-
Notifications
You must be signed in to change notification settings - Fork 327
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle autologin auth attempt errors #1775
Conversation
IMO this is the wrong place for such a check. If the auth attempt fails for any reason, it should be handled gracefully. |
It is attempt to autologin, why we need to try to auth, if we know right away that it won't work? A little higher in this function, It seems to me there is no point in making such an attempt. But anyway I see problem with handling auth attempt after autologin in that Also, proposed patch is similar to this case (there we don't even try to log in if it doesn't make sense). |
But I think I can trying to move that check into What do you think about this idea? |
That's actually for a different reason: The session has to be found to set
If that's the case, that should probably be changed. IMO autologin should be as close to regular login as possible.
Yeah, but that's also a case of doing an early check. Even if you remove this condition, it'll behave the same way. Login will just be refused by the PAM backend instead of the daemon.
Not wrong, but IMO it's still important to handle autologin auth failures in any case, not just for wrong usernames. |
5093f0c
to
5348b56
Compare
The logic right now looks good, but what I don't really like is that there are now two ways autologin can fail: Synchronosly (returns false) and asynchronously (auth failure signal). Any idea how this could be unified? That avoids subtle errors like somehow ending up without |
I think, still, they have a different nature: synchronous failure is a failure of early checks, and async failure is the authorization failure. But, I think we can try to reduce the difference between them, if we put failure handling in a separate function (i mean that handling):
And will use that function in
instead of
in |
IMO that's an "implementation detail" (as far as that is possible inside the same class). The result is the same. I'm thinking along the lines of emitting
Ok. |
Yes, I agree, because a failure of early checks didn't perform authorization process (through I have put handling in separate function, but I have decided to leave |
If not, log that and end autologin attempt, so sddm theme can be loaded instead.
1. If the autologin auth attempt failed for any reason, then start socket server and greeter (launch sddm theme, like as if there was no autologin at all). 2. Early check if the autologin user actually exists in `startAuth` function.
4016e64
to
5708a99
Compare
@Vogtinator can you check, please? |
Except for that nitpick it looks good |
This check is not specific for autologin Co-authored-by: Fabian Vogt <fabian@ritter-vogt.de>
If user is not exist, it will be handle like any other auth error (in slotAuthError)
If the autologin auth attempt failed for any reason, then start socket server and greeter (launch sddm theme, like as if there was no autologin at all).