[pam] Remove session logging and process killing/unmount, those are now external hooks

2 files changed, 0 insertions, 78 deletions

diff --git a/core/modules/pam/data/opt/openslx/scripts/pam_script_ses_close b/core/modules/pam/data/opt/openslx/scripts/pam_script_ses_close
index adb94990..80b496d6 100755
--- a/core/modules/pam/data/opt/openslx/scripts/pam_script_ses_close
+++ b/core/modules/pam/data/opt/openslx/scripts/pam_script_ses_close
@@ -15,16 +15,6 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/o
 
 [ "x${PAM_SERVICE%greeter}" != "x${PAM_SERVICE}" ] && exit 0
 
-# NSA needs to know
-if [ "x$PAM_SERVICE" != "xsu" -a "x$PAM_SERVICE" != "xsudo" ]; then
-	. /opt/openslx/config
-	if [ "x$SLX_REMOTE_LOG_SESSIONS" = "xyes" -o "x$PAM_USER" = "xroot" ]; then
-		slxlog "session-close" "$PAM_USER logged out on $PAM_TTY"
-	elif [ "x$SLX_REMOTE_LOG_SESSIONS" = "xanonymous" ]; then
-		slxlog "session-close" "User logged out on $PAM_TTY"
-	fi
-fi
-
 # source hooks if there are any
 if [ -d "/opt/openslx/scripts/pam_script_ses_close.d" ]; then
 	for HOOK in $(ls "/opt/openslx/scripts/pam_script_ses_close.d"); do
@@ -33,63 +23,5 @@ if [ -d "/opt/openslx/scripts/pam_script_ses_close.d" ]; then
 	done
 fi
 
-# do not kill all root processes :)
-[ "x${PAM_USER}" = "xroot" ] && exit 0
-
-USERID=$(id -u "$PAM_USER")
-[ -z "$USERID" ] && USERID="$PAM_USER"
-
-# Async block: Check if user has no session open anymore, if not
-# kill any remaining processes belonging to the user and unmount
-# everything at $USERHOME and below.
-{
-	sleep 2 # Give things some time
-	# Use who (utmp) to determine sessions by the user. loginctl might be nicer, but
-	# a simple show-user $USER will also include detached sessions (eg. screen) which
-	# makes this quite pointless. This needs to be investigated some day.
-	SESSIONCOUNT=$(who | grep "^${PAM_USER}\\b" | wc -l)
-	if [ "$SESSIONCOUNT" = "0" ]; then
-
-		# last session, close all ghost user processes
-		pkill -u "${USERID}"
-
-		# check if user's processes are still running
-		for TIMEOUT in 1 1 2 FAIL; do
-			if ! ps -o pid,s -u "$USERID" -U "$USERID" | grep -q -v -E "PID|Z"; then
-				# nothing running anymore
-				break
-			fi
-			if [ "$TIMEOUT" = "FAIL" ]; then
-				# still something running, send SIGKILL
-				pkill -9 -u "${USERID}"
-			else
-				# give some time
-				sleep "${TIMEOUT}"
-			fi
-		done
-
-	fi
-
-	# just to be sure we check again, since the pkilling above might have taken some time...
-	SESSIONCOUNT=$(who | grep "^${PAM_USER}\\b" | wc -l)
-	if [ "$SESSIONCOUNT" = "0" ]; then
-
-		# unmount the home directory structure
-		USER_HOME=$(getent passwd "$USERID" | awk -F ':' '{print $6}')
-		if [ -n "$USER_HOME" ]; then
-			for TIMEOUT in 0 0 2 2 FAIL; do
-				OK=yes
-				for dir in $(cat /proc/mounts | awk '{print $2}' | grep -e "^${USER_HOME}\$" -e "^${USER_HOME}/.*\$"); do
-					umount "$dir" || OK=no
-				done
-				[ "$TIMEOUT" = "FAIL" -o "$OK" = "yes" ] && break
-				sleep "$TIMEOUT"
-			done
-		fi
-
-	fi
-
-} &
-
 exit 0
 
diff --git a/core/modules/pam/data/opt/openslx/scripts/pam_script_ses_open b/core/modules/pam/data/opt/openslx/scripts/pam_script_ses_open
index a71a566f..0050758c 100755
--- a/core/modules/pam/data/opt/openslx/scripts/pam_script_ses_open
+++ b/core/modules/pam/data/opt/openslx/scripts/pam_script_ses_open
@@ -13,16 +13,6 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/o
 # just exit for greeter sessions
 [ "x${PAM_SERVICE%greeter}" != "x${PAM_SERVICE}" ] && exit 0
 
-# NSA needs to know
-if [ "x$PAM_SERVICE" != "xsu" -a "x$PAM_SERVICE" != "xsudo" ]; then
-	. /opt/openslx/config
-	if [ "x$SLX_REMOTE_LOG_SESSIONS" = "xyes" -o "x$PAM_USER" = "xroot" ]; then
-		slxlog "session-open" "$PAM_USER logged in on $PAM_TTY"
-	elif [ "x$SLX_REMOTE_LOG_SESSIONS" = "xanonymous" ]; then
-		slxlog "session-open" "User logged in on $PAM_TTY"
-	fi
-fi
-
 # source the stuff in pam_script_ses_open.d, if it exists
 if [ -d "/opt/openslx/scripts/pam_script_ses_open.d" ]; then
 	for HOOK in $(ls "/opt/openslx/scripts/pam_script_ses_open.d"); do