gnome-shell/enforce-smartcard-at-unlock.patch

106 lines
3.3 KiB
Diff
Raw Normal View History

From eaa7217db15a28e88ce0b5a84827c306148561ca Mon Sep 17 00:00:00 2001
2019-05-07 12:23:00 +00:00
From: Ray Strode <rstrode@redhat.com>
Date: Mon, 28 Sep 2015 10:57:02 -0400
Subject: [PATCH 1/3] smartcardManager: add way to detect if user logged using
(any) token
If a user uses a token at login time, we need to make sure they continue
to use the token at unlock time.
As a prerequisite for addressing that problem we need to know up front
if a user logged in with a token at all.
This commit adds the necessary api to detect that case.
---
js/misc/smartcardManager.js | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/js/misc/smartcardManager.js b/js/misc/smartcardManager.js
index 32573cd384..6c48c80a19 100644
2019-05-07 12:23:00 +00:00
--- a/js/misc/smartcardManager.js
+++ b/js/misc/smartcardManager.js
@@ -118,4 +118,11 @@ class SmartcardManager extends Signals.EventEmitter {
2019-05-07 12:23:00 +00:00
return true;
2019-11-05 19:43:42 +00:00
}
+
2019-05-07 12:23:00 +00:00
+ loggedInWithToken() {
+ if (this._loginToken)
+ return true;
+
+ return false;
2019-11-05 19:43:42 +00:00
+ }
}
2019-05-07 12:23:00 +00:00
--
2.45.2
2019-05-07 12:23:00 +00:00
From d7ef26d7b9d352232c9e0a24a04bcfcf6eee7d9a Mon Sep 17 00:00:00 2001
2019-05-07 12:23:00 +00:00
From: Ray Strode <rstrode@redhat.com>
Date: Mon, 28 Sep 2015 19:56:53 -0400
Subject: [PATCH 2/3] gdm: only unlock with smartcard, if smartcard used for
login
If a smartcard is used for login, we need to make sure the smartcard
gets used for unlock, too.
---
js/gdm/util.js | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
2019-05-07 12:23:00 +00:00
diff --git a/js/gdm/util.js b/js/gdm/util.js
index c9c040beb7..c0d8852880 100644
2019-05-07 12:23:00 +00:00
--- a/js/gdm/util.js
+++ b/js/gdm/util.js
@@ -465,6 +465,8 @@ export class ShellUserVerifier extends Signals.EventEmitter {
2019-05-07 12:23:00 +00:00
this.smartcardDetected = false;
this._checkForSmartcard();
+ this._updateDefaultService();
+
this._smartcardManager.connectObject(
'smartcard-inserted', () => this._checkForSmartcard(),
'smartcard-removed', () => this._checkForSmartcard(), this);
@@ -643,7 +645,9 @@ export class ShellUserVerifier extends Signals.EventEmitter {
2019-11-05 19:43:42 +00:00
}
2019-05-07 12:23:00 +00:00
_getDetectedDefaultService() {
2019-05-07 12:23:00 +00:00
- if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))
+ if (this._smartcardManager?.loggedInWithToken())
+ return SMARTCARD_SERVICE_NAME;
2019-05-07 12:23:00 +00:00
+ else if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))
return PASSWORD_SERVICE_NAME;
else if (this._smartcardManager)
return SMARTCARD_SERVICE_NAME;
2019-05-07 12:23:00 +00:00
--
2.45.2
2019-05-07 12:23:00 +00:00
From 9bff98c2757e4591035e408aa9cee703cec74bdf Mon Sep 17 00:00:00 2001
2019-05-07 12:23:00 +00:00
From: Ray Strode <rstrode@redhat.com>
Date: Mon, 28 Sep 2015 19:57:36 -0400
Subject: [PATCH 3/3] gdm: update default service when smartcard inserted
Early on at start up we may not know if a smartcard is
available. Make sure we reupdate the default service
after we get a smartcard insertion event.
---
js/gdm/util.js | 2 ++
1 file changed, 2 insertions(+)
diff --git a/js/gdm/util.js b/js/gdm/util.js
index c0d8852880..430af4d8ef 100644
2019-05-07 12:23:00 +00:00
--- a/js/gdm/util.js
+++ b/js/gdm/util.js
@@ -490,6 +490,8 @@ export class ShellUserVerifier extends Signals.EventEmitter {
else if (this._preemptingService === SMARTCARD_SERVICE_NAME)
2019-05-07 12:23:00 +00:00
this._preemptingService = null;
+ this._updateDefaultService();
+
this.emit('smartcard-status-changed');
}
2019-11-05 19:43:42 +00:00
}
2019-05-07 12:23:00 +00:00
--
2.45.2
2019-05-07 12:23:00 +00:00