def __check_mysql_path(self): try: #获取datadir路径 mypath = '/etc/my.cnf' if not os.path.exists(mypath): return False public.set_mode(mypath, 644) mycnf = public.readFile(mypath) tmp = re.findall('datadir\s*=\s*(.+)', mycnf) if not tmp: return False datadir = tmp[0] #可以被启动的权限 accs = ['755', '777'] #处理data目录权限 mode_info = public.get_mode_and_user(datadir) if not mode_info['mode'] in accs or mode_info['user'] != 'mysql': public.ExecShell('chmod 755 ' + datadir) public.ExecShell('chown -R mysql:mysql ' + datadir) #递归处理父目录权限 datadir = os.path.dirname(datadir) while datadir != '/': if datadir == '/': break mode_info = public.get_mode_and_user(datadir) if not mode_info['mode'] in accs: public.ExecShell('chmod 755 ' + datadir) datadir = os.path.dirname(datadir) except: pass
def mypass(self, act): conf_file = '/etc/my.cnf' conf_file_bak = '/etc/my.cnf.bak' if os.path.getsize(conf_file) > 2: public.writeFile(conf_file_bak, public.readFile(conf_file)) public.set_mode(conf_file_bak, 600) public.set_own(conf_file_bak, 'mysql') elif os.path.getsize(conf_file_bak) > 2: public.writeFile(conf_file, public.readFile(conf_file_bak)) public.set_mode(conf_file, 600) public.set_own(conf_file, 'mysql') public.ExecShell("sed -i '/user=root/d' {}".format(conf_file)) public.ExecShell("sed -i '/password=/d' {}".format(conf_file)) if act: password = public.M('config').where('id=?', (1, )).getField('mysql_root') mycnf = public.readFile(conf_file) if not mycnf: return False src_dump_re = r"\[mysqldump\][^.]" sub_dump = "[mysqldump]\nuser=root\npassword=\"{}\"\n".format( password) mycnf = re.sub(src_dump_re, sub_dump, mycnf) if len(mycnf) > 100: public.writeFile(conf_file, mycnf) return True return True
def set_pma_access(): try: pma_path = get_pma_path() if not pma_path: return False if not os.path.exists(pma_path): return False pma_tmp = pma_path + '/tmp' if not os.path.exists(pma_tmp): os.makedirs(pma_tmp) nginx_file = '/www/server/nginx/conf/nginx.conf' if os.path.exists(nginx_file): nginx_conf = public.readFile(nginx_file) if nginx_conf.find('/tmp/') == -1: r_conf = '''/www/server/phpmyadmin; location ~ /tmp/ { return 403; }''' nginx_conf = nginx_conf.replace('/www/server/phpmyadmin;',r_conf) public.writeFile(nginx_file,nginx_conf) public.serviceReload() apa_pma_tmp = pma_tmp + '/.htaccess' if not os.path.exists(apa_pma_tmp): r_conf = '''order allow,deny deny from all''' public.writeFile(apa_pma_tmp,r_conf) public.set_mode(apa_pma_tmp,755) public.set_own(apa_pma_tmp,'root') public.ExecShell("chmod -R 700 {}".format(pma_tmp)) public.ExecShell("chown -R www:www {}".format(pma_tmp)) return True except: return False
def __init__(self): if not os.path.exists(self._save_path): os.makedirs(self._save_path, 384) if not os.path.exists(self._pass_file): public.writeFile(self._pass_file, public.GetRandomString(16)) public.set_mode(self._pass_file, 600) if not self._pass_str: self._pass_str = public.readFile(self._pass_file)
def upload(self, args): if sys.version_info[0] == 2: args.f_name = args.f_name.encode('utf-8') args.f_path = args.f_path.encode('utf-8') if args.f_name.find('./') != -1 or args.f_path.find('./') != -1: return public.returnMsg(False, '错误的参数') if not os.path.exists(args.f_path): os.makedirs(args.f_path, 493) if not 'dir_mode' in args or not 'file_mode' in args: self.set_mode(args.f_path) save_path = os.path.join( args.f_path, args.f_name + '.' + str(int(args.f_size)) + '.upload.tmp') d_size = 0 if os.path.exists(save_path): d_size = os.path.getsize(save_path) if d_size != int(args.f_start): return d_size upload_files = request.files.getlist("blob") f = open(save_path, 'ab') for tmp_f in upload_files: f.write(tmp_f.read()) f.close() f_size = os.path.getsize(save_path) if f_size != int(args.f_size): return f_size new_name = os.path.join(args.f_path, args.f_name) if os.path.exists(new_name): if new_name.find('.user.ini') != -1: public.ExecShell("chattr -i " + new_name) os.remove(new_name) os.renames(save_path, new_name) if 'dir_mode' in args and 'file_mode' in args: mode_tmp1 = args.dir_mode.split(',') public.set_mode(args.f_path, mode_tmp1[0]) public.set_own(args.f_path, mode_tmp1[1]) mode_tmp2 = args.file_mode.split(',') public.set_mode(new_name, mode_tmp2[0]) public.set_own(new_name, mode_tmp2[1]) else: self.set_mode(new_name) if new_name.find('.user.ini') != -1: public.ExecShell("chattr +i " + new_name) public.WriteLog('TYPE_FILE', 'FILE_UPLOAD_SUCCESS', (args.f_name, args.f_path)) return public.returnMsg(True, 'Upload Success!')
def term_open(): comReturn = comm.local() if comReturn: return comReturn args = get_input() if 'get_ssh_info' in args: key = 'ssh_' + args['host'] if key in session: return public.getJson(session[key]),json_header return public.returnMsg(False,'Acquisition failed!') session['ssh_info'] = json.loads(args.data) key = 'ssh_' + session['ssh_info']['host'] session[key] = session['ssh_info'] s_file = '/www/server/panel/config/t_info.json' if 'is_save' in session['ssh_info']: public.writeFile(s_file,public.de_hexb(json.dumps(session['ssh_info']))) public.set_mode(s_file,600) else: if os.path.exists(s_file): os.remove(s_file) return public.returnJson(True,'Successful setup!');
def apple_lest_cert(self, get): data = {} data['siteName'] = get.siteName data['domains'] = json.loads(get.domains) data['email'] = get.email data['dnssleep'] = get.dnssleep if len(data['domains']) <= 0: return public.returnMsg(False, '申请域名列表不能为空.') data['first_domain'] = data['domains'][0] path = self.setupPath + '/panel/vhost/cert/' + data['siteName'] if not os.path.exists(path): os.makedirs(path) # 检查是否自定义证书 partnerOrderId = path + '/partnerOrderId' if os.path.exists(partnerOrderId): os.remove(partnerOrderId) #清理续签key re_key = path + '/account_key.key' if os.path.exists(re_key): os.remove(re_key) re_password = path + '/password' if os.path.exists(re_password): os.remove(re_password) data['account_key'] = None if hasattr(get, 'dnsapi'): if not 'app_root' in get: get.app_root = '0' data['app_root'] = get.app_root domain_list = data['domains'] if data['app_root'] == '1': domain_list = [] data['first_domain'] = self.get_root_domain( data['first_domain']) for domain in data['domains']: rootDoamin = self.get_root_domain(domain) if not rootDoamin in domain_list: domain_list.append(rootDoamin) if not "*." + rootDoamin in domain_list: domain_list.append("*." + rootDoamin) data['domains'] = domain_list if get.dnsapi == 'dns': domain_path = path + '/domain_txt_dns_value.json' if hasattr(get, 'renew'): #验证 data['renew'] = True dns = json.loads(public.readFile(domain_path)) data['dns'] = dns certificate = self.crate_let_by_oper(data) else: #手动解析提前返回 result = self.crate_let_by_oper(data) if 'status' in result and not result['status']: return result result['status'] = True public.writeFile(domain_path, json.dumps(result)) result['msg'] = '获取成功,请手动解析域名' result['code'] = 2 return result elif get.dnsapi == 'dns_bt': data['dnsapi'] = get.dnsapi certificate = self.crate_let_by_dns(data) else: data['dnsapi'] = get.dnsapi data['dns_param'] = get.dns_param.split('|') certificate = self.crate_let_by_dns(data) else: #文件验证 data['site_dir'] = get.site_dir certificate = self.crate_let_by_file(data) if not certificate['status']: return public.returnMsg(False, certificate['msg']) #保存续签 cpath = self.setupPath + '/panel/vhost/cert/crontab.json' config = {} if os.path.exists(cpath): config = json.loads(public.readFile(cpath)) config[data['siteName']] = data public.writeFile(cpath, json.dumps(config)) public.set_mode(cpath, 600) #存储证书 public.writeFile(path + "/privkey.pem", certificate['key']) public.writeFile(path + "/fullchain.pem", certificate['cert'] + certificate['ca_data']) public.writeFile(path + "/account_key.key", certificate['account_key']) #续签KEY #转为IIS证书 p12 = self.dump_pkcs12(certificate['key'], certificate['cert'] + certificate['ca_data'], certificate['ca_data'], data['first_domain']) pfx_buffer = p12.export() public.writeFile(path + "/fullchain.pfx", pfx_buffer, 'wb+') public.writeFile(path + "/README", "let") #计划任务续签 self.set_crond() return public.returnMsg(True, '申请成功.')
def save_api_config(self, data): public.WriteFile(self.save_path, json.dumps(data)) public.set_mode(self.save_path, '600') return True
def apple_lest_cert(self, get): data = {} data['siteName'] = get.siteName data['domains'] = json.loads(get.domains) data['email'] = get.email data['dnssleep'] = get.dnssleep self.write_log("Ready to apply for SSL, domain name {}".format( data['domains'])) self.write_log("=" * 50) if len(data['domains']) <= 0: return public.returnMsg( False, 'The list of applied domain names cannot be empty.') data['first_domain'] = data['domains'][0] path = self.setupPath + '/panel/vhost/cert/' + data['siteName'] if not os.path.exists(path): os.makedirs(path) # 检查是否自定义证书 partnerOrderId = path + '/partnerOrderId' if os.path.exists(partnerOrderId): os.remove(partnerOrderId) #清理续签key re_key = path + '/account_key.key' if os.path.exists(re_key): os.remove(re_key) re_password = path + '/password' if os.path.exists(re_password): os.remove(re_password) data['account_key'] = None if hasattr(get, 'dnsapi'): if not 'app_root' in get: get.app_root = '0' data['app_root'] = get.app_root domain_list = data['domains'] if data['app_root'] == '1': public.writeFile(self.log_file, '') domain_list = [] data['first_domain'] = self.get_root_domain( data['first_domain']) for domain in data['domains']: rootDoamin = self.get_root_domain(domain) if not rootDoamin in domain_list: domain_list.append(rootDoamin) if not "*." + rootDoamin in domain_list: domain_list.append("*." + rootDoamin) data['domains'] = domain_list if get.dnsapi == 'dns': domain_path = path + '/domain_txt_dns_value.json' if hasattr(get, 'renew'): #验证 data['renew'] = True dns = json.loads(public.readFile(domain_path)) data['dns'] = dns certificate = self.crate_let_by_oper(data) else: public.writeFile(self.log_file, '') #手动解析提前返回 result = self.crate_let_by_oper(data) if 'status' in result and not result['status']: return result result['status'] = True public.writeFile(domain_path, json.dumps(result)) result[ 'msg'] = 'Get successful, please manually resolve the domain name' result['code'] = 2 return result elif get.dnsapi == 'dns_bt': public.writeFile(self.log_file, '') data['dnsapi'] = get.dnsapi certificate = self.crate_let_by_dns(data) else: public.writeFile(self.log_file, '') data['dnsapi'] = get.dnsapi data['dns_param'] = get.dns_param.split('|') certificate = self.crate_let_by_dns(data) else: #文件验证 public.writeFile(self.log_file, '') data['site_dir'] = get.site_dir certificate = self.crate_let_by_file(data) if not certificate['status']: return public.returnMsg(False, certificate['msg']) #保存续签 self.write_log("|-Saving certificate..") cpath = self.setupPath + '/panel/vhost/cert/crontab.json' config = {} if os.path.exists(cpath): try: config = json.loads(public.readFile(cpath)) except: pass config[data['siteName']] = data public.writeFile(cpath, json.dumps(config)) public.set_mode(cpath, 600) #存储证书 public.writeFile(path + "/privkey.pem", certificate['key']) public.writeFile(path + "/fullchain.pem", certificate['cert'] + certificate['ca_data']) public.writeFile(path + "/account_key.key", certificate['account_key']) #续签KEY #转为IIS证书 p12 = self.dump_pkcs12(certificate['key'], certificate['cert'] + certificate['ca_data'], certificate['ca_data'], data['first_domain']) pfx_buffer = p12.export() public.writeFile(path + "/fullchain.pfx", pfx_buffer, 'wb+') public.writeFile(path + "/README", "let") #计划任务续签 self.write_log("|-Setting up auto-renewal configuration..") self.set_crond() self.write_log( "|-The application is successful and it is being automatically deployed to the website!" ) self.write_log("=" * 50) return public.returnMsg(True, 'Application successful.')
def apple_lest_cert(self, get): data = {} data['siteName'] = get.siteName data['domains'] = json.loads(get.domains) data['email'] = get.email data['dnssleep'] = get.dnssleep if len(data['domains']) <= 0: return public.returnMsg(False, '申请域名列表不能为空.') data['first_domain'] = data['domains'][0] path = self.setupPath + '/panel/vhost/cert/' + data['siteName'] if not os.path.exists(path): os.makedirs(path) # 检查是否自定义证书 partnerOrderId = path + '/partnerOrderId' if os.path.exists(partnerOrderId): os.remove(partnerOrderId) #清理续签key re_key = path + '/account_key.key' if os.path.exists(re_key): os.remove(re_key) re_password = path + '/password' if os.path.exists(re_password): os.remove(re_password) data['account_key'] = None if hasattr(get, 'dnsapi'): if not 'app_root' in get: get.app_root = '0' data['app_root'] = get.app_root domain_list = data['domains'] if data['app_root'] == '1': domain_list = [] data['first_domain'] = self.get_root_domain( data['first_domain']) for domain in data['domains']: rootDoamin = self.get_root_domain(domain) if not rootDoamin in domain_list: domain_list.append(rootDoamin) if not "*." + rootDoamin in domain_list: domain_list.append("*." + rootDoamin) data['domains'] = domain_list if get.dnsapi == 'dns': domain_path = path + '/domain_txt_dns_value.json' if hasattr(get, 'renew'): #验证 data['renew'] = True dns = json.loads(public.readFile(domain_path)) data['dns'] = dns certificate = self.crate_let_by_oper(data) else: #手动解析提前返回 result = self.crate_let_by_oper(data) public.writeFile(domain_path, json.dumps(result)) result['code'] = 2 result['status'] = True result['msg'] = '获取成功,请手动解析域名' return result elif get.dnsapi == 'dns_bt': data['dnsapi'] = get.dnsapi certificate = self.crate_let_by_dns(data) else: data['dnsapi'] = get.dnsapi data['dns_param'] = get.dns_param.split('|') certificate = self.crate_let_by_dns(data) else: #文件验证 data['site_dir'] = get.site_dir certificate = self.crate_let_by_file(data) if not certificate['status']: return public.returnMsg(False, certificate['msg']) #保存续签 cpath = self.setupPath + '/panel/vhost/cert/crontab.json' config = {} if os.path.exists(cpath): config = json.loads(public.readFile(cpath)) config[data['siteName']] = data public.writeFile(cpath, json.dumps(config)) public.set_mode(cpath, 600) #存储证书 public.writeFile(path + "/privkey.pem", certificate['key']) public.writeFile(path + "/fullchain.pem", certificate['cert'] + certificate['ca_data']) public.writeFile(path + "/account_key.key", certificate['account_key']) #续签KEY #转为IIS证书 p12 = self.dump_pkcs12(certificate['key'], certificate['cert'] + certificate['ca_data'], certificate['ca_data'], data['first_domain']) pfx_buffer = p12.export() public.writeFile(path + "/fullchain.pfx", pfx_buffer, 'wb+') public.writeFile(path + "/README", "let") #计划任务续签 echo = public.md5(public.md5('renew_lets_ssl_bt')) crontab = public.M('crontab').where('echo=?', (echo, )).find() if not crontab: cronPath = public.GetConfigValue('setup_path') + '/cron/' + echo shell = 'python %s/panel/class/panelLets.py renew_lets_ssl ' % ( self.setupPath) public.writeFile(cronPath, shell) public.M('crontab').add( 'name,type,where1,where_hour,where_minute,echo,addtime,status,save,backupTo,sType,sName,sBody,urladdress', ("续签Let's Encrypt证书", 'day', '', '0', '10', echo, time.strftime('%Y-%m-%d %X', time.localtime()), 1, '', 'localhost', 'toShell', '', shell, '')) return public.returnMsg(True, '申请成功.')