gdm: Don't try to retry authenticating when the service is unavailable
In the case a service is not available (as it can be in the fingereprint case when a supported reader is available but has not enrolled prints) we were trying indefinitely to restart it, however this can lead to troubles since commit7a2e629bas when the service conversation was stopped we had no way to figure out this case and we'd end up to eventually fail the whole authentication. However, in such cases the PAM services are expected to return a PAM_AUTHINFO_UNAVAIL and gdm to handle it, emitting service-unavailable signal. So connect to ::service-unavailable and keep track of the unavailable services so that we can avoid retrying with them. In case such service is not the foreground one, we can just silently ignore the error as we did before commit7a2e629b, without bothering failing the whole verification. In case we got a valid error message on service-unavailable, we also show it, this is normally not happening unless GDM isn't redirecting here other kind of problems (such as MAXTRIES) which are supposed to stop the authentication stopping any further retry. Closes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3734 Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1683>
This commit is contained in:
Marco Trevisan (Treviño)
Ray Strode
parent
e65e5edee6
commit
1ee9278786
@ -175,6 +175,7 @@ var ShellUserVerifier = class {
|
||||
this.reauthenticating = false;
|
||||
|
||||
this._failCounter = 0;
|
||||
this._unavailableServices = new Set();
|
||||
|
||||
this._credentialManagers = {};
|
||||
this._credentialManagers[OVirt.SERVICE_NAME] = OVirt.getOVirtCredentialsManager();
|
||||
@ -452,6 +453,8 @@ var ShellUserVerifier = class {
|
||||
this._signalIds.push(id);
|
||||
id = this._userVerifier.connect('conversation-stopped', this._onConversationStopped.bind(this));
|
||||
this._signalIds.push(id);
|
||||
id = this._userVerifier.connect('service-unavailable', this._onServiceUnavailable.bind(this));
|
||||
this._signalIds.push(id);
|
||||
id = this._userVerifier.connect('reset', this._onReset.bind(this));
|
||||
this._signalIds.push(id);
|
||||
id = this._userVerifier.connect('verification-complete', this._onVerificationComplete.bind(this));
|
||||
@ -598,6 +601,7 @@ var ShellUserVerifier = class {
|
||||
_onReset() {
|
||||
// Clear previous attempts to authenticate
|
||||
this._failCounter = 0;
|
||||
this._unavailableServices.clear();
|
||||
this._updateDefaultService();
|
||||
|
||||
this.emit('reset');
|
||||
@ -661,6 +665,16 @@ var ShellUserVerifier = class {
|
||||
this.emit('verification-failed', serviceName, canRetry);
|
||||
}
|
||||
|
||||
_onServiceUnavailable(_client, serviceName, errorMessage) {
|
||||
this._unavailableServices.add(serviceName);
|
||||
|
||||
if (!errorMessage)
|
||||
return;
|
||||
|
||||
if (this.serviceIsForeground(serviceName) || this.serviceIsFingerprint(serviceName))
|
||||
this._queueMessage(serviceName, errorMessage, MessageType.ERROR);
|
||||
}
|
||||
|
||||
_onConversationStopped(client, serviceName) {
|
||||
// If the login failed with the preauthenticated oVirt credentials
|
||||
// then discard the credentials and revert to default authentication
|
||||
@ -674,6 +688,9 @@ var ShellUserVerifier = class {
|
||||
return;
|
||||
}
|
||||
|
||||
if (this._unavailableServices.has(serviceName))
|
||||
return;
|
||||
|
||||
// if the password service fails, then cancel everything.
|
||||
// But if, e.g., fingerprint fails, still give
|
||||
// password authentication a chance to succeed
|
||||
|
||||
Loading…
Reference in New Issue
Block a user