If not all the functions in the header are used, we'd get warnings about
them being unused. Mark all the functions as unused, so we can avoid
warnings.
Before claiming the device and therefore potentially activating
the actual hardware, make a call to see if the user has any
prints registered at all.
https://bugs.freedesktop.org/show_bug.cgi?id=99811
For some operations, i.e. listing the enrolled prints, the device
does not need to be claimed. Therefore the claiming can be delayed
until we actually start the verification process, allowing us to
query the fingerprint system if the user has any prints enrolled.
https://bugs.freedesktop.org/show_bug.cgi?id=99811
In file included from tests/enroll.c:29:0:
pam/fingerprint-strings.h: In function ‘finger_str_to_msg’:
pam/fingerprint-strings.h:99:6: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
return g_strdup_printf (TR (fingers[i].place_str_specific), driver_name);
^~~~~~
pam/fingerprint-strings.h:104:6: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
return g_strdup_printf (TR (fingers[i].swipe_str_specific), driver_name);
^~~~~~
This commit makes pam_fprintd return PAM_UNKNOWN_USER when
the user has not enrolled a fingerprint.
This lets the administrator set up pam_fprintd as a required
authentication, method, but only for users that have enrolled a
fingerprint, as such:
auth [success=ok user_unknown=ignore default=die] pam_fprintd.so max_tries=1 timeout=-1
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
With this config, users w/o an enrolled fingerprint will just be
asked for a password. Users with an enrolled fingerprint will
required to login using both their fingerprint and a password.
https://bugs.freedesktop.org/show_bug.cgi?id=64781
The PAM module uses dbus-glib, static gobject types, etc,
so it really can't get unloaded.
This commit adds some linker-fu to keep it resident even
after the pam module closes.
pam_fprintd is very careful to use its own main loop context (as it
should) to prevent getting in the way of the gnome-screensaver.
Unfortunately, there's a small bug in its logic where it ends up
removing a random file descriptor from the default context. In the
bug report that file descriptor is really important. It's what
tells gnome-screensaver when to drop the dialog.
The patch is as simple as:
- g_source_remove (timeout_id);
+ g_source_destroy (source);
(g_source_remove always operates on the default context)
https://bugzilla.redhat.com/show_bug.cgi?id=614573
Pretty hacky way to detect whether the device we're handling has
been disconnected during a verify or enrollment. This should allow
us to avoid users having to wait when somebody pulls the plug.
On Mon, 2009-01-12 at 12:18 +0000, Konstantin V. Gavrilenko wrote:
> Hi Bastien,
>
> by default the fprintd installs the pam_fprintd into the /usr/lib64/security, whil egentoo searches them in /lib/security.
> So I simply simlinked it to the correct location /usr/lib64/security/pam_fprintd.so to /lib/security/pam_fprintd.so
> I've removed the symlink, and copied the file, but it does not change anything, the same error appears.
>
> As you asked, recompiled some of the packages with "-O1 -gddb" and "nostrip" options.
> #4 0x00007fa3344a3899 in dbus_connection_unref (connection=0x624e20) at dbus-connection.c:2686
> __FUNCTION__ = "dbus_connection_unref"
> #5 0x00007fa334915284 in pam_sm_authenticate (pamh=0x6105c0, flags=<value optimized out>, argc=<value optimized out>, argv=<value optimized out>) at pam_fprintd.c:375
> rhost = 0x0
> username = 0x610740 "root"
> i = <value optimized out>
> r = 0
Could you please test the attached patch?
Cheers
- Use D-Bus native properties instead of a GetProperties call.
- Fix a number of front-ends by registering the right signals and
marshallers following the "done" signal argument addition
- Fix VerifyStart call in the pam module
1) Set up our own D-Bus (private) connection
2) Set up our own main loop and main loop context
This means we finally work right within gnome-screensaver!
