#!/bin/sh -efu

NOBODY="$(pam_pkcs11_query_config 'default_username')"
[ -n "$NOBODY" ] || NOBODY=nobody

seat=seat0; ret=0
session="$(loginctl -p ActiveSession --value show-seat "$seat")" || ret=$?
[ $ret -eq 0 -a -n "$session" ]

class="$(loginctl -p Class --value show-session "$session")"
case "$class" in
    greeter)
        # Reset the greeter when a token is removed
        export XDG_SEAT_PATH=/org/freedesktop/DisplayManager/Seat0
        dm-tool switch-to-user "$NOBODY"
        exit $?
        ;;
esac

case "${1:-}" in
	logout)
		user="$(loginctl -p Name --value show-session "$session")" || ret=$?
		[ -n "$user" ]
		loginctl terminate-user "$user"
		;;
	*)
		loginctl lock-session "$session"
		;;
esac
