]> git.madduck.net Git - code/molly-guard.git/blobdiff - shutdown

madduck's git repository

Every one of the projects in this repository is available at the canonical URL git://git.madduck.net/madduck/pub/<projectpath> — see each project's metadata for the exact URL.

All patches and comments are welcome. Please squash your changes to logical commits before using git-format-patch and git-send-email to patches@git.madduck.net. If you'd read over the Git project's submission guidelines and adhered to them, I'd be especially grateful.

SSH access, as well as push access can be individually arranged.

If you use my repositories frequently, consider adding the following snippet to ~/.gitconfig and using the third clone URL listed for each project:

[url "git://git.madduck.net/madduck/"]
  insteadOf = madduck:

remove svn header
[code/molly-guard.git] / shutdown
index 65fd374b2dfd87e8050394085ae2f07941bb9606..10eac5505d05eb0fcefa1d86ff2c6884e4de16fa 100755 (executable)
--- a/shutdown
+++ b/shutdown
@@ -5,8 +5,6 @@
 # Copyright © martin f. krafft <madduck@madduck.net>
 # Released under the terms of the Artistic Licence 2.0
 #
-# $Id: shutdown 299 2006-10-16 14:40:47Z madduck $
-#
 set -eu
 
 ME=molly-guard
@@ -15,10 +13,11 @@ CMD="${0##*/}"
 EXEC="/sbin/$CMD"
 
 case "$CMD" in
-  halt|reboot|shutdown)
+  halt|reboot|shutdown|poweroff)
     if [ ! -f $EXEC ]; then
       echo "E: $ME: not a regular file: $EXEC" >&2
       exit 4
+    fi
     if [ ! -x $EXEC ]; then
       echo "E: $ME: not an executable: $EXEC" >&2
       exit 3
@@ -29,29 +28,87 @@ case "$CMD" in
     exit 1
     ;;
 esac
-ARGS="$@"
+
+usage()
+{
+  cat <<-_eousage
+       Usage: $ME [options]
+              (shielding $EXEC)
+
+       Instead of invoking $EXEC directly, $ME will run a number of checks
+        to guard against accidental shutdowns/reboots.
+
+        Some of the checks available are:
+         - Prompt the user for the machine's if the current shell is a child
+           of an SSH connection (or --pretend-ssh) has been given on the
+           command line, if the shell is connected to an interactive
+          terminal, and the actual command to execute is does not involve
+           --help or is \`shutdown -c'.
+
+         $ME will always interpose the prompt if the environment variable
+          ALWAYS_MOLLY is set to '1'.  This variable may be set in the file
+         /etc/default/${ME} .
+
+        - Print out a warning message with information about this host
+         before the action takes place.  You can use:
+               /etc/molly-guard.<Action>.message
+         To print out a message specific to the command you're trying to
+         use.  Or:
+               /etc/molly-guard.message
+         For a general warning message.
+
+       Only if the user satisfies all the checks will $ME take action.
+       Specifying --molly-guard-do-nothing as argument to the command will
+       make $ME echo the command it would execute rather than actually executing
+       it.
+
+       The actual command's help output follows:
+
+       _eousage
+}
+
+ARGS=
+DO_NOTHING=0
+CHECK_ARGS=
+for arg in "$@"; do
+  case "$arg" in
+    (*-molly-guard-do-nothing) DO_NOTHING=1;;
+    (*-help)
+      usage 2>&1
+      eval $EXEC --help 2>&1
+      exit 0
+      ;;
+    (*-pretend-ssh) CHECK_ARGS="${CHECK_ARGS:+$CHECK_ARGS }--arg --pretend-ssh";;
+    *) ARGS="${ARGS:+$ARGS }$arg";;
+  esac
+done
 
 do_real_cmd()
 {
-  exec $EXEC "$ARGS"
+  if [ $DO_NOTHING -eq 1 ]; then
+    echo "$ME: would run: $EXEC $ARGS"
+    exit 0
+  else
+    eval exec $EXEC "$ARGS"
+  fi
 }
 
-# require $SSH_CONNECTION to be set, indicates an SSH session
-[ -n "${SSH_CONNECTION:-}" ] || do_real_cmd
-# require an interactive terminal connected to stdin
-test -t 0                    || do_real_cmd
-# pass through help commands
+if [ $DO_NOTHING -eq 1 ]; then
+  echo "I: demo mode; $ME will not do anything due to --molly-guard-do-nothing."
+fi
+
+# pass through certain commands
 case "$CMD $ARGS" in
-  'shutdown*-c'|'*-h') do_real_cmd;;
-  *) :;;
+  (*shutdown\ *-c*) 
+    echo "I: executing $CMD $ARGS regardless of check results."
+    do_real_cmd
+    ;;
 esac
 
-echo -n "$ME: SSH session detected, type in hostname of the machine to $CMD: "
-read HOSTNAME_USER
-
-HOSTNAME="$(hostname)"
+run-parts --exit-on-error --arg $CMD $CHECK_ARGS /usr/share/molly-guard/checks.d
 
-if [ "$HOSTNAME_USER" != "$HOSTNAME" ]; then
-  echo "Good thing I asked; I won't $CMD $HOSTNAME ..."
-  exit 2
+# run-parts won't return to us if there are failures, but I'm paranoid.
+if [ $? == 0 ]; then
+  do_real_cmd
+  exit
 fi