Commit 69c131f7 authored by Bastien Nocera's avatar Bastien Nocera Committed by Daniel Drake
Browse files

Add gross hack to allow root to verify users

This is a gross hack for PAM sessions to work as expected. root
is allowed to verify any users. If you want to allow any other
actions for root, you'll need to go through normal PolicyKit

This should fix fingerprint authentication not working in GDM, or
on the console.
parent d874d586
......@@ -301,6 +301,7 @@ _fprint_device_check_polkit_for_action (FprintDevice *rdev, DBusGMethodInvocatio
PolKitCaller *pk_caller;
PolKitAction *pk_action;
PolKitResult pk_result;
uid_t uid;
/* Check that caller is privileged */
sender = dbus_g_method_get_sender (context);
......@@ -318,6 +319,17 @@ _fprint_device_check_polkit_for_action (FprintDevice *rdev, DBusGMethodInvocatio
return FALSE;
/* XXX Hack?
* We'd like to allow root to set the username by default, so
* it can authenticate users through PAM
* */
if ((polkit_caller_get_uid (pk_caller, &uid) && uid == 0) &&
(g_str_equal (action, "net.reactivated.fprint.device.setusername") ||
g_str_equal (action, "net.reactivated.fprint.device.verify"))) {
polkit_caller_unref (pk_caller);
return TRUE;
pk_action = polkit_action_new ();
polkit_action_set_action_id (pk_action, action);
pk_result = polkit_context_is_caller_authorized (priv->pol_ctx, pk_action, pk_caller,
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment