X-Git-Url: https://git.madduck.net/code/molly-guard.git/blobdiff_plain/99a389134d3257c43bf258007d5880a4885bdc77..b3004a65e3dd47433d37cd2b275713404f10c13c:/shutdown?ds=inline diff --git a/shutdown b/shutdown index 8beaa50..0c52d92 100755 --- a/shutdown +++ b/shutdown @@ -30,33 +30,86 @@ case "$CMD" in exit 1 ;; esac -ARGS="$@" -do_real_cmd() +usage() { - case "$ARGS" in - (*--molly-guard-do-nothing*) - ARGS0="${ARGS%%--molly-guard-do-nothing*}" - ARGS1="${ARGS##*--molly-guard-do-nothing}" - echo "$ME: would run: $EXEC ${ARGS0# } ${ARGS1# }" - exit 0;; - *) eval exec $EXEC "$ARGS";; + cat <<-_eousage + Usage: $ME [options] + (shielding $EXEC) + + Instead of invoking $EXEC directly, $ME will prompt the user for the + machine's hostname to guard against accidental shutdowns/reboots, if the + current shell is a child of an SSH connection (or --pretend-ssh) has been + given on the command line, if the shell is connected to an interactive + terminal, and the actual command to execute is does not involve --help or is + \`shutdown -c'. + + Only if the user enters the machine's hostname correctly will $ME take + action. Specifying --molly-guard-do-nothing as argument to the command will + make $ME echo the command it would execute rather than actually executing + it. + + The actual command's help output follows: + + _eousage +} + +ARGS= +DO_NOTHING=0 +PRETEND_SSH=0 +for arg in "$@"; do + case "$arg" in + (*-molly-guard-do-nothing) DO_NOTHING=1;; + (*-help) + usage 2>&1 + eval $EXEC --help 2>&1 + exit 0 + ;; + (*-pretend-ssh) PRETEND_SSH=1;; + *) ARGS="${ARGS:+$ARGS }$arg";; esac +done + +do_real_cmd() +{ + if [ $DO_NOTHING -eq 1 ]; then + echo "$ME: would run: $EXEC $ARGS" + exit 0 + else + eval exec $EXEC "$ARGS" + fi } -# require $SSH_CONNECTION to be set, indicates an SSH session -[ -n "${SSH_CONNECTION:-}" ] || do_real_cmd +if [ $DO_NOTHING -eq 1 ]; then + echo "I: demo mode; $ME will not do anything due to --molly-guard-do-nothing." +fi + # require an interactive terminal connected to stdin test -t 0 || do_real_cmd -# pass through help commands + +# only run if we are being called over SSH, that is if the current terminal +# was created by sshd. +PTS=$(readlink /proc/$$/fd/0) +if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \ + && [ -z "${SSH_CONNECTION:-}" ]; then + if [ $PRETEND_SSH -eq 1 ]; then + echo "I: this is not an SSH session, but --pretend-ssh was given..." + else + do_real_cmd + fi +else + echo "W: $ME: SSH session detected!" +fi + +# pass through certain commands case "$CMD $ARGS" in - (shutdown\ *-c*) do_real_cmd;; - (shutdown\ *-h*) do_real_cmd;; - (*--help*) do_real_cmd;; - *) :;; + (*shutdown\ *-c*) + echo "I: executing $CMD $ARGS regardless of SSH session." + do_real_cmd + ;; esac -HOSTNAME="$(hostname)" +HOSTNAME="$(hostname --short)" sigh() { @@ -66,7 +119,6 @@ sigh() trap 'echo;sigh' 1 2 3 9 10 12 15 -echo "$ME: SSH session detected!" echo -n "Please type in hostname of the machine to $CMD: " read HOSTNAME_USER || :