powerel7
/
gui
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
433 Commits
1 Branch
0 Tags
28 MiB
 
 
 
 
 
 
Tree: 3638f27a5d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3638f27a5d'
${ noResults }
gui/SOURCES/enforce-smartcard-at-unlock...

115 lines
3.8 KiB
Raw Blame History

From b675ef2be8b5938b036714cbe42e9653b348227b Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Mon, 28 Sep 2015 10:57:02 -0400
Subject: [PATCH 1/3] smartcardManager: add way to detect if user logged using
(any) token
If a user uses a token at login time, we need to make sure they continue
to use the token at unlock time.
As a prerequisite for addressing that problem we need to know up front
if a user logged in with a token at all.
This commit adds the necessary api to detect that case.
---
js/misc/smartcardManager.js | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/js/misc/smartcardManager.js b/js/misc/smartcardManager.js
index 60808b371..503f78836 100644
--- a/js/misc/smartcardManager.js
+++ b/js/misc/smartcardManager.js
@@ -112,6 +112,13 @@ var SmartcardManager = new Lang.Class({
return false;
return true;
+ },
+
+ loggedInWithToken: function() {
+ if (this._loginToken)
+ return true;
+
+ return false;
}
});
--
1.8.3.1
From 8af02156a99145ebfb5cea9488b78495e25002b8 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Mon, 28 Sep 2015 19:56:53 -0400
Subject: [PATCH 2/3] gdm: only unlock with smartcard, if smartcard used for
login
If a smartcard is used for login, we need to make sure the smartcard
gets used for unlock, too.
---
js/gdm/util.js | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/js/gdm/util.js b/js/gdm/util.js
index 261e1e433..3d6d69c10 100644
--- a/js/gdm/util.js
+++ b/js/gdm/util.js
@@ -134,7 +134,6 @@ var ShellUserVerifier = new Lang.Class({
this._settings = new Gio.Settings({ schema_id: LOGIN_SCREEN_SCHEMA });
this._settings.connect('changed',
this._updateDefaultService.bind(this));
- this._updateDefaultService();
this._fprintManager = Fprint.FprintManager();
this._smartcardManager = SmartcardManager.getSmartcardManager();
@@ -146,6 +145,8 @@ var ShellUserVerifier = new Lang.Class({
this.smartcardDetected = false;
this._checkForSmartcard();
+ this._updateDefaultService();
+
this._smartcardInsertedId = this._smartcardManager.connect('smartcard-inserted',
this._checkForSmartcard.bind(this));
this._smartcardRemovedId = this._smartcardManager.connect('smartcard-removed',
@@ -412,7 +413,9 @@ var ShellUserVerifier = new Lang.Class({
},
_updateDefaultService() {
- if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))
+ if (this._smartcardManager.loggedInWithToken())
+ this._defaultService = SMARTCARD_SERVICE_NAME;
+ else if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))
this._defaultService = PASSWORD_SERVICE_NAME;
else if (this._settings.get_boolean(SMARTCARD_AUTHENTICATION_KEY))
this._defaultService = SMARTCARD_SERVICE_NAME;
--
1.8.3.1
From 49557edf36b817e33fb9f008f88e28a805b7665b Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Mon, 28 Sep 2015 19:57:36 -0400
Subject: [PATCH 3/3] gdm: update default service when smartcard inserted
Early on at start up we may not know if a smartcard is
available. Make sure we reupdate the default service
after we get a smartcard insertion event.
---
js/gdm/util.js | 2 ++
1 file changed, 2 insertions(+)
diff --git a/js/gdm/util.js b/js/gdm/util.js
index 3d6d69c10..f5f9d5e5d 100644
--- a/js/gdm/util.js
+++ b/js/gdm/util.js
@@ -335,6 +335,8 @@ var ShellUserVerifier = new Lang.Class({
else if (this._preemptingService == SMARTCARD_SERVICE_NAME)
this._preemptingService = null;
+ this._updateDefaultService();
+
this.emit('smartcard-status-changed');
}
},
--
1.8.3.1