Fixed installer permissions and cli location, ignoring remote sessions

This commit is contained in:
boltgolt 2018-03-13 21:17:49 +01:00
parent edf3dbfacd
commit 37ce3d61c9
3 changed files with 26 additions and 2 deletions

View file

@ -6,6 +6,11 @@ no_confirmation = false
# show an error but fail silently
suppress_unknown = false
# Auto dismiss lock screen on confirmation
# Will run loginctl unlock-sessions after every auth
# Expirimental, can behave incorrectly on some systems
dismiss_lockscreen = false
[video]
# The certainty of the detected face belonging to the user of the account
# On a scale from 1 to 10, values above 5 are not recommended

View file

@ -141,9 +141,14 @@ for line in fileinput.input(["/lib/security/howdy/config.ini"], inplace = 1):
# Secure the howdy folder
handleStatus(subprocess.call(["chmod 600 -R /lib/security/howdy/"], shell=True))
# Allow anyone to execute the python CLI
handleStatus(subprocess.call(["chmod 755 /lib/security/howdy"], shell=True))
handleStatus(subprocess.call(["chmod 744 /lib/security/howdy/cli.py"], shell=True))
handleStatus(subprocess.call(["chmod 744 -R /lib/security/howdy/cli"], shell=True))
# Make the CLI executable as howdy
handleStatus(subprocess.call(["ln -s /lib/security/howdy/cli.py /usr/bin/howdy"], shell=True))
handleStatus(subprocess.call(["chmod +x /usr/bin/howdy"], shell=True))
handleStatus(subprocess.call(["ln -s /lib/security/howdy/cli.py /usr/local/bin/howdy"], shell=True))
handleStatus(subprocess.call(["chmod +x /usr/local/bin/howdy"], shell=True))
# Install the command autocomplete, don't error on failure
subprocess.call(["sudo cp /lib/security/howdy/autocomplete.sh /etc/bash_completion.d/howdy"], shell=True)

14
pam.py
View file

@ -4,6 +4,8 @@
import subprocess
import sys
import os
import threading
import time
# pam-python is running python 2, so we use the old module here
import ConfigParser
@ -15,6 +17,11 @@ config.read(os.path.dirname(os.path.abspath(__file__)) + "/config.ini")
def doAuth(pamh):
"""Start authentication in a seperate process"""
# Abort if the session is remote
if pamh.rhost is not None or "SSH_CONNECTION" in os.environ:
pamh.conversation(pamh.Message(pamh.PAM_TEXT_INFO, "Skipping face recognition for remote session"))
return pamh.PAM_AUTH_ERR
# Run compare as python3 subprocess to circumvent python version and import issues
status = subprocess.call(["python3", os.path.dirname(os.path.abspath(__file__)) + "/compare.py", pamh.get_user()])
@ -29,8 +36,15 @@ def doAuth(pamh):
return pamh.PAM_AUTH_ERR
# Status 0 is a successful exit
if status == 0:
# Show the success message if it isn't suppressed
if config.get("core", "no_confirmation") != "true":
pamh.conversation(pamh.Message(pamh.PAM_TEXT_INFO, "Identified face as " + pamh.get_user()))
# Try to dismiss the lock screen if enabled
if config.get("core", "dismiss_lockscreen") == "true":
# Run it as root with a timeout of 1s, and never ask for a password through the UI
subprocess.Popen(["sudo", "timeout", "1", "loginctl", "unlock-sessions", "--no-ask-password"])
return pamh.PAM_SUCCESS
# Otherwise, we can't discribe what happend but it wasn't successful