0.5.1

Add support for -f 'finger' option to fprintd-enroll.
Update docs accordingly.

https://bugs.freedesktop.org/show_bug.cgi?id=62644

NEWS

@@ -1,6 +1,11 @@
 This file lists notable changes in each release. For the full history of all
 changes, see ChangeLog.
 
+version 0.5.1:
+- Add max_tries and timeout arguments to PAM module
+- Add ability to require the fingerprint for enrolled users
+- Add "-f <finger>" option to enroll utilities
+
 version 0.5.0:
 - Don't use a device name if there's only one reader
 - Avoid possible crash when trying to login without devices

configure.ac

@@ -1,5 +1,5 @@
-AC_INIT([fprintd], [0.5.0])
-AM_INIT_AUTOMAKE([1.11 dist-bzip2 no-dist-gzip check-news])
+AC_INIT([fprintd], [0.5.1])
+AM_INIT_AUTOMAKE([1.11 dist-xz no-dist-gzip check-news])
 AC_CONFIG_SRCDIR([src/main.c])
 AC_CONFIG_HEADERS([config.h])
 

data/fprintd.pod

@@ -4,7 +4,7 @@ fprintd - Fingerprint management daemon, and test applications
 
 =head1 SYNOPSYS
 
-B<fprintd-enroll> [username]
+B<fprintd-enroll> [-f finger] [usename]
 
 B<fprintd-list> username [usernames...]
 

pam/pam_fprintd.c

@@ -21,6 +21,7 @@
 #include <config.h>
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <unistd.h>
 #include <sys/types.h>
 #include <string.h>
@@ -39,8 +40,11 @@
 
 #include "fingerprint-strings.h"
 
-#define MAX_TRIES 3
-#define TIMEOUT 30
+#define DEFAULT_MAX_TRIES 3
+#define DEFAULT_TIMEOUT 30
+
+#define MAX_TRIES_MATCH "max-tries="
+#define TIMEOUT_MATCH "timeout="
 
 #define D(pamh, ...) {					\
 	if (debug) {					\
@@ -53,6 +57,8 @@
 
 
 static gboolean debug = FALSE;
+static guint max_tries = DEFAULT_MAX_TRIES;
+static guint timeout = DEFAULT_TIMEOUT;
 
 static gboolean send_info_msg(pam_handle_t *pamh, const char *msg)
 {
@@ -271,7 +277,7 @@ static int do_verify(GMainLoop *loop, pam_handle_t *pamh, DBusGProxy *dev, gbool
 	int ret;
 
 	data = g_new0 (verify_data, 1);
-	data->max_tries = MAX_TRIES;
+	data->max_tries = max_tries;
 	data->pamh = pamh;
 	data->loop = loop;
 
@@ -304,13 +310,16 @@ static int do_verify(GMainLoop *loop, pam_handle_t *pamh, DBusGProxy *dev, gbool
 		GSource *source;
 
 		/* Set up the timeout on our non-default context */
-		source = g_timeout_source_new_seconds (TIMEOUT);
+		source = g_timeout_source_new_seconds (timeout);
 		g_source_attach (source, g_main_loop_get_context (loop));
 		g_source_set_callback (source, verify_timeout_cb, data, NULL);
 
 		data->timed_out = FALSE;
 
 		if (!dbus_g_proxy_call (dev, "VerifyStart", &error, G_TYPE_STRING, "any", G_TYPE_INVALID, G_TYPE_INVALID)) {
+			if (dbus_g_error_has_name(error, "net.reactivated.Fprint.Error.NoEnrolledPrints"))
+				ret = PAM_USER_UNKNOWN;
+
 			D(pamh, "VerifyStart failed: %s", error->message);
 			g_error_free (error);
 
@@ -429,9 +438,23 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
 		return PAM_AUTHINFO_UNAVAIL;
 
 	for (i = 0; i < argc; i++) {
-		if (argv[i] != NULL && g_str_equal (argv[i], "debug")) {
-			g_message ("debug on");
-			debug = TRUE;
+		if (argv[i] != NULL) {
+			if(g_str_equal (argv[i], "debug")) {
+				g_message ("debug on");
+				debug = TRUE;
+			}
+			else if (strncmp(argv[i], MAX_TRIES_MATCH, strlen (MAX_TRIES_MATCH)) == 0 && strlen(argv[i]) == strlen (MAX_TRIES_MATCH) + 1) {
+				max_tries = atoi (argv[i] + strlen (MAX_TRIES_MATCH));
+				if (max_tries < 1)
+					max_tries = DEFAULT_MAX_TRIES;
+				D(pamh, "max_tries specified as: %d", max_tries);
+			}
+			else if (strncmp(argv[i], TIMEOUT_MATCH, strlen (TIMEOUT_MATCH)) == 0 && strlen(argv[i]) <= strlen (TIMEOUT_MATCH) + 2) {
+				timeout = atoi (argv[i] + strlen (TIMEOUT_MATCH));
+				if (timeout < 10)
+					timeout = DEFAULT_TIMEOUT;
+				D(pamh, "timeout specified as: %d", timeout);
+			}
 		}
 	}
 

tests/enroll.c

@@ -18,6 +18,7 @@
  */
 
 #include <stdlib.h>
+#include <string.h>
 #include <dbus/dbus-glib-bindings.h>
 #include "manager-dbus-glue.h"
 #include "device-dbus-glue.h"
@@ -25,6 +26,8 @@
 
 static DBusGProxy *manager = NULL;
 static DBusGConnection *connection = NULL;
+static char *finger_name = "right-index-finger";
+static char **usernames = NULL;
 
 static void create_manager(void)
 {
@@ -89,8 +92,8 @@ static void do_enroll(DBusGProxy *dev)
 	dbus_g_proxy_connect_signal(dev, "EnrollStatus", G_CALLBACK(enroll_result),
 				    &enroll_completed, NULL);
 
-	g_print("Enrolling right index finger.\n");
-	if (!net_reactivated_Fprint_Device_enroll_start(dev, "right-index-finger", &error)) {
+	g_print("Enrolling %s finger.\n", finger_name);
+	if (!net_reactivated_Fprint_Device_enroll_start(dev, finger_name, &error)) {
 		g_print("EnrollStart failed: %s\n", error->message);
 		exit (1);
 	}
@@ -116,22 +119,35 @@ static void release_device(DBusGProxy *dev)
 	}
 }
 
+static const GOptionEntry entries[] = {
+    { "finger", 'f',  0, G_OPTION_ARG_STRING, &finger_name, "Finger selected to verify (default is automatic)", NULL },
+    { G_OPTION_REMAINING, '\0', 0, G_OPTION_ARG_STRING_ARRAY, &usernames, NULL, "[username]" },
+    { NULL }
+};
+
 int main(int argc, char **argv)
 {
+	GOptionContext *context;
+	GError *err = NULL;
 	DBusGProxy *dev;
-	char *username;
 
 	g_type_init();
 
 	dbus_g_object_register_marshaller (fprintd_marshal_VOID__STRING_BOOLEAN,
 					   G_TYPE_NONE, G_TYPE_STRING, G_TYPE_BOOLEAN, G_TYPE_INVALID);
 
+	context = g_option_context_new ("Enroll a fingerprint");
+	g_option_context_add_main_entries (context, entries, NULL);
+
+	if (g_option_context_parse (context, &argc, &argv, &err) == FALSE) {
+		g_print ("couldn't parse command-line options: %s\n", err->message);
+		g_error_free (err);
+		return 1;
+	}
+
 	create_manager();
 
-	username = NULL;
-	if (argc == 2)
-		username = argv[1];
-	dev = open_device(username);
+	dev = open_device(usernames ? usernames[0] : NULL);
 	do_enroll(dev);
 	release_device(dev);
 	return 0;