#!/bin/bash
#
# @package      hubzero-mw2-exec-service
# @file         setup_accounts
# @copyright    Copyright (c) 2018-2020 The Regents of the University of California.
# @license      http://opensource.org/licenses/MIT MIT
#
# Copyright (c) 2018-2020 The Regents of the University of California.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#
# HUBzero is a registered trademark of The Regents of the University of California.

# Entry Point for a Docker image, to
# setup account and group information from environment variables
# then sleep to keep container running independently of tool
# this is done to be able to collect container stats after tool has run
# as the stats disappear when the container stops.

# disable core dumps
ulimit -c 0

# optional: add account information for "helper" trusted account
[ -z "$etcpasswdhelper" ] || echo $etcpasswdhelper >> /etc/passwd
[ -z "$etcshadowhelper" ] || echo $etcshadowhelper >> /etc/shadow
# optional: add account information for "apps" user
[ -z "$etcpasswdapps" ] || echo $etcpasswdapps >> /etc/passwd
[ -z "$etcshadowapps" ] || echo $etcshadowapps >> /etc/shadow
# User account is last entry in /etc/passwd
# this helps re-write firewall rules; see "firewall_readd" script
echo $etcpasswd >> /etc/passwd
echo $etcshadow >> /etc/shadow

[ -z "$etcsudoers" ] || echo $etcsudoers >> /etc/sudoers

# Groups
echo ${!group_*}
for envgroup in ${!group_*}; do
  echo ${!envgroup} >> /etc/group
done

if [ -z "$USER" ]; then
  echo USER not set
  exit 1
fi

# copy Xauthority information to user's home .Xauthority file
i=0
until [ $i -ge 5 ]; do
  /bin/su -s /bin/sh -c 'xauth -v source /var/run/Xvnc/authlist*' $USER
  [ $? -eq 0 ] && break
  i=$[$i+1]
  sleep 1
done
if [ $i -ge 5 ]; then
  echo Unable to merge X information with user "$USER" .Xauthority file
  exit 1
fi

# copy Xauthority information to helper's home .Xauthority file
if [ ! -z "$etcpasswdhelper" ] && [ ! -z "$etcshadowhelper" ] && [ ! -z "$sessiondir_helper" ]; then
  # sessiondir_helper, rpath_helper, rpath_user passed with environment
  # Q: Should setup of helper home directory be done in Dockerfile?
  # what if it is not a fixed name (maybe variable depending on tool?)
  # example:
  # mkdir -p /var/ion/private
  # chmod 0750 /var/ion/private
  # mkdir -p /var/ion/runs
  # chmod 0750 /var/ion/runs
  #
  # .ssh/id_rsa, in image, contains private key for ssh tunnel to instanton for caching and must be setup prior to this
  # 
  # create session directory for helper
  helper_username=`echo $etcpasswdhelper | cut -d ':' -f1`
  /bin/su -s /bin/sh -c 'mkdir -p $sessiondir_helper' $helper_username
  # extract home directory from $etcpasswdhelper
  # helper_home=`echo $etcpasswdhelper | cut -d ':' -f6`
  # helper_ownership=`echo $etcpasswdhelper | cut -d ':' -f3-4`
  # mkdir -p $sessiondir_helper
  # mkdir -p $helper_home/drivers
  # chmod 0770 $helper_home/drivers
  # chmod 0770 $helper_home
  # extract home directory from $etcpasswdhelper
  helper_home=`echo $etcpasswdhelper | cut -d ':' -f6`
  # helper_ownership=`echo $etcpasswdhelper | cut -d ':' -f3-4`
  # chown -R $helper_ownership $helper_home
  i=0
  until [ $i -ge 5 ]; do
    /bin/su -s /bin/sh -c 'xauth -v source /var/run/Xvnc/authlist*' $helper_username
    [ $? -eq 0 ] && break
    i=$[$i+1]
    sleep 1
  done
  if [ $i -ge 5 ]; then
    echo Unable to merge X information with helper .Xauthority file username: $helper_username
    # sleep a little to help debugging with docker logs
    sleep 60
    exit 1
  fi
  # Create resources file for helper.  Environment variable is "sessionid".
  # change results_directory path, keep everything else from user's resource file
  # echo sessionid $sessionid > $rpath_helper
  # echo results_directory /var/ion/runs >> $rpath_helper
  # copying the user's results in duplicate sessionid and incorrect results_directory
  su $USER -s /bin/sh -c "sed 's#^results_directory.*#results_directory $helper_home/runs\n#' $rpath_user" >> $rpath_helper
fi

# sleep forever to keep container running so we can get cpu stats
# sleep only 5 seconds at a time as a maximum wait for a response to some events
while :; do
  sleep 5
done
