From f5390f91104ca5c531a1e778ecfafadc0a668075 Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Tue, 24 Sep 2024 16:11:26 -0400 Subject: add verbose, advanced (control other users), docs --- fprintd_tk_lib.py | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 61 insertions(+), 5 deletions(-) (limited to 'fprintd_tk_lib.py') diff --git a/fprintd_tk_lib.py b/fprintd_tk_lib.py index bc97448..18470cb 100644 --- a/fprintd_tk_lib.py +++ b/fprintd_tk_lib.py @@ -1,9 +1,20 @@ #!/usr/bin/env python3 +# File: fprintd_tk_lib.py +# Location: https://bgstack15.cgit/fprintd-tk +# Author: bgstack15 # Startdate: 2024-09-22-1 15:33 -# Purpose: backend for fprintd_tk that uses fprintd-* binaries, in case I ever rewrite this to use dbus directly? +# SPDX-License-Identifier: GPL-3.0-only +# Title: Backend for fprintd_tk that uses fprintd binaries +# Purpose: In case this gets rewritten to use dbus directly or something +# Project: fprintd-tk +# History: +# Usage: +# Reference: +# Improve: # Dependencies: # /usr/bin/fprintd-* -# Improve: +# Documentation: +# README.md import os, subprocess, re @@ -17,11 +28,14 @@ prevent_success_messages = [ ] def get_enrolled_fingers(user = None, verbose = False): - # return list of full strings of fingers that are enrolled. + """ + Returns list of full strings of fingers that are enrolled for the listed user. + """ enrolled_fingers = [] if user is None: user = _user - print(f"DEBUG (get_enrolled_fingers): user {user}") + if verbose: + print(f"DEBUG (get_enrolled_fingers): user {user}") proc = subprocess.Popen( ["fprintd-list",user], stdout = subprocess.PIPE, @@ -29,12 +43,16 @@ def get_enrolled_fingers(user = None, verbose = False): ) while True: line = proc.stdout.readline() + if verbose: + print(f"DEBUG (get_enrolled_fingers): line {line}") if not line: break if fre.match(line): enrolled_fingers.append(fre.match(line).groups()[0].strip()) elif re.match("^.*No devices available.*", line): return [] + elif re.match("^.*has no fingers enrolled.*", line): + return ["none"] else: pass return enrolled_fingers @@ -52,7 +70,8 @@ def fprintd_action(action, finger, status_function = None, user = None, verbose if status_function: status_function(f"Invalid action {action}") return False - print(f"DEBUG (fprintd_action): command {command}") + if verbose: + print(f"DEBUG (fprintd_action): command {command}") proc = subprocess.Popen( command, stdout = subprocess.PIPE, @@ -88,3 +107,40 @@ def fprintd_action(action, finger, status_function = None, user = None, verbose break if display: status_function(f"Succeeded! {display_line}") + +def check_setusername_permission(status_function = None, verbose = False): + """ + This permission depends on a rule like this in /etc/polkit-1/rules.d/80-fprintd.rules: + + polkit.addRule(function(action, subject) { + if ( + ( + action.id.match("net.reactivated.fprint.device.setusername") + ) && subject.active && subject.isInGroup("admins")) { + polkit.log("action=" + action); + polkit.log("subject=" + subject); + return polkit.Result.YES; + } + }); + + We need to check for the ability to run `fprintd-list root` and if it does not print "not authorized", we can allow the advanced actions. + """ + proc = subprocess.Popen( + ["fprintd-list","root"], + stdout = subprocess.PIPE, + universal_newlines = True # or maybe text=True + ) + has_setusername = True + while True: + line = proc.stdout.readline() + if verbose: + print(f"DEBUG (check_setusername_permission): line {line}") + if not line: + break + if re.match(".*Not Authorized.*",line): + if verbose: + print(f"DEBUG (check_setusername_permission): setting has_setusername to false...") + has_setusername = False + if status_function: + status_function(f"Have advanced permissions: {has_setusername}") + return has_setusername -- cgit