From 8ce91c85fe052d1a9f4fed0743bceae7d9654aa0 Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Mon, 28 Sep 2015 10:57:02 -0400

Subject: [PATCH 1/3] smartcardManager: add way to detect if user logged using

 (any) token

If a user uses a token at login time, we need to make sure they continue

to use the token at unlock time.

As a prerequisite for addressing that problem we need to know up front

if a user logged in with a token at all.

This commit adds the necessary api to detect that case.

---

 js/misc/smartcardManager.js | 7 +++++++

 1 file changed, 7 insertions(+)

diff --git a/js/misc/smartcardManager.js b/js/misc/smartcardManager.js

index fda782d1e..bb43c96e7 100644

--- a/js/misc/smartcardManager.js

+++ b/js/misc/smartcardManager.js

@@ -112,5 +112,12 @@ var SmartcardManager = class {

         return true;

     }

+    loggedInWithToken() {

+        if (this._loginToken)

+            return true;

+

+        return false;

+    }

+

 };

 Signals.addSignalMethods(SmartcardManager.prototype);

-- 

2.21.0

From 6decf5560d309579760e10048533d3bd9bc56c3c Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Mon, 28 Sep 2015 19:56:53 -0400

Subject: [PATCH 2/3] gdm: only unlock with smartcard, if smartcard used for

 login

If a smartcard is used for login, we need to make sure the smartcard

gets used for unlock, too.

---

 js/gdm/util.js | 7 +++++--

 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/js/gdm/util.js b/js/gdm/util.js

index 2e9935250..2b80e1dd9 100644

--- a/js/gdm/util.js

+++ b/js/gdm/util.js

@@ -126,7 +126,6 @@ var ShellUserVerifier = class {

         this._settings = new Gio.Settings({ schema_id: LOGIN_SCREEN_SCHEMA });

         this._settings.connect('changed',

                                this._updateDefaultService.bind(this));

-        this._updateDefaultService();

         this._fprintManager = Fprint.FprintManager();

         this._smartcardManager = SmartcardManager.getSmartcardManager();

@@ -138,6 +137,8 @@ var ShellUserVerifier = class {

         this.smartcardDetected = false;

         this._checkForSmartcard();

+        this._updateDefaultService();

+

         this._smartcardInsertedId = this._smartcardManager.connect('smartcard-inserted',

                                                                    this._checkForSmartcard.bind(this));

         this._smartcardRemovedId = this._smartcardManager.connect('smartcard-removed',

@@ -407,7 +408,9 @@ var ShellUserVerifier = class {

     }

     _updateDefaultService() {

-        if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))

+        if (this._smartcardManager.loggedInWithToken())

+            this._defaultService = SMARTCARD_SERVICE_NAME;

+        else if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))

             this._defaultService = PASSWORD_SERVICE_NAME;

         else if (this._settings.get_boolean(SMARTCARD_AUTHENTICATION_KEY))

             this._defaultService = SMARTCARD_SERVICE_NAME;

-- 

2.21.0

From dd844c98c3450dd1b21bcc580b51162c1b00ed2a Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Mon, 28 Sep 2015 19:57:36 -0400

Subject: [PATCH 3/3] gdm: update default service when smartcard inserted

Early on at start up we may not know if a smartcard is

available.  Make sure we reupdate the default service

after we get a smartcard insertion event.

---

 js/gdm/util.js | 2 ++

 1 file changed, 2 insertions(+)

diff --git a/js/gdm/util.js b/js/gdm/util.js

index 2b80e1dd9..6e940d2ab 100644

--- a/js/gdm/util.js

+++ b/js/gdm/util.js

@@ -327,6 +327,8 @@ var ShellUserVerifier = class {

             else if (this._preemptingService == SMARTCARD_SERVICE_NAME)

                 this._preemptingService = null;

+            this._updateDefaultService();

+

             this.emit('smartcard-status-changed');

         }

     }

-- 

2.21.0