summaryrefslogtreecommitdiffstats
path: root/remote/modules/pam/data/opt/openslx/scripts/pam_script_ses_close
blob: 0af71c6f1a15bb53b9cfee9e49c179b118511920 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

#!/bin/ash

# Needed as pam_script clears PATH
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin"

# NSA needs to know
if [ "x$PAM_SERVICE" != "xsu" -a "x$PAM_SERVICE" != "xsudo" ]; then
	. /opt/openslx/config
	if [ "x$SLX_REMOTE_LOG_SESSIONS" = "xyes" -o "x$PAM_USER" = "xroot" ]; then
		slxlog "session-close" "$PAM_USER logged out on $PAM_TTY"
	elif [ "x$SLX_REMOTE_LOG_SESSIONS" = "xanonymous" ]; then
		slxlog "session-close" "User logged out on $PAM_TTY"
	fi
fi

# do not kill all root processes :)
[ "x${PAM_USER}" = "xroot" ] && exit 0
# can only work if script is run as root
[ "x$(whoami)" = "xroot" ] || exit 0

OPENSESSION=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-)
SESSIONCOUNT=$(echo "$OPENSESSION" | wc -w)
# When using su/sudo there is no session created, so count up by one
if [ "x$PAM_SERVICE" = "xsu" -o "x$PAM_SERVICE" = "xsudo" ]; then
	SESSIONCOUNT=$(( $SESSIONCOUNT + 1 ))
fi

if [ "$SESSIONCOUNT" -le "1" ]; then

	# last session, close all ghost user processes
	usleep 100000 2> /dev/null
	pkill -u "${PAM_USER}"

	# check if user's process are still running
	for TIMEOUT in 1 1 2 FAIL; do
		if [ "$TIMEOUT" = "FAIL" ]; then
			# still something running, send SIGKILL
			pkill -9 -u "${PAM_USER}"
			break
		fi
		if ! ps -o pid,s -u "$PAM_USER" -U "$PAM_USER" | grep -q -v -E "PID|Z"; then
			# nothing running anymore
			break
		fi
		# give some time
		sleep "${TIMEOUT}"
	done

	# just to be sure we check if there's no other open session in the meantime
	OPEN2=$(loginctl show-user "$PAM_USER" | grep "Sessions=" | cut -c 10-)

	if [ -z "$OPEN2" -o "x$OPENSESSION" = "x$OPEN2" ]; then

		# unmount the home directory structure
		USER_HOME=$(getent passwd "$PAM_USER" | awk -F ':' '{print $6}')
		PERSISTENT="$USER_HOME/PERSISTENT"
		if [ -d "$PERSISTENT" ]; then
			umount -l -f "$PERSISTENT" || \
				echo "Could not unmount '$PERSISTENT'."
		fi

		if grep -q " $USER_HOME tmpfs " "/proc/mounts"; then
			umount -l -f "$USER_HOME" 2> /dev/null
		fi

	fi

fi

exit 0
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-06-01 15:42:14 +0200