And avoid treating "libdir" as an absolute path, the documentation
clearly states that it is "relative to the prefix".
Based on patch by Timothy Gu <timothygu99@gmail.com>
We need to make sure that the max_tries variable isn't decremented
further when we have success in the verification loop. Add missing break
to do that.
Fixes: affffaf134Closes: #40
Remove "nodelete" linker flag now that we use sd-bus and not dbus-glib,
so that libraries that pam_fprintd links to can be unloaded.
This was added because GLib's type system expects to be initialised
once and only once per process, and re-loading this type system when it
had already been initialised caused crashes.
This pam plugin never used GDBus because it transparently uses threads
which do not work well with a lot of PAM applications. But even settling
on the "still better to use than plain dbus library" dbus-glib wasn't
without problems, as any use or initialisation of GIO sockets would
modify signal handler for signals such as SIGPIPE (see gio/gsocket.c).
Many years later, sd-bus is a more modern alternative to the bare dbus
library with a better API.
This includes:
- Removing use of gboolean, guint, g_new0() and many glib string helpers
- Simplifying debug logging
- Marking user-facing messages to be translated
As written in the "Linux-PAM Application Developers' Guide"
at http://www.linux-pam.org/Linux-PAM-html/adg-security-user-identity.html:
"
As a general rule, the following convention for its value can be
assumed: NULL = unknown; localhost = invoked directly from the
local system; other.place.xyz = some component of the user's
connection originates from this remote/requesting host.
"
So also exit early if the hostname isn't localhost as it should be.
Closes: #21
If not all the functions in the header are used, we'd get warnings about
them being unused. Mark all the functions as unused, so we can avoid
warnings.
Before claiming the device and therefore potentially activating
the actual hardware, make a call to see if the user has any
prints registered at all.
https://bugs.freedesktop.org/show_bug.cgi?id=99811
For some operations, i.e. listing the enrolled prints, the device
does not need to be claimed. Therefore the claiming can be delayed
until we actually start the verification process, allowing us to
query the fingerprint system if the user has any prints enrolled.
https://bugs.freedesktop.org/show_bug.cgi?id=99811
In file included from tests/enroll.c:29:0:
pam/fingerprint-strings.h: In function ‘finger_str_to_msg’:
pam/fingerprint-strings.h:99:6: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
return g_strdup_printf (TR (fingers[i].place_str_specific), driver_name);
^~~~~~
pam/fingerprint-strings.h:104:6: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
return g_strdup_printf (TR (fingers[i].swipe_str_specific), driver_name);
^~~~~~
This commit makes pam_fprintd return PAM_UNKNOWN_USER when
the user has not enrolled a fingerprint.
This lets the administrator set up pam_fprintd as a required
authentication, method, but only for users that have enrolled a
fingerprint, as such:
auth [success=ok user_unknown=ignore default=die] pam_fprintd.so max_tries=1 timeout=-1
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
With this config, users w/o an enrolled fingerprint will just be
asked for a password. Users with an enrolled fingerprint will
required to login using both their fingerprint and a password.
https://bugs.freedesktop.org/show_bug.cgi?id=64781
The PAM module uses dbus-glib, static gobject types, etc,
so it really can't get unloaded.
This commit adds some linker-fu to keep it resident even
after the pam module closes.
pam_fprintd is very careful to use its own main loop context (as it
should) to prevent getting in the way of the gnome-screensaver.
Unfortunately, there's a small bug in its logic where it ends up
removing a random file descriptor from the default context. In the
bug report that file descriptor is really important. It's what
tells gnome-screensaver when to drop the dialog.
The patch is as simple as:
- g_source_remove (timeout_id);
+ g_source_destroy (source);
(g_source_remove always operates on the default context)
https://bugzilla.redhat.com/show_bug.cgi?id=614573
Pretty hacky way to detect whether the device we're handling has
been disconnected during a verify or enrollment. This should allow
us to avoid users having to wait when somebody pulls the plug.
