We must ignore NameOwnerChanged that happen due to automatic startup.
The easy way to do so is to just register it only when we get to the
point that a name owner change has security implications.
While add it, change it to always log at a warning level.
Fixes: #94
Implement simple auto-pointers for the types we use in pam_fprintd with
a basic implementation based on GLib one so that we can have the same
features without having neither an header-dependency on it.
If fprintd disappears or is replaced, then we might be getting signals
from another daemon/verifcation session.
As such we must give up at that point.
Related: #47
In case fprintd is emitting a verify signal for another request that is
still going on while we're about to start a new verification, we'd just
accept such signal, so potentially allowing a log-in because another
concurrent request succeeded.
To avoid this, use async call to VerifyStart and open a verify window
(during which we accept the verification related signals) that is kept
open just once the VerifyStart call has been completed and before
stopping the verification again. As that's the only moment in which we
can be sure that we've control of the daemon events for such device.
Thanks to Benjamin to find out the race.
Fixes: #47
The data->result was free'ed both in the loop (before breaking) and
afterwards. As the first case did not set the pointer to NULL, this
could result in a double free.
Fix this by simply removing the free that is in the loop and relying on
the cleanup later on.
We need to make sure that the max_tries variable isn't decremented
further when we have success in the verification loop. Add missing break
to do that.
Fixes: affffaf134Closes: #40
This pam plugin never used GDBus because it transparently uses threads
which do not work well with a lot of PAM applications. But even settling
on the "still better to use than plain dbus library" dbus-glib wasn't
without problems, as any use or initialisation of GIO sockets would
modify signal handler for signals such as SIGPIPE (see gio/gsocket.c).
Many years later, sd-bus is a more modern alternative to the bare dbus
library with a better API.
This includes:
- Removing use of gboolean, guint, g_new0() and many glib string helpers
- Simplifying debug logging
- Marking user-facing messages to be translated
As written in the "Linux-PAM Application Developers' Guide"
at http://www.linux-pam.org/Linux-PAM-html/adg-security-user-identity.html:
"
As a general rule, the following convention for its value can be
assumed: NULL = unknown; localhost = invoked directly from the
local system; other.place.xyz = some component of the user's
connection originates from this remote/requesting host.
"
So also exit early if the hostname isn't localhost as it should be.
Closes: #21
Before claiming the device and therefore potentially activating
the actual hardware, make a call to see if the user has any
prints registered at all.
https://bugs.freedesktop.org/show_bug.cgi?id=99811
For some operations, i.e. listing the enrolled prints, the device
does not need to be claimed. Therefore the claiming can be delayed
until we actually start the verification process, allowing us to
query the fingerprint system if the user has any prints enrolled.
https://bugs.freedesktop.org/show_bug.cgi?id=99811
This commit makes pam_fprintd return PAM_UNKNOWN_USER when
the user has not enrolled a fingerprint.
This lets the administrator set up pam_fprintd as a required
authentication, method, but only for users that have enrolled a
fingerprint, as such:
auth [success=ok user_unknown=ignore default=die] pam_fprintd.so max_tries=1 timeout=-1
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
With this config, users w/o an enrolled fingerprint will just be
asked for a password. Users with an enrolled fingerprint will
required to login using both their fingerprint and a password.
https://bugs.freedesktop.org/show_bug.cgi?id=64781
pam_fprintd is very careful to use its own main loop context (as it
should) to prevent getting in the way of the gnome-screensaver.
Unfortunately, there's a small bug in its logic where it ends up
removing a random file descriptor from the default context. In the
bug report that file descriptor is really important. It's what
tells gnome-screensaver when to drop the dialog.
The patch is as simple as:
- g_source_remove (timeout_id);
+ g_source_destroy (source);
(g_source_remove always operates on the default context)
https://bugzilla.redhat.com/show_bug.cgi?id=614573
Pretty hacky way to detect whether the device we're handling has
been disconnected during a verify or enrollment. This should allow
us to avoid users having to wait when somebody pulls the plug.
On Mon, 2009-01-12 at 12:18 +0000, Konstantin V. Gavrilenko wrote:
> Hi Bastien,
>
> by default the fprintd installs the pam_fprintd into the /usr/lib64/security, whil egentoo searches them in /lib/security.
> So I simply simlinked it to the correct location /usr/lib64/security/pam_fprintd.so to /lib/security/pam_fprintd.so
> I've removed the symlink, and copied the file, but it does not change anything, the same error appears.
>
> As you asked, recompiled some of the packages with "-O1 -gddb" and "nostrip" options.
> #4 0x00007fa3344a3899 in dbus_connection_unref (connection=0x624e20) at dbus-connection.c:2686
> __FUNCTION__ = "dbus_connection_unref"
> #5 0x00007fa334915284 in pam_sm_authenticate (pamh=0x6105c0, flags=<value optimized out>, argc=<value optimized out>, argv=<value optimized out>) at pam_fprintd.c:375
> rhost = 0x0
> username = 0x610740 "root"
> i = <value optimized out>
> r = 0
Could you please test the attached patch?
Cheers
