Add native PAM module

.github/workflows/check.yml

@@ -0,0 +1,25 @@
+name: check
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install required libraries
+        run: >
+          sudo apt-get update && sudo apt-get install -y 
+          python3 python3-pip python3-setuptools python3-wheel ninja-build meson 
+          cmake make build-essential clang-tidy
+          libpam0g-dev libinih-dev libevdev-dev 
+          python3-dev libopencv-dev
+
+      - uses: actions/checkout@v2
+
+      - name: Build
+        run: |
+          meson setup build howdy/src/pam
+          ninja -C build
+
+      - name: Check source code
+        run: |
+          ninja clang-tidy -C build

howdy/archlinux/howdy/.SRCINFO

@@ -13,6 +13,7 @@ pkgbase = howdy
 	depends = python3
 	depends = python-dlib
 	depends = python-numpy
+	depends = python-opencv
 	backup = usr/lib/security/howdy/config.ini
 	source = howdy-2.6.1.tar.gz::https://github.com/boltgolt/howdy/archive/v2.6.1.tar.gz
 	source = https://github.com/davisking/dlib-models/raw/master/dlib_face_recognition_resnet_model_v1.dat.bz2

howdy/src/compare.py

@@ -26,7 +26,6 @@
 from i18n import _
 from recorders.video_capture import VideoCapture
 
-
 def exit(code=None):
 	"""Exit while closeing howdy-gtk properly"""
 	global gtk_proc

howdy/src/config.ini

@@ -30,6 +30,14 @@ disabled = false
 # computational power to run, and is meant to be executed on a GPU to attain reasonable speed.
 use_cnn = false
 
+# WARNING: Changing this key can lead to unstability
+# Set a workaround to confirm the prompt
+#
+# "off" will disable it, so the user needs to confirm manually
+# "input" will send an enter keypress to confirm (the prompt needs to be on focus)
+# "native" will stop the prompt at PAM level (DANGEROUS!)
+workaround = input
+
 [video]
 # The certainty of the detected face belonging to the user of the account
 # On a scale from 1 to 10, values above 5 are not recommended

howdy/src/pam/.clang-tidy

@@ -0,0 +1,7 @@
+Checks: 'clang-diagnostic-*,clang-analyser-*,-clang-diagnostic-unused-command-line-argument,google-*,bugprone-*,modernize-*,performance-*,portability-*,readability-*,-bugprone-easily-swappable-*,-readability-magic-numbers,-google-readability-todo'
+WarningsAsErrors: 'clang-diagnostic-*,clang-analyser-*,-clang-diagnostic-unused-command-line-argument,google-*,bugprone-*,modernize-*,performance-*,portability-*,readability-*,-bugprone-easily-swappable-*,-readability-magic-numbers,-google-readability-todo'
+CheckOptions:
+  - key:             readability-function-cognitive-complexity.Threshold
+    value:           '50'
+
+# vim:syntax=yaml

howdy/src/pam/README.md

@@ -1,20 +1,35 @@
 # Howdy PAM module
 
+## Prepare
+
+This module depends on `INIReader` and `libevdev`.
+They can be installed with these packages:
+
+```
+Arch Linux - libinih libevdev
+Debian     - libinih-dev libevdev-dev
+Fedora     - inih-devel libevdev-devel
+OpenSUSE   - inih libevdev-devel
+```
+
+If your distribution doesn't provide `INIReader`,
+it will be automatically pulled from git at the subproject's pinned version.
+
 ## Build
 
-```sh
-meson setup build -Dinih:with_INIReader=true
+``` sh
+meson setup build
 meson compile -C build
 ```
 
 ## Install
 
-```sh
-sudo mv build/libpam_howdy.so /lib/security/pam_howdy.so
+``` sh
+meson install -C build
 ```
 
-Change PAM config line to:
+Add the following line to your PAM configuration (/etc/pam.d/your-service):
 
-```pam
-auth     sufficient pam_howdy.so
+``` pam
+auth  sufficient  pam_howdy.so
 ```

howdy/src/pam/enter_device.cc

@@ -0,0 +1,48 @@
+#include "enter_device.hh"
+
+#include <cstring>
+#include <memory>
+#include <stdexcept>
+
+EnterDevice::EnterDevice()
+    : raw_device(libevdev_new(), &libevdev_free),
+      raw_uinput_device(nullptr, &libevdev_uinput_destroy) {
+  auto *dev_ptr = raw_device.get();
+
+  libevdev_set_name(dev_ptr, "enter device");
+  libevdev_enable_event_type(dev_ptr, EV_KEY);
+  libevdev_enable_event_code(dev_ptr, EV_KEY, KEY_ENTER, nullptr);
+
+  int err;
+  struct libevdev_uinput *uinput_dev_ptr;
+  if ((err = libevdev_uinput_create_from_device(
+           dev_ptr, LIBEVDEV_UINPUT_OPEN_MANAGED, &uinput_dev_ptr)) != 0) {
+    throw std::runtime_error(std::string("Failed to create device: ") +
+                             strerror(-err));
+  }
+
+  raw_uinput_device.reset(uinput_dev_ptr);
+};
+
+void EnterDevice::send_enter_press() const {
+  auto *uinput_dev_ptr = raw_uinput_device.get();
+
+  int err;
+  if ((err = libevdev_uinput_write_event(uinput_dev_ptr, EV_KEY, KEY_ENTER,
+                                         1)) != 0) {
+    throw std::runtime_error(std::string("Failed to write event: ") +
+                             strerror(-err));
+  }
+
+  if ((err = libevdev_uinput_write_event(uinput_dev_ptr, EV_KEY, KEY_ENTER,
+                                         0)) != 0) {
+    throw std::runtime_error(std::string("Failed to write event: ") +
+                             strerror(-err));
+  }
+
+  if ((err = libevdev_uinput_write_event(uinput_dev_ptr, EV_SYN, SYN_REPORT,
+                                         0)) != 0) {
+    throw std::runtime_error(std::string("Failed to write event: ") +
+                             strerror(-err));
+  };
+}

howdy/src/pam/enter_device.hh

@@ -0,0 +1,19 @@
+#ifndef ENTER_DEVICE_H_
+#define ENTER_DEVICE_H_
+
+#include <libevdev/libevdev-uinput.h>
+#include <libevdev/libevdev.h>
+#include <memory>
+
+class EnterDevice {
+  std::unique_ptr<struct libevdev, decltype(&libevdev_free)> raw_device;
+  std::unique_ptr<struct libevdev_uinput, decltype(&libevdev_uinput_destroy)>
+      raw_uinput_device;
+
+public:
+  EnterDevice();
+  void send_enter_press() const;
+  ~EnterDevice() = default;
+};
+
+#endif // ENTER_DEVICE_H