Enumerate and delete enrolled fingerprints

[resilar]

Uninstallation is currently the only supported way to delete enrollments. Moreover, the GUI does not show which subfactors (fingers) are enrolled. The root issue is that certain WinBio enumeration functions are broken under Wow64 a lacking WinBio API (see the next comment), which prevents us listing enrollments for deletion or other purposes.

---

Old info: Wow64 registry redirection of HKLM\SOFTWARE seems to break WinBio's enumeration of enrollments/templates because WinBio.dll fails to read 64-bit WinBio registry keys due to missing KEY_WOW64_64KEY flag. For a possible workaround, see Wow64 registry reflection and in particular functions RegEnableReflectionKey()/RegDisableReflectionKey().

---

If the enumeration cannot be fixed with reasonable effort, then we could try to call WinBioDeleteTemplate() with WINBIO_ID_TYPE_WILDCARD to delete all enrollments for a specific subfactor (finger). However, according to the documentation, this requires administrator privileges and thus is not a feasible solution. Alternatively, a list of successful enrollments could be maintained in settings.ini by HotFinger.

[resilar]

Okay, it seems like that the Wow64 registry redirection only prevents the enumeration of enrollments of the system pool. WinBioGetEnrolledFactors() fails because of the registry issue and its documentation says:

These enrollments represent system pool enrollments only, such as enrollments that you can use to authenticate a user for sign-in, unlock, and so on. This value does not include private pool enrollments

Private pool enrollments can be enumerated using WinBioEnumEnrollments() function, but it does not support enumeration with WINBIO_ID_TYPE_WILDCARD identity (returns E_INVALIDARG 0x80070057). Thus, enumeration of enrolled subfactors is possible only if knowing the enrollment GUIDs beforehand. Unfortunately, there is no way to enumerate these GUIDs, except calling storage adapter's functions directly, which is an undocumented approach that may not work with all fingerprint readers (or at all).

It is starting to look like we have to save enrollment GUIDs in settings.ini on every successful WinBioEnrollCommit(). This is probably good enough solution even though the GUID information can become inconsistent if the user corrupts settings.ini or updates the private WinBio database manually.

[resilar]

Alternatively, create an "Unenroll" button which identifies the user to get WINBIO_IDENTITY instance and pass that to WinBioDeleteTemplate(). This might be the best solution for deletion (still no way to enumerate which subfactors have been enrolled).

[resilar]

Addressed in commit 5e73b88 using the idea described in the previous comment. After a successful identification, the identified template GUID is shown in the GUI and the "Enroll" button changes to "Unenroll". Clicking "Unenroll" shows an unenrollment confirmation dialog before deleting the identified template.

Enumeration is still unsupported, but it is not mandatory feature. Closing the issue.