From 69c131f7234e9130af56e6b1acd524a4421db128 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Tue, 18 Nov 2008 15:08:28 +0000
Subject: [PATCH] Add gross hack to allow root to verify users

This is a gross hack for PAM sessions to work as expected. root
is allowed to verify any users. If you want to allow any other
actions for root, you'll need to go through normal PolicyKit
procedures.

This should fix fingerprint authentication not working in GDM, or
on the console.
---
 src/device.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/device.c b/src/device.c
index 811995b..032a7e7 100644
--- a/src/device.c
+++ b/src/device.c
@@ -301,6 +301,7 @@ _fprint_device_check_polkit_for_action (FprintDevice *rdev, DBusGMethodInvocatio
 	PolKitCaller *pk_caller;
 	PolKitAction *pk_action;
 	PolKitResult pk_result;
+	uid_t uid;
 
 	/* Check that caller is privileged */
 	sender = dbus_g_method_get_sender (context);
@@ -318,6 +319,17 @@ _fprint_device_check_polkit_for_action (FprintDevice *rdev, DBusGMethodInvocatio
 		return FALSE;
 	}
 
+	/* XXX Hack?
+	 * We'd like to allow root to set the username by default, so
+	 * it can authenticate users through PAM
+	 * https://bugzilla.redhat.com/show_bug.cgi?id=447266 */
+	if ((polkit_caller_get_uid (pk_caller, &uid) && uid == 0) &&
+	    (g_str_equal (action, "net.reactivated.fprint.device.setusername") ||
+	     g_str_equal (action, "net.reactivated.fprint.device.verify"))) {
+		polkit_caller_unref (pk_caller);
+		return TRUE;
+	}
+
 	pk_action = polkit_action_new ();
 	polkit_action_set_action_id (pk_action, action);
 	pk_result = polkit_context_is_caller_authorized (priv->pol_ctx, pk_action, pk_caller,