cookiez/pam-fprint-grosshack
1
0
Fork 0
mirror of https://gitlab.com/mishakmak/pam-fprint-grosshack.git synced 2026-04-08 20:03:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

pam: return PAM_UNKNOWN_USER when user is unenrolled

Browse Source 
This commit makes pam_fprintd return PAM_UNKNOWN_USER when
the user has not enrolled a fingerprint.

This lets the administrator set up pam_fprintd as a required
authentication, method, but only for users that have enrolled a
fingerprint, as such:

auth  [success=ok user_unknown=ignore default=die] pam_fprintd.so max_tries=1 timeout=-1
auth  [success=1  default=ignore]                  pam_unix.so nullok_secure
auth  requisite                                    pam_deny.so

With this config, users w/o an enrolled fingerprint will just be
asked for a password.  Users with an enrolled fingerprint will
required to login using both their fingerprint and a password.

https://bugs.freedesktop.org/show_bug.cgi?id=64781
This commit is contained in:
Rob Johnson
2013-06-03 08:45:11 -04:00
committed by Ray Strode
parent 9c99e5cd59
commit b4f5304565
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pam/pam_fprintd.c
View File

@ -317,6 +317,9 @@ static int do_verify(GMainLoop *loop, pam_handle_t *pamh, DBusGProxy *dev, gbool
data->timed_out = FALSE;
if (!dbus_g_proxy_call (dev, "VerifyStart", &error, G_TYPE_STRING, "any", G_TYPE_INVALID, G_TYPE_INVALID)) {
if (dbus_g_error_has_name(error, "net.reactivated.Fprint.Error.NoEnrolledPrints"))
ret = PAM_USER_UNKNOWN;
D(pamh, "VerifyStart failed: %s", error->message);
g_error_free (error);