Fixed installer permissions and cli location, ignoring remote sessions
This commit is contained in:
parent
edf3dbfacd
commit
37ce3d61c9
3 changed files with 26 additions and 2 deletions
|
|
@ -6,6 +6,11 @@ no_confirmation = false
|
|||
# show an error but fail silently
|
||||
suppress_unknown = false
|
||||
|
||||
# Auto dismiss lock screen on confirmation
|
||||
# Will run loginctl unlock-sessions after every auth
|
||||
# Expirimental, can behave incorrectly on some systems
|
||||
dismiss_lockscreen = false
|
||||
|
||||
[video]
|
||||
# The certainty of the detected face belonging to the user of the account
|
||||
# On a scale from 1 to 10, values above 5 are not recommended
|
||||
|
|
|
|||
|
|
@ -141,9 +141,14 @@ for line in fileinput.input(["/lib/security/howdy/config.ini"], inplace = 1):
|
|||
# Secure the howdy folder
|
||||
handleStatus(subprocess.call(["chmod 600 -R /lib/security/howdy/"], shell=True))
|
||||
|
||||
# Allow anyone to execute the python CLI
|
||||
handleStatus(subprocess.call(["chmod 755 /lib/security/howdy"], shell=True))
|
||||
handleStatus(subprocess.call(["chmod 744 /lib/security/howdy/cli.py"], shell=True))
|
||||
handleStatus(subprocess.call(["chmod 744 -R /lib/security/howdy/cli"], shell=True))
|
||||
|
||||
# Make the CLI executable as howdy
|
||||
handleStatus(subprocess.call(["ln -s /lib/security/howdy/cli.py /usr/bin/howdy"], shell=True))
|
||||
handleStatus(subprocess.call(["chmod +x /usr/bin/howdy"], shell=True))
|
||||
handleStatus(subprocess.call(["ln -s /lib/security/howdy/cli.py /usr/local/bin/howdy"], shell=True))
|
||||
handleStatus(subprocess.call(["chmod +x /usr/local/bin/howdy"], shell=True))
|
||||
|
||||
# Install the command autocomplete, don't error on failure
|
||||
subprocess.call(["sudo cp /lib/security/howdy/autocomplete.sh /etc/bash_completion.d/howdy"], shell=True)
|
||||
|
|
|
|||
14
pam.py
14
pam.py
|
|
@ -4,6 +4,8 @@
|
|||
import subprocess
|
||||
import sys
|
||||
import os
|
||||
import threading
|
||||
import time
|
||||
|
||||
# pam-python is running python 2, so we use the old module here
|
||||
import ConfigParser
|
||||
|
|
@ -15,6 +17,11 @@ config.read(os.path.dirname(os.path.abspath(__file__)) + "/config.ini")
|
|||
def doAuth(pamh):
|
||||
"""Start authentication in a seperate process"""
|
||||
|
||||
# Abort if the session is remote
|
||||
if pamh.rhost is not None or "SSH_CONNECTION" in os.environ:
|
||||
pamh.conversation(pamh.Message(pamh.PAM_TEXT_INFO, "Skipping face recognition for remote session"))
|
||||
return pamh.PAM_AUTH_ERR
|
||||
|
||||
# Run compare as python3 subprocess to circumvent python version and import issues
|
||||
status = subprocess.call(["python3", os.path.dirname(os.path.abspath(__file__)) + "/compare.py", pamh.get_user()])
|
||||
|
||||
|
|
@ -29,8 +36,15 @@ def doAuth(pamh):
|
|||
return pamh.PAM_AUTH_ERR
|
||||
# Status 0 is a successful exit
|
||||
if status == 0:
|
||||
# Show the success message if it isn't suppressed
|
||||
if config.get("core", "no_confirmation") != "true":
|
||||
pamh.conversation(pamh.Message(pamh.PAM_TEXT_INFO, "Identified face as " + pamh.get_user()))
|
||||
|
||||
# Try to dismiss the lock screen if enabled
|
||||
if config.get("core", "dismiss_lockscreen") == "true":
|
||||
# Run it as root with a timeout of 1s, and never ask for a password through the UI
|
||||
subprocess.Popen(["sudo", "timeout", "1", "loginctl", "unlock-sessions", "--no-ask-password"])
|
||||
|
||||
return pamh.PAM_SUCCESS
|
||||
|
||||
# Otherwise, we can't discribe what happend but it wasn't successful
|
||||
|
|
|
|||
Loading…
Reference in a new issue