cookiez/pam-fprint-grosshack
1
0
Fork 0
mirror of https://gitlab.com/mishakmak/pam-fprint-grosshack.git synced 2026-04-08 20:03:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

pam: Immediately return verify-match/verify-no-match

Browse Source 
In the verify-match case, this means disconnecting from the bus rather
than stopping the verification. This is the only way to make sure that
the result is immediately reported and we do not wait for the device to
be idle again (which generally means waiting for finger removal).

In the verify-no-match case we simply send the string first before the
operation is stopped. An exceeded retry limit is only reported after
VerifyStop has finished.
This commit is contained in:
Benjamin Berg
2021-07-30 23:46:22 +02:00
parent 80eb673e83
commit bb23b7e9d0
1 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
pam/pam_fprintd.c
View File

@ -536,6 +536,14 @@ do_verify (sd_bus *bus,
data->timed_out = true; data->timed_out = true;
send_info_msg (data->pamh, _("Verification timed out")); send_info_msg (data->pamh, _("Verification timed out"));
} }
else
{
if (str_equal (data->result, "verify-no-match"))
send_err_msg (data->pamh, _("Failed to match fingerprint"));
else if (str_equal (data->result, "verify-match"))
/* Simply disconnect from bus if we return PAM_SUCCESS */
return PAM_SUCCESS;
}
/* Ignore errors from VerifyStop */ /* Ignore errors from VerifyStop */
data->verify_started = false; data->verify_started = false;
@ -557,11 +565,7 @@ do_verify (sd_bus *bus,
{ {
if (str_equal (data->result, "verify-no-match")) if (str_equal (data->result, "verify-no-match"))
{ {
send_err_msg (data->pamh, _("Failed to match fingerprint")); /* Nothing to do at this point. */
}
else if (str_equal (data->result, "verify-match"))
{
return PAM_SUCCESS;
} }
else if (str_equal (data->result, "verify-unknown-error")) else if (str_equal (data->result, "verify-unknown-error"))
{ {
@ -743,10 +747,16 @@ do_auth (pam_handle_t *pamh, const char *username)
if (claim_device (pamh, bus, data->dev, username)) if (claim_device (pamh, bus, data->dev, username))
{ {
int ret = do_verify (bus, data); int ret = do_verify (bus, data);
release_device (pamh, bus, data->dev);
/* Simply disconnect from bus if we return PAM_SUCCESS */
if (ret != PAM_SUCCESS)
release_device (pamh, bus, data->dev);
sd_bus_close (bus);
return ret; return ret;
} }
sd_bus_close (bus);
return PAM_AUTHINFO_UNAVAIL; return PAM_AUTHINFO_UNAVAIL;
} }