blob: 198d2efef6501c7b4f7339421f6fb35a8b5cdf49 (
plain) (
tree)
|
|
#!/bin/ash
# Needed as pam_script clears PATH
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/usr/sbin:/opt/openslx/usr/bin:/opt/openslx/sbin:/opt/openslx/bin"
# NSA needs to know
slxlog "session-close" "$PAM_USER logged out on $PAM_TTY"
# do not kill all root processes :)
[ "x${PAM_USER}" = "xroot" ] && exit 0
# can only work if script is run as root
[ "x$(whoami)" = "xroot" ] || exit 0
OPENSESSION=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-)
SESSIONCOUNT=$(echo "$OPENSESSION" | wc -w)
# When using su/sudo there is no session created, so count up by one
if [ "x$PAM_SERVICE" = "xsu" -o "x$PAM_SERVICE" = "xsudo" ]; then
SESSIONCOUNT=$(( $SESSIONCOUNT + 1 ))
fi
if [ "$SESSIONCOUNT" = "1" ]; then
# last sessions, close all ghost user processes
usleep 500000
pkill -u "${PAM_USER}"
# check if user's process are still running
for TIMEOUT in 1 1 2 FAIL; do
if [ "$TIMEOUT" = "FAIL" ]; then
# still something running, send SIGKILL
pkill -9 -u "${PAM_USER}"
break
fi
if ! ps -o pid,s -u "$PAM_USER" -U "$PAM_USER" | grep -q -v -E "PID|Z"; then
# nothing running anymore
break
fi
# give some time
sleep "${TIMEOUT}"
done
# just to be sure we check if there's no other open session in the meantime
OPEN2=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-)
if [ -z "$OPEN2" -o "x$OPENSESSION" = "x$OPEN2" ]; then
# unmount the home directory structure
umount -l "/home/${PAM_USER}/PERSISTENT" || \
echo "Could not unmount '/home/${PAM_USER}/PERSISTENT'."
umount -l "/home/${PAM_USER}" || \
echo "Could not unmount '/home/${PAM_USER}'."
fi
fi
exit 0
|