Use run-parts to run a selection of different guards.

diff --git a/checks.d/molly-guard b/checks.d/molly-guard
new file mode 100755 (executable)
index 0000000..a9a2e90
--- /dev/null
+++ b/checks.d/molly-guard
@@ -0,0 +1,61 @@
+#!/bin/sh
+#
+# molly-guard -- wrapper script to prevent erroneous shutdowns via SSH
+#
+# Copyright © martin f. krafft <madduck@madduck.net>
+# Released under the terms of the Artistic Licence 2.0
+#
+set -eu
+
+ME=molly-guard
+
+PRETEND_SSH=0
+CMD=$1
+shift
+for arg in "$@"; do
+  case "$arg" in
+    (*-help)
+      usage 2>&1
+      eval $EXEC --help 2>&1
+      exit 1
+      ;;
+    (*-pretend-ssh) PRETEND_SSH=1;;
+  esac
+done
+
+# require an interactive terminal connected to stdin
+test -t 0                    || exit 0
+
+# only run if we are being called over SSH, that is if the current terminal
+# was created by sshd.
+PTS=$(readlink /proc/$$/fd/0)
+if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \
+  && [ -z "${SSH_CONNECTION:-}" ]; then
+    if [ $PRETEND_SSH -eq 1 ]; then
+      echo "I: this is not an SSH session, but --pretend-ssh was given..."
+    else
+      exit 0
+    fi
+else
+  echo "W: $ME: SSH session detected!"
+fi
+
+
+HOSTNAME="$(hostname --short)"
+
+sigh()
+{
+  echo "Good thing I asked; I won't $CMD $HOSTNAME ..."
+  exit 1
+}
+
+trap 'echo;sigh' 1 2 3 9 10 12 15
+
+echo -n "Please type in hostname of the machine to $CMD: "
+read HOSTNAME_USER || :
+
+[ "$HOSTNAME_USER" = "$HOSTNAME" ] || sigh
+
+trap - 1 2 3 9 10 12 15
+
+exit 0

diff --git a/shutdown b/shutdown
index 0c52d92803e65b8e7615b918e9910e7ea55102b6..c68b57254297888114a1bea7792e480ae9890774 100755 (executable)
--- a/shutdown
+++ b/shutdown
@@ -37,15 +37,18 @@ usage()
        Usage: $ME [options]
               (shielding $EXEC)
 
-       Instead of invoking $EXEC directly, $ME will prompt the user for the
-       machine's hostname to guard against accidental shutdowns/reboots, if the
-       current shell is a child of an SSH connection (or --pretend-ssh) has been
-       given on the command line, if the shell is connected to an interactive
-       terminal, and the actual command to execute is does not involve --help or is
-       \`shutdown -c'.
-
-       Only if the user enters the machine's hostname correctly will $ME take
-       action. Specifying --molly-guard-do-nothing as argument to the command will
+       Instead of invoking $EXEC directly, $ME will run a number of checks
+        to guard against accidental shutdowns/reboots.
+
+        Some of the checks available are:
+         - Prompt the user for the machine's if the current shell is a child
+           of an SSH connection (or --pretend-ssh) has been given on the
+           command line, if the shell is connected to an interactive
+          terminal, and the actual command to execute is does not involve
+           --help or is \`shutdown -c'.
+
+       Only if the user satisfies all the checks will $ME take action.
+       Specifying --molly-guard-do-nothing as argument to the command will
        make $ME echo the command it would execute rather than actually executing
        it.
 
@@ -56,7 +59,7 @@ usage()
 
 ARGS=
 DO_NOTHING=0
-PRETEND_SSH=0
+CHECK_ARGS=
 for arg in "$@"; do
   case "$arg" in
     (*-molly-guard-do-nothing) DO_NOTHING=1;;
@@ -65,7 +68,7 @@ for arg in "$@"; do
       eval $EXEC --help 2>&1
       exit 0
       ;;
-    (*-pretend-ssh) PRETEND_SSH=1;;
+    (*-pretend-ssh) CHECK_ARGS="${CHECK_ARGS:+$CHECK_ARGS }--arg --pretend-ssh";;
     *) ARGS="${ARGS:+$ARGS }$arg";;
   esac
 done
@@ -84,46 +87,18 @@ if [ $DO_NOTHING -eq 1 ]; then
   echo "I: demo mode; $ME will not do anything due to --molly-guard-do-nothing."
 fi
 
-# require an interactive terminal connected to stdin
-test -t 0                    || do_real_cmd
-
-# only run if we are being called over SSH, that is if the current terminal
-# was created by sshd.
-PTS=$(readlink /proc/$$/fd/0)
-if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null \
-  && [ -z "${SSH_CONNECTION:-}" ]; then
-    if [ $PRETEND_SSH -eq 1 ]; then
-      echo "I: this is not an SSH session, but --pretend-ssh was given..."
-    else
-      do_real_cmd
-    fi
-else
-  echo "W: $ME: SSH session detected!"
-fi
-
 # pass through certain commands
 case "$CMD $ARGS" in
   (*shutdown\ *-c*) 
-    echo "I: executing $CMD $ARGS regardless of SSH session."
+    echo "I: executing $CMD $ARGS regardless of check results."
     do_real_cmd
     ;;
 esac
 
-HOSTNAME="$(hostname --short)"
+run-parts --exit-on-error $CHECK_ARGS /usr/share/molly-guard/checks.d
 
-sigh()
-{
-  echo "Good thing I asked; I won't $CMD $HOSTNAME ..."
-  exit 2
-}
-
-trap 'echo;sigh' 1 2 3 9 10 12 15
-
-echo -n "Please type in hostname of the machine to $CMD: "
-read HOSTNAME_USER || :
-
-[ "$HOSTNAME_USER" = "$HOSTNAME" ] || sigh
-
-trap - 1 2 3 9 10 12 15
-
-do_real_cmd
+# run-parts won't return to us if there are failures, but I'm paranoid.
+if [ $? == 0 ]; then
+  do_real_cmd
+  exit
+fi