR ]	drwxr-xr-x
pydantic-2.4.2.dist-info	[ DIR ]	drwxr-xr-x
pydantic_core	[ DIR ]	drwxr-xr-x
pydantic_core-2.10.1.dist-info	[ DIR ]	drwxr-xr-x
pydocstyle	[ DIR ]	drwxr-xr-x
pydocstyle-6.3.0.dist-info	[ DIR ]	drwxr-xr-x
pyfakefs	[ DIR ]	drwxr-xr-x
pyfakefs-5.2.3.dist-info	[ DIR ]	drwxr-xr-x
pyflakes	[ DIR ]	drwxr-xr-x
pyflakes-2.5.0.dist-info	[ DIR ]	drwxr-xr-x
pylint	[ DIR ]	drwxr-xr-x
pylint-2.17.4.dist-info	[ DIR ]	drwxr-xr-x
pylint_celery	[ DIR ]	drwxr-xr-x
pylint_celery-0.3.dist-info	[ DIR ]	drwxr-xr-x
pylint_django	[ DIR ]	drwxr-xr-x
pylint_django-2.5.3.dist-info	[ DIR ]	drwxr-xr-x
pylint_flask	[ DIR ]	drwxr-xr-x
pylint_flask-0.6.dist-info	[ DIR ]	drwxr-xr-x
pylint_plugin_utils	[ DIR ]	drwxr-xr-x
pylint_plugin_utils-0.7.dist-i...	[ DIR ]	drwxr-xr-x
pylve-2.1-py3.11.egg-info	[ DIR ]	drwxr-xr-x
pymysql	[ DIR ]	drwxr-xr-x
pyparsing	[ DIR ]	drwxr-xr-x
pyparsing-3.0.9.dist-info	[ DIR ]	drwxr-xr-x
pyrsistent	[ DIR ]	drwxr-xr-x
pyrsistent-0.19.3.dist-info	[ DIR ]	drwxr-xr-x
pytest	[ DIR ]	drwxr-xr-x
pytest-7.4.0.dist-info	[ DIR ]	drwxr-xr-x
pytest_subprocess	[ DIR ]	drwxr-xr-x
pytest_subprocess-1.5.0.dist-i...	[ DIR ]	drwxr-xr-x
pyvirtualdisplay	[ DIR ]	drwxr-xr-x
raven	[ DIR ]	drwxr-xr-x
raven-6.10.0.dist-info	[ DIR ]	drwxr-xr-x
requests	[ DIR ]	drwxr-xr-x
requests-2.31.0.dist-info	[ DIR ]	drwxr-xr-x
requirements_detector	[ DIR ]	drwxr-xr-x
requirements_detector-1.2.2.di...	[ DIR ]	drwxr-xr-x
schema-0.7.5.dist-info	[ DIR ]	drwxr-xr-x
semver	[ DIR ]	drwxr-xr-x
semver-3.0.1.dist-info	[ DIR ]	drwxr-xr-x
sentry_sdk	[ DIR ]	drwxr-xr-x
sentry_sdk-1.29.2.dist-info	[ DIR ]	drwxr-xr-x
setoptconf	[ DIR ]	drwxr-xr-x
setoptconf_tmp-0.3.1.dist-info	[ DIR ]	drwxr-xr-x
setuptools	[ DIR ]	drwxr-xr-x
setuptools-70.2.0.dist-info	[ DIR ]	drwxr-xr-x
simplejson	[ DIR ]	drwxr-xr-x
simplejson-3.19.1.dist-info	[ DIR ]	drwxr-xr-x
six-1.16.0.dist-info	[ DIR ]	drwxr-xr-x
smmap	[ DIR ]	drwxr-xr-x
smmap-5.0.0.dist-info	[ DIR ]	drwxr-xr-x
snowballstemmer	[ DIR ]	drwxr-xr-x
snowballstemmer-2.2.0.dist-inf...	[ DIR ]	drwxr-xr-x
sqlalchemy	[ DIR ]	drwxr-xr-x
ssa	[ DIR ]	drwxr-xr-x
svgwrite	[ DIR ]	drwxr-xr-x
svgwrite-1.4.3.dist-info	[ DIR ]	drwxr-xr-x
tap	[ DIR ]	drwxr-xr-x
tap.py-3.1.dist-info	[ DIR ]	drwxr-xr-x
testfixtures	[ DIR ]	drwxr-xr-x
testfixtures-7.1.0.dist-info	[ DIR ]	drwxr-xr-x
toml	[ DIR ]	drwxr-xr-x
toml-0.10.2.dist-info	[ DIR ]	drwxr-xr-x
tomlkit	[ DIR ]	drwxr-xr-x
tomlkit-0.11.8.dist-info	[ DIR ]	drwxr-xr-x
typing_extensions-4.8.0.dist-i...	[ DIR ]	drwxr-xr-x
unshare-0.22.dist-info	[ DIR ]	drwxr-xr-x
urllib3	[ DIR ]	drwxr-xr-x
urllib3-2.0.4.dist-info	[ DIR ]	drwxr-xr-x
vendors_api	[ DIR ]	drwxr-xr-x
virtualenv	[ DIR ]	drwxr-xr-x
virtualenv-20.21.1.dist-info	[ DIR ]	drwxr-xr-x
wcwidth	[ DIR ]	drwxr-xr-x
wcwidth-0.2.6.dist-info	[ DIR ]	drwxr-xr-x
wmt	[ DIR ]	drwxr-xr-x
wrapt	[ DIR ]	drwxr-xr-x
wrapt-1.15.0.dist-info	[ DIR ]	drwxr-xr-x
yaml	[ DIR ]	drwxr-xr-x
yarl	[ DIR ]	drwxr-xr-x
yarl-1.9.2.dist-info	[ DIR ]	drwxr-xr-x
_cffi_backend.cpython-311-x86_...	267.63 KB	-rwxr-xr-x
_pyrsistent_version.py	23 B	-rw-r--r--
cl_proc_hidepid.py	4.53 KB	-rw-r--r--
clcontrollib.py	51.73 KB	-rw-r--r--
cldetectlib.py	18.13 KB	-rw-r--r--
cldiaglib.py	45.57 KB	-rw-r--r--
clhooklib.py	1.27 KB	-rw-r--r--
cli_utils.py	1.66 KB	-rw-r--r--
cllicenselib.py	9.1 KB	-rw-r--r--
clsetuplib.py	4.35 KB	-rw-r--r--
clsudo.py	14.42 KB	-rw-r--r--
ddt.py	12.43 KB	-rw-r--r--
distutils-precedence.pth	151 B	-rw-r--r--
docopt.py	19.48 KB	-rw-r--r--
hc_lve_profiler.py	6.2 KB	-rw-------
lveapi.py	19.53 KB	-rw-r--r--
lvectllib.py	102.55 KB	-rw-r--r--
lvestat.py	6.83 KB	-rw-r--r--
mccabe.py	10.4 KB	-rw-r--r--
pep8ext_naming.py	18.61 KB	-rw-r--r--
py.py	263 B	-rw-r--r--
pycodestyle.py	101.08 KB	-rw-r--r--
pylve.cpython-311-x86_64-linux...	25.48 KB	-rwxr-xr-x
remove_ubc.py	5.73 KB	-rwxr-xr-x
schema.py	29.51 KB	-rw-r--r--
secureio.py	18.83 KB	-rw-r--r--
simple_rpm.so	11.29 KB	-rwxr-xr-x
six.py	33.74 KB	-rw-r--r--
typing_extensions.py	100.97 KB	-rw-r--r--
unshare.cpython-311-x86_64-lin...	8.17 KB	-rwxr-xr-x

Code Editor : secureio.py

# coding=utf-8

# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2018 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT

# This module provides functions for secure I/O and filesystem operations

import grp
import sys
import tempfile
import contextlib
import os
from functools import lru_cache
from typing import TYPE_CHECKING
from ctypes import (cdll, c_long, Structure, c_ushort, c_ubyte, c_char, POINTER,
                    c_int, c_void_p, c_char_p)

from clcommon import ClPwd
from clcommon.clpwd import drop_user_privileges

def __getattr__(name):
    # NOTE(vlebedev): Delay shared libraries loading until they are actually used.
    #                 It makes module loadable even in case those shared libraries are not available
    #                 and that is useful for e.g. unit testing on local non-CL system.
    if name == 'libc':
        return _load_libc()
    elif name == 'liblve':
        return _load_liblve()
    raise AttributeError(f"module {__name__} has no attribute {name}")

def __dir__():
    return ['libc', 'liblve', *globals().keys()]

# --- libc functions -----------------------------------------------
@lru_cache(maxsize=None)
def _load_libc():
    libc = cdll.LoadLibrary("libc.so.6")

libc.fchown.argtypes = [c_int, c_int, c_int]
    libc.fchown.restype = c_int

libc.fchmod.argtypes = [c_int, c_int]
    libc.fchmod.restype = c_int

# accepts file/dir descriptor (integer)
    libc.fdopendir.argtypes = [c_int]
    # returns pointer to DIR structure
    libc.fdopendir.restype = c_void_p

# accepts pointer to DIR structure
    libc.readdir.argtypes = [c_void_p]
    # returns pointer to DIRENTRY structure
    libc.readdir.restype = DIRENTRY_P

# accepts pointer to DIR structure
    libc.rewinddir.argtypes = [c_void_p]
    # returns void
    libc.rewinddir.restype = None

# accepts pointer to DIR structure
    libc.closedir.argtypes = [c_void_p]
    libc.closedir.restype = c_int

return libc

if TYPE_CHECKING:
    libc = _load_libc()

ino_t = c_long
off_t = c_long

class DIRENTRY(Structure):
    _fields_ = [
        ('d_ino', ino_t),  # inode number
        ('d_off', off_t),  # offset to the next dirent
        ('d_reclen', c_ushort),  # length of this record
        ('d_type', c_ubyte),  # type of file; not supported by all file system types
        ('d_name', c_char * 256),  # filename
    ]

DIRENTRY_P = POINTER(DIRENTRY)

def fchown(fd, uid, gid):
    return _load_libc().fchown(fd, uid, gid)

def fchmod(fd, mode):
    return _load_libc().fchmod(fd, mode)

def fdopen(fd):
    return _load_libc().fdopen(fd)

def readdir(dirp):
    return _load_libc().readdir(dirp)

def rewinddir(dirp):
    return _load_libc().rewinddir(dirp)

def closedir(dirp):
    return _load_libc().closedir(dirp)

# --- liblve functions -----------------------------------------------
@lru_cache(maxsize=None)
def _load_liblve():
    try:
        liblve = cdll.LoadLibrary("libsecureio.so.0")
    except OSError:
        liblve = cdll.LoadLibrary("liblve.so.0")

# Opens path for reading not following symlinks and verifies that opened path is inside parent_path
    # Returns:
    # descriptor if successful
    # -1 if path does not exist or is a symlink
    # -2 if opened path is NOT inside parent_path or cannot be determined
    # accepts path, parent_path
    liblve.open_not_symlink.argtypes = [c_char_p, c_char_p]
    liblve.open_not_symlink.restype = c_int

# Closes descriptor (if it is not equal -1)
    # accepts file/dir descriptor (integer)
    liblve.closefd.argtypes = [c_int]
    # returns void
    liblve.closefd.restype = None

# Tries to read first directory entry in order to ensure that descriptor is valid
    # Returns 0 if reading succeeded or -1 if error has occured
    # accepts descriptor
    liblve.check_dir.argtypes = [c_int]
    liblve.check_dir.restype = c_int

# Checks if path is a directory (in secure manner)
    # Also opens path (if descriptor fd == -1) and then checks that opened path is inside parent_path
    # Returns descriptor if path refers to directory
    # Returns -1 if path does not exist or is not a directory
    # Returns -2 if opened path is NOT inside parent_path or cannot be determined
    # accepts path, descriptor, parent_path
    liblve.isdir.argtypes = [c_char_p, c_int, c_char_p]
    liblve.isdir.restype = c_int

# Sets permissions to directory (in secure manner)
    # Returns descriptor if successful
    # Returns -1 if error has occured
    # Returns -2 if opened path is NOT inside parent_path or cannot be determined
    # accepts: const char *path, mode_t perm, int fd, const char *parent_path
    liblve.set_perm_dir_secure.argtypes = [c_char_p, c_int, c_int, c_char_p]
    liblve.set_perm_dir_secure.restype = c_int

# Sets owner and group of directory (in secure manner)
    # Returns descriptor if successful
    # Returns -1 if error has occured
    # Returns -2 if opened path is NOT inside parent_path or cannot be determined
    # accepts: const char *path, uid_t uid, gid_t gid, int fd, const char *parent_path
    liblve.set_owner_dir_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_char_p]
    liblve.set_owner_dir_secure.restype = c_int

# Creates directory if it does not exist, sets permissions/owner otherwise
    # Returns descriptor if successful
    # Returns -1 if error has occured
    # accepts: const char *path, mode_t perm, uid_t uid, gid_t gid, int fd, const char *parent_path
    liblve.create_dir_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_int, c_char_p]
    liblve.create_dir_secure.restype = c_int

# Recursive directory creation function
    # Returns 0 if successful
    # Returns -1 if error has occured
    # accepts: const char *path, mode_t perm, uid_t uid, gid_t gid, const char *parent_path
    liblve.makedirs_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_char_p]
    liblve.makedirs_secure.restype = c_int

# Writes absolute path pointed by descriptor fd to buffer *buf
    # Returns buf if successful
    # Returns NULL if error has occured
    liblve.get_path_from_descriptor.argtypes = [c_int, c_char_p]
    liblve.get_path_from_descriptor.restype = c_char_p

# Returns 1 if subdir is subdirectory of dir, 0 otherwise
    liblve.is_subdir.argtypes = [c_char_p, c_char_p]
    liblve.is_subdir.restype = c_int

return liblve

if TYPE_CHECKING:
    liblve = _load_liblve()

def _open_not_symlink(path, parent_path):
    return _load_liblve().open_not_symlink(path, parent_path)

def check_dir(fd):
    return _load_liblve().check_dir(fd)

def isdir(path, descriptor, parent_path):
    return _load_liblve().isdir(path, descriptor, parent_path)

def get_path_from_descriptor(fd, buf):
    return _load_liblve().get_path_from_descriptor(fd, buf)

def is_subdir(dir, subdir):
    return _load_liblve().is_subdir(dir, subdir)

# True :  euid/egid == 0/0
# False : euid/egid == user/user
# set by set_user_perm() and set_root_perm() functions
root_flag = True

LOGFILE = "/var/log/cagefs-update.log"

MIN_UID = 500

SILENT_FLAG = False

def open_not_symlink(path):
    return os.open(path, os.O_RDONLY | os.O_NOFOLLOW)

def open_file_not_symlink(path):
    return os.fdopen(open_not_symlink(path), 'r')

def flistdir(fd):
    """Returns list of entries of directory pointed by descriptor"""
    # Duplicate descriptor, because closedir() closes descriptor associated with directory stream
    fd2 = os.dup(fd)

# Open directory stream
    dirp = fdopendir(fd2)  # NOQA
    if not dirp:
        raise RuntimeError("fdopendir error")

# Reset position of directory stream
    # (so it will be possible to read content of directory multiple times
    # via other descriptors that refer to the directory)
    rewinddir(dirp)

dirlist = []
    while True:
        entryp = readdir(dirp)
        if not entryp:
            break
        entry = entryp.contents
        dirlist.append(entry.d_name)

rewinddir(dirp)
    closedir(dirp)
    return dirlist

def closefd(fd):
    if fd is not None:
        try:
            os.close(fd)
        except OSError:
            pass

def set_perm_dir_secure(path, perm, parent_path, fd=None, logger=None):
    """Sets permissions to directory (in secure manner)
    Returns descriptor if successful
    Returns None if error has occured"""
    if fd is None:
        fd = -1
    fd = _load_liblve().set_perm_dir_secure(path.encode(), perm, fd, parent_path.encode())
    if fd > 0:
        return fd
    if logger is not None:
        logger('Error: failed to set permissions of directory ' + path, False, True)
    return None

def set_owner_dir_secure(path, uid, gid, parent_path, fd=None, logger=None):
    """Sets owner and group of directory (in secure manner)
    Returns descriptor if successful
    Returns None if error has occured"""
    if fd is None:
        fd = -1
    fd = _load_liblve().set_owner_dir_secure(path.encode(), uid, gid, fd, parent_path.encode())
    if fd > 0:
        return fd
    if logger is not None:
        logger('Error: failed to set owner of directory ' + path, False, True)
    return None

def create_dir_secure(path, perm, uid, gid, parent_path, fd=None, logger=None):
    """Creates directory if it does not exist, sets permissions/owner otherwise
    Returns descriptor if successful
    Returns None if error has occured"""
    if fd is None:
        fd = -1
    fd = _load_liblve().create_dir_secure(path.encode(), perm, uid, gid, fd, parent_path.encode())
    if fd > 0:
        return fd
    if logger is not None:
        logger('Error : failed to create directory ' + path, False, True)
    return None

def makedirs_secure(path, perm, uid, gid, parent_path, logger=None):
    """Recursive directory creation function
    Returns 0 if successful
    Returns -1 if error has occured"""
    res = _load_liblve().makedirs_secure(path.encode(), perm, uid, gid, parent_path.encode())
    if res and logger:
        logger('Error : failed to create directory ' + path, False, True)
    return res

def read_file_secure(filename, uid=None, gid=None, exit_on_error=True, write_log=True):
    """read file not following symlinks"""
    if (uid is None and gid is not None) or (uid is not None and gid is None):
        raise RuntimeError("read_file_secure: uid and gid should be both null or be both not null")

drop_perm = (uid is not None) and (gid is not None)
    if drop_perm:
        set_user_perm(uid, gid)

try:
        file_object = open_file_not_symlink(filename)
        content = file_object.readlines()
        file_object.close()
        if drop_perm:
            set_root_perm()
        return content
    except (OSError, IOError) as e:
        if drop_perm:
            set_root_perm()
        logging('Error: failed to read ' + filename + ' : ' + str(e), SILENT_FLAG, 1, write_log)
        if not exit_on_error:
            raise
        sys.exit(1)

def write_file_secure(content, ini_path, uid, gid, drop_perm=True, perm=0o644, write_log=True):
    """Returns True if error has occured"""
    dirpath = os.path.dirname(ini_path)

if drop_perm:
        set_user_perm(uid, gid)

fd = None
    temp_path = None
    try:
        fd, temp_path = tempfile.mkstemp(prefix='cagefs_', dir=dirpath)
        file_object = os.fdopen(fd, 'w')
        file_object.write(''.join(content))
        if not drop_perm and uid is not None and gid is not None:
            if fchown(fd, uid, gid):
                raise OSError('fchown failed')
        if fchmod(fd, perm):
            raise OSError('fchmod failed')
        file_object.close()
    except (IOError, OSError) as e:
        try:
            file_object.close()
        except Exception:
            pass
        try:
            os.close(fd)
        except Exception:
            pass
        try:
            os.unlink(temp_path)
        except Exception:
            pass
        if drop_perm:
            set_root_perm()
        logging(
            f"Error: failed to write file {ini_path} : {str(e).replace('Errno', 'Err code')}",
            SILENT_FLAG,
            1,
            write_log,
        )
        return True
    except Exception as e:
        logging(f'Error: {str(e)}', SILENT_FLAG, 1)
        sys.exit(1)

error = False
    try:
        os.rename(temp_path, ini_path)
    except OSError as e:
        error = True
        logging('Error: failed to rename tempfile to ' + ini_path + ' : ' + str(e), SILENT_FLAG, 1, write_log)
        try:
            os.unlink(temp_path)
        except OSError:
            pass

if drop_perm:
        set_root_perm()

return error

def write_file_via_tempfile(
        content, dest_path, perm, prefix='', suffix='', as_user=None):
    """
    Safely write string content to a file
    :param content: str
    :param dest_path: str -> path to a file
    :param perm: int -> permissions for the file
    :param prefix: str -> add to temporary file name
    :param suffix: str -> add to temporary file name
    :param as_user: str -> name of the user to drop privileges to
    """
    if as_user is not None:
        old_groups = os.getgroups()
        drop_user_privileges(as_user, effective_or_real=True, set_env=False)

dirpath = os.path.dirname(dest_path)
    fd, temp_path = None, None
    try:
        fd, temp_path = tempfile.mkstemp(
                prefix=prefix, suffix=suffix, dir=dirpath)
        with os.fdopen(fd, 'w', errors='surrogateescape') as f_temp:
            f_temp.write(content)
    except (IOError, OSError):
        if fd is None or temp_path is None:
            raise
        try:
            os.close(fd)
        except (IOError, OSError):
            pass
        try:
            os.unlink(temp_path)
        except (IOError, OSError):
            pass
        raise

try:
        os.chmod(temp_path, perm)
        os.rename(temp_path, dest_path)
    except (OSError, IOError, TypeError):
        try:
            os.unlink(temp_path)
        except (OSError, IOError):
            pass
        raise

if as_user is not None:
        ruid = os.getuid()
        os.seteuid(ruid)
        os.setegid(os.getgid())
        # All of the above can be called from user named as_user
        if ruid == 0:
            os.setgroups(old_groups)

def set_user_perm(uid, gid, exit=True):
    global root_flag

try:
        os.setegid(gid)
    except (OSError,) as e:
        if exit:
            print_error('failed to set egid to ' + str(gid) + ': ' + str(e))
            sys.exit(1)
        else:
            return -1

groups = get_groups(uid, gid)
    try:
        os.setgroups(groups)
    except (OSError,) as e:
        if exit:
            print_error('failed to set supplementary groups to :', groups, str(e))
            sys.exit(1)
        else:
            return -1

try:
        os.seteuid(uid)
    except (OSError,) as e:
        if exit:
            print_error('failed to set euid to ' + str(uid) + ': ' + str(e))
            sys.exit(1)
        else:
            return -1

if uid == 0:
        root_flag = True
    else:
        # If it's possible, switch on CAP_SYS_RESOURCE
        _load_liblve().enable_quota_capability()
        root_flag = False

def set_root_perm(exit=True):
    global root_flag

try:
        os.seteuid(0)
    except (OSError,) as e:
        if exit:
            print_error('failed to set euid to 0 :', str(e))
            sys.exit(1)
        else:
            return -1

try:
        os.setegid(0)
    except (OSError,) as e:
        if exit:
            print_error('Error: failed to set egid to 0 :', str(e))
            sys.exit(1)
        else:
            return -1

groups = get_groups(0, 0)
    try:
        os.setgroups(groups)
    except (OSError,) as e:
        if exit:
            print_error('Error: failed to set supplementary groups to :', groups, str(e))
            sys.exit(1)
        else:
            return -1

root_flag = True

def print_error(*args):
    print("Error:", end=' ', file=sys.stderr)
    for a in args:
        print(a, end=' ', file=sys.stderr)
    print(file=sys.stderr)

def get_groups(uid, gid):
    """Returns supplementary groups for uid"""
    gr = get_grp_dict()
    pw = get_pwd_dict()
    groups = set()
    for group in gr:
        members = gr[group].gr_mem
        for user in members:
            try:
                member_uid = pw[user].pw_uid
            except KeyError:
                continue
            if member_uid == uid:
                groups.add(gr[group].gr_gid)
    groups.add(gid)
    return list(groups)

grp_dict = None

def get_grp_dict():
    global grp_dict
    if grp_dict is None:
        grp_dict = {}
        gr = grp.getgrall()
        for line in gr:
            grp_dict[line.gr_name] = line
    return grp_dict

clpwd = ClPwd(min_uid=MIN_UID)

def get_pwd_dict():
    return clpwd.get_user_dict()

log_file = None

def logging(msg, silent=False, verbose=True, write_log=True):
    global log_file
    if not silent:
        if verbose:
            print(msg)

if write_log:
        root_flag_saved = root_flag
        if not root_flag:
            uid, gid = get_perm()
            set_root_perm()
        try:
            if log_file is None:
                umask_saved = os.umask(0o22)
                # log_file is opened in "line buffered" mode
                log_file = open(LOGFILE, 'w', 1)  # NOQA
                os.umask(umask_saved)
            log_file.write(msg)
            log_file.write("\n")
        except (OSError, IOError) as e:
            print_error("writing to ", LOGFILE, str(e))
            sys.exit(1)
        if not root_flag_saved:
            set_user_perm(uid, gid)

def get_perm():
    try:
        uid = os.geteuid()
        gid = os.getegid()
    except (OSError,) as e:
        print_error('failed to get (euid,egid)', str(e))
        sys.exit(1)
    return uid, gid

def set_capability(clear=False):
    """
    Set CAP_SYS_RESOURCE capability

:param bool clear: Set on if it's true, set off otherwise
    :return: 0 for success, -1 otherwise
    :rtype: int
    """
    return _load_liblve().disable_quota_capability() if clear \
        else _load_liblve().enable_quota_capability()

def change_uid(uid):
    """
    Change effective uid of current process and set CAP_SYS_RESOURCE capbality
    to prevent "Disk quota exceeded" error

:param int euid: User ID to set it as current effective UID
    :return: 0 if capability was set successfuly, -1 otherwise
    :rtype: int
    """
    os.seteuid(uid)
    return set_capability()

def _set_quota_checks_status(enabled):
    """
    Disable quota kernel check to allow us to write
    more than user can by quota.
    """
    if not enabled:
        _load_liblve().enable_quota_capability()
    else:
        _load_liblve().disable_quota_capability()

@contextlib.contextmanager
def disable_quota():
    _set_quota_checks_status(enabled=False)
    try:
        yield
    finally:
        _set_quota_checks_status(enabled=True)

@contextlib.contextmanager
def set_umask(umask_value):
    saved_umask = os.umask(umask_value)
    try:
        yield
    finally:
        os.umask(saved_umask)

${this.title}

Code Editor : secureio.py