| Server IP : 103.119.228.120 / Your IP : 18.217.118.7 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /scripts/ |
Upload File : |
#!/usr/local/cpanel/3rdparty/bin/perl
# cpanel - scripts/convert_accesshash_to_token Copyright 2022 cPanel, L.L.C.
# All rights reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
use strict;
use warnings;
use File::Basename ();
use Getopt::Long ();
use Cpanel::Rand::Get ();
use Cpanel::ResellerFunctions ();
use Cpanel::SafeFile ();
use Cpanel::ConfigFiles ();
use Cpanel::Security::Authn::APITokens::Write::whostmgr ();
use Whostmgr::AccessHash ();
use Digest::SHA ();
exit _main(@ARGV) unless caller;
sub _main {
my @args = @_;
unless ( $> == 0 && $< == 0 ) {
return bail_out('error: This program can only be run by root!');
}
Getopt::Long::GetOptionsFromArray(
\@args,
'help|?' => \my $print_help,
'verbose' => \my $verbose,
'all-resellers' => \my $all_resellers,
) || return bail_out('Invalid usage. See --help');
return print_help() if $print_help;
$ENV{'REMOTE_USER'} = 'root';
my @users = @args;
@users = Cpanel::ResellerFunctions::getresellerslist() if $all_resellers;
@users = ( $ENV{'REMOTE_USER'} ) if !@users;
foreach my $user (@users) {
my $details = eval { import_accesshash($user) };
if ($@) {
next if $@ =~ m/^No accesshash exists for/;
print STDERR "error: $user: $@";
}
elsif ($verbose) {
print "Imported accesshash for “$user” as “$details->{name}”\n";
}
}
return 0;
}
sub _update_accounting_log {
my ( $action, $token_name ) = @_;
my $acctlog = Cpanel::SafeFile::safeopen( my $accounting_log_fh, '>>', $Cpanel::ConfigFiles::ACCOUNTING_LOG_FILE );
if ( !$acctlog ) {
logger->warn("Could not write to /var/cpanel/accounting.log");
}
else {
chmod 0600, $Cpanel::ConfigFiles::ACCOUNTING_LOG_FILE;
# The accounting log format is:
# <time>:<action keyword>:<remote user>:<user>:<domain>:<other items particular to the action>
# We are using "not-applicable" for the domain since it isn't really necessary here.
print $accounting_log_fh localtime() . ":$action:$ENV{'REMOTE_USER'}:$ENV{'REMOTE_USER'}:not-applicable:$token_name\n";
Cpanel::SafeFile::safeclose( $accounting_log_fh, $acctlog );
}
return 1;
}
sub import_accesshash {
my ($user) = @_;
my ( $status, $msg, $accesshash ) = Whostmgr::AccessHash::get_access_hash($user);
die "$msg\n" if !$status;
$accesshash =~ s/\s//g;
my $token_hash = Digest::SHA::sha512_hex($accesshash);
my $data_obj = Cpanel::Security::Authn::APITokens::Write::whostmgr->new( { user => $user } );
my $count = 0;
my $suffix = '';
my $basename = "accesshash-" . time;
my $token_details;
while ( !$token_details ) {
die "Cannot import accesshash: $@" if ++$count > 25;
$token_details = eval {
$data_obj->import_token_hash(
{
name => "$basename$suffix",
token_hash => $token_hash,
}
);
};
# TODO: Why no error report here?
$suffix = "-" . Cpanel::Rand::Get::getranddata( 8, [ 0 .. 9, 'A' .. 'Z' ] );
}
$data_obj->save_changes_to_disk();
_update_accounting_log( "CREATEAPITOKEN", "$basename$suffix" );
return $token_details;
}
sub print_help {
my $basename = File::Basename::basename($0);
print <<HELP;
Usage: $basename [OPTIONS] [reseller ...]
Options:
-?, --help Display this message
--verbose Print all of the tokens generated
--all-resellers Process all reseller users
HELP
return 0;
}
sub bail_out {
my $error_msg = shift;
print STDERR $error_msg . "\n\n" if $error_msg;
print_help();
return 1;
}