From d2c12a372ea0ccbe6ba682c553d8b83b3253169f Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Mon, 28 Sep 2015 10:57:02 -0400

Subject: [PATCH 1/3] smartcardManager: add way to detect if user logged using

 (any) token

If a user uses a token at login time, we need to make sure they continue

to use the token at unlock time.

As a prerequisite for addressing that problem we need to know up front

if a user logged in with a token at all.

This commit adds the necessary api to detect that case.

---

 js/misc/smartcardManager.js | 7 +++++++

 1 file changed, 7 insertions(+)

diff --git a/js/misc/smartcardManager.js b/js/misc/smartcardManager.js

index d9b6ff474..26f9f5aaa 100644

--- a/js/misc/smartcardManager.js

+++ b/js/misc/smartcardManager.js

@@ -111,5 +111,12 @@ var SmartcardManager = class {

         return true;

     }

+

+    loggedInWithToken() {

+        if (this._loginToken)

+            return true;

+

+        return false;

+    }

 };

 Signals.addSignalMethods(SmartcardManager.prototype);

-- 

2.31.1

From 98393eef884edc9e685b712c71356751acdd552f Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Mon, 28 Sep 2015 19:56:53 -0400

Subject: [PATCH 2/3] gdm: only unlock with smartcard, if smartcard used for

 login

If a smartcard is used for login, we need to make sure the smartcard

gets used for unlock, too.

---

 js/gdm/util.js | 7 +++++--

 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/js/gdm/util.js b/js/gdm/util.js

index 72561daab..6b92e3564 100644

--- a/js/gdm/util.js

+++ b/js/gdm/util.js

@@ -149,7 +149,6 @@ var ShellUserVerifier = class {

         this._settings = new Gio.Settings({ schema_id: LOGIN_SCREEN_SCHEMA });

         this._settings.connect('changed',

                                this._updateDefaultService.bind(this));

-        this._updateDefaultService();

         this._fprintManager = new FprintManagerProxy(Gio.DBus.system,

             'net.reactivated.Fprint',

@@ -166,6 +165,8 @@ var ShellUserVerifier = class {

         this.smartcardDetected = false;

         this._checkForSmartcard();

+        this._updateDefaultService();

+

         this._smartcardInsertedId = this._smartcardManager.connect('smartcard-inserted',

                                                                    this._checkForSmartcard.bind(this));

         this._smartcardRemovedId = this._smartcardManager.connect('smartcard-removed',

@@ -527,7 +528,9 @@ var ShellUserVerifier = class {

     }

     _updateDefaultService() {

-        if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))

+        if (this._smartcardManager.loggedInWithToken())

+            this._defaultService = SMARTCARD_SERVICE_NAME;

+        else if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))

             this._defaultService = PASSWORD_SERVICE_NAME;

         else if (this._settings.get_boolean(SMARTCARD_AUTHENTICATION_KEY))

             this._defaultService = SMARTCARD_SERVICE_NAME;

-- 

2.31.1

From 57ca969a0af6f65e71dc1158163b9c826bdb7079 Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Mon, 28 Sep 2015 19:57:36 -0400

Subject: [PATCH 3/3] gdm: update default service when smartcard inserted

Early on at start up we may not know if a smartcard is

available.  Make sure we reupdate the default service

after we get a smartcard insertion event.

---

 js/gdm/util.js | 2 ++

 1 file changed, 2 insertions(+)

diff --git a/js/gdm/util.js b/js/gdm/util.js

index 6b92e3564..e62114cb1 100644

--- a/js/gdm/util.js

+++ b/js/gdm/util.js

@@ -420,6 +420,8 @@ var ShellUserVerifier = class {

             else if (this._preemptingService == SMARTCARD_SERVICE_NAME)

                 this._preemptingService = null;

+            this._updateDefaultService();

+

             this.emit('smartcard-status-changed');

         }

     }

-- 

2.31.1