mirror of
https://gitlab.com/mishakmak/pam-fprint-grosshack.git
synced 2026-04-08 20:03:34 +02:00
Add PolicyKit checking
Add PolicyKit checks to all the public functions, grouped in 2 main groups: Verify and Enroll By default, only the user is able to enroll new fingers, or verify themselves. You need to be allowed at least one of those 2 actions to be allowed to claim or release the device. We also add a new SetUsername function, for administration functions. Users will need to be authenticate as admins to be allowed to change the username on which the actions will be taken. Any prints loaded before the change of username will be unloaded.
This commit is contained in:
Bastien Nocera
committed by
Daniel Drake
Daniel Drake
parent
61a2266e52
commit
46a9783be6
@ -1,15 +1,21 @@
|
||||
|
||||
dbus_servicesdir = $(datadir)/dbus-1/system-services
|
||||
dbus_confdir = $(sysconfdir)/dbus-1/system.d
|
||||
|
||||
dbus_services_in_files = net.reactivated.Fprint.service.in
|
||||
|
||||
dbus_services_DATA = $(dbus_services_in_files:.service.in=.service)
|
||||
|
||||
$(dbus_services_DATA): $(dbus_services_in_files)
|
||||
sed -e "s|\@LIBEXECDIR\@|$(libexecdir)|" $< > $@
|
||||
|
||||
dbus_confdir = $(sysconfdir)/dbus-1/system.d
|
||||
dbus_conf_DATA = net.reactivated.Fprint.conf
|
||||
|
||||
polkitdir = $(datadir)/PolicyKit/policy
|
||||
polkit_in_files = net.reactivated.fprint.device.policy.in
|
||||
|
||||
@INTLTOOL_POLICY_RULE@
|
||||
polkit_DATA = $(polkit_in_files:.policy.in=.policy)
|
||||
|
||||
check:
|
||||
$(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA)
|
||||
|
||||
|
||||
|
||||
42
data/net.reactivated.fprint.device.policy.in
Normal file
42
data/net.reactivated.fprint.device.policy.in
Normal file
@ -0,0 +1,42 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE policyconfig PUBLIC
|
||||
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
||||
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
|
||||
|
||||
<policyconfig>
|
||||
|
||||
<vendor>The FPrint Project</vendor>
|
||||
<vendor_url>http://reactivated.net/fprint/</vendor_url>
|
||||
<icon_name>fprint</icon_name>
|
||||
|
||||
<action id="net.reactivated.fprint.device.verify">
|
||||
<_description>Verify a fingerprint</_description>
|
||||
<_message>Privileges are required to verify fingerprints.</_message>
|
||||
<defaults>
|
||||
<allow_any>no</allow_any>
|
||||
<allow_inactive>no</allow_inactive>
|
||||
<allow_active>yes</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
<action id="net.reactivated.fprint.device.enroll">
|
||||
<_description>Enroll new fingerprints</_description>
|
||||
<_message>Privileges are required to enroll new fingerprints.</_message>
|
||||
<defaults>
|
||||
<allow_any>no</allow_any>
|
||||
<allow_inactive>no</allow_inactive>
|
||||
<allow_active>yes</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
<action id="net.reactivated.fprint.device.setusername">
|
||||
<_description>Select a user to enroll</_description>
|
||||
<_message>Privileges are required to enroll new fingerprints for other users.</_message>
|
||||
<defaults>
|
||||
<allow_any>no</allow_any>
|
||||
<allow_inactive>no</allow_inactive>
|
||||
<allow_active>auth_admin_keep_always</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
</policyconfig>
|
||||
Reference in New Issue
Block a user