#!/bin/sh
#
# shutdown -- wrapper script to prevent erroneous shutdowns via SSH
#
# Copyright © martin f. krafft <madduck@madduck.net>
# Released under the terms of the Artistic Licence 2.0
#
# $Id: shutdown 299 2006-10-16 14:40:47Z madduck $
#
set -eu

ME=molly-guard

CMD="${0##*/}"
EXEC="/sbin/$CMD"

case "$CMD" in
  halt|reboot|shutdown|poweroff)
    if [ ! -f $EXEC ]; then
      echo "E: $ME: not a regular file: $EXEC" >&2
      exit 4
    fi
    if [ ! -x $EXEC ]; then
      echo "E: $ME: not an executable: $EXEC" >&2
      exit 3
    fi
    ;;
  *)
    echo "E: $ME: unsupported command: $CMD" >&2
    exit 1
    ;;
esac

usage()
{
  cat <<-_eousage
	Usage: $ME [options]
	       (shielding $EXEC)

	Instead of invoking $EXEC directly, $ME will prompt the user for the
	machine's hostname to guard against accidental shutdowns/reboots, if the
	current shell is a child of an SSH connection (or --pretend-ssh) has been
	given on the command line, if the shell is connected to an interactive
	terminal, and the actual command to execute is does not involve --help or is
	\`shutdown -c'.

	Only if the user enters the machine's hostname correctly will $ME take
	action. Specifying --molly-guard-do-nothing as argument to the command will
	make $ME echo the command it would execute rather than actually executing
	it.

	The actual command's help output follows:

	_eousage
}

ARGS=
DO_NOTHING=0
PRETEND_SSH=0
for arg in "$@"; do
  case "$arg" in
    (*-molly-guard-do-nothing) DO_NOTHING=1;;
    (*-help)
      usage 2>&1
      eval $EXEC --help 2>&1
      exit 0
      ;;
    (*-pretend-ssh) PRETEND_SSH=1;;
    *) ARGS="${ARGS:+$ARGS }$arg";;
  esac
done

do_real_cmd()
{
  if [ $DO_NOTHING -eq 1 ]; then
    echo "$ME: would run: $EXEC $ARGS"
    exit 0
  else
    eval exec $EXEC "$ARGS"
  fi
}

if [ $DO_NOTHING -eq 1 ]; then
  echo "I: demo mode; $ME will not do anything due to --molly-guard-do-nothing."
fi

# require an interactive terminal connected to stdin
test -t 0                    || do_real_cmd

# only run if we are being called over SSH, that is if the current terminal
# was created by sshd.
PTS=$(readlink /proc/$$/fd/0)
if ! pgrep -f "^sshd.+${PTS#/dev/}[[:space:]]*$" >/dev/null; then
  if [ $PRETEND_SSH -eq 1 ]; then
    echo "I: this is not an SSH session, but --pretend-ssh was given..."
  else
    do_real_cmd
  fi
else
  echo "W: $ME: SSH session detected!"
fi

# pass through certain commands
case "$CMD $ARGS" in
  (*shutdown\ *-c*) 
    echo "I: executing $CMD $ARGS regardless of SSH session."
    do_real_cmd
    ;;
esac

HOSTNAME="$(hostname)"

sigh()
{
  echo "Good thing I asked; I won't $CMD $HOSTNAME ..."
  exit 2
}

trap 'echo;sigh' 1 2 3 9 10 12 15

echo -n "Please type in hostname of the machine to $CMD: "
read HOSTNAME_USER || :

[ "$HOSTNAME_USER" = "$HOSTNAME" ] || sigh

trap - 1 2 3 9 10 12 15

do_real_cmd
