From 39b35ef9ac7489685df5486334a0acf5936e9b47 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Thu, 24 Nov 2022 06:49:15 -0500
Subject: [PATCH] fix

---
 usr/bin/faillock-user              | 24 +++---------------------
 usr/libexec/security-misc/pam-info | 14 +++++++++++++-
 2 files changed, 16 insertions(+), 22 deletions(-)

diff --git a/usr/bin/faillock-user b/usr/bin/faillock-user
index e8cf697..aabdd1e 100755
--- a/usr/bin/faillock-user
+++ b/usr/bin/faillock-user
@@ -30,26 +30,8 @@ else
    user_to_check="$SUDO_USER"
 fi
 
-if [ "$(id -u)" = "0" ]; then
-   faillock_program="/usr/sbin/faillock"
-else
-   ## as user "user"
-   ## /usr/sbin/faillock -u user
-   ## faillock: Error opening /var/log/tallylog for update: Permission denied
-   ## /usr/sbin/faillock: Authentication error
-   ##
-   ## xscreensaver runs as user "user", therefore pam_faillock cannot function.
-   ## xscreensaver has its own failed login counter.
-   ##
-   ## https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
-   ##
-   ## https://www.whonix.org/pipermail/whonix-devel/2019-September/001439.html
-   #true "$0: not started as root, exiting."
-   #exit 0
-
-   faillock_program="sudo --non-interactive /usr/sbin/faillock"
-fi
-
-$faillock_program --user "$user_to_check"
+faillock --user "$user_to_check"
 
+## Debugging.
+## Explicit "exit $?" to have it recorded in the xtrace if enabled.
 exit $?
diff --git a/usr/libexec/security-misc/pam-info b/usr/libexec/security-misc/pam-info
index ab5f85f..3da4d11 100755
--- a/usr/libexec/security-misc/pam-info
+++ b/usr/libexec/security-misc/pam-info
@@ -91,9 +91,21 @@ fi
 #    fi
 # fi
 
+## as user "user"
+## /usr/sbin/faillock -u user
+## faillock: Error opening /var/log/tallylog for update: Permission denied
+## /usr/sbin/faillock: Authentication error
+##
+## xscreensaver runs as user "user", therefore pam_faillock cannot function.
+## xscreensaver has its own failed login counter.
+##
+## https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
+##
+## https://www.whonix.org/pipermail/whonix-devel/2019-September/001439.html
+##
 ## Checking exit code to avoid breaking when read-only disk boot but
 ## without ro-mode-init or grub-live being used.
-if ! pam_faillock_output="$(/usr/bin/faillock-user)" ; then
+if ! pam_faillock_output="$(sudo --non-interactive /usr/bin/faillock-user)" ; then
    true "$0: /usr/bin/faillock-user non-zero exit code."
    exit 0
 fi