diff --git a/usr/bin/faillock-user b/usr/bin/faillock-user index fac1da8..fd491f1 100755 --- a/usr/bin/faillock-user +++ b/usr/bin/faillock-user @@ -10,6 +10,12 @@ fi who_ami="$(whoami)" +if [ "$SUDO_USER" = "" ]; then + user_to_check="$who_ami" +else + user_to_check="$SUDO_USER" +fi + if [ "$(id -u)" = "0" ]; then faillock_program="/usr/sbin/faillock" else @@ -30,6 +36,6 @@ else faillock_program="sudo --non-interactive /usr/sbin/faillock" fi -$faillock_program --user "$who_ami" +$faillock_program --user "$user_to_check" exit $? diff --git a/usr/libexec/security-misc/pam-info b/usr/libexec/security-misc/pam-info index d16a584..0210634 100755 --- a/usr/libexec/security-misc/pam-info +++ b/usr/libexec/security-misc/pam-info @@ -21,14 +21,14 @@ true "$0: START PHASE 2" set -o pipefail -## Debugging. -who_ami="$(whoami)" - if [ "$PAM_USER" = "" ]; then true "$0: ERROR: Environment variable PAM_USER is unset!" exit 0 fi +## Debugging. +who_ami="$(whoami)" + if ! command -v "/usr/bin/faillock-user" &>/dev/null; then true "$0: The /usr/bin/faillock-user wrapper is unavailable, exiting." exit 0 @@ -123,13 +123,7 @@ true "pam_faillock_output_first_line: '$pam_faillock_output_first_line'" user_name="$(echo "$pam_faillock_output_first_line" | LANG=C str_replace ":" "")" ## example user_name: ## user - -if [ ! "$PAM_USER" = "$user_name" ]; then - echo "$0: ERROR: PAM_USER: '$PAM_USER' does not equal user_name: '$user_name'." >&2 - echo "$0: ERROR: Please report this bug." >&2 - echo "" >&2 - exit 0 -fi +## root pam_faillock_output_count="$(echo "$pam_faillock_output" | wc -l)" ## example pam_faillock_output_count: @@ -183,7 +177,7 @@ if [ "$remaining_attempts" -le "0" ]; then exit 0 fi -echo "$0: WARNING: $failed_login_counter failed login attempts." >&2 +echo "$0: WARNING: $failed_login_counter failed login attempts for user_name '$user_name'." >&2 echo "$0: Login will be blocked after $deny attempts." >&2 echo "$0: You have $remaining_attempts more attempts before unlock procedure is required." >&2 echo "" >&2