GIF89a=( �' 7IAXKgNgYvYx\%wh&h}t�h%�s%x�}9�R��&�0%� (�.��5�SD��&�a)�x5��;ͣ*ȡ&ղ)ׯ7׵<ѻ4�3�H֧KͯT��Y�aq��q��F� !� ' !� NETSCAPE2.0 , =( ��pH,�Ȥr�l:xШtJ�Z�جv��z��xL.:��z�n���|N�����~�������& !�0`9R�}��"�"a:S�~x��������g���E�������R���E����B�� ��ȸ��D���"�Ů� �H��L��D٫D�B�����D���T���H �G��A R�ڐ |�� ٭&��E8�S�kG�A�px�a��� R2XB��E8I���6X�:vT)�~��q�賥��"F~%x� � 4#Z�0O|-4Bs�X:= Q� Sal��yXJ`GȦ|s h��K3l7�B|�$'7Jީܪ0!��D�n=�P� ����0`�R�lj����v>���5 �.69�ϸd�����nlv�9��f{���Pbx �l5}�p� ��� �3a���I�O����!ܾ���i��9��#��)p�a ޽ �{�)vm��%D~ 6f��s}Œ�D�W E�`!� �&L8x� �ܝ{)x`X/>�}m��R�*|`D�=�_ ^�5 !_&'a�O�7�c��`DCx`�¥�9�Y�F���`?��"� �n@`�} lď��@4>�d S �v�xN��"@~d��=�g�s~G��� ���ud &p8Q�)ƫlXD����A~H�ySun�j���k*D�LH�] ��C"J��Xb~ʪwSt}6K,��q�S:9ت:���l�@�`�� �.۬�t9�S�[:��=`9N����{¿�A !R�:���6��x�0�_ �;������^���#����!����U���;0L1�����p% A��U̬ݵ��%�S��!���~`�G���� ���=4�np�3���������u�u�ٮ|%2�I��r�#0��J``8�@S@5� ���^`8E�]�.�S���7 � �0�j S�D� z���i�S�����!���l��w9*�D�I�nEX��� &A�Go�Qf��F��;���}�J����F5��Q|���X��T��y���]� o ��C=��:���PB@ D׽S�(>�C�x}`��xJЬ�۠��p+eE0`�}`A �/NE�� �9@��� H�7�!%B0`�l*��!8 2�%� �:�1�0E��ux%nP1�!�C)�P81l�ɸF#Ƭ{����B0>�� �b�`��O3��()yRpb��E.ZD8�H@% �Rx+%���c� ���f��b�d�`F�"8�XH"��-�|1�6iI, 2�$+](A*j� QT�o0.�U�`�R�}`�SN����yae�����b��o~ S)�y�@��3 �tT�0�&�+~L�f"�-|�~��>!�v��~�\Q1)}@�}h#aP72�"�$ !� " , =( &7IAXG]KgNgYvYxR"k\%w]'}h}t�h%�g+�s%r.m3ax3�x�}9��&��+�!7�0%� (�.�SD��&��;�"&ײ)׻4��6�K� �@pH,�Ȥr�l:xШtJ�Z�جv��z��xL.:��z�n���|N�����~�������& !�0`9R�}��"�"a:S�~x��������g �� E �� �������E �´��C���ǶR��D��"Ʒ�ʱH��M��GڬD�B����D��T����G���C�C� l&�~:'�tU�6ɹ#��)�'�.6�&��Ȼ K(8p0N�?!�2"��NIJX>R��OM '��2�*x�>#n� �@<[:�I�f ��T���Cdb��[�}E�5MBo��@�`@��tW-3 �x�B���jI�&E�9[T&$��ﯧ&"s��ȳ����dc�UUρ#���ldj?����`\}���u|3'�R]�6 �S#�!�FKL�*N E���`$�:e�YD�q�.�촁�s \-�jA 9�����-��M[�x(�s��x�|���p��}k�T�DpE@W� ��]k`1� ���Yb ��0l��*n0��"~zBd�~u�7�0Bl��0-�x~|U�U0 �h�*HS�|��e"#"?vp�i`e6^�+q��`m8 #V�� ��VS|`��"m"сSn|@:U���~`pb�G�ED����2F�I�? >�x� R� ��%~jx��<�a�9ij�2�D��&: Z`�]w���:�6��B�7eFJ|�ҧ�,���FǮcS�ʶ+B�,�ܺN���>PAD�HD��~���n��}�#�� Q��S���2�X�{�k�lQ�2�����w�|2� h9��G�,m���3��6-��E�L��I�³*K���q�`DwV�QXS��peS��� qܧTS����R�u �<�a�*At�lmE� � ��N[P1�ۦ��$��@`��Dpy�yXvCAy�B`}D� 0QwG#� �a[^�� $���Ǧ{L�"[��K�g�;�S~��GX.�goT.��ư��x���?1z��x~:�g�|�L� ��S`��0S]P�^p F<""�?!,�!N4&P� ����:T�@h�9%t��:�-~�I<`�9p I&.)^ 40D#p@�j4�ج:�01��rܼF2oW�#Z ;$Q q  �K��Nl#29 !F@�Bh�ᏬL!XF�LHKh�.�hE&J�G��<"WN!�����Y@� >R~19J"�2,/ &.GXB%�R�9B6�W]���W�I�$��9�RE8Y� ��"�A5�Q.axB�&ة�J�! �t)K%tS-�JF b�NMxL��)�R��"���6O!TH�H� 0 !� ) , =( &AXKgNgYvYxR"k\%wh&h}h%�g+�s%r.x3�x�}9��&��+�R,�!7�0%� (�.��5��&�a)��;�"&ף*Ȳ)ׯ7׻4�3��6�H֧KͻH�T��Y��q��h� ��pH,�Ȥr�l:xШtJ�Z�جv��z��xL.:��z�n���|N�����~�������& !�0`9R�}��"�"a:S�~x��������g �� E$����� � ����$E$��"��D� � ������R��C��� E ��H�M��G�D� �B��ϾD��a��`1r��Ӑ�� �o~�zU!L�C'�yW�UGt����ll�0���uG�)A�s[��x� �xO%��X2�  P�n:R/��aHae+�Dm?# ǣ6�8�J�x�Di�M���j���5oQ7�- <! *�l��R2r/a!l)d� A"�E���� &� ;��c �%����b��pe~C"B���H�eF2��`8qb�t_`ur`e� w�u3��Pv�h""�`�Íx�LĹ��3� �~ֺ�:���MDfJ� �۵�W�%�S�X �؁)�@��:E��w�u�Sxb8y\m�zS��Zb�E�L��w!y(>�"w�=�|��s�d �C�W)H�cC$�L �7r.�\{)@�`@ �X�$PD `aaG:���O�72E�amn]�"Rc�x�R� &dR8`g��i�xLR!�P &d����T���i�|�_ � Qi�#�`g:��:noM� :V �)p����W&a=�e�k� j���1߲s�x�W�jal|0��B0�, \j۴:6���C ��W��|��9���zĸV {�;��n��V�m�I��.��PN� ����C��+��By�ѾHŸ:��� 7�Y�FTk�SaoaY$D�S���29R�kt� ��f� ��:��Sp�3�I��DZ� �9���g��u�*3)O��[_hv ,���Et x�BH� �[��64M@�S�M7d�l�ܶ5-��U܍��z�R3Ԭ3~ ��P��5�g: ���kN�&0�j4���#{��3S�2�K�'ợl���2K{� {۶?~m𸧠�I�nE�='����^���_�=��~�#O���'���o..�Y�n��CSO��a��K��o,���b�����{�C�� "�{�K ��w��Ozdը�:$ ���v�] A#� ���a�z)Rx׿ƥ�d``�w-�y�f�K!����|��P��=�`�(f��'Pa ��BJa%��f�%`�}F����6>��`G"�}�=�!o`�^FP�ةQ�C���`(�}\�ݮ ��$<��n@dĠE#��U�I�!� #l��9`k���'Rr��Z�NB�MF �[�+9���-�wj���8�r� ,V�h"�|�S=�G_��"E� 0i*%̲��da0mVk�):;&6p>�jK ��# �D�:�c?:R Ӭf��I-�"�<�="��7�3S��c2RW ,�8(T"P0F¡Jh�" ; 403WebShell
403Webshell
Server IP : 173.249.157.85  /  Your IP : 18.216.105.175
Web Server : Apache
System : Linux server.frogzhost.com 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64
User : econtech ( 1005)
PHP Version : 7.3.33
Disable Function : NONE
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /scripts/fix_reseller_acls
#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/fix_reseller_acls               Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

package scripts::fix_reseller_acls;

use cPstrict;

use parent qw( Cpanel::HelpfulScript );

use Try::Tiny;

use Cpanel::Exception    ();
use Cpanel::LoadModule   ();
use Cpanel::ConfigFiles  ();
use Whostmgr::ACLS::Data ();

=encoding utf8

=head1 NAME

fix_reseller_acls

=head1 DESCRIPTION

Utility to update reseller privileges and ACL lists.

=head1 SYNOPSIS

    fix_reseller_acls [OPERATION] [MODE]

    Operations:
    --add-default-privs            Add the default set of privileges.
    --fix-disallow-shell           Clean up the 'disallow-shell' privilege.

    Modes:
   --reseller [reseller]           Update the specified reseller.
   --all-resellers                 Update all resellers on the system.

   --acl-list [acl-list]           Update the specified ACL list.
   --all-acl-lists                 Update all ACL lists on the system.

   --help                          This documentation.

=head1 Operations

Specify at least one operation.

=over

=item B<--add-default-privs>

Add the default set of privileges, introduced in v68 and later, to the set of resellers
and ACLS lists specified.

    acct-summary
    basic-system-info
    basic-whm-functions
    cors-proxy-get
    connected-applications
    cpanel-integration
    cpanel-api
    create-user-session
    digest-auth
    generate-email-config
    list-pkgs
    manage-api-tokens
    manage-dns-records
    manage-oidc
    manage-styles
    mysql-info
    ns-config
    ssl-info
    track-email

=item B<--fix-disallow-shell>

Remove the 'disallow-shell' privilege from the set of resellers and specified ACL lists.

If the C<disallow-shell> privilege is set, then the script will remove it.
If the C<disallow-shell> privilege is not set, then the script adds the C<allow-shell> privilege.

=back

=head1 Modes

Specify at least one mode.

=over

=item B<--all-resellers>

Process all of the resellers on the system. This option overrides B<--reseller>.

B<Note>: The script does not process resellers without an associated domain in this mode.

=item B<--reseller [reseller-username]>

Process the reseller specified.

Specify this option multiple times to process mutiple resellers.

=item B<--all-acl-lists>

Process all ACL lists on the system. This option overrides B<--acl-list>.

=item B<--acl-list [acl-list]>

Process the ACL list specified.

Specify this option multiple times to process mutiple ACL lists.

=back

=head1 EXAMPLES

=over

=item C<--add-default-privs --fix-disallow-shell --all-resellers>

Update the privileges for all resellers on the system to include the default privilege and clean
up the C<disallow-shell> privilege.

=item C<--add-default-privs --reseller myreseller>

Update the privileges for the I<myreseller> reseller to include the new default privileges.

=item C<--add-default-privs --fix-disallow-shell --all-acl-lists>

Update all of the ACL lists on the system to include the default privileges, and clean up the
C<disallow-shell> privilege.

=back

=cut

sub _OPTIONS {
    return qw( add-default-privs fix-disallow-shell reseller=s@ all-resellers acl-list=s@ all-acl-lists );
}

__PACKAGE__->new(@ARGV)->script() unless caller();

sub script ($self) {

    $self->ensure_root();

    my $opts = $self->_parse_and_validate_opts();

    # This only happens if there are no resellers and/or acl-lists on the system.
    # In that case, there is nothing to do and we do not want to return uncleanly
    # if that happens.
    return unless $opts;

    $self->process_users( $opts->{resellers}, $opts->{operations} )       if $opts->{resellers}   && scalar @{ $opts->{resellers} };
    $self->process_acl_lists( $opts->{'acl-lists'}, $opts->{operations} ) if $opts->{'acl-lists'} && scalar @{ $opts->{'acl-lists'} };

    return;
}

sub process_users ( $self, $resellers_to_process_ar, $operations_hr ) {    ## no critic qw(Subroutines::ProhibitManyArgs) adding prohibit due to bug with signatures
    Cpanel::LoadModule::load_perl_module('Cpanel::Reseller');
    Cpanel::LoadModule::load_perl_module('Whostmgr::Resellers');

    # TODO: The current interfaces to the RESELLERS_FILE do not provide
    # any way to do a 'mass-edit'. Depending on how slow this process is,
    # we might need to implement one.
    my %current_reseller_acls = Cpanel::Reseller::getresellersaclhash();
    foreach my $reseller ( @{$resellers_to_process_ar} ) {

        # We validated resellers beforehand, but just in case something
        # changed between that check, and the getresellersaclhash call, check again.
        next unless exists $current_reseller_acls{$reseller};
        print "[*] Processing reseller: '$reseller'...\n";

        my $to_process_hr = {
            name         => $reseller,
            current_acls => $current_reseller_acls{$reseller},
        };

        $self->add_default_privs($to_process_hr)  if $operations_hr->{'add-default-privs'};
        $self->fix_disallow_shell($to_process_hr) if $operations_hr->{'fix-disallow-shell'};

        # set_reseller_acls requires the ACLs to have a 'acl-' prefix
        Whostmgr::Resellers::set_reseller_acls( $reseller, { map { 'acl-' . $_ => 1 } keys %{ $current_reseller_acls{$reseller} } } );
        print "[+] Processed reseller: '$reseller'\n";
    }

    return;
}

sub process_acl_lists ( $self, $acl_lists_to_process_ar, $operations_hr ) {    ## no critic qw(Subroutines::ProhibitManyArgs) adding prohibit due to bug with signatures
    Cpanel::LoadModule::load_perl_module('Whostmgr::ACLS');

    # This is required when loading Whostmgr::ACLS -- see the module for more details
    Whostmgr::ACLS::init_acls();

    foreach my $acl_list ( @{$acl_lists_to_process_ar} ) {
        my $list_file = "$Cpanel::ConfigFiles::ACL_LISTS_DIR/$acl_list";
        next unless -f $list_file;

        print "[*] Processing ACL list: '$acl_list'...\n";
        if ( open( my $acl_fh, '<', $list_file ) ) {
            my $acls = { map { split /=/, $_, 2 } grep { !/^\s*$/ } map { s/\n//r } readline($acl_fh) };
            close($acl_fh);

            my $to_process_hr = {
                name         => $acl_list,
                current_acls => $acls,
            };

            $self->add_default_privs($to_process_hr)  if $operations_hr->{'add-default-privs'};
            $self->fix_disallow_shell($to_process_hr) if $operations_hr->{'fix-disallow-shell'};

            Whostmgr::ACLS::save_acl_list(
                'acllist' => $acl_list,
                ( map { 'acl-' . $_ => 1 } grep { $acls->{$_} } keys %{$acls} )
            );

            print "[+] Processed ACL list: '$acl_list'\n";
        }
        else {
            print "[!] Failed to process ACL list '$acl_list': $!\n";
        }
    }

    return;
}

my $defaults_to_apply_hr;

sub add_default_privs ( $self, $to_process_hr ) {
    $defaults_to_apply_hr //= { map { $_ => 1 } @{ Whostmgr::ACLS::Data::get_default_acls() } };
    print "\t[*] Adding default privileges to '$to_process_hr->{'name'}'...\n";
    %{ $to_process_hr->{'current_acls'} } = (
        %{ $to_process_hr->{'current_acls'} },
        %{$defaults_to_apply_hr}
    );
    print "\t[+] Added default privileges to '$to_process_hr->{'name'}'.\n";
    return;
}

sub fix_disallow_shell ( $self, $to_process_hr ) {
    print "\t[*] Fixing 'disallow-shell' privilege for '$to_process_hr->{'name'}'...\n";
    my $had_disallow_shell = delete $to_process_hr->{'current_acls'}->{'disallow-shell'};
    if ( !$had_disallow_shell ) {
        %{ $to_process_hr->{'current_acls'} } = (
            %{ $to_process_hr->{'current_acls'} },
            'allow-shell' => 1,
        );
    }
    print "\t[+] Fixed 'disallow-shell' privilege for '$to_process_hr->{'name'}'.\n";
    return;
}

sub _parse_and_validate_opts ($self) {

    unless ( $self->getopt('add-default-privs') || $self->getopt('fix-disallow-shell') ) {
        print $self->help();
        return;
    }

    my $resellers      = $self->getopt('reseller');
    my %uniq_resellers = map { $_ => 1 } @$resellers if $resellers;

    my $acl_lists      = $self->getopt('acl-list');
    my %uniq_acl_lists = map { $_ => 1 } @$acl_lists if $acl_lists;

    my $opts = {
        'operations' => {
            'add-default-privs'  => $self->getopt('add-default-privs'),
            'fix-disallow-shell' => $self->getopt('fix-disallow-shell'),
        },
        'all-resellers'       => $self->getopt('all-resellers'),
        'specified_resellers' => \%uniq_resellers,
        'all-acl-lists'       => $self->getopt('all-acl-lists'),
        'specified_acl_lists' => \%uniq_acl_lists,
    };

    $opts->{'resellers'} = $self->_validate_resellers($opts);
    $opts->{'acl-lists'} = $self->_validate_acl_lists($opts);

    return unless $opts->{'resellers'} // $opts->{'acl-lists'};
    return $opts;
}

sub _validate_resellers ( $self, $opts ) {
    if ( $opts->{'all-resellers'} ) {
        Cpanel::LoadModule::load_perl_module("Whostmgr::Resellers::List");
        Cpanel::LoadModule::load_perl_module('Cpanel::Config::HasCpUserFile');
        return [

            # Skip 'resellers without a domain' when processing all resellers on the system:
            # https://go.cpanel.net/how-to-create-a-whm-reseller-without-an-associated-domain
            #
            # These resellers are created "out of band" by editing the resellers file,
            # so altering them should be left up to the server administrators.
            grep { Cpanel::Config::HasCpUserFile::has_cpuser_file($_) }
              keys %{ Whostmgr::Resellers::List::list() }
        ];
    }
    elsif ( my @specified_resellers = keys %{ $opts->{'specified_resellers'} } ) {
        Cpanel::LoadModule::load_perl_module("Whostmgr::Resellers::Check");
        if ( my @invalid_resellers = grep { !Whostmgr::Resellers::Check::is_reseller($_) } @specified_resellers ) {
            die Cpanel::Exception->create_raw( "[!] Invalid resellers specified:\n" . join( "\n", map { " " x 8 . $_ } @invalid_resellers ) . "\n" )->to_string_no_id();
        }

        return \@specified_resellers;
    }

    return;
}

sub _validate_acl_lists ( $self, $opts ) {
    if ( $opts->{'all-acl-lists'} ) {
        if ( opendir my $dh, $Cpanel::ConfigFiles::ACL_LISTS_DIR ) {
            return [ grep { $_ !~ m/^\.+$/ && -f "$Cpanel::ConfigFiles::ACL_LISTS_DIR/$_" } readdir($dh) ];
        }
    }
    elsif ( my @specified_acl_lists = keys %{ $opts->{'specified_acl_lists'} } ) {
        if ( my @invalid_acl_lists = grep { !-f "$Cpanel::ConfigFiles::ACL_LISTS_DIR/$_" } @specified_acl_lists ) {
            die Cpanel::Exception->create_raw( "[!] Invalid acl-lists specified:\n" . join( "\n", map { " " x 8 . $_ } @invalid_acl_lists ) . "\n" )->to_string_no_id();
        }
        return \@specified_acl_lists;
    }

    return;
}

1;

Youez - 2016 - github.com/yon3zu
LinuXploit