Pretty hacky way to detect whether the device we're handling has
been disconnected during a verify or enrollment. This should allow
us to avoid users having to wait when somebody pulls the plug.
- Use D-Bus native properties instead of a GetProperties call.
- Fix a number of front-ends by registering the right signals and
marshallers following the "done" signal argument addition
- Fix VerifyStart call in the pam module
This is a gross hack for PAM sessions to work as expected. root
is allowed to verify any users. If you want to allow any other
actions for root, you'll need to go through normal PolicyKit
procedures.
This should fix fingerprint authentication not working in GDM, or
on the console.
Track clients connected to each device using EggDbusMonitor.
When there are no more clients connected to the device, release it.
When no devices are used anymore, set up a timeout to exit within
30 seconds.
Track the current action happening in the device, so we can
see what each device is doing. Refuse to launch a verification if
there's already one in progress.
If the finger passed for verification is -1, always emit the
VerifyFingerSelected signal, as the front-end isn't to know
whether we're using identification or verification.
- Add a finger selected signal, so that when an "automatic" finger
is selected for verification, we know which one to scan
- Fix the finger print numbers list to use GPOINTER_TO_INT /
GINT_TO_POINTER
- Make sure the gallery is NULL when there's no prints available
- Don't use identification when a finger number is provided
- Add support for selecting the finger number in verify
- Add support for fatal warnings there as well
Passing -1 to the VerifyStart function will either accept any
fingers scanned, if the driver supports identification, or select
the first enrolled fingerprint for scanning if it doesn't.
- Remove SetUsername itself, and add a username parameter to DeviceClaim,
ListEnrolledFingers and DeleteEnrolledFingers.
- For each of those calls, check that the incoming connection is allowed
to operate on that particular username
- Don't require a claimed device to list or remove fingerprints
- Clean up username and sender when releasing the device
- Modify the storage backend to not require an opened device to list
or delete fingerprints
- Add a simple test program to list registered fingerprints for the
usernames passed as argument
To delete all the enrolled finger prints for a particular user.
We can already overwrite existing enrolled fingerprints, and there's
not really any point in dismissing just one fingerprint.
Add PolicyKit checks to all the public functions, grouped
in 2 main groups: Verify and Enroll
By default, only the user is able to enroll new fingers,
or verify themselves.
You need to be allowed at least one of those 2 actions
to be allowed to claim or release the device.
We also add a new SetUsername function, for administration
functions. Users will need to be authenticate as admins to
be allowed to change the username on which the actions will
be taken. Any prints loaded before the change of username will
be unloaded.
Get a PolicyKit context per-device, set up its main loop,
and steal more code from gnome-panel to check whether
the actions are allowed for a particular caller.
Last FromStorage variant killed, we need to make sure all
the functions now use the storage functions internally,
otherwise we won't be able to load from the place we save.
Mark all the methods on the device as async, so we
can get access to the associated DBusGMethodInvocation.
When claiming the device, remember the sender, and for every
API entry point, check that the sender is the same as the one
that made the original claim.
Trying to enroll a user whilst the device is already claimed
from another program will fail with:
** ERROR **: failed to claim device: Device was already claimed
This is the first step towards PolicyKit and multi-user support
