Don't reset smartcard conversation twice when smartcard is inserted.
Resolves: #2140898
This commit is contained in:
parent
3f1bb03e9b
commit
1560c87bec
100
0001-authPrompt-Disregard-smartcard-status-changes-events.patch
Normal file
100
0001-authPrompt-Disregard-smartcard-status-changes-events.patch
Normal file
@ -0,0 +1,100 @@
|
||||
From ec802e39a5dfb252e2d18b8cb95f713724180565 Mon Sep 17 00:00:00 2001
|
||||
From: Ray Strode <rstrode@redhat.com>
|
||||
Date: Mon, 15 May 2023 10:48:15 -0400
|
||||
Subject: [PATCH] authPrompt: Disregard smartcard status changes events if
|
||||
VERIFICATION_IN_PROGRESS
|
||||
|
||||
commit c8bb45b41c3a13ef161103f649aa18938e028a70 introduced a new
|
||||
verification state, VERIFICATION_IN_PROGRESS, to detect when the user
|
||||
has already interacted with the authentication service, so the auth
|
||||
prompt can rate limit the number of times the user can cancel
|
||||
authentication attempts with the escape key (without also rate limiting
|
||||
the number of times they hit escape to go back to the clock without
|
||||
interacting with the authentication service).
|
||||
|
||||
That means there are now two states that represent the
|
||||
user actively undergoing verification: VERIFYING and
|
||||
VERIFICATION_IN_PROGRESS.
|
||||
|
||||
It's inappropriate to reset the smartcard service if the user is
|
||||
actively conversing with it. We try to check for that by looking at the
|
||||
original verification state, VERIFYING, but we unfortunately, neglected
|
||||
to account for the new VERIFICATION_IN_PROGRESS state.
|
||||
|
||||
This commit fixes that oversight, and allows users to again pre-type
|
||||
their smartcard pin at the clock before inserting their smartcard.
|
||||
---
|
||||
js/gdm/authPrompt.js | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js
|
||||
index 4da91e096..e961f396e 100644
|
||||
--- a/js/gdm/authPrompt.js
|
||||
+++ b/js/gdm/authPrompt.js
|
||||
@@ -327,61 +327,62 @@ var AuthPrompt = GObject.registerClass({
|
||||
_onShowChoiceList(userVerifier, serviceName, promptMessage, choiceList) {
|
||||
if (this._queryingService)
|
||||
this.clear();
|
||||
|
||||
this._queryingService = serviceName;
|
||||
|
||||
if (this._preemptiveAnswer)
|
||||
this._preemptiveAnswer = null;
|
||||
|
||||
this.setChoiceList(promptMessage, choiceList);
|
||||
this.updateSensitivity(true);
|
||||
this.emit('prompted');
|
||||
}
|
||||
|
||||
_onCredentialManagerAuthenticated() {
|
||||
if (this.verificationStatus != AuthPromptStatus.VERIFICATION_SUCCEEDED)
|
||||
this.reset();
|
||||
}
|
||||
|
||||
_onSmartcardStatusChanged() {
|
||||
this.smartcardDetected = this._userVerifier.smartcardDetected;
|
||||
|
||||
// Most of the time we want to reset if the user inserts or removes
|
||||
// a smartcard. Smartcard insertion "preempts" what the user was
|
||||
// doing, and smartcard removal aborts the preemption.
|
||||
// The exceptions are: 1) Don't reset on smartcard insertion if we're already verifying
|
||||
// with a smartcard
|
||||
// 2) Don't reset if we've already succeeded at verification and
|
||||
// the user is getting logged in.
|
||||
if (this._userVerifier.serviceIsDefault(GdmUtil.SMARTCARD_SERVICE_NAME) &&
|
||||
- this.verificationStatus == AuthPromptStatus.VERIFYING &&
|
||||
+ (this.verificationStatus === AuthPromptStatus.VERIFYING ||
|
||||
+ this.verificationStatus === AuthPromptStatus.VERIFICATION_IN_PROGRESS) &&
|
||||
this.smartcardDetected)
|
||||
return;
|
||||
|
||||
if (this.verificationStatus != AuthPromptStatus.VERIFICATION_SUCCEEDED)
|
||||
this.reset();
|
||||
}
|
||||
|
||||
_onShowMessage(_userVerifier, serviceName, message, type) {
|
||||
this.setMessage(serviceName, message, type);
|
||||
this.emit('prompted');
|
||||
}
|
||||
|
||||
_onVerificationFailed(userVerifier, serviceName, canRetry) {
|
||||
const wasQueryingService = this._queryingService === serviceName;
|
||||
|
||||
if (wasQueryingService) {
|
||||
this._queryingService = null;
|
||||
this.clear();
|
||||
}
|
||||
|
||||
this.updateSensitivity(canRetry);
|
||||
this.setActorInDefaultButtonWell(null);
|
||||
|
||||
if (!canRetry)
|
||||
this.verificationStatus = AuthPromptStatus.VERIFICATION_FAILED;
|
||||
|
||||
if (wasQueryingService)
|
||||
Util.wiggle(this._entry);
|
||||
}
|
||||
|
||||
--
|
||||
2.39.1
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
Name: gnome-shell
|
||||
Version: 40.10
|
||||
Release: 12%{?dist}
|
||||
Release: 13%{?dist}
|
||||
Summary: Window management and application launching for GNOME
|
||||
|
||||
License: GPLv2+
|
||||
@ -27,6 +27,7 @@ Patch14: support-choicelist-extension.patch
|
||||
Patch15: gdm-networking.patch
|
||||
Patch16: login-screen-extensions.patch
|
||||
Patch17: fix-resetting-auth-prompt.patch
|
||||
Patch18: 0001-authPrompt-Disregard-smartcard-status-changes-events.patch
|
||||
|
||||
# Misc.
|
||||
Patch30: 0001-panel-add-an-icon-to-the-ActivitiesButton.patch
|
||||
@ -274,6 +275,10 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/evolution-calendar.de
|
||||
%{_mandir}/man1/gnome-shell.1*
|
||||
|
||||
%changelog
|
||||
* Mon May 15 2023 Ray Strode <rstrode@redhat.com> - 40.10-13
|
||||
- Don't reset smartcard conversation twice when smartcard is inserted.
|
||||
Resolves: #2140898
|
||||
|
||||
* Wed Feb 22 2023 Florian Müllner <fmuellner@redhat.com> - 40.10-12
|
||||
- Require xdg-desktop-portal-gnome
|
||||
Resolves: #2172524
|
||||
|
Loading…
Reference in New Issue
Block a user