- kill_exclude_users_set = true;
-
- } else {
- pam_syslog(handle, LOG_ERR, "Unknown parameter '%s'.", argv[i]);
- return -EINVAL;
- }
- }
-
- if (!reset_controller_set && reset_controllers) {
- char **l;
-
- if (!(l = strv_new("cpu", NULL))) {
- pam_syslog(handle, LOG_ERR, "Out of memory");
- return -ENOMEM;
- }
-
- *reset_controllers = l;
- }
-
- if (controllers)
- strv_remove(*controllers, "name=systemd");
-
- if (reset_controllers)
- strv_remove(*reset_controllers, "name=systemd");
-
- if (kill_session && *kill_session && kill_user)
- *kill_user = true;
-
- if (!kill_exclude_users_set && kill_exclude_users) {
- char **l;
-
- if (!(l = strv_new("root", NULL))) {
- pam_syslog(handle, LOG_ERR, "Out of memory");
- return -ENOMEM;
- }
-
- *kill_exclude_users = l;
- }
-
- return 0;
-}
-
-static int open_file_and_lock(const char *fn) {
- int fd;
-
- assert(fn);
-
- if ((fd = open(fn, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW|O_CREAT, 0600)) < 0)
- return -errno;
-
- /* The BSD socket semantics are a lot nicer than those of
- * POSIX locks. Which is why we use flock() here. BSD locking
- * does not work across NFS which however is not needed here
- * as the filesystems in question should be local, and only
- * locally accessible, and most likely even tmpfs. */
-
- if (flock(fd, LOCK_EX) < 0) {
- close_nointr_nofail(fd);
- return -errno;
- }
-
- return fd;
-}
-
-enum {
- SESSION_ID_AUDIT = 'a',
- SESSION_ID_COUNTER = 'c',
- SESSION_ID_RANDOM = 'r'
-};
-
-static uint64_t get_session_id(int *mode) {
- char *s;
- int fd;
-
- assert(mode);
-
- /* First attempt: let's use the session ID of the audit
- * system, if it is available. */
- if (have_effective_cap(CAP_AUDIT_CONTROL) > 0)
- if (read_one_line_file("/proc/self/sessionid", &s) >= 0) {
- uint32_t u;
- int r;
-
- r = safe_atou32(s, &u);
- free(s);
-
- if (r >= 0 && u != (uint32_t) -1 && u > 0) {
- *mode = SESSION_ID_AUDIT;
- return (uint64_t) u;