path: root/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close

#!/bin/ash

# Needed as pam_script clears PATH
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/usr/sbin:/opt/openslx/usr/bin:/opt/openslx/sbin:/opt/openslx/bin"

# NSA needs to know
slxlog "session-close" "$PAM_USER logged out on $PAM_TTY"

# do not kill all root processes :)
[ "x${PAM_USER}" = "xroot" ] && exit 0
# can only work if script is run as root
[ "x$(whoami)" = "xroot" ] || exit 0

OPENSESSION=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-)
SESSIONCOUNT=$(echo "$OPENSESSION" | wc -w)
# When using su/sudo there is no session created, so count up by one
if [ "x$PAM_SERVICE" = "xsu" -o "x$PAM_SERVICE" = "xsudo" ]; then
	SESSIONCOUNT=$(( $SESSIONCOUNT + 1 ))
fi

if [ "$SESSIONCOUNT" = "1" ]; then
	# last sessions, close all ghost user processes
	usleep 500000
	pkill -u "${PAM_USER}"

	# check if user's process are still running
	for TIMEOUT in 1 1 2 FAIL; do
		if [ "$TIMEOUT" = "FAIL" ]; then
			# still something running, send SIGKILL
			pkill -9 -u "${PAM_USER}"
			break
		fi
		if ! ps -o pid,s -u "$PAM_USER" -U "$PAM_USER" | grep -q -v -E "PID|Z"; then
			# nothing running anymore
			break
		fi
		# give some time
		sleep "${TIMEOUT}"
	done
	# just to be sure we check if there's no other open session in the meantime
	OPEN2=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-)
	if [ -z "$OPEN2" -o "x$OPENSESSION" = "x$OPEN2" ]; then
		# unmount the home directory structure
		umount -l "/home/${PAM_USER}/PERSISTENT" || \
			echo "Could not unmount '/home/${PAM_USER}/PERSISTENT'."
        
		umount -l "/home/${PAM_USER}" || \
			echo "Could not unmount '/home/${PAM_USER}'."
	fi
fi

exit 0