#include <errno.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <stdlib.h>
#include <stdio.h>
#include <pwd.h>
#include <grp.h>

#include <iostream>
#include <fstream>
#include <vector>
#include <sstream>
using namespace std;

// This program runs a script as a different user.
// It sets the ruid and rgid ("real" uid and gid)
// to be equal to the euid and egid ("effective"
// uid and gid). It checks that the owner/group
// of the script is the same as this binary first
// and that the script is executable.
// This is needed since Linux does not honor the suid
// settings for scripts as a security measure.


void Usage(string binowner="", string bingroup="")
{
	cout << endl;
	cout << "Usage:" << endl;
	cout << "    hdrun_script script [arg1 arg2 ...]" << endl;
	cout << endl;
	cout << " Run a script as the owner of that script." << endl;
	cout << "The owner of the script must match the" << endl;
	cout << "owner of this binary and have the suid" << endl;
	cout << "bit set. This partially re-enables a " << endl;
	cout << "functionality Linux removed of using suid" << endl;
	cout << "with scripts." << endl;
	cout << endl;
	cout << "This binary can run scripts owned by:" << endl;
	cout << endl;
	cout << "     " << binowner << ":" << bingroup << endl;
	cout << endl;
	
	exit(-1);
}

int main(int narg, char *argv[])
{
	// Get owner and group of this binary
	struct passwd *pwd = getpwuid(geteuid());
	struct group  *grp = getgrgid(getegid());
	string binowner = pwd->pw_name;
	string bingroup = grp->gr_name;

	// Get args for script command
	vector<string> args;
	bool is_script_command = false; // set when we start copying script and arguments
	for(int i=1; i<narg; i++){
		if(argv[i][0] != '-') is_script_command = true;
		if(is_script_command) args.push_back(argv[i]);
	}
	
	if(args.empty()) Usage(binowner, bingroup);
	
	// Allow user to specify a script with or without the full path
	string script = args[0];
	if( (script.find(".")!=0) && (script.find("/")!=0) ){
		// User did not provide full or relative path
		// to script. Search PATH envar
		stringstream ss(getenv("PATH"));
		string dir;
		while(getline(ss, dir, ':')){
			string fp = dir + "/" + script;
			if(!access(fp.c_str(), X_OK)){ script=fp; break; }
		}
	}
	
	// Check that script exists
	if(access(script.c_str(), X_OK)){
		cerr << endl << "ERROR: File " << script << " doesn't exist or isn't executable!" << endl << endl;
		exit(-2);
	}
	
	// Get owner, group, and permissions of script
	struct stat info;
	stat(script.c_str(), &info);
	pwd = getpwuid(info.st_uid);
	grp = getgrgid(info.st_gid);
	string scriptowner = pwd->pw_name;
	string scriptgroup = grp->gr_name;
	
	// Make sure script has setuid and setgid bits set
	if( !(info.st_mode&S_ISUID) ){
		cerr << endl << "ERROR: The setuid bit is not set on " << script << "!" << endl << endl;
		exit(-5);
	}
	if( !(info.st_mode&S_ISGID) ){
		cerr << endl << "ERROR: The setgid bit is not set on " << script << "!" << endl << endl;
		exit(-5);
	}

	// Make sure owner and group of script we are running 
	// matches euid of this binary. 
	if( binowner!=scriptowner ){
		cerr << endl << "ERROR: Owner of this binary and script must match! (" << binowner <<" != " << scriptowner << ")" << endl << endl;
		exit(-3);
	}
	if( bingroup!=scriptgroup ){
		cerr << endl << "ERROR: Group ID of this binary and script must match! (" << bingroup <<" != " << scriptgroup << ")" << endl << endl;
		exit(-4);
	}
	
	// Set real id and group
	setreuid(geteuid(), -1);
	setregid(getegid(), -1);
	
	// Make single command
	string cmd;
	for(auto s : args) cmd += s + " ";
	//cout << "script command: " << cmd << endl;

	return system(cmd.c_str());
}