From dfe9b0f6c7364e4d3cc3bf13ad7c0fccc2cb7e10 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu, 5 Nov 2020 06:42:47 -0500
Subject: [PATCH] fix, no longer unconditionally abort pam for user accounts
 with locked passwords

as locked user accounts might have valid sudoers exceptions

Thanks to @mimp for the bug report!

https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521
---
 usr/lib/security-misc/pam-abort-on-locked-password | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr/lib/security-misc/pam-abort-on-locked-password b/usr/lib/security-misc/pam-abort-on-locked-password
index a3fa773..2b07006 100755
--- a/usr/lib/security-misc/pam-abort-on-locked-password
+++ b/usr/lib/security-misc/pam-abort-on-locked-password
@@ -15,7 +15,7 @@ fi
 if [ "$(echo "$passwd_output" | cut -d ' ' -f 2)" = "P" ]; then
    true "INFO: Password not locked."
 else
-   echo "$0: ERROR: Password for user \"$PAM_USER\" is locked." >&2
+   echo "$0: INFO: Password for user \"$PAM_USER\" is locked."
 
    if [ -f /usr/share/whonix/marker ] || [ -f /usr/share/kicksecure/marker ]; then
       if [ "$PAM_USER" = "root" ]; then
@@ -28,7 +28,7 @@ else
    ## Should not unconditionally 'exit 1' here.
    ## Locked user accounts might have valid sudoers exceptions.
    ## https://forums.whonix.org/t/pam-abort-on-locked-password-and-running-privileged-command-from-web-browser/10521
-   exit 1
+   exit 0
 fi
 
 exit 0