[gnome-online-accounts/gnome-3-38] kerberos-identity: Handle information-only prompts when signing in



commit 04e57e92920382a39a5608697602529280340321
Author: Pedro Tò‚rres <t0rr3sp3dr0 gmail com>
Date:   Tue Jun 2 20:36:37 2020 -0300

    kerberos-identity: Handle information-only prompts when signing in
    
    When signing in a Kerberos identity, krb5_get_init_creds_password
    invokes the krb5_prompter_fct callback when it wants to interact with
    the user. In this case the prompter callback is on_kerberos_inquiry.
    
    Interactions with the user can either prompt the user to provide some
    further information, like a password, or they might be purely
    informational. In the latter case, the prompter callback is called with
    number_of_prompts set to 0. When this happens, the GoaKerberosIdentity
    instance waits for the user to respond, even if the GoaIdentityInquiry
    doesn't have anything in it for the user to respond to. This leads to
    a deadlock.
    
    In practice, such purely informational messages are non-critical. eg.,
    it might be about notifying the user when her password is about to
    expire. Moreover, the current Online Accounts user interface in
    Settings doesn't have a good way to present this sort of information,
    because it's only available after the user has entered the password
    through the user interface.
    
    Therefore, information-only prompts are handled by turning the
    prompter callback into a NOP, which returns success without doing
    anything else.
    
    https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/issues/92

 src/goaidentity/goakerberosidentity.c | 4 ++++
 1 file changed, 4 insertions(+)
---
diff --git a/src/goaidentity/goakerberosidentity.c b/src/goaidentity/goakerberosidentity.c
index 3272201b..45d54f4d 100644
--- a/src/goaidentity/goakerberosidentity.c
+++ b/src/goaidentity/goakerberosidentity.c
@@ -1048,6 +1048,9 @@ on_kerberos_inquiry (krb5_context      kerberos_context,
   GoaIdentityInquiry *inquiry;
   krb5_error_code error_code = 0;
 
+  if (number_of_prompts == 0)
+    goto out;
+
   inquiry = goa_kerberos_identity_inquiry_new (operation->identity,
                                                name,
                                                banner,
@@ -1068,6 +1071,7 @@ on_kerberos_inquiry (krb5_context      kerberos_context,
 
   g_object_unref (inquiry);
 
+ out:
   return error_code;
 }
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]