PNG  IHDRQgAMA a cHRMz&u0`:pQ<bKGDgmIDATxwUﹻ& ^CX(J I@ "% (** BX +*i"]j(IH{~R)[~>h{}gy)I$Ij .I$I$ʊy@}x.: $I$Ii}VZPC)I$IF ^0ʐJ$I$Q^}{"r=OzI$gRZeC.IOvH eKX $IMpxsk.쒷/&r[޳<v| .I~)@$updYRa$I |M.e JaֶpSYR6j>h%IRز if&uJ)M$I vLi=H;7UJ,],X$I1AҒJ$ XY XzI@GNҥRT)E@;]K*Mw;#5_wOn~\ DC&$(A5 RRFkvIR}l!RytRl;~^ǷJj اy뷦BZJr&ӥ8Pjw~vnv X^(I;4R=P[3]J,]ȏ~:3?[ a&e)`e*P[4]T=Cq6R[ ~ޤrXR Հg(t_HZ-Hg M$ãmL5R uk*`%C-E6/%[t X.{8P9Z.vkXŐKjgKZHg(aK9ڦmKjѺm_ \#$5,)-  61eJ,5m| r'= &ڡd%-]J on Xm|{ RҞe $eڧY XYrԮ-a7RK6h>n$5AVڴi*ֆK)mѦtmr1p| q:흺,)Oi*ֺK)ܬ֦K-5r3>0ԔHjJئEZj,%re~/z%jVMڸmrt)3]J,T K֦OvԒgii*bKiNO~%PW0=dii2tJ9Jݕ{7"I P9JKTbu,%r"6RKU}Ij2HKZXJ,妝 XYrP ެ24c%i^IK|.H,%rb:XRl1X4Pe/`x&P8Pj28Mzsx2r\zRPz4J}yP[g=L) .Q[6RjWgp FIH*-`IMRaK9TXcq*I y[jE>cw%gLRԕiFCj-ďa`#e~I j,%r,)?[gp FI˨mnWX#>mʔ XA DZf9,nKҲzIZXJ,L#kiPz4JZF,I,`61%2s $,VOϚ2/UFJfy7K> X+6 STXIeJILzMfKm LRaK9%|4p9LwJI!`NsiazĔ)%- XMq>pk$-$Q2x#N ؎-QR}ᶦHZډ)J,l#i@yn3LN`;nڔ XuX5pF)m|^0(>BHF9(cզEerJI rg7 4I@z0\JIi䵙RR0s;$s6eJ,`n 䂦0a)S)A 1eJ,堌#635RIgpNHuTH_SԕqVe ` &S)>p;S$魁eKIuX`I4춒o}`m$1":PI<[v9^\pTJjriRŭ P{#{R2,`)e-`mgj~1ϣLKam7&U\j/3mJ,`F;M'䱀 .KR#)yhTq;pcK9(q!w?uRR,n.yw*UXj#\]ɱ(qv2=RqfB#iJmmL<]Y͙#$5 uTU7ӦXR+q,`I}qL'`6Kͷ6r,]0S$- [RKR3oiRE|nӦXR.(i:LDLTJjY%o:)6rxzҒqTJjh㞦I.$YR.ʼnGZ\ֿf:%55 I˼!6dKxm4E"mG_ s? .e*?LRfK9%q#uh$)i3ULRfK9yxm܌bj84$i1U^@Wbm4uJ,ҪA>_Ij?1v32[gLRD96oTaR׿N7%L2 NT,`)7&ƝL*꽙yp_$M2#AS,`)7$rkTA29_Iye"|/0t)$n XT2`YJ;6Jx".e<`$) PI$5V4]29SRI>~=@j]lp2`K9Jaai^" Ԋ29ORI%:XV5]JmN9]H;1UC39NI%Xe78t)a;Oi Ҙ>Xt"~G>_mn:%|~ޅ_+]$o)@ǀ{hgN;IK6G&rp)T2i୦KJuv*T=TOSV>(~D>dm,I*Ɛ:R#ۙNI%D>G.n$o;+#RR!.eU˽TRI28t)1LWϚ>IJa3oFbu&:tJ*(F7y0ZR ^p'Ii L24x| XRI%ۄ>S1]Jy[zL$adB7.eh4%%누>WETf+3IR:I3Xה)3אOۦSRO'ٺ)S}"qOr[B7ϙ.edG)^ETR"RtRݜh0}LFVӦDB^k_JDj\=LS(Iv─aTeZ%eUAM-0;~˃@i|l @S4y72>sX-vA}ϛBI!ݎߨWl*)3{'Y|iSlEڻ(5KtSI$Uv02,~ԩ~x;P4ցCrO%tyn425:KMlD ^4JRxSهF_}شJTS6uj+ﷸk$eZO%G*^V2u3EMj3k%)okI]dT)URKDS 7~m@TJR~荪fT"֛L \sM -0T KfJz+nإKr L&j()[E&I ߴ>e FW_kJR|!O:5/2跌3T-'|zX ryp0JS ~^F>-2< `*%ZFP)bSn"L :)+pʷf(pO3TMW$~>@~ū:TAIsV1}S2<%ޟM?@iT ,Eūoz%i~g|`wS(]oȤ8)$ ntu`өe`6yPl IzMI{ʣzʨ )IZ2= ld:5+請M$-ї;U>_gsY$ÁN5WzWfIZ)-yuXIfp~S*IZdt;t>KūKR|$#LcԀ+2\;kJ`]YǔM1B)UbG"IRߊ<xܾӔJ0Z='Y嵤 Leveg)$znV-º^3Ւof#0Tfk^Zs[*I꯳3{)ˬW4Ւ4 OdpbZRS|*I 55#"&-IvT&/윚Ye:i$ 9{LkuRe[I~_\ؠ%>GL$iY8 9ܕ"S`kS.IlC;Ҏ4x&>u_0JLr<J2(^$5L s=MgV ~,Iju> 7r2)^=G$1:3G< `J3~&IR% 6Tx/rIj3O< ʔ&#f_yXJiގNSz; Tx(i8%#4 ~AS+IjerIUrIj362v885+IjAhK__5X%nV%Iͳ-y|7XV2v4fzo_68"S/I-qbf; LkF)KSM$ Ms>K WNV}^`-큧32ŒVؙGdu,^^m%6~Nn&͓3ŒVZMsRpfEW%IwdǀLm[7W&bIRL@Q|)* i ImsIMmKmyV`i$G+R 0tV'!V)֏28vU7͒vHꦼtxꗞT ;S}7Mf+fIRHNZUkUx5SAJㄌ9MqμAIRi|j5)o*^'<$TwI1hEU^c_j?Е$%d`z cyf,XO IJnTgA UXRD }{H}^S,P5V2\Xx`pZ|Yk:$e ~ @nWL.j+ϝYb퇪bZ BVu)u/IJ_ 1[p.p60bC >|X91P:N\!5qUB}5a5ja `ubcVxYt1N0Zzl4]7­gKj]?4ϻ *[bg$)+À*x쳀ogO$~,5 زUS9 lq3+5mgw@np1sso Ӻ=|N6 /g(Wv7U;zωM=wk,0uTg_`_P`uz?2yI!b`kĸSo+Qx%!\οe|އԁKS-s6pu_(ֿ$i++T8=eY; צP+phxWQv*|p1. ά. XRkIQYP,drZ | B%wP|S5`~́@i޾ E;Չaw{o'Q?%iL{u D?N1BD!owPHReFZ* k_-~{E9b-~P`fE{AܶBJAFO wx6Rox5 K5=WwehS8 (JClJ~ p+Fi;ŗo+:bD#g(C"wA^ r.F8L;dzdIHUX݆ϞXg )IFqem%I4dj&ppT{'{HOx( Rk6^C٫O.)3:s(۳(Z?~ٻ89zmT"PLtw䥈5&b<8GZ-Y&K?e8,`I6e(֍xb83 `rzXj)F=l($Ij 2*(F?h(/9ik:I`m#p3MgLaKjc/U#n5S# m(^)=y=đx8ŬI[U]~SцA4p$-F i(R,7Cx;X=cI>{Km\ o(Tv2vx2qiiDJN,Ҏ!1f 5quBj1!8 rDFd(!WQl,gSkL1Bxg''՞^ǘ;pQ P(c_ IRujg(Wz bs#P­rz> k c&nB=q+ؔXn#r5)co*Ũ+G?7< |PQӣ'G`uOd>%Mctz# Ԫڞ&7CaQ~N'-P.W`Oedp03C!IZcIAMPUۀ5J<\u~+{9(FbbyAeBhOSܳ1 bÈT#ŠyDžs,`5}DC-`̞%r&ڙa87QWWp6e7 Rϫ/oY ꇅ Nܶըtc!LA T7V4Jsū I-0Pxz7QNF_iZgúWkG83 0eWr9 X]㾮݁#Jˢ C}0=3ݱtBi]_ &{{[/o[~ \q鯜00٩|cD3=4B_b RYb$óBRsf&lLX#M*C_L܄:gx)WΘsGSbuL rF$9';\4Ɍq'n[%p.Q`u hNb`eCQyQ|l_C>Lb꟟3hSb #xNxSs^ 88|Mz)}:](vbۢamŖ࿥ 0)Q7@0=?^k(*J}3ibkFn HjB׻NO z x}7p 0tfDX.lwgȔhԾŲ }6g E |LkLZteu+=q\Iv0쮑)QٵpH8/2?Σo>Jvppho~f>%bMM}\//":PTc(v9v!gոQ )UfVG+! 35{=x\2+ki,y$~A1iC6#)vC5^>+gǵ@1Hy٪7u;p psϰu/S <aʸGu'tD1ԝI<pg|6j'p:tպhX{o(7v],*}6a_ wXRk,O]Lܳ~Vo45rp"N5k;m{rZbΦ${#)`(Ŵg,;j%6j.pyYT?}-kBDc3qA`NWQū20/^AZW%NQ MI.X#P#,^Ebc&?XR tAV|Y.1!؅⨉ccww>ivl(JT~ u`ٵDm q)+Ri x/x8cyFO!/*!/&,7<.N,YDŽ&ܑQF1Bz)FPʛ?5d 6`kQձ λc؎%582Y&nD_$Je4>a?! ͨ|ȎWZSsv8 j(I&yj Jb5m?HWp=g}G3#|I,5v珿] H~R3@B[☉9Ox~oMy=J;xUVoj bUsl_35t-(ՃɼRB7U!qc+x4H_Qo֮$[GO<4`&č\GOc[.[*Af%mG/ ňM/r W/Nw~B1U3J?P&Y )`ѓZ1p]^l“W#)lWZilUQu`-m|xĐ,_ƪ|9i:_{*(3Gѧ}UoD+>m_?VPۅ15&}2|/pIOʵ> GZ9cmíتmnz)yߐbD >e}:) r|@R5qVSA10C%E_'^8cR7O;6[eKePGϦX7jb}OTGO^jn*媓7nGMC t,k31Rb (vyܴʭ!iTh8~ZYZp(qsRL ?b}cŨʊGO^!rPJO15MJ[c&~Z`"ѓޔH1C&^|Ш|rʼ,AwĴ?b5)tLU)F| &g٣O]oqSUjy(x<Ϳ3 .FSkoYg2 \_#wj{u'rQ>o;%n|F*O_L"e9umDds?.fuuQbIWz |4\0 sb;OvxOSs; G%T4gFRurj(֍ڑb uԖKDu1MK{1^ q; C=6\8FR艇!%\YÔU| 88m)֓NcLve C6z;o&X x59:q61Z(T7>C?gcļxѐ Z oo-08jہ x,`' ҔOcRlf~`jj".Nv+sM_]Zk g( UOPyεx%pUh2(@il0ݽQXxppx-NS( WO+轾 nFߢ3M<;z)FBZjciu/QoF 7R¥ ZFLF~#ȣߨ^<쩡ݛкvџ))ME>ώx4m#!-m!L;vv#~Y[đKmx9.[,UFS CVkZ +ߟrY٧IZd/ioi$%͝ب_ֶX3ܫhNU ZZgk=]=bbJS[wjU()*I =ώ:}-蹞lUj:1}MWm=̛ _ ¾,8{__m{_PVK^n3esw5ӫh#$-q=A̟> ,^I}P^J$qY~Q[ Xq9{#&T.^GVj__RKpn,b=`żY@^՝;z{paVKkQXj/)y TIc&F;FBG7wg ZZDG!x r_tƢ!}i/V=M/#nB8 XxЫ ^@CR<{䤭YCN)eKOSƟa $&g[i3.C6xrOc8TI;o hH6P&L{@q6[ Gzp^71j(l`J}]e6X☉#͕ ׈$AB1Vjh㭦IRsqFBjwQ_7Xk>y"N=MB0 ,C #o6MRc0|$)ف"1!ixY<B9mx `,tA>)5ػQ?jQ?cn>YZe Tisvh# GMމȇp:ԴVuږ8ɼH]C.5C!UV;F`mbBk LTMvPʍϤj?ԯ/Qr1NB`9s"s TYsz &9S%U԰> {<ؿSMxB|H\3@!U| k']$U+> |HHMLޢ?V9iD!-@x TIî%6Z*9X@HMW#?nN ,oe6?tQwڱ.]-y':mW0#!J82qFjH -`ѓ&M0u Uγmxϵ^-_\])@0Rt.8/?ٰCY]x}=sD3ojަЫNuS%U}ԤwHH>ڗjܷ_3gN q7[q2la*ArǓԖ+p8/RGM ]jacd(JhWko6ڎbj]i5Bj3+3!\j1UZLsLTv8HHmup<>gKMJj0@H%,W΃7R) ">c, xixј^ aܖ>H[i.UIHc U1=yW\=S*GR~)AF=`&2h`DzT󑓶J+?W+}C%P:|0H܆}-<;OC[~o.$~i}~HQ TvXΈr=b}$vizL4:ȰT|4~*!oXQR6Lk+#t/g lԁߖ[Jڶ_N$k*". xsxX7jRVbAAʯKҎU3)zSNN _'s?f)6X!%ssAkʱ>qƷb hg %n ~p1REGMHH=BJiy[<5 ǁJҖgKR*倳e~HUy)Ag,K)`Vw6bRR:qL#\rclK/$sh*$ 6덤 KԖc 3Z9=Ɣ=o>X Ώ"1 )a`SJJ6k(<c e{%kϊP+SL'TcMJWRm ŏ"w)qc ef꒵i?b7b('"2r%~HUS1\<(`1Wx9=8HY9m:X18bgD1u ~|H;K-Uep,, C1 RV.MR5άh,tWO8WC$ XRVsQS]3GJ|12 [vM :k#~tH30Rf-HYݺ-`I9%lIDTm\ S{]9gOڒMNCV\G*2JRŨ;Rҏ^ڽ̱mq1Eu?To3I)y^#jJw^Ńj^vvlB_⋌P4x>0$c>K†Aļ9s_VjTt0l#m>E-,,x,-W)سo&96RE XR.6bXw+)GAEvL)͞K4$p=Ũi_ѱOjb HY/+@θH9޼]Nԥ%n{ &zjT? Ty) s^ULlb,PiTf^<À] 62R^V7)S!nllS6~͝V}-=%* ʻ>G DnK<y&>LPy7'r=Hj 9V`[c"*^8HpcO8bnU`4JȪAƋ#1_\ XϘHPRgik(~G~0DAA_2p|J묭a2\NCr]M_0 ^T%e#vD^%xy-n}-E\3aS%yN!r_{ )sAw ڼp1pEAk~v<:`'ӭ^5 ArXOI驻T (dk)_\ PuA*BY]yB"l\ey hH*tbK)3 IKZ򹞋XjN n *n>k]X_d!ryBH ]*R 0(#'7 %es9??ښFC,ՁQPjARJ\Ρw K#jahgw;2$l*) %Xq5!U᢯6Re] |0[__64ch&_}iL8KEgҎ7 M/\`|.p,~`a=BR?xܐrQ8K XR2M8f ?`sgWS%" Ԉ 7R%$ N}?QL1|-эټwIZ%pvL3Hk>,ImgW7{E xPHx73RA @RS CC !\ȟ5IXR^ZxHл$Q[ŝ40 (>+ _C >BRt<,TrT {O/H+˟Pl6 I B)/VC<6a2~(XwV4gnXR ϱ5ǀHٻ?tw똤Eyxp{#WK qG%5],(0ӈH HZ])ג=K1j&G(FbM@)%I` XRg ʔ KZG(vP,<`[ Kn^ SJRsAʠ5xՅF`0&RbV tx:EaUE/{fi2;.IAwW8/tTxAGOoN?G}l L(n`Zv?pB8K_gI+ܗ #i?ޙ.) p$utc ~DžfՈEo3l/)I-U?aԅ^jxArA ΧX}DmZ@QLےbTXGd.^|xKHR{|ΕW_h] IJ`[G9{).y) 0X YA1]qp?p_k+J*Y@HI>^?gt.06Rn ,` ?);p pSF9ZXLBJPWjgQ|&)7! HjQt<| ؅W5 x W HIzYoVMGP Hjn`+\(dNW)F+IrS[|/a`K|ͻ0Hj{R,Q=\ (F}\WR)AgSG`IsnAR=|8$}G(vC$)s FBJ?]_u XRvύ6z ŨG[36-T9HzpW̞ú Xg큽=7CufzI$)ki^qk-) 0H*N` QZkk]/tnnsI^Gu't=7$ Z;{8^jB% IItRQS7[ϭ3 $_OQJ`7!]W"W,)Iy W AJA;KWG`IY{8k$I$^%9.^(`N|LJ%@$I}ֽp=FB*xN=gI?Q{٥4B)mw $Igc~dZ@G9K X?7)aK%݅K$IZ-`IpC U6$I\0>!9k} Xa IIS0H$I H ?1R.Чj:4~Rw@p$IrA*u}WjWFPJ$I➓/6#! LӾ+ X36x8J |+L;v$Io4301R20M I$-E}@,pS^ޟR[/s¹'0H$IKyfŸfVOπFT*a$I>He~VY/3R/)>d$I>28`Cjw,n@FU*9ttf$I~<;=/4RD~@ X-ѕzἱI$: ԍR a@b X{+Qxuq$IЛzo /~3\8ڒ4BN7$IҀj V]n18H$IYFBj3̵̚ja pp $Is/3R Ӻ-Yj+L;.0ŔI$Av? #!5"aʄj}UKmɽH$IjCYs?h$IDl843.v}m7UiI=&=0Lg0$I4: embe` eQbm0u? $IT!Sƍ'-sv)s#C0:XB2a w I$zbww{."pPzO =Ɔ\[ o($Iaw]`E).Kvi:L*#gР7[$IyGPI=@R 4yR~̮´cg I$I/<tPͽ hDgo 94Z^k盇΄8I56^W$I^0̜N?4*H`237}g+hxoq)SJ@p|` $I%>-hO0eO>\ԣNߌZD6R=K ~n($I$y3D>o4b#px2$yڪtzW~a $I~?x'BwwpH$IZݑnC㧄Pc_9sO gwJ=l1:mKB>Ab<4Lp$Ib o1ZQ@85b̍ S'F,Fe,^I$IjEdù{l4 8Ys_s Z8.x m"+{~?q,Z D!I$ϻ'|XhB)=…']M>5 rgotԎ 獽PH$IjIPhh)n#cÔqA'ug5qwU&rF|1E%I$%]!'3AFD/;Ck_`9 v!ٴtPV;x`'*bQa w I$Ix5 FC3D_~A_#O݆DvV?<qw+I$I{=Z8".#RIYyjǪ=fDl9%M,a8$I$Ywi[7ݍFe$s1ՋBVA?`]#!oz4zjLJo8$I$%@3jAa4(o ;p,,dya=F9ً[LSPH$IJYЉ+3> 5"39aZ<ñh!{TpBGkj}Sp $IlvF.F$I z< '\K*qq.f<2Y!S"-\I$IYwčjF$ w9 \ߪB.1v!Ʊ?+r:^!I$BϹB H"B;L'G[ 4U#5>੐)|#o0aڱ$I>}k&1`U#V?YsV x>{t1[I~D&(I$I/{H0fw"q"y%4 IXyE~M3 8XψL}qE$I[> nD?~sf ]o΁ cT6"?'_Ἣ $I>~.f|'!N?⟩0G KkXZE]ޡ;/&?k OۘH$IRۀwXӨ<7@PnS04aӶp.:@\IWQJ6sS%I$e5ڑv`3:x';wq_vpgHyXZ 3gЂ7{{EuԹn±}$I$8t;b|591nءQ"P6O5i }iR̈́%Q̄p!I䮢]O{H$IRϻ9s֧ a=`- aB\X0"+5"C1Hb?߮3x3&gşggl_hZ^,`5?ߎvĸ%̀M!OZC2#0x LJ0 Gw$I$I}<{Eb+y;iI,`ܚF:5ܛA8-O-|8K7s|#Z8a&><a&/VtbtLʌI$I$I$I$I$I$IRjDD%tEXtdate:create2022-05-31T04:40:26+00:00!Î%tEXtdate:modify2022-05-31T04:40:26+00:00|{2IENDB`Mini Shell

HOME


Mini Shell 1.0
DIR:/opt/imunify360/venv/lib/python3.11/site-packages/
Upload File :
Current File : //opt/imunify360/venv/lib/python3.11/site-packages/secureio.py
# coding=utf-8

# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2018 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT

# This module provides functions for secure I/O and filesystem operations

import grp
import sys
import tempfile
import contextlib
import os
from functools import lru_cache
from typing import TYPE_CHECKING
from ctypes import (cdll, c_long, Structure, c_ushort, c_ubyte, c_char, POINTER,
                    c_int, c_void_p, c_char_p)

from clcommon import ClPwd
from clcommon.clpwd import drop_user_privileges


def __getattr__(name):
    # NOTE(vlebedev): Delay shared libraries loading until they are actually used.
    #                 It makes module loadable even in case those shared libraries are not available
    #                 and that is useful for e.g. unit testing on local non-CL system.
    if name == 'libc':
        return _load_libc()
    elif name == 'liblve':
        return _load_liblve()
    raise AttributeError(f"module {__name__} has no attribute {name}")


def __dir__():
    return ['libc', 'liblve', *globals().keys()]


# --- libc functions -----------------------------------------------
@lru_cache(maxsize=None)
def _load_libc():
    libc = cdll.LoadLibrary("libc.so.6")

    libc.fchown.argtypes = [c_int, c_int, c_int]
    libc.fchown.restype = c_int

    libc.fchmod.argtypes = [c_int, c_int]
    libc.fchmod.restype = c_int

    # accepts file/dir descriptor (integer)
    libc.fdopendir.argtypes = [c_int]
    # returns pointer to DIR structure
    libc.fdopendir.restype = c_void_p

    # accepts pointer to DIR structure
    libc.readdir.argtypes = [c_void_p]
    # returns pointer to DIRENTRY structure
    libc.readdir.restype = DIRENTRY_P

    # accepts pointer to DIR structure
    libc.rewinddir.argtypes = [c_void_p]
    # returns void
    libc.rewinddir.restype = None

    # accepts pointer to DIR structure
    libc.closedir.argtypes = [c_void_p]
    libc.closedir.restype = c_int

    return libc


if TYPE_CHECKING:
    libc = _load_libc()


ino_t = c_long
off_t = c_long


class DIRENTRY(Structure):
    _fields_ = [
        ('d_ino', ino_t),  # inode number
        ('d_off', off_t),  # offset to the next dirent
        ('d_reclen', c_ushort),  # length of this record
        ('d_type', c_ubyte),  # type of file; not supported by all file system types
        ('d_name', c_char * 256),  # filename
    ]


DIRENTRY_P = POINTER(DIRENTRY)


def fchown(fd, uid, gid):
    return _load_libc().fchown(fd, uid, gid)


def fchmod(fd, mode):
    return _load_libc().fchmod(fd, mode)


def fdopen(fd):
    return _load_libc().fdopen(fd)


def readdir(dirp):
    return _load_libc().readdir(dirp)


def rewinddir(dirp):
    return _load_libc().rewinddir(dirp)


def closedir(dirp):
    return _load_libc().closedir(dirp)


class StubLVE:
    """Stub implementation of LVE functions for systems without liblve"""

    def open_not_symlink(self, path, parent_path):
        return -1

    def check_dir(self, fd):
        return -1

    def isdir(self, path, descriptor, parent_path):
        return -1

    def set_perm_dir_secure(self, path, perm, fd, parent_path):
        return -1

    def set_owner_dir_secure(self, path, uid, gid, fd, parent_path):
        return -1

    def create_dir_secure(self, path, perm, uid, gid, fd, parent_path):
        return -1

    def makedirs_secure(self, path, perm, uid, gid, parent_path):
        return -1

    def get_path_from_descriptor(self, fd, buf):
        return None

    def is_subdir(self, dir, subdir):
        return 0

    def enable_quota_capability(self):
        return 0

    def disable_quota_capability(self):
        return 0


# --- liblve functions -----------------------------------------------
@lru_cache(maxsize=None)
def _load_liblve():
    """Load liblve if available, otherwise return stub implementation"""
    try:
        liblve = cdll.LoadLibrary("libsecureio.so.0")
    except OSError:
        try:
            liblve = cdll.LoadLibrary("liblve.so.0")
        except OSError:
            return StubLVE()

    # Opens path for reading not following symlinks and verifies that opened path is inside parent_path
    # Returns:
    # descriptor if successful
    # -1 if path does not exist or is a symlink
    # -2 if opened path is NOT inside parent_path or cannot be determined
    # accepts path, parent_path
    liblve.open_not_symlink.argtypes = [c_char_p, c_char_p]
    liblve.open_not_symlink.restype = c_int

    # Closes descriptor (if it is not equal -1)
    # accepts file/dir descriptor (integer)
    liblve.closefd.argtypes = [c_int]
    # returns void
    liblve.closefd.restype = None

    # Tries to read first directory entry in order to ensure that descriptor is valid
    # Returns 0 if reading succeeded or -1 if error has occured
    # accepts descriptor
    liblve.check_dir.argtypes = [c_int]
    liblve.check_dir.restype = c_int

    # Checks if path is a directory (in secure manner)
    # Also opens path (if descriptor fd == -1) and then checks that opened path is inside parent_path
    # Returns descriptor if path refers to directory
    # Returns -1 if path does not exist or is not a directory
    # Returns -2 if opened path is NOT inside parent_path or cannot be determined
    # accepts path, descriptor, parent_path
    liblve.isdir.argtypes = [c_char_p, c_int, c_char_p]
    liblve.isdir.restype = c_int

    # Sets permissions to directory (in secure manner)
    # Returns descriptor if successful
    # Returns -1 if error has occured
    # Returns -2 if opened path is NOT inside parent_path or cannot be determined
    # accepts: const char *path, mode_t perm, int fd, const char *parent_path
    liblve.set_perm_dir_secure.argtypes = [c_char_p, c_int, c_int, c_char_p]
    liblve.set_perm_dir_secure.restype = c_int

    # Sets owner and group of directory (in secure manner)
    # Returns descriptor if successful
    # Returns -1 if error has occured
    # Returns -2 if opened path is NOT inside parent_path or cannot be determined
    # accepts: const char *path, uid_t uid, gid_t gid, int fd, const char *parent_path
    liblve.set_owner_dir_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_char_p]
    liblve.set_owner_dir_secure.restype = c_int

    # Creates directory if it does not exist, sets permissions/owner otherwise
    # Returns descriptor if successful
    # Returns -1 if error has occured
    # accepts: const char *path, mode_t perm, uid_t uid, gid_t gid, int fd, const char *parent_path
    liblve.create_dir_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_int, c_char_p]
    liblve.create_dir_secure.restype = c_int

    # Recursive directory creation function
    # Returns 0 if successful
    # Returns -1 if error has occured
    # accepts: const char *path, mode_t perm, uid_t uid, gid_t gid, const char *parent_path
    liblve.makedirs_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_char_p]
    liblve.makedirs_secure.restype = c_int

    # Writes absolute path pointed by descriptor fd to buffer *buf
    # Returns buf if successful
    # Returns NULL if error has occured
    liblve.get_path_from_descriptor.argtypes = [c_int, c_char_p]
    liblve.get_path_from_descriptor.restype = c_char_p

    # Returns 1 if subdir is subdirectory of dir, 0 otherwise
    liblve.is_subdir.argtypes = [c_char_p, c_char_p]
    liblve.is_subdir.restype = c_int

    return liblve


if TYPE_CHECKING:
    liblve = _load_liblve()


def _open_not_symlink(path, parent_path):
    return _load_liblve().open_not_symlink(path, parent_path)


def check_dir(fd):
    return _load_liblve().check_dir(fd)


def isdir(path, descriptor, parent_path):
    return _load_liblve().isdir(path, descriptor, parent_path)


def get_path_from_descriptor(fd, buf):
    return _load_liblve().get_path_from_descriptor(fd, buf)


def is_subdir(dir, subdir):
    return _load_liblve().is_subdir(dir, subdir)


# True :  euid/egid == 0/0
# False : euid/egid == user/user
# set by set_user_perm() and set_root_perm() functions
root_flag = True

LOGFILE = "/var/log/cagefs-update.log"

MIN_UID = 500

SILENT_FLAG = False


def open_not_symlink(path):
    return os.open(path, os.O_RDONLY | os.O_NOFOLLOW)


def open_file_not_symlink(path):
    return os.fdopen(open_not_symlink(path), 'r')


def flistdir(fd):
    """Returns list of entries of directory pointed by descriptor"""
    # Duplicate descriptor, because closedir() closes descriptor associated with directory stream
    fd2 = os.dup(fd)

    # Open directory stream
    dirp = fdopendir(fd2)  # NOQA
    if not dirp:
        raise RuntimeError("fdopendir error")

    # Reset position of directory stream
    # (so it will be possible to read content of directory multiple times
    # via other descriptors that refer to the directory)
    rewinddir(dirp)

    dirlist = []
    while True:
        entryp = readdir(dirp)
        if not entryp:
            break
        entry = entryp.contents
        dirlist.append(entry.d_name)

    rewinddir(dirp)
    closedir(dirp)
    return dirlist


def closefd(fd):
    if fd is not None:
        try:
            os.close(fd)
        except OSError:
            pass


def set_perm_dir_secure(path, perm, parent_path, fd=None, logger=None):
    """Sets permissions to directory (in secure manner)
    Returns descriptor if successful
    Returns None if error has occured"""
    if fd is None:
        fd = -1
    fd = _load_liblve().set_perm_dir_secure(path.encode(), perm, fd, parent_path.encode())
    if fd > 0:
        return fd
    if logger is not None:
        logger('Error: failed to set permissions of directory ' + path, False, True)
    return None


def set_owner_dir_secure(path, uid, gid, parent_path, fd=None, logger=None):
    """Sets owner and group of directory (in secure manner)
    Returns descriptor if successful
    Returns None if error has occured"""
    if fd is None:
        fd = -1
    fd = _load_liblve().set_owner_dir_secure(path.encode(), uid, gid, fd, parent_path.encode())
    if fd > 0:
        return fd
    if logger is not None:
        logger('Error: failed to set owner of directory ' + path, False, True)
    return None


def create_dir_secure(path, perm, uid, gid, parent_path, fd=None, logger=None):
    """Creates directory if it does not exist, sets permissions/owner otherwise
    Returns descriptor if successful
    Returns None if error has occured"""
    if fd is None:
        fd = -1
    fd = _load_liblve().create_dir_secure(path.encode(), perm, uid, gid, fd, parent_path.encode())
    if fd > 0:
        return fd
    if logger is not None:
        logger('Error : failed to create directory ' + path, False, True)
    return None


def makedirs_secure(path, perm, uid, gid, parent_path, logger=None):
    """Recursive directory creation function
    Returns 0 if successful
    Returns -1 if error has occured"""
    res = _load_liblve().makedirs_secure(path.encode(), perm, uid, gid, parent_path.encode())
    if res and logger:
        logger('Error : failed to create directory ' + path, False, True)
    return res


def read_file_secure(filename, uid=None, gid=None, exit_on_error=True, write_log=True):
    """read file not following symlinks"""
    if (uid is None and gid is not None) or (uid is not None and gid is None):
        raise RuntimeError("read_file_secure: uid and gid should be both null or be both not null")

    drop_perm = (uid is not None) and (gid is not None)
    if drop_perm:
        set_user_perm(uid, gid)

    try:
        file_object = open_file_not_symlink(filename)
        content = file_object.readlines()
        file_object.close()
        if drop_perm:
            set_root_perm()
        return content
    except (OSError, IOError) as e:
        if drop_perm:
            set_root_perm()
        logging('Error: failed to read ' + filename + ' : ' + str(e), SILENT_FLAG, 1, write_log)
        if not exit_on_error:
            raise
        sys.exit(1)


def write_file_secure(content, ini_path, uid, gid, drop_perm=True, perm=0o644, write_log=True):
    """Returns True if error has occured"""
    dirpath = os.path.dirname(ini_path)

    if drop_perm:
        set_user_perm(uid, gid)

    fd = None
    temp_path = None
    try:
        fd, temp_path = tempfile.mkstemp(prefix='cagefs_', dir=dirpath)
        file_object = os.fdopen(fd, 'w')
        file_object.write(''.join(content))
        if not drop_perm and uid is not None and gid is not None:
            if fchown(fd, uid, gid):
                raise OSError('fchown failed')
        if fchmod(fd, perm):
            raise OSError('fchmod failed')
        file_object.close()
    except (IOError, OSError) as e:
        try:
            file_object.close()
        except Exception:
            pass
        try:
            os.close(fd)
        except Exception:
            pass
        try:
            os.unlink(temp_path)
        except Exception:
            pass
        if drop_perm:
            set_root_perm()
        logging(
            f"Error: failed to write file {ini_path} : {str(e).replace('Errno', 'Err code')}",
            SILENT_FLAG,
            1,
            write_log,
        )
        return True
    except Exception as e:
        logging(f'Error: {str(e)}', SILENT_FLAG, 1)
        sys.exit(1)

    error = False
    try:
        os.rename(temp_path, ini_path)
    except OSError as e:
        error = True
        logging('Error: failed to rename tempfile to ' + ini_path + ' : ' + str(e), SILENT_FLAG, 1, write_log)
        try:
            os.unlink(temp_path)
        except OSError:
            pass

    if drop_perm:
        set_root_perm()

    return error


def write_file_via_tempfile(
        content, dest_path, perm, prefix='', suffix='', as_user=None):
    """
    Safely write string content to a file
    :param content: str
    :param dest_path: str -> path to a file
    :param perm: int -> permissions for the file
    :param prefix: str -> add to temporary file name
    :param suffix: str -> add to temporary file name
    :param as_user: str -> name of the user to drop privileges to
    """
    if as_user is not None:
        old_groups = os.getgroups()
        drop_user_privileges(as_user, effective_or_real=True, set_env=False)

    dirpath = os.path.dirname(dest_path)
    fd, temp_path = None, None
    try:
        fd, temp_path = tempfile.mkstemp(
                prefix=prefix, suffix=suffix, dir=dirpath)
        with os.fdopen(fd, 'w', errors='surrogateescape') as f_temp:
            f_temp.write(content)
    except (IOError, OSError):
        if fd is None or temp_path is None:
            raise
        try:
            os.close(fd)
        except (IOError, OSError):
            pass
        try:
            os.unlink(temp_path)
        except (IOError, OSError):
            pass
        raise

    try:
        os.chmod(temp_path, perm)
        os.rename(temp_path, dest_path)
    except (OSError, IOError, TypeError):
        try:
            os.unlink(temp_path)
        except (OSError, IOError):
            pass
        raise

    if as_user is not None:
        ruid = os.getuid()
        os.seteuid(ruid)
        os.setegid(os.getgid())
        # All of the above can be called from user named as_user
        if ruid == 0:
            os.setgroups(old_groups)


def set_user_perm(uid, gid, exit=True):
    global root_flag

    try:
        os.setegid(gid)
    except (OSError,) as e:
        if exit:
            print_error('failed to set egid to ' + str(gid) + ': ' + str(e))
            sys.exit(1)
        else:
            return -1

    groups = get_groups(uid, gid)
    try:
        os.setgroups(groups)
    except (OSError,) as e:
        if exit:
            print_error('failed to set supplementary groups to :', groups, str(e))
            sys.exit(1)
        else:
            return -1

    try:
        os.seteuid(uid)
    except (OSError,) as e:
        if exit:
            print_error('failed to set euid to ' + str(uid) + ': ' + str(e))
            sys.exit(1)
        else:
            return -1

    if uid == 0:
        root_flag = True
    else:
        # If it's possible, switch on CAP_SYS_RESOURCE
        _load_liblve().enable_quota_capability()
        root_flag = False


def set_root_perm(exit=True):
    global root_flag

    try:
        os.seteuid(0)
    except (OSError,) as e:
        if exit:
            print_error('failed to set euid to 0 :', str(e))
            sys.exit(1)
        else:
            return -1

    try:
        os.setegid(0)
    except (OSError,) as e:
        if exit:
            print_error('Error: failed to set egid to 0 :', str(e))
            sys.exit(1)
        else:
            return -1

    groups = get_groups(0, 0)
    try:
        os.setgroups(groups)
    except (OSError,) as e:
        if exit:
            print_error('Error: failed to set supplementary groups to :', groups, str(e))
            sys.exit(1)
        else:
            return -1

    root_flag = True


def print_error(*args):
    print("Error:", end=' ', file=sys.stderr)
    for a in args:
        print(a, end=' ', file=sys.stderr)
    print(file=sys.stderr)


def get_groups(uid, gid):
    """Returns supplementary groups for uid"""
    gr = get_grp_dict()
    pw = get_pwd_dict()
    groups = set()
    for group in gr:
        members = gr[group].gr_mem
        for user in members:
            try:
                member_uid = pw[user].pw_uid
            except KeyError:
                continue
            if member_uid == uid:
                groups.add(gr[group].gr_gid)
    groups.add(gid)
    return list(groups)


grp_dict = None


def get_grp_dict():
    global grp_dict
    if grp_dict is None:
        grp_dict = {}
        gr = grp.getgrall()
        for line in gr:
            grp_dict[line.gr_name] = line
    return grp_dict


clpwd = ClPwd(min_uid=MIN_UID)


def get_pwd_dict():
    return clpwd.get_user_dict()



log_file = None

def logging(msg, silent=False, verbose=True, write_log=True):
    global log_file
    if not silent:
        if verbose:
            print(msg)

    if write_log:
        root_flag_saved = root_flag
        if not root_flag:
            uid, gid = get_perm()
            set_root_perm()
        try:
            if log_file is None:
                umask_saved = os.umask(0o22)
                # log_file is opened in "line buffered" mode
                log_file = open(LOGFILE, 'w', 1)  # NOQA
                os.umask(umask_saved)
            log_file.write(msg)
            log_file.write("\n")
        except (OSError, IOError) as e:
            print_error("writing to ", LOGFILE, str(e))
            sys.exit(1)
        if not root_flag_saved:
            set_user_perm(uid, gid)


def get_perm():
    try:
        uid = os.geteuid()
        gid = os.getegid()
    except (OSError,) as e:
        print_error('failed to get (euid,egid)', str(e))
        sys.exit(1)
    return uid, gid


def set_capability(clear=False):
    """
    Set CAP_SYS_RESOURCE capability

    :param bool clear: Set on if it's true, set off otherwise
    :return: 0 for success, -1 otherwise
    :rtype: int
    """
    return _load_liblve().disable_quota_capability() if clear \
        else _load_liblve().enable_quota_capability()


def change_uid(uid):
    """
    Change effective uid of current process and set CAP_SYS_RESOURCE capbality
    to prevent "Disk quota exceeded" error

    :param int euid: User ID to set it as current effective UID
    :return: 0 if capability was set successfuly, -1 otherwise
    :rtype: int
    """
    os.seteuid(uid)
    return set_capability()


def _set_quota_checks_status(enabled):
    """
    Disable quota kernel check to allow us to write
    more than user can by quota.
    """
    if not enabled:
        _load_liblve().enable_quota_capability()
    else:
        _load_liblve().disable_quota_capability()


@contextlib.contextmanager
def disable_quota():
    _set_quota_checks_status(enabled=False)
    try:
        yield
    finally:
        _set_quota_checks_status(enabled=True)


@contextlib.contextmanager
def set_umask(umask_value):
    saved_umask = os.umask(umask_value)
    try:
        yield
    finally:
        os.umask(saved_umask)