ec2import.proxy.in 2.54 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113
#!/usr/bin/perl -w

#
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
#
use strict;
use English;
use Getopt::Std;
use BSD::Resource;
use POSIX qw(:signal_h);
    
#
# Wrapper for the EC2 image import script.
#
sub usage()
{
    print STDOUT "Usage: ec2import.proxy -u user ...\n";
    exit(-1);
}

#
# Configure variables
#
my $TB       = "@prefix@";
my $TBOPS    = "@TBOPSEMAIL@";
my $EC2SNAP  = "$TB/sbin/ec2import-image.pl";
my $errors   = 0;

#
# Turn off line buffering on output
#
$| = 1;

#
# Untaint the path
# 
$ENV{'PATH'} = "/bin:/usr/bin:/sbin:/usr/sbin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

#
# Testbed Support libraries
#
use lib "@prefix@/lib";
use libtestbed;

#
# First option has to be the -u option, the user to run this script as.
#
if ($UID != 0 || $EUID != 0) {
    die("*** $0:\n".
	"    Must be root to run this script!\n");
}
if ($ARGV[0] ne "-u") {
    usage();
}
my $user = $ARGV[1];
shift(@ARGV);
shift(@ARGV);

my (undef,undef,$unix_uid) = getpwnam($user) or
    die("*** $0:\n".
	"    No such user $user\n");

#
# Need the entire group list for the user, cause of subgroups, and
# cause thats the correct thing to do. Too bad perl does not have a
# getgrouplist function like the C library.
#
my $glist = `/usr/bin/id -G $user`;
if ($glist =~ /^([\d ]*)$/) {
    $glist = $1;
}
else {
    die("*** $0:\n".
	"    Unexpected results from 'id -G $user': $glist\n");
}

# Need to split off the first group and create a proper list for $GUID.
my @gglist   = split(" ", $glist);
my $unix_gid = $gglist[0];
$glist       = "$unix_gid $glist";

# Flip to user and never go back!
$GID            = $unix_gid;
$EGID           = $glist;
$EUID = $UID    = $unix_uid;
$ENV{'USER'}    = $user;
$ENV{'LOGNAME'} = $user;

#
# Invoke script with the rest of the args.
#
system("$EC2SNAP @ARGV");
exit($? >> 8);