#!/bin/sh
#
# molly-guard -- wrapper script to prevent erroneous shutdowns via SSH
#
# Copyright © martin f. krafft <madduck@madduck.net>
# Released under the terms of the Artistic Licence 2.0
#
set -eu

ME=molly-guard

ALWAYS_MOLLY=${ALWAYS_MOLLY:-"0"}
[ -f /etc/default/${ME} ] && . /etc/default/${ME}

CMD=$1; shift
PRETEND_SSH=0
for arg in "$@"; do
  case "$arg" in
    (*-help)
      usage 2>&1
      eval $EXEC --help 2>&1
      exit 1
      ;;
    (*-pretend-ssh) PRETEND_SSH=1;;
  esac
done

# require an interactive terminal connected to stdin
test -t 0                    || exit 0

# we've been asked to always protect this host
if [ ${ALWAYS_MOLLY} -eq 1 ]; then
  echo "W: $ME: ${CMD} is always molly-guarded on this server."
else
  # only run if we are being called over SSH, that is if the current terminal
  # was created by sshd.
  PTS=$(readlink /proc/$$/fd/0)
  if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \
    && [ -z "${SSH_CONNECTION:-}" ]; then
      if [ $PRETEND_SSH -eq 1 ]; then
        echo "I: this is not an SSH session, but --pretend-ssh was given..."
      else
        exit 0
      fi
  else
    echo "W: $ME: SSH session detected!"
  fi
fi


HOSTNAME="$(hostname --short)"

sigh()
{
  echo "Good thing I asked; I won't $CMD $HOSTNAME ..."
  exit 1
}

trap 'echo;sigh' 1 2 3 9 10 12 15

echo -n "Please type in hostname of the machine to $CMD: "
read HOSTNAME_USER || :

[ "$HOSTNAME_USER" = "$HOSTNAME" ] || sigh

trap - 1 2 3 9 10 12 15

exit 0