#!/usr/bin/perl # 6-10-03 jf6b Converted to perl & merged with LogoutHook.pl # 4-22-03 jf6b Cleaned up for 10.2 # See below for definitions of these utility subroutines sub log_abort; sub log_warning; sub log_init; # Mode bit settings for a shared directory, private directory, and world-writable file $mode_shr = 0755; $mode_pvt = 0700; $mode_wrt = 0666; # Where to write errors, should any occur $logfile = "/var/log/LogoutHook.log"; ################ # Create logfile # log_init(); ################# # Check Arguments # log_abort "Script invoked with bad number of arguments" if ($#ARGV != 0); $user = $ARGV[0]; log_abort "Script invoked with a blank user-id argument" if ($user eq ''); ################## # Lookup User Info # ($name,$passwd,$uid,$gid, $quota,$comment,$gcos, $homedir,$shell,$expire) = getpwnam($user) or log_abort "User '$user' not in passwd database"; ###################################################### # Eject all removable media, and unmount all remaining # non-removable media (ie, firewire drives) # THIS ASSUMES THAT DISK0 IS THE ONLY INTERNAL SYSTEM DISK!!! # opendir(DIR, "/dev") || die "Can't open /dev!: $!"; @disks = grep { ($_ =~ /^disk[0-9]+$/) && ($_ ne "disk0") } readdir(DIR); foreach $disk (@disks) { @entry= lstat("/dev/$disk"); if ($entry[4] == $uid) { # It's removable, eject it system("/usr/sbin/disktool -e $disk 1 >/dev/null 2>&1"); } else { # Just unmount it system("/usr/sbin/disktool -u $disk 0 >/dev/null 2>&1"); } } closedir(DIR); ################################################################################ # SWITCH FROM ROOT TO THE UID AND PRIMARY GID OF USER LOGGING IN # # This grants us access to the user's AFS space, # but limits what we can do to the local file system # $) = $gid; $> = $uid; ############################ # Delete old scanner rc file # system("rm -f /Users/$1/.vuescanrc"); ########################################## # Remove Classic & windowserver pref files # $ethaddr = `/sbin/ifconfig en0|grep ether|cut -d' ' -f 2`; $ethaddr =~ s/[^0-9a-f]//g; $hostname = `hostname`; unlink($homedir.'/Library/Preferences/ByHost/com.apple.windowserver.'.$hostname. '.plist'); unlink($homedir.'/Library/Preferences/ByHost/com.apple.Classic.'.$hostname.'.pli st'); unlink($homedir.'/Library/Preferences/ByHost/com.apple.windowserver.'.$ethaddr.' .plist'); unlink($homedir.'/Library/Preferences/ByHost/com.apple.Classic.'.$ethaddr.'.plis t'); ################################### # Unlink Library to be sure nothing # more gets written back to AFS # unlink($homedir.'/Library'); #################### # Destroy AFS tokens # system('unlog'); ################################################################################ # SWITCH FROM THE UID AND PRIMARY GID OF USER LOGGED IN TO ROOT # $) = 0; $> = 0; ######################## # Handle delayed reboots # #if ( -f "/.INeedAReboot") { # unlink("/.INeedAReboot"); # system("/sbin/reboot"); #} exit 0; ################################################################################ # SUBROUTINES ################################################################################ ########## # log_init # # Create the logfile and allow anyone to write to it (mode bits rw-rw-rw-) # We open it up now so logging will work after changing to the UID of the incoming user # sub log_init { if (! open LOG, ">>$logfile") { warn "Unable to create logfile '$logfile': $!"; } else { close LOG; } chmod $mode_wrt, $logfile or warn "Unable to set logfile mode bits: chmod $mode_wrt $logfile: $!"; } ############# # log_warning # # Write a failure message to the log file # Each line is stamped with the time and the user-id trying to log in # sub log_warning { $now_string = localtime; if (! open LOG, ">>$logfile") { warn "Unable to open logfile '$logfile': $!"; return; } print LOG $now_string, " ", $user, ": ", @_, "\n"; close LOG; } ########### # log_abort # # Abort the script after writing a failure message # Note: Exiting with a non-zero status causes LoginWindow under 10.1 to hang # so we always exit cleanly. There is no way for this script to abort the login. # sub log_abort { log_warning "LoginHook aborting:"; log_warning @_; exit 0; }