[gnome-shell] gdm: Count fingerprint authentication failures in fail counter

From: Marge Bot <marge-bot src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-shell] gdm: Count fingerprint authentication failures in fail counter
Date: Mon, 15 Feb 2021 17:05:28 +0000 (UTC)

commit 6ccd2896919600fb65f9e4deebab31c89b2fba6e
Author: Marco Trevisan (Treviño) <mail 3v1n0 net>
Date:   Mon Feb 1 18:40:03 2021 +0100

    gdm: Count fingerprint authentication failures in fail counter
    
    Fingerprint PAM module can have multiple failures during a runtime
    and we rely on the pam module configuration for the maximum allowed
    retries.
    
    However, while that setting should be always followed, we should never
    ignore the login-screen's allowed-failures setting that can provide
    a lower value.
    
    So, once we have a fingerprint failure let's count it to increase our
    internal fail counter, and when we've reached the limit we can emit a
    verification-failed signal to our clients.
    
    As per this we need also to ignore any further 'info' messages that we
    could receive from the fingerprint service, as it may be configured to
    handle more retries than us and they might arrive before we have
    cancelled the verification session.
    
    Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>

 js/gdm/util.js | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)
---
diff --git a/js/gdm/util.js b/js/gdm/util.js
index 0a275d50e2..369bf89f1f 100644
--- a/js/gdm/util.js
+++ b/js/gdm/util.js
@@ -556,6 +556,12 @@ var ShellUserVerifier = class {
             return;
 
         this._queueMessage(problem, MessageType.ERROR);
+        if (isFingerprint) {
+            this._failCounter++;
+
+            if (!this._canRetry())
+                this._verificationFailed(serviceName, false);
+        }
     }
 
     _onInfoQuery(client, serviceName, question) {
@@ -604,15 +610,18 @@ var ShellUserVerifier = class {
         this._startService(serviceName);
     }
 
+    _canRetry() {
+        return this._userName &&
+            (this._reauthOnly || this._failCounter < this.allowedFailures);
+    }
+
     _verificationFailed(serviceName, retry) {
         // For Not Listed / enterprise logins, immediately reset
         // the dialog
         // Otherwise, when in login mode we allow ALLOWED_FAILURES attempts.
         // After that, we go back to the welcome screen.
 
-        let canRetry = retry && this._userName &&
-            (this._reauthOnly ||
-             this._failCounter < this._settings.get_int(ALLOWED_FAILURES_KEY));
+        const canRetry = retry && this._canRetry();
 
         this._disconnectSignals();

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]