X-Git-Url: https://git.madduck.net/code/molly-guard.git/blobdiff_plain/b8333417c7987231f26948bfb1b8d0debffc3a00..946cdc2f1df4ba60775d48f9d652344e29ec4186:/shutdown?ds=sidebyside diff --git a/shutdown b/shutdown index 65fd374..3ffacc9 100755 --- a/shutdown +++ b/shutdown @@ -1,24 +1,25 @@ #!/bin/sh # -# shutdown -- wrapper script to prevent erroneous shutdowns via SSH +# shutdown -- wrapper script to guard against accidental shutdowns # # Copyright © martin f. krafft # Released under the terms of the Artistic Licence 2.0 # -# $Id: shutdown 299 2006-10-16 14:40:47Z madduck $ -# set -eu ME=molly-guard +VERSION=0.4 +SCRIPTSDIR=/etc/molly-guard/run.d CMD="${0##*/}" EXEC="/sbin/$CMD" case "$CMD" in - halt|reboot|shutdown) + halt|reboot|shutdown|poweroff) if [ ! -f $EXEC ]; then echo "E: $ME: not a regular file: $EXEC" >&2 exit 4 + fi if [ ! -x $EXEC ]; then echo "E: $ME: not an executable: $EXEC" >&2 exit 3 @@ -29,29 +30,88 @@ case "$CMD" in exit 1 ;; esac -ARGS="$@" + +usage() +{ + cat <<-_eousage + Usage: $ME [options] [-- script options] + (shielding $EXEC) + + molly-guard's primary goal is to guard against accidental + shutdowns/reboots. $ME will run all scripts in $SCRIPTSDIR and only + invokes $EXEC if all scripts exited successfully. + + Specifying --molly-guard-do-nothing as argument to the command will + make $ME echo the command it would execute rather than actually + executing it. + + Options following the double hyphen will be passed unchanged to the + scripts. + + Please see molly-guard(8) for more information. + + The actual command's help output follows: + + _eousage +} + +CMDARGS= +SCRIPTARGS= +END_OF_ARGS=0 +DO_NOTHING=0 +for arg in "$@"; do + case "$arg" in + (*-molly-guard-do-nothing) DO_NOTHING=1;; + (*-help) + usage 2>&1 + eval $EXEC --help 2>&1 + exit 0 + ;; + --) END_OF_ARGS=1;; + *) + if [ $END_OF_ARGS -eq 0 ]; then + CMDARGS="${args:+$args }$arg" + else + SCRIPTARGS="${args:+$args }--arg $arg" + fi + ;; + esac +done do_real_cmd() { - exec $EXEC "$ARGS" + if [ $DO_NOTHING -eq 1 ]; then + echo "$ME: would run: $EXEC $CMDARGS" + exit 0 + else + eval exec $EXEC "$CMDARGS" + fi } -# require $SSH_CONNECTION to be set, indicates an SSH session -[ -n "${SSH_CONNECTION:-}" ] || do_real_cmd -# require an interactive terminal connected to stdin -test -t 0 || do_real_cmd -# pass through help commands -case "$CMD $ARGS" in - 'shutdown*-c'|'*-h') do_real_cmd;; - *) :;; +if [ $DO_NOTHING -eq 1 ]; then + echo "I: demo mode; $ME will not do anything due to --molly-guard-do-nothing." >&2 +fi + +# pass through certain commands +case "$CMD $CMDARGS" in + (*shutdown\ *-c*) + # allow canceling shutdowns + echo "I: executing $CMD $CMDARGS regardless of check results." >&2 + do_real_cmd + ;; esac -echo -n "$ME: SSH session detected, type in hostname of the machine to $CMD: " -read HOSTNAME_USER +MOLLYGUARD_CMD=$CMD; export MOLLYGUARD_CMD +MOLLYGUARD_DO_NOTHING=$DO_NOTHING; export MOLLYGUARD_DO_NOTHING +MOLLYGUARD_SETTINGS="/etc/molly-guard/rc"; export MOLLYGUARD_SETTINGS -HOSTNAME="$(hostname)" +for script in $(run-parts --test $SCRIPTSDIR); do + ret=0 + eval $script $SCRIPTARGS || ret=$? + if [ $ret -ne 0 ]; then + echo "W: aborting $CMD due to ${script##*/} exiting with code $ret." >&2 + exit $ret + fi +done -if [ "$HOSTNAME_USER" != "$HOSTNAME" ]; then - echo "Good thing I asked; I won't $CMD $HOSTNAME ..." - exit 2 -fi +do_real_cmd