Release 1.90.8

It seems that GLib may process multiple DBus signals in one mainloop
iteration. This could cause messages to be re-ordered, which in turn
caused a race condition in the CI that could trigger random failures.

.git-blame-ignore-revs

@@ -0,0 +1,7 @@
+# The commits that did automated reformatting. You can ignore them
+# during git-blame with `--ignore-rev` or `--ignore-revs-file`.
+#
+#   $ git config --add 'blame.ignoreRevsFile' '.git-blame-ignore-revs'
+#
+
+f73429f06226f5423c92b1c504313657c9b6f9b5

.gitlab-ci.yml

@@ -8,9 +8,9 @@ include:
 
 variables:
   extends: .libfprint_common_variables
-  FEDORA_TAG: rawhide
+  FDO_DISTRIBUTION_TAG: latest
-  FEDORA_VERSION: rawhide
+  FDO_DISTRIBUTION_VERSION: rawhide
-  FEDORA_IMAGE: "$CI_REGISTRY/libfprint/$CI_PROJECT_NAME/fedora/$FEDORA_VERSION:$FEDORA_TAG"
+  FEDORA_IMAGE: "$CI_REGISTRY/libfprint/$CI_PROJECT_NAME/fedora/$FDO_DISTRIBUTION_VERSION:$FDO_DISTRIBUTION_TAG"
   DEPENDENCIES: dbus-glib-devel
                 gcc
                 gcovr
@@ -18,6 +18,7 @@ variables:
                 git
                 glibc-devel
                 gtk-doc
+                libasan
                 libfprint-devel
                 meson
                 pam-devel
@@ -28,7 +29,17 @@ variables:
 
 image: "$FEDORA_IMAGE"
 
-.install_libfprint_dev: &install_libfprint_dev
+stages:
+  - check-source
+  - build
+  - test
+
+.fprintd_build_preconditions:
+  except:
+    variables:
+      - $FPRINT_CRON_TASK == "BUILD_CI_IMAGES"
+
+.install_libfprint_dev:
   before_script:
     # Make sure we don't build or link against the system libfprint
     - dnf remove -y libfprint-devel
@@ -41,22 +52,27 @@ image: "$FEDORA_IMAGE"
     # So we don't get error about this libfprint file
     - echo "libfprint/demo/gtk-libfprint-test.ui" >> po/POTFILES.skip
 
+test_indent:
+  stage: check-source
+  extends: .fprintd_build_preconditions
+  script:
+    - scripts/uncrustify.sh
+    - git diff
+    - "! git status -s | grep -q ."
+
 build_stable:
-  except:
+  extends: .fprintd_build_preconditions
-    variables:
+  stage: build
-      - $FPRINT_CRON_TASK == "BUILD_CI_IMAGES"
-  # FIXME: Stable builds will fail until libfprintv 2 reaches rawhide
-  allow_failure: true
   script:
     - meson _build
     - ninja -C _build -v
     - ninja -C _build -v install
 
 build_dev:
-  except:
+  extends:
-    variables:
+    - .fprintd_build_preconditions
-      - $FPRINT_CRON_TASK == "BUILD_CI_IMAGES"
+    - .install_libfprint_dev
-  <<: *install_libfprint_dev
+  stage: build
   script:
     - meson _build --werror -Dgtk_doc=true
     - ninja -C _build -v
@@ -68,11 +84,10 @@ build_dev:
       - _build/meson-logs/*.txt
 
 test_dev:
-  except:
+  extends:
-    variables:
+    - .fprintd_build_preconditions
-      - $FPRINT_CRON_TASK == "BUILD_CI_IMAGES"
+    - .install_libfprint_dev
   stage: test
-  <<: *install_libfprint_dev
   script:
     - meson _build -Db_coverage=true
     - meson test -C _build --verbose --no-stdsplit --timeout-multiplier 3
@@ -84,15 +99,29 @@ test_dev:
     paths:
       - _build/meson-logs
 
+test_dev_with_sanitizer:
+  extends:
+    - .fprintd_build_preconditions
+    - .install_libfprint_dev
+  stage: test
+  script:
+    - meson _build -Db_sanitize=address
+    - meson test -C _build --verbose --no-stdsplit --timeout-multiplier 5
+  artifacts:
+    name: meson-logs
+    when: on_failure
+    paths:
+      - _build/meson-logs
+
 # CONTAINERS creation stage
 container_fedora_build:
-  extends: .fedora@container-build
+  extends: .fdo.container-build@fedora
   only:
     variables:
       - $FPRINT_CRON_TASK == "BUILD_CI_IMAGES"
   variables:
     GIT_STRATEGY: none # no need to pull the whole tree for rebuilding the image
     # a list of packages to install
-    FEDORA_RPMS:
+    FDO_DISTRIBUTION_PACKAGES:
       $DEPENDENCIES
       $LIBFPRINT_DEPENDENCIES

NEWS

@@ -1,6 +1,69 @@
 This file lists notable changes in each release. For the full history of all
 changes, see ChangeLog.
 
+Version 1.90.8:
+
+It seems that we are finally reaching the end of the tunnel with regard
+to regressions. One more issue that cropped up was that a pam_fprintd fix
+to avoid a possible authentication bypass caused issues when fprintd was
+just started on demand.
+
+Highlights:
+ - pam: Only listen to NameOwnerChanged after fprintd is known to run (#94)
+ - Place new ObjectManager DBus API at /net/reactivated/Fprint
+
+
+Version 1.90.7:
+
+While 1.90.6 fixed a number of issues, we did have a bad regression due
+causing pam_fprintd to crash when there are no fingerprint devices
+installed.
+
+Highlights:
+ - pam: Guard strdup calls against NULL pointers
+
+
+Version 1.90.6:
+
+The 1.90.5 release was unusable due to a number of inter-related issues
+with the DBus interface and authorization. We also found a number of
+problems with possible security implications.
+
+Currently fprintd will do interactive authorization even if this was not
+requested using the correct DBus method call flag. All API users MUST be
+updated to set the flag as it will be enabled in the future!
+
+Highlights:
+ - Fix fprintd DBus configuration
+ - Change details of what requires authorization
+ - Fix various race conditions in pam_fprintd
+ - Permit interactive authorization from fprintd utilities
+ - Do not allow deletion while another operation is ongoing
+
+
+Version 1.90.5:
+
+The 1.90.4 release contained some bad errors, this release addresses those.
+
+Highlights:
+ - Permit building with polkit older than 0.114
+ - Fix possible issues with PAM test
+ - Fix incorrect DBus policy
+ - Fix build so that CFLAGS enviroment is correctly used
+ - Skip hotplug test with older libfprint (which times out otherwise)
+
+Version 1.90.4:
+
+This fprintd release contains major core reworkings and improved testing.
+As such, only the most important changes are listed here, focusing on
+changes relevant to distributors.
+
+Highlights:
+ - Authentication is now required to enroll a new print (#5)
+ - Add support for the libfprint early reporting mechanism
+ - Proper hotplug support together with libfprint 1.90.4
+ - Handle STATE_DIRECTORY containing multiple paths
+
 version 1.90.1:
 - Add support for prints saved on the fingerprint device itself
 - Add integration tests using the virtual image driver, and further

config.h.in

@@ -9,3 +9,6 @@
 
 /* Define to the version of this package. */
 #mesondefine VERSION
+
+/* Whether current polkit version supports autopointers */
+#mesondefine POLKIT_HAS_AUTOPOINTERS

data/meson.build

@@ -11,6 +11,7 @@ configure_file(
     install_dir: dbus_service_dir,
 )
 
+if get_option('systemd')
     configure_file(
         configuration: configuration_data({
             'libexecdir': fprintd_installdir,
@@ -20,6 +21,7 @@ configure_file(
         install: true,
         install_dir: systemd_unit_dir,
     )
+endif
 
 polkit_policy = 'net.reactivated.fprint.device.policy'
 polkit_policy_target = i18n.merge_file(polkit_policy,

data/net.reactivated.Fprint.conf

@@ -12,8 +12,18 @@
 
   <!-- Anyone can talk to the service -->
   <policy context="default">
-    <allow send_destination="net.reactivated.Fprint"/>
+    <allow send_destination="net.reactivated.Fprint"
-    <allow send_interface="net.reactivated.Fprint"/>
+           send_interface="net.reactivated.Fprint.Manager"/>
+    <allow send_destination="net.reactivated.Fprint"
+           send_interface="net.reactivated.Fprint.Device"/>
+
+    <!-- Basic D-Bus API stuff -->
+    <allow send_destination="net.reactivated.Fprint"
+           send_interface="org.freedesktop.DBus.Introspectable"/>
+    <allow send_destination="net.reactivated.Fprint"
+           send_interface="org.freedesktop.DBus.Properties"/>
+    <allow send_destination="net.reactivated.Fprint"
+           send_interface="org.freedesktop.DBus.ObjectManager"/>
   </policy>
 
 </busconfig>

data/net.reactivated.fprint.device.policy.in

@@ -25,7 +25,7 @@
     <defaults>
       <allow_any>no</allow_any>
       <allow_inactive>no</allow_inactive>
-      <allow_active>yes</allow_active>
+      <allow_active>auth_self_keep</allow_active>
     </defaults>
   </action>
 

doc/dbus/meson.build

@@ -2,8 +2,8 @@ docbook_xml_header = custom_target('docbook_xml_header',
     output: 'docbook-xml-header.xml',
     command: [
         'echo', '-n',
-        '<?xml version="1.0"?>',
+        '<?xml version="1.0"?>\n',
-        '<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">',
+        '<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">\n',
     ],
     capture: true,
 )

meson.build

@@ -1,9 +1,9 @@
 project('fprintd', 'c',
-    version: '1.90.1',
+    version: '1.90.8',
     license: 'GPLv2+',
     default_options: [
         'buildtype=debugoptimized',
-        'warning_level=1',
+        'warning_level=3',
         'c_std=gnu99',
     ],
     meson_version: '>= 0.50.0')
@@ -12,23 +12,8 @@ gnome = import('gnome')
 i18n = import('i18n')
 
 cc = meson.get_compiler('c')
-host_system = host_machine.system()
-glib_min_version = '2.56'
-libfprint_min_version = '1.90.0'
-
-fprintd_installdir = get_option('prefix') / get_option('libexecdir')
-fprintd_plugindir = get_option('prefix') / get_option('libdir') / meson.project_name() / 'modules'
-storage_path = get_option('prefix') / get_option('localstatedir') / 'lib/fprint'
-localedir = get_option('prefix') / get_option('localedir')
-datadir = get_option('prefix') / get_option('datadir')
-sysconfdir = get_option('sysconfdir')
-if get_option('prefix') != '/usr'
-    sysconfdir = get_option('prefix') / sysconfdir
-endif
-
 common_cflags = cc.get_supported_arguments([
     '-fno-strict-aliasing',
-    '-Wall',
     '-Wcast-align',
     '-Werror=address',
     '-Werror=array-bounds',
@@ -67,14 +52,38 @@ common_cflags = cc.get_supported_arguments([
 ])
 add_project_arguments(common_cflags, language: 'c')
 
+common_cflags = cc.get_supported_arguments([
+    # The stub passes a lot of params that we do not use, maybe a good idea to
+    # mark it appropriately, but this works well for now.
+    '-Wno-unused-parameter',
+    # We use g_signal_handlers_disconnect_* which is not compatible with -Wpedantic
+    '-Wno-pedantic',
+])
+add_project_arguments(common_cflags, language: 'c')
+
+host_system = host_machine.system()
+# NOTE: Bump gdbus-codegen min version once we can depend on 2.64!
+glib_min_version = '2.56'
+libfprint_min_version = '1.90.1'
+
+fprintd_installdir = get_option('prefix') / get_option('libexecdir')
+fprintd_plugindir = get_option('prefix') / get_option('libdir') / meson.project_name() / 'modules'
+storage_path = get_option('prefix') / get_option('localstatedir') / 'lib/fprint'
+localedir = get_option('prefix') / get_option('localedir')
+datadir = get_option('prefix') / get_option('datadir')
+sysconfdir = get_option('sysconfdir')
+if get_option('prefix') != '/usr'
+    sysconfdir = get_option('prefix') / sysconfdir
+endif
+
 # Dependencies
 glib_dep = dependency('glib-2.0', version: '>=' + glib_min_version)
 gio_dep = dependency('gio-2.0', version: '>=' + glib_min_version)
+gio_unix_dep = dependency('gio-unix-2.0', version: '>=' + glib_min_version)
 gmodule_dep = dependency('gmodule-2.0', version: '>=' + glib_min_version)
 libfprint_dep = dependency('libfprint-2', version: '>=' + libfprint_min_version)
 polkit_gobject_dep = dependency('polkit-gobject-1', version: '>= 0.91')
 dbus_dep = dependency('dbus-1', required: false)
-dbus_glib_dep = dependency('dbus-glib-1')
 libsystemd_dep = dependency('libsystemd', required: get_option('pam'))
 pam_dep = cc.find_library('pam',
     required: get_option('pam'),
@@ -85,13 +94,17 @@ pod2man = find_program('pod2man', required: get_option('man'))
 xsltproc = find_program('xsltproc', required: get_option('gtk_doc'))
 
 # StateDirectory was introduced in systemd 235
-systemd_dep = dependency('systemd', version: '>= 235')
+systemd_dep = dependency('systemd', version: '>= 235', required: false)
 systemd_unit_dir = get_option('systemd_system_unit_dir')
 
-if systemd_unit_dir == ''
+if systemd_unit_dir == '' and systemd_dep.found()
     systemd_unit_dir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
 endif
 
+if get_option('systemd') and systemd_unit_dir == ''
+    error('systemd development files or systemd_system_unit_dir is needed for systemd support.')
+endif
+
 dbus_service_dir = get_option('dbus_service_dir')
 dbus_data_dir = datadir
 dbus_interfaces_dir = ''
@@ -125,6 +138,7 @@ python3_test_modules = {
     'dbus': true,
     'dbusmock': true,
     'gi': true,
+    'gi.repository.FPrint': true,
     'pypamtest': get_option('pam'),
 }
 python3_available_modules = []
@@ -140,6 +154,7 @@ cdata.set_quoted('GETTEXT_PACKAGE', meson.project_name())
 cdata.set_quoted('PACKAGE_VERSION', meson.project_version())
 cdata.set_quoted('VERSION', meson.project_version())
 cdata.set_quoted('SYSCONFDIR', sysconfdir)
+cdata.set('POLKIT_HAS_AUTOPOINTERS', polkit_gobject_dep.version().version_compare('>= 0.114'))
 
 config_h = configure_file(
   input: 'config.h.in',
@@ -178,5 +193,7 @@ output += '  PAM module: ' + pam_dep.found().to_string()
 output += '  Manuals: ' + get_option('man').to_string()
 output += '  GTK Doc: ' + get_option('gtk_doc').to_string()
 output += '  XML Linter ' + xmllint.found().to_string()
+output += '\nTest setup:\n'
+output += '  With address sanitizer: ' + address_sanitizer.to_string()
 
 message('\n'+'\n'.join(output)+'\n')

meson_options.txt

@@ -6,6 +6,10 @@ option('man',
     description: 'Generate the man files',
     type: 'boolean',
     value: true)
+option('systemd',
+    description: 'Install system service files',
+    type: 'boolean',
+    value: true)
 option('systemd_system_unit_dir',
     description: 'Directory for systemd service files',
     type: 'string')

pam/fingerprint-strings.h

@@ -28,16 +28,18 @@
 
 #define GNUC_UNUSED __attribute__((__unused__))
 
-static bool str_equal (const char *a, const char *b)
+static bool
+str_equal (const char *a, const char *b)
 {
   if (a == NULL && b == NULL)
     return true;
   if (a == NULL || b == NULL)
     return false;
-	return (strcmp (a, b) == 0);
+  return strcmp (a, b) == 0;
 }
 
-struct {
+struct
+{
   const char *dbus_name;
   const char *place_str_generic;
   const char *place_str_specific;
@@ -105,33 +107,44 @@ struct {
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wformat-nonliteral"
 
-GNUC_UNUSED static char *finger_str_to_msg(const char *finger_name, const char *driver_name, bool is_swipe)
+GNUC_UNUSED static char *
+finger_str_to_msg (const char *finger_name, const char *driver_name, bool is_swipe)
 {
   int i;
 
   if (finger_name == NULL)
     return NULL;
 
-	for (i = 0; fingers[i].dbus_name != NULL; i++) {
+  for (i = 0; fingers[i].dbus_name != NULL; i++)
-		if (str_equal (fingers[i].dbus_name, finger_name)) {
+    {
-			if (is_swipe == false) {
+      if (!str_equal (fingers[i].dbus_name, finger_name))
-				if (driver_name) {
+        continue;
+      if (is_swipe == false)
+        {
+          if (driver_name)
+            {
               char *s;
               int ret;
               ret = asprintf (&s, TR (fingers[i].place_str_specific), driver_name);
               return ret >= 0 ? s : NULL;
-				} else {
+            }
+          else
+            {
               return strdup (TR (fingers[i].place_str_generic));
             }
-			} else {
+        }
-				if (driver_name) {
+      else
+        {
+          if (driver_name)
+            {
               char *s;
               int ret;
               ret = asprintf (&s, TR (fingers[i].swipe_str_specific), driver_name);
               return ret >= 0 ? s : NULL;
-				} else {
-					return strdup (TR (fingers[i].swipe_str_generic));
             }
+          else
+            {
+              return strdup (TR (fingers[i].swipe_str_generic));
             }
         }
     }
@@ -146,23 +159,25 @@ GNUC_UNUSED static char *finger_str_to_msg(const char *finger_name, const char *
  * verify-match
  * verify-unknown-error
  */
-GNUC_UNUSED static const char *verify_result_str_to_msg(const char *result, bool is_swipe)
+GNUC_UNUSED static const char *
+verify_result_str_to_msg (const char *result, bool is_swipe)
 {
   if (result == NULL)
     return NULL;
 
-	if (strcmp (result, "verify-retry-scan") == 0) {
+  if (strcmp (result, "verify-retry-scan") == 0)
+    {
       if (is_swipe == false)
-			return N_("Place your finger on the reader again");
+        return TR (N_("Place your finger on the reader again"));
       else
-			return N_("Swipe your finger again");
+        return TR (N_("Swipe your finger again"));
     }
   if (strcmp (result, "verify-swipe-too-short") == 0)
-		return N_("Swipe was too short, try again");
+    return TR (N_("Swipe was too short, try again"));
   if (strcmp (result, "verify-finger-not-centered") == 0)
-		return N_("Your finger was not centered, try swiping your finger again");
+    return TR (N_("Your finger was not centered, try swiping your finger again"));
   if (strcmp (result, "verify-remove-and-retry") == 0)
-		return N_("Remove your finger, and try swiping your finger again");
+    return TR (N_("Remove your finger, and try swiping your finger again"));
 
   return NULL;
 }
@@ -172,24 +187,25 @@ GNUC_UNUSED static const char *verify_result_str_to_msg(const char *result, bool
  * enroll-failed
  * enroll-unknown-error
  */
-GNUC_UNUSED static const char *enroll_result_str_to_msg(const char *result, bool is_swipe)
+GNUC_UNUSED static const char *
+enroll_result_str_to_msg (const char *result, bool is_swipe)
 {
   if (result == NULL)
     return NULL;
 
-	if (strcmp (result, "enroll-retry-scan") == 0 || strcmp (result, "enroll-stage-passed") == 0) {
+  if (strcmp (result, "enroll-retry-scan") == 0 || strcmp (result, "enroll-stage-passed") == 0)
+    {
       if (is_swipe == false)
-			return N_("Place your finger on the reader again");
+        return TR (N_("Place your finger on the reader again"));
       else
-			return N_("Swipe your finger again");
+        return TR (N_("Swipe your finger again"));
     }
   if (strcmp (result, "enroll-swipe-too-short") == 0)
-		return N_("Swipe was too short, try again");
+    return TR (N_("Swipe was too short, try again"));
   if (strcmp (result, "enroll-finger-not-centered") == 0)
-		return N_("Your finger was not centered, try swiping your finger again");
+    return TR (N_("Your finger was not centered, try swiping your finger again"));
   if (strcmp (result, "enroll-remove-and-retry") == 0)
-		return N_("Remove your finger, and try swiping your finger again");
+    return TR (N_("Remove your finger, and try swiping your finger again"));
 
   return NULL;
 }
-

pam/pam_fprintd.c

@@ -43,6 +43,7 @@
 #define N_(s) (s)
 
 #include "fingerprint-strings.h"
+#include "pam_fprintd_autoptrs.h"
 
 #define DEFAULT_MAX_TRIES 3
 #define DEFAULT_TIMEOUT 30
@@ -63,18 +64,21 @@ static uint64_t
 now (void)
 {
   struct timespec ts;
+
   clock_gettime (CLOCK_MONOTONIC, &ts);
   return (uint64_t) ts.tv_sec * USEC_PER_SEC + (uint64_t) ts.tv_nsec / NSEC_PER_USEC;
 }
 
-static bool str_has_prefix (const char *s, const char *prefix)
+static bool
+str_has_prefix (const char *s, const char *prefix)
 {
   if (s == NULL || prefix == NULL)
     return false;
-	return (strncmp (s, prefix, strlen (prefix)) == 0);
+  return strncmp (s, prefix, strlen (prefix)) == 0;
 }
 
-static bool send_msg(pam_handle_t *pamh, const char *msg, int style)
+static bool
+send_msg (pam_handle_t *pamh, const char *msg, int style)
 {
   const struct pam_message mymsg = {
     .msg_style = style,
@@ -83,24 +87,24 @@ static bool send_msg(pam_handle_t *pamh, const char *msg, int style)
   const struct pam_message *msgp = &mymsg;
   const struct pam_conv *pc;
   struct pam_response *resp;
-	int r;
 
-	r = pam_get_item(pamh, PAM_CONV, (const void **) &pc);
+  if (pam_get_item (pamh, PAM_CONV, (const void **) &pc) != PAM_SUCCESS)
-	if (r != PAM_SUCCESS)
     return false;
 
   if (!pc || !pc->conv)
     return false;
 
-	return (pc->conv(1, &msgp, &resp, pc->appdata_ptr) == PAM_SUCCESS);
+  return pc->conv (1, &msgp, &resp, pc->appdata_ptr) == PAM_SUCCESS;
 }
 
-static bool send_info_msg(pam_handle_t *pamh, const char *msg)
+static bool
+send_info_msg (pam_handle_t *pamh, const char *msg)
 {
   return send_msg (pamh, msg, PAM_TEXT_INFO);
 }
 
-static bool send_err_msg(pam_handle_t *pamh, const char *msg)
+static bool
+send_err_msg (pam_handle_t *pamh, const char *msg)
 {
   return send_msg (pamh, msg, PAM_ERROR_MSG);
 }
@@ -110,39 +114,37 @@ open_device (pam_handle_t    *pamh,
              sd_bus       *bus,
              bool         *has_multiple_devices)
 {
-	sd_bus_error error = SD_BUS_ERROR_NULL;
+  pf_auto (sd_bus_error) error = SD_BUS_ERROR_NULL;
-	sd_bus_message *m = NULL;
+  pf_autoptr (sd_bus_message) m = NULL;
   size_t num_devices;
   const char *path = NULL;
-	char *ret;
   const char *s;
   int r;
 
   *has_multiple_devices = false;
 
-	r = sd_bus_call_method (bus,
+  if (sd_bus_call_method (bus,
                           "net.reactivated.Fprint",
                           "/net/reactivated/Fprint/Manager",
                           "net.reactivated.Fprint.Manager",
                           "GetDevices",
                           &error,
                           &m,
-				NULL);
+                          NULL) < 0)
-	if (r < 0) {
+    {
       pam_syslog (pamh, LOG_ERR, "GetDevices failed: %s", error.message);
-		sd_bus_error_free (&error);
       return NULL;
     }
 
   r = sd_bus_message_enter_container (m, 'a', "o");
-	if (r < 0) {
+  if (r < 0)
+    {
       pam_syslog (pamh, LOG_ERR, "Failed to parse answer from GetDevices(): %d", r);
-		goto out;
+      return NULL;
     }
 
-	r = sd_bus_message_read_basic (m, 'o', &path);
+  if (sd_bus_message_read_basic (m, 'o', &path) < 0)
-	if (r < 0)
+    return NULL;
-		goto out;
 
   num_devices = 1;
   while ((r = sd_bus_message_read_basic (m, 'o', &s)) > 0)
@@ -153,22 +155,36 @@ open_device (pam_handle_t    *pamh,
 
   sd_bus_message_exit_container (m);
 
-out:
+  return path ? strdup (path) : NULL;
-	ret = path ? strdup (path) : NULL;
-	sd_bus_message_unref (m);
-	return ret;
 }
 
-typedef struct {
+typedef struct
+{
+  char         *dev;
+  bool          has_multiple_devices;
+
   unsigned      max_tries;
   char         *result;
   bool          timed_out;
   bool          is_swipe;
+  bool          verify_started;
+  int           verify_ret;
   pam_handle_t *pamh;
 
   char         *driver;
 } verify_data;
 
+static void
+verify_data_free (verify_data *data)
+{
+  free (data->result);
+  free (data->driver);
+  free (data->dev);
+  free (data);
+}
+
+PF_DEFINE_AUTOPTR_CLEANUP_FUNC (verify_data, verify_data_free)
+
 static int
 verify_result (sd_bus_message *m,
                void           *userdata,
@@ -181,27 +197,48 @@ verify_result (sd_bus_message *m,
   uint64_t done = false;
   int r;
 
-	if (!sd_bus_message_is_signal(m, "net.reactivated.Fprint.Device", "VerifyStatus")) {
+  if (!sd_bus_message_is_signal (m, "net.reactivated.Fprint.Device", "VerifyStatus"))
+    {
       pam_syslog (data->pamh, LOG_ERR, "Not the signal we expected (iface: %s, member: %s)",
                   sd_bus_message_get_interface (m),
                   sd_bus_message_get_member (m));
       return 0;
     }
 
-	if ((r = sd_bus_message_read (m, "sb", &result, &done)) < 0) {
+  if ((r = sd_bus_message_read (m, "sb", &result, &done)) < 0)
+    {
       pam_syslog (data->pamh, LOG_ERR, "Failed to parse VerifyResult signal: %d", r);
+      data->verify_ret = PAM_AUTHINFO_UNAVAIL;
+      return 0;
+    }
+
+  if (!data->verify_started)
+    {
+      pam_syslog (data->pamh, LOG_ERR, "Unexpected VerifyResult '%s', %" PRIu64 " signal", result, done);
       return 0;
     }
 
   if (debug)
     pam_syslog (data->pamh, LOG_DEBUG, "Verify result: %s (done: %d)", result, done ? 1 : 0);
 
-	if (done) {
+  if (data->result)
+    {
+      free (data->result);
+      data->result = NULL;
+    }
+
+  if (done && result)
+    {
       data->result = strdup (result);
       return 0;
     }
 
-	msg = _(verify_result_str_to_msg (result, data->is_swipe));
+  msg = verify_result_str_to_msg (result, data->is_swipe);
+  if (!msg)
+    {
+      data->result = strdup ("Protocol error with fprintd!");
+      return 0;
+    }
   send_err_msg (data->pamh, msg);
 
   return 0;
@@ -214,18 +251,30 @@ verify_finger_selected (sd_bus_message *m,
 {
   verify_data *data = userdata;
   const char *finger_name = NULL;
-	char *msg;
+  pf_autofree char *msg = NULL;
 
-	if (sd_bus_message_read_basic (m, 's', &finger_name) < 0) {
+  if (sd_bus_message_read_basic (m, 's', &finger_name) < 0)
-		pam_syslog (data->pamh, LOG_ERR, "Failed to parse VerifyFingerSelected signal: %m");
+    {
+      pam_syslog (data->pamh, LOG_ERR, "Failed to parse VerifyFingerSelected signal: %d", errno);
+      data->verify_ret = PAM_AUTHINFO_UNAVAIL;
+      return 0;
+    }
+
+  if (!data->verify_started)
+    {
+      pam_syslog (data->pamh, LOG_ERR, "Unexpected VerifyFingerSelected %s signal", finger_name);
       return 0;
     }
 
   msg = finger_str_to_msg (finger_name, data->driver, data->is_swipe);
+  if (!msg)
+    {
+      data->result = strdup ("Protocol error with fprintd!");
+      return 0;
+    }
   if (debug)
     pam_syslog (data->pamh, LOG_DEBUG, "verify_finger_selected %s", msg);
   send_info_msg (data->pamh, msg);
-	free (msg);
 
   return 0;
 }
@@ -238,9 +287,10 @@ get_property_string (sd_bus *bus,
                      const char   *interface,
                      const char   *member,
                      sd_bus_error *error,
-		     char **ret) {
+                     char        **ret)
+{
 
-	sd_bus_message *reply = NULL;
+  pf_autoptr (sd_bus_message) reply = NULL;
   const char *s;
   char *n;
   int r;
@@ -251,125 +301,146 @@ get_property_string (sd_bus *bus,
 
   r = sd_bus_message_enter_container (reply, 'v', "s");
   if (r < 0)
-		goto fail;
+    return sd_bus_error_set_errno (error, r);
 
   r = sd_bus_message_read_basic (reply, 's', &s);
   if (r < 0)
-		goto fail;
+    return sd_bus_error_set_errno (error, r);
 
   n = strdup (s);
-	if (!n) {
+  if (!n)
-		r = -ENOMEM;
+    return sd_bus_error_set_errno (error, -ENOMEM);
-		goto fail;
-	}
-
-	sd_bus_message_unref (reply);
 
   *ret = n;
   return 0;
+}
 
-fail:
+
-	if (reply != NULL)
+static int
-		sd_bus_message_unref (reply);
+verify_started_cb (sd_bus_message *m,
-	return sd_bus_error_set_errno(error, r);
+                   void           *userdata,
+                   sd_bus_error   *ret_error)
+{
+  const sd_bus_error *error = sd_bus_message_get_error (m);
+  verify_data *data = userdata;
+
+  if (error)
+    {
+      if (sd_bus_error_has_name (error, "net.reactivated.Fprint.Error.NoEnrolledPrints"))
+        {
+          pam_syslog (data->pamh, LOG_DEBUG, "No prints enrolled");
+          data->verify_ret = PAM_USER_UNKNOWN;
+        }
+      else
+        {
+          data->verify_ret = PAM_AUTH_ERR;
+        }
+
+      if (debug)
+        pam_syslog (data->pamh, LOG_DEBUG, "VerifyStart failed: %s", error->message);
+
+      return 1;
+    }
+
+  if (debug)
+    pam_syslog (data->pamh, LOG_DEBUG, "VerifyStart completed successfully");
+
+  data->verify_started = true;
+
+  return 1;
 }
 
 static int
-do_verify (pam_handle_t *pamh,
+do_verify (sd_bus      *bus,
-	   sd_bus       *bus,
+           verify_data *data)
-	   const char   *dev,
-	   bool          has_multiple_devices)
 {
-	verify_data *data;
+  pf_autoptr (sd_bus_slot) verify_status_slot = NULL;
-	sd_bus_slot *verify_status_slot, *verify_finger_selected_slot;
+  pf_autoptr (sd_bus_slot) verify_finger_selected_slot = NULL;
-	char *scan_type = NULL;
+  pf_autofree char *scan_type = NULL;
-	int ret;
   int r;
 
-	data = calloc (1, sizeof(verify_data));
-	data->max_tries = max_tries;
-	data->pamh = pamh;
-
   /* Get some properties for the device */
   r = get_property_string (bus,
                            "net.reactivated.Fprint",
-				 dev,
+                           data->dev,
                            "net.reactivated.Fprint.Device",
                            "scan-type",
                            NULL,
                            &scan_type);
   if (r < 0)
-		pam_syslog (data->pamh, LOG_ERR, "Failed to get scan-type for %s: %d", dev, r);
+    pam_syslog (data->pamh, LOG_ERR, "Failed to get scan-type for %s: %d", data->dev, r);
   if (debug)
-		pam_syslog (data->pamh, LOG_DEBUG, "scan-type for %s: %s", dev, scan_type);
+    pam_syslog (data->pamh, LOG_DEBUG, "scan-type for %s: %s", data->dev, scan_type);
   if (str_equal (scan_type, "swipe"))
     data->is_swipe = true;
-	free (scan_type);
 
-	if (has_multiple_devices) {
+  if (data->has_multiple_devices)
+    {
       get_property_string (bus,
                            "net.reactivated.Fprint",
-				     dev,
+                           data->dev,
                            "net.reactivated.Fprint.Device",
                            "name",
                            NULL,
                            &data->driver);
       if (r < 0)
-			pam_syslog (data->pamh, LOG_ERR, "Failed to get driver name for %s: %d", dev, r);
+        pam_syslog (data->pamh, LOG_ERR, "Failed to get driver name for %s: %d", data->dev, r);
       if (debug && r == 0)
-			pam_syslog (data->pamh, LOG_DEBUG, "driver name for %s: %s", dev, data->driver);
+        pam_syslog (data->pamh, LOG_DEBUG, "driver name for %s: %s", data->dev, data->driver);
     }
 
-	verify_status_slot = NULL;
   sd_bus_match_signal (bus,
                        &verify_status_slot,
                        "net.reactivated.Fprint",
-			     dev,
+                       data->dev,
                        "net.reactivated.Fprint.Device",
                        "VerifyStatus",
                        verify_result,
                        data);
 
-	verify_finger_selected_slot = NULL;
   sd_bus_match_signal (bus,
                        &verify_finger_selected_slot,
                        "net.reactivated.Fprint",
-			     dev,
+                       data->dev,
                        "net.reactivated.Fprint.Device",
                        "VerifyFingerSelected",
                        verify_finger_selected,
                        data);
 
-	ret = PAM_AUTH_ERR;
+  while (data->max_tries > 0)
-
+    {
-	while (ret == PAM_AUTH_ERR && data->max_tries > 0) {
       uint64_t verification_end = now () + (timeout * USEC_PER_SEC);
-		sd_bus_message *m = NULL;
-		sd_bus_error error = SD_BUS_ERROR_NULL;
 
       data->timed_out = false;
+      data->verify_started = false;
+      data->verify_ret = PAM_INCOMPLETE;
 
-		r = sd_bus_call_method (bus,
+      free (data->result);
+      data->result = NULL;
+
+      if (debug)
+        pam_syslog (data->pamh, LOG_DEBUG, "About to call VerifyStart");
+
+      r = sd_bus_call_method_async (bus,
+                                    NULL,
                                     "net.reactivated.Fprint",
-					dev,
+                                    data->dev,
                                     "net.reactivated.Fprint.Device",
                                     "VerifyStart",
-					&error,
+                                    verify_started_cb,
-					&m,
+                                    data,
                                     "s",
                                     "any");
 
-		if (r < 0) {
+      if (r < 0)
-			if (sd_bus_error_has_name (&error, "net.reactivated.Fprint.Error.NoEnrolledPrints"))
+        {
-				ret = PAM_USER_UNKNOWN;
-
           if (debug)
-				pam_syslog (pamh, LOG_DEBUG, "VerifyStart failed: %s", error.message);
+            pam_syslog (data->pamh, LOG_DEBUG, "VerifyStart call failed: %d", r);
-			sd_bus_error_free (&error);
           break;
         }
 
-		for (;;) {
+      for (;;)
+        {
           int64_t wait_time;
 
           wait_time = verification_end - now ();
@@ -379,29 +450,40 @@ do_verify (pam_handle_t *pamh,
           r = sd_bus_process (bus, NULL);
           if (r < 0)
             break;
+          if (data->verify_ret != PAM_INCOMPLETE)
+            break;
+          if (!data->verify_started)
+            continue;
           if (data->result != NULL)
             break;
-			if (r == 0) {
+          if (r == 0)
-				if (debug) {
+            {
-					pam_syslog(pamh, LOG_DEBUG, "Waiting for %"PRId64" seconds (%"PRId64" usecs)",
+              if (debug)
+                {
+                  pam_syslog (data->pamh, LOG_DEBUG,
+                              "Waiting for %" PRId64 " seconds (%" PRId64 " usecs)",
                               wait_time / USEC_PER_SEC,
                               wait_time);
                 }
-				r = sd_bus_wait (bus, wait_time);
+              if (sd_bus_wait (bus, wait_time) < 0)
-				if (r < 0)
                 break;
             }
         }
 
-		if (now () >= verification_end) {
+      if (data->verify_ret != PAM_INCOMPLETE)
+        return data->verify_ret;
+
+      if (now () >= verification_end)
+        {
           data->timed_out = true;
           send_info_msg (data->pamh, _("Verification timed out"));
         }
 
       /* Ignore errors from VerifyStop */
+      data->verify_started = false;
       sd_bus_call_method (bus,
                           "net.reactivated.Fprint",
-				    dev,
+                          data->dev,
                           "net.reactivated.Fprint.Device",
                           "VerifyStop",
                           NULL,
@@ -409,46 +491,41 @@ do_verify (pam_handle_t *pamh,
                           NULL,
                           NULL);
 
-		if (data->timed_out) {
+      if (data->timed_out)
-			ret = PAM_AUTHINFO_UNAVAIL;
+        {
-			break;
+          return PAM_AUTHINFO_UNAVAIL;
-		} else {
+        }
-			if (str_equal (data->result, "verify-no-match")) {
+      else
-				send_err_msg (data->pamh, "Failed to match fingerprint");
+        {
-				ret = PAM_AUTH_ERR;
+          if (str_equal (data->result, "verify-no-match"))
-			} else if (str_equal (data->result, "verify-match")) {
+            {
-				ret = PAM_SUCCESS;
+              send_err_msg (data->pamh, "Failed to match fingerprint");
-				break;
+            }
-			} else if (str_equal (data->result, "verify-unknown-error")) {
+          else if (str_equal (data->result, "verify-match"))
-				ret = PAM_AUTHINFO_UNAVAIL;
+            {
-			} else if (str_equal (data->result, "verify-disconnected")) {
+              return PAM_SUCCESS;
-				ret = PAM_AUTHINFO_UNAVAIL;
+            }
-				free (data->result);
+          else if (str_equal (data->result, "verify-unknown-error"))
-				break;
+            {
-			} else {
+              return PAM_AUTHINFO_UNAVAIL;
-				send_info_msg (data->pamh, _("An unknown error occurred"));
+            }
-				ret = PAM_AUTH_ERR;
+          else if (str_equal (data->result, "verify-disconnected"))
-				free (data->result);
+            {
-				break;
+              return PAM_AUTHINFO_UNAVAIL;
+            }
+          else
+            {
+              send_err_msg (data->pamh, _("An unknown error occurred"));
+              return PAM_AUTH_ERR;
             }
-			free (data->result);
-			data->result = NULL;
         }
       data->max_tries--;
     }
 
   if (data->max_tries == 0)
-		ret = PAM_MAXTRIES;
+    return PAM_MAXTRIES;
 
-	sd_bus_slot_unref (verify_status_slot);
+  return PAM_AUTH_ERR;
-	sd_bus_slot_unref (verify_finger_selected_slot);
-
-	if (data->result)
-		free (data->result);
-	free (data->driver);
-	free (data);
-
-	return ret;
 }
 
 static bool
@@ -457,8 +534,8 @@ user_has_prints (pam_handle_t *pamh,
                  const char   *dev,
                  const char   *username)
 {
-	sd_bus_error error = SD_BUS_ERROR_NULL;
+  pf_auto (sd_bus_error) error = SD_BUS_ERROR_NULL;
-	sd_bus_message *m = NULL;
+  pf_autoptr (sd_bus_message) m = NULL;
   size_t num_fingers = 0;
   const char *s;
   int r;
@@ -472,32 +549,29 @@ user_has_prints (pam_handle_t *pamh,
                           &m,
                           "s",
                           username);
-	if (r < 0) {
+  if (r < 0)
+    {
       /* If ListEnrolledFingers fails then verification should
        * also fail (both use the same underlying call), so we
        * report false here and bail out early.  */
-		if (debug) {
+      if (debug)
         pam_syslog (pamh, LOG_DEBUG, "ListEnrolledFingers failed for %s: %s",
                     username, error.message);
-		}
-		sd_bus_error_free (&error);
       return false;
     }
 
   r = sd_bus_message_enter_container (m, 'a', "s");
-	if (r < 0) {
+  if (r < 0)
+    {
       pam_syslog (pamh, LOG_ERR, "Failed to parse answer from ListEnrolledFingers(): %d", r);
-		goto out;
+      return false;
     }
 
-	num_fingers = 0;
   while ((r = sd_bus_message_read_basic (m, 's', &s)) > 0)
     num_fingers++;
   sd_bus_message_exit_container (m);
 
-out:
+  return num_fingers > 0;
-	sd_bus_message_unref (m);
-	return (num_fingers > 0);
 }
 
 static void
@@ -505,10 +579,9 @@ release_device (pam_handle_t *pamh,
                 sd_bus       *bus,
                 const char   *dev)
 {
-	sd_bus_error error = SD_BUS_ERROR_NULL;
+  pf_auto (sd_bus_error) error = SD_BUS_ERROR_NULL;
-	int r;
 
-	r = sd_bus_call_method (bus,
+  if (sd_bus_call_method (bus,
                           "net.reactivated.Fprint",
                           dev,
                           "net.reactivated.Fprint.Device",
@@ -516,11 +589,8 @@ release_device (pam_handle_t *pamh,
                           &error,
                           NULL,
                           NULL,
-				NULL);
+                          NULL) < 0)
-	if (r < 0) {
     pam_syslog (pamh, LOG_ERR, "ReleaseDevice failed: %s", error.message);
-		sd_bus_error_free (&error);
-	}
 }
 
 static bool
@@ -529,10 +599,9 @@ claim_device (pam_handle_t *pamh,
               const char   *dev,
               const char   *username)
 {
-	sd_bus_error error = SD_BUS_ERROR_NULL;
+  pf_auto (sd_bus_error) error = SD_BUS_ERROR_NULL;
-	int r;
 
-	r = sd_bus_call_method (bus,
+  if (sd_bus_call_method (bus,
                           "net.reactivated.Fprint",
                           dev,
                           "net.reactivated.Fprint.Device",
@@ -540,53 +609,96 @@ claim_device (pam_handle_t *pamh,
                           &error,
                           NULL,
                           "s",
-				username);
+                          username) < 0)
-	if (r < 0) {
+    {
       if (debug)
         pam_syslog (pamh, LOG_DEBUG, "failed to claim device %s", error.message);
-		sd_bus_error_free (&error);
       return false;
     }
 
   return true;
 }
 
-static int do_auth(pam_handle_t *pamh, const char *username)
+static int
+name_owner_changed (sd_bus_message *m,
+                    void           *userdata,
+                    sd_bus_error   *ret_error)
+{
+  verify_data *data = userdata;
+  const char *name = NULL;
+  const char *old_owner = NULL;
+  const char *new_owner = NULL;
+
+  if (sd_bus_message_read (m, "sss", &name, &old_owner, &new_owner) < 0)
+    {
+      pam_syslog (data->pamh, LOG_ERR, "Failed to parse NameOwnerChanged signal: %d", errno);
+      data->verify_ret = PAM_AUTHINFO_UNAVAIL;
+      return 0;
+    }
+
+  if (strcmp (name, "net.reactivated.Fprint") != 0)
+    return 0;
+
+  /* Name owner for fprintd changed, give up as we might start listening
+   * to events from a new name owner otherwise. */
+  data->verify_ret = PAM_AUTHINFO_UNAVAIL;
+
+  pam_syslog (data->pamh, LOG_WARNING, "fprintd name owner changed during operation!");
+
+  return 0;
+}
+
+static int
+do_auth (pam_handle_t *pamh, const char *username)
 {
-	char *dev;
   bool have_prints;
-	bool has_multiple_devices;
-	int ret = PAM_AUTHINFO_UNAVAIL;
-	sd_bus *bus = NULL;
 
-	if (sd_bus_open_system (&bus) < 0) {
+  pf_autoptr (verify_data) data = NULL;
-		pam_syslog (pamh, LOG_ERR, "Error with getting the bus: %m");
+  pf_autoptr (sd_bus) bus = NULL;
+  pf_autoptr (sd_bus_slot) name_owner_changed_slot = NULL;
+
+  data = calloc (1, sizeof (verify_data));
+  data->max_tries = max_tries;
+  data->pamh = pamh;
+
+  if (sd_bus_open_system (&bus) < 0)
+    {
+      pam_syslog (pamh, LOG_ERR, "Error with getting the bus: %d", errno);
       return PAM_AUTHINFO_UNAVAIL;
     }
 
-	dev = open_device (pamh, bus, &has_multiple_devices);
+  data->dev = open_device (pamh, bus, &data->has_multiple_devices);
-	if (dev == NULL) {
+  if (data->dev == NULL)
-		sd_bus_unref (bus);
     return PAM_AUTHINFO_UNAVAIL;
-	}
 
-	have_prints = user_has_prints (pamh, bus, dev, username);
+  have_prints = user_has_prints (pamh, bus, data->dev, username);
   if (debug)
     pam_syslog (pamh, LOG_DEBUG, "prints registered: %s\n", have_prints ? "yes" : "no");
 
   if (!have_prints)
-		goto out;
+    return PAM_AUTHINFO_UNAVAIL;
 
-	if (claim_device (pamh, bus, dev, username)) {
+  /* Only connect to NameOwnerChanged when needed. In case of automatic startup
-		ret = do_verify (pamh, bus, dev, has_multiple_devices);
+   * we rely on the fact that we never see those signals.
-		release_device (pamh, bus, dev);
+   */
+  name_owner_changed_slot = NULL;
+  sd_bus_match_signal (bus,
+                       &name_owner_changed_slot,
+                       "org.freedesktop.DBus",
+                       "/org/freedesktop/DBus",
+                       "org.freedesktop.DBus",
+                       "NameOwnerChanged",
+                       name_owner_changed,
+                       data);
+
+  if (claim_device (pamh, bus, data->dev, username))
+    {
+      int ret = do_verify (bus, data);
+      release_device (pamh, bus, data->dev);
+      return ret;
     }
 
-out:
+  return PAM_AUTHINFO_UNAVAIL;
-	free (dev);
-	sd_bus_unref (bus);
-
-	return ret;
 }
 
 static bool
@@ -601,9 +713,8 @@ is_remote (pam_handle_t *pamh)
    * We want to not run for known remote hosts */
   if (rhost != NULL &&
       *rhost != '\0' &&
-	    strcmp (rhost, "localhost") != 0) {
+      strcmp (rhost, "localhost") != 0)
     return true;
-	}
 
   if (sd_session_is_remote (NULL) > 0)
     return true;
@@ -611,12 +722,12 @@ is_remote (pam_handle_t *pamh)
   return false;
 }
 
-PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+PAM_EXTERN int
+pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
                      const char **argv)
 {
   const char *username;
-	unsigned i;
+  int i;
-	int r;
 
   bindtextdomain (GETTEXT_PACKAGE, LOCALEDIR);
   bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
@@ -624,72 +735,86 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
   if (is_remote (pamh))
     return PAM_AUTHINFO_UNAVAIL;
 
-	r = pam_get_user(pamh, &username, NULL);
+  if (pam_get_user (pamh, &username, NULL) != PAM_SUCCESS)
-	if (r != PAM_SUCCESS)
     return PAM_AUTHINFO_UNAVAIL;
 
-	for (i = 0; i < argc; i++) {
+  for (i = 0; i < argc; i++)
-		if (argv[i] != NULL) {
+    {
-			if (str_equal (argv[i], "debug")) {
+      if (argv[i] != NULL)
+        {
+          if (str_equal (argv[i], "debug"))
+            {
               pam_syslog (pamh, LOG_DEBUG, "debug on");
               debug = true;
-			} else if (str_has_prefix (argv[i], DEBUG_MATCH)) {
+            }
+          else if (str_has_prefix (argv[i], DEBUG_MATCH))
+            {
               pam_syslog (pamh, LOG_DEBUG, "debug on");
               const char *value;
 
               value = argv[i] + strlen (DEBUG_MATCH);
               if (str_equal (value, "on") ||
                   str_equal (value, "true") ||
-				    str_equal (value, "1")) {
+                  str_equal (value, "1"))
+                {
                   pam_syslog (pamh, LOG_DEBUG, "debug on");
                   debug = true;
-				} else if (str_equal (value, "off") ||
+                }
+              else if (str_equal (value, "off") ||
                        str_equal (value, "false") ||
-					   str_equal (value, "0")) {
+                       str_equal (value, "0"))
+                {
                   debug = false;
-				} else {
+                }
+              else
+                {
                   pam_syslog (pamh, LOG_DEBUG, "invalid debug value '%s', disabling", value);
                 }
-			} else if (str_has_prefix (argv[i], MAX_TRIES_MATCH) && strlen(argv[i]) == strlen (MAX_TRIES_MATCH) + 1) {
+            }
+          else if (str_has_prefix (argv[i], MAX_TRIES_MATCH) && strlen (argv[i]) == strlen (MAX_TRIES_MATCH) + 1)
+            {
               max_tries = atoi (argv[i] + strlen (MAX_TRIES_MATCH));
-				if (max_tries < 1) {
+              if (max_tries < 1)
-					if (debug) {
+                {
+                  if (debug)
                     pam_syslog (pamh, LOG_DEBUG, "invalid max tries '%s', using %d",
                                 argv[i] + strlen (MAX_TRIES_MATCH), DEFAULT_MAX_TRIES);
-					}
                   max_tries = DEFAULT_MAX_TRIES;
                 }
               if (debug)
                 pam_syslog (pamh, LOG_DEBUG, "max_tries specified as: %d", max_tries);
-			} else if (str_has_prefix (argv[i], TIMEOUT_MATCH) && strlen(argv[i]) <= strlen (TIMEOUT_MATCH) + 2) {
+            }
+          else if (str_has_prefix (argv[i], TIMEOUT_MATCH) && strlen (argv[i]) <= strlen (TIMEOUT_MATCH) + 2)
+            {
               timeout = atoi (argv[i] + strlen (TIMEOUT_MATCH));
-				if (timeout < MIN_TIMEOUT) {
+              if (timeout < MIN_TIMEOUT)
-					if (debug) {
+                {
+                  if (debug)
                     pam_syslog (pamh, LOG_DEBUG, "timeout %d secs too low, using %d",
                                 timeout, MIN_TIMEOUT);
-					}
                   timeout = MIN_TIMEOUT;
-				} else if (debug) {
+                }
+              else if (debug)
+                {
                   pam_syslog (pamh, LOG_DEBUG, "timeout specified as: %d secs", timeout);
                 }
             }
         }
     }
 
-	r = do_auth(pamh, username);
+  return do_auth (pamh, username);
-
-	return r;
 }
 
-PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
+PAM_EXTERN int
+pam_sm_setcred (pam_handle_t *pamh, int flags, int argc,
                 const char **argv)
 {
   return PAM_SUCCESS;
 }
 
-PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
+PAM_EXTERN int
+pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc,
                   const char **argv)
 {
   return PAM_SUCCESS;
 }
-

pam/pam_fprintd_autoptrs.h

@@ -0,0 +1,61 @@
+/*
+ * pam_fprint: PAM module for fingerprint authentication through fprintd
+ * Copyright (C) 2020 Marco Trevisan <marco.trevisan@canonical.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#pragma once
+
+#include <stdlib.h>
+
+/* Define auto-pointers functions, based on GLib Macros */
+
+#define _CLEANUP_FUNC(func) __attribute__((cleanup (func)))
+
+#define _PF_AUTOPTR_FUNC_NAME(TypeName) pf_autoptr_cleanup_ ## TypeName
+#define _PF_AUTOPTR_TYPENAME(TypeName)  TypeName ## _pf_autoptr
+
+#define PF_DEFINE_AUTOPTR_CLEANUP_FUNC(TypeName, cleanup) \
+  typedef TypeName *_PF_AUTOPTR_TYPENAME (TypeName);    \
+  static __attribute__((__unused__)) inline void        \
+  _PF_AUTOPTR_FUNC_NAME (TypeName) (TypeName **_ptr)    \
+  { if (_ptr) (cleanup) (*_ptr); }
+
+#define PF_DEFINE_AUTO_CLEAN_FUNC(TypeName, cleanup)  \
+  static __attribute__((__unused__)) inline void    \
+  _PF_AUTOPTR_FUNC_NAME (TypeName) (TypeName *_ptr) \
+  { cleanup (_ptr); }
+
+static inline void
+autoptr_cleanup_generic_free (void *p)
+{
+  void **pp = (void **) p;
+
+  free (*pp);
+}
+
+#define pf_autofree _CLEANUP_FUNC (autoptr_cleanup_generic_free)
+#define pf_autoptr(TypeName) \
+  _CLEANUP_FUNC (_PF_AUTOPTR_FUNC_NAME (TypeName)) \
+  _PF_AUTOPTR_TYPENAME (TypeName)
+#define pf_auto(TypeName) \
+  _CLEANUP_FUNC (_PF_AUTOPTR_FUNC_NAME (TypeName)) TypeName
+
+PF_DEFINE_AUTOPTR_CLEANUP_FUNC (sd_bus, sd_bus_unref)
+PF_DEFINE_AUTOPTR_CLEANUP_FUNC (sd_bus_message, sd_bus_message_unref)
+PF_DEFINE_AUTOPTR_CLEANUP_FUNC (sd_bus_slot, sd_bus_slot_unref)
+
+PF_DEFINE_AUTO_CLEAN_FUNC (sd_bus_error, sd_bus_error_free)

scripts/uncrustify.cfg

@@ -0,0 +1,137 @@
+newlines                lf
+
+input_tab_size          8
+output_tab_size         8
+
+string_escape_char      92
+string_escape_char2     0
+
+# indenting
+indent_columns          2
+indent_with_tabs        0
+indent_align_string     True
+indent_brace            2
+indent_braces           false
+indent_braces_no_func   True
+indent_func_call_param  false
+indent_func_def_param   false
+indent_func_proto_param false
+indent_switch_case      0
+indent_case_brace       2
+indent_paren_close      1
+
+# spacing
+sp_arith                        Add
+sp_assign                       Add
+sp_enum_assign                  Add
+sp_bool                         Add
+sp_compare                      Add
+sp_inside_paren                 Remove
+sp_inside_fparens               Remove
+sp_func_def_paren               Force
+sp_func_proto_paren             Force
+sp_paren_paren                  Remove
+sp_balance_nested_parens        False
+sp_paren_brace                  Remove
+sp_before_square                Remove
+sp_before_squares               Remove
+sp_inside_square                Remove
+sp_before_ptr_star              Add
+sp_between_ptr_star             Remove
+sp_after_comma                  Add
+sp_before_comma                 Remove
+sp_after_cast                   Add
+sp_sizeof_paren                 Add
+sp_not                          Remove
+sp_inv                          Remove
+sp_addr                         Remove
+sp_member                       Remove
+sp_deref                        Remove
+sp_sign                         Remove
+sp_incdec                       Remove
+sp_attribute_paren              remove
+sp_macro                        Force
+sp_func_call_paren              Force
+sp_func_call_user_paren         Remove
+set func_call_user _ N_ C_ g_autoptr g_auto
+sp_brace_typedef                add
+sp_cond_colon                   add
+sp_cond_question                add
+sp_defined_paren                remove
+
+# alignment
+align_keep_tabs                 False
+align_with_tabs                 False
+align_on_tabstop                False
+align_number_right              False
+align_func_params               True
+align_var_def_span              0
+align_var_def_amp_style         1
+align_var_def_colon             true
+align_enum_equ_span             0
+align_var_struct_span           2
+align_var_def_star_style        2
+align_var_def_amp_style         2
+align_typedef_span              2
+align_typedef_func              0
+align_typedef_star_style        2
+align_typedef_amp_style         2
+
+# newlines
+nl_assign_leave_one_liners      True
+nl_enum_leave_one_liners        False
+nl_func_leave_one_liners        False
+nl_if_leave_one_liners          False
+nl_end_of_file                  Add
+nl_assign_brace                 Remove
+nl_func_var_def_blk             1
+nl_fcall_brace                  Add
+nl_enum_brace                   Remove
+nl_struct_brace                 Force
+nl_union_brace                  Force
+nl_if_brace                     Force
+nl_brace_else                   Force
+nl_elseif_brace                 Force
+nl_else_brace                   Add
+nl_for_brace                    Force
+nl_while_brace                  Force
+nl_do_brace                     Force
+nl_brace_while                  Force
+nl_switch_brace                 Force
+nl_before_case                  True
+nl_after_case                   False
+nl_func_type_name               Force
+nl_func_proto_type_name         Remove
+nl_func_paren                   Remove
+nl_func_decl_start              Remove
+nl_func_decl_args               Force
+nl_func_decl_end                Remove
+nl_fdef_brace                   Force
+nl_after_return                 False
+nl_define_macro                 False
+nl_create_if_one_liner          False
+nl_create_for_one_liner         False
+nl_create_while_one_liner       False
+nl_after_semicolon              True
+nl_multi_line_cond              true
+
+# mod
+# I'd like these to be remove, but that removes brackets in if { if { foo } }, which i dislike
+# Not clear what to do about that...
+mod_full_brace_for              Remove
+mod_full_brace_if               Remove
+mod_full_brace_if_chain         True
+mod_full_brace_while            Remove
+mod_full_brace_do               Remove
+mod_full_brace_nl               3
+mod_paren_on_return             Remove
+
+# line splitting
+#code_width                     = 78
+ls_for_split_full               True
+ls_func_split_full              True
+
+# positioning
+pos_bool                        Trail
+pos_conditional                 Trail
+

scripts/uncrustify.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+SRCROOT=`git rev-parse --show-toplevel`
+CFG="$SRCROOT/scripts/uncrustify.cfg"
+echo "srcroot: $SRCROOT"
+
+case "$1" in
+    -c|--check)
+	OPTS="--check"
+        ;;
+    *)
+	OPTS="--replace --no-backup"
+        ;;
+esac
+
+pushd "$SRCROOT"
+uncrustify -c "$CFG" $OPTS `git ls-tree --name-only -r HEAD | grep -E '.*\.[ch]$' | grep -v build/`
+RES=$?
+popd
+exit $RES

src/dbus-interactive-auth.patch

@@ -0,0 +1,110 @@
+--- a/src/fprintd-dbus.c	2020-12-04 16:38:28.527712626 +0100
++++ b/src/fprintd-dbus.c	2020-12-04 16:40:03.561692619 +0100
+@@ -1149,7 +1149,7 @@
+     "ListEnrolledFingers",
+     g_variant_new ("(s)",
+                    arg_username),
+-    G_DBUS_CALL_FLAGS_NONE,
++    G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION,
+     -1,
+     cancellable,
+     callback,
+@@ -1213,7 +1213,7 @@
+     "ListEnrolledFingers",
+     g_variant_new ("(s)",
+                    arg_username),
+-    G_DBUS_CALL_FLAGS_NONE,
++    G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION,
+     -1,
+     cancellable,
+     error);
+@@ -1253,7 +1253,7 @@
+     "DeleteEnrolledFingers",
+     g_variant_new ("(s)",
+                    arg_username),
+-    G_DBUS_CALL_FLAGS_NONE,
++    G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION,
+     -1,
+     cancellable,
+     callback,
+@@ -1312,7 +1312,7 @@
+     "DeleteEnrolledFingers",
+     g_variant_new ("(s)",
+                    arg_username),
+-    G_DBUS_CALL_FLAGS_NONE,
++    G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION,
+     -1,
+     cancellable,
+     error);
+@@ -1348,7 +1348,7 @@
+   g_dbus_proxy_call (G_DBUS_PROXY (proxy),
+     "DeleteEnrolledFingers2",
+     g_variant_new ("()"),
+-    G_DBUS_CALL_FLAGS_NONE,
++    G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION,
+     -1,
+     cancellable,
+     callback,
+@@ -1404,7 +1404,7 @@
+   _ret = g_dbus_proxy_call_sync (G_DBUS_PROXY (proxy),
+     "DeleteEnrolledFingers2",
+     g_variant_new ("()"),
+-    G_DBUS_CALL_FLAGS_NONE,
++    G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION,
+     -1,
+     cancellable,
+     error);
+@@ -1443,7 +1443,7 @@
+     "Claim",
+     g_variant_new ("(s)",
+                    arg_username),
+-    G_DBUS_CALL_FLAGS_NONE,
++    G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION,
+     -1,
+     cancellable,
+     callback,
+@@ -1502,7 +1502,7 @@
+     "Claim",
+     g_variant_new ("(s)",
+                    arg_username),
+-    G_DBUS_CALL_FLAGS_NONE,
++    G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION,
+     -1,
+     cancellable,
+     error);
+@@ -1633,7 +1633,7 @@
+     "VerifyStart",
+     g_variant_new ("(s)",
+                    arg_finger_name),
+-    G_DBUS_CALL_FLAGS_NONE,
++    G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION,
+     -1,
+     cancellable,
+     callback,
+@@ -1692,7 +1692,7 @@
+     "VerifyStart",
+     g_variant_new ("(s)",
+                    arg_finger_name),
+-    G_DBUS_CALL_FLAGS_NONE,
++    G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION,
+     -1,
+     cancellable,
+     error);
+@@ -1823,7 +1823,7 @@
+     "EnrollStart",
+     g_variant_new ("(s)",
+                    arg_finger_name),
+-    G_DBUS_CALL_FLAGS_NONE,
++    G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION,
+     -1,
+     cancellable,
+     callback,
+@@ -1882,7 +1882,7 @@
+     "EnrollStart",
+     g_variant_new ("(s)",
+                    arg_finger_name),
+-    G_DBUS_CALL_FLAGS_NONE,
++    G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION,
+     -1,
+     cancellable,
+     error);

src/device.xml

@@ -12,9 +12,6 @@
 
 <node name="/" xmlns:doc="http://www.freedesktop.org/dbus/1.0/doc.dtd">
 	<interface name="net.reactivated.Fprint.Device">
-		<annotation name="org.freedesktop.DBus.GLib.CSymbol"
-			value="fprint_device" />
-
 		<doc:doc>
 			<doc:title id="polkit-integration">
 				PolicyKit integration
@@ -282,8 +279,6 @@
 			<arg type="as" name="enrolled_fingers" direction="out">
 				<doc:doc><doc:summary>An array of strings representing the enrolled fingerprints. See <doc:ref type="description" to="fingerprint-names">Fingerprint names</doc:ref>.</doc:summary></doc:doc>
 			</arg>
-			<annotation name="org.freedesktop.DBus.GLib.Async" value="" />
-
 			<doc:doc>
 				<doc:description>
 					<doc:para>
@@ -304,8 +299,6 @@
 			<arg type="s" name="username" direction="in">
 				<doc:doc><doc:summary>The username for whom to delete the enrolled fingerprints. See <doc:ref type="description" to="usernames">Usernames</doc:ref>.</doc:summary></doc:doc>
 			</arg>
-			<annotation name="org.freedesktop.DBus.GLib.Async" value="" />
-
 			<doc:doc>
 				<doc:description>
 					<doc:para>
@@ -327,8 +320,6 @@
 		<!-- ************************************************************ -->
 
 		<method name="DeleteEnrolledFingers2">
-			<annotation name="org.freedesktop.DBus.GLib.Async" value="" />
-
 			<doc:doc>
 				<doc:description>
 					<doc:para>
@@ -348,8 +339,6 @@
 			<arg type="s" name="username" direction="in">
 				<doc:doc><doc:summary>The username for whom to claim the device. See <doc:ref type="description" to="usernames">Usernames</doc:ref>.</doc:summary></doc:doc>
 			</arg>
-			<annotation name="org.freedesktop.DBus.GLib.Async" value="" />
-
 			<doc:doc>
 				<doc:description>
 					<doc:para>
@@ -368,8 +357,6 @@
 		<!-- ************************************************************ -->
 
 		<method name="Release">
-			<annotation name="org.freedesktop.DBus.GLib.Async" value="" />
-
 			<doc:doc>
 				<doc:description>
 					<doc:para>
@@ -390,8 +377,6 @@
 			<arg type="s" name="finger_name" direction="in">
 				<doc:doc><doc:summary>A string representing the finger to verify. See <doc:ref type="description" to="fingerprint-names">Fingerprint names</doc:ref>.</doc:summary></doc:doc>
 			</arg>
-			<annotation name="org.freedesktop.DBus.GLib.Async" value="" />
-
 			<doc:doc>
 				<doc:description>
 					<doc:para>
@@ -415,8 +400,6 @@
 		<!-- ************************************************************ -->
 
 		<method name="VerifyStop">
-			<annotation name="org.freedesktop.DBus.GLib.Async" value="" />
-
 			<doc:doc>
 				<doc:description>
 					<doc:para>
@@ -486,8 +469,6 @@
 				<doc:ref type="description" to="fingerprint-names">Fingerprint names</doc:ref>.
 				Note that "any" is not a valid finger name for this method.</doc:summary></doc:doc>
 			</arg>
-			<annotation name="org.freedesktop.DBus.GLib.Async" value="" />
-
 			<doc:doc>
 				<doc:description>
 					<doc:para>
@@ -511,8 +492,6 @@
 		<!-- ************************************************************ -->
 
 		<method name="EnrollStop">
-			<annotation name="org.freedesktop.DBus.GLib.Async" value="" />
-
 			<doc:doc>
 				<doc:description>
 					<doc:para>

src/file_storage.c

@@ -42,29 +42,49 @@
 #define FILE_STORAGE_PATH "/var/lib/fprint"
 #define DIR_PERMS 0700
 
-static const char *get_storage_path(void)
+static char *storage_path = NULL;
+
+static const char *
+get_storage_path (void)
 {
-	const char *path;
+  const char *path = NULL;
+
+  if (storage_path != NULL)
+    return storage_path;
 
   /* set by systemd >= 240 to an absolute path
    * taking into account the StateDirectory
    * unit file setting */
   path = g_getenv ("STATE_DIRECTORY");
   if (path != NULL)
-		return path;
+    {
-
+      /* If multiple directories are set, then in the environment variable
-	return FILE_STORAGE_PATH;
+       * the paths are concatenated with colon (":"). */
+      if (strchr (path, ':'))
+        {
+          g_auto(GStrv) elems = NULL;
+          elems = g_strsplit (path, ":", -1);
+          storage_path = g_strdup (elems[0]);
+        }
     }
 
-static char *get_path_to_storedir(const char *driver, const char * device_id, char *base_store)
+  if (storage_path == NULL)
+    storage_path = g_strdup (FILE_STORAGE_PATH);
+
+  return storage_path;
+}
+
+static char *
+get_path_to_storedir (const char *driver, const char * device_id, char *base_store)
 {
   return g_build_filename (base_store, driver, device_id, NULL);
 }
 
-static char *__get_path_to_print(const char *driver, const char * device_id,
+static char *
+__get_path_to_print (const char *driver, const char * device_id,
                      FpFinger finger, char *base_store)
 {
-	char *dirpath;
+  g_autofree char *dirpath = NULL;
   char *path;
   char fingername[2];
 
@@ -72,11 +92,11 @@ static char *__get_path_to_print(const char *driver, const char * device_id,
 
   dirpath = get_path_to_storedir (driver, device_id, base_store);
   path = g_build_filename (dirpath, fingername, NULL);
-	g_free(dirpath);
   return path;
 }
 
-static char *get_path_to_print(FpDevice *dev, FpFinger finger, char *base_store)
+static char *
+get_path_to_print (FpDevice *dev, FpFinger finger, char *base_store)
 {
   return __get_path_to_print (fp_device_get_driver (dev),
                               fp_device_get_device_id (dev),
@@ -84,7 +104,8 @@ static char *get_path_to_print(FpDevice *dev, FpFinger finger, char *base_store)
                               base_store);
 }
 
-static char *get_path_to_print_dscv(FpDevice *dev, FpFinger finger, char *base_store)
+static char *
+get_path_to_print_dscv (FpDevice *dev, FpFinger finger, char *base_store)
 {
   return __get_path_to_print (fp_device_get_driver (dev),
                               fp_device_get_device_id (dev),
@@ -92,12 +113,14 @@ static char *get_path_to_print_dscv(FpDevice *dev, FpFinger finger, char *base_s
                               base_store);
 }
 
-static char *file_storage_get_basestore_for_username(const char *username)
+static char *
+file_storage_get_basestore_for_username (const char *username)
 {
   return g_build_filename (get_storage_path (), username, NULL);
 }
 
-int file_storage_print_data_save(FpPrint *print)
+int
+file_storage_print_data_save (FpPrint *print)
 {
   g_autoptr(GError) err = NULL;
   g_autofree char *path = NULL;
@@ -109,7 +132,8 @@ int file_storage_print_data_save(FpPrint *print)
 
   base_store = file_storage_get_basestore_for_username (fp_print_get_username (print));
 
-	if (!fp_print_serialize (print, (guchar **) &buf, &len, &err)) {
+  if (!fp_print_serialize (print, (guchar **) &buf, &len, &err))
+    {
       g_warning ("Error serializing data: %s", err->message);
       return -ENOMEM;
     }
@@ -120,7 +144,8 @@ int file_storage_print_data_save(FpPrint *print)
                               base_store);
   dirpath = g_path_get_dirname (path);
   r = g_mkdir_with_parents (dirpath, DIR_PERMS);
-	if (r < 0) {
+  if (r < 0)
+    {
       g_debug ("file_storage_print_data_save(): could not mkdir(\"%s\"): %s",
                dirpath, g_strerror (r));
       return r;
@@ -128,7 +153,8 @@ int file_storage_print_data_save(FpPrint *print)
 
   //fp_dbg("saving to %s", path);
   g_file_set_contents (path, buf, len, &err);
-	if (err) {
+  if (err)
+    {
       g_debug ("file_storage_print_data_save(): could not save '%s': %s",
                path, err->message);
       /* FIXME interpret error codes */
@@ -138,7 +164,8 @@ int file_storage_print_data_save(FpPrint *print)
   return 0;
 }
 
-static int load_from_file(char *path, FpPrint **print)
+static int
+load_from_file (char *path, FpPrint **print)
 {
   g_autoptr(GError) err = NULL;
   gsize length;
@@ -147,7 +174,8 @@ static int load_from_file(char *path, FpPrint **print)
 
   //fp_dbg("from %s", path);
   g_file_get_contents (path, &contents, &length, &err);
-	if (err) {
+  if (err)
+    {
       int r = err->code;
       /* FIXME interpret more error codes */
       if (r == G_FILE_ERROR_NOENT)
@@ -157,7 +185,8 @@ static int load_from_file(char *path, FpPrint **print)
     }
 
   new = fp_print_deserialize ((guchar *) contents, length, &err);
-	if (!new) {
+  if (!new)
+    {
       g_print ("Error deserializing data: %s", err->message);
       return -EIO;
     }
@@ -166,14 +195,16 @@ static int load_from_file(char *path, FpPrint **print)
   return 0;
 }
 
-int file_storage_print_data_load(FpDevice *dev,
+int
+file_storage_print_data_load (FpDevice   *dev,
                               FpFinger    finger,
                               const char *username,
                               FpPrint   **print)
 {
   g_autofree gchar *path = NULL;
   g_autofree gchar *base_store = NULL;
-	FpPrint *new = NULL;
+
+  g_autoptr(FpPrint) new = NULL;
   int r;
 
   base_store = file_storage_get_basestore_for_username (username);
@@ -185,16 +216,15 @@ int file_storage_print_data_load(FpDevice *dev,
   if (r)
     return r;
 
-	if (!fp_print_compatible (new, dev)) {
+  if (!fp_print_compatible (new, dev))
-		g_object_unref (new);
     return -EINVAL;
-	}
 
-	*print = new;
+  *print = g_steal_pointer (&new);
   return 0;
 }
 
-int file_storage_print_data_delete(FpDevice *dev, FpFinger finger, const char *username)
+int
+file_storage_print_data_delete (FpDevice *dev, FpFinger finger, const char *username)
 {
   g_autofree gchar *base_store = NULL;
   g_autofree gchar *path = NULL;
@@ -212,19 +242,23 @@ int file_storage_print_data_delete(FpDevice *dev, FpFinger finger, const char *u
   return g_unlink (path);
 }
 
-static GSList *scan_dev_storedir(char *devpath,
+static GSList *
+scan_dev_storedir (char   *devpath,
                    GSList *list)
 {
   g_autoptr(GError) err = NULL;
   const gchar *ent;
 
   GDir *dir = g_dir_open (devpath, 0, &err);
-	if (!dir) {
+
+  if (!dir)
+    {
       g_debug ("scan_dev_storedir(): opendir(\"%s\") failed: %s", devpath, err->message);
       return list;
     }
 
-	while ((ent = g_dir_read_name(dir))) {
+  while ((ent = g_dir_read_name (dir)))
+    {
       /* ent is an 1 hex character fp_finger code */
       guint64 val;
       gchar *endptr;
@@ -233,19 +267,21 @@ static GSList *scan_dev_storedir(char *devpath,
         continue;
 
       val = g_ascii_strtoull (ent, &endptr, 16);
-		if (endptr == ent || !FP_FINGER_IS_VALID(val)) {
+      if (endptr == ent || !FP_FINGER_IS_VALID (val))
+        {
           g_debug ("scan_dev_storedir(): skipping print file '%s'", ent);
           continue;
         }
 
-		list = g_slist_prepend(list, GINT_TO_POINTER(val));
+      list = g_slist_prepend (list, GUINT_TO_POINTER (val));
     }
 
   g_dir_close (dir);
   return list;
 }
 
-GSList *file_storage_discover_prints(FpDevice *dev, const char *username)
+GSList *
+file_storage_discover_prints (FpDevice *dev, const char *username)
 {
   GSList *list = NULL;
   g_autofree gchar *base_store = NULL;
@@ -265,18 +301,19 @@ GSList *file_storage_discover_prints(FpDevice *dev, const char *username)
   return list;
 }
 
-GSList *file_storage_discover_users(void)
+GSList *
+file_storage_discover_users (void)
 {
   g_autoptr(GError) err = NULL;
   GSList *list = NULL;
   const gchar *ent;
   GDir *dir = g_dir_open (get_storage_path (), 0, &err);
 
-	if (!dir) {
+  if (!dir)
     return list;
-	}
 
-	while ((ent = g_dir_read_name(dir))) {
+  while ((ent = g_dir_read_name (dir)))
+    {
       /* ent is a username */
       if (*ent == 0)
         continue;
@@ -288,14 +325,16 @@ GSList *file_storage_discover_users(void)
   return list;
 }
 
-int file_storage_init(void)
+int
+file_storage_init (void)
 {
   /* Nothing to do */
   return 0;
 }
 
-int file_storage_deinit(void)
+int
+file_storage_deinit (void)
 {
-	/* Nothing to do */
+  g_clear_pointer (&storage_path, g_free);
   return 0;
 }

src/file_storage.h

@@ -35,5 +35,6 @@ int file_storage_init(void);
 
 int file_storage_deinit (void);
 
-GSList *file_storage_discover_prints(FpDevice *dev, const char *username);
+GSList *file_storage_discover_prints (FpDevice   *dev,
+                                      const char *username);
 GSList *file_storage_discover_users (void);

src/fprintd-marshal.list

@@ -1 +0,0 @@
-VOID:STRING,BOOLEAN

src/fprintd.h

@@ -20,56 +20,74 @@
 #pragma once
 
 #include <glib.h>
-#include <dbus/dbus-glib.h>
+#include <gio/gio.h>
 #include <fprint.h>
+#include "fprintd-enums.h"
+#include "fprintd-dbus.h"
 
 /* General */
 #define TIMEOUT 30
 #define FPRINT_SERVICE_NAME "net.reactivated.Fprint"
+#define FPRINT_SERVICE_PATH "/net/reactivated/Fprint"
 
 /* Errors */
 GQuark fprint_error_quark (void);
-GType fprint_error_get_type(void);
 
 #define FPRINT_ERROR fprint_error_quark ()
-#define FPRINT_TYPE_ERROR fprint_error_get_type()
-#define FPRINT_ERROR_DBUS_INTERFACE "net.reactivated.Fprint.Error"
 typedef enum {
-	FPRINT_ERROR_CLAIM_DEVICE, /* developer didn't claim the device */
+  /* developer didn't claim the device */
-	FPRINT_ERROR_ALREADY_IN_USE, /* device is already claimed by somebody else */
+  FPRINT_ERROR_CLAIM_DEVICE,       /*< nick=net.reactivated.Fprint.Error.ClaimDevice >*/
-	FPRINT_ERROR_INTERNAL, /* internal error occurred */
+  /* device is already claimed by somebody else */
-	FPRINT_ERROR_PERMISSION_DENIED, /* PolicyKit refused the action */
+  FPRINT_ERROR_ALREADY_IN_USE,       /*< nick=net.reactivated.Fprint.Error.AlreadyInUse >*/
-	FPRINT_ERROR_NO_ENROLLED_PRINTS, /* No prints are enrolled */
+  /* internal error occurred */
-	FPRINT_ERROR_NO_ACTION_IN_PROGRESS, /* No actions currently in progress */
+  FPRINT_ERROR_INTERNAL,       /*< nick=net.reactivated.Fprint.Error.Internal >*/
-	FPRINT_ERROR_INVALID_FINGERNAME, /* the finger name passed was invalid */
+  /* PolicyKit refused the action */
-	FPRINT_ERROR_NO_SUCH_DEVICE, /* device does not exist */
+  FPRINT_ERROR_PERMISSION_DENIED,       /*< nick=net.reactivated.Fprint.Error.PermissionDenied >*/
+  /* No prints are enrolled */
+  FPRINT_ERROR_NO_ENROLLED_PRINTS,       /*< nick=net.reactivated.Fprint.Error.NoEnrolledPrints >*/
+  /* No actions currently in progress */
+  FPRINT_ERROR_NO_ACTION_IN_PROGRESS,       /*< nick=net.reactivated.Fprint.Error.NoActionInProgress >*/
+  /* the finger name passed was invalid */
+  FPRINT_ERROR_INVALID_FINGERNAME,       /*< nick=net.reactivated.Fprint.Error.InvalidFingername >*/
+  /* device does not exist */
+  FPRINT_ERROR_NO_SUCH_DEVICE,       /*< nick=net.reactivated.Fprint.Error.NoSuchDevice >*/
 } FprintError;
 
+/* Enum of possible permissions, orders and nick matter here:
+   - The order controls the priority of a required permission when various are
+     accepted: the lowest the value, the more priorty it has.
+   - Nick must match the relative polkit rule.
+ */
+typedef enum {
+  FPRINT_DEVICE_PERMISSION_NONE = 0,
+  FPRINT_DEVICE_PERMISSION_VERIFY = (1 << 0),       /*< nick=net.reactivated.fprint.device.verify >*/
+  FPRINT_DEVICE_PERMISSION_ENROLL = (1 << 1),       /*< nick=net.reactivated.fprint.device.enroll >*/
+  FPRINT_DEVICE_PERMISSION_SETUSERNAME = (1 << 2),       /*< nick=net.reactivated.fprint.device.setusername >*/
+} FprintDevicePermission;
+
 /* Manager */
 #define FPRINT_TYPE_MANAGER (fprint_manager_get_type ())
 G_DECLARE_FINAL_TYPE (FprintManager, fprint_manager, FPRINT, MANAGER, GObject)
 
-struct _FprintManager {
+struct _FprintManager
+{
   GObject parent;
 };
 
-FprintManager *fprint_manager_new(gboolean no_timeout);
+FprintManager *fprint_manager_new (GDBusConnection *connection,
+                                   gboolean         no_timeout);
 
 /* Device */
 #define FPRINT_TYPE_DEVICE (fprint_device_get_type ())
-G_DECLARE_FINAL_TYPE (FprintDevice, fprint_device, FPRINT, DEVICE, GObject)
+G_DECLARE_FINAL_TYPE (FprintDevice, fprint_device, FPRINT, DEVICE,
+                      FprintDBusDeviceSkeleton)
 
-struct _FprintDevice {
+struct _FprintDevice
-	GObject parent;
+{
+  FprintDBusDeviceSkeleton parent;
 };
 
 FprintDevice *fprint_device_new (FpDevice *dev);
 guint32 _fprint_device_get_id (FprintDevice *rdev);
 /* Print */
 /* TODO */
-
-/* Binding data included in main.c through server-bindings.h which individual
- * class implementations need to access.
- */
-extern const DBusGObjectInfo dbus_glib_fprint_manager_object_info;
-extern const DBusGObjectInfo dbus_glib_fprint_device_object_info;

src/main.c

@@ -1,6 +1,7 @@
 /*
  * fprint D-Bus daemon
  * Copyright (C) 2008 Daniel Drake <dsd@gentoo.org>
+ * Copyright (C) 2020 Marco Trevisan <marco.trevisan@canonical.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -19,10 +20,11 @@
 
 #include "config.h"
 
+#include <locale.h>
 #include <poll.h>
 #include <stdlib.h>
 
-#include <dbus/dbus-glib-bindings.h>
+#include <gio/gio.h>
 #include <glib.h>
 #include <glib/gi18n.h>
 #include <fprint.h>
@@ -36,7 +38,6 @@
 
 fp_storage store;
 
-DBusGConnection *fprintd_dbus_conn = NULL;
 static gboolean no_timeout = FALSE;
 static gboolean g_fatal_warnings = FALSE;
 
@@ -56,11 +57,10 @@ static gboolean
 load_storage_module (const char *module_name)
 {
   GModule *module;
-	char *filename;
+  g_autofree char *filename = NULL;
 
   filename = g_module_build_path (PLUGINDIR, module_name);
   module = g_module_open (filename, 0);
-	g_free (filename);
   if (module == NULL)
     return FALSE;
 
@@ -69,7 +69,8 @@ load_storage_module (const char *module_name)
       !g_module_symbol (module, "print_data_save", (gpointer *) &store.print_data_save) ||
       !g_module_symbol (module, "print_data_load", (gpointer *) &store.print_data_load) ||
       !g_module_symbol (module, "print_data_delete", (gpointer *) &store.print_data_delete) ||
-	    !g_module_symbol (module, "discover_prints", (gpointer *) &store.discover_prints)) {
+      !g_module_symbol (module, "discover_prints", (gpointer *) &store.discover_prints))
+    {
       g_module_close (module);
       return FALSE;
     }
@@ -82,46 +83,32 @@ load_storage_module (const char *module_name)
 static gboolean
 load_conf (void)
 {
-	GKeyFile *file;
+  g_autofree char *filename = NULL;
-	char *filename;
+  g_autofree char *module_name = NULL;
-	char *module_name;
+
-	GError *error = NULL;
+  g_autoptr(GKeyFile) file = NULL;
-	gboolean ret;
+  g_autoptr(GError) error = NULL;
 
   filename = g_build_filename (SYSCONFDIR, "fprintd.conf", NULL);
   file = g_key_file_new ();
   g_debug ("About to load configuration file '%s'", filename);
-	if (!g_key_file_load_from_file (file, filename, G_KEY_FILE_NONE, &error)) {
+  if (!g_key_file_load_from_file (file, filename, G_KEY_FILE_NONE, &error))
+    {
       g_warning ("Could not open \"%s\": %s\n", filename, error->message);
-		goto bail;
+      return FALSE;
     }
 
-	g_free (filename);
-	filename = NULL;
-
   module_name = g_key_file_get_string (file, "storage", "type", &error);
   if (module_name == NULL)
-		goto bail;
+    return FALSE;
 
-	g_key_file_free (file);
+  if (g_str_equal (module_name, "file"))
-
+    {
-	if (g_str_equal (module_name, "file")) {
-		g_free (module_name);
       set_storage_file ();
       return TRUE;
     }
 
-	ret = load_storage_module (module_name);
+  return load_storage_module (module_name);
-	g_free (module_name);
-
-	return ret;
-
-bail:
-	g_key_file_free (file);
-	g_free (filename);
-	g_error_free (error);
-
-	return FALSE;
 }
 
 static const GOptionEntry entries[] = {
@@ -130,7 +117,8 @@ static const GOptionEntry entries[] = {
   { NULL }
 };
 
-static gboolean sigterm_callback(gpointer data)
+static gboolean
+sigterm_callback (gpointer data)
 {
   GMainLoop *loop = data;
 
@@ -138,13 +126,34 @@ static gboolean sigterm_callback(gpointer data)
   return FALSE;
 }
 
-int main(int argc, char **argv)
+static void
+on_name_acquired (GDBusConnection *connection,
+                  const char      *name,
+                  gpointer         user_data)
 {
-	GOptionContext *context;
+  g_debug ("D-Bus service launched with name: %s", name);
-	GMainLoop *loop;
+}
-	GError *error = NULL;
+
-	FprintManager *manager;
+static void
-	DBusGProxy *driver_proxy;
+on_name_lost (GDBusConnection *connection,
+              const char      *name,
+              gpointer         user_data)
+{
+  GMainLoop *loop = user_data;
+
+  g_warning ("Failed to get name: %s", name);
+
+  g_main_loop_quit (loop);
+}
+
+int
+main (int argc, char **argv)
+{
+  g_autoptr(GOptionContext) context = NULL;
+  g_autoptr(GMainLoop) loop = NULL;
+  g_autoptr(GError) error = NULL;
+  g_autoptr(FprintManager) manager = NULL;
+  g_autoptr(GDBusConnection) connection = NULL;
   guint32 request_name_ret;
 
   setlocale (LC_ALL, "");
@@ -156,13 +165,14 @@ int main(int argc, char **argv)
   context = g_option_context_new ("Fingerprint handler daemon");
   g_option_context_add_main_entries (context, entries, GETTEXT_PACKAGE);
 
-	if (g_option_context_parse (context, &argc, &argv, &error) == FALSE) {
+  if (g_option_context_parse (context, &argc, &argv, &error) == FALSE)
+    {
       g_warning ("couldn't parse command-line options: %s\n", error->message);
-		g_error_free (error);
       return 1;
     }
 
-	if (g_fatal_warnings) {
+  if (g_fatal_warnings)
+    {
       GLogLevelFlags fatal_mask;
 
       fatal_mask = g_log_set_always_fatal (G_LOG_FATAL_MASK);
@@ -170,16 +180,14 @@ int main(int argc, char **argv)
       g_log_set_always_fatal (fatal_mask);
     }
 
-	/* Obtain a connection to the session bus */
+  /* Obtain a connection to the system bus */
-	fprintd_dbus_conn = dbus_g_bus_get(DBUS_BUS_SYSTEM, &error);
+  connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error);
-	if (fprintd_dbus_conn == NULL) {
+  if (!G_IS_DBUS_CONNECTION (connection))
+    {
       g_warning ("Failed to open connection to bus: %s", error->message);
       return 1;
     }
 
-	driver_proxy = dbus_g_proxy_new_for_name(fprintd_dbus_conn,
-		DBUS_SERVICE_DBUS, DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS);
-
   /* Load the configuration file,
    * and the default storage plugin */
   if (!load_conf ())
@@ -192,33 +200,23 @@ int main(int argc, char **argv)
   g_debug ("Launching FprintObject");
 
   /* create the one instance of the Manager object to be shared between
-	 * all fprintd users */
+   * all fprintd users. This blocks until all the devices are enumerated */
-	manager = fprint_manager_new(no_timeout);
+  manager = fprint_manager_new (connection, no_timeout);
 
   /* Obtain the well-known name after the manager has been initialized.
    * Otherwise a client immediately enumerating the devices will not see
    * any. */
-	if (!org_freedesktop_DBus_request_name(driver_proxy, FPRINT_SERVICE_NAME,
+  request_name_ret = g_bus_own_name_on_connection (connection,
-			0, &request_name_ret, &error)) {
+                                                   FPRINT_SERVICE_NAME,
-		g_warning("Failed to get name: %s", error->message);
+                                                   G_BUS_NAME_OWNER_FLAGS_NONE,
-		g_object_unref (manager);
+                                                   on_name_acquired,
-		return 1;
+                                                   on_name_lost,
-	}
+                                                   loop, NULL);
-
-	if (request_name_ret != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER) {
-		g_warning ("Got result code %u from requesting name", request_name_ret);
-		g_object_unref (manager);
-		return 1;
-	}
-
-	g_debug("D-Bus service launched with name: %s", FPRINT_SERVICE_NAME);
 
   g_debug ("entering main loop");
   g_main_loop_run (loop);
+  g_bus_unown_name (request_name_ret);
   g_debug ("main loop completed");
 
-	g_object_unref (manager);
-
   return 0;
 }
-

src/manager.c

@@ -1,6 +1,7 @@
 /*
  * /net/reactivated/Fprint/Manager object implementation
  * Copyright (C) 2008 Daniel Drake <dsd@gentoo.org>
+ * Copyright (C) 2020 Marco Trevisan <marco.trevisan@canonical.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -19,7 +20,6 @@
 
 #include <unistd.h>
 #include <stdlib.h>
-#include <dbus/dbus-glib-bindings.h>
 #include <glib.h>
 #include <glib/gi18n.h>
 #include <fprint.h>
@@ -27,47 +27,119 @@
 
 #include "fprintd.h"
 
-extern DBusGConnection *fprintd_dbus_conn;
+static void fprint_manager_constructed (GObject *object);
-
 static gboolean fprint_manager_get_devices (FprintManager *manager,
-	GPtrArray **devices, GError **error);
+                                            GPtrArray    **devices,
+                                            GError       **error);
 static gboolean fprint_manager_get_default_device (FprintManager *manager,
-	const char **device, GError **error);
+                                                   const char   **device,
-#include "manager-dbus-glue.h"
+                                                   GError       **error);
-
 
 typedef struct
 {
+  GDBusConnection    *connection;
+  GDBusObjectManager *object_manager;
+  FprintDBusManager  *dbus_manager;
   FpContext          *context;
-	GSList *dev_registry;
   gboolean            no_timeout;
   guint               timeout_id;
 } FprintManagerPrivate;
 
 G_DEFINE_TYPE_WITH_CODE (FprintManager, fprint_manager, G_TYPE_OBJECT, G_ADD_PRIVATE (FprintManager))
 
-static void fprint_manager_finalize(GObject *object)
+enum {
+  PROP_0,
+  FPRINT_MANAGER_CONNECTION,
+  N_PROPS
+};
+
+static GParamSpec *properties[N_PROPS];
+
+static void
+fprint_manager_finalize (GObject *object)
 {
   FprintManagerPrivate *priv = fprint_manager_get_instance_private (FPRINT_MANAGER (object));
 
+  g_clear_object (&priv->object_manager);
+  g_clear_object (&priv->dbus_manager);
+  g_clear_object (&priv->connection);
   g_clear_object (&priv->context);
-	g_slist_free(priv->dev_registry);
 
   G_OBJECT_CLASS (fprint_manager_parent_class)->finalize (object);
 }
 
-static void fprint_manager_class_init(FprintManagerClass *klass)
+static FprintDevice *
+fprint_dbus_object_skeleton_get_device (FprintDBusObjectSkeleton *object)
 {
-	dbus_g_object_type_install_info(FPRINT_TYPE_MANAGER,
+  FprintDevice *rdev;
-					&dbus_glib_fprint_manager_object_info);
-	dbus_g_error_domain_register (FPRINT_ERROR, FPRINT_ERROR_DBUS_INTERFACE, FPRINT_TYPE_ERROR);
 
-	G_OBJECT_CLASS(klass)->finalize = fprint_manager_finalize;
+  g_object_get (object, "device", &rdev, NULL);
+  return rdev;
 }
 
-static gchar *get_device_path(FprintDevice *rdev)
+static void
+fprint_manager_set_property (GObject *object, guint property_id,
+                             const GValue *value, GParamSpec *pspec)
 {
-	return g_strdup_printf("/net/reactivated/Fprint/Device/%d",
+  FprintManager *self = FPRINT_MANAGER (object);
+  FprintManagerPrivate *priv = fprint_manager_get_instance_private (self);
+
+  switch (property_id)
+    {
+    case FPRINT_MANAGER_CONNECTION:
+      priv->connection = g_value_dup_object (value);
+      break;
+
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
+      break;
+    }
+}
+
+static void
+fprint_manager_get_property (GObject *object, guint property_id,
+                             GValue *value, GParamSpec *pspec)
+{
+  FprintManager *self = FPRINT_MANAGER (object);
+  FprintManagerPrivate *priv = fprint_manager_get_instance_private (self);
+
+  switch (property_id)
+    {
+    case FPRINT_MANAGER_CONNECTION:
+      g_value_set_object (value, priv->connection);
+      break;
+
+    default:
+      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);
+      break;
+    }
+}
+
+static void
+fprint_manager_class_init (FprintManagerClass *klass)
+{
+  GObjectClass *object_class = G_OBJECT_CLASS (klass);
+
+  object_class->constructed = fprint_manager_constructed;
+  object_class->set_property = fprint_manager_set_property;
+  object_class->get_property = fprint_manager_get_property;
+  object_class->finalize = fprint_manager_finalize;
+
+  properties[FPRINT_MANAGER_CONNECTION] =
+    g_param_spec_object ("connection",
+                         "Connection",
+                         "Set GDBus connection property",
+                         G_TYPE_DBUS_CONNECTION,
+                         G_PARAM_CONSTRUCT_ONLY |
+                         G_PARAM_READWRITE);
+
+  g_object_class_install_properties (object_class, N_PROPS, properties);
+}
+
+static gchar *
+get_device_path (FprintDevice *rdev)
+{
+  return g_strdup_printf (FPRINT_SERVICE_PATH "/Device/%d",
                           _fprint_device_get_id (rdev));
 }
 
@@ -84,19 +156,27 @@ fprint_manager_in_use_notified (FprintDevice *rdev, GParamSpec *spec, FprintMana
 {
   FprintManagerPrivate *priv = fprint_manager_get_instance_private (manager);
   guint num_devices_used = 0;
-	GSList *l;
+
+  g_autolist (GDBusObject) devices = NULL;
+  GList *l;
   gboolean in_use;
 
-	if (priv->timeout_id > 0) {
+  if (priv->timeout_id > 0)
+    {
       g_source_remove (priv->timeout_id);
       priv->timeout_id = 0;
     }
   if (priv->no_timeout)
     return;
 
-	for (l = priv->dev_registry; l != NULL; l = l->next) {
+  devices = g_dbus_object_manager_get_objects (priv->object_manager);
-		FprintDevice *dev = l->data;
 
+  for (l = devices; l != NULL; l = l->next)
+    {
+      g_autoptr(FprintDevice) dev = NULL;
+      FprintDBusObjectSkeleton *object = l->data;
+
+      dev = fprint_dbus_object_skeleton_get_device (object);
       g_object_get (G_OBJECT (dev), "in-use", &in_use, NULL);
       if (in_use != FALSE)
         num_devices_used++;
@@ -106,45 +186,97 @@ fprint_manager_in_use_notified (FprintDevice *rdev, GParamSpec *spec, FprintMana
     priv->timeout_id = g_timeout_add_seconds (TIMEOUT, (GSourceFunc) fprint_manager_timeout_cb, manager);
 }
 
+static gboolean
+handle_get_devices (FprintManager *manager, GDBusMethodInvocation *invocation,
+                    FprintDBusManager *skeleton)
+{
+  g_autoptr(GPtrArray) devices = NULL;
+  g_autoptr(GError) error = NULL;
+
+  if (!fprint_manager_get_devices (manager, &devices, &error))
+    {
+      g_dbus_method_invocation_return_gerror (invocation, error);
+      return TRUE;
+    }
+
+  fprint_dbus_manager_complete_get_devices (skeleton, invocation,
+                                            (const gchar *const *)
+                                            devices->pdata);
+
+  return TRUE;
+}
+
+static gboolean
+handle_get_default_device (FprintManager         *manager,
+                           GDBusMethodInvocation *invocation,
+                           FprintDBusManager     *skeleton)
+{
+  const gchar *device;
+
+  g_autoptr(GError) error = NULL;
+
+  if (!fprint_manager_get_default_device (manager, &device, &error))
+    {
+      g_dbus_method_invocation_return_gerror (invocation, error);
+      return TRUE;
+    }
+
+  fprint_dbus_manager_complete_get_default_device (skeleton, invocation,
+                                                   device);
+
+  return TRUE;
+}
+
 static void
 device_added_cb (FprintManager *manager, FpDevice *device, FpContext *context)
 {
   FprintManagerPrivate *priv = fprint_manager_get_instance_private (manager);
-	FprintDevice *rdev = fprint_device_new(device);
+
+  g_autoptr(FprintDBusObjectSkeleton) object = NULL;
+  g_autoptr(FprintDevice) rdev = NULL;
   g_autofree gchar *path = NULL;
 
+  rdev = fprint_device_new (device);
+
   g_signal_connect (G_OBJECT (rdev), "notify::in-use",
                     G_CALLBACK (fprint_manager_in_use_notified), manager);
 
-	priv->dev_registry = g_slist_prepend (priv->dev_registry, rdev);
   path = get_device_path (rdev);
-	dbus_g_connection_register_g_object(fprintd_dbus_conn, path,
+
-		G_OBJECT(rdev));
+  object = fprint_dbus_object_skeleton_new (path);
+  fprint_dbus_object_skeleton_set_device (object,
+                                          FPRINT_DBUS_DEVICE (rdev));
+  g_dbus_object_manager_server_export (
+    G_DBUS_OBJECT_MANAGER_SERVER (priv->object_manager),
+    G_DBUS_OBJECT_SKELETON (object));
 }
 
 static void
 device_removed_cb (FprintManager *manager, FpDevice *device, FpContext *context)
 {
   FprintManagerPrivate *priv = fprint_manager_get_instance_private (manager);
-	GSList *item;
-	g_autofree gchar *path = NULL;
 
-	for (item = priv->dev_registry; item; item = item->next) {
+  g_autolist (FprintDBusObjectSkeleton) objects = NULL;
-		FprintDevice *rdev;
+  GList *item;
+
+  objects = g_dbus_object_manager_get_objects (priv->object_manager);
+
+  for (item = objects; item; item = item->next)
+    {
+      g_autoptr(FprintDevice) rdev = NULL;
       g_autoptr(FpDevice) dev = NULL;
+      FprintDBusObjectSkeleton *object = item->data;
 
-		rdev = item->data;
+      rdev = fprint_dbus_object_skeleton_get_device (object);
-
       g_object_get (rdev, "dev", &dev, NULL);
       if (dev != device)
         continue;
 
-		priv->dev_registry = g_slist_delete_link (priv->dev_registry, item);
+      g_dbus_object_manager_server_unexport (
-
+        G_DBUS_OBJECT_MANAGER_SERVER (priv->object_manager),
-		dbus_g_connection_unregister_g_object(fprintd_dbus_conn, G_OBJECT(rdev));
+        g_dbus_interface_skeleton_get_object_path (G_DBUS_INTERFACE_SKELETON (rdev)));
 
       g_signal_handlers_disconnect_by_data (rdev, manager);
-		g_object_unref (rdev);
 
       /* We cannot continue to iterate at this point, but we don't need to either */
       break;
@@ -156,12 +288,37 @@ device_removed_cb (FprintManager *manager, FpDevice *device, FpContext *context)
 }
 
 static void
-fprint_manager_init (FprintManager *manager)
+fprint_manager_constructed (GObject *object)
 {
+  FprintManager *manager = FPRINT_MANAGER (object);
   FprintManagerPrivate *priv = fprint_manager_get_instance_private (manager);
+  GDBusObjectManagerServer *object_manager_server;
 
+  object_manager_server =
+    g_dbus_object_manager_server_new (FPRINT_SERVICE_PATH);
+
+  priv->object_manager = G_DBUS_OBJECT_MANAGER (object_manager_server);
+  priv->dbus_manager = fprint_dbus_manager_skeleton_new ();
   priv->context = fp_context_new ();
 
+  g_signal_connect_object (priv->dbus_manager,
+                           "handle-get-devices",
+                           G_CALLBACK (handle_get_devices),
+                           manager,
+                           G_CONNECT_SWAPPED);
+  g_signal_connect_object (priv->dbus_manager,
+                           "handle-get-default-device",
+                           G_CALLBACK (handle_get_default_device),
+                           manager,
+                           G_CONNECT_SWAPPED);
+
+  g_dbus_interface_skeleton_export (G_DBUS_INTERFACE_SKELETON (priv->dbus_manager),
+                                    priv->connection,
+                                    FPRINT_SERVICE_PATH "/Manager", NULL);
+
+  g_dbus_object_manager_server_set_connection (object_manager_server,
+                                               priv->connection);
+
   /* And register the signals for initial enumeration and hotplug. */
   g_signal_connect_object (priv->context,
                            "device-added",
@@ -175,19 +332,26 @@ fprint_manager_init (FprintManager *manager)
                            manager,
                            G_CONNECT_SWAPPED);
 
-	/* Prepare everything by enumerating all devices. */
+  /* Prepare everything by enumerating all devices.
+   * This blocks the main loop until the existing devices are enumerated
+   */
   fp_context_enumerate (priv->context);
 
-	dbus_g_connection_register_g_object(fprintd_dbus_conn,
+  G_OBJECT_CLASS (fprint_manager_parent_class)->constructed (object);
-		"/net/reactivated/Fprint/Manager", G_OBJECT(manager));
 }
 
-FprintManager *fprint_manager_new(gboolean no_timeout)
+static void
+fprint_manager_init (FprintManager *manager)
+{
+}
+
+FprintManager *
+fprint_manager_new (GDBusConnection *connection, gboolean no_timeout)
 {
   FprintManagerPrivate *priv;
   GObject *object;
 
-	object = g_object_new(FPRINT_TYPE_MANAGER, NULL);
+  object = g_object_new (FPRINT_TYPE_MANAGER, "connection", connection, NULL);
   priv = fprint_manager_get_instance_private (FPRINT_MANAGER (object));
   priv->no_timeout = no_timeout;
 
@@ -197,46 +361,67 @@ FprintManager *fprint_manager_new(gboolean no_timeout)
   return FPRINT_MANAGER (object);
 }
 
-static gboolean fprint_manager_get_devices(FprintManager *manager,
+static gboolean
+fprint_manager_get_devices (FprintManager *manager,
                             GPtrArray **devices, GError **error)
 {
   FprintManagerPrivate *priv = fprint_manager_get_instance_private (manager);
-	GSList *elem;
+
-	GSList *l;
+  g_autolist (FprintDBusObjectSkeleton) objects = NULL;
+  GList *l;
   int num_open;
   GPtrArray *devs;
 
-	elem = g_slist_reverse(g_slist_copy(priv->dev_registry));
+  objects = g_dbus_object_manager_get_objects (priv->object_manager);
-	num_open = g_slist_length(elem);
+  objects = g_list_reverse (objects);
+
+  num_open = g_list_length (objects);
   devs = g_ptr_array_sized_new (num_open);
 
-	if (num_open > 0) {
+  if (num_open > 0)
-		for (l = elem; l != NULL; l = l->next) {
+    {
-			FprintDevice *rdev = l->data;
+      for (l = objects; l != NULL; l = l->next)
-			g_ptr_array_add(devs, get_device_path(rdev));
+        {
-		}
+          g_autoptr(FprintDevice) rdev = NULL;
-	}
+          FprintDBusObjectSkeleton *object = l->data;
+          const char *path;
 
-	g_slist_free(elem);
+          rdev = fprint_dbus_object_skeleton_get_device (object);
+          path = g_dbus_interface_skeleton_get_object_path (
+            G_DBUS_INTERFACE_SKELETON (rdev));
+          g_ptr_array_add (devs, (char *) path);
+        }
+    }
+  g_ptr_array_add (devs, NULL);
 
   *devices = devs;
   return TRUE;
 }
 
-static gboolean fprint_manager_get_default_device(FprintManager *manager,
+static gboolean
+fprint_manager_get_default_device (FprintManager *manager,
                                    const char **device, GError **error)
 {
   FprintManagerPrivate *priv = fprint_manager_get_instance_private (manager);
-	GSList *elem;;
+
+  g_autolist (FprintDBusObjectSkeleton) objects = NULL;
   int num_open;
 
-	elem = priv->dev_registry;
+  objects = g_dbus_object_manager_get_objects (priv->object_manager);
-	num_open = g_slist_length(elem);
+  num_open = g_list_length (objects);
 
-	if (num_open > 0) {
+  if (num_open > 0)
-		*device = get_device_path (g_slist_last (elem)->data);
+    {
+      g_autoptr(FprintDevice) rdev = NULL;
+      FprintDBusObjectSkeleton *object = g_list_last (objects)->data;
+
+      rdev = fprint_dbus_object_skeleton_get_device (object);
+      *device = g_dbus_interface_skeleton_get_object_path (
+        G_DBUS_INTERFACE_SKELETON (rdev));
       return TRUE;
-	} else {
+    }
+  else
+    {
       g_set_error (error, FPRINT_ERROR, FPRINT_ERROR_NO_SUCH_DEVICE,
                    "No devices available");
       *device = NULL;
@@ -244,34 +429,29 @@ static gboolean fprint_manager_get_default_device(FprintManager *manager,
     }
 }
 
-GQuark fprint_error_quark(void)
+GQuark
+fprint_error_quark (void)
 {
-	static GQuark quark = 0;
+  static volatile gsize quark = 0;
-	if (!quark)
+
-		quark = g_quark_from_static_string("fprintd-error-quark");
+  if (g_once_init_enter (&quark))
-	return quark;
+    {
+      g_autoptr(GEnumClass) errors_enum = NULL;
+      GQuark domain;
+      unsigned i;
+
+      domain = g_quark_from_static_string ("fprintd-error-quark");
+      errors_enum = g_type_class_ref (FPRINT_TYPE_ERROR);
+
+      for (i = 0; i < errors_enum->n_values; ++i)
+        {
+          GEnumValue *value = &errors_enum->values[i];
+
+          g_dbus_error_register_error (domain, value->value,
+                                       value->value_nick);
         }
 
-#define ENUM_ENTRY(NAME, DESC) { NAME, "" #NAME "", DESC }
+      g_once_init_leave (&quark, domain);
-GType
-fprint_error_get_type (void)
-{
-	static GType etype = 0;
-
-	if (etype == 0) {
-		static const GEnumValue values[] =
-		{
-			ENUM_ENTRY (FPRINT_ERROR_CLAIM_DEVICE, "ClaimDevice"),
-			ENUM_ENTRY (FPRINT_ERROR_ALREADY_IN_USE, "AlreadyInUse"),
-			ENUM_ENTRY (FPRINT_ERROR_INTERNAL, "Internal"),
-			ENUM_ENTRY (FPRINT_ERROR_PERMISSION_DENIED, "PermissionDenied"),
-			ENUM_ENTRY (FPRINT_ERROR_NO_ENROLLED_PRINTS, "NoEnrolledPrints"),
-			ENUM_ENTRY (FPRINT_ERROR_NO_ACTION_IN_PROGRESS, "NoActionInProgress"),
-			ENUM_ENTRY (FPRINT_ERROR_INVALID_FINGERNAME, "InvalidFingername"),
-			ENUM_ENTRY (FPRINT_ERROR_NO_SUCH_DEVICE, "NoSuchDevice"),
-			{ 0, 0, 0 }
-		};
-		etype = g_enum_register_static ("FprintError", values);
     }
-	return etype;
+  return (GQuark) quark;
 }

src/manager.xml

@@ -5,8 +5,6 @@
 ]>
 <node name="/" xmlns:doc="http://www.freedesktop.org/dbus/1.0/doc.dtd">
 	<interface name="net.reactivated.Fprint.Manager">
-		<annotation name="org.freedesktop.DBus.GLib.CSymbol"
-			value="fprint_manager" />
 
 		<!-- ************************************************************ -->
 

src/meson.build

@@ -1,30 +1,10 @@
-fprintd_marshal = gnome.genmarshal('fprintd-marshal',
-    prefix: 'fprintd_marshal',
-    sources: 'fprintd-marshal.list',
-    valist_marshallers: true,
-)
-
 bash = find_program('bash')
-dbus_binding_tool = find_program('dbus-binding-tool')
 dbus_interfaces = ['Manager', 'Device']
 dbus_interfaces_files = []
-dbus_server_glue_sources = []
 
 foreach interface_name: dbus_interfaces
     interface = interface_name.to_lower()
     interface_file = interface + '.xml'
-    glue_name = interface + '-dbus-glue.h'
-    dbus_server_glue_sources += custom_target(glue_name,
-        input: interface_file,
-        output: glue_name,
-        command: [
-            dbus_binding_tool,
-            '--prefix=fprint_' + interface,
-            '--mode=glib-server',
-            '--output=@OUTPUT@',
-            '@INPUT@',
-        ])
-
     dbus_interfaces_files += custom_target('dbus_interface_' + interface,
         input: interface_file,
         output: 'net.reactivated.Fprint.@0@.xml'.format(interface_name),
@@ -34,14 +14,48 @@ foreach interface_name: dbus_interfaces
     )
 endforeach
 
+# NOTE: We should pass "--glib-min-required 2.64" but cannot
+fprintd_dbus_sources_base = gnome.gdbus_codegen('fprintd-dbus',
+    sources: dbus_interfaces_files,
+    autocleanup: 'all',
+    interface_prefix: 'net.reactivated.Fprint.',
+    namespace: 'FprintDBus',
+    object_manager: true,
+)
+
+# FIXME: remove this and just use fprintd_dbus_sources when we're on glib 2.64
+fprintd_dbus_sources = [
+    fprintd_dbus_sources_base[1] # header file
+]
+
+fprintd_dbus_sources += custom_target('fprintd-dbus-interactive',
+    input: fprintd_dbus_sources_base[0], # c file,
+    output: 'fprintd-dbus-interactive.c',
+    command: [
+        find_program('patch'),
+        '-p1',
+        '--merge',
+        '@INPUT@',
+        files('dbus-interactive-auth.patch'),
+        '-o', '@OUTPUT@',
+    ])
+
+fprintd_enum_files = gnome.mkenums_simple('fprintd-enums',
+  sources: 'fprintd.h',
+)
+
 fprintd_deps = declare_dependency(
     include_directories: [
         include_directories('..'),
     ],
+    sources: [
+        fprintd_enum_files,
+        fprintd_dbus_sources,
+    ],
     dependencies: [
-        dbus_glib_dep,
         glib_dep,
         gio_dep,
+        gio_unix_dep,
         gmodule_dep,
         libfprint_dep,
         polkit_gobject_dep,
@@ -58,8 +72,6 @@ libfprintd_private = static_library('fprintd-private',
         'device.c',
         'fprintd.h',
         'manager.c',
-        dbus_server_glue_sources,
-        fprintd_marshal,
     ],
     dependencies: fprintd_deps,
     gnu_symbol_visibility: 'hidden',

src/storage.h

@@ -28,12 +28,14 @@ typedef int (*storage_print_data_load)(FpDevice   *dev,
 typedef int (*storage_print_data_delete)(FpDevice   *dev,
                                          FpFinger    finger,
                                          const char *username);
-typedef GSList *(*storage_discover_prints)(FpDevice *dev, const char *username);
+typedef GSList *(*storage_discover_prints)(FpDevice   *dev,
+                                           const char *username);
 typedef GSList *(*storage_discover_users)(void);
 typedef int (*storage_init)(void);
 typedef int (*storage_deinit)(void);
 
-struct storage {
+struct storage
+{
   storage_init              init;
   storage_deinit            deinit;
   storage_print_data_save   print_data_save;

tests/LSAN-leaks-suppress.txt

@@ -0,0 +1,4 @@
+leak:initialize_device
+leak:usbi_alloc_device
+leak:libusb-1.0.so.*
+leak:PyMem_RawMalloc

tests/dbusmock/fprintd.py

@@ -18,6 +18,8 @@ __email__ = 'hadess@hadess.net'
 __copyright__ = '(c) 2020 Red Hat Inc.'
 __license__ = 'LGPL 3+'
 
+import sys
+from gi.repository import GLib
 import dbus
 import asyncio
 
@@ -93,8 +95,9 @@ def GetDefaultDevice(self):
     return devices[0]
 
 @dbus.service.method(MANAGER_MOCK_IFACE,
-                     in_signature='sis', out_signature='s')
+                     in_signature='sisb', out_signature='s')
-def AddDevice(self, device_name, num_enroll_stages, scan_type):
+def AddDevice(self, device_name, num_enroll_stages, scan_type,
+    has_identification=False):
     '''Convenience method to add a fingerprint reader device
 
     You have to specify a device name, the number of enrollment
@@ -139,12 +142,27 @@ def AddDevice(self, device_name, num_enroll_stages, scan_type):
 
     device = mockobject.objects[path]
     device.fingers = {}
+    device.has_identification = has_identification
     device.claimed_user = None
     device.action = None
+    device.selected_finger = None
     device.verify_script = []
 
     return path
 
+@dbus.service.method(MANAGER_MOCK_IFACE,
+                     in_signature='o')
+def RemoveDevice(self, path):
+    # This isn't compatible with hotplugging devices, which fprintd doesn't
+    # support yet, but it's meant to remove devices added to the mock for
+    # testing purposes.
+    if not path:
+        raise dbus.exceptions.DBusException(
+            'Invalid empty path.',
+            name='org.freedesktop.DBus.Error.InvalidArgs')
+
+    self.RemoveObject(path)
+
 @dbus.service.method(DEVICE_IFACE,
                      in_signature='s', out_signature='as')
 def ListEnrolledFingers(device, user):
@@ -186,6 +204,8 @@ def Release(device):
             'Device was not claimed before use',
             name='net.reactivated.Fprint.Error.ClaimDevice')
     device.claimed_user = None
+    device.action = None
+    device.selected_finger = None
 
 def can_verify_finger(device, finger_name):
     # We should already have checked that there are enrolled fingers
@@ -195,9 +215,22 @@ def can_verify_finger(device, finger_name):
         return True
     return False
 
-async def send_verify_script(device, script):
+def glib_sleep(timeout):
-    for [result, done, timeout] in device.verify_script:
+    waiting = True
-        await asyncio.sleep(timeout)
+
+    def done_waiting():
+        nonlocal waiting
+        waiting = False
+
+    GLib.timeout_add(timeout, done_waiting)
+    while (waiting):
+        GLib.main_context_default().iteration(True)
+
+def device_run_script(device, result, done):
+    if result == 'MOCK: quit':
+        sys.exit(0)
+
+    # Emit signal
     device.EmitSignal(DEVICE_IFACE, 'VerifyStatus', 'sb', [
                         result,
                         done
@@ -228,15 +261,47 @@ def VerifyStart(device, finger_name):
             name='net.reactivated.Fprint.Error.AlreadyInUse')
     device.action = 'verify'
 
-    if finger_name == 'any':
+    if finger_name == 'any' and not device.has_identification:
         finger_name = device.fingers[device.claimed_user][0]
-    device.EmitSignal(DEVICE_IFACE, 'VerifyFingerSelected', 's', [
+    device.selected_finger = finger_name
-                          finger_name
+    # Needs to happen after method return
+    GLib.idle_add(device.EmitSignal,
+                  DEVICE_IFACE, 'VerifyFingerSelected', 's', [
+                    device.selected_finger
                   ])
 
-    if device.verify_script is not None and len(device.verify_script) > 0:
+    error = None
-        asyncio.run(send_verify_script(device, device.verify_script))
+    base_delay = 0
+    while device.verify_script is not None and len(device.verify_script) > 0:
+        result, done, timeout = device.verify_script.pop(0)
 
+        # We stop when "timeout >= 0 and done"
+        if result == 'MOCK: no-prints':
+            # Special case to change return value of DBus call, ignores timeout
+            error = dbus.exceptions.DBusException(
+                'No enrolled prints for user \'%s\'' % device.claimed_user,
+                name='net.reactivated.Fprint.Error.NoEnrolledPrints')
+
+        elif timeout < 0:
+            # Negative timeouts mean emitting before the DBus call returns
+            device_run_script(device, result, done)
+            glib_sleep(-timeout)
+
+        else:
+            # Positive or zero means emitting afterwards the given timeout
+            base_delay += timeout
+            GLib.timeout_add(base_delay,
+                             device_run_script,
+                             device,
+                             result,
+                             done)
+
+            # Stop processing commands when the done flag is set
+            if done:
+                break
+
+    if error:
+        raise error
 
 @dbus.service.method(DEVICE_MOCK_IFACE,
                      in_signature='sb', out_signature='')
@@ -262,6 +327,7 @@ def VerifyStop(device):
             'No verification to stop',
             name='net.reactivated.Fprint.Error.NoActionInProgress')
     device.action = None
+    device.selected_finger = None
 
 @dbus.service.method(DEVICE_IFACE,
                      in_signature='s', out_signature='')
@@ -317,11 +383,6 @@ def SetEnrolledFingers(device, user, fingers):
     Returns nothing.
     '''
 
-    if len(fingers) < 1:
-        raise dbus.exceptions.DBusException(
-            'Fingers array must not be empty',
-            name='org.freedesktop.DBus.Error.InvalidArgs')
-
     for k in fingers:
         if k not in VALID_FINGER_NAMES:
             raise dbus.exceptions.DBusException(
@@ -330,6 +391,30 @@ def SetEnrolledFingers(device, user, fingers):
 
     device.fingers[user] = fingers
 
+@dbus.service.method(DEVICE_MOCK_IFACE,
+                     in_signature='', out_signature='s')
+def GetSelectedFinger(device):
+    '''Convenience method to get the finger under verification
+
+    Returns the finger name that the user has selected for verifying
+    '''
+    if not device.selected_finger:
+        raise dbus.exceptions.DBusException(
+            'Device is not verifying',
+            name='net.reactivated.Fprint.Error.NoActionInProgress')
+
+    return device.selected_finger
+
+@dbus.service.method(DEVICE_MOCK_IFACE,
+                     in_signature='', out_signature='b')
+def HasIdentification(device):
+    '''Convenience method to get if a device supports identification
+
+    Returns whether identification is supported.
+    '''
+
+    return device.has_identification
+
 @dbus.service.method(DEVICE_MOCK_IFACE,
                      in_signature='a(sbi)', out_signature='')
 def SetVerifyScript(device, script):
@@ -344,3 +429,11 @@ def SetVerifyScript(device, script):
     '''
 
     device.verify_script = script
+
+@dbus.service.method(DEVICE_MOCK_IFACE,
+                     in_signature='s', out_signature='')
+def SetClaimed(device, user):
+    if user == '':
+        device.claimed_user = None
+    else:
+        device.claimed_user = user

tests/dbusmock/polkitd.py

@@ -0,0 +1,113 @@
+# -*- coding: utf-8 -*-
+
+'''polkit mock template
+
+This creates the basic methods and properties of the
+org.freedesktop.PolicyKit1.Authority object, so that we can use it async
+'''
+
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU Lesser General Public License as published by the Free
+# Software Foundation; either version 3 of the License, or (at your option) any
+# later version.  See http://www.gnu.org/copyleft/lgpl.html for the full text
+# of the license.
+
+__author__ = 'Marco Trevisan'
+__email__ = 'marco.trevisan@canonical.com'
+__copyright__ = '(c) 2020 Canonical Ltd.'
+__license__ = 'LGPL 3+'
+
+import dbus
+import time
+
+from dbusmock import MOCK_IFACE, mockobject
+
+BUS_NAME = 'org.freedesktop.PolicyKit1'
+MAIN_OBJ = '/org/freedesktop/PolicyKit1/Authority'
+MAIN_IFACE = 'org.freedesktop.PolicyKit1.Authority'
+SYSTEM_BUS = True
+IS_OBJECT_MANAGER = False
+
+def load(mock, parameters):
+    polkitd = mockobject.objects[MAIN_OBJ]
+    # default state
+    polkitd.allow_unknown = False
+    polkitd.allowed = []
+    polkitd.delay = 0
+    polkitd.simulate_hang = False
+    polkitd.hanging_actions = []
+    polkitd.hanging_calls = []
+
+    mock.AddProperties(MAIN_IFACE,
+                       dbus.Dictionary({
+                           'BackendName': 'local',
+                           'BackendVersion': '0.8.15',
+                           'BackendFeatures': dbus.UInt32(1, variant_level=1),
+                       }, signature='sv'))
+
+
+@dbus.service.method(MAIN_IFACE,
+                     in_signature='(sa{sv})sa{ss}us', out_signature='(bba{ss})',
+                     async_callbacks=('ok_cb', 'err_cb'))
+def CheckAuthorization(self, subject, action_id, details, flags, cancellation_id,
+                       ok_cb, err_cb):
+    time.sleep(self.delay)
+    allowed = action_id in self.allowed or self.allow_unknown
+    ret = (allowed, False, {'test': 'test'})
+
+    if self.simulate_hang or action_id in self.hanging_actions:
+        self.hanging_calls.append((ok_cb, ret))
+    else:
+        ok_cb(ret)
+
+@dbus.service.method(MOCK_IFACE, in_signature='b', out_signature='')
+def AllowUnknown(self, default):
+    '''Control whether unknown actions are allowed
+
+    This controls the return value of CheckAuthorization for actions which were
+    not explicitly allowed by SetAllowed().
+    '''
+    self.allow_unknown = default
+
+@dbus.service.method(MOCK_IFACE, in_signature='d', out_signature='')
+def SetDelay(self, delay):
+    '''Makes the CheckAuthorization() method to delay'''
+    self.delay = delay
+
+@dbus.service.method(MOCK_IFACE, in_signature='b', out_signature='')
+def SimulateHang(self, hang):
+    '''Makes the CheckAuthorization() method to hang'''
+    self.simulate_hang = hang
+
+@dbus.service.method(MOCK_IFACE, in_signature='as', out_signature='')
+def SimulateHangActions(self, actions):
+    '''Makes the CheckAuthorization() method to hang on such actions'''
+    self.hanging_actions = actions
+
+@dbus.service.method(MOCK_IFACE, in_signature='', out_signature='')
+def ReleaseHangingCalls(self):
+    '''Calls all the hanging callbacks'''
+    for (cb, ret) in self.hanging_calls:
+        cb(ret)
+    self.hanging_calls = []
+
+@dbus.service.method(MOCK_IFACE, in_signature='', out_signature='b')
+def HaveHangingCalls(self):
+    '''Check if we've hangling calls'''
+    return len(self.hanging_calls)
+
+@dbus.service.method(MOCK_IFACE, in_signature='as', out_signature='')
+def SetAllowed(self, actions):
+    '''Set allowed actions'''
+
+    self.allowed = actions
+
+@dbus.service.method(MAIN_IFACE,
+                     in_signature='', out_signature='o')
+def GetDefaultDevice(self):
+    devices = self.GetDevices()
+    if len(devices) < 1:
+        raise dbus.exceptions.DBusException(
+            'No devices available',
+            name='net.reactivated.Fprint.Error.NoSuchDevice')
+    return devices[0]

tests/meson.build

@@ -1,36 +1,118 @@
+# Add a way to discover and run python unit tests separately
+# https://github.com/mesonbuild/meson/issues/6851
+python_tests = [
+    # List all the python tests, must be in the form:
+    # {
+    #     'name': 'test name',
+    #     'file': 'full test file path, use files('path')[0]',
+    # Fields below are optional:
+    #     'workdir': '',
+    #     'env': [],
+    #     'depends': [],
+    #     'suite': [],
+    #     'extra_args': [],
+    #     'timeout': 30,
+    #     'is_parallel': true,
+    # }
+]
+
+address_sanitizer = get_option('b_sanitize') == 'address'
+
 tests = [
     'fprintd',
     'test_fprintd_utils',
 ]
 
 foreach t: tests
-    test(t,
+    python_tests += [
-        python3,
+        {
-        args: meson.current_source_dir() / t + '.py',
+            'name': t,
-        suite: ['daemon'],
+            'file': files(meson.current_source_dir() / t + '.py')[0],
-        depends: [
+            'env': [
-            fprintd,
-            fprintd_utils,
-        ],
-        env: [
                 'G_DEBUG=fatal-criticals',
                 'G_MESSAGES_DEBUG=all',
                 'FPRINT_BUILD_DIR=' + meson.build_root() / 'src',
                 'TOPSRCDIR=' + meson.source_root(),
             ],
+            'depends': [
+                fprintd,
+                fprintd_utils,
+            ],
+            'suite': [t == 'fprintd' ? 'daemon' : ''],
+        }
+    ]
+endforeach
+
+if get_option('pam')
+    subdir('pam')
+endif
+
+# Add a way to discover and run python unit tests separately
+# https://github.com/mesonbuild/meson/issues/6851
+unittest_inspector = find_program('unittest_inspector.py')
+
+foreach pt: python_tests
+    r = run_command(unittest_inspector, pt.get('file'))
+    unit_tests = r.stdout().strip().split('\n')
+    base_args = [ pt.get('file') ] + pt.get('extra_args', [])
+    suite = pt.get('suite', [])
+
+    if r.returncode() == 0 and unit_tests.length() > 0
+        suite += pt.get('name')
+    else
+        unit_tests = [pt.get('name')]
+    endif
+
+    foreach ut: unit_tests
+        ut_suite = suite
+        ut_args = base_args
+        if unit_tests.length() > 1
+            ut_args += ut
+            ut_suite += ut.split('.')[0]
+        endif
+        test(ut,
+            python3,
+            args: ut_args,
+            suite: ut_suite,
+            depends: pt.get('depends', []),
+            workdir: pt.get('workdir', meson.build_root()),
+            env: pt.get('env', []),
+            timeout: pt.get('timeout', 30),
+            is_parallel: pt.get('is_parallel', true),
         )
     endforeach
+endforeach
+
+timeout_multiplier = 1
+test_envs = [
+    'G_SLICE=always-malloc',
+    'MALLOC_CHECK_=2',
+]
+
+if address_sanitizer
+    timeout_multiplier = 3
+    test_envs += [
+        'ADDRESS_SANITIZER=true',
+        'ASAN_OPTIONS=@0@'.format(':'.join([
+            'abort_on_error=true',
+            'symbolize=true',
+        ])),
+        'LSAN_OPTIONS=@0@'.format(':'.join([
+            'exitcode=0',
+            'strict_string_checks=true',
+            'suppressions=@0@'.format(
+                files(meson.current_source_dir() / 'LSAN-leaks-suppress.txt')[0]),
+        ])),
+    ]
+endif
 
 add_test_setup('default_setup',
     is_default: true,
-    env: [
+    env: test_envs,
-        'G_SLICE=always-malloc',
+    timeout_multiplier: timeout_multiplier
-        'MALLOC_CHECK_=2',
-        'MALLOC_PERTURB_=55',
-    ],
 )
 
-if find_program('valgrind', required: false).found()
+if not address_sanitizer and find_program('valgrind', required: false).found()
     glib_share = glib_dep.get_pkgconfig_variable('prefix') / 'share' / glib_dep.name()
     glib_suppressions = glib_share + '/valgrind/glib.supp'
     add_test_setup('valgrind',
@@ -42,6 +124,3 @@ if find_program('valgrind', required: false).found()
     )
 endif
 
-if get_option('pam')
-    subdir('pam')
-endif

tests/output_checker.py

@@ -0,0 +1,148 @@
+#! /usr/bin/env python3
+# Copyright © 2020, RedHat Inc.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library. If not, see <http://www.gnu.org/licenses/>.
+# Authors:
+#       Benjamin Berg <bberg@redhat.com>
+
+import os
+import sys
+import fcntl
+import io
+import re
+import time
+import threading
+
+class OutputChecker(object):
+
+    def __init__(self, out=sys.stdout):
+        self._output = out
+        self._pipe_fd_r, self._pipe_fd_w = os.pipe()
+        self._partial_buf = b''
+        self._lines_sem = threading.Semaphore()
+        self._lines = []
+        self._reader_io = io.StringIO()
+
+        # Just to be sure, shouldn't be a problem even if we didn't set it
+        fcntl.fcntl(self._pipe_fd_r, fcntl.F_SETFL,
+                    fcntl.fcntl(self._pipe_fd_r, fcntl.F_GETFL) | os.O_CLOEXEC)
+        fcntl.fcntl(self._pipe_fd_w, fcntl.F_SETFL,
+                    fcntl.fcntl(self._pipe_fd_w, fcntl.F_GETFL) | os.O_CLOEXEC)
+
+        # Start copier thread
+        self._thread = threading.Thread(target=self._copy)
+        self._thread.start()
+
+    def _copy(self):
+        while True:
+            r = os.read(self._pipe_fd_r, 1024)
+            if not r:
+                return
+
+            l = r.split(b'\n')
+            l[0] = self._partial_buf + l[0]
+            self._lines.extend(l[:-1])
+            self._partial_buf = l[-1]
+
+            self._lines_sem.release()
+
+            os.write(self._output.fileno(), r)
+
+    def check_line_re(self, needle_re, timeout=0, failmsg=None):
+        deadline = time.time() + timeout
+
+        if isinstance(needle_re, str):
+            needle_re = needle_re.encode('ascii')
+
+        r = re.compile(needle_re)
+        ret = []
+
+        while True:
+            try:
+                l = self._lines.pop(0)
+            except IndexError:
+                # Check if should wake up
+                if not self._lines_sem.acquire(timeout = deadline - time.time()):
+                    if failmsg:
+                        raise AssertionError(failmsg)
+                    else:
+                        raise AssertionError('Timed out waiting for needle %s (timeout: %0.2f)' % (str(needle_re), timeout))
+                continue
+
+            ret.append(l)
+            if r.search(l):
+                return ret
+
+    def check_line(self, needle, timeout=0, failmsg=None):
+        if isinstance(needle, str):
+            needle = needle.encode('ascii')
+
+        needle_re = re.escape(needle)
+
+        return self.check_line_re(needle_re, timeout=timeout, failmsg=failmsg)
+
+    def check_no_line_re(self, needle_re, wait=0, failmsg=None):
+        deadline = time.time() + wait
+
+        if isinstance(needle_re, str):
+            needle_re = needle_re.encode('ascii')
+
+        r = re.compile(needle_re)
+        ret = []
+
+        while True:
+            try:
+                l = self._lines.pop(0)
+            except IndexError:
+                # Check if should wake up
+                if not self._lines_sem.acquire(timeout = deadline - time.time()):
+                    # Timed out, so everything is good
+                    break
+                continue
+
+            ret.append(l)
+            if r.search(l):
+                if failmsg:
+                    raise AssertionError(failmsg)
+                else:
+                    raise AssertionError('Found needle %s but shouldn\'t have been there (timeout: %0.2f)' % (str(needle_re), timeout))
+
+        return ret
+
+    def check_no_line(self, needle, wait=0, failmsg=None):
+        if isinstance(needle, str):
+            needle = needle.encode('ascii')
+
+        needle_re = re.escape(needle)
+
+        return self.check_no_line_re(needle_re, wait=wait, failmsg=failmsg)
+
+    def clear(self):
+        ret = self._lines
+        self._lines = []
+        return ret
+
+    def assert_closed(self, timeout=1):
+        self._thread.join(timeout)
+        if self._thread.is_alive() != False:
+            raise AssertionError("OutputCheck: Write side has not been closed yet!")
+
+    @property
+    def fd(self):
+        return self._pipe_fd_w
+
+    def writer_attached(self):
+        os.close(self._pipe_fd_w)
+        self._pipe_fd_w = -1
+

tests/pam/meson.build

@@ -4,24 +4,56 @@ tests = [
     'test_pam_fprintd',
 ]
 
+preloaded_libs = []
+pam_tests_ld_preload = []
+
+if address_sanitizer
+    # ASAN has to be the first in list
+    preloaded_libs += 'asan'
+endif
+
+preloaded_libs += 'pam_wrapper'
+
+foreach libname: preloaded_libs
+    lib = run_command(meson.get_compiler('c'),
+        '-print-file-name=lib@0@.so'.format(libname)
+    ).stdout().strip()
+
+    # Support linker script files
+    if run_command('grep', '-qI', '^INPUT', files(lib)).returncode() == 0
+        out = run_command('cat', lib).stdout()
+        lib = out.split('(')[1].split(')')[0].strip()
+    endif
+
+    if lib != '' and lib[0] == '/'
+        message('Found library @0@ as @1@'.format(libname, lib))
+        pam_tests_ld_preload += '@0@'.format(files(lib)[0])
+    else
+        tests = []
+        warning('No library found for ' + libname + ', skipping PAM tests')
+    endif
+endforeach
+
 foreach t: tests
-    test(t,
+    python_tests += [
-        python3,
+        {
-        args: meson.current_source_dir() / t + '.py',
+            'name': t,
-        suite: ['PAM'],
+            'file': files(meson.current_source_dir() / t + '.py')[0],
-        depends: [
+            'is_parallel': false,
-            pam_fprintd,
+            'env': [
-            pam_service_file,
-        ],
-        env: [
                 'TOPBUILDDIR=' + meson.build_root(),
                 'TOPSRCDIR=' + meson.source_root(),
-            'LD_PRELOAD=libpam_wrapper.so',
+                'LD_PRELOAD=' + ' '.join(pam_tests_ld_preload),
                 'PAM_WRAPPER=1',
                 'PAM_WRAPPER_DEBUGLEVEL=2',
                 'PAM_WRAPPER_SERVICE_DIR=' + meson.current_build_dir() / 'services',
                 'G_DEBUG=fatal-warnings',
             ],
-        timeout: 60,
+            'depends': [
-    )
+                pam_fprintd,
+                pam_service_file,
+            ],
+            'suite': ['PAM'],
+        }
+    ]
 endforeach

tests/pam/test_pam_fprintd.py

@@ -16,15 +16,13 @@ import unittest
 import sys
 import subprocess
 import dbus
-import dbus.mainloop.glib
 import dbusmock
-import fcntl
+import glob
 import os
+import shutil
 import time
 import pypamtest
 
-dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
-
 PAM_SUCCESS = 0
 PAM_AUTH_ERR = 7
 PAM_AUTHINFO_UNAVAIL = 9
@@ -71,12 +69,12 @@ class TestPamFprintd(dbusmock.DBusTestCase):
     def tearDownClass(klass):
         klass.stop_monitor()
 
+        # Remove pam wrapper files, as they may break other tests
+        [shutil.rmtree(i) for i in glob.glob('/tmp/pam.[0-9A-z]')]
+
     def setUp(self):
         (self.p_mock, self.obj_fprintd_manager) = self.spawn_server_template(
-            self.template_name, {}, stdout=subprocess.PIPE)
+            self.template_name, {})
-        # set log to nonblocking
-        flags = fcntl.fcntl(self.p_mock.stdout, fcntl.F_GETFL)
-        fcntl.fcntl(self.p_mock.stdout, fcntl.F_SETFL, flags | os.O_NONBLOCK)
         self.obj_fprintd_mock = dbus.Interface(self.obj_fprintd_manager, 'net.reactivated.Fprint.Manager.Mock')
 
     def tearDown(self):
@@ -88,6 +86,50 @@ class TestPamFprintd(dbusmock.DBusTestCase):
         self.device_mock = self.dbus_con.get_object('net.reactivated.Fprint', device_path)
         self.device_mock.SetEnrolledFingers('toto', ['left-little-finger', 'right-little-finger'])
 
+    def test_pam_no_device(self):
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_AUTHINFO_UNAVAIL)
+        res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
+
+    def test_pam_fprintd_identify_error(self):
+        self.setup_device()
+        script = [
+            ( 'verify-unknown-error', True, 2 )
+        ]
+        self.device_mock.SetVerifyScript(script)
+
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_AUTHINFO_UNAVAIL)
+        res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
+
+        self.assertRegex(res.info[0], r'Swipe your left little finger across the fingerprint reader')
+        self.assertEqual(len(res.errors), 0)
+
+    def test_pam_fprintd_identify_error2(self):
+        self.setup_device()
+        script = [
+            ( 'verify-disconnected', True, 2 )
+        ]
+        self.device_mock.SetVerifyScript(script)
+
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_AUTHINFO_UNAVAIL)
+        res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
+
+        self.assertRegex(res.info[0], r'Swipe your left little finger across the fingerprint reader')
+        self.assertEqual(len(res.errors), 0)
+
+    def test_pam_fprintd_identify_error3(self):
+        self.setup_device()
+        script = [
+            ( 'verify-INVALID', True, 2 )
+        ]
+        self.device_mock.SetVerifyScript(script)
+
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_AUTH_ERR)
+        res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
+
+        self.assertRegex(res.info[0], r'Swipe your left little finger across the fingerprint reader')
+        self.assertEqual(len(res.errors), 1)
+        self.assertRegex(res.errors[0], r'An unknown error occurred')
+
     def test_pam_fprintd_auth(self):
         self.setup_device()
         script = [
@@ -101,6 +143,66 @@ class TestPamFprintd(dbusmock.DBusTestCase):
         self.assertRegex(res.info[0], r'Swipe your left little finger across the fingerprint reader')
         self.assertEqual(len(res.errors), 0)
 
+    def test_pam_fprintd_no_fingers(self):
+        self.setup_device()
+        self.device_mock.SetEnrolledFingers('toto', dbus.Array(set([]), signature='s'))
+        script = [
+            ( 'verify-match', True, 1 )
+        ]
+        self.device_mock.SetVerifyScript(script)
+
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_AUTHINFO_UNAVAIL)
+        res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
+
+    def test_pam_fprintd_no_fingers_while_verifying(self):
+        self.setup_device()
+        script = [
+            ( 'MOCK: no-prints', True, 1),
+            ( 'verify-match', True, 1 )
+        ]
+        self.device_mock.SetVerifyScript(script)
+
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_USER_UNKNOWN)
+        res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
+
+    def test_pam_fprintd_blocks_unexpected_auth(self):
+        self.setup_device()
+        script = [
+            ( 'verify-match', True, -500 ), # This one is sent before VerifyStart has completed
+            ( 'verify-no-match', True, 1 ),
+            ( 'verify-no-match', True, 1 ),
+            ( 'verify-no-match', True, 1 ),
+        ]
+        self.device_mock.SetVerifyScript(script)
+
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_MAXTRIES)
+        res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
+
+        self.assertRegex(res.info[0], r'Swipe your left little finger across the fingerprint reader')
+        self.assertEqual(len(res.errors), 3)
+        self.assertRegex(res.errors[0], r'Failed to match fingerprint')
+        self.assertRegex(res.errors[0], r'Failed to match fingerprint')
+        self.assertRegex(res.errors[0], r'Failed to match fingerprint')
+
+    def test_pam_fprintd_blocks_unexpected_auth2(self):
+        self.setup_device()
+        script = [
+            ( 'verify-no-match', True, 1 ),
+            ( 'verify-match', True, -500 ), # This one is sent before VerifyStart has completed
+            ( 'verify-no-match', True, 1 ),
+            ( 'verify-no-match', True, 1 ),
+        ]
+        self.device_mock.SetVerifyScript(script)
+
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_MAXTRIES)
+        res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
+
+        self.assertRegex(res.info[0], r'Swipe your left little finger across the fingerprint reader')
+        self.assertEqual(len(res.errors), 3)
+        self.assertRegex(res.errors[0], r'Failed to match fingerprint')
+        self.assertRegex(res.errors[0], r'Failed to match fingerprint')
+        self.assertRegex(res.errors[0], r'Failed to match fingerprint')
+
     def test_pam_fprintd_dual_reader_auth(self):
         device_path = self.obj_fprintd_mock.AddDevice('FDO Sandpaper Reader', 3, 'press')
         sandpaper_device_mock = self.dbus_con.get_object('net.reactivated.Fprint', device_path)
@@ -154,6 +256,20 @@ class TestPamFprintd(dbusmock.DBusTestCase):
         self.assertRegex(res.errors[1], r'Failed to match fingerprint')
         self.assertRegex(res.errors[2], r'Failed to match fingerprint')
 
+    def test_pam_already_claimed(self):
+        self.setup_device()
+        script = [
+            ( 'verify-match', True, 2 )
+        ]
+        self.device_mock.SetVerifyScript(script)
+        self.device_mock.SetClaimed('toto')
+
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_AUTHINFO_UNAVAIL)
+        res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
+
+        self.assertEqual(len(res.info), 0)
+        self.assertEqual(len(res.errors), 0)
+
     def test_pam_timeout(self):
         self.setup_device()
 
@@ -161,6 +277,19 @@ class TestPamFprintd(dbusmock.DBusTestCase):
         res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
         self.assertRegex(res.info[1], r'Verification timed out')
 
+    def test_pam_notices_fprintd_disappearing(self):
+        self.setup_device()
+
+        script = [
+            ( 'MOCK: quit', True, 0 ),
+        ]
+        self.device_mock.SetVerifyScript(script)
+
+        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=PAM_AUTHINFO_UNAVAIL)
+        res = pypamtest.run_pamtest("toto", "fprintd-pam-test", [tc], [ 'unused' ])
+        self.assertEqual(len(res.errors), 0)
+        self.assertEqual(len(res.info), 0)
+
 if __name__ == '__main__':
     if 'PAM_WRAPPER_SERVICE_DIR' not in os.environ:
         print('Cannot run test without environment set correctly, run "meson test" instead')

tests/test_fprintd_utils.py

@@ -18,13 +18,27 @@ import subprocess
 import dbus
 import dbus.mainloop.glib
 import dbusmock
-import fcntl
 import os
 import time
+from output_checker import OutputChecker
+
+
+VALID_FINGER_NAMES = [
+    'left-thumb',
+    'left-index-finger',
+    'left-middle-finger',
+    'left-ring-finger',
+    'left-little-finger',
+    'right-thumb',
+    'right-index-finger',
+    'right-middle-finger',
+    'right-ring-finger',
+    'right-little-finger'
+]
 
 dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
 
-class TestFprintd(dbusmock.DBusTestCase):
+class TestFprintdUtilsBase(dbusmock.DBusTestCase):
     '''Test fprintd utilities'''
 
     @classmethod
@@ -57,130 +71,231 @@ class TestFprintd(dbusmock.DBusTestCase):
                 if os.path.exists(valgrind):
                     klass.wrapper_args += ['--suppressions={}'.format(valgrind)]
 
+        if 'ADDRESS_SANITIZER' in os.environ:
+            klass.sleep_time *= 2
+
     def setUp(self):
+        super().setUp()
         (self.p_mock, self.obj_fprintd_manager) = self.spawn_server_template(
-            self.template_name, {}, stdout=subprocess.PIPE)
+            self.template_name, {})
         # set log to nonblocking
-        flags = fcntl.fcntl(self.p_mock.stdout, fcntl.F_GETFL)
-        fcntl.fcntl(self.p_mock.stdout, fcntl.F_SETFL, flags | os.O_NONBLOCK)
         self.obj_fprintd_mock = dbus.Interface(self.obj_fprintd_manager, 'net.reactivated.Fprint.Manager.Mock')
 
     def tearDown(self):
         self.p_mock.terminate()
         self.p_mock.wait()
+        super().tearDown()
 
     def setup_device(self):
-        device_path = self.obj_fprintd_mock.AddDevice('FDO Trigger Finger Laser Reader', 3, 'swipe')
+        self.device_path = self.obj_fprintd_mock.AddDevice(
-        self.device_mock = self.dbus_con.get_object('net.reactivated.Fprint', device_path)
+            'FDO Trigger Finger Laser Reader', 3, 'swipe')
-        self.device_mock.SetEnrolledFingers('toto', ['left-little-finger', 'right-little-finger'])
+        self.device_mock = self.dbus_con.get_object('net.reactivated.Fprint',
+            self.device_path)
+        self.set_enrolled_fingers(['left-little-finger', 'right-little-finger'])
+
+    def set_enrolled_fingers(self, fingers, user='toto'):
+        self.enrolled_fingers = fingers
+        self.device_mock.SetEnrolledFingers('toto', self.enrolled_fingers,
+            signature='sas')
+
+    def start_utility_process(self, utility_name, args=[], sleep=True):
+        utility = [ os.path.join(self.tools_prefix, 'fprintd-{}'.format(utility_name)) ]
+        output = OutputChecker()
+        process = subprocess.Popen(self.wrapper_args + utility + args,
+                                   stdout=output.fd,
+                                   stderr=subprocess.STDOUT)
+        output.writer_attached()
+
+        self.addCleanup(output.assert_closed)
+        self.addCleanup(self.try_stop_utility_process, process)
+
+        if sleep:
+            time.sleep(self.sleep_time)
+
+        return process, output
+
+    def stop_utility_process(self, process):
+        process.terminate()
+        process.wait()
+
+    def try_stop_utility_process(self, process):
+        try:
+            self.stop_utility_process(process)
+        except:
+            pass
+
+    def run_utility_process(self, utility_name, args=[], sleep=True, timeout=None):
+        proc, output = self.start_utility_process(utility_name, args=args, sleep=sleep)
+        ret = proc.wait(timeout=timeout if timeout is not None else self.sleep_time * 4)
+        self.assertLessEqual(ret, 128)
+
+        return b''.join(output.clear()), ret
+
+
+class TestFprintdUtils(TestFprintdUtilsBase):
+    def setUp(self):
+        super().setUp()
+        self.setup_device()
 
     def test_fprintd_enroll(self):
-        self.setup_device()
+        process, out = self.start_utility_process('enroll', ['-f', 'right-index-finger', 'toto'])
 
-        mock_log = tempfile.NamedTemporaryFile()
+        out.check_line(rb'right-index-finger', 0)
-        process = subprocess.Popen(self.wrapper_args + [self.tools_prefix + 'fprintd-enroll', '-f', 'right-index-finger', 'toto'],
-                                   stdout=mock_log,
-                                   stderr=subprocess.STDOUT,
-                                   universal_newlines=True)
-
-        time.sleep(self.sleep_time)
-
-        with open(mock_log.name) as f:
-            out = f.read()
-            self.assertRegex(out, r'right-index-finger')
 
         self.device_mock.EmitEnrollStatus('enroll-completed', True)
-        time.sleep(self.sleep_time)
 
-        with open(mock_log.name) as f:
+        out.check_line(rb'Enroll result: enroll-completed', self.sleep_time)
-            out = f.read()
+
-            self.assertRegex(out, 'Enroll result: enroll-completed')
+    def test_fprintd_list(self):
+        # Rick has no fingerprints enrolled
+        out, ret = self.run_utility_process('list', ['rick'])
+        self.assertRegex(out, rb'has no fingers enrolled for')
+        self.assertEqual(ret, 0)
+
+        # Toto does
+        out, ret = self.run_utility_process('list', ['toto'])
+        self.assertRegex(out, rb'right-little-finger')
+        self.assertEqual(ret, 0)
+
+    def test_fprintd_delete(self):
+        # Has fingerprints enrolled
+        out, ret = self.run_utility_process('list', ['toto'])
+        self.assertRegex(out, rb'left-little-finger')
+        self.assertEqual(ret, 0)
+        self.assertRegex(out, rb'right-little-finger')
+
+        # Delete fingerprints
+        out, ret = self.run_utility_process('delete', ['toto'])
+        self.assertRegex(out, rb'Fingerprints deleted')
+        self.assertEqual(ret, 0)
+
+        # Doesn't have fingerprints
+        out, ret = self.run_utility_process('list', ['toto'])
+        self.assertRegex(out, rb'has no fingers enrolled for')
+        self.assertEqual(ret, 0)
+
+
+class TestFprintdUtilsNoDeviceTests(TestFprintdUtilsBase):
+    def test_fprintd_enroll(self):
+        out, ret = self.run_utility_process('enroll', ['toto'])
+        self.assertIn(b'No devices available', out)
+        self.assertEqual(ret, 1)
+
+    def test_fprintd_list(self):
+        out, ret = self.run_utility_process('list', ['toto'])
+        self.assertIn(b'No devices available', out)
+        self.assertEqual(ret, 1)
+
+    def test_fprintd_delete(self):
+        out, ret = self.run_utility_process('delete', ['toto'])
+        self.assertIn(b'No devices available', out)
+        self.assertEqual(ret, 1)
 
     def test_fprintd_verify(self):
+        out, ret = self.run_utility_process('verify', ['toto'])
+        self.assertIn(b'No devices available', out)
+        self.assertEqual(ret, 1)
+
+
+class TestFprintdUtilsVerify(TestFprintdUtilsBase):
+    def setUp(self):
+        super().setUp()
         self.setup_device()
 
-        mock_log = tempfile.NamedTemporaryFile()
+    def start_verify_process(self, user='toto', finger=None, nowait=False):
-        process = subprocess.Popen(self.wrapper_args + [self.tools_prefix + 'fprintd-verify', 'toto'],
+        args = [user]
-                                   stdout=mock_log,
+        if finger:
-                                   stderr=subprocess.STDOUT,
+            args += ['-f', finger]
-                                   universal_newlines=True)
 
-        time.sleep(self.sleep_time)
+        self.process, self.output = self.start_utility_process('verify', args)
+        if nowait:
+            return
 
-        with open(mock_log.name) as f:
+        preamble = self.output.check_line(b'Verify started!')
-            out = f.read()
+
-            self.assertRegex(out, r'left-little-finger')
+        out = b''.join(preamble)
-            self.assertNotRegex(out, 'Verify result: verify-match \(done\)')
+
+        self.assertNotIn(b'Verify result:', out)
+
+        if finger:
+            expected_finger = finger
+            if finger == 'any' and not self.device_mock.HasIdentification():
+                expected_finger = self.enrolled_fingers[0]
+            self.assertEqual(self.device_mock.GetSelectedFinger(), expected_finger)
+
+    def assertVerifyMatch(self, match):
+        self.output.check_line(r'Verify result: {} (done)'.format(
+            'verify-match' if match else 'verify-no-match'))
+
+    def test_fprintd_verify(self):
+        self.start_verify_process()
 
         self.device_mock.EmitVerifyStatus('verify-match', True)
         time.sleep(self.sleep_time)
+        self.assertVerifyMatch(True)
 
-        with open(mock_log.name) as f:
+    def test_fprintd_verify_enrolled_fingers(self):
-            out = f.read()
+        for finger in self.enrolled_fingers:
-            self.assertRegex(out, 'Verify result: verify-match \(done\)')
+            self.start_verify_process(finger=finger)
+
+            self.device_mock.EmitVerifyStatus('verify-match', True)
+            time.sleep(self.sleep_time)
+            self.assertVerifyMatch(True)
+
+    def test_fprintd_verify_any_finger_no_identification(self):
+        self.start_verify_process(finger='any')
+
+        self.device_mock.EmitVerifyStatus('verify-match', True)
+        time.sleep(self.sleep_time)
+        self.assertVerifyMatch(True)
+
+    def test_fprintd_verify_any_finger_identification(self):
+        self.obj_fprintd_mock.RemoveDevice(self.device_path)
+        self.device_path = self.obj_fprintd_mock.AddDevice('Full powered device',
+            3, 'press', True)
+        self.device_mock = self.dbus_con.get_object('net.reactivated.Fprint',
+            self.device_path)
+        self.set_enrolled_fingers(VALID_FINGER_NAMES)
+        self.start_verify_process(finger='any')
+
+        self.device_mock.EmitVerifyStatus('verify-match', True)
+        time.sleep(self.sleep_time)
+        self.assertVerifyMatch(True)
+
+    def test_fprintd_verify_not_enrolled_fingers(self):
+        for finger in [f for f in VALID_FINGER_NAMES if f not in self.enrolled_fingers]:
+            self.start_verify_process(finger=finger, nowait=True)
+            regex = r'Finger \'{}\' not enrolled'.format(finger)
+            self.output.check_line_re(regex, timeout=self.sleep_time)
+
+            self.device_mock.Release()
+
+    def test_fprintd_verify_no_enrolled_fingers(self):
+        self.set_enrolled_fingers([])
+        self.start_verify_process(nowait=True)
+        self.output.check_line(b'No fingers enrolled for this device.', timeout=self.sleep_time)
+        self.assertEqual(self.process.poll(), 1)
+
+    def test_fprintd_list_all_fingers(self):
+        self.set_enrolled_fingers(VALID_FINGER_NAMES)
+        self.start_verify_process()
 
     def test_fprintd_verify_script(self):
-        self.setup_device()
         script = [
             ( 'verify-match', True, 2 )
         ]
         self.device_mock.SetVerifyScript(script)
-
-        mock_log = tempfile.NamedTemporaryFile()
-        process = subprocess.Popen(self.wrapper_args + [self.tools_prefix + 'fprintd-verify', 'toto'],
-                                   stdout=mock_log,
-                                   stderr=subprocess.STDOUT,
-                                   universal_newlines=True)
-
-        time.sleep(self.sleep_time)
-
-        with open(mock_log.name) as f:
-            out = f.read()
-            self.assertRegex(out, r'left-little-finger')
-            self.assertNotRegex(out, 'Verify result: verify-match \(done\)')
-
         time.sleep(2)
 
-        with open(mock_log.name) as f:
+        self.start_verify_process()
-            out = f.read()
+        time.sleep(2 + self.sleep_time)
-            self.assertRegex(out, 'Verify result: verify-match \(done\)')
+        self.assertVerifyMatch(True)
 
-    def test_fprintd_list(self):
+    def test_fprintd_multiple_verify_fails(self):
-        self.setup_device()
+        self.start_verify_process()
 
-        # Rick has no fingerprints enrolled
+        self.start_verify_process(nowait=True)
-        out = subprocess.check_output(self.wrapper_args + [self.tools_prefix + 'fprintd-list', 'rick'],
+        self.output.check_line_re(rb'Device already in use by [A-z]+', timeout=self.sleep_time)
-                                      stderr=subprocess.STDOUT,
-                                      universal_newlines=True)
-        self.assertRegex(out, r'has no fingers enrolled for')
-
-        # Toto does
-        out = subprocess.check_output(self.wrapper_args + [self.tools_prefix + 'fprintd-list', 'toto'],
-                                      universal_newlines=True)
-        self.assertRegex(out, r'left-little-finger')
-        self.assertRegex(out, r'right-little-finger')
-
-    def test_fprintd_delete(self):
-        self.setup_device()
-
-        # Has fingerprints enrolled
-        out = subprocess.check_output(self.wrapper_args + [self.tools_prefix + 'fprintd-list', 'toto'],
-                                      stderr=subprocess.STDOUT,
-                                      universal_newlines=True)
-        self.assertRegex(out, r'left-little-finger')
-        self.assertRegex(out, r'right-little-finger')
-
-        # Delete fingerprints
-        out = subprocess.check_output(self.wrapper_args + [self.tools_prefix + 'fprintd-delete', 'toto'],
-                                      stderr=subprocess.STDOUT,
-                                      universal_newlines=True)
-        self.assertRegex(out, r'Fingerprints deleted')
-
-        # Doesn't have fingerprints
-        out = subprocess.check_output(self.wrapper_args + [self.tools_prefix + 'fprintd-list', 'toto'],
-                                      stderr=subprocess.STDOUT,
-                                      universal_newlines=True)
-        self.assertRegex(out, r'has no fingers enrolled for')
 
 if __name__ == '__main__':
     # avoid writing to stderr

tests/unittest_inspector.py

@@ -0,0 +1,46 @@
+#! /usr/bin/env python3
+# Copyright © 2020, Canonical Ltd
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library. If not, see <http://www.gnu.org/licenses/>.
+# Authors:
+#       Marco Trevisan <marco.trevisan@canonical.com>
+
+import argparse
+import importlib.util
+import inspect
+import os
+import unittest
+
+def list_tests(module):
+    tests = []
+    for name, obj in inspect.getmembers(module):
+        if inspect.isclass(obj) and issubclass(obj, unittest.TestCase):
+            cases = unittest.defaultTestLoader.getTestCaseNames(obj)
+            tests += [ (obj, '{}.{}'.format(name, t)) for t in cases ]
+    return tests
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument('unittest_source', type=argparse.FileType('r'))
+
+    args = parser.parse_args()
+    source_path = args.unittest_source.name
+    spec = importlib.util.spec_from_file_location(
+        os.path.basename(source_path), source_path)
+    module = importlib.util.module_from_spec(spec)
+    spec.loader.exec_module(module)
+
+    for machine, human in list_tests(module):
+        print(human)

utils/delete.c

@@ -1,6 +1,7 @@
 /*
  * fprintd example to delete fingerprints
  * Copyright (C) 2008 Daniel Drake <dsd@gentoo.org>
+ * Copyright (C) 2020 Marco Trevisan <marco.trevisan@canonical.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -20,117 +21,146 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <locale.h>
-#include <dbus/dbus-glib-bindings.h>
+#include "fprintd-dbus.h"
-#include "manager-dbus-glue.h"
-#include "device-dbus-glue.h"
 
-static DBusGProxy *manager = NULL;
+static FprintDBusManager *manager = NULL;
-static DBusGConnection *connection = NULL;
+static GDBusConnection *connection = NULL;
 
-static void create_manager(void)
+static void
+create_manager (void)
 {
-	GError *error = NULL;
+  g_autoptr(GError) error = NULL;
 
-	connection = dbus_g_bus_get(DBUS_BUS_SYSTEM, &error);
+  connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error);
-	if (connection == NULL) {
+  if (connection == NULL)
+    {
       g_print ("Failed to connect to session bus: %s\n", error->message);
       exit (1);
     }
 
-	manager = dbus_g_proxy_new_for_name(connection,
+  manager = fprint_dbus_manager_proxy_new_sync (connection,
-		"net.reactivated.Fprint", "/net/reactivated/Fprint/Manager",
+                                                G_DBUS_PROXY_FLAGS_NONE,
-		"net.reactivated.Fprint.Manager");
+                                                "net.reactivated.Fprint",
-}
+                                                "/net/reactivated/Fprint/Manager",
-
+                                                NULL, &error);
-static void delete_fingerprints(DBusGProxy *dev, const char *username)
+  if (manager == NULL)
     {
-	GError *error = NULL;
+      g_print ("Failed to get Fprintd manager: %s\n", error->message);
-	GHashTable *props;
-	DBusGProxy *p;
-
-	p = dbus_g_proxy_new_from_proxy(dev, "org.freedesktop.DBus.Properties", NULL);
-	if (!dbus_g_proxy_call (p, "GetAll", &error, G_TYPE_STRING, "net.reactivated.Fprint.Device", G_TYPE_INVALID,
-			   dbus_g_type_get_map ("GHashTable", G_TYPE_STRING, G_TYPE_VALUE), &props, G_TYPE_INVALID)) {
-		g_print("GetAll on the Properties interface failed: %s\n", error->message);
       exit (1);
     }
+}
 
-	if (!net_reactivated_Fprint_Device_claim(dev, username, &error)) {
+static void
+delete_fingerprints (FprintDBusDevice *dev, const char *username)
+{
+  g_autoptr(GError) error = NULL;
+
+  if (!fprint_dbus_device_call_claim_sync (dev, username, NULL, &error))
+    {
       g_print ("failed to claim device: %s\n", error->message);
       exit (1);
     }
 
-	if (!net_reactivated_Fprint_Device_delete_enrolled_fingers2(dev, &error)) {
+  if (!fprint_dbus_device_call_delete_enrolled_fingers2_sync (dev, NULL,
-		if (dbus_g_error_has_name (error, "net.reactivated.Fprint.Error.NoEnrolledPrints") == FALSE) {
+                                                              &error))
-			g_print("ListEnrolledFingers failed: %s\n", error->message);
+    {
+      gboolean ignore_error = FALSE;
+      if (g_dbus_error_is_remote_error (error))
+        {
+          g_autofree char *dbus_error =
+            g_dbus_error_get_remote_error (error);
+          if (g_str_equal (dbus_error,
+                           "net.reactivated.Fprint.Error.NoEnrolledPrints"))
+            {
+              g_print ("No fingerprints to delete on %s\n",
+                       fprint_dbus_device_get_name (dev));
+              ignore_error = TRUE;
+            }
+        }
+      if (!ignore_error)
+        {
+          g_print ("ListEnrolledFingers failed: %s\n",
+                   error->message);
           exit (1);
-		} else {
-			g_print ("No fingerprints to delete on %s\n", g_value_get_string (g_hash_table_lookup (props, "name")));
         }
-	} else {
+      else
-			g_print ("Fingerprints deleted on %s\n", g_value_get_string (g_hash_table_lookup (props, "name")));
+        {
+          g_print ("No fingerprints to delete on %s\n",
+                   fprint_dbus_device_get_name (dev));
         }
+    }
+  else
+    {
+      g_print ("Fingerprints deleted on %s\n",
+               fprint_dbus_device_get_name (dev));
+    }
+  g_clear_error (&error);
 
-	if (!net_reactivated_Fprint_Device_release(dev, &error)) {
+  if (!fprint_dbus_device_call_release_sync (dev, NULL, &error))
+    {
       g_print ("ReleaseDevice failed: %s\n", error->message);
       exit (1);
     }
-
-	g_hash_table_destroy (props);
-	g_object_unref (p);
 }
 
-static void process_devices(char **argv)
+static void
+process_devices (char **argv)
 {
-	GError *error = NULL;
+  g_autoptr(GError) error = NULL;
-	GPtrArray *devices;
+  g_auto(GStrv) devices = NULL;
   char *path;
+  guint num_devices;
   guint i;
 
-	if (!net_reactivated_Fprint_Manager_get_devices(manager, &devices, &error)) {
+  if (!fprint_dbus_manager_call_get_devices_sync (manager, &devices,
-		g_print("list_devices failed: %s\n", error->message);
+                                                  NULL, &error))
+    {
+      g_print ("Impossible to get devices: %s\n", error->message);
       exit (1);
     }
 
-	if (devices->len == 0) {
+  num_devices = g_strv_length (devices);
-		g_print("No devices found\n");
+  if (num_devices == 0)
+    {
+      g_print ("No devices available\n");
       exit (1);
     }
 
-	g_print("found %d devices\n", devices->len);
+  g_print ("found %u devices\n", num_devices);
-	for (i = 0; i < devices->len; i++) {
+  for (i = 0; devices[i] != NULL; i++)
-		path = g_ptr_array_index(devices, i);
+    {
+      path = devices[i];
       g_print ("Device at %s\n", path);
     }
 
-	for (i = 0; i < devices->len; i++) {
+  for (i = 0; devices[i] != NULL; i++)
+    {
+      g_autoptr(FprintDBusDevice) dev = NULL;
       guint j;
-		DBusGProxy *dev;
 
-		path = g_ptr_array_index(devices, i);
+      path = devices[i];
       g_print ("Using device %s\n", path);
 
-		/* FIXME use for_name_owner?? */
+      /* NOTE: We should handle error cases! */
-		dev = dbus_g_proxy_new_for_name(connection, "net.reactivated.Fprint",
+      dev = fprint_dbus_device_proxy_new_sync (connection,
-						path, "net.reactivated.Fprint.Device");
+                                               G_DBUS_PROXY_FLAGS_NONE,
+                                               "net.reactivated.Fprint",
+                                               path, NULL, NULL);
 
       for (j = 1; argv[j] != NULL; j++)
         delete_fingerprints (dev, argv[j]);
-
+    }
-		g_object_unref (dev);
 }
 
-	g_ptr_array_foreach(devices, (GFunc) g_free, NULL);
+int
-	g_ptr_array_free(devices, TRUE);
+main (int argc, char **argv)
-}
-
-int main(int argc, char **argv)
 {
   setlocale (LC_ALL, "");
 
   create_manager ();
 
-	if (argc < 2) {
+  if (argc < 2)
+    {
       g_print ("Usage: %s <username> [usernames...]\n", argv[0]);
       return 1;
     }
@@ -139,4 +169,3 @@ int main(int argc, char **argv)
 
   return 0;
 }
-

utils/enroll.c

@@ -1,6 +1,7 @@
 /*
  * fprintd example to enroll right index finger
  * Copyright (C) 2008 Daniel Drake <dsd@gentoo.org>
+ * Copyright (C) 2020 Marco Trevisan <marco.trevisan@canonical.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,109 +22,143 @@
 #include <stdlib.h>
 #include <string.h>
 #include <locale.h>
-#include <dbus/dbus-glib-bindings.h>
+#include "fprintd-dbus.h"
-#include "manager-dbus-glue.h"
-#include "device-dbus-glue.h"
-#include "marshal.h"
 
 #define N_(x) x
 #define TR(x) x
 #include "fingerprint-strings.h"
 
-static DBusGProxy *manager = NULL;
+static FprintDBusManager *manager = NULL;
-static DBusGConnection *connection = NULL;
+static GDBusConnection *connection = NULL;
 static char *finger_name = NULL;
 static char **usernames = NULL;
 
-static void create_manager(void)
+static void
+create_manager (void)
 {
-	GError *error = NULL;
+  g_autoptr(GError) error = NULL;
 
-	connection = dbus_g_bus_get(DBUS_BUS_SYSTEM, &error);
+  connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error);
-	if (connection == NULL) {
+  if (connection == NULL)
+    {
       g_print ("Failed to connect to session bus: %s\n", error->message);
       exit (1);
     }
 
-	manager = dbus_g_proxy_new_for_name(connection,
+  manager = fprint_dbus_manager_proxy_new_sync (connection,
-		"net.reactivated.Fprint", "/net/reactivated/Fprint/Manager",
+                                                G_DBUS_PROXY_FLAGS_NONE,
-		"net.reactivated.Fprint.Manager");
+                                                "net.reactivated.Fprint",
-}
+                                                "/net/reactivated/Fprint/Manager",
-
+                                                NULL, &error);
-static DBusGProxy *open_device(const char *username)
+  if (manager == NULL)
     {
-	GError *error = NULL;
+      g_print ("Failed to get Fprintd manager: %s\n", error->message);
-	gchar *path;
-	DBusGProxy *dev;
-
-	if (!net_reactivated_Fprint_Manager_get_default_device(manager, &path, &error)) {
-		g_print("list_devices failed: %s\n", error->message);
       exit (1);
     }
+}
 
-	if (path == NULL) {
+static FprintDBusDevice *
-		g_print("No devices found\n");
+open_device (const char *username)
+{
+  g_autoptr(FprintDBusDevice) dev = NULL;
+  g_autoptr(GError) error = NULL;
+  g_autofree char *path = NULL;
+
+  if (!fprint_dbus_manager_call_get_default_device_sync (manager, &path,
+                                                         NULL, &error))
+    {
+      g_print ("Impossible to enroll: %s\n", error->message);
       exit (1);
     }
 
   g_print ("Using device %s\n", path);
 
-	/* FIXME use for_name_owner?? */
+  dev = fprint_dbus_device_proxy_new_sync (connection,
-	dev = dbus_g_proxy_new_for_name(connection, "net.reactivated.Fprint",
+                                           G_DBUS_PROXY_FLAGS_NONE,
-		path, "net.reactivated.Fprint.Device");
+                                           "net.reactivated.Fprint",
+                                           path, NULL, &error);
 
-	g_free (path);
+  if (error)
+    {
+      g_print ("failed to connect to device: %s\n", error->message);
+      exit (1);
+    }
 
-	if (!net_reactivated_Fprint_Device_claim(dev, username, &error)) {
+  if (!fprint_dbus_device_call_claim_sync (dev, username, NULL, &error))
+    {
       g_print ("failed to claim device: %s\n", error->message);
       exit (1);
     }
-	return dev;
+  return g_steal_pointer (&dev);
 }
 
-static void enroll_result(GObject *object, const char *result, gboolean done, void *user_data)
+static void
+enroll_result (GObject *object, const char *result, gboolean done, void *user_data)
 {
   gboolean *enroll_completed = user_data;
+
   g_print ("Enroll result: %s\n", result);
   if (done != FALSE)
     *enroll_completed = TRUE;
 }
 
-static void do_enroll(DBusGProxy *dev)
+static void
+proxy_signal_cb (GDBusProxy  *proxy,
+                 const gchar *sender_name,
+                 const gchar *signal_name,
+                 GVariant    *parameters,
+                 gpointer     user_data)
 {
-	GError *error = NULL;
+  if (g_str_equal (signal_name, "EnrollStatus"))
+    {
+      const gchar *result;
+      gboolean done;
+
+      g_variant_get (parameters, "(&sb)", &result, &done);
+      enroll_result (G_OBJECT (proxy), result, done, user_data);
+    }
+}
+
+static void
+do_enroll (FprintDBusDevice *dev)
+{
+  g_autoptr(GError) error = NULL;
   gboolean enroll_completed = FALSE;
   gboolean found;
   guint i;
 
-	dbus_g_proxy_add_signal(dev, "EnrollStatus", G_TYPE_STRING, G_TYPE_BOOLEAN, NULL);
+  g_signal_connect (dev, "g-signal", G_CALLBACK (proxy_signal_cb),
-	dbus_g_proxy_connect_signal(dev, "EnrollStatus", G_CALLBACK(enroll_result),
+                    &enroll_completed);
-				    &enroll_completed, NULL);
 
   found = FALSE;
-	for (i = 0; fingers[i].dbus_name != NULL; i++) {
+  for (i = 0; fingers[i].dbus_name != NULL; i++)
-		if (g_strcmp0 (fingers[i].dbus_name, finger_name) == 0) {
+    {
+      if (g_strcmp0 (fingers[i].dbus_name, finger_name) == 0)
+        {
           found = TRUE;
           break;
         }
     }
-	if (!found) {
+  if (!found)
-		GString *s;
+    {
+      g_autoptr(GString) s = NULL;
 
       s = g_string_new (NULL);
       g_string_append_printf (s, "Invalid finger name '%s'. Name must be one of ", finger_name);
-		for (i = 0; fingers[i].dbus_name != NULL; i++) {
+      for (i = 0; fingers[i].dbus_name != NULL; i++)
+        {
           g_string_append_printf (s, "%s", fingers[i].dbus_name);
           if (fingers[i + 1].dbus_name != NULL)
             g_string_append (s, ", ");
         }
       g_warning ("%s", s->str);
-		g_string_free (s, TRUE);
       exit (1);
     }
 
   g_print ("Enrolling %s finger.\n", finger_name);
-	if (!net_reactivated_Fprint_Device_enroll_start(dev, finger_name, &error)) {
+  if (!fprint_dbus_device_call_enroll_start_sync (dev, finger_name, NULL,
+                                                  &error))
+    {
       g_print ("EnrollStart failed: %s\n", error->message);
       exit (1);
     }
@@ -131,19 +166,21 @@ static void do_enroll(DBusGProxy *dev)
   while (!enroll_completed)
     g_main_context_iteration (NULL, TRUE);
 
-	dbus_g_proxy_disconnect_signal(dev, "EnrollStatus",
+  g_signal_handlers_disconnect_by_func (dev, proxy_signal_cb, &enroll_result);
-		G_CALLBACK(enroll_result), &enroll_completed);
 
-	if (!net_reactivated_Fprint_Device_enroll_stop(dev, &error)) {
+  if (!fprint_dbus_device_call_enroll_stop_sync (dev, NULL, &error))
+    {
       g_print ("VerifyStop failed: %s\n", error->message);
       exit (1);
     }
 }
 
-static void release_device(DBusGProxy *dev)
+static void
+release_device (FprintDBusDevice *dev)
+{
+  g_autoptr(GError) error = NULL;
+  if (!fprint_dbus_device_call_release_sync (dev, NULL, &error))
     {
-	GError *error = NULL;
-	if (!net_reactivated_Fprint_Device_release(dev, &error)) {
       g_print ("ReleaseDevice failed: %s\n", error->message);
       exit (1);
     }
@@ -155,23 +192,22 @@ static const GOptionEntry entries[] = {
   { NULL }
 };
 
-int main(int argc, char **argv)
+int
+main (int argc, char **argv)
 {
+  g_autoptr(FprintDBusDevice) dev = NULL;
   GOptionContext *context;
-	GError *err = NULL;
+
-	DBusGProxy *dev;
+  g_autoptr(GError) err = NULL;
 
   setlocale (LC_ALL, "");
 
-	dbus_g_object_register_marshaller (fprintd_marshal_VOID__STRING_BOOLEAN,
-					   G_TYPE_NONE, G_TYPE_STRING, G_TYPE_BOOLEAN, G_TYPE_INVALID);
-
   context = g_option_context_new ("Enroll a fingerprint");
   g_option_context_add_main_entries (context, entries, NULL);
 
-	if (g_option_context_parse (context, &argc, &argv, &err) == FALSE) {
+  if (g_option_context_parse (context, &argc, &argv, &err) == FALSE)
+    {
       g_print ("couldn't parse command-line options: %s\n", err->message);
-		g_error_free (err);
       return 1;
     }
 
@@ -180,11 +216,10 @@ int main(int argc, char **argv)
 
   create_manager ();
 
-	dev = open_device(usernames ? usernames[0] : NULL);
+  dev = open_device (usernames ? usernames[0] : "");
   do_enroll (dev);
   release_device (dev);
   g_free (finger_name);
   g_strfreev (usernames);
   return 0;
 }
-

utils/list.c

@@ -1,6 +1,7 @@
 /*
  * fprintd example to list enrolled fingerprints
  * Copyright (C) 2008 Daniel Drake <dsd@gentoo.org>
+ * Copyright (C) 2020 Marco Trevisan <marco.trevisan@canonical.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -20,122 +21,137 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <locale.h>
-#include <dbus/dbus-glib-bindings.h>
+#include "fprintd-dbus.h"
-#include "manager-dbus-glue.h"
-#include "device-dbus-glue.h"
 
-static DBusGProxy *manager = NULL;
+static FprintDBusManager *manager = NULL;
-static DBusGConnection *connection = NULL;
+static GDBusConnection *connection = NULL;
 
-static void create_manager(void)
+static void
+create_manager (void)
 {
-	GError *error = NULL;
+  g_autoptr(GError) error = NULL;
 
-	connection = dbus_g_bus_get(DBUS_BUS_SYSTEM, &error);
+  connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error);
-	if (connection == NULL) {
+  if (connection == NULL)
+    {
       g_print ("Failed to connect to session bus: %s\n", error->message);
       exit (1);
     }
 
-	manager = dbus_g_proxy_new_for_name(connection,
+  manager = fprint_dbus_manager_proxy_new_sync (connection,
-		"net.reactivated.Fprint", "/net/reactivated/Fprint/Manager",
+                                                G_DBUS_PROXY_FLAGS_NONE,
-		"net.reactivated.Fprint.Manager");
+                                                "net.reactivated.Fprint",
+                                                "/net/reactivated/Fprint/Manager",
+                                                NULL, &error);
+  if (manager == NULL)
+    {
+      g_print ("Failed to get Fprintd manager: %s\n", error->message);
+      exit (1);
+    }
 }
 
-static void list_fingerprints(DBusGProxy *dev, const char *username)
+static void
+list_fingerprints (FprintDBusDevice *dev, const char *username)
 {
-	GError *error = NULL;
+  g_autoptr(GError) error = NULL;
-	char **fingers;
+  g_auto(GStrv) fingers = NULL;
-	GHashTable *props;
-	DBusGProxy *p;
   guint i;
 
-	if (!net_reactivated_Fprint_Device_list_enrolled_fingers(dev, username, &fingers, &error)) {
+  if (!fprint_dbus_device_call_list_enrolled_fingers_sync (dev, username,
-		if (dbus_g_error_has_name (error, "net.reactivated.Fprint.Error.NoEnrolledPrints") == FALSE) {
+                                                           &fingers, NULL,
+                                                           &error))
+    {
+      gboolean ignore_error = FALSE;
+      if (g_dbus_error_is_remote_error (error))
+        {
+          g_autofree char *dbus_error =
+            g_dbus_error_get_remote_error (error);
+          if (g_str_equal (dbus_error,
+                           "net.reactivated.Fprint.Error.NoEnrolledPrints"))
+            ignore_error = TRUE;
+        }
+
+      if (!ignore_error)
+        {
           g_print ("ListEnrolledFingers failed: %s\n", error->message);
           exit (1);
-		} else {
-			fingers = NULL;
         }
     }
 
-	p = dbus_g_proxy_new_from_proxy(dev, "org.freedesktop.DBus.Properties", NULL);
+  if (fingers == NULL || g_strv_length (fingers) == 0)
-	if (!dbus_g_proxy_call (p, "GetAll", &error, G_TYPE_STRING, "net.reactivated.Fprint.Device", G_TYPE_INVALID,
+    {
-			   dbus_g_type_get_map ("GHashTable", G_TYPE_STRING, G_TYPE_VALUE), &props, G_TYPE_INVALID)) {
+      g_print ("User %s has no fingers enrolled for %s.\n", username,
-		g_print("GetAll on the Properties interface failed: %s\n", error->message);
+               fprint_dbus_device_get_name (dev));
-		exit (1);
-	}
-
-	if (fingers == NULL || g_strv_length (fingers) == 0) {
-		g_print("User %s has no fingers enrolled for %s.\n", username, g_value_get_string (g_hash_table_lookup (props, "name")));
       return;
     }
 
   g_print ("Fingerprints for user %s on %s (%s):\n",
            username,
-		g_value_get_string (g_hash_table_lookup (props, "name")),
+           fprint_dbus_device_get_name (dev),
-		g_value_get_string (g_hash_table_lookup (props, "scan-type")));
+           fprint_dbus_device_get_scan_type (dev));
-	g_hash_table_destroy (props);
-	g_object_unref (p);
 
-	for (i = 0; fingers[i] != NULL; i++) {
+  for (i = 0; fingers[i] != NULL; i++)
     g_print (" - #%d: %s\n", i, fingers[i]);
 }
 
-	g_strfreev (fingers);
+static void
-}
+process_devices (char **argv)
-
-static void process_devices(char **argv)
 {
-	GError *error = NULL;
+  g_auto(GStrv) devices = NULL;
-	GPtrArray *devices;
+  g_autoptr(GError) error = NULL;
   char *path;
+  guint num_devices;
   guint i;
 
-	if (!net_reactivated_Fprint_Manager_get_devices(manager, &devices, &error)) {
+  if (!fprint_dbus_manager_call_get_devices_sync (manager, &devices, NULL,
-		g_print("list_devices failed: %s\n", error->message);
+                                                  &error))
+    {
+      g_print ("Impossible to get devices: %s\n", error->message);
       exit (1);
     }
 
-	if (devices->len == 0) {
+  num_devices = g_strv_length (devices);
-		g_print("No devices found\n");
+  if (num_devices == 0)
+    {
+      g_print ("No devices available\n");
       exit (1);
     }
 
-	g_print("found %d devices\n", devices->len);
+  g_print ("found %u devices\n", num_devices);
-	for (i = 0; i < devices->len; i++) {
+  for (i = 0; devices[i] != NULL; i++)
-		path = g_ptr_array_index(devices, i);
+    {
+      path = devices[i];
       g_print ("Device at %s\n", path);
     }
 
-	for (i = 0; i < devices->len; i++) {
+  for (i = 0; devices[i] != NULL; i++)
+    {
+      g_autoptr(FprintDBusDevice) dev = NULL;
       guint j;
-		DBusGProxy *dev;
 
-		path = g_ptr_array_index(devices, i);
+      path = devices[i];
       g_print ("Using device %s\n", path);
 
-		/* FIXME use for_name_owner?? */
+      /* NOTE: We should handle error cases! */
-		dev = dbus_g_proxy_new_for_name(connection, "net.reactivated.Fprint",
+      dev = fprint_dbus_device_proxy_new_sync (connection,
-						path, "net.reactivated.Fprint.Device");
+                                               G_DBUS_PROXY_FLAGS_NONE,
+                                               "net.reactivated.Fprint",
+                                               path, NULL, NULL);
 
       for (j = 1; argv[j] != NULL; j++)
         list_fingerprints (dev, argv[j]);
-
+    }
-		g_object_unref (dev);
 }
 
-	g_ptr_array_foreach(devices, (GFunc) g_free, NULL);
+int
-	g_ptr_array_free(devices, TRUE);
+main (int argc, char **argv)
-}
-
-int main(int argc, char **argv)
 {
   setlocale (LC_ALL, "");
 
   create_manager ();
 
-	if (argc < 2) {
+  if (argc < 2)
+    {
       g_print ("Usage: %s <username> [usernames...]\n", argv[0]);
       return 1;
     }
@@ -144,4 +160,3 @@ int main(int argc, char **argv)
 
   return 0;
 }
-

utils/meson.build

@@ -1,52 +1,19 @@
-dbus_client_glue_sources = []
-
-foreach interface_name: dbus_interfaces
-    interface = interface_name.to_lower()
-    interface_file = meson.source_root() / 'src' / interface + '.xml'
-    glue_name = interface + '-dbus-glue.h'
-    dbus_client_glue_sources += custom_target(glue_name,
-        input: interface_file,
-        output: glue_name,
-        command: [
-            dbus_binding_tool,
-            '--prefix=fprint_' + interface,
-            '--mode=glib-client',
-            '--output=@OUTPUT@',
-            '@INPUT@',
-        ])
-endforeach
-
-utils_marshal = custom_target('utils_marshal',
-    depends: fprintd_marshal,
-    input: fprintd_marshal,
-    output: ['marshal.c', 'marshal.h'],
-    command: [bash, '-c',
-        'cp @INPUT0@ @OUTPUT0@;' +
-        'cp @INPUT1@ @OUTPUT1@;' +
-        'sed s/fprintd-//g -i ' + meson.current_build_dir() / 'marshal*.{h,c}']
-)
-
 libfprintd_utils_dep = declare_dependency(
     include_directories: [
+        include_directories('../src'),
         include_directories('../pam'),
     ],
     dependencies: [
         glib_dep,
-        dbus_glib_dep,
+        gio_dep,
+        gio_unix_dep,
     ],
     sources: [
-        utils_marshal,
+        fprintd_dbus_sources,
-        dbus_client_glue_sources,
     ],
-    link_with: static_library('fprintd_utils',
+    link_with: [
-        sources: [
+        libfprintd_private
-            dbus_client_glue_sources,
-            utils_marshal,
     ],
-        dependencies: [
-            glib_dep,
-        ]
-    ),
 )
 
 utils = [

utils/verify.c

@@ -1,6 +1,7 @@
 /*
  * fprintd example to verify a fingerprint
  * Copyright (C) 2008 Daniel Drake <dsd@gentoo.org>
+ * Copyright (C) 2020 Marco Trevisan <marco.trevisan@canonical.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,139 +22,235 @@
 #include <stdlib.h>
 #include <string.h>
 #include <locale.h>
-#include <dbus/dbus-glib-bindings.h>
+#include <gio/gio.h>
-#include "manager-dbus-glue.h"
+#include "fprintd-dbus.h"
-#include "device-dbus-glue.h"
-#include "marshal.h"
 
-static DBusGProxy *manager = NULL;
+static FprintDBusManager *manager = NULL;
-static DBusGConnection *connection = NULL;
+static GDBusConnection *connection = NULL;
 static char *finger_name = NULL;
 static gboolean g_fatal_warnings = FALSE;
 static char **usernames = NULL;
 
-static void create_manager(void)
+static void
+create_manager (void)
 {
-	GError *error = NULL;
+  g_autoptr(GError) error = NULL;
 
-	connection = dbus_g_bus_get(DBUS_BUS_SYSTEM, &error);
+  connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error);
-	if (connection == NULL) {
+  if (connection == NULL)
+    {
       g_print ("Failed to connect to session bus: %s\n", error->message);
       exit (1);
     }
 
-	manager = dbus_g_proxy_new_for_name(connection,
+  manager = fprint_dbus_manager_proxy_new_sync (connection,
-		"net.reactivated.Fprint", "/net/reactivated/Fprint/Manager",
+                                                G_DBUS_PROXY_FLAGS_NONE,
-		"net.reactivated.Fprint.Manager");
+                                                "net.reactivated.Fprint",
-}
+                                                "/net/reactivated/Fprint/Manager",
-
+                                                NULL, &error);
-static DBusGProxy *open_device(const char *username)
+  if (manager == NULL)
     {
-	GError *error = NULL;
+      g_print ("Failed to get Fprintd manager: %s\n", error->message);
-	gchar *path;
-	DBusGProxy *dev;
-
-	if (!net_reactivated_Fprint_Manager_get_default_device(manager, &path, &error)) {
-		g_print("list_devices failed: %s\n", error->message);
       exit (1);
     }
+}
 
-	if (path == NULL) {
+static FprintDBusDevice *
-		g_print("No devices found\n");
+open_device (const char *username)
+{
+  g_autoptr(FprintDBusDevice) dev = NULL;
+  g_autoptr(GError) error = NULL;
+  g_autofree char *path = NULL;
+
+  if (!fprint_dbus_manager_call_get_default_device_sync (manager, &path,
+                                                         NULL, &error))
+    {
+      g_print ("Impossible to verify: %s\n", error->message);
       exit (1);
     }
 
   g_print ("Using device %s\n", path);
 
-	/* FIXME use for_name_owner?? */
+  dev = fprint_dbus_device_proxy_new_sync (connection,
-	dev = dbus_g_proxy_new_for_name(connection, "net.reactivated.Fprint",
+                                           G_DBUS_PROXY_FLAGS_NONE,
-		path, "net.reactivated.Fprint.Device");
+                                           "net.reactivated.Fprint",
+                                           path, NULL, &error);
 
-	g_free (path);
+  if (error)
+    {
+      g_print ("failed to connect to device: %s\n", error->message);
+      exit (1);
+    }
 
-	if (!net_reactivated_Fprint_Device_claim(dev, username, &error)) {
+  if (!fprint_dbus_device_call_claim_sync (dev, username, NULL, &error))
+    {
       g_print ("failed to claim device: %s\n", error->message);
       exit (1);
     }
 
-	return dev;
+  return g_steal_pointer (&dev);
 }
 
-static void find_finger(DBusGProxy *dev, const char *username)
+static void
+find_finger (FprintDBusDevice *dev, const char *username)
 {
-	GError *error = NULL;
+  g_autoptr(GError) error = NULL;
-	char **fingers;
+  g_auto(GStrv) fingers = NULL;
   guint i;
 
-	if (!net_reactivated_Fprint_Device_list_enrolled_fingers(dev, username, &fingers, &error)) {
+  if (!fprint_dbus_device_call_list_enrolled_fingers_sync (dev, username,
+                                                           &fingers,
+                                                           NULL, &error))
+    {
       g_print ("ListEnrolledFingers failed: %s\n", error->message);
       exit (1);
     }
 
-	if (fingers == NULL || g_strv_length (fingers) == 0) {
+  if (fingers == NULL || g_strv_length (fingers) == 0)
+    {
       g_print ("No fingers enrolled for this device.\n");
       exit (1);
     }
 
   g_print ("Listing enrolled fingers:\n");
-	for (i = 0; fingers[i] != NULL; i++) {
+  for (i = 0; fingers[i] != NULL; i++)
     g_print (" - #%d: %s\n", i, fingers[i]);
+
+  if (finger_name && !g_str_equal (finger_name, "any") &&
+      !g_strv_contains ((const char **) fingers, finger_name))
+    {
+      g_print ("Finger '%s' not enrolled for user %s.\n", finger_name,
+               username);
+      g_free (finger_name);
+      exit (1);
     }
 
-	if (finger_name == NULL || strcmp (finger_name, "any") == 0) {
+  if (finger_name == NULL)
-		g_free (finger_name);
     finger_name = g_strdup (fingers[0]);
 }
 
-	g_strfreev (fingers);
+struct VerifyState
-}
-
-static void verify_result(GObject *object, const char *result, gboolean done, void *user_data)
 {
-	gboolean *verify_completed = user_data;
+  GError  *error;
+  gboolean started;
+  gboolean completed;
+};
+
+static void
+verify_result (GObject *object, const char *result, gboolean done, void *user_data)
+{
+  struct VerifyState *verify_state = user_data;
+
   g_print ("Verify result: %s (%s)\n", result, done ? "done" : "not done");
   if (done != FALSE)
-		*verify_completed = TRUE;
+    verify_state->completed = TRUE;
 }
 
-static void verify_finger_selected(GObject *object, const char *name, void *user_data)
+static void
+verify_finger_selected (GObject *object, const char *name, void *user_data)
 {
   g_print ("Verifying: %s\n", name);
 }
 
-static void do_verify(DBusGProxy *dev)
+static void
+verify_started_cb (GObject      *obj,
+                   GAsyncResult *res,
+                   gpointer      user_data)
 {
-	GError *error = NULL;
+  struct VerifyState *verify_state = user_data;
-	gboolean verify_completed = FALSE;
 
-	dbus_g_proxy_add_signal(dev, "VerifyStatus", G_TYPE_STRING, G_TYPE_BOOLEAN, NULL);
+  if (fprint_dbus_device_call_verify_start_finish (FPRINT_DBUS_DEVICE (obj), res, &verify_state->error))
-	dbus_g_proxy_add_signal(dev, "VerifyFingerSelected", G_TYPE_INT, NULL);
+    {
-	dbus_g_proxy_connect_signal(dev, "VerifyStatus", G_CALLBACK(verify_result),
+      g_print ("Verify started!\n");
-				    &verify_completed, NULL);
+      verify_state->started = TRUE;
-	dbus_g_proxy_connect_signal(dev, "VerifyFingerSelected", G_CALLBACK(verify_finger_selected),
+    }
-		NULL, NULL);
+}
 
-	if (!net_reactivated_Fprint_Device_verify_start(dev, finger_name, &error)) {
+static void
-		g_print("VerifyStart failed: %s\n", error->message);
+proxy_signal_cb (GDBusProxy  *proxy,
+                 const gchar *sender_name,
+                 const gchar *signal_name,
+                 GVariant    *parameters,
+                 gpointer     user_data)
+{
+  struct VerifyState *verify_state = user_data;
+
+  if (!verify_state->started)
+    return;
+
+  if (g_str_equal (signal_name, "VerifyStatus"))
+    {
+      const gchar *result;
+      gboolean done;
+
+      g_variant_get (parameters, "(&sb)", &result, &done);
+      verify_result (G_OBJECT (proxy), result, done, user_data);
+    }
+  else if (g_str_equal (signal_name, "VerifyFingerSelected"))
+    {
+      const gchar *name;
+
+      g_variant_get (parameters, "(&s)", &name);
+      verify_finger_selected (G_OBJECT (proxy), name, user_data);
+    }
+}
+
+static void
+do_verify (FprintDBusDevice *dev)
+{
+  g_autoptr(GError) error = NULL;
+  struct VerifyState verify_state = { 0 };
+
+  /* This one is funny. We connect to the signal immediately to avoid
+   * race conditions. However, we must ignore any authentication results
+   * that happen before our start call returns.
+   * This is because the verify call itself may internally try to verify
+   * against fprintd (possibly using a separate account).
+   *
+   * To do so, we *must* use the async version of the verify call, as the
+   * sync version would cause the signals to be queued and only processed
+   * after it returns.
+   */
+
+  g_signal_connect (dev, "g-signal", G_CALLBACK (proxy_signal_cb),
+                    &verify_state);
+
+  fprint_dbus_device_call_verify_start (dev, finger_name, NULL,
+                                        verify_started_cb,
+                                        &verify_state);
+
+  /* Wait for verify start while discarding any VerifyStatus signals */
+  while (!verify_state.started && !verify_state.error)
+    g_main_context_iteration (NULL, TRUE);
+
+  if (verify_state.error)
+    {
+      g_print ("VerifyStart failed: %s\n", verify_state.error->message);
+      g_clear_error (&verify_state.error);
       exit (1);
     }
 
-	while (!verify_completed)
+  /* VerifyStatus signals are processing, wait for completion. */
+  while (!verify_state.completed)
     g_main_context_iteration (NULL, TRUE);
 
-	dbus_g_proxy_disconnect_signal(dev, "VerifyStatus", G_CALLBACK(verify_result), &verify_completed);
-	dbus_g_proxy_disconnect_signal(dev, "VerifyFingerSelected", G_CALLBACK(verify_finger_selected), NULL);
 
-	if (!net_reactivated_Fprint_Device_verify_stop(dev, &error)) {
+  g_signal_handlers_disconnect_by_func (dev, proxy_signal_cb,
+                                        &verify_state);
+
+  if (!fprint_dbus_device_call_verify_stop_sync (dev, NULL, &error))
+    {
       g_print ("VerifyStop failed: %s\n", error->message);
       exit (1);
     }
 }
 
-static void release_device(DBusGProxy *dev)
+static void
+release_device (FprintDBusDevice *dev)
+{
+  g_autoptr(GError) error = NULL;
+  if (!fprint_dbus_device_call_release_sync (dev, NULL, &error))
     {
-	GError *error = NULL;
-	if (!net_reactivated_Fprint_Device_release(dev, &error)) {
       g_print ("ReleaseDevice failed: %s\n", error->message);
       exit (1);
     }
@@ -166,34 +263,32 @@ static const GOptionEntry entries[] = {
   { NULL }
 };
 
-int main(int argc, char **argv)
+int
+main (int argc, char **argv)
 {
+  g_autoptr(FprintDBusDevice) dev = NULL;
+  g_autoptr(GError) err = NULL;
   GOptionContext *context;
-	GError *err = NULL;
-	DBusGProxy *dev;
   const char *username = NULL;
 
   setlocale (LC_ALL, "");
 
-	dbus_g_object_register_marshaller (fprintd_marshal_VOID__STRING_BOOLEAN,
-					   G_TYPE_NONE, G_TYPE_STRING, G_TYPE_BOOLEAN, G_TYPE_INVALID);
-
   context = g_option_context_new ("Verify a fingerprint");
   g_option_context_add_main_entries (context, entries, NULL);
 
-	if (g_option_context_parse (context, &argc, &argv, &err) == FALSE) {
+  if (g_option_context_parse (context, &argc, &argv, &err) == FALSE)
+    {
       g_print ("couldn't parse command-line options: %s\n", err->message);
-		g_error_free (err);
       return 1;
     }
 
-	if (usernames == NULL) {
+  if (usernames == NULL)
     username = "";
-	} else {
+  else
     username = usernames[0];
-	}
 
-	if (g_fatal_warnings) {
+  if (g_fatal_warnings)
+    {
       GLogLevelFlags fatal_mask;
 
       fatal_mask = g_log_set_always_fatal (G_LOG_FATAL_MASK);
@@ -209,4 +304,3 @@ int main(int argc, char **argv)
   release_device (dev);
   return 0;
 }
-