#!/bin/sh
#
# shutdown -- wrapper script to guard against accidental shutdowns
#
# Copyright © martin f. krafft <madduck@madduck.net>
# Released under the terms of the Artistic Licence 2.0
#
set -eu

ME=molly-guard
VERSION=0.8

SCRIPTSDIR="/etc/molly-guard/run.d"

CMD="${0##*/}"

case "$CMD" in
  halt|reboot|shutdown|poweroff|coldreboot|pm-hibernate|pm-suspend|pm-suspend-hybrid)
    if ! EXEC=$(command -v "$CMD.no-molly-guard"); then
      if ! EXEC=$(command -v "$CMD.no-molly-guard.usr-is-merged"); then
        echo "E: not a regular file: $EXEC" >&2
        exit 4
      fi
    fi
    if [ "$EXEC" -ef /usr/lib/molly-guard/molly-guard ]; then
      # Symlink forwards to ourselves. Resolve!
      LINKTARGET=$(readlink "$EXEC")
      if ! EXEC=$(command -v "$LINKTARGET.no-molly-guard"); then
        if ! EXEC=$(command -v "$LINKTARGET.no-molly-guard.usr-is-merged"); then
          echo "E: not a regular file $EXEC" >&2
          exit 4
        fi
      fi
    fi
    if [ ! -x $EXEC ]; then
      echo "E: not an executable: $EXEC" >&2
      exit 3
    fi
    ;;
  *)
    echo "E: unsupported command: $CMD" >&2
    exit 1
    ;;
esac

usage()
{
  cat <<-_eousage
	Usage: $ME [options] [-- script options]
	       (shielding $EXEC)
	
	molly-guard's primary goal is to guard against accidental
	shutdowns/reboots. $ME will run all scripts in $SCRIPTSDIR and only
	invokes $EXEC if all scripts exited successfully.

	Specifying --molly-guard-do-nothing as argument to the command will
	make $ME echo the command it would execute rather than actually
	executing it.

	Options following the double hyphen will be passed unchanged to the
	scripts.

	Please see molly-guard(8) for more information.

	The actual command's help output follows:

	_eousage
}

CMDARGS=
SCRIPTARGS=
END_OF_ARGS=0
DO_NOTHING=0
for arg in "$@"; do
  case "$arg" in
    (*-molly-guard-do-nothing) DO_NOTHING=1;;
    (*-help)
      usage 2>&1
      ( exec bash -c 'exec -a "$0" "$@"' "$CMD" "$EXEC" --help 2>&1 )
      exit 0
      ;;
    --) END_OF_ARGS=1;;
    *\"*)
      echo 'E: cannot use double-quotes (") in arguments' >&2
      exit 1
      ;;
    *)
      if [ $END_OF_ARGS -eq 0 ]; then
        CMDARGS="${CMDARGS:+$CMDARGS }\"$arg\""
      else
        SCRIPTARGS="${SCRIPTARGS:+$SCRIPTARGS }--arg \"$arg\""
      fi
      ;;
  esac
done

do_real_cmd()
{
  if [ $DO_NOTHING -eq 1 ]; then
    echo "$ME: would run: $EXEC $CMDARGS"
    exit 0
  else
    eval exec bash -c "'"'exec -a "$0" "$@"'"'" "'$CMD'" "'$EXEC'" "$CMDARGS"
  fi
}

if [ $DO_NOTHING -eq 1 ]; then
  echo "I: demo mode; $ME will not do anything due to --molly-guard-do-nothing." >&2
fi

if [ -n "${MOLLYGUARD_CMD:-}" ]; then
  do_real_cmd
fi

MOLLYGUARD_CMD=$CMD; export MOLLYGUARD_CMD
MOLLYGUARD_DO_NOTHING=$DO_NOTHING; export MOLLYGUARD_DO_NOTHING
MOLLYGUARD_SETTINGS="/etc/molly-guard/rc"; export MOLLYGUARD_SETTINGS

# pass through certain commands
case "$CMD $CMDARGS" in
  (*shutdown\ *-c*|*halt\ *-w*|*halt\ *-f*|*reboot\ *-f*)
    # allow canceling shutdowns, only write wtmp and force immediate halt
    echo "I: executing $CMD $CMDARGS regardless of check results." >&2
    do_real_cmd
    ;;
esac

# Check for execution from configuration management tools that might use an
# interactive shell.
CONFIGURATION_MANAGEMENT=0

[ -f "$MOLLYGUARD_SETTINGS" ] && . "$MOLLYGUARD_SETTINGS"

# Ansible uses an interactive shell, but by default puts Ansible in the
# broadcast message, we can look for that. Allow for it be changed per site.
ANSIBLE_SEARCH_STRING="${ANSIBLE_SEARCH_STRING:-ansible}"
if echo $CMDARGS | grep -qi $ANSIBLE_SEARCH_STRING; then
  CONFIGURATION_MANAGEMENT=1
fi

export CONFIGURATION_MANAGEMENT

for script in $(run-parts --test $SCRIPTSDIR); do
  ret=0
  eval $script $SCRIPTARGS || ret=$?
  if [ $ret -ne 0 ]; then
    echo "W: aborting $CMD due to ${script##*/} exiting with code $ret." >&2
    exit $ret
  fi
done

do_real_cmd
