WIP: Windows Hello Authentication #83
Conversation
|
This seems to stop working sometimes (exit code 255 from the .exe). That can be fixed by opening a new shell - it's probably related to the WSL_INTEROP socket |
| authenticator = pkgs.stdenv.mkDerivation { | ||
| name = "WindowsHelloAuthenticator.exe"; | ||
| src = pkgs.fetchurl { | ||
| url = "https://github.com/nzbr/PAM-WindowsHello/releases/download/v1/WindowsHelloAuthenticator.exe"; | ||
| sha256 = "4856a1fefa5c869b78890f9313a560d310e9c11f2a2a212c2868cf292792ff7f"; | ||
| }; | ||
| dontUnpack = true; | ||
| buildCommand = '' | ||
| install -m 0755 $src $out | ||
| ''; | ||
| }; | ||
| wrapper = pkgs.writeShellScript "wrapper" '' | ||
| export PATH=${pkgs.coreutils}/bin # The PAM environment does not include the default PATH | ||
| export WSL_INTEROP="/run/WSL/$(ls -tr /run/WSL | tail -n1)" # Find the correct WSL_INTEROP socket to be able to start the EXE | ||
| exec ${authenticator} [$PAM_SERVICE] $PAM_RUSER wants to authenticate as $PAM_USER | ||
| ''; |
There was a problem hiding this comment.
I think we should make a proper package out of that. Could we build it from source, too?
There was a problem hiding this comment.
I don't think it'd be possible to build from source. The program has build-time dependencies against Windows.winmd and System.Runtime.WindowsRuntime.dll
If there's any way to get those files into the nix store, it might be possible to build with Mono though
There was a problem hiding this comment.
There was a problem hiding this comment.
I didn't expect that, thanks! I'll look into it
There was a problem hiding this comment.
I tried it now (the correct package is https://www.nuget.org/packages/Microsoft.Windows.SDK.Contracts btw. The one above seems to be for parsing WinMD files), however I could not get msbuild on Linux to compile the executable. It always threw an error about a missing assembly reference. I also tried porting the helper to .NET 6, but that wouldn't build on Linux either because NETSDK1100: Windows is required to build Windows desktop applications. I had initially meant to build it in .NET 6, but couldn't figure out how to import WinRT then. In retrospect that was fortunate, because now I learned that .NET 6 would require having an additional .dll in the same directory as the .exe, whereas .NET Framework only requires the .exe to be present
TL;DR Unfortunately it looks like there is no way to build the helper on linux
|
What needs to be done to this be merged? |
|
The Nix code in this PR is pretty outdated and would probably need to be adjusted to the current state of the main branch. Also the windows binary this uses can't be cross-compiled on linux and therefore needs to be pulled in as a binary blob. If that's possible the windows part should be rewritten in something like rust where that's possible, so that it can be built in a derivation |
|
I actually did a rewrite of both the PAM module and the Windows side (in Rust) for this roughly two years ago. It also doesn't use any unsupported APIs anymore and should cross-compile. It worked, but I have a feeling it wasn't fully done. It's currently rotting in a private repo, but I'll see about cleaning it up. |
|
That'd be really cool, tbh |
This adds an option to approve sudo and other login prompts through Windows Hello (Fingerprint/Face/PIN/etc.) instead of a password or not at all (as is the default)