Commit Graph

80 Commits

Author SHA1 Message Date
Ray Strode
fd11ad95f6 gdmUtil: factor out some duplicated code in beginVerification
The duplication makes the function look a lot more complicated
than it actually is.

This commit moves the common code to a new _startService function.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:37 -04:00
Ray Strode
a2a5f5df3f gdmUtil: pave way for fingeprint to optionally be default auth service
Currently, fingerprint authentication is always a secondary thing.
If a user wants to swipe their finger when the computer is asking
for a password, so be it.

This commit paves the way for making fingerprint auth optionally
be the main way to authenticate.  Currently there's no way to enable
this, but in a future commit will honor

enable-password-authentication=false

in gsettings.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:33 -04:00
Ray Strode
148f2210ca util: abstract out default auth service in code
Right now, the primary way a user logs in is with
a password. They can also swipe their finger, if their
fingerprint is enrolled, but it's expected the fingerprint
auth service won't ask questions the user has to respond to
by typing. As such, we ignore questions that comes from
anything but the main auth service: gdm-password.

In the future, if a user inserts a smartcard, we'll want
to treat the gdm-smartcard service as the main auth service,
and let any questions from it get to the user.

This commit tries to prepare for that eventuality by storing
the name of the default auth service away in a _defaultService variable
before verification has begun, and then later checking incoming
queries against that service instead of checking against
string 'gdm-password' directly.

Of course, right now, _defaultService is always gdm-password.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
45ba07c214 util: clear user verifier after cancelling it
If we don't clear it, then the connection to gdm will remain open.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-01 16:08:23 -04:00
Ray Strode
87245c7b33 authPrompt: Call next button "Unlock" when user switching
When a ShellUserVerifier is asked to verify a user at the login
screen it will transparently first try to reauthenticate the user
against an existing session and then fall back to logging a user
into a new session.  The former is used for user switching.
It's useful to know which type of verification is happening, so
the next button can be made to say "Unlock" instead of "Sign In" when
a user is already signed in.

This commit exports a new "reauthenticating" property on the
ShellUserVerifier that the auth prompt checks when deciding which
label to use for its next button.

https://bugzilla.gnome.org/show_bug.cgi?id=704795
2013-07-25 09:28:22 -04:00
Ray Strode
d30cb2d4d9 gdmUtil: separate AuthPrompt out into its own file
It's cleaner to have it in its own file than to cram it into
util.js, so this commit moves it.

https://bugzilla.gnome.org/show_bug.cgi?id=704707
2013-07-24 06:01:03 -04:00
Ray Strode
953f44bcc5 Revert "add annoying delay"
This reverts commit e9531487d9.

This is a testing commit and snuck in on accident.
2013-07-18 15:43:51 -04:00
Ray Strode
be4f259b71 util: add shell entry menu to auth prompt
This brings us parity with the unlock dialog, and is a prerequisite
for eventually moving the unlock dialog over to using the auth
prompt.

https://bugzilla.gnome.org/show_bug.cgi?id=702308
2013-07-18 15:41:02 -04:00
Ray Strode
e9531487d9 add annoying delay 2013-07-18 15:17:17 -04:00
Ray Strode
d715110961 loginDialog: factor auth prompt code out to utils
Right now there is a lot of duplicated code between the unlock
dialog and the login dialog.

This commit moves the login dialog's auth prompt to a separate
class, so that it can (in a subsequent commit) be used by the
unlock dialog.

https://bugzilla.gnome.org/show_bug.cgi?id=702308
2013-07-18 14:36:00 -04:00
Ray Strode
7d5d7453c2 util: drop call that can't do anything
this._clearMessageQueue() is a noop when this.hasPendingMessages is
false so calling it in that case doesn't make sense.

This commit drops that call.

https://bugzilla.gnome.org/show_bug.cgi?id=704347
2013-07-18 09:23:11 -04:00
Ray Strode
952f58153f util: Fix no-more-messages signal
Now thas hasPendingMessages is fixed, we need to also fix the associated
signal "no-more-messages"

https://bugzilla.gnome.org/show_bug.cgi?id=704347
2013-07-18 09:23:11 -04:00
Jasper St. Pierre
a8fe063726 util: Fix hasPendingMessages
While the UserVerifier does indeed have a _userVerifier inside
it, the hasPendingMessages property is on ourselves, not
_userVerifier.

https://bugzilla.gnome.org/show_bug.cgi?id=704347
2013-07-16 16:54:54 -04:00
Jonh Wendell
48f9ea3d9e gdm: clear the messages queue when the user answers a prompt
the messages were being shown even when the user entered the
right information they were asked for.

https://bugzilla.gnome.org/show_bug.cgi?id=702458
2013-06-18 11:58:20 -03:00
Stef Walter
654f1dd055 gdm: Fix regression where domain login hint not shown
Also only keep around realmd while we're actually using it, allow it
to quit if no other clients are active.

https://bugzilla.gnome.org/show_bug.cgi?id=698200
2013-05-03 21:59:57 +02:00
Ray Strode
d097327bd8 loginDialog,unlockDialog: Give user time to read messages
Right now, if multiple messages come in, they just sort of
clobber each other.

This commit sets up a message queue, and introduces pauses
long enough for the user to hopefully be able to read those
messages.

https://bugzilla.gnome.org/show_bug.cgi?id=694688
2013-03-18 19:01:30 -04:00
Ray Strode
e9584cfcab gdm: don't clear user-verifier on reset automatically
Right, the common code between the login screen and
the unlock screen handles clearing the user verifier
when GDM sends a reset.

We don't actually always want to clear the messages on
reset in the unlock case, though, so doing it implicitly
is problematic.

This commit moves the clear() call from the common code
to the specific reset handlers.

https://bugzilla.gnome.org/show_bug.cgi?id=694688
2013-03-18 19:01:30 -04:00
Ray Strode
5fa9581db3 loginDialog: add cross fade animation between states
This commit adds a crossfade between the user selection state
and the user verification state.

https://bugzilla.gnome.org/show_bug.cgi?id=694062
2013-02-19 18:39:54 -05:00
Ray Strode
87e8770cbc loginDialog: support disable-user-list key
In some deployments showing a user list at the login
screen is undesirable.

GDM's fallback login screen has a configuration key:

org.gnome.login-screen disable-user-list false

that causes the user-list to get hidden.

This commit adds similar functionality to the normal,
shell-based login screen.

Based on a series of patches by Marius Rieder.

https://bugzilla.gnome.org/show_bug.cgi?id=660660
2012-11-06 15:05:15 -05:00
Giovanni Campagna
b9463d23e8 ShellUserVerifier: fix fail counter
If it is updated after checking, it counts the number of failures
not including the current one, so it allows one extra attempt. Instead,
by updating it before checking, we get the expected result of dropping the
curtain at the third password.

https://bugzilla.gnome.org/show_bug.cgi?id=687132
2012-10-29 17:54:12 +01:00
Giovanni Campagna
04debd1623 LoginDialog: clear previous auth failed messages when trying again
When the user has the entered the password for the second time
and clicked OK, clear messages from the previous attempt, so any
new failure is shown clearly.

https://bugzilla.gnome.org/show_bug.cgi?id=687132
2012-10-29 17:54:11 +01:00
Olivier Blin
a1bf19dbdf ShellUserVerifier: fix typo in function name, caught on auth error
https://bugzilla.gnome.org/show_bug.cgi?id=685434
2012-10-03 22:07:27 +02:00
Giovanni Campagna
10884ef7f5 ShellUserVerifier: catch DBus errors and report them to the user
Instead of leaving the login or unlock dialogs in an inconsistent state,
catch DBus errors and show an Authentication Error message. The error
details are logged in the session logs.

https://bugzilla.gnome.org/show_bug.cgi?id=683060
2012-09-19 11:50:57 +02:00
Giovanni Campagna
db20a54861 Login/UnlockDialog: don't reset immediately if auth fails
Instead of showing a notification, add a small message immediately
below the entry, and give the user two more attempts to login,
before going back to the welcome or lock screen.

https://bugzilla.gnome.org/show_bug.cgi?id=682544
2012-09-04 23:38:46 +02:00
Giovanni Campagna
703417a760 ShellUserVerifier: fix cancellation
Ensure that all async callbacks check and ignore G_IO_ERROR_CANCELLED.
Ensure that all runs of authentication have their own GCancellable, so
that .begin() can be called multiple times on the same user verifier.
Check for fingerprint reader when beginning authentication, and not
when reset by GDM.

https://bugzilla.gnome.org/show_bug.cgi?id=682544
2012-09-02 23:09:23 +02:00
Alban Browaeys
3c386e0c50 gdm: reset cancellable if cancelled.
Otherwise the second attempt tot login after pressing "escape" key
on the login "freeze" and raise an exception about IOError operation
cancelled.

https://bugzilla.gnome.org/show_bug.cgi?id=681537
2012-08-26 14:35:11 +02:00
Ray Strode
0a1f0e58d0 gdm: Add network login hint
Different networks have different user identifers.

This can be confusing to the user, so to make it clearer,
we try to provide a hint.

https://bugzilla.gnome.org/show_bug.cgi?id=681975
2012-08-21 13:15:29 -04:00
Ray Strode
9024c5d7ac gdm: generalize fingerprint message into login hint
The fingerprint message is useful for users that click their
names in the user list to let them know if fingerprint login
is available.

This same place on screen (below the login entry) can potentially
be used for other messages as well.

This commit changes the variable and style names surrounding
this feature to be more generic.

A subsequent commit will leverage this functionality to provide
a hint on how to log in to the local enterprise domain controller
(if relevant).

https://bugzilla.gnome.org/show_bug.cgi?id=681975
2012-08-21 13:15:28 -04:00
Giovanni Campagna
48b70f358d GdmUtil: don't call GetUserVerifier from the user session
GetUserVerifier can only be called from the greeter session,
and fails with AccessDenied in all other cases. Also, calling it
hides the real error from OpenReauthenticationChannel, which
instead should be logged.

https://bugzilla.gnome.org/show_bug.cgi?id=680750
2012-08-03 18:06:10 +02:00
Giovanni Campagna
46db9edacc Split some common code out of gdm/loginDialog
This will be reused by session unlocking.

https://bugzilla.gnome.org/show_bug.cgi?id=619955
2012-07-21 15:40:28 +02:00