#!/bin/bash
##CageFS proxyexec wrapper - ver 17

if [[ $EUID -eq 0 ]]; then
    echo 'Cannot be run as root'
    exit 1
fi

USR=`/usr/bin/whoami`
CWD=`pwd`
TOKEN=`/bin/cat /var/.cagefs/.cagefs.token`
# It's user's tmp directory and write to it is secure procedure
# because this script is running only under usual user
LOCKFILE=/tmp/.crontab.lock

FD=`ulimit -n`
(( FD -= 1 ))

if [[ -e /var/.cagefs/origin ]]; then
    ORIGIN=`/bin/cat /var/.cagefs/origin`
    REMOTE="/usr/bin/ssh -F /etc/ssh/cagefs-rexec_config $USR@$ORIGIN"
else
    REMOTE=""
fi

eval "(
    /usr/bin/flock -x -w 10 $FD || exit 1
    echo -n \"\" | $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock \"$USR\" \"$CWD\" CRONTAB_CHECK $$
) $FD> $LOCKFILE"

[ $? -ne 0 ] && exit 1

eval "(
  /usr/bin/flock -x -w 10 $FD || exit 1
$REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock \"$USR\" \"$CWD\" CRONTAB_LIST $$ 2>/dev/null |cat > /var/spool/cron/$USR
) $FD> $LOCKFILE"

/usr/bin/crontab.cagefs $@

eval "(
  /usr/bin/flock -x -w 10 $FD || exit 1
if [ -e /var/spool/cron/$USR ]; then
        cat /var/spool/cron/$USR | $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock \"$USR\" \"$CWD\" CRONTAB_SAVE $$ 2>/dev/null
else
        echo -n \"\" | $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock \"$USR\" \"$CWD\" CRONTAB_SAVE $$ 2>/dev/null
fi
) $FD>$LOCKFILE"