rpms / gnome-shell

Clone
Source Code
GIT

Files

42-rc-2242 f12 f13 f14 f15 f16 f17 f18 f19 f20 f20-gnome-3-12 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main origin/airlied/wip/f16-workarounds rawhide rstrode/wip/just-for-airlied
  1.   f34
  2.   0001-gdm-Work-around-failing-fingerprint-auth.patch
Blob Blame History Raw 
From 22df9fa5e3c973d5a194f2bbdbcdd4a64511bc93 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 28 Apr 2021 16:50:03 +0200
Subject: [PATCH] gdm: Work around failing fingerprint auth

On Fedora we have the problem that fingerprint auth fails immediately if
the PAM configuration has not been updated and no prints are enrolled.

So, consider a verification failure within one second to be a service
failure instead.
---
 js/gdm/util.js | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/js/gdm/util.js b/js/gdm/util.js
index b02cd4d73..118a05100 100644
--- a/js/gdm/util.js
+++ b/js/gdm/util.js
@@ -157,6 +157,7 @@ var ShellUserVerifier = class {
             null,
             null,
             Gio.DBusProxyFlags.DO_NOT_LOAD_PROPERTIES);
+        this._fprintStartTime = -1;
         this._smartcardManager = SmartcardManager.getSmartcardManager();
 
         // We check for smartcards right away, since an inserted smartcard
@@ -543,6 +544,10 @@ var ShellUserVerifier = class {
     async _startService(serviceName) {
         this._hold.acquire();
         try {
+            if (serviceName == FINGERPRINT_SERVICE_NAME) {
+                this._fprintStartTime = GLib.get_monotonic_time();
+            }
+
             if (this._userName) {
                 await this._userVerifier.call_begin_verification_for_user(
                     serviceName, this._userName, this._cancellable);
@@ -624,6 +629,7 @@ var ShellUserVerifier = class {
                 const cancellable = this._cancellable;
                 this._fingerprintFailedId = GLib.timeout_add(GLib.PRIORITY_DEFAULT,
                     FINGERPRINT_ERROR_TIMEOUT_WAIT, () => {
+                        log("Generating _verificationFailed!");
                         this._fingerprintFailedId = 0;
                         if (!cancellable.is_cancelled())
                             this._verificationFailed(serviceName, false);
@@ -689,6 +695,18 @@ var ShellUserVerifier = class {
         if (serviceName === FINGERPRINT_SERVICE_NAME) {
             if (this._fingerprintFailedId)
                 GLib.source_remove(this._fingerprintFailedId);
+
+            // On Fedora we have the problem that fingerprint auth fails
+            // immediately if the PAM configuration has not been updated and no
+            // prints are enrolled.
+            // So, consider a verification failure within one second to be a service
+            // failure instead.
+            if (this._fprintStartTime > GLib.get_monotonic_time() - GLib.USEC_PER_SEC) {
+                log("Fingerprint service failed almost immediately, considering it unavailable.");
+                log("Please fix your configuration by running: authselect select --force sssd with-fingerprint with-silent-lastlog");
+                this._onServiceUnavailable(this._client, serviceName, null);
+                return;
+            }
         }
 
         // For Not Listed / enterprise logins, immediately reset
-- 
2.31.1
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.