#!/usr/bin/env python

# Using a Python script to run sudo to run a Python script is a bit
# silly, but it lets us use rpki.autoconf to locate sudo, lets us
# avoid needing a custom setuid wrapper, lets us avoid another pass
# through the adventures of shell quoting and tokenization, and
# generally is just a lot simpler to implement correctly.
#
# OK, it's probably a few milliseconds slower.  Big deal.

if __name__ == "__main__":

    import os
    import pwd
    import sys
    import rpki.autoconf

    argv = [sys.executable, os.path.abspath(sys.argv[0])]
    argv.extend(sys.argv[1:])

    already_ran_sudo = os.getenv("SUDO_COMMAND") == " ".join(argv)

    euid = os.geteuid()

    try:
        puid = pwd.getpwnam(rpki.autoconf.RPKI_USER).pw_uid
    except KeyError:
        puid = None
        print "Warning: User \"{}\" not found, not dropping privileges".format(rpki.autoconf.RPKI_USER)

    if puid is not None and already_ran_sudo:
        try:
            os.setgid(  int(os.environ["SUDO_GID"]))
            os.setreuid(int(os.environ["SUDO_UID"]), puid)
        except OSError as e:
            sys.exit("Couldn't drop privs to user {}: {!s}".format(rpki.autoconf.RPKI_USER, e))

    if already_ran_sudo or puid in (None, euid):
        import rpki.rpkic
        rpki.rpkic.main()

    else:
        try:
            argv.insert(0, rpki.autoconf.SUDO)
            os.execv(argv[0], argv)
            sys.exit("rpkic startup failure, no exception so don't know why, sorry")
        except Exception as e:
            sys.exit("Couldn't exec sudo python rpkic: {!s}".format(e))