From caf0099064747a2048363e3600a53af51df549ad Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Wed, 16 Nov 2022 02:00:32 -0500
Subject: [PATCH] pam-info refactoring

---
 usr/libexec/security-misc/pam-info | 34 +++++++++++++++---------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/usr/libexec/security-misc/pam-info b/usr/libexec/security-misc/pam-info
index 0d9b4f3..2140026 100755
--- a/usr/libexec/security-misc/pam-info
+++ b/usr/libexec/security-misc/pam-info
@@ -24,6 +24,23 @@ set -o pipefail
 ## Debugging.
 who_ami="$(whoami)"
 
+if [ ! "$(id -u)" = "0" ]; then
+   ## as user "user"
+   ## /usr/sbin/faillock -u user
+   ## faillock: Error opening /var/log/tallylog for update: Permission denied
+   ## /usr/sbin/faillock: Authentication error
+   ##
+   ## xscreensaver runs as user "user", therefore pam_faillock cannot function.
+   ## xscreensaver has its own failed login counter.
+   ##
+   ## https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
+   ##
+   ## https://www.whonix.org/pipermail/whonix-devel/2019-September/001439.html
+   ## TODO: echo -> true
+   echo "$0: not started as root, exiting."
+   exit 0
+fi
+
 grep_result="$(grep "accessfile=/etc/security/access-security-misc.conf" /etc/pam.d/common-account 2>/dev/null)"
 
 ## Check if grep matched something.
@@ -62,23 +79,6 @@ fi
 
 ## https://forums.whonix.org/t/how-strong-do-linux-user-account-passwords-have-to-be-when-using-full-disk-encryption-fde-too/7698
 
-if [ ! "$(id -u)" = "0" ]; then
-   ## as user "user"
-   ## /usr/sbin/faillock -u user
-   ## faillock: Error opening /var/log/tallylog for update: Permission denied
-   ## /usr/sbin/faillock: Authentication error
-   ##
-   ## xscreensaver runs as user "user", therefore pam_faillock cannot function.
-   ## xscreensaver has its own failed login counter.
-   ##
-   ## https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
-   ##
-   ## https://www.whonix.org/pipermail/whonix-devel/2019-September/001439.html
-   ## TODO: echo -> true
-   echo "$0: not started as root, exiting."
-   exit 0
-fi
-
 ## Does not work (yet) for login, pam_securetty runs before and aborts.
 ## Also this should only run for login since securetty covers only login.
 # if [ "$PAM_USER" = "root" ]; then