idleswap.in 4.24 KB
Newer Older
1
2
3
4
#!/usr/bin/perl -wT

#
# EMULAB-COPYRIGHT
5
# Copyright (c) 2000-2006 University of Utah and the Flux Group.
6
7
8
9
10
11
12
# All rights reserved.
#

use English;
use Getopt::Std;

#
13
# This gets invoked from the Web interface and from idlemail
14
15
16
#
sub usage()
{
17
    print STDOUT "Usage: idleswap [-i | -a] <pid> <eid>\n";
18
19
    exit(-1);
}
20
21
# Hidden switch: -r = root mode - used by idlemail
my  $optlist = "iar";
22
23
24
25
26
27
28
29

#
# Configure variables
#
my $TB		= "@prefix@";
my $DBNAME	= "@TBDBNAME@";
my $TBOPS	= "@TBOPSEMAIL@";
my $TBLOGS	= "@TBLOGSEMAIL@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
30
my $TBAUDIT	= "@TBAUDITEMAIL@";
31
my $swapexp	= "$TB/bin/swapexp";
32
my $template_swapout = "$TB/bin/template_swapout";
33
34
35

# Testbed Support libraries
use lib "@prefix@/lib";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
36
use libaudit;
37
38
use libdb;
use libtestbed;
39
use Template;
40
41

# Locals.
42
43
my $idleswap   = 0;
my $autoswap   = 0;
44

45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# Untaint the path
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

# Turn off line buffering on output
$| = 1;

# We don't want to run this script unless its the real version.
if ($EUID != 0) {
    die("*** $0:\n".
	"    Must be root! Maybe its a development version?\n");
}

# Parse command arguments. Once we return from getopts, all that should
# left are the required arguments.
%options = ();
61
62
63
if (! getopts($optlist, \%options)) { usage(); }
if (defined($options{"i"})) { $idleswap = 1; }
if (defined($options{"a"})) { $autoswap = 1; }
64
65
66
67
68
69
70
71
if (defined($options{"r"})) { $rootokay = 1; }

# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
if ($UID == 0 && (!defined($rootokay) || !$rootokay) ) {
    die("*** $0:\n".
	"    Please do not run this as root! Its already setuid!\n");
}
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

if (@ARGV != 2) {
    usage();
}
my $pid   = $ARGV[0];
my $eid   = $ARGV[1];

# Untaint the arguments.
if ($pid =~ /^([-\@\w.]+)$/) {
    $pid = $1;
}
else {
    die("Tainted argument $pid!\n");
}
if ($eid =~ /^([-\@\w.]+)$/) {
    $eid = $1;
}
else {
    die("Tainted argument $eid!\n");
}

# Only admins can forcibly swap an idle experiment out.
94
if (! TBAdmin($UID) && ($UID!=0 || !$rootokay) ) {
95
96
97
98
    die("*** $0:\n".
	"    Only testbed administrators can issue a forcible swap!\n");
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
99
100
101
102
103
104
105
106
107
108
#
# This script is always audited.
#
if (AuditStart(0)) {
    #
    # Parent exits normally
    #
    exit(0);
}

109
110
111
112
113
114
115
116
117
118
119
# Need to know the creator of the experiment.
my $query_result =
    DBQueryFatal("SELECT * FROM experiments WHERE eid='$eid' and pid='$pid'");

if (! $query_result->numrows) {
    die("*** $0:\n".
	"    No such experiment $pid/$eid!\n");
}
my %hashrow = $query_result->fetchhash();
my $creator = $hashrow{'expt_head_uid'};
my $gid     = $hashrow{'gid'};
120
121
my $exptidx = $hashrow{'idx'};

122
# Fire off the swap and exit.
123
#
124
125
126
127
128
129
130
131
132
133
134
# Flip to the creator. The swap happens as the creator of the
# experiment.
my ($unix_uid, $unix_gid, $unix_gname);

(undef,undef,$unix_uid) = getpwnam($creator) or
  die("*** $0:\n".
      "    No such user $creator\n");
TBGroupUnixInfo($pid, $gid, \$unix_gid, \$unix_gname) or
  die("*** $0:\n".
      "    No such group $pid/$gid\n");

135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
#
# Need the entire group list for the user, cause of subgroups, and cause
# thats the correct thing to do. Too bad perl does not have a getgrouplist
# function like the C library. Maybe its cleaner to just use sudo? Should
# we get this info from the DB instead of using "id?" 
#
my $glist = `id -G $creator`;
if ($glist =~ /^([\d ]*)$/) {
    $glist = $1;
}
else {
  die("*** $0:\n".
      "    Unexpected results from 'id -G $creator': $glist\n");
}

150
151
152
# Send the email now, which terminates the audit.
AuditEnd();

153
154
155
156
157
158
# Remove current group from glist, then add gid twice at the front of the list
# Order matters here, or we won't pick up all the groups we need.

$glist =~ s/ ?\b$unix_gid\b ?//;
$glist = $unix_gid . " " . $unix_gid . " " . $glist;

159
$GID            = $unix_gid;
160
$EGID           = $glist;
161
162
163
164
$EUID = $UID    = $unix_uid;
$ENV{'USER'}    = $creator;
$ENV{'LOGNAME'} = $creator;

165
166
167
168
if (my $instance = Template::Instance->LookupByExptidx($exptidx)) {
    my $guid = $instance->guid();
    my $vers = $instance->vers();

169
    exec "$template_swapout -e $eid $guid/$vers";
170
171
172
173
174
175
176
}
else {
    my $arg = "";
    
    if    ($idleswap) { $arg = "-i"; }
    elsif ($autoswap) { $arg = "-a"; }
    else { $arg = "-f"; }
177

178
179
    exec "$swapexp $arg -s out $pid $eid";
}
180

181
die("*** $0:\n".
182
183
    "    Failed to exec $swapexp!\n");