#!/usr/bin/perl
#
# virssh - allow users to control their libvirt VM through SSH.
#
# For usage please see README.md.
#

use strict;
use warnings;

my $logtag = $0;
my $vm = $ARGV[0];
my $HOSTNAME = `hostname -f` || "vmserver"; chomp($HOSTNAME);
my $USER = $ENV{"USER"} || "vmadmin";
my $SSH_ORIGINAL_COMMAND = $ENV{"SSH_ORIGINAL_COMMAND"} || "";

if ($SSH_ORIGINAL_COMMAND =~ /^sudo virsh (list|console $vm|destroy $vm|shutdown $vm|start $vm( --console)?)$/s) {
  system("logger", "-t", "$logtag", "Allowing command \"$SSH_ORIGINAL_COMMAND\"");
  exec $SSH_ORIGINAL_COMMAND
} else {
  system("logger", "-t", "$logtag", "ALERT: NOT allowing command \"$SSH_ORIGINAL_COMMAND\"");
  print STDERR "ALERT: NOT allowing command \"$SSH_ORIGINAL_COMMAND\"\n";
  print STDERR <<EOF;
Allowed commands for you are:

ssh -t $USER\@$HOSTNAME sudo virsh list
ssh -t $USER\@$HOSTNAME sudo virsh console $vm
ssh -t $USER\@$HOSTNAME sudo virsh destroy $vm
ssh -t $USER\@$HOSTNAME sudo virsh shutdown $vm
ssh -t $USER\@$HOSTNAME sudo virsh start $vm
ssh -t $USER\@$HOSTNAME sudo virsh start $vm --console

EOF
  exit(2);
}