gdm/util: Cleanup CredentialManager on successful verification (!3291) · Merge requests · GNOME / gnome-shell

Alessandro Bono requested to merge abono/gnome-shell:wip/abono/credential-manager-fixes into main Apr 29, 2024

It is unclear to me whether the current behavior is intended or not. As it is now, a token can be reused after an unlock for the next lock->unlock transition. However, this doesn't happen after a login for a subsequent lock->unlock transition because the gnome-shell process is not the same.

Commit message:

CredentialManagers emit a user-authenticated signal with a token
upon a successful authentication. This marks the service as preempting
and will be used for the next login/unlock request. However, the
preempting service is not cleaned after a successful verification.
As a consequence, it will be picked on a second unlock request.

This doesn't happen after a succesful login request because there
is a transition from the gnome-shell process owened by GDM to the
one owned by the user.

Clean the preempting service on a successful verification, like we
do when the PAM conversation stops.

gdm/util: Cleanup CredentialManager on successful verification

Merge request reports