[profile.git] / opt / bin / become

#!/bin/bash

kerberos=0
x11=0
while getopts ":kx" opt; do
  case $opt in
    k) kerberos=1;;
    x) x11=1;;
  esac
done
shift $((OPTIND-1))

user="$1"; shift
if [ -z "$user" ]; then
  echo >&2 "Usage: become [-k] [-x] <user>"
  echo >&2 "Options: -k   Delegate Kerberos credentials even if target user is not root."
  echo >&2 "         -x   Delegate X11 cookie even if target user is not root."
  exit 1
fi

uid=$(PATH=/usr/xpg4/bin:/usr/bin id -u "$user" 2>/dev/null)
if [ -z "$uid" ]; then
  echo >&2 "Who is $user?"
  exit 2
fi

if [ $uid = 0 ]; then
  kerberos=1
  x11=1
fi

PRINCIPAL=$(klist 2>/dev/null | sed -n 's/^Default principal: //p')
if [ $x11 = 1 -a -n "$DISPLAY" -a "${DISPLAY##localhost:}" = "$DISPLAY" ]; then
  COOKIE="$(xauth list $DISPLAY)"
fi
BECOME="$HOME/.become"
profile="$BECOME/$user"
[ -f "$profile" ] || profile="$BECOME/all"

file="$(mktemp)"
if [ -n "$file" ]; then
  exec 3>"$file"
  exec <"$file"
  rm "$file"

  echo >&3 "cd"
  echo >&3 "PROFILE_HOME='$HOME'"
  if [ -n "$PRINCIPAL" ]; then
    echo >&3 "PRINCIPAL='$PRINCIPAL'"
    if [ $kerberos = 1 ]; then
      ccname=$(klist 2>/dev/null | sed -n 's/^Ticket cache: FILE://p')
      if [ -f "$ccname" ]; then
        openssl=$(find_working openssl)
        if [ -n "$openssl" ]; then
          echo >&3 "KRB5OPENSSL='$openssl'"
          echo >&3 "KRB5BASE64='$($openssl enc -a -in $ccname)'"
        fi
      fi
    fi
  fi
  if [ -n "$DISPLAY" -a -n "$COOKIE" ]; then
    echo >&3 "xauth add $COOKIE"
  else
    echo >&3 "unset DISPLAY"
  fi

  echo >&3 2>/dev/null ". $HOME/.bash_profile"
  [ -f "$BECOME/all" ] && cat >&3 2>/dev/null "$BECOME/all"
  [ -f "$BECOME/$user" ] && cat >&3 2>/dev/null "$BECOME/$user"
fi

dir=$(dirname "$0")
[ "$dir" = "." ] && dir="$PWD"
exec sudo -H -u "$user" "$dir/became"
exit 111