blob: 0af71c6f1a15bb53b9cfee9e49c179b118511920 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
#!/bin/ash
# Needed as pam_script clears PATH
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin"
# NSA needs to know
if [ "x$PAM_SERVICE" != "xsu" -a "x$PAM_SERVICE" != "xsudo" ]; then
. /opt/openslx/config
if [ "x$SLX_REMOTE_LOG_SESSIONS" = "xyes" -o "x$PAM_USER" = "xroot" ]; then
slxlog "session-close" "$PAM_USER logged out on $PAM_TTY"
elif [ "x$SLX_REMOTE_LOG_SESSIONS" = "xanonymous" ]; then
slxlog "session-close" "User logged out on $PAM_TTY"
fi
fi
# do not kill all root processes :)
[ "x${PAM_USER}" = "xroot" ] && exit 0
# can only work if script is run as root
[ "x$(whoami)" = "xroot" ] || exit 0
OPENSESSION=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-)
SESSIONCOUNT=$(echo "$OPENSESSION" | wc -w)
# When using su/sudo there is no session created, so count up by one
if [ "x$PAM_SERVICE" = "xsu" -o "x$PAM_SERVICE" = "xsudo" ]; then
SESSIONCOUNT=$(( $SESSIONCOUNT + 1 ))
fi
if [ "$SESSIONCOUNT" -le "1" ]; then
# last session, close all ghost user processes
usleep 100000 2> /dev/null
pkill -u "${PAM_USER}"
# check if user's process are still running
for TIMEOUT in 1 1 2 FAIL; do
if [ "$TIMEOUT" = "FAIL" ]; then
# still something running, send SIGKILL
pkill -9 -u "${PAM_USER}"
break
fi
if ! ps -o pid,s -u "$PAM_USER" -U "$PAM_USER" | grep -q -v -E "PID|Z"; then
# nothing running anymore
break
fi
# give some time
sleep "${TIMEOUT}"
done
# just to be sure we check if there's no other open session in the meantime
OPEN2=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-)
if [ -z "$OPEN2" -o "x$OPENSESSION" = "x$OPEN2" ]; then
# unmount the home directory structure
USER_HOME=$(getent passwd "$PAM_USER" | awk -F ':' '{print $6}')
PERSISTENT="$USER_HOME/PERSISTENT"
if [ -d "$PERSISTENT" ]; then
umount -l -f "$PERSISTENT" || \
echo "Could not unmount '$PERSISTENT'."
fi
if grep -q " $USER_HOME tmpfs " "/proc/mounts"; then
umount -l -f "$USER_HOME" 2> /dev/null
fi
fi
fi
exit 0
|