From 8401cef10cd5f62849c5fcfef4c82db92712296c Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@suse.com>
Date: Wed, 4 Sep 2024 16:07:56 +0200
Subject: [PATCH] pam_issue: only count class user

Since systemd added new types of classes (e.g. manager*), we cannot
use the count of all sessions anymore, but have to check which class
this is.

This is backward compatible, systemd v209 or newer is required.
---
 modules/pam_issue/pam_issue.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c
index aade642ec5..e2c555c405 100644
--- a/modules/pam_issue/pam_issue.c
+++ b/modules/pam_issue/pam_issue.c
@@ -165,13 +165,31 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
 		{
 		    unsigned int users = 0;
 #ifdef USE_LOGIND
-		    int sessions = sd_get_sessions(NULL);
+		    char **sessions_list;
+		    int sessions = sd_get_sessions(&sessions_list);
 
 		    if (sessions < 0) {
 		      pam_syslog(pamh, LOG_ERR, "logind error: %s",
 				 strerror(-sessions));
 		      _pam_drop(issue);
 		      return PAM_SERVICE_ERR;
+		    } else if (sessions > 0 && sessions_list != NULL) {
+		      int i;
+
+		      for (i = 0; i < sessions; i++) {
+			char *class;
+
+			if (sd_session_get_class(sessions_list[i], &class) < 0 || class == NULL)
+			  continue;
+
+			if (strncmp(class, "user", 4) == 0) // user, user-early, user-incomplete
+			  users++;
+			free(class);
+		      }
+
+		      for (i = 0; i < sessions; i++)
+			free(sessions_list[i]);
+		      free(sessions_list);
 		    } else {
 		      users = sessions;
 		    }