From aa905fc8875c5c56351f10f4e40e6d2a7dd6d918 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Wed, 21 May 2025 12:32:16 -0400
Subject: [PATCH] further validation of output of `faillock`

---
 usr/libexec/security-misc/pam-info | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/usr/libexec/security-misc/pam-info b/usr/libexec/security-misc/pam-info
index 49b959d..d0fec69 100755
--- a/usr/libexec/security-misc/pam-info
+++ b/usr/libexec/security-misc/pam-info
@@ -184,6 +184,14 @@ user_name="$(printf '%s\n' "$pam_faillock_output_first_line" | str_replace ":" "
 ## user
 ## root
 
+if [ "$PAM_USER" != "$user_name" ]; then
+   printf '%s\n' "\
+$0: ERROR: Variable 'PAM_USER' '$PAM_USER' does not match variable 'user_name' '$user_name'.
+ERROR: Please report this bug.
+" >&2
+   exit 1
+fi
+
 pam_faillock_output_count="$(printf '%s\n' "$pam_faillock_output" | wc -l)"
 ## example pam_faillock_output_count:
 ## 2