Passing -1 to the VerifyStart function will either accept any
fingers scanned, if the driver supports identification, or select
the first enrolled fingerprint for scanning if it doesn't.
- Remove SetUsername itself, and add a username parameter to DeviceClaim,
ListEnrolledFingers and DeleteEnrolledFingers.
- For each of those calls, check that the incoming connection is allowed
to operate on that particular username
- Don't require a claimed device to list or remove fingerprints
- Clean up username and sender when releasing the device
- Modify the storage backend to not require an opened device to list
or delete fingerprints
- Add a simple test program to list registered fingerprints for the
usernames passed as argument
To delete all the enrolled finger prints for a particular user.
We can already overwrite existing enrolled fingerprints, and there's
not really any point in dismissing just one fingerprint.
Add PolicyKit checks to all the public functions, grouped
in 2 main groups: Verify and Enroll
By default, only the user is able to enroll new fingers,
or verify themselves.
You need to be allowed at least one of those 2 actions
to be allowed to claim or release the device.
We also add a new SetUsername function, for administration
functions. Users will need to be authenticate as admins to
be allowed to change the username on which the actions will
be taken. Any prints loaded before the change of username will
be unloaded.
Get a PolicyKit context per-device, set up its main loop,
and steal more code from gnome-panel to check whether
the actions are allowed for a particular caller.
Last FromStorage variant killed, we need to make sure all
the functions now use the storage functions internally,
otherwise we won't be able to load from the place we save.
Mark all the methods on the device as async, so we
can get access to the associated DBusGMethodInvocation.
When claiming the device, remember the sender, and for every
API entry point, check that the sender is the same as the one
that made the original claim.
Trying to enroll a user whilst the device is already claimed
from another program will fail with:
** ERROR **: failed to claim device: Device was already claimed
This is the first step towards PolicyKit and multi-user support
Make all of FPrintManager's struct members private,
warn of errors using a _get_error() function, as object
creation can never fail.
The only error possible shouldn't really be an error though,
as it only means that no devices will be enumerated, but it
could tell us about newly plugged devices instead.
This will be needed to get better error messages to
users of the D-Bus API. We use glib's builtin gettext
support. No strings marked as translatable yet, we'll
need to mark those user-visible strings carefully and
review them.
With this patch, and the D-Bus activation patches posted earlier the
fprintd daemon is started automatically when needed.
We should have a way to exit it nicely when there are no users
anymore as well...
