diff options
Diffstat (limited to '0001-authPrompt-Disregard-smartcard-status-changes-events.patch')
| -rw-r--r-- | 0001-authPrompt-Disregard-smartcard-status-changes-events.patch | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/0001-authPrompt-Disregard-smartcard-status-changes-events.patch b/0001-authPrompt-Disregard-smartcard-status-changes-events.patch new file mode 100644 index 0000000..35dd9e0 --- /dev/null +++ b/0001-authPrompt-Disregard-smartcard-status-changes-events.patch @@ -0,0 +1,100 @@ +From ec802e39a5dfb252e2d18b8cb95f713724180565 Mon Sep 17 00:00:00 2001 +From: Ray Strode <rstrode@redhat.com> +Date: Mon, 15 May 2023 10:48:15 -0400 +Subject: [PATCH] authPrompt: Disregard smartcard status changes events if + VERIFICATION_IN_PROGRESS + +commit c8bb45b41c3a13ef161103f649aa18938e028a70 introduced a new +verification state, VERIFICATION_IN_PROGRESS, to detect when the user +has already interacted with the authentication service, so the auth +prompt can rate limit the number of times the user can cancel +authentication attempts with the escape key (without also rate limiting +the number of times they hit escape to go back to the clock without +interacting with the authentication service). + +That means there are now two states that represent the +user actively undergoing verification: VERIFYING and +VERIFICATION_IN_PROGRESS. + +It's inappropriate to reset the smartcard service if the user is +actively conversing with it. We try to check for that by looking at the +original verification state, VERIFYING, but we unfortunately, neglected +to account for the new VERIFICATION_IN_PROGRESS state. + +This commit fixes that oversight, and allows users to again pre-type +their smartcard pin at the clock before inserting their smartcard. +--- + js/gdm/authPrompt.js | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js +index 4da91e096..e961f396e 100644 +--- a/js/gdm/authPrompt.js ++++ b/js/gdm/authPrompt.js +@@ -327,61 +327,62 @@ var AuthPrompt = GObject.registerClass({ + _onShowChoiceList(userVerifier, serviceName, promptMessage, choiceList) { + if (this._queryingService) + this.clear(); + + this._queryingService = serviceName; + + if (this._preemptiveAnswer) + this._preemptiveAnswer = null; + + this.setChoiceList(promptMessage, choiceList); + this.updateSensitivity(true); + this.emit('prompted'); + } + + _onCredentialManagerAuthenticated() { + if (this.verificationStatus != AuthPromptStatus.VERIFICATION_SUCCEEDED) + this.reset(); + } + + _onSmartcardStatusChanged() { + this.smartcardDetected = this._userVerifier.smartcardDetected; + + // Most of the time we want to reset if the user inserts or removes + // a smartcard. Smartcard insertion "preempts" what the user was + // doing, and smartcard removal aborts the preemption. + // The exceptions are: 1) Don't reset on smartcard insertion if we're already verifying + // with a smartcard + // 2) Don't reset if we've already succeeded at verification and + // the user is getting logged in. + if (this._userVerifier.serviceIsDefault(GdmUtil.SMARTCARD_SERVICE_NAME) && +- this.verificationStatus == AuthPromptStatus.VERIFYING && ++ (this.verificationStatus === AuthPromptStatus.VERIFYING || ++ this.verificationStatus === AuthPromptStatus.VERIFICATION_IN_PROGRESS) && + this.smartcardDetected) + return; + + if (this.verificationStatus != AuthPromptStatus.VERIFICATION_SUCCEEDED) + this.reset(); + } + + _onShowMessage(_userVerifier, serviceName, message, type) { + this.setMessage(serviceName, message, type); + this.emit('prompted'); + } + + _onVerificationFailed(userVerifier, serviceName, canRetry) { + const wasQueryingService = this._queryingService === serviceName; + + if (wasQueryingService) { + this._queryingService = null; + this.clear(); + } + + this.updateSensitivity(canRetry); + this.setActorInDefaultButtonWell(null); + + if (!canRetry) + this.verificationStatus = AuthPromptStatus.VERIFICATION_FAILED; + + if (wasQueryingService) + Util.wiggle(this._entry); + } + +-- +2.39.1 + |