oVirt is software for managing medium-to-large scale deployments of
virtual machine guests across multiple hosts. It supports a feature
where users can authenticate with a central server and get
transparently connected to a guest system and then automatically get logged
into that guest to an associated user session.
Guests using old versions of GDM support this single-sign-on capability
by means of a greeter plugin, using the old greeter's extension
API.
This commit adds similar support to the gnome-shell based login screen.
How it works:
* The OVirtCredentialsManager singleton listens for
'org.ovirt.vdsm.Credentials.UserAuthenticated'
D-Bus signal on the system bus from the
'org.ovirt.vdsm.Credentials'
bus name. The service that provides that bus name is called
the oVirt guest agent. It is also responsible for interacting
with the the central server to get user credentials.
* This UserAuthenticated signal passes, as a parameter, the a token
which needs to be passed through to the PAM service that is specifically
set up to integrate with the oVirt authentication architecture.
The singleton object keeps the token internally so it can be queried
later on.
* The OVirtCredentialsManager emits a signal 'user-authenticated' on
it's object once the dbus signal is triggered
* When the 'user-authenticated' signal is emitted, the login screen
tells GDM to start user verification using the PAM service. The
authentication stack of the service includes a PAM module
provided by oVirt that securely retrieves user credentials
from the oVirt guest agent. The PAM module then forwards those
credentials on to other modules in the stack so, e.g.,
the user's gnome keyring can be automatically unlocked.
* In case of the screen shield being visible, it also will react on that
'user-authenticated' signal and lift the shield.
In that case the login screen will check on construction time if
the signal has already been triggered, and a token is available.
If a token is available it will immediately trigger the functionality
as described above.
Signed-off-by: Vinzenz Feenstra <evilissimo@redhat.com>
https://bugzilla.gnome.org/show_bug.cgi?id=702162
A conversation is finished after failing, and we are expecting a new
one to be started shortly after. However if we encounter an existing
reference to a previously set _queryingService, we will clear the
password entry, which might already contain a partially typed password
at that point. The behavior does make sense in the case of conflicting
conversations, but in the failure case it is both unexpected and
annoying, so clear _queryingService early to prevent this.
https://bugzilla.gnome.org/show_bug.cgi?id=708186
This commit consolidates the styles of the various
message types into one 'login-dialog-message' style
and then adds additional styles on top to cover the
differences.
This allows us to give the message label an initial
style so that is padded properly before any messages
are displayed.
https://bugzilla.gnome.org/show_bug.cgi?id=706670
This commit detects when a user inserts a smartcard,
and then initiates user verification using the gdm-smartcard
PAM service.
Likewise, if a user removes their smartcard, password verification
(or the user list depending on auth mode and configuration) are initiated
https://bugzilla.gnome.org/show_bug.cgi?id=683437
Some pam modules prompt without expecting the user to type
an answer back (e.g. "Please swipe finger"). We need to
emit prompted in this case too, so the the dialog will get shown.
https://bugzilla.gnome.org/show_bug.cgi?id=683437
This commit introduces a new BeginRequestType enum which gets
passed to the 'reset' signal to specify whether
a username should be provided to the begin() method and changes
the loginDialog to comply.
Currently, the signal only ever gets emitted with
AuthPrompt.BeginRequestType.PROVIDE_USERNAME
but that will change in the future when providing smartcard
support.
https://bugzilla.gnome.org/show_bug.cgi?id=683437
We currently emit "failed" any time the UserVerifier is reset,
and user verification didn't succeed prior.
A more conceptually clear time to emit "failed" would be if
the UserVerifier is reset and user verification failed prior,
and to emit "failed" if the user cancels unlock.
This commit restructures things to do that. Aside from being
more conceptually clear, it also lays the groundwork for us
to be able to reset the unlock screen without failing.
https://bugzilla.gnome.org/show_bug.cgi?id=683437
authPrompt.reset() currently only leaves the authPrompt in a
sane state if the user isn't verifying.
This commit makes sure to cancel verification if a reset happens
while verification is in process.
https://bugzilla.gnome.org/show_bug.cgi?id=683437
onAskQuestion has this code:
if (this.verifyingUser)
this.cancelButton.show();
else
this.cancelButton.hide();
but onAskQuestion can only be called when this.verifyingUser is true.
Also, cancelButton is public, and it only ever otherwise gets hidden
from callers.
This commit drops mucking with cancelButton visibility, leaving it
entirely up to the callers to deal with.
https://bugzilla.gnome.org/show_bug.cgi?id=683437
If the first question asked to a user is from the
shell and not from the PAM service (i.e. Username: ),
then we'll save what the user types until PAM asks
a question and then try to send it to PAM.
This commit makes sure the preemptive answer can be used
before the PAM conversation gets started, and makes sure
to discard the preemptive answer if we're not expecting it.
https://bugzilla.gnome.org/show_bug.cgi?id=705370
Right now we have two booleans that specify when user verification
is happening and when it succeeded, respectively.
This commit consolidates them into one AuthPromptStatus enumeration.
This clean up will allow us to check for verification failure more
easily.
https://bugzilla.gnome.org/show_bug.cgi?id=683437
Right now the whole authPrompt spreads out if a PAM message
comes in that longer than the entry.
This commit changes it to wrap instead, by forcing the
auth prompt to be a fixed width (slightly bigger than
the entry width was sized to previously).
https://bugzilla.gnome.org/show_bug.cgi?id=705037
When a ShellUserVerifier is asked to verify a user at the login
screen it will transparently first try to reauthenticate the user
against an existing session and then fall back to logging a user
into a new session. The former is used for user switching.
It's useful to know which type of verification is happening, so
the next button can be made to say "Unlock" instead of "Sign In" when
a user is already signed in.
This commit exports a new "reauthenticating" property on the
ShellUserVerifier that the auth prompt checks when deciding which
label to use for its next button.
https://bugzilla.gnome.org/show_bug.cgi?id=704795
If there are no messages in the queue and a user starts to
type then we can safely hide the message label since the
user has probably already read it.
This fixes a weirdness where "Incorrect Password" messages stay
around, even as the user types in the new correct password.
https://bugzilla.gnome.org/show_bug.cgi?id=704817
There's quite a bit of duplicated code between the login dialog
and the unlock dialog dealing with the various signals from the
ShellUserVerifier.
This commit moves that duplicated code into the AuthPrompt.
https://bugzilla.gnome.org/show_bug.cgi?id=704707