rpms / gnome-shell

Clone
Source Code
GIT

Files

42-rc-2242 f12 f13 f14 f15 f16 f17 f18 f19 f20 f20-gnome-3-12 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main origin/airlied/wip/f16-workarounds rawhide rstrode/wip/just-for-airlied
  1.   rawhide
  2.   0001-gdm-Work-around-failing-fingerprint-auth.patch
Blob Blame History Raw 
From ff73f820b1398e5d60b8984b0003db46ad70b8ec Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 28 Apr 2021 16:50:03 +0200
Subject: [PATCH] gdm: Work around failing fingerprint auth

On Fedora we have the problem that fingerprint auth fails immediately if
the PAM configuration has not been updated and no prints are enrolled.

So, consider a verification failure within one second to be a service
failure instead.
---
 js/gdm/util.js | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/js/gdm/util.js b/js/gdm/util.js
index 97df6d687e..371953cb25 100644
--- a/js/gdm/util.js
+++ b/js/gdm/util.js
@@ -109,6 +109,7 @@ export class ShellUserVerifier extends Signals.EventEmitter {
         this._defaultService = null;
         this._preemptingService = null;
         this._fingerprintReaderType = FingerprintReaderType.NONE;
+        this._fprintStartTime = -1;
 
         this._messageQueue = [];
         this._messageQueueTimeoutId = 0;
@@ -669,6 +670,10 @@ export class ShellUserVerifier extends Signals.EventEmitter {
         this._hold.acquire();
         try {
             this._activeServices.add(serviceName);
+
+            if (serviceName == FINGERPRINT_SERVICE_NAME)
+                this._fprintStartTime = GLib.get_monotonic_time();
+
             if (this._userName) {
                 await this._userVerifier.call_begin_verification_for_user(
                     serviceName, this._userName, this._cancellable);
@@ -763,6 +768,7 @@ export class ShellUserVerifier extends Signals.EventEmitter {
                 const cancellable = this._cancellable;
                 this._fingerprintFailedId = GLib.timeout_add(GLib.PRIORITY_DEFAULT,
                     FINGERPRINT_ERROR_TIMEOUT_WAIT, () => {
+                        log("Generating _verificationFailed!");
                         this._fingerprintFailedId = 0;
                         if (!cancellable.is_cancelled())
                             this._verificationFailed(serviceName, false);
@@ -829,6 +835,18 @@ export class ShellUserVerifier extends Signals.EventEmitter {
         if (serviceName === FINGERPRINT_SERVICE_NAME) {
             if (this._fingerprintFailedId)
                 GLib.source_remove(this._fingerprintFailedId);
+
+            // On Fedora we have the problem that fingerprint auth fails
+            // immediately if the PAM configuration has not been updated and no
+            // prints are enrolled.
+            // So, consider a verification failure within one second to be a service
+            // failure instead.
+            if (this._fprintStartTime > GLib.get_monotonic_time() - GLib.USEC_PER_SEC) {
+                log("Fingerprint service failed almost immediately, considering it unavailable.");
+                log("Please fix your configuration by running: authselect select --force sssd with-fingerprint with-silent-lastlog");
+                this._onServiceUnavailable(this._client, serviceName, null);
+                return;
+            }
         }
 
         // For Not Listed / enterprise logins, immediately reset
-- 
2.43.2
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.