code simplification; report locked account earlier

usr/lib/security-misc/pam_tally2-info

@@ -1,6 +1,14 @@
 #!/bin/bash
 
-if [ ! -r /var/log/auth.log ]; then
+if [ "$(passwd -S "$PAM_USER" | cut -d ' ' -f 2)" = "P" ]; then
+   true "INFO: Password not locked."
+else
+   echo "$0: ERROR: Password for user \"$PAM_USER\" is locked." >&2
+   if [ "$PAM_USER" = "root" ]; then
+      echo "$0: ERROR: root account is locked by default. See:" >&2
+      echo "https://www.whonix.org/wiki/root" >&2
+      echo "" >&2
+   fi
    exit 0
 fi
 
@@ -35,29 +43,16 @@ if [ "$failed_login_counter" = "0" ]; then
    exit 0
 fi
 
-temp="$(grep pam_tally2 /var/log/auth.log | grep ", deny" | tail -1)"
-last_line_of_user="$(echo "$temp" | grep "pam_tally2")"
-last_line_of_user="$(echo "$temp" | grep "): user $PAM_USER")"
-
-#last_line_of_user="$(grep pam_tally2 /var/log/auth.log | grep "): user $PAM_USER " | tail -1)"
+deny_line="$(cat /etc/pam.d/common-auth | grep deny=)"
 ## Example:
-#Aug 15 03:47:50 localhost sudo: pam_tally2(sudo:auth): user user (1000) tally 1, deny 10
+#auth	requisite	pam_tally2.so even_deny_root deny=100 onerr=fail audit debug
 
-temp="$(echo "$last_line_of_user" | sed 's/.*tally //')"
-temp="${temp/", deny"/""}"
-## Example:
-#1 100
-
-arr=($temp)
-tally="${arr[0]}"
-deny="${arr[1]}"
-
-if [[ "$tally" == *[!0-9]* ]]; then
-   echo "$0: ERROR: tally is not numeric." >&2
-   echo "$0: ERROR: Please report this bug." >&2
-   echo "" >&2
-   exit 0
+for word in $deny_line ; do
+   if echo "$word" | grep -q "deny=" ; then
+      deny="$(echo "$word" | cut -d "=" -f 2)"
+      break
    fi
+done
 
 if [[ "$deny" == *[!0-9]* ]]; then
    echo "$0: ERROR: deny is not numeric." >&2
@@ -66,23 +61,10 @@ if [[ "$deny" == *[!0-9]* ]]; then
    exit 0
 fi
 
-remaining_attempts="$(( $deny - $tally ))"
-
-## Thanks to:
-if [ "$(passwd -S "$PAM_USER" | cut -d ' ' -f 2)" = "P" ]; then
-   true "INFO: Password not locked."
-else
-   echo "$0: ERROR: Password for user \"$PAM_USER\" is locked." >&2
-   if [ "$PAM_USER" = "root" ]; then
-      echo "$0: ERROR: root account is locked by default. See:" >&2
-      echo "https://www.whonix.org/wiki/root" >&2
-      echo "" >&2
-   fi
-   exit 0
-fi
+remaining_attempts="$(( $deny - $failed_login_counter ))"
 
 if [ "$remaining_attempts" -le "0" ]; then
-   echo "$0: ERROR: Login blocked after $tally attempts." >&2
+   echo "$0: ERROR: Login blocked after $failed_login_counter attempts." >&2
    echo "$0: To unlock, run the following command as superuser:" >&2
    echo "$0: (If you still have a sudo/root shell somewhere.)" >&2
    echo "" >&2
@@ -96,7 +78,7 @@ if [ "$remaining_attempts" -le "0" ]; then
    exit 0
 fi
 
-echo "$0: WARNING: $tally failed login attempts." >&2
+echo "$0: WARNING: $failed_login_counter failed login attempts." >&2
 echo "$0: Login will be blocked after $deny attempts." >&2
 echo "$0: You have $remaining_attempts more attempts before unlock procedure is required." >&2
 echo "" >&2