fdo-mirrors/fprintd
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libfprint/fprintd.git synced 2026-05-08 05:28:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add gross hack to allow root to verify users

Browse source 
This is a gross hack for PAM sessions to work as expected. root
is allowed to verify any users. If you want to allow any other
actions for root, you'll need to go through normal PolicyKit
procedures.

This should fix fingerprint authentication not working in GDM, or
on the console.
This commit is contained in:
Bastien Nocera 2008-11-18 15:08:28 +00:00 committed by Daniel Drake
parent d874d5869c
commit 69c131f723
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/device.c
View file

@ -301,6 +301,7 @@ _fprint_device_check_polkit_for_action (FprintDevice *rdev, DBusGMethodInvocatio
PolKitCaller *pk_caller;
PolKitAction *pk_action;
PolKitResult pk_result;
uid_t uid;
/* Check that caller is privileged */
sender = dbus_g_method_get_sender (context);
@ -318,6 +319,17 @@ _fprint_device_check_polkit_for_action (FprintDevice *rdev, DBusGMethodInvocatio
return FALSE;
}
/* XXX Hack?
* We'd like to allow root to set the username by default, so
* it can authenticate users through PAM
* https://bugzilla.redhat.com/show_bug.cgi?id=447266 */
if ((polkit_caller_get_uid (pk_caller, &uid) && uid == 0) &&
(g_str_equal (action, "net.reactivated.fprint.device.setusername") ||
g_str_equal (action, "net.reactivated.fprint.device.verify"))) {
polkit_caller_unref (pk_caller);
return TRUE;
}
pk_action = polkit_action_new ();
polkit_action_set_action_id (pk_action, action);
pk_result = polkit_context_is_caller_authorized (priv->pol_ctx, pk_action, pk_caller,