idleswap.in 4.24 KB
Newer Older
1 2 3 4
#!/usr/bin/perl -wT

#
# EMULAB-COPYRIGHT
5
# Copyright (c) 2000-2006 University of Utah and the Flux Group.
6 7 8 9 10 11 12
# All rights reserved.
#

use English;
use Getopt::Std;

#
13
# This gets invoked from the Web interface and from idlemail
14 15 16
#
sub usage()
{
17
    print STDOUT "Usage: idleswap [-i | -a] <pid> <eid>\n";
18 19
    exit(-1);
}
20 21
# Hidden switch: -r = root mode - used by idlemail
my  $optlist = "iar";
22 23 24 25 26 27 28 29

#
# Configure variables
#
my $TB		= "@prefix@";
my $DBNAME	= "@TBDBNAME@";
my $TBOPS	= "@TBOPSEMAIL@";
my $TBLOGS	= "@TBLOGSEMAIL@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
30
my $TBAUDIT	= "@TBAUDITEMAIL@";
31
my $swapexp	= "$TB/bin/swapexp";
32
my $template_swapout = "$TB/bin/template_swapout";
33 34 35

# Testbed Support libraries
use lib "@prefix@/lib";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
36
use libaudit;
37 38
use libdb;
use libtestbed;
39
use Template;
40 41

# Locals.
42 43
my $idleswap   = 0;
my $autoswap   = 0;
44

45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
# Untaint the path
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

# Turn off line buffering on output
$| = 1;

# We don't want to run this script unless its the real version.
if ($EUID != 0) {
    die("*** $0:\n".
	"    Must be root! Maybe its a development version?\n");
}

# Parse command arguments. Once we return from getopts, all that should
# left are the required arguments.
%options = ();
61 62 63
if (! getopts($optlist, \%options)) { usage(); }
if (defined($options{"i"})) { $idleswap = 1; }
if (defined($options{"a"})) { $autoswap = 1; }
64 65 66 67 68 69 70 71
if (defined($options{"r"})) { $rootokay = 1; }

# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
if ($UID == 0 && (!defined($rootokay) || !$rootokay) ) {
    die("*** $0:\n".
	"    Please do not run this as root! Its already setuid!\n");
}
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93

if (@ARGV != 2) {
    usage();
}
my $pid   = $ARGV[0];
my $eid   = $ARGV[1];

# Untaint the arguments.
if ($pid =~ /^([-\@\w.]+)$/) {
    $pid = $1;
}
else {
    die("Tainted argument $pid!\n");
}
if ($eid =~ /^([-\@\w.]+)$/) {
    $eid = $1;
}
else {
    die("Tainted argument $eid!\n");
}

# Only admins can forcibly swap an idle experiment out.
94
if (! TBAdmin($UID) && ($UID!=0 || !$rootokay) ) {
95 96 97 98
    die("*** $0:\n".
	"    Only testbed administrators can issue a forcible swap!\n");
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
99 100 101 102 103 104 105 106 107 108
#
# This script is always audited.
#
if (AuditStart(0)) {
    #
    # Parent exits normally
    #
    exit(0);
}

109 110 111 112 113 114 115 116 117 118 119
# Need to know the creator of the experiment.
my $query_result =
    DBQueryFatal("SELECT * FROM experiments WHERE eid='$eid' and pid='$pid'");

if (! $query_result->numrows) {
    die("*** $0:\n".
	"    No such experiment $pid/$eid!\n");
}
my %hashrow = $query_result->fetchhash();
my $creator = $hashrow{'expt_head_uid'};
my $gid     = $hashrow{'gid'};
120 121
my $exptidx = $hashrow{'idx'};

122
# Fire off the swap and exit.
123
#
124 125 126 127 128 129 130 131 132 133 134
# Flip to the creator. The swap happens as the creator of the
# experiment.
my ($unix_uid, $unix_gid, $unix_gname);

(undef,undef,$unix_uid) = getpwnam($creator) or
  die("*** $0:\n".
      "    No such user $creator\n");
TBGroupUnixInfo($pid, $gid, \$unix_gid, \$unix_gname) or
  die("*** $0:\n".
      "    No such group $pid/$gid\n");

135 136 137 138 139 140 141 142 143 144 145 146 147 148 149
#
# Need the entire group list for the user, cause of subgroups, and cause
# thats the correct thing to do. Too bad perl does not have a getgrouplist
# function like the C library. Maybe its cleaner to just use sudo? Should
# we get this info from the DB instead of using "id?" 
#
my $glist = `id -G $creator`;
if ($glist =~ /^([\d ]*)$/) {
    $glist = $1;
}
else {
  die("*** $0:\n".
      "    Unexpected results from 'id -G $creator': $glist\n");
}

150 151 152
# Send the email now, which terminates the audit.
AuditEnd();

153 154 155 156 157 158
# Remove current group from glist, then add gid twice at the front of the list
# Order matters here, or we won't pick up all the groups we need.

$glist =~ s/ ?\b$unix_gid\b ?//;
$glist = $unix_gid . " " . $unix_gid . " " . $glist;

159
$GID            = $unix_gid;
160
$EGID           = $glist;
161 162 163 164
$EUID = $UID    = $unix_uid;
$ENV{'USER'}    = $creator;
$ENV{'LOGNAME'} = $creator;

165 166 167 168
if (my $instance = Template::Instance->LookupByExptidx($exptidx)) {
    my $guid = $instance->guid();
    my $vers = $instance->vers();

169
    exec "$template_swapout -e $eid $guid/$vers";
170 171 172 173 174 175 176
}
else {
    my $arg = "";
    
    if    ($idleswap) { $arg = "-i"; }
    elsif ($autoswap) { $arg = "-a"; }
    else { $arg = "-f"; }
177

178 179
    exec "$swapexp $arg -s out $pid $eid";
}
180

181
die("*** $0:\n".
182 183
    "    Failed to exec $swapexp!\n");