#!/usr/bin/env python
"""Listen on a UNIX domain socket to manage user SSH keys.
"""
import atexit
from getpass import getuser
from os import chown, makedirs, path, stat, remove
from pwd import getpwnam
from grp import getgrnam
from sys import argv
from SocketServer import UnixStreamServer

from keyholer import conf
from keyholer.keyholer_daemon import KeyholerDaemon


@atexit.register
def cleanup_socket():
    """Removes the keyholer socket.
    """
    if path.exists(conf['socket']):
        remove(conf['socket'])


if __name__ == "__main__":
    # Make sure our environment is setup correctly
    # We should run as root, or some other user who can access authorized_keys
    if getuser() != 'root':
        print '[ERROR] You must run %s as root!' % argv[0]
        exit(1)

    # Make sure our socket directory is secure
    socket_dir = path.dirname(conf['socket'])
    uid = getpwnam(conf['web_user']).pw_uid
    gid = getgrnam(conf['group']).gr_gid

    if not path.exists(socket_dir):
        makedirs(socket_dir, 0700)
        chown(socket_dir, uid, gid)

    st = stat(socket_dir)

    if st.st_mode != 040700:
        print "[ERROR] %s must be chmod'd to 700!" % socket_dir
        exit(1)

    elif st.st_uid != uid or st.st_gid != gid:
        print st.st_uid, '!=', uid
        print st.st_gid, '!=', gid
        print "[ERROR] %s must be owned by %s:%s!" % (socket_dir,
                                                      conf['web_user'],
                                                      conf['group'])
        exit(1)

    # Create the server, listening on a unix domain socket
    server = UnixStreamServer(conf['socket'], KeyholerDaemon)
    chown(conf['socket'], uid, gid)
    server.serve_forever()
