fetchtar.proxy.in 4.04 KB
Newer Older
1 2 3
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2003-2011 University of Utah and the Flux Group.
5 6 7 8 9 10 11 12
# All rights reserved.
#
use English;
use Getopt::Std;
use BSD::Resource;
use POSIX qw(:signal_h);
    
#
13 14
# Fetch tarballs and RPMs on behalf of a user.
# This script runs on ops.
15 16 17
#
sub usage()
{
18
    print "Usage: $0 [-q] -u user URL localfile\n";
19 20 21
 
    exit(-1);
}
22 23 24
my $optlist = "qu:";
my $quiet   = 0;
my $user;
25 26 27 28 29 30 31 32

#
# Configure variables
#
my $TB       = "@prefix@";
my $TBOPS    = "@TBOPSEMAIL@";
my $FSDIR_PROJ = "@FSDIR_PROJ@";
my $FSDIR_GROUPS = "@FSDIR_GROUPS@";
33 34
my $FSDIR_SCRATCH = "@FSDIR_SCRATCH@";
my $ISFS = ("@USERNODE_IP@" eq "@FSNODE_IP@") ? 1 : 0;
35 36 37 38

# Locals
my $WGET = "/usr/local/bin/wget";
my $REALPATH = "/bin/realpath";
39
my $CHMOD = "/bin/chmod";
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

#
# Turn off line buffering on output
#
$| = 1;

#
# Untaint the path
# 
$ENV{'PATH'} = "/bin:/usr/bin:/sbin:/usr/sbin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

#
# Testbed Support libraries
#
use lib "@prefix@/lib";
use libtestbed;

#
# First option has to be the -u option, the user to run this script as.
#
if ($UID != 0) {
    die("*** $0:\n".
	"    Must be root to run this script!");
}

66 67
my %options = ();
if (! getopts($optlist, \%options)) {
68 69
    usage();
}
70 71 72 73 74 75 76 77
if (defined($options{"q"})) {
    $quiet = 1;
}
if (defined($options{"u"})) {
    $user = $options{"u"};
}
if (@ARGV != 2 || !defined($user)) {
    usage();
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
}
my $URL = shift @ARGV;
my $localfile = shift @ARGV;

#
# Check arguments
#
if (!($user =~ /^([\w-]+)$/)) {
    die("*** $0:\n".
	"    Bad username given\n");
} else {
    $user = $1;
}

(undef,undef,$unix_uid) = getpwnam($user) or
    die("*** $0:\n".
	"    No such user $user\n");

96
if (!($URL =~
97
	/^((http|https|ftp):\/\/[\w.\-\/\@:~]+(\.tar|\.tar\.Z|\.tar\.gz|\.tgz|\.bz2|\.rpm))$/)) {
98 99 100 101 102 103 104 105 106 107 108 109 110
    die("*** $0:\n".
	"    Illegal URL given: $URL\n");
} else {
    $URL = $1;
}

if (!($localfile =~ /^([\w\.\_\-+\/]+)$/)) {
    die("*** $0:\n".
	"    Illegal local filename given: $localfile\n");
} else {
    $localfile = $1;
    my $realpath = `$REALPATH $localfile`;
    chomp $realpath;
111
    if (!TBValidUserDir($realpath, $ISFS)) {
112
	die("*** $0:\n".
113 114 115 116
	    "    Local file must be in one of " .
	    join(' or ', TBValidUserDirList()) . ".\n");
    }
    if ($realpath =~ /^([\w\.\_\-+\/]+)$/) {
117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166
	$localfile = $1;
    }
}

#
# Need the entire group list for the user, cause of subgroups, and
# cause thats the correct thing to do. Too bad perl does not have a
# getgrouplist function like the C library.
#
my $glist = `id -G $user`;
if ($glist =~ /^([\d ]*)$/) {
    $glist = $1;
}
else {
    die("*** $0:\n".
	"    Unexpected results from 'id -G $user': $glist\n");
}

# Need to split off the first group and create a proper list for $GUID.
my @gglist   = split(" ", $glist);
my $unix_gid = $gglist[0];
$glist       = "$unix_gid $glist";

# Flip to user and never go back!
$GID            = $unix_gid;
$EGID           = $glist;
$EUID = $UID    = $unix_uid;
$ENV{'USER'}    = $user;
$ENV{'LOGNAME'} = $user;

#
# Fork a child process to run the wget
#
my $pid = fork();

if (!defined($pid)) {
    die("*** $0:\n".
	"    Could not fork a new process!");
}

#
# Child does the fetch, niced down, and exits
#
if (! $pid) {
    # Set the CPU limit for us.
    setrlimit(RLIMIT_CPU, 180, 180);
    
    # Give parent a chance to react.
    sleep(1);

167
    exec("nice -15 $WGET -q -O $localfile $URL");
168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185
    die("Could not exec wget!\n");
}

#
# Parent waits.
#
waitpid($pid, 0);
my $exit_status = $?;

#
# If the child was KILLed, then it overran its time limit.
# Send email. Otherwise, exit with result of child.
#
if (($exit_status & 0xff) == SIGKILL) {
    my $msg = "wget CPU Limit";

    SENDMAIL($TBOPS, "wget Exceeded CPU Limit", $msg);
    
186
    print STDERR "*** $msg\n";
187
    exit(15);
188
} elsif ($exit_status) {
189 190
    print STDERR "*** wget exited with status $exit_status\n"
	if (!$quiet);
191 192 193 194 195 196 197
} else {
    #
    # Change the permissions on the file so that other group members can
    # overwrite it
    #
    system("$CHMOD g+w $localfile") == 0
	or die ("*** ERROR - Unable to change permissions on $localfile!");
198 199 200 201
}

exit($exit_status >> 8);