mirror of
https://gitlab.com/mishakmak/pam-fprint-grosshack.git
synced 2026-04-08 20:03:34 +02:00
46a9783be6
Add PolicyKit checks to all the public functions, grouped in 2 main groups: Verify and Enroll By default, only the user is able to enroll new fingers, or verify themselves. You need to be allowed at least one of those 2 actions to be allowed to claim or release the device. We also add a new SetUsername function, for administration functions. Users will need to be authenticate as admins to be allowed to change the username on which the actions will be taken. Any prints loaded before the change of username will be unloaded.
43 lines
1.4 KiB
XML
43 lines
1.4 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE policyconfig PUBLIC
|
|
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
|
|
|
|
<policyconfig>
|
|
|
|
<vendor>The FPrint Project</vendor>
|
|
<vendor_url>http://reactivated.net/fprint/</vendor_url>
|
|
<icon_name>fprint</icon_name>
|
|
|
|
<action id="net.reactivated.fprint.device.verify">
|
|
<_description>Verify a fingerprint</_description>
|
|
<_message>Privileges are required to verify fingerprints.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>no</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="net.reactivated.fprint.device.enroll">
|
|
<_description>Enroll new fingerprints</_description>
|
|
<_message>Privileges are required to enroll new fingerprints.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>no</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="net.reactivated.fprint.device.setusername">
|
|
<_description>Select a user to enroll</_description>
|
|
<_message>Privileges are required to enroll new fingerprints for other users.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>no</allow_inactive>
|
|
<allow_active>auth_admin_keep_always</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
</policyconfig>
|