GdmUtil: don't call GetUserVerifier from the user session

GetUserVerifier can only be called from the greeter session,
and fails with AccessDenied in all other cases. Also, calling it
hides the real error from OpenReauthenticationChannel, which
instead should be logged.

https://bugzilla.gnome.org/show_bug.cgi?id=680750
This commit is contained in:
Giovanni Campagna 2012-08-03 17:10:45 +02:00
parent 56adbda2dc
commit 48b70f358d
2 changed files with 15 additions and 2 deletions

View File

@ -7,6 +7,7 @@ const Signals = imports.signals;
const Batch = imports.gdm.batch; const Batch = imports.gdm.batch;
const Fprint = imports.gdm.fingerprint; const Fprint = imports.gdm.fingerprint;
const Main = imports.ui.main; const Main = imports.ui.main;
const Params = imports.misc.params;
const Tweener = imports.ui.tweener; const Tweener = imports.ui.tweener;
const PASSWORD_SERVICE_NAME = 'gdm-password'; const PASSWORD_SERVICE_NAME = 'gdm-password';
@ -69,7 +70,10 @@ function fadeOutActor(actor) {
const ShellUserVerifier = new Lang.Class({ const ShellUserVerifier = new Lang.Class({
Name: 'ShellUserVerifier', Name: 'ShellUserVerifier',
_init: function(client) { _init: function(client, params) {
params = Params.parse(params, { reauthenticationOnly: false });
this._reauthOnly = params.reauthenticationOnly;
this._client = client; this._client = client;
this._settings = new Gio.Settings({ schema: LOGIN_SCREEN_SCHEMA }); this._settings = new Gio.Settings({ schema: LOGIN_SCREEN_SCHEMA });
@ -135,6 +139,15 @@ const ShellUserVerifier = new Lang.Class({
this._hold.release(); this._hold.release();
} catch (e) { } catch (e) {
if (this._reauthOnly) {
logError(e, 'Failed to open reauthentication channel');
this._hold.release();
this.emit('verification-failed');
return;
}
// If there's no session running, or it otherwise fails, then fall back // If there's no session running, or it otherwise fails, then fall back
// to performing verification from this login session // to performing verification from this login session
client.get_user_verifier(this._cancellable, Lang.bind(this, this._userVerifierGot)); client.get_user_verifier(this._cancellable, Lang.bind(this, this._userVerifierGot));

View File

@ -87,7 +87,7 @@ const UnlockDialog = new Lang.Class({
this._user = this._userManager.get_user(this._userName); this._user = this._userManager.get_user(this._userName);
this._greeterClient = new Gdm.Client(); this._greeterClient = new Gdm.Client();
this._userVerifier = new GdmUtil.ShellUserVerifier(this._greeterClient); this._userVerifier = new GdmUtil.ShellUserVerifier(this._greeterClient, { reauthenticationOnly: true });
this._userVerifier.connect('reset', Lang.bind(this, this._reset)); this._userVerifier.connect('reset', Lang.bind(this, this._reset));
this._userVerifier.connect('ask-question', Lang.bind(this, this._onAskQuestion)); this._userVerifier.connect('ask-question', Lang.bind(this, this._onAskQuestion));