util: abstract out default auth service in code
Right now, the primary way a user logs in is with a password. They can also swipe their finger, if their fingerprint is enrolled, but it's expected the fingerprint auth service won't ask questions the user has to respond to by typing. As such, we ignore questions that comes from anything but the main auth service: gdm-password. In the future, if a user inserts a smartcard, we'll want to treat the gdm-smartcard service as the main auth service, and let any questions from it get to the user. This commit tries to prepare for that eventuality by storing the name of the default auth service away in a _defaultService variable before verification has begun, and then later checking incoming queries against that service instead of checking against string 'gdm-password' directly. Of course, right now, _defaultService is always gdm-password. https://bugzilla.gnome.org/show_bug.cgi?id=683437
This commit is contained in:
parent
93f072d1fc
commit
148f2210ca
@ -116,6 +116,7 @@ const ShellUserVerifier = new Lang.Class({
|
|||||||
this._client = client;
|
this._client = client;
|
||||||
|
|
||||||
this._settings = new Gio.Settings({ schema: LOGIN_SCREEN_SCHEMA });
|
this._settings = new Gio.Settings({ schema: LOGIN_SCREEN_SCHEMA });
|
||||||
|
this._updateDefaultService();
|
||||||
|
|
||||||
this._fprintManager = new Fprint.FprintManager();
|
this._fprintManager = new Fprint.FprintManager();
|
||||||
this._messageQueue = [];
|
this._messageQueue = [];
|
||||||
@ -302,11 +303,25 @@ const ShellUserVerifier = new Lang.Class({
|
|||||||
this._userVerifier.connect('verification-complete', Lang.bind(this, this._onVerificationComplete));
|
this._userVerifier.connect('verification-complete', Lang.bind(this, this._onVerificationComplete));
|
||||||
},
|
},
|
||||||
|
|
||||||
|
_getForegroundService: function() {
|
||||||
|
// For now, the foreground service is always the default service
|
||||||
|
return this._defaultService;
|
||||||
|
},
|
||||||
|
|
||||||
|
serviceIsForeground: function(serviceName) {
|
||||||
|
return serviceName == this._getForegroundService();
|
||||||
|
},
|
||||||
|
|
||||||
|
_updateDefaultService: function() {
|
||||||
|
// For now, the default service is always the password service
|
||||||
|
this._defaultService = PASSWORD_SERVICE_NAME;
|
||||||
|
},
|
||||||
|
|
||||||
_beginVerification: function() {
|
_beginVerification: function() {
|
||||||
this._hold.acquire();
|
this._hold.acquire();
|
||||||
|
|
||||||
if (this._userName) {
|
if (this._userName) {
|
||||||
this._userVerifier.call_begin_verification_for_user(PASSWORD_SERVICE_NAME,
|
this._userVerifier.call_begin_verification_for_user(this._getForegroundService(),
|
||||||
this._userName,
|
this._userName,
|
||||||
this._cancellable,
|
this._cancellable,
|
||||||
Lang.bind(this, function(obj, result) {
|
Lang.bind(this, function(obj, result) {
|
||||||
@ -342,7 +357,7 @@ const ShellUserVerifier = new Lang.Class({
|
|||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
this._userVerifier.call_begin_verification(PASSWORD_SERVICE_NAME,
|
this._userVerifier.call_begin_verification(this._getForegroundService(),
|
||||||
this._cancellable,
|
this._cancellable,
|
||||||
Lang.bind(this, function(obj, result) {
|
Lang.bind(this, function(obj, result) {
|
||||||
try {
|
try {
|
||||||
@ -369,30 +384,27 @@ const ShellUserVerifier = new Lang.Class({
|
|||||||
// Translators: this message is shown below the password entry field
|
// Translators: this message is shown below the password entry field
|
||||||
// to indicate the user can swipe their finger instead
|
// to indicate the user can swipe their finger instead
|
||||||
this.emit('show-login-hint', _("(or swipe finger)"));
|
this.emit('show-login-hint', _("(or swipe finger)"));
|
||||||
} else if (serviceName == PASSWORD_SERVICE_NAME) {
|
} else if (this.serviceIsForeground(serviceName)) {
|
||||||
this._queueMessage(info, 'login-dialog-message-info');
|
this._queueMessage(info, 'login-dialog-message-info');
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
_onProblem: function(client, serviceName, problem) {
|
_onProblem: function(client, serviceName, problem) {
|
||||||
// we don't want to show auth failed messages to
|
if (!this.serviceIsForeground(serviceName))
|
||||||
// users who haven't enrolled their fingerprint.
|
|
||||||
if (serviceName != PASSWORD_SERVICE_NAME)
|
|
||||||
return;
|
return;
|
||||||
|
|
||||||
this._queueMessage(problem, 'login-dialog-message-warning');
|
this._queueMessage(problem, 'login-dialog-message-warning');
|
||||||
},
|
},
|
||||||
|
|
||||||
_onInfoQuery: function(client, serviceName, question) {
|
_onInfoQuery: function(client, serviceName, question) {
|
||||||
// We only expect questions to come from the main auth service
|
if (!this.serviceIsForeground(serviceName))
|
||||||
if (serviceName != PASSWORD_SERVICE_NAME)
|
|
||||||
return;
|
return;
|
||||||
|
|
||||||
this.emit('ask-question', serviceName, question, '');
|
this.emit('ask-question', serviceName, question, '');
|
||||||
},
|
},
|
||||||
|
|
||||||
_onSecretInfoQuery: function(client, serviceName, secretQuestion) {
|
_onSecretInfoQuery: function(client, serviceName, secretQuestion) {
|
||||||
// We only expect secret requests to come from the main auth service
|
if (!this.serviceIsForeground(serviceName))
|
||||||
if (serviceName != PASSWORD_SERVICE_NAME)
|
|
||||||
return;
|
return;
|
||||||
|
|
||||||
this.emit('ask-question', serviceName, secretQuestion, '\u25cf');
|
this.emit('ask-question', serviceName, secretQuestion, '\u25cf');
|
||||||
@ -401,6 +413,7 @@ const ShellUserVerifier = new Lang.Class({
|
|||||||
_onReset: function() {
|
_onReset: function() {
|
||||||
// Clear previous attempts to authenticate
|
// Clear previous attempts to authenticate
|
||||||
this._failCounter = 0;
|
this._failCounter = 0;
|
||||||
|
this._updateDefaultService();
|
||||||
|
|
||||||
this.emit('reset');
|
this.emit('reset');
|
||||||
},
|
},
|
||||||
@ -457,7 +470,7 @@ const ShellUserVerifier = new Lang.Class({
|
|||||||
// if the password service fails, then cancel everything.
|
// if the password service fails, then cancel everything.
|
||||||
// But if, e.g., fingerprint fails, still give
|
// But if, e.g., fingerprint fails, still give
|
||||||
// password authentication a chance to succeed
|
// password authentication a chance to succeed
|
||||||
if (serviceName == PASSWORD_SERVICE_NAME) {
|
if (this.serviceIsForeground(serviceName)) {
|
||||||
this._verificationFailed(true);
|
this._verificationFailed(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user