#!/bin/bash

## -------------------------------------------------------------------
##
## stanchion: Stanchion launcher
##
## Copyright (c) 2014 Basho Technologies, Inc.,
##               2021 TI Tokyo.  All Rights Reserved.
##
## This file is provided to you under the Apache License,
## Version 2.0 (the "License"); you may not use this file
## except in compliance with the License.  You may obtain
## a copy of the License at
##
##   http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing,
## software distributed under the License is distributed on an
## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
## KIND, either express or implied.  See the License for the
## specific language governing permissions and limitations
## under the License.
##
## -------------------------------------------------------------------

RUNNER_GEN_DIR=/var/lib/stanchion
RELX_STANCHION=/usr/lib64/stanchion/bin/stanchion
export PID_DIR=/run/stanchion
export PIPE_DIR=/tmp/stanchion/   # terminating / (relx treats it as a prefix)

mkdir -p $PID_DIR $PIPE_DIR
chown stanchion:stanchion $PID_DIR $PIPE_DIR

function write_pid_file {  # relx doesn't seem to write the pid file, does it?
    local c=3
    sleep 1
    while [[ $c -ne 0 ]]; do
	if [ "`maybe_su ${RELX_STANCHION} ping`" = "pong" ]; then
            maybe_su ${RELX_STANCHION} pid >$PID_DIR/stanchion.pid
            chown root $PID_DIR/stanchion.pid 2>/dev/null || true  # systemd wants it to be owned by root
	    break
	fi
	sleep 2
	c=$(($c - 1))
    done
}

function delete_pid_file {
    rm -f $PID_DIR/stanchion.pid
}

# centos7-based distros have a su that contacts pam and prints the "Last logged in" message
if [ "`cat /etc/redhat-release 2>&1`" = "CentOS Stream release 8" ] ||
   [ "`cat /etc/system-release 2>&1`" = "Amazon Linux release 2 (Karoo)" ]; then
    SU="su --session-command"
else
    SU=su
fi

function maybe_su {
    if [[ $EUID -ne 0 ]]; then
        $*
    else
	# if we are executing an admin command that spins up a
	# (hidden) node to then execute custom erlang code via -eval,
	# we need to cd to a dir containing the erlang cookie
	# (previously implicitly done by su -, which option we have
	# removed in order to allow any env vars to be available for
	# the ultimate invocation of riak/riak-cs/stanchion)
	cd "/usr/lib64/stanchion"

	# freebsd su is fairly limited, so:
	mkdir -p "$RUNNER_GEN_DIR"
	chown stanchion:stanchion "$RUNNER_GEN_DIR"
	f=`mktemp "$RUNNER_GEN_DIR"/su_piggy-XXXXXXX`
	cat >"$f" <<EOF
#!/bin/sh
$*
EOF
	chmod +x "$f"
	chown stanchion:stanchion "$f"
	$SU stanchion -c "$f"
        rm -f "$f"
    fi
}

case "$1" in
    start)
        maybe_su $RELX_STANCHION $* -pa /usr/lib64/stanchion/lib/patches \
            && write_pid_file
	test -r $PID_DIR/stanchion.pid && exit 0
	;;
    console|foreground)
        maybe_su $RELX_STANCHION $* -pa /usr/lib64/stanchion/lib/patches
	;;
    stop)
        maybe_su $RELX_STANCHION $* \
	    && delete_pid_file
	;;
    admin)
	shift
	maybe_su `which stanchion-admin` $*
	;;
    debug)
	shift
	maybe_su `which stanchion-debug` $*
	;;
    *)
        ESCAPED_ARGS=`echo "$@" | sed -e 's/\([\\\(\\\){}"\x27]\)/\\\\\1/g'`
        maybe_su $RELX_STANCHION $ESCAPED_ARGS
        ;;
esac
