[Fingerforce-commits] [fprintd] 02/06: pam: return PAM_UNKNOWN_USER when user is unenrolled
Didier Raboud
odyx at alioth.debian.org
Sun Sep 29 12:42:56 UTC 2013
This is an automated email from the git hooks/post-receive script.
odyx pushed a commit to branch master
in repository fprintd.
commit b4f53045659d09499ac082f93c741cb196f5a5c1
Author: Rob Johnson <rob at cs.stonybrook.edu>
Date: Mon Jun 3 08:45:11 2013 -0400
pam: return PAM_UNKNOWN_USER when user is unenrolled
This commit makes pam_fprintd return PAM_UNKNOWN_USER when
the user has not enrolled a fingerprint.
This lets the administrator set up pam_fprintd as a required
authentication, method, but only for users that have enrolled a
fingerprint, as such:
auth [success=ok user_unknown=ignore default=die] pam_fprintd.so max_tries=1 timeout=-1
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
With this config, users w/o an enrolled fingerprint will just be
asked for a password. Users with an enrolled fingerprint will
required to login using both their fingerprint and a password.
https://bugs.freedesktop.org/show_bug.cgi?id=64781
---
pam/pam_fprintd.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/pam/pam_fprintd.c b/pam/pam_fprintd.c
index 7e1f954..0f5e5a4 100644
--- a/pam/pam_fprintd.c
+++ b/pam/pam_fprintd.c
@@ -317,6 +317,9 @@ static int do_verify(GMainLoop *loop, pam_handle_t *pamh, DBusGProxy *dev, gbool
data->timed_out = FALSE;
if (!dbus_g_proxy_call (dev, "VerifyStart", &error, G_TYPE_STRING, "any", G_TYPE_INVALID, G_TYPE_INVALID)) {
+ if (dbus_g_error_has_name(error, "net.reactivated.Fprint.Error.NoEnrolledPrints"))
+ ret = PAM_USER_UNKNOWN;
+
D(pamh, "VerifyStart failed: %s", error->message);
g_error_free (error);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/fingerforce/fprintd.git
More information about the Fingerforce-commits
mailing list