pam/nativemodel: Ensure we're in the expected stage before initiating it #818
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3v1n0
force-pushed
the
native-back-fixes
branch
from
1959497 to
d9cd079
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #818 +/- ##
==========================================
- Coverage 83.43% 79.07% -4.36%
==========================================
Files 83 103 +20
Lines 8689 10406 +1717
Branches 74 74
==========================================
+ Hits 7250 8229 +979
- Misses 1111 1713 +602
- Partials 328 464 +136 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
3v1n0
force-pushed
the
native-back-fixes
branch
2 times, most recently
from
b8b7305 to
dadebf9
Compare
3v1n0
force-pushed
the
native-back-fixes
branch
2 times, most recently
from
f9f87ea to
424b914
Compare
adombeck
reviewed
Mar 12, 2025
adombeck
reviewed
Mar 12, 2025
… PAM When using the gdm or native modules we still use the authentication model as our data model to track the focused widget status, however since we don't have any current model set in such case, we end up never marking the "Authentication" model as ever tracked. This has implications in the model stage change, since we do use the focus state to figure out what is the current stage. In these case add then a very simple focus tracker stage so that the authentication state can still marked as focused when it's the case. This should fix some "focus jumps" we may see in some cases (especially in GDM)
It may help debugging ubuntu#719
As per previous commit we are now aware all the times when we're in the authentication phase, so we can safely just reset the authentication model only after we've a stage change that goes from it to any other stage. Note that resetting the authentication also implies waiting for the previous authentication request being cancelled, reason why it's important to do every time we switch back from the focus stage and that we do it before communicating the stage change to other models such as gdm and cli.
As per previous commit it's not up anymore to perform any cancellation in the native model, since the generic one handles it for us and in order.
It's another blocking operation and we should not stop the model events handling while it's running even if the UI is technically blocked for input
In some cases (when the "goBack{}" request via the 'r' cancel key is
performed very quickly on the UI) we might end up doing a
nativeAuthSelection{} request when we are still technically performing
the stage change from the challenge stage to auth-mode selection.
This was particularly a problem in the "Wait" cases, given that these
events could have been arriving without a proper order, because the
cancellation of the previous event could lead to a delayed stage-change
request that we didn't handle, but it could happen also in non-wait
cases, for example:
authd-pam-exec-DEBUG: 23:46:32.560: authenticate: called method
Prompt((1, 'Gimme your password:\n> '))
Native model update: tea.sequenceMsg{(tea.Cmd)(0xca47c0),
(tea.Cmd)(nil)}
Native model update: adapter.nativeGoBack{}
adapter.isAuthenticatedCancelled{msg:""}
Native model update: adapter.isAuthenticatedCancelled{msg:""}
Native model update: adapter.nativeStageChangeRequest{Stage:2}
Native model update: tea.sequenceMsg{(tea.Cmd)(0xca47c0),
(tea.Cmd)(0xca47c0)}
Native model update: adapter.nativeChangeStage{Stage:3}
*adapter.ChangeStage{Stage:2}
*adapter.authenticationModel: Reset"
*adapter.authModeSelectionModel: Focus"
Native model update: adapter.nativeAuthSelection{}
Native model update: tea.sequenceMsg{(tea.Cmd)(0xca47c0),
(tea.Cmd)(0xc96b00), (tea.Cmd)(0xca47c0)}
Native model update: adapter.nativeChangeStage{Stage:2}
adapter.authModeSelectionModel: adapter.authModeSelectionFocused{}
Native model update: adapter.authModeSelectionFocused{}
or:
authenticate: called method Prompt((2, 'Choose action:\n> '))
Native model update: adapter.nativeChangeStage{Stage:3}
Native model update: tea.sequenceMsg{(tea.Cmd)(0x1496660),
(tea.Cmd)(nil)}
Native model update: adapter.nativeGoBack{}
adapter.isAuthenticatedCancelled{msg:""}
Native model update: adapter.isAuthenticatedCancelled{msg:""}
Native model update: adapter.nativeStageChangeRequest{Stage:2}
Native model update: adapter.nativeChangeStage{Stage:3}
Native model update: tea.sequenceMsg{(tea.Cmd)(0x1496660),
(tea.Cmd)(0x1496660)}
adapter.ChangeStage{Stage:2}
*adapter.authenticationModel: Reset
*adapter.authModeSelectionModel: Focus
Native model update: adapter.nativeAuthSelection{}
Native model update: tea.sequenceMsg{(tea.Cmd)(0x1496660),
(tea.Cmd)(0x1483980), (tea.Cmd)(0x1496660)}
Native model update: adapter.nativeChangeStage{Stage:2}
adapter.authModeSelectionModel: adapter.authModeSelectionFocused{}
Native model update: adapter.authModeSelectionFocused{}
As visible, the nativeStageChangeRequest (which triggered the selection
via nativeAuthSelection{}) was arriving *before* that the request of
changing the internal stage value (via nativeChangeStage{}) was actually
delivered. And this prevented nativeAuthSelection{} to anything (or any
other stage-change request in general).
So, basically we need to ensure that the request is happening only after
the internal stage is changed, and this is now fixed by relying on the
main StageChange event request that eventually will update the internal
state, after we're triggering again nativeStageChangeRequest{}.
Closes: ubuntu#719
The entry uses an ECHO ON prompt by default so we should wait for the value being properly rendered.
3v1n0
force-pushed
the
native-back-fixes
branch
from
424b914 to
c69f58b
Compare
adombeck
approved these changes
Mar 12, 2025
3v1n0
added a commit
that referenced
this pull request
Mar 21, 2025
…de (#827) We are now tracking the focus state also when the gdm model is used (via the focusTracker model), so it's not up to us to perform any cancellation in the GDM model either, since the generic authentication model handles it for us already, and in the proper order. Controlling it from the gdm model side, has always been a source for races that sometimes lead to tests failures. As per this, the AuthResult cancelled event is not sent anymore to gdm unless if that happens because a wait operation got cancelled, as it happens in the other models too, given that a stage change now implicitly already cancels the ongoing authentication request. Also, many tests cleanups that I had around. Note that this requires also an update in the gnome-shell side to have a fully working "back" button (that I'll upload to edge once this lands) ~~This depends on #818, since the initial commits are the same~~ UDENG-6243
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixed handling of focus for authentication stage when not using the CLI interface, and fix the race we had for some time, making impossible to go back to auth-selection if going back from the challenge stage was fast enough (VHS quick typing speed was a good friend here :)).
From main commit:
Closes: #719
UDENG-6191