This is a gross hack for PAM sessions to work as expected. root
is allowed to verify any users. If you want to allow any other
actions for root, you'll need to go through normal PolicyKit
procedures.
This should fix fingerprint authentication not working in GDM, or
on the console.
1) Set up our own D-Bus (private) connection
2) Set up our own main loop and main loop context
This means we finally work right within gnome-screensaver!
Track clients connected to each device using EggDbusMonitor.
When there are no more clients connected to the device, release it.
When no devices are used anymore, set up a timeout to exit within
30 seconds.
Track the current action happening in the device, so we can
see what each device is doing. Refuse to launch a verification if
there's already one in progress.
If the finger passed for verification is -1, always emit the
VerifyFingerSelected signal, as the front-end isn't to know
whether we're using identification or verification.
- Add a finger selected signal, so that when an "automatic" finger
is selected for verification, we know which one to scan
- Fix the finger print numbers list to use GPOINTER_TO_INT /
GINT_TO_POINTER
- Make sure the gallery is NULL when there's no prints available
- Don't use identification when a finger number is provided
- Add support for selecting the finger number in verify
- Add support for fatal warnings there as well
Passing -1 to the VerifyStart function will either accept any
fingers scanned, if the driver supports identification, or select
the first enrolled fingerprint for scanning if it doesn't.
- Remove SetUsername itself, and add a username parameter to DeviceClaim,
ListEnrolledFingers and DeleteEnrolledFingers.
- For each of those calls, check that the incoming connection is allowed
to operate on that particular username
- Don't require a claimed device to list or remove fingerprints
- Clean up username and sender when releasing the device
- Modify the storage backend to not require an opened device to list
or delete fingerprints
- Add a simple test program to list registered fingerprints for the
usernames passed as argument
To delete all the enrolled finger prints for a particular user.
We can already overwrite existing enrolled fingerprints, and there's
not really any point in dismissing just one fingerprint.
Add PolicyKit checks to all the public functions, grouped
in 2 main groups: Verify and Enroll
By default, only the user is able to enroll new fingers,
or verify themselves.
You need to be allowed at least one of those 2 actions
to be allowed to claim or release the device.
We also add a new SetUsername function, for administration
functions. Users will need to be authenticate as admins to
be allowed to change the username on which the actions will
be taken. Any prints loaded before the change of username will
be unloaded.
Get a PolicyKit context per-device, set up its main loop,
and steal more code from gnome-panel to check whether
the actions are allowed for a particular caller.
