If not all the functions in the header are used, we'd get warnings about
them being unused. Mark all the functions as unused, so we can avoid
warnings.
Before claiming the device and therefore potentially activating
the actual hardware, make a call to see if the user has any
prints registered at all.
https://bugs.freedesktop.org/show_bug.cgi?id=99811
For some operations, i.e. listing the enrolled prints, the device
does not need to be claimed. Therefore the claiming can be delayed
until we actually start the verification process, allowing us to
query the fingerprint system if the user has any prints enrolled.
https://bugs.freedesktop.org/show_bug.cgi?id=99811
Give read-write access to USB devices in /dev, and the location of the
fingerprints, access to Unix sockets for D-Bus and
close everything else down.
See systemd.exec(5) for details about the options.
tx supports a single "--root" argument to pass both where it expects to
read the created data file (the .pot file) and the configuration. As
those are two separate directories with builddir != srcdir, copy the .tx
file from srcdir to builddir to upload the updated .pot file.
In file included from tests/enroll.c:29:0:
pam/fingerprint-strings.h: In function ‘finger_str_to_msg’:
pam/fingerprint-strings.h:99:6: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
return g_strdup_printf (TR (fingers[i].place_str_specific), driver_name);
^~~~~~
pam/fingerprint-strings.h:104:6: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
return g_strdup_printf (TR (fingers[i].swipe_str_specific), driver_name);
^~~~~~
This happens on hardware without fingerprint readers on every boot; we
don't need to log anything about it, it's totally normal.
This patch is part of an initiative to reduce logging spew in GNOME
so that actual errors and important messages are more visible.
https://bugs.freedesktop.org/show_bug.cgi?id=71889
This commit makes pam_fprintd return PAM_UNKNOWN_USER when
the user has not enrolled a fingerprint.
This lets the administrator set up pam_fprintd as a required
authentication, method, but only for users that have enrolled a
fingerprint, as such:
auth [success=ok user_unknown=ignore default=die] pam_fprintd.so max_tries=1 timeout=-1
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
With this config, users w/o an enrolled fingerprint will just be
asked for a password. Users with an enrolled fingerprint will
required to login using both their fingerprint and a password.
https://bugs.freedesktop.org/show_bug.cgi?id=64781
