* auth: add an interface for different authentication methods
* auth: pick inline feedback based on last active implementation
* config: move auth options to auth:<auth_impl>
BREAKING:
- general:pam_module -> auth:pam:module
- general:enable_fingerprint -> auth:fingerprint:enabled
- general:fingerprint_ready_message -> auth:fingerprint:ready_message
- general:fingerprint_present_message ->
auth:fingerprint:present_message
* auth: don't clear password input for fingerprint auth check
* fingerprint: checkAuthenticated when handling verfiy status
* Revert conditionally clearing the password input buffer
Makes sure the input field can show the fail text for fingerprint auth.
* auth: virtual instead of override, remove braces
* pam: join the thread
* auth: remove isAuthenticated and switch to a control flow based unlock
* auth: initialize authentication before aquiring the session lock
* auth: Support parallel fingerprint auth
I chose to use Fprint's dbus interface directly rather than going through pam (which uses Fprint's dbus interface) due to poor handling of system sleep somewhere between fprintd and pam. When preparing for sleep, fprintd puts the device to sleep, which causes VerifyStatus to emit with verify-unknown-error, which normally should be responded to by calling both Device.StopVerify and Device.Release (and this is what pam does). Unfortunately, if you try to release the device when the system is preparing for sleep, you'll get an error that the device is busy and then you can't can't claim or release the device for 30 seconds.
pam also has a max timeout for pam_fprintd.so of 99 seconds, and so if we used pam, we'd have to deal with the timeouts and keep restarting the auth conversation.
gdm/gnome-session lock seems to get around these issues by having a shutter on top of the lock screen that you have to interact with first that gives gnome-session a trigger to start fingerprint auth.
* nix/overlays: add sdbus overlay
---------
Co-authored-by: Mihai Fufezan <mihai@fufexan.net>
