Commit 69c131f7 authored by Bastien Nocera's avatar Bastien Nocera Committed by Daniel Drake

Add gross hack to allow root to verify users

This is a gross hack for PAM sessions to work as expected. root
is allowed to verify any users. If you want to allow any other
actions for root, you'll need to go through normal PolicyKit
procedures.

This should fix fingerprint authentication not working in GDM, or
on the console.
parent d874d586
......@@ -301,6 +301,7 @@ _fprint_device_check_polkit_for_action (FprintDevice *rdev, DBusGMethodInvocatio
PolKitCaller *pk_caller;
PolKitAction *pk_action;
PolKitResult pk_result;
uid_t uid;
/* Check that caller is privileged */
sender = dbus_g_method_get_sender (context);
......@@ -318,6 +319,17 @@ _fprint_device_check_polkit_for_action (FprintDevice *rdev, DBusGMethodInvocatio
return FALSE;
}
/* XXX Hack?
* We'd like to allow root to set the username by default, so
* it can authenticate users through PAM
* https://bugzilla.redhat.com/show_bug.cgi?id=447266 */
if ((polkit_caller_get_uid (pk_caller, &uid) && uid == 0) &&
(g_str_equal (action, "net.reactivated.fprint.device.setusername") ||
g_str_equal (action, "net.reactivated.fprint.device.verify"))) {
polkit_caller_unref (pk_caller);
return TRUE;
}
pk_action = polkit_action_new ();
polkit_action_set_action_id (pk_action, action);
pk_result = polkit_context_is_caller_authorized (priv->pol_ctx, pk_action, pk_caller,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment