get real user name from username and email (for submission as real user with drmaa)

lib/galaxy/jobs/__init__.py

@@ -1743,7 +1743,14 @@ def _change_ownership( self, username, gid ):
         job = self.get_job()
         # FIXME: hardcoded path
         external_chown_script = self.get_destination_configuration("external_chown_script", None)
-        cmd = [ '/usr/bin/sudo', '-E', external_chown_script, self.working_directory, username, str( gid ) ]
+
+        cmd = [ '/usr/bin/sudo', '-E', ]
+        for v in ["PATH", "LD_LIBRARY_PATH", "PKG_CONFIG_PATH"]:
+            try:
+                cmd.append('%s=%s'%(v, os.environ[ v ]))
+            except KeyError:
+                pass
+        cmd.extend( [ external_chown_script, self.working_directory, username, str( gid ) ] )
         log.debug( '(%s) Changing ownership of working directory with: %s' % ( job.id, ' '.join( cmd ) ) )
         p = subprocess.Popen( cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
         # TODO: log stdout/stderr
@@ -1770,10 +1777,14 @@ def reclaim_ownership( self ):
     def user_system_pwent( self ):
         if self.__user_system_pwent is None:
             job = self.get_job()
-            try:
-                self.__user_system_pwent = pwd.getpwnam( job.user.email.split('@')[0] )
-            except:
-                pass
+
+            # try to get user from email address/username
+            for cand in [job.user.email.split('@')[0], job.user.username]:
+                try:
+                    self.__user_system_pwent = pwd.getpwnam( cand )
+                except KeyError:
+                    pass
+
         return self.__user_system_pwent
 
     @property

lib/galaxy/jobs/runners/drmaa.py

@@ -316,7 +316,15 @@ def stop_job( self, job ):
                 self.ds.kill( ext_id )
             else:
                 # FIXME: hardcoded path
-                subprocess.Popen( [ '/usr/bin/sudo', '-E', kill_script, str( ext_id ), str( self.userid ) ], shell=False )
+
+                command = [ '/usr/bin/sudo', '-E', ]
+                for v in ["PATH", "LD_LIBRARY_PATH", "PKG_CONFIG_PATH"]:
+                    try:
+                        command.append('%s=%s'%(v, os.environ[ v ]))
+                    except KeyError:
+                        pass
+                command.extend( [ kill_script, str( ext_id ), str( self.userid ) ])
+                subprocess.Popen( command, shell=False )
             log.debug( "(%s/%s) Removed from DRM queue at user's request" % ( job.get_id(), ext_id ) )
         except drmaa.InvalidJobException:
             log.debug( "(%s/%s) User killed running job, but it was already dead" % ( job.get_id(), ext_id ) )
@@ -362,11 +370,18 @@ def external_runjob(self, external_runjob_script, jobtemplate_filename, username
         """
         script_parts = external_runjob_script.split()
         script = script_parts[0]
-        command = [ '/usr/bin/sudo', '-E', script]
+        command = [ '/usr/bin/sudo', '-E', ]
+        for v in ["PATH", "LD_LIBRARY_PATH", "PKG_CONFIG_PATH"]:
+            try:
+                command.append('%s=%s'%(v, os.environ[ v ]))
+            except KeyError:
+                pass
+        command.append( script )
         for script_argument in script_parts[1:]:
             command.append(script_argument)
 
         command.extend( [ str(username), jobtemplate_filename ] )
+        command.append( "--assign_all_groups"  )
         log.info("Running command %s" % command)
         p = subprocess.Popen(command,
                              shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

lib/galaxy/tools/actions/upload_common.py

@@ -282,8 +282,22 @@ def create_paramfile( trans, uploaded_datasets ):
     """
     def _chown( path ):
         try:
-            pwent = pwd.getpwnam( trans.user.email.split('@')[0] )
-            cmd = [ '/usr/bin/sudo', '-E', trans.app.config.external_chown_script, path, pwent[0], str( pwent[3] ) ]
+            # get username from email/username
+            pwent = None        
+            for cand in [ trans.user.email.split('@')[0], trans.user.username]:
+                try:
+                    pwent = pwd.getpwnam( cand )
+                except KeyError:
+                    pass
+            assert pwent != None
+
+            cmd = [ '/usr/bin/sudo', '-E', ]
+            for v in ["PATH", "LD_LIBRARY_PATH", "PKG_CONFIG_PATH"]:
+                try:
+                    cmd.append('%s=%s'%(v, os.environ[ v ]))
+                except KeyError:
+                    pass
+            cmd.extend( [ trans.app.config.external_chown_script, path, pwent[0], str( pwent[3] ) ] )
             log.debug( 'Changing ownership of %s with: %s' % ( path, ' '.join( cmd ) ) )
             p = subprocess.Popen( cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
             stdout, stderr = p.communicate()

scripts/external_chown_script.py

@@ -1,14 +1,34 @@
 #!/usr/bin/env python
 import os
+import os.path
 import sys
 
+# you may configure the paths below which modifications are allowed.
+# should contain the full paths to job_working_directory and new_file_path.
+# if set to None every file can be modified by the script.
+# this can increase security in particular if write access to this
+# script is removed by the admin.
+# ALLOWED_PATHS = [ job_working_directory, new_file_path ]
+ALLOWED_PATHS = None 
 
 def validate_paramters():
     if len(sys.argv) < 4:
         sys.stderr.write("usage: %s path user_name gid\n" % sys.argv[0])
         exit(1)
 
-    path = sys.argv[1]
+    path = os.path.abspath( sys.argv[1] )
+    if ALLOWED_PATHS == None: 
+        allowed = True
+    else:
+        allowed = False
+        for p in ALLOWED_PATHS:
+            if path.startswith( p ):
+                allowed = True
+                break
+    if not allowed:
+        sys.stderr.write( "owner and group modifications in %s are not allowed\n" %path )
+        sys.exit( 1 )
+
     galaxy_user_name = sys.argv[2]
     gid = sys.argv[3]