#!/bin/bash

get_binary() {
    temp=`whereis -b $1`
    array=( $temp )
    length=${#array[@]}
    if [ "$length" -eq 1 ]; then
        echo $1
    fi
    length=$(($length - 1))
    for i in `seq 1 $let`; do
        if [ -x "${array[$i]}" ]; then
            echo ${array[$i]}
        fi
    done
}

ID=$(get_binary id)
WHOAMI=$(get_binary whoami)
TAIL=$(get_binary tail)
PWD=$(get_binary pwd)
SSH=$(get_binary ssh)
CAT=$(get_binary cat)
GREP=$(get_binary grep)

is_cagefs_enabled() {
    # return 0 when cagefs is enabled for user
    /bin/cagefs_enter.proxied ls -ld /var/.cagefs > /dev/null 2>&1
    return $?
}

is_proxy_enabled() {
    # return 0 when execution via proxy is enabled
    if $GREP -P '^cagefs_enter_proxied\s*=\s*0' /etc/sysconfig/cloudlinux > /dev/null 2>&1; then
        return 1
    fi
    return 0
}

##CageFS proxyexec wrapper - ver 14
USR=`$WHOAMI`

if [ "$USR" == "root" ]; then
    echo "This program can not be run as root"
    exit 1
fi

is_proxy_enabled
proxy_enabled=$?

if [ "$proxy_enabled" -ne 0 ]; then
    # when proxy is disabled - call original cagefs_enter binary
    /bin/cagefs_enter.proxied "$@"
    exit $?
fi

PREFIX=`$ID -u|$TAIL -c 3`
USER_TOKEN_PATH="/var/cagefs/$PREFIX/$USR/.cagefs/.cagefs.token"

if [ ! -f "$USER_TOKEN_PATH" ]; then
    # try to create token
    is_cagefs_enabled
    cagefs_enabled=$?
fi

if [ ! -f "$USER_TOKEN_PATH" ]; then
    # when token does not exist - call original cagefs_enter binary
    /bin/cagefs_enter.proxied "$@"
    exit $?
fi

TOKEN=`$CAT $USER_TOKEN_PATH`
CWD=`$PWD`

if [ -e /var/.cagefs/origin ]; then
    ORIGIN=`$CAT /var/.cagefs/origin`
    REMOTE="$SSH -F /etc/ssh/cagefs-rexec_config $USR@$ORIGIN"
    $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock "$USR" "$CWD" CAGEFS_ENTER $$ "$@"
else
    CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock "$USR" "$CWD" CAGEFS_ENTER $$ "$@"
fi

exit $?