#!/usr/bin/env python

# Copyright (C) 2015-2016  Parsons Government Services ("PARSONS")
# Portions copyright (C) 2013-2014  Dragon Research Labs ("DRL")
# Portions copyright (C) 2009-2012  Internet Systems Consortium ("ISC")
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notices and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND PARSONS, DRL, AND ISC DISCLAIM
# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL
# PARSONS, DRL, OR ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
# OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

# Using a Python script to run sudo to run a Python script is a bit
# silly, but it lets us use rpki.autoconf to locate sudo, lets us
# avoid needing a custom setuid wrapper, lets us avoid another pass
# through the adventures of shell quoting and tokenization, and
# generally is just a lot simpler to implement correctly.
#
# OK, it's probably a few milliseconds slower.  Big deal.

if __name__ == "__main__":

    import os
    import pwd
    import sys
    import rpki.autoconf

    argv = [sys.executable, os.path.abspath(sys.argv[0])]
    argv.extend(sys.argv[1:])

    already_ran_sudo = os.getenv("SUDO_COMMAND") == " ".join(argv)

    euid = os.geteuid()

    try:
        puid = pwd.getpwnam(rpki.autoconf.RPKI_USER).pw_uid
    except KeyError:
        puid = None
        print "Warning: User \"{}\" not found, not dropping privileges".format(rpki.autoconf.RPKI_USER)

    if puid is not None and already_ran_sudo:
        try:
            os.setgid(  int(os.environ["SUDO_GID"]))
            os.setreuid(int(os.environ["SUDO_UID"]), puid)
        except OSError as e:
            sys.exit("Couldn't drop privs to user {}: {!s}".format(rpki.autoconf.RPKI_USER, e))

    if already_ran_sudo or puid in (None, euid):
        import rpki.rpkic
        rpki.rpkic.main()

    else:
        try:
            argv.insert(0, rpki.autoconf.SUDO)
            os.execv(argv[0], argv)
            sys.exit("rpkic startup failure, no exception so don't know why, sorry")
        except Exception as e:
            sys.exit("Couldn't exec sudo python rpkic: {!s}".format(e))