[gnome-shell/gnome-3-36] gdm: Don't try to retry authenticating when the service is unavailable

[Marge Bot <marge-bot src gnome org>]

commit 9f33c0045497a86a0f56f677c86cc6c16a50f300
Author: Marco Trevisan (Treviño) <mail 3v1n0 net>
Date:   Mon Feb 15 20:59:57 2021 +0100

    gdm: Don't try to retry authenticating when the service is unavailable
    
    In the case a service is not available (as it can be in the fingereprint
    case when a supported reader is available but has not enrolled prints)
    we were trying indefinitely to restart it.
    
    However, in such cases the PAM services are expected to return a
    PAM_AUTHINFO_UNAVAIL and gdm to handle it, emitting service-unavailable
    signal.
    
    So connect to ::service-unavailable and keep track of the unavailable
    services so that we can avoid retrying with them.
    In case such service is not the foreground one, we can just silently
    ignore the error, without bothering failing the whole verification.
    
    In case we got a valid error message on service-unavailable, we also
    show it, this is normally not happening unless GDM isn't redirecting
    here other kind of problems (such as MAXTRIES) which are supposed to
    stop the authentication stopping any further retry.
    
    Closes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3734
    Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1784>

 js/gdm/util.js | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
---
diff --git a/js/gdm/util.js b/js/gdm/util.js
index 7870715c85..3b3e5a5cd1 100644
--- a/js/gdm/util.js
+++ b/js/gdm/util.js
@@ -150,6 +150,7 @@ var ShellUserVerifier = class {
         this.reauthenticating = false;
 
         this._failCounter = 0;
+        this._unavailableServices = new Set();
 
         this._oVirtCredentialsManager = OVirt.getOVirtCredentialsManager();
 
@@ -390,6 +391,7 @@ var ShellUserVerifier = class {
         this._userVerifier.connect('info-query', this._onInfoQuery.bind(this));
         this._userVerifier.connect('secret-info-query', this._onSecretInfoQuery.bind(this));
         this._userVerifier.connect('conversation-stopped', this._onConversationStopped.bind(this));
+        this._userVerifier.connect('service-unavailable', this._onServiceUnavailable.bind(this));
         this._userVerifier.connect('reset', this._onReset.bind(this));
         this._userVerifier.connect('verification-complete', this._onVerificationComplete.bind(this));
     }
@@ -522,6 +524,7 @@ var ShellUserVerifier = class {
     _onReset() {
         // Clear previous attempts to authenticate
         this._failCounter = 0;
+        this._unavailableServices.clear();
         this._updateDefaultService();
 
         this.emit('reset');
@@ -580,6 +583,16 @@ var ShellUserVerifier = class {
         this.emit('verification-failed', canRetry);
     }
 
+    _onServiceUnavailable(_client, serviceName, errorMessage) {
+        this._unavailableServices.add(serviceName);
+
+        if (!errorMessage)
+            return;
+
+        if (this.serviceIsForeground(serviceName) || this.serviceIsFingerprint(serviceName))
+            this._queueMessage(errorMessage, MessageType.ERROR);
+    }
+
     _onConversationStopped(client, serviceName) {
         // If the login failed with the preauthenticated oVirt credentials
         // then discard the credentials and revert to default authentication
@@ -591,6 +604,9 @@ var ShellUserVerifier = class {
             return;
         }
 
+        if (this._unavailableServices.has(serviceName))
+            return;
+
         // if the password service fails, then cancel everything.
         // But if, e.g., fingerprint fails, still give
         // password authentication a chance to succeed