Merge branch 'master' of git.openslx.org:openslx-ng/tm-scripts

...

3 files changed, 34 insertions, 90 deletions

diff --git a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close
index d3b5ebb3..535cd0d6 100755
--- a/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close
+++ b/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close
@@ -7,30 +7,42 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/o
 slxlog "session-close" "$PAM_USER logged out on $PAM_TTY"
 
 # do not kill all root processes :)
-[ "x${PAM_USER}" == "xroot" ] && exit 0
+[ "x${PAM_USER}" = "xroot" ] && exit 0
+# can only work if script is run as root
+[ "x$(whoami)" = "xroot" ] || exit 0
 
-OPENSESSIONS=$(loginctl | grep "${PAM_USER}" | wc -l)
+OPENSESSION=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-)
+SESSIONCOUNT=$(echo "$OPENSESSION" | wc -w)
 
-if [ "x${OPENSESSIONS}" == "x1" ]; then
+if [ "$SESSIONCOUNT" = "1" ]; then
 	# last sessions, close all ghost user processes
+	usleep 500000
 	pkill -u "${PAM_USER}"
 
 	# check if user's process are still running
-	for TIMEOUT in 1 1 1 2; do
-		if ! ps aux | grep -v grep | grep -q "${PAM_USER}"; then
-			break;
+	for TIMEOUT in 1 1 2 FAIL; do
+		if [ "$TIMEOUT" = "FAIL" ]; then
+			# still something running, send SIGKILL
+			pkill -9 -u "${PAM_USER}"
+			break
 		fi
+		if ! ps -o pid,s -u "$PAM_USER" -U "$PAM_USER" | grep -q -v -E "PID|Z"; then
+			# nothing running anymore
+			break
+		fi
+		# give some time
 		sleep "${TIMEOUT}"
 	done
-	# all done, kill it again to be sure
-	pkill -9 -u "${PAM_USER}" 
-
-	# unmount the home directory structure
-	umount -l "/home/${PAM_USER}/PERSISTENT" || \
-		echo "Could not unmount '/home/${PAM_USER}/PERSISTENT'."
+	# just to be sure we check if there's no other open session in the meantime
+	OPEN2=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-)
+	if [ -z "$OPEN2" -o "x$OPENSESSION" = "x$OPEN2" ]; then
+		# unmount the home directory structure
+		umount -l "/home/${PAM_USER}/PERSISTENT" || \
+			echo "Could not unmount '/home/${PAM_USER}/PERSISTENT'."
         
-	umount -l "/home/${PAM_USER}" || \
-		echo "Could not unmount '/home/${PAM_USER}'."
+		umount -l "/home/${PAM_USER}" || \
+			echo "Could not unmount '/home/${PAM_USER}'."
+	fi
 fi
 
 exit 0
diff --git a/remote/modules/systemd/data/usr/lib/udev/rules.d/70-uaccess-floppy.rules b/remote/modules/systemd/data/usr/lib/udev/rules.d/70-uaccess-floppy.rules
new file mode 100644
index 00000000..113d288a
--- /dev/null
+++ b/remote/modules/systemd/data/usr/lib/udev/rules.d/70-uaccess-floppy.rules
@@ -0,0 +1,8 @@
+ACTION=="remove", GOTO="floppy_extra_end"
+ENV{MAJOR}=="", GOTO="floppy_extra_end"
+
+# floppy devices
+SUBSYSTEM=="block", KERNEL=="fd[0-9]*", TAG+="uaccess"
+
+LABEL="floppy_extra_end"
+
diff --git a/remote/modules/systemd/data/usr/lib/udev/rules.d/70-udev-acl.rules b/remote/modules/systemd/data/usr/lib/udev/rules.d/70-udev-acl.rules
deleted file mode 100644
index 2dac2831..00000000
--- a/remote/modules/systemd/data/usr/lib/udev/rules.d/70-udev-acl.rules
+++ /dev/null
@@ -1,76 +0,0 @@
-# do not edit this file, it will be overwritten on update
-
-# Do not use TAG+="udev-acl" outside of this file. This variable is private to
-# udev-acl of this udev release and may be replaced at any time.
-
-ENV{MAJOR}=="", GOTO="acl_end"
-ACTION=="remove", GOTO="acl_apply"
-
-# systemd replaces udev-acl entirely, skip if active
-TEST=="/sys/fs/cgroup/systemd", TAG=="uaccess", GOTO="acl_end"
-
-# PTP/MTP protocol devices, cameras, portable media players
-SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="udev-acl"
-
-# digicams with proprietary protocol
-ENV{ID_GPHOTO2}=="*?", TAG+="udev-acl"
-
-# SCSI and USB scanners
-ENV{libsane_matched}=="yes", TAG+="udev-acl"
-
-# HPLIP devices (necessary for ink level check and HP tool maintenance)
-ENV{ID_HPLIP}=="1", TAG+="udev-acl"
-
-# optical drives
-SUBSYSTEM=="block", ENV{ID_CDROM}=="1", TAG+="udev-acl"
-SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", TAG+="udev-acl"
-
-# sound devices
-SUBSYSTEM=="sound", TAG+="udev-acl"
-
-# ffado is an userspace driver for firewire sound cards
-SUBSYSTEM=="firewire", ENV{ID_FFADO}=="1", TAG+="udev-acl"
-
-# webcams, frame grabber, TV cards
-SUBSYSTEM=="video4linux", TAG+="udev-acl"
-SUBSYSTEM=="dvb", TAG+="udev-acl"
-
-# IIDC devices: industrial cameras and some webcams
-SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x00010*",  TAG+="udev-acl"
-SUBSYSTEM=="firewire", ATTR{units}=="*0x00b09d:0x00010*",  TAG+="udev-acl"
-# AV/C devices: camcorders, set-top boxes, TV sets, audio devices, and more
-SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", TAG+="udev-acl"
-SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="udev-acl"
-
-# DRI video devices
-SUBSYSTEM=="drm", KERNEL=="card*", TAG+="udev-acl"
-
-# KVM
-SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="udev-acl"
-
-# smart-card readers
-ENV{ID_SMARTCARD_READER}=="*?", TAG+="udev-acl"
-
-# PDA devices
-ENV{ID_PDA}=="*?", TAG+="udev-acl"
-
-# Programmable remote control
-ENV{ID_REMOTE_CONTROL}=="1", TAG+="udev-acl"
-
-# joysticks
-SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="udev-acl"
-
-# color measurement devices
-ENV{COLOR_MEASUREMENT_DEVICE}=="*?", TAG+="udev-acl"
-
-# DDC/CI device, usually high-end monitors such as the DreamColor
-ENV{DDC_DEVICE}=="*?", TAG+="udev-acl"
-
-# media player raw devices (for user-mode drivers, Android SDK, etc.)
-SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="udev-acl"
-
-# apply ACL for all locally logged in users
-LABEL="acl_apply", TAG=="udev-acl", TEST=="/var/run/ConsoleKit/database", \
-  RUN+="udev-acl --action=$env{ACTION} --device=$env{DEVNAME}"
-
-LABEL="acl_end"