Fix auth regression in downstream patches

The upstream code now expects the default service to be initialized
early, so postponing it after initializing the smartcard support
no longer works.

Adjust the downstream patches accordingly.

Resolves: RHEL-35337
This commit is contained in:
Florian Müllner 2024-05-10 19:44:38 +02:00
parent 0e739b3813
commit 5b7b717f90
No known key found for this signature in database

View File

@ -1,4 +1,4 @@
From 420178f0f4711b3d58c9880008cf847a99fb438b Mon Sep 17 00:00:00 2001 From 066e4346a13a667f318e4334020cc1ac4a03ba9a Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com> From: Ray Strode <rstrode@redhat.com>
Date: Mon, 28 Sep 2015 10:57:02 -0400 Date: Mon, 28 Sep 2015 10:57:02 -0400
Subject: [PATCH 1/3] smartcardManager: add way to detect if user logged using Subject: [PATCH 1/3] smartcardManager: add way to detect if user logged using
@ -35,7 +35,7 @@ index 32573cd384..6c48c80a19 100644
2.44.0 2.44.0
From add283227afed3e32d9dd7c93b211e012d9fd85a Mon Sep 17 00:00:00 2001 From dba5cdb1cd96d8f5e99280135e88df4f0487c4ed Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com> From: Ray Strode <rstrode@redhat.com>
Date: Mon, 28 Sep 2015 19:56:53 -0400 Date: Mon, 28 Sep 2015 19:56:53 -0400
Subject: [PATCH 2/3] gdm: only unlock with smartcard, if smartcard used for Subject: [PATCH 2/3] gdm: only unlock with smartcard, if smartcard used for
@ -44,22 +44,14 @@ Subject: [PATCH 2/3] gdm: only unlock with smartcard, if smartcard used for
If a smartcard is used for login, we need to make sure the smartcard If a smartcard is used for login, we need to make sure the smartcard
gets used for unlock, too. gets used for unlock, too.
--- ---
js/gdm/util.js | 7 +++++-- js/gdm/util.js | 6 +++++-
1 file changed, 5 insertions(+), 2 deletions(-) 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/js/gdm/util.js b/js/gdm/util.js diff --git a/js/gdm/util.js b/js/gdm/util.js
index 97df6d687e..cfb430a24e 100644 index 97df6d687e..8a05758bb8 100644
--- a/js/gdm/util.js --- a/js/gdm/util.js
+++ b/js/gdm/util.js +++ b/js/gdm/util.js
@@ -125,7 +125,6 @@ export class ShellUserVerifier extends Signals.EventEmitter { @@ -463,6 +463,8 @@ export class ShellUserVerifier extends Signals.EventEmitter {
this._settings = new Gio.Settings({schema_id: LOGIN_SCREEN_SCHEMA});
this._settings.connect('changed', () => this._onSettingsChanged());
this._updateEnabledServices();
- this._updateDefaultService();
this.addCredentialManager(OVirt.SERVICE_NAME, OVirt.getOVirtCredentialsManager());
this.addCredentialManager(Vmware.SERVICE_NAME, Vmware.getVmwareCredentialsManager());
@@ -463,6 +462,8 @@ export class ShellUserVerifier extends Signals.EventEmitter {
this.smartcardDetected = false; this.smartcardDetected = false;
this._checkForSmartcard(); this._checkForSmartcard();
@ -68,12 +60,12 @@ index 97df6d687e..cfb430a24e 100644
this._smartcardManager.connectObject( this._smartcardManager.connectObject(
'smartcard-inserted', () => this._checkForSmartcard(), 'smartcard-inserted', () => this._checkForSmartcard(),
'smartcard-removed', () => this._checkForSmartcard(), this); 'smartcard-removed', () => this._checkForSmartcard(), this);
@@ -641,7 +642,9 @@ export class ShellUserVerifier extends Signals.EventEmitter { @@ -641,7 +643,9 @@ export class ShellUserVerifier extends Signals.EventEmitter {
} }
_getDetectedDefaultService() { _getDetectedDefaultService() {
- if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY)) - if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))
+ if (this._smartcardManager.loggedInWithToken()) + if (this._smartcardManager?.loggedInWithToken())
+ return SMARTCARD_SERVICE_NAME; + return SMARTCARD_SERVICE_NAME;
+ else if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY)) + else if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))
return PASSWORD_SERVICE_NAME; return PASSWORD_SERVICE_NAME;
@ -83,7 +75,7 @@ index 97df6d687e..cfb430a24e 100644
2.44.0 2.44.0
From 2ad44eb49ab436df194d5ad78a73aef02f67a220 Mon Sep 17 00:00:00 2001 From ef8ac2256eed6bac5c002f127915c88a12bf1a58 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com> From: Ray Strode <rstrode@redhat.com>
Date: Mon, 28 Sep 2015 19:57:36 -0400 Date: Mon, 28 Sep 2015 19:57:36 -0400
Subject: [PATCH 3/3] gdm: update default service when smartcard inserted Subject: [PATCH 3/3] gdm: update default service when smartcard inserted
@ -96,10 +88,10 @@ after we get a smartcard insertion event.
1 file changed, 2 insertions(+) 1 file changed, 2 insertions(+)
diff --git a/js/gdm/util.js b/js/gdm/util.js diff --git a/js/gdm/util.js b/js/gdm/util.js
index cfb430a24e..e4777225a0 100644 index 8a05758bb8..69005f7335 100644
--- a/js/gdm/util.js --- a/js/gdm/util.js
+++ b/js/gdm/util.js +++ b/js/gdm/util.js
@@ -487,6 +487,8 @@ export class ShellUserVerifier extends Signals.EventEmitter { @@ -488,6 +488,8 @@ export class ShellUserVerifier extends Signals.EventEmitter {
else if (this._preemptingService === SMARTCARD_SERVICE_NAME) else if (this._preemptingService === SMARTCARD_SERVICE_NAME)
this._preemptingService = null; this._preemptingService = null;