Use the PAM user instead of current process's user

[ChocolateLoverRaj]

Fixes #14

@Lucaacer can you test this with sudo auth to see if your enrolled fingerprints are used, and that this PR doesn't break anything?

[Lucaacer]

Fixes #14

@Lucaacer can you test this with sudo auth to see if your enrolled fingerprints are used, and that this PR doesn't break anything?

It will take some time, after installing the new module I am unable to login and even issueing the shell with ctrl alt f2 was not enough but I am not sure it is fault of your module. My installation is a bit messy and has got too many desktop environments, so I will start from scratch and report, though I have a working raw img on an sd card that would come handy.

[Lucaacer]

Ok, I am now using the sdcard with the raw image (booting with depthcharge).

I cloned the new branch

git clone -b pam-user https://github.com/ChocolateLoverRaj/rust-fp
and the output is farly different

sudo echo a
[sudo] password of *********: 
thread '<unnamed>' panicked at pam-module/src/wait_until_unlock.rs:8:73:
called `Result::unwrap()` on an `Err` value: InputOutput(Os { code: 2, kind: NotFound, message: "File o directory non esistente" })
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
No templates saved. Not matching.
thread '<unnamed>' panicked at pam-module/src/lib.rs:49:10:
called `Result::unwrap()` on an `Err` value: MultipleHandlers
thread '<unnamed>' panicked at core/src/panicking.rs:221:5:
panic in a function that cannot unwind
stack backtrace:
   0:     0x7efe8f8d6d0a - <std::sys::backtrace::BacktraceLock::print::DisplayBacktrace as core::fmt::Display>::fmt::hddb63c9699c7309a
   1:     0x7efe8f8fac33 - core::fmt::write::hc338d61058c0d66c
   2:     0x7efe8f8d3563 - std::io::Write::write_fmt::h80dab97476750852
   3:     0x7efe8f8d6b52 - std::sys::backtrace::BacktraceLock::print::h8f82e207cdd02441
   4:     0x7efe8f8d7c3c - std::panicking::default_hook::{{closure}}::hced8387e9fe5d421
   5:     0x7efe8f8d7a82 - std::panicking::default_hook::ha3f6ad90792a97b6
   6:     0x7efe8f8d8217 - std::panicking::rust_panic_with_hook::h061c0c1eebc4ec34
   7:     0x7efe8f8d8076 - std::panicking::begin_panic_handler::{{closure}}::h5e30b0d14d1187f1
   8:     0x7efe8f8d71e9 - std::sys::backtrace::__rust_end_short_backtrace::h5df085eb7f7be6aa
   9:     0x7efe8f8d7d3c - rust_begin_unwind
  10:     0x7efe8f61353d - core::panicking::panic_nounwind_fmt::h42fb6c9fcc51315f
  11:     0x7efe8f6135d2 - core::panicking::panic_nounwind::hef94e2827ea9c9b0
  12:     0x7efe8f613695 - core::panicking::panic_cannot_unwind::hbb4894eea11007a2
  13:     0x7efe8f6d0cd9 - pam_sm_authenticate
  14:     0x7efe9dec6c6f - <unknown>
  15:     0x7efe9dec7478 - pam_authenticate
  16:     0x7efe9dee8b8b - <unknown>
  17:     0x7efe9df3105e - <unknown>
  18:     0x7efe9df32a95 - <unknown>
  19:     0x7efe9defab53 - <unknown>
  20:     0x55c8b5fbaa2e - <unknown>
  21:     0x55c8b5fa6c1f - <unknown>
  22:     0x7efe9e00f248 - __libc_start_call_main
  23:     0x7efe9e00f30b - __libc_start_main_alias_1
  24:     0x55c8b5fa9025 - <unknown>
  25:                0x0 - <unknown>
thread caused non-unwinding panic. aborting.
zsh: IOT instruction (core dumped)  sudo echo a

[ChocolateLoverRaj]

From those error messages it looks like you did not run the code from the latest commit since the line numbers are from an old commit.

[Lucaacer]

True, wait_until_unlock was the previous branch... Weird, but is

git clone -b pam-user https://github.com/ChocolateLoverRaj/rust-fp
wrong?

I will test it once again, anyhow.

[ChocolateLoverRaj]

Did you build it and replace the PAM program file after the git clone?

[Lucaacer]

I am fairly sure I did replace the module in /usr/lib64, maybe I did not replace

sudo cp target/release/rust-fp-dbus-interface /usr/local/bin

but now I will remove everything anf try again.

[Lucaacer]

Now I am sure there was nothing left from the previous versions, because I removed any file from the shell.

This is the output

Matched: 1.
Template was updated. Saving updated template...
Saved updated template

********** on ultramarine ~ 
❯ sudo echo a  
[sudo] password di **********: 
thread '<unnamed>' panicked at pam-module/src/lib.rs:64:44:
called `Result::unwrap()` on an `Err` value: PAM_SUCCESS
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
fatal runtime error: failed to initiate panic, error 5
zsh: IOT instruction (core dumped)  sudo echo a

[Lucaacer]

For some unknown reason, I cannot unlock the screen-saver any longer.

Btw, now I am using the internal ssd.

---

Update: I can confirm that the update breaks unlock. I went to and fro main and pam-user and the latter never allowed me to unlock the screensaver.

[ChocolateLoverRaj]

What are the contents of your /etc/pam.d/sudo file?

[Lucaacer]

Here it is

#%PAM-1.0
auth sufficient pam_unix.so first_try_pass likeauth nullok
auth sufficient librust_fp_pam_module.so
account sufficient librust_fp_pam_module.so


auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so revoke
session    required     pam_limits.so
session    include      system-auth

Just like the cinnamon screensaver

[mio-19]

I have a chromebook running nixos I might be able to test this