#!/bin/sh

# Copyright 2015-2024 Rivoreo

# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:

# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.

# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
# IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.


isdigit() {
	printf %s\\n "$1" | grep -Eq '^[0-9]+$'
}

isdigit "$EUID" || EUID="`id -u`"
isdigit "$UID" || UID="`id -ru`"

if [ $# -gt 0 ]; then
	printf "[%s] %s %s [%s %s] (#=%s)\\n" "`date +%F.%T.%Z`" "$USER" "$SSH_CLIENT" "$0" "$*" "$#" >> /var/log/shd.log
fi 2> /dev/null

[ $# = 0 ] && [ "`ps -p $PPID -o comm=`" = sshd ] && set -- --login

# This script only logs any requested command line, then exec to bash(1)
# directly, if the user is privileged
#[ "$EUID" = 0 ] && [ "$UID" = 0 ] && exec /bin/bash "$@"
# Or only if no command was specified via '-c'
if [ "$EUID" = 0 ] && [ "$UID" = 0 ]; then
	[ $# = 0 ] && exec /bin/bash "$@"
	[ $# = 1 ] && [ "$1" = --login ] && exec /bin/bash "$@"
fi

SFTP_SERVER_PROGRAM=/usr/lib/openssh/sftp-server
MAX_PROCESSES=
#MAX_PROCESSES=64

if [ "$1" = -c ]; then case "$2" in
	"scp "*)
		exec $2
		;;
	"$SFTP_SERVER_PROGRAM")
		exec $SFTP_SERVER_PROGRAM -l DEBUG1
		;;

	#"uname -s -v -n -r -m")
	#	buffer="`uname -vnr`" || exit
	#	printf 'Linux %s x86_64\n' "$buffer"
	#	exit
	#	;;

	"echo -"*"| passwd")
		exec 1>&2
		echo "New password: Re-enter new password: Sorry, passwords do not match"
		echo "passwd: Authentication token manipulation error"
		echo "passwd: password unchanged"
		exit 10
		;;

	#"uptime -p")
	#	buffer=", 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute, 1 minute"
	#	printf "\\x1b[9;0t\\x1b[3;18034;34039t\\x1b[2tup "
	#	while printf %s "$buffer"; do true; done
	#	;;

	#uptime)
	#	exec uptime
	#	;;

	# Enable this if fake nproc(1) from fuck-vvnnmm is installed
	#"nproc --all"|nproc)
	#	exec $2
	#	;;

	#"lspci | grep VGA | cut "*)
	#	exec yes "NVIDIA Corporation GA102 [GeForce RTX 3090] (rev a1)"
	#	;;
esac fi

if [ -n "$MAX_PROCESSES" ]; then
	if [ -n "$BASH" ]; then
		ulimit -u "$MAX_PROCESSES"
	else
		ulimit -p "$MAX_PROCESSES"
	fi > /dev/null 2>&1
fi

export SHELL=/bin/sh
LOG_FILE="/var/log/noshell/$USER.`date -u +%F.%H-%M-%S`"
exec script -c "                                                  export SHELL=/bin/bash; exec /bin/bash $*" -f -q -t $LOG_FILE 2> $LOG_FILE.time