Blob Blame History Raw
From 0665bd86221d3c9012f0391d8e4939a2d12b6417 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Fri, 9 Feb 2018 16:39:12 -0500
Subject: [PATCH 1/2] smartcard: Wait until smartcards are inspected before
 locking screen

There's a race condition in the code where we check if the screen should
be locked (because the smartcard is removed) before we necessarly check
the smartcard's insertion status.

This commit fixes the race by iterating through all smartcards at
startup and checking their status explicitly.
---
 plugins/smartcard/gsd-smartcard-manager.c | 61 ++++++++++++++++++-----
 1 file changed, 49 insertions(+), 12 deletions(-)

diff --git a/plugins/smartcard/gsd-smartcard-manager.c b/plugins/smartcard/gsd-smartcard-manager.c
index a6245425..94ffdd90 100644
--- a/plugins/smartcard/gsd-smartcard-manager.c
+++ b/plugins/smartcard/gsd-smartcard-manager.c
@@ -37,64 +37,73 @@
 #include <secmod.h>
 #include <secerr.h>
 
 #define GSD_SMARTCARD_MANAGER_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), GSD_TYPE_SMARTCARD_MANAGER, GsdSmartcardManagerPrivate))
 
 #define GSD_SESSION_MANAGER_LOGOUT_MODE_FORCE 2
 
 struct GsdSmartcardManagerPrivate
 {
         guint start_idle_id;
         GsdSmartcardService *service;
         GList *smartcards_watch_tasks;
         GCancellable *cancellable;
 
         GsdSessionManager *session_manager;
         GsdScreenSaver *screen_saver;
 
         GSettings *settings;
 
         NSSInitContext *nss_context;
 };
 
 #define CONF_SCHEMA "org.gnome.settings-daemon.peripherals.smartcard"
 #define KEY_REMOVE_ACTION "removal-action"
 
 static void     gsd_smartcard_manager_class_init  (GsdSmartcardManagerClass *klass);
 static void     gsd_smartcard_manager_init        (GsdSmartcardManager      *self);
 static void     gsd_smartcard_manager_finalize    (GObject                  *object);
 static void     lock_screen                       (GsdSmartcardManager *self);
 static void     log_out                           (GsdSmartcardManager *self);
+static void     on_smartcards_from_driver_watched (GsdSmartcardManager *self,
+                                                   GAsyncResult        *result,
+                                                   GTask               *task);
 G_DEFINE_TYPE (GsdSmartcardManager, gsd_smartcard_manager, G_TYPE_OBJECT)
 G_DEFINE_QUARK (gsd-smartcard-manager-error, gsd_smartcard_manager_error)
 G_LOCK_DEFINE_STATIC (gsd_smartcards_watch_tasks);
 
+typedef struct {
+        SECMODModule *driver;
+        guint         idle_id;
+        GError       *error;
+} DriverRegistrationOperation;
+
 static gpointer manager_object = NULL;
 
 static void
 gsd_smartcard_manager_class_init (GsdSmartcardManagerClass *klass)
 {
         GObjectClass   *object_class = G_OBJECT_CLASS (klass);
 
         object_class->finalize = gsd_smartcard_manager_finalize;
 
         gsd_smartcard_utils_register_error_domain (GSD_SMARTCARD_MANAGER_ERROR,
                                                    GSD_TYPE_SMARTCARD_MANAGER_ERROR);
         g_type_class_add_private (klass, sizeof (GsdSmartcardManagerPrivate));
 }
 
 static void
 gsd_smartcard_manager_init (GsdSmartcardManager *self)
 {
         self->priv = GSD_SMARTCARD_MANAGER_GET_PRIVATE (self);
 }
 
 static void
 load_nss (GsdSmartcardManager *self)
 {
         GsdSmartcardManagerPrivate *priv = self->priv;
         NSSInitContext *context = NULL;
 
         /* The first field in the NSSInitParameters structure
          * is the size of the structure. NSS requires this, so
          * that it can change the size of the structure in future
          * versions of NSS in a detectable way
@@ -291,135 +300,168 @@ watch_smartcards_from_driver (GTask                    *task,
                         break;
                 }
 
                 if (!watch_succeeded) {
                         g_task_return_error (task, error);
                         break;
                 }
         }
 }
 
 static void
 destroy_watch_smartcards_operation (WatchSmartcardsOperation *operation)
 {
         SECMOD_DestroyModule (operation->driver);
         g_hash_table_unref (operation->smartcards);
         g_free (operation);
 }
 
 static void
 on_smartcards_watch_task_destroyed (GsdSmartcardManager *self,
                                     GTask               *freed_task)
 {
         GsdSmartcardManagerPrivate *priv = self->priv;
 
         G_LOCK (gsd_smartcards_watch_tasks);
         priv->smartcards_watch_tasks = g_list_remove (priv->smartcards_watch_tasks,
                                                       freed_task);
         G_UNLOCK (gsd_smartcards_watch_tasks);
 }
 
+static void
+sync_initial_tokens_from_driver (GsdSmartcardManager *self,
+                                 SECMODModule        *driver,
+                                 GHashTable          *smartcards,
+                                 GCancellable        *cancellable)
+{
+        GsdSmartcardManagerPrivate *priv = self->priv;
+        int i;
+
+        for (i = 0; i < driver->slotCount; i++) {
+                PK11SlotInfo *card;
+
+                card = driver->slots[i];
+
+                if (PK11_IsPresent (card)) {
+                        CK_SLOT_ID slot_id;
+                        slot_id = PK11_GetSlotID (card);
+
+                        g_debug ("Detected smartcard in slot %d at start up", (int) slot_id);
+
+                        g_hash_table_replace (smartcards,
+                                              GINT_TO_POINTER ((int) slot_id),
+                                              PK11_ReferenceSlot (card));
+                        gsd_smartcard_service_sync_token (priv->service, card, cancellable);
+                }
+        }
+}
+
 static void
 watch_smartcards_from_driver_async (GsdSmartcardManager *self,
                                     SECMODModule        *driver,
                                     GCancellable        *cancellable,
                                     GAsyncReadyCallback  callback,
                                     gpointer             user_data)
 {
         GsdSmartcardManagerPrivate *priv = self->priv;
         GTask *task;
         WatchSmartcardsOperation *operation;
 
         operation = g_new0 (WatchSmartcardsOperation, 1);
         operation->driver = SECMOD_ReferenceModule (driver);
         operation->smartcards = g_hash_table_new_full (g_direct_hash,
                                                        g_direct_equal,
                                                        NULL,
                                                        (GDestroyNotify) PK11_FreeSlot);
 
         task = g_task_new (self, cancellable, callback, user_data);
 
         g_task_set_task_data (task,
                               operation,
                               (GDestroyNotify) destroy_watch_smartcards_operation);
 
         G_LOCK (gsd_smartcards_watch_tasks);
         priv->smartcards_watch_tasks = g_list_prepend (priv->smartcards_watch_tasks,
                                                        task);
         g_object_weak_ref (G_OBJECT (task),
                            (GWeakNotify) on_smartcards_watch_task_destroyed,
                            self);
         G_UNLOCK (gsd_smartcards_watch_tasks);
 
+        sync_initial_tokens_from_driver (self, driver, operation->smartcards, cancellable);
+
         g_task_run_in_thread (task, (GTaskThreadFunc) watch_smartcards_from_driver);
 }
 
 static gboolean
 register_driver_finish (GsdSmartcardManager  *self,
                         GAsyncResult         *result,
                         GError              **error)
 {
         return g_task_propagate_boolean (G_TASK (result), error);
 }
 
 static void
 on_driver_registered (GsdSmartcardManager *self,
                       GAsyncResult        *result,
                       GTask               *task)
 {
         GError *error = NULL;
+        DriverRegistrationOperation *operation;
+        GsdSmartcardManagerPrivate *priv = self->priv;
+
+        operation = g_task_get_task_data (G_TASK (result));
 
         if (!register_driver_finish (self, result, &error)) {
                 g_task_return_error (task, error);
                 g_object_unref (task);
                 return;
         }
 
-        g_task_return_boolean (task, TRUE);
+        watch_smartcards_from_driver_async (self,
+                                            operation->driver,
+                                            priv->cancellable,
+                                            (GAsyncReadyCallback) on_smartcards_from_driver_watched,
+                                            task);
 
+        g_task_return_boolean (task, TRUE);
         g_object_unref (task);
 }
 
 static void
 on_smartcards_from_driver_watched (GsdSmartcardManager *self,
                                    GAsyncResult        *result,
                                    GTask               *task)
 {
         g_debug ("Done watching smartcards from driver");
 }
 
-typedef struct {
-        SECMODModule *driver;
-        guint         idle_id;
-        GError       *error;
-} DriverRegistrationOperation;
-
 static void
 destroy_driver_registration_operation (DriverRegistrationOperation *operation)
 {
         SECMOD_DestroyModule (operation->driver);
         g_free (operation);
 }
 
 static gboolean
 on_task_thread_to_complete_driver_registration (GTask *task)
 {
         DriverRegistrationOperation *operation;
         operation = g_task_get_task_data (task);
 
         if (operation->error != NULL)
                 g_task_return_error (task, operation->error);
         else
                 g_task_return_boolean (task, TRUE);
 
         return G_SOURCE_REMOVE;
 }
 
 static gboolean
 on_main_thread_to_register_driver (GTask *task)
 {
         GsdSmartcardManager *self;
         GsdSmartcardManagerPrivate *priv;
         DriverRegistrationOperation *operation;
         GSource *source;
 
         self = g_task_get_source_object (task);
@@ -450,65 +492,60 @@ register_driver (GsdSmartcardManager *self,
 
         task = g_task_new (self, cancellable, callback, user_data);
         operation = g_new0 (DriverRegistrationOperation, 1);
         operation->driver = SECMOD_ReferenceModule (driver);
         g_task_set_task_data (task,
                               operation,
                               (GDestroyNotify) destroy_driver_registration_operation);
 
         operation->idle_id = g_idle_add ((GSourceFunc) on_main_thread_to_register_driver, task);
         g_source_set_name_by_id (operation->idle_id, "[gnome-settings-daemon] on_main_thread_to_register_driver");
 }
 
 static void
 activate_driver (GsdSmartcardManager *self,
                  SECMODModule        *driver,
                  GCancellable        *cancellable,
                  GAsyncReadyCallback  callback,
                  gpointer             user_data)
 {
         GTask *task;
 
         g_debug ("Activating driver '%s'", driver->commonName);
 
         task = g_task_new (self, cancellable, callback, user_data);
 
         register_driver (self,
                          driver,
                          cancellable,
                          (GAsyncReadyCallback) on_driver_registered,
                          task);
-        watch_smartcards_from_driver_async (self,
-                                            driver,
-                                            cancellable,
-                                            (GAsyncReadyCallback) on_smartcards_from_driver_watched,
-                                            task);
 }
 
 typedef struct
 {
   int pending_drivers_count;
   int activated_drivers_count;
 } ActivateAllDriversOperation;
 
 static gboolean
 activate_driver_async_finish (GsdSmartcardManager  *self,
                               GAsyncResult         *result,
                               GError              **error)
 {
         return g_task_propagate_boolean (G_TASK (result), error);
 }
 
 static void
 try_to_complete_all_drivers_activation (GTask *task)
 {
         ActivateAllDriversOperation *operation;
 
         operation = g_task_get_task_data (task);
 
         if (operation->pending_drivers_count > 0)
                 return;
 
         if (operation->activated_drivers_count > 0)
                 g_task_return_boolean (task, TRUE);
         else
                 g_task_return_new_error (task, GSD_SMARTCARD_MANAGER_ERROR,
-- 
2.17.0