Add TouchID sudo helper script

README.md

@@ -82,3 +82,9 @@ Alternatively, you can have an additional, personal dotfiles repo at `~/.extra`.
 ## Credits
 
 Many thanks to the [dotfiles community](https://dotfiles.github.io).
+
+## License
+
+These files are licensed under the [MIT license](./licenses/MIT) except the following files which are taken from [Mike McQuaid](https://github.com/MikeMcQuaid/dotfiles) and are licensed under the [GPLv3 license](./licenses/GPLv3):
+
+- [bin/touchid-enable-pam-sudo](./bin/touchid-enable-pam-sudo)

bin/touchid-enable-pam-sudo

@@ -0,0 +1,30 @@
+#!/usr/bin/env ruby
+# Source: https://github.com/MikeMcQuaid/dotfiles/blob/master/bin/touchid-enable-pam-sudo
+# Enables sudo authentication using TouchID.
+
+pam_sudo_filename = '/etc/pam.d/sudo'
+pam_sudo_contents = File.read(pam_sudo_filename)
+if pam_sudo_contents.include?('pam_tid.so')
+  puts 'TouchID PAM sudo module already enabled!' unless ARGV.include?('--quiet')
+  exit
+end
+
+first_line = '# sudo: auth account password session'
+first_line_regex = /^#{first_line}$/
+unless pam_sudo_contents.match?(first_line_regex)
+  warn "Error: #{pam_sudo_filename} is not in the expected format!"
+  abort
+end
+
+if Process.uid != 0
+  puts "Rerunning #{$0} with sudo..."
+  exec 'sudo', $0
+end
+
+pam_sudo_contents.sub!(
+  first_line_regex,
+  "#{first_line}\nauth       sufficient     pam_tid.so"
+)
+
+File.write(pam_sudo_filename, pam_sudo_contents)
+puts 'TouchID PAM sudo module now enabled!'