mirror of
https://gitlab.freedesktop.org/libfprint/fprintd.git
synced 2026-01-16 07:50:24 +01:00
pam_fprintd: Consistently return PAM_AUTHINFO_UNAVAIL when device has no prints
Loading saved prints may lead to an error if they were stored long time ago and so they're using a wrong format. In such case we list the prints as available even though they are really not, so the PAM module won't return PAM_AUTHINFO_UNAVAIL as in the no-prints case but PAM_USER_UNKNOWN. This will lead some auth systems (such as gdm) to keep retrying using PAM fprintd module, even if it's not really available.
This commit is contained in:
Marco Trevisan (Treviño)
parent
b7aa0c455d
commit
df6ebefef7
2 changed files with 2 additions and 2 deletions
|
|
@ -351,7 +351,7 @@ verify_started_cb (sd_bus_message *m,
|
|||
if (sd_bus_error_has_name (error, "net.reactivated.Fprint.Error.NoEnrolledPrints"))
|
||||
{
|
||||
pam_syslog (data->pamh, LOG_DEBUG, "No prints enrolled");
|
||||
data->verify_ret = PAM_USER_UNKNOWN;
|
||||
data->verify_ret = PAM_AUTHINFO_UNAVAIL;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
|||
2
tests/pam/test_pam_fprintd.py
Executable file → Normal file
2
tests/pam/test_pam_fprintd.py
Executable file → Normal file
|
|
@ -177,7 +177,7 @@ class TestPamFprintd(dbusmock.DBusTestCase):
|
|||
]
|
||||
self.device_mock.SetVerifyScript(script)
|
||||
|
||||
tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_USER_UNKNOWN)
|
||||
tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_AUTHINFO_UNAVAIL)
|
||||
res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
|
||||
|
||||
def test_pam_fprintd_blocks_unexpected_auth(self):
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue