#!/bin/bash

## Copyright (C) 2022 - 2022 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

true "$0: START PHASE 1"

if test -f /etc/pam-info-debug || test -f /usr/local/etc/pam-info-debug ; then
   set -x
   exec 5>&1 1>> ~/pam-info-debug.txt
   exec 6>&2 2>> ~/pam-info-debug.txt
fi

true "$0: START PHASE 2"

if ! command -v "/usr/sbin/faillock" &>/dev/null; then
   true "$0: ERROR: The faillock program is unavailable, exiting."
   exit 2
fi

## Debugging.
who_ami="$(whoami)"
true "$0: who_ami: $who_ami"
true "$0: PAM_USER: $PAM_USER"
true "$0: SUDO_USER: $SUDO_USER"

if [ "$SUDO_USER" = "" ]; then
   user_to_check="$who_ami"
else
   user_to_check="$SUDO_USER"
fi

faillock --user "$user_to_check"

## Debugging.
## Explicit "exit $?" to have it recorded in the xtrace if enabled.
exit $?