brl/gnome-shell
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gdm/util: Only initialize fingerprint and smart card managers if needed

Browse Source 
There's no point to initialize the fprint proxy and the smartcard
manager if they are disabled in authentication settings, so just avoid
initializing them, but at the same time this implies tracking of user
changes and so:
 - If a new service has been enabled, we initialize it
 - If a service has been disabled we destroy it and reset the
   authentication if such service was currently active

In both cases we do update the default service.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2267>
This commit is contained in:
Marco Trevisan (Treviño) 2022-03-01 11:57:20 +01:00
parent 9f3a9f8f2c
commit ea3731de38
1 changed files with 72 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
js/gdm/util.js
View File

@ -121,32 +121,10 @@ export class ShellUserVerifier extends Signals.EventEmitter {
this.smartcardDetected = false;
this._settings = new Gio.Settings({schema_id: LOGIN_SCREEN_SCHEMA});
this._settings.connect('changed',
this._updateDefaultService.bind(this));
this._settings.connect('changed', () => this._onSettingsChanged());
this._updateEnabledServices();
this._updateDefaultService();
this._fprintManager = new Gio.DBusProxy({
g_connection: Gio.DBus.system,
g_name: 'net.reactivated.Fprint',
g_object_path: '/net/reactivated/Fprint/Manager',
g_interface_name: FprintManagerInfo.name,
g_interface_info: FprintManagerInfo,
g_flags: Gio.DBusProxyFlags.DO_NOT_LOAD_PROPERTIES,
});
this._fprintManager.init(null);
this._smartcardManager = SmartcardManager.getSmartcardManager();
// We check for smartcards right away, since an inserted smartcard
// at startup should result in immediately initiating authentication.
// This is different than fingerprint readers, where we only check them
// after a user has been picked.
this.smartcardDetected = false;
this._checkForSmartcard();
this._smartcardManager.connectObject(
'smartcard-inserted', this._checkForSmartcard.bind(this),
'smartcard-removed', this._checkForSmartcard.bind(this), this);
this.addCredentialManager(OVirt.SERVICE_NAME, OVirt.getOVirtCredentialsManager());
this.addCredentialManager(Vmware.SERVICE_NAME, Vmware.getVmwareCredentialsManager());
}
@ -241,9 +219,11 @@ export class ShellUserVerifier extends Signals.EventEmitter {
this._settings.run_dispose();
this._settings = null;
this._smartcardManager.disconnectObject(this);
this._smartcardManager?.disconnectObject(this);
this._smartcardManager = null;
this._fingerprintManager = null;
for (let service in this._credentialManagers)
this.removeCredentialManager(service);
}
@ -352,11 +332,25 @@ export class ShellUserVerifier extends Signals.EventEmitter {
this.emit('show-message', null, null, MessageType.NONE);
}
_initFingerprintManager() {
if (this._fprintManager)
return;
this._fprintManager = new Gio.DBusProxy({
g_connection: Gio.DBus.system,
g_name: 'net.reactivated.Fprint',
g_object_path: '/net/reactivated/Fprint/Manager',
g_interface_name: FprintManagerInfo.name,
g_interface_info: FprintManagerInfo,
g_flags: Gio.DBusProxyFlags.DO_NOT_LOAD_PROPERTIES,
});
this._fprintManager.init(null);
}
async _checkForFingerprintReader() {
this._fingerprintReaderType = FingerprintReaderType.NONE;
if (!this._settings.get_boolean(FINGERPRINT_AUTHENTICATION_KEY) ||
this._fprintManager == null) {
if (!this._fprintManager) {
this._updateDefaultService();
return;
}
@ -381,6 +375,24 @@ export class ShellUserVerifier extends Signals.EventEmitter {
this.emit('credential-manager-authenticated');
}
_initSmartcardManager() {
if (this._smartcardManager)
return;
this._smartcardManager = SmartcardManager.getSmartcardManager();
// We check for smartcards right away, since an inserted smartcard
// at startup should result in immediately initiating authentication.
// This is different than fingerprint readers, where we only check them
// after a user has been picked.
this.smartcardDetected = false;
this._checkForSmartcard();
this._smartcardManager.connectObject(
'smartcard-inserted', () => this._checkForSmartcard(),
'smartcard-removed', () => this._checkForSmartcard(), this);
}
_checkForSmartcard() {
let smartcardDetected;
@ -521,12 +533,44 @@ export class ShellUserVerifier extends Signals.EventEmitter {
serviceName === FINGERPRINT_SERVICE_NAME;
}
_onSettingsChanged() {
this._updateEnabledServices();
this._updateDefaultService();
}
_updateEnabledServices() {
let needsReset = false;
if (this._settings.get_boolean(FINGERPRINT_AUTHENTICATION_KEY)) {
this._initFingerprintManager();
} else if (this._fingerprintManager) {
this._fingerprintManager = null;
this._fingerprintReaderType = FingerprintReaderType.NONE;
if (this._activeServices.has(FINGERPRINT_SERVICE_NAME))
needsReset = true;
}
if (this._settings.get_boolean(SMARTCARD_AUTHENTICATION_KEY)) {
this._initSmartcardManager();
} else if (this._smartcardManager) {
this._smartcardManager.disconnectObject(this);
this._smartcardManager = null;
if (this._activeServices.has(SMARTCARD_SERVICE_NAME))
needsReset = true;
}
if (needsReset)
this._cancelAndReset();
}
_updateDefaultService() {
const oldDefaultService = this._defaultService;
if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))
this._defaultService = PASSWORD_SERVICE_NAME;
else if (this._settings.get_boolean(SMARTCARD_AUTHENTICATION_KEY))
else if (this._smartcardManager)
this._defaultService = SMARTCARD_SERVICE_NAME;
else if (this._fingerprintReaderType !== FingerprintReaderType.NONE)
this._defaultService = FINGERPRINT_SERVICE_NAME;