[gdm: 1/2] session: Threat PAM max retries error as service unavailable

[Ray Strode <halfline src gnome org>]

commit 504fec05f9ce504473935f2ae3a5bc22cc49a185
Author: Marco Trevisan (Treviño) <mail 3v1n0 net>
Date:   Tue Feb 16 01:33:11 2021 +0100

    session: Threat PAM max retries error as service unavailable
    
    When a service has returned PAM_MAXTRIES error code we should both emit
    the error message and also ensure that this service isn't marked as
    available again for the current session, to prevent us to restart the
    authentication of it.
    
    An example of this can be the PAM fprintd module that will return us a
    max retries error when the user tried to use his finger more times than
    configured. In such scenario we want to both prompt the error to the
    user and prevent that this module is used again if the user can still
    use other authentication methods.
    
    So add an error specialization for PAM_MAXTRIES and threat it as service
    unavailable error when emitting it.

 daemon/gdm-session-worker-common.h | 1 +
 daemon/gdm-session-worker.c        | 7 +++++++
 daemon/gdm-session.c               | 5 ++++-
 3 files changed, 12 insertions(+), 1 deletion(-)
---
diff --git a/daemon/gdm-session-worker-common.h b/daemon/gdm-session-worker-common.h
index a55e2b2af..7dab7d4bd 100644
--- a/daemon/gdm-session-worker-common.h
+++ b/daemon/gdm-session-worker-common.h
@@ -36,6 +36,7 @@ typedef enum _GdmSessionWorkerError {
         GDM_SESSION_WORKER_ERROR_COMMUNICATING,
         GDM_SESSION_WORKER_ERROR_WORKER_DIED,
         GDM_SESSION_WORKER_ERROR_SERVICE_UNAVAILABLE,
+        GDM_SESSION_WORKER_ERROR_TOO_MANY_RETRIES,
         GDM_SESSION_WORKER_ERROR_AUTHENTICATING,
         GDM_SESSION_WORKER_ERROR_AUTHORIZING,
         GDM_SESSION_WORKER_ERROR_OPENING_LOG_FILE,
diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
index e4d2e3fa8..cb53e4619 100644
--- a/daemon/gdm-session-worker.c
+++ b/daemon/gdm-session-worker.c
@@ -1283,6 +1283,13 @@ gdm_session_worker_authenticate_user (GdmSessionWorker *worker,
                              GDM_SESSION_WORKER_ERROR_SERVICE_UNAVAILABLE,
                              "%s", "");
                 goto out;
+        } else if (error_code == PAM_MAXTRIES) {
+                g_debug ("GdmSessionWorker: authentication service had too many retries");
+                g_set_error_literal (error,
+                                     GDM_SESSION_WORKER_ERROR,
+                                     GDM_SESSION_WORKER_ERROR_TOO_MANY_RETRIES,
+                                     get_friendly_error_message (worker, error_code));
+                goto out;
         } else if (error_code != PAM_SUCCESS) {
                 g_debug ("GdmSessionWorker: authentication returned %d: %s", error_code, pam_strerror 
(worker->priv->pam_handle, error_code));
 
diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c
index b07ffa820..a6f00b66d 100644
--- a/daemon/gdm-session.c
+++ b/daemon/gdm-session.c
@@ -220,7 +220,10 @@ report_and_stop_conversation (GdmSession *self,
         if (self->user_verifier_interface != NULL) {
                 if (g_error_matches (error,
                                      GDM_SESSION_WORKER_ERROR,
-                                     GDM_SESSION_WORKER_ERROR_SERVICE_UNAVAILABLE)) {
+                                     GDM_SESSION_WORKER_ERROR_SERVICE_UNAVAILABLE) ||
+                    g_error_matches (error,
+                                     GDM_SESSION_WORKER_ERROR,
+                                     GDM_SESSION_WORKER_ERROR_TOO_MANY_RETRIES)) {
                         gdm_dbus_user_verifier_emit_service_unavailable (self->user_verifier_interface,
                                                                          service_name,
                                                                          error->message);