utils: Add gdm-auth-config to configure GDM authorization options
Add a tool to control the gdm settings easily, focusing on authentication options.
It allows to control basic settings for these authentication methods:
- password
- fingerprint
- smartcard
In particular it permits to toggle each option or in some cases to require it as the only one.
To do this, in general we perform as follows:
- Create an override for the gdm dconf profile file in sysconfigdir
- Fill the profile file containing the original file-db and a new system-db:gdm.
- When a GDM setting is changed we create/update a new config file and a relative locks file for the gdm database.
- When a System setting is changed we try to reuse a system configured dconf system db if any, or we create a new "local" one, adding a config and lock file.
However, since such settings might require other system changes that depend on distribution specifics, I've added a completely pluggable system that allows distributions to provide a specific configuration script that will be called with the gdm-auth-config parameters (once they've been approved) and that can do partial or full changes.
As per this, I've included here both a distro hook for fedora and some generic ones (that does nothing) for the GDM supported distros. The reason for those "pass" hooks is that we want to disable some changes by default, unless ACK'ed by an hook.
The API for the distro hooks is documented in the source code.
I've included an hook that is meant to work in fedora and derivatives, however I'd think that the proper location for that would be in the packaging itself, more than upstream.
The tool iface is:
Usage:
gdm-auth-config COMMAND
Commands:
help Shows this information
password Configure the password authentication
fingerprint Configure the fingerprint authentication
smartcard Configure the smartcard authentication
reset Resets the default configuration
show Shows the current configuration
Use “gdm-auth-config COMMAND --help” to get help on each command.