X-Git-Url: https://git.madduck.net/code/molly-guard.git/blobdiff_plain/b8333417c7987231f26948bfb1b8d0debffc3a00..ecdbd1cb447dca36108ca5fe0c4c6d366a09ae70:/shutdown

diff --git a/shutdown b/shutdown
index 65fd374..c68b572 100755
--- a/shutdown
+++ b/shutdown
@@ -15,10 +15,11 @@ CMD="${0##*/}"
 EXEC="/sbin/$CMD"
 
 case "$CMD" in
-  halt|reboot|shutdown)
+  halt|reboot|shutdown|poweroff)
     if [ ! -f $EXEC ]; then
       echo "E: $ME: not a regular file: $EXEC" >&2
       exit 4
+    fi
     if [ ! -x $EXEC ]; then
       echo "E: $ME: not an executable: $EXEC" >&2
       exit 3
@@ -29,29 +30,75 @@ case "$CMD" in
     exit 1
     ;;
 esac
-ARGS="$@"
+
+usage()
+{
+  cat <<-_eousage
+	Usage: $ME [options]
+	       (shielding $EXEC)
+
+	Instead of invoking $EXEC directly, $ME will run a number of checks
+        to guard against accidental shutdowns/reboots.
+
+        Some of the checks available are:
+         - Prompt the user for the machine's if the current shell is a child
+           of an SSH connection (or --pretend-ssh) has been given on the
+           command line, if the shell is connected to an interactive
+	   terminal, and the actual command to execute is does not involve
+           --help or is \`shutdown -c'.
+
+	Only if the user satisfies all the checks will $ME take action.
+	Specifying --molly-guard-do-nothing as argument to the command will
+	make $ME echo the command it would execute rather than actually executing
+	it.
+
+	The actual command's help output follows:
+
+	_eousage
+}
+
+ARGS=
+DO_NOTHING=0
+CHECK_ARGS=
+for arg in "$@"; do
+  case "$arg" in
+    (*-molly-guard-do-nothing) DO_NOTHING=1;;
+    (*-help)
+      usage 2>&1
+      eval $EXEC --help 2>&1
+      exit 0
+      ;;
+    (*-pretend-ssh) CHECK_ARGS="${CHECK_ARGS:+$CHECK_ARGS }--arg --pretend-ssh";;
+    *) ARGS="${ARGS:+$ARGS }$arg";;
+  esac
+done
 
 do_real_cmd()
 {
-  exec $EXEC "$ARGS"
+  if [ $DO_NOTHING -eq 1 ]; then
+    echo "$ME: would run: $EXEC $ARGS"
+    exit 0
+  else
+    eval exec $EXEC "$ARGS"
+  fi
 }
 
-# require $SSH_CONNECTION to be set, indicates an SSH session
-[ -n "${SSH_CONNECTION:-}" ] || do_real_cmd
-# require an interactive terminal connected to stdin
-test -t 0                    || do_real_cmd
-# pass through help commands
+if [ $DO_NOTHING -eq 1 ]; then
+  echo "I: demo mode; $ME will not do anything due to --molly-guard-do-nothing."
+fi
+
+# pass through certain commands
 case "$CMD $ARGS" in
-  'shutdown*-c'|'*-h') do_real_cmd;;
-  *) :;;
+  (*shutdown\ *-c*) 
+    echo "I: executing $CMD $ARGS regardless of check results."
+    do_real_cmd
+    ;;
 esac
 
-echo -n "$ME: SSH session detected, type in hostname of the machine to $CMD: "
-read HOSTNAME_USER
-
-HOSTNAME="$(hostname)"
+run-parts --exit-on-error $CHECK_ARGS /usr/share/molly-guard/checks.d
 
-if [ "$HOSTNAME_USER" != "$HOSTNAME" ]; then
-  echo "Good thing I asked; I won't $CMD $HOSTNAME ..."
-  exit 2
+# run-parts won't return to us if there are failures, but I'm paranoid.
+if [ $? == 0 ]; then
+  do_real_cmd
+  exit
 fi