From 624d302d3d192b66d5465fa4551c223df0c4a850 Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Mon, 28 Sep 2015 10:57:02 -0400

Subject: [PATCH 1/3] smartcardManager: add way to detect if user logged using

 (any) token

If a user uses a token at login time, we need to make sure they continue

to use the token at unlock time.

As a prerequisite for addressing that problem we need to know up front

if a user logged in with a token at all.

This commit adds the necessary api to detect that case.

---

 js/misc/smartcardManager.js | 7 +++++++

 1 file changed, 7 insertions(+)

diff --git a/js/misc/smartcardManager.js b/js/misc/smartcardManager.js

index 674efc9ad..bfe8a26f4 100644

--- a/js/misc/smartcardManager.js

+++ b/js/misc/smartcardManager.js

@@ -113,6 +113,13 @@ const SmartcardManager = new Lang.Class({

             return false;

         return true;

+    },

+

+    loggedInWithToken: function() {

+        if (this._loginToken)

+            return true;

+

+        return false;

     }

 });

-- 

2.12.0

From 9e3c4a25a32f1e9b828dc37c5a37de1481288478 Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Mon, 28 Sep 2015 19:56:53 -0400

Subject: [PATCH 2/3] gdm: only unlock with smartcard, if smartcard used for

 login

If a smartcard is used for login, we need to make sure the smartcard

gets used for unlock, too.

---

 js/gdm/util.js | 7 +++++--

 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/js/gdm/util.js b/js/gdm/util.js

index 1aa52a17f..cea1a0918 100644

--- a/js/gdm/util.js

+++ b/js/gdm/util.js

@@ -131,7 +131,6 @@ const ShellUserVerifier = new Lang.Class({

         this._settings = new Gio.Settings({ schema_id: LOGIN_SCREEN_SCHEMA });

         this._settings.connect('changed',

                                Lang.bind(this, this._updateDefaultService));

-        this._updateDefaultService();

         this._fprintManager = new Fprint.FprintManager();

         this._smartcardManager = SmartcardManager.getSmartcardManager();

@@ -142,6 +141,8 @@ const ShellUserVerifier = new Lang.Class({

         // after a user has been picked.

         this._checkForSmartcard();

+        this._updateDefaultService();

+

         this._smartcardInsertedId = this._smartcardManager.connect('smartcard-inserted',

                                                                    Lang.bind(this, this._checkForSmartcard));

         this._smartcardRemovedId = this._smartcardManager.connect('smartcard-removed',

@@ -408,7 +409,9 @@ const ShellUserVerifier = new Lang.Class({

     },

     _updateDefaultService: function() {

-        if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))

+        if (this._smartcardManager.loggedInWithToken())

+            this._defaultService = SMARTCARD_SERVICE_NAME;

+        else if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))

             this._defaultService = PASSWORD_SERVICE_NAME;

         else if (this._settings.get_boolean(SMARTCARD_AUTHENTICATION_KEY))

             this._defaultService = SMARTCARD_SERVICE_NAME;

-- 

2.12.0

From d378c2ccd514770cc35ce72bfff2b24fe956b762 Mon Sep 17 00:00:00 2001

From: Ray Strode <rstrode@redhat.com>

Date: Mon, 28 Sep 2015 19:57:36 -0400

Subject: [PATCH 3/3] gdm: update default service when smartcard inserted

Early on at start up we may not know if a smartcard is

available.  Make sure we reupdate the default service

after we get a smartcard insertion event.

---

 js/gdm/util.js | 2 ++

 1 file changed, 2 insertions(+)

diff --git a/js/gdm/util.js b/js/gdm/util.js

index cea1a0918..9517150f0 100644

--- a/js/gdm/util.js

+++ b/js/gdm/util.js

@@ -331,6 +331,8 @@ const ShellUserVerifier = new Lang.Class({

             else if (this._preemptingService == SMARTCARD_SERVICE_NAME)

                 this._preemptingService = null;

+            this._updateDefaultService();

+

             this.emit('smartcard-status-changed');

         }

     },

-- 

2.12.0