From d905ac0c307dd747749a3afe72f327f9125aa86b Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 9 Mar 2018 16:54:30 +0100
Subject: [pam-slx-plug] Implement session open/close handling

---
 .../pam-slx-plug/data/opt/openslx/pam/exec_session | 31 ++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

(limited to 'core/modules/pam-slx-plug')

diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_session b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_session
index a789e062..8e7b7bff 100755
--- a/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_session
+++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/exec_session
@@ -1,8 +1,35 @@
 #!/bin/ash
 
-# TODO
-
 # PAM_TYPE will be "open_session" or "close_session"
 
+# Needed as pam_script clears PATH
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin"
+
+# can only work if script is run as root
+[ "x$(whoami)" = "xroot" ] || exit 0
+
+# just exit for greeter sessions
+[ "x${PAM_SERVICE%greeter}" != "x${PAM_SERVICE}" ] && exit 0
+
+if [ "$PAM_TYPE" = "open_session" ]; then
+	# OPEN OPEN OPEN
+	# source the stuff in pam_script_ses_open.d, if it exists
+	for HOOK in /opt/openslx/scripts/pam_script_ses_open.d/*; do
+		[ -f "$HOOK" ] || continue
+		# source it, in case of failure do nothing since these scripts are non-critical
+		( . "$HOOK" ) || slxlog "pam-hooks-ses-open" "Could not source '$HOOK'."
+	done
+	#
+elif [ "$PAM_TYPE" = "close_session" ]; then
+	# CLOSE CLOSE CLOSE
+	# source hooks if there are any
+	for HOOK in /opt/openslx/scripts/pam_script_ses_close.d/*; do
+		[ -f "$HOOK" ] || continue
+		# failure is non-critical
+		( . "$HOOK" ) || slxlog "pam-hooks-ses-close" "Could not source '$HOOK'."
+	done
+	#
+fi
+
 exit 0
 
-- 
cgit v1.2.3-55-g7522