Commit Graph

299 Commits

Author SHA1 Message Date
Xiaoguang Wang
fbc5e3709e loginDialog: Disable user list when no user
https://bugzilla.gnome.org/show_bug.cgi?id=731320
2017-07-07 11:21:09 -05:00
Michael Catanzaro
a00a186772 authPrompt: Remove stray tab character 2017-06-29 18:16:32 -05:00
Ray Strode
e3330b638a Revert "gdmUtil: Fix auth prompt drawing over user list"
This reverts commit 875a1d6159.

(this was pushed accidentally, isn't the right patch, and lacks
 a bug reference)
2017-06-28 13:16:22 -04:00
Michael Catanzaro
82e20f94f4 authPrompt: Reorder import
5b339c8371 put this in the wrong place.
2017-06-28 02:35:46 -05:00
Michael Catanzaro
293d1697fe Fix a typo 2017-06-26 13:47:19 -05:00
Ray Strode
875a1d6159 gdmUtil: Fix auth prompt drawing over user list
If the user fails to enter their password then hits escape, we
jump back to the user list, then ask again for a password in a
garbled screen. this commit fixes that by guarding against the retry
if the fail counter is reset.
2017-06-22 14:31:19 -04:00
Xiaoguang Wang
fcbb942e24 loginDialog: Fix session button can be clicked
When session menu button is hidden, button can be clicked and show popup
menu.

https://bugzilla.gnome.org/show_bug.cgi?id=781482
2017-04-19 10:27:41 -04:00
Florian Müllner
c0861b1227 gdm: Handle absence of Fprint.Manager service
We rely on the service to detect whether a fingerprint reader is
present. It is fine to not support fingerprint authentication
when the service is missing, but currently we don't handle this
case at all and end up with a non-functional login screen.

https://bugzilla.gnome.org/show_bug.cgi?id=780063
2017-03-20 19:02:07 +01:00
Ray Strode
93071d9167 loginDialog: don't allow type ahead at the login screen
It's weird if after you select a username from the user list, there's
a password already filled in.

This commit disables at that feature for the login screen
(but keeps it in tact for the unlock screen)

https://bugzilla.gnome.org/show_bug.cgi?id=766139
2017-02-14 03:05:33 +01:00
victoryang
5b339c8371 authPrompt.js: turn off the ellipsization of pam messages
When the user gets long failure messages from pam, the authPrompt
message label will clip the message and ellipsize with '…'.

This commit turns off ellipsization from the label, so it will
properly wrap.

https://bugzilla.gnome.org/show_bug.cgi?id=764445
2016-10-14 09:28:34 -04:00
Michael Catanzaro
cae4d92191 loginDialog: fix cancel button in ask for username mode
If the user clicks Not Listed? to enter ask for username mode, clicks
cancel, and then attempts to log in via the user list, the user will see
"Authentication failed" after correctly typing the password, and then
will become stuck in an empty screen with just the gray noise background.

The problem is, we forgot to disconnect from the signal that's waiting
for the next button to be pressed on the username entry screen. Since
the signal handler that executes here is expecting the username to be
input, and isn't prepared for us to have switched back to user list,
various bad things happen. We try to start two gdm-password
conversations at once, for instance, one using the user's password as
the username. I stopped investigating here, because it's easy to fix by
disconnecting from the signal at the right time.

https://bugzilla.gnome.org/show_bug.cgi?id=770328
2016-09-10 16:50:53 -05:00
Michael Catanzaro
c65a9c4d2e authPrompt: Do not allow bypassing disabled Sign In button
The Next and Sign In buttons are disabled when the username/password
field is empty. However, the user can still bypass this button by
pressing the enter key, leading to some odd glitches with the log in
for 'Not Listed?' users.

This is easy to fix by simply not progressing to the next screen when
the button is disabled.

https://bugzilla.gnome.org/show_bug.cgi?id=746180
2016-01-07 17:19:04 -06:00
Michael Catanzaro
3803a880e8 loginDialog: Reconsider user for user list when user changes
Generally a user-changed operation will be uninteresting, but if the
user is currently in the user list and the account changes to locked, we
want to remove it from the list, or if the user is not in the list and
the account changed to unlocked, we want to add it to the list. This
fixes the case where a new user account created in gnome-control-center
does not appear in the user list. The password mode is set in the new
account immediately after it is created, but the operations are not
atomic, so the login dialog considers the new user account when it is
still locked and rejects it from being displayed, then immediately
afterwards the account is unlocked. This commit causes the login dialog
to show the account when this occurs.

The containsUser() check here is not strictly necessary, but reduces
spurious calls to addUser() and removeUser(), since there's no easy way
to check if the locked status of the account has changed (as it's much
easier to connect to one signal on the UserManager than to
notify::locked on each User object).

https://bugzilla.gnome.org/show_bug.cgi?id=758568
2015-12-02 18:23:36 +01:00
Michael Catanzaro
e1e08f0a68 loginDialog: Fix TypeError when user is deleted
LoginDialog has a private _user, but UserListItem has a public user.
Easy to get wrong since _user would be the right thing to type in 90% of
this file.
2015-11-23 17:44:49 -06:00
Ray Strode
489b96a310 gdm: don't emit start-session-when-ready from idle function
There's no point in delaying the emission.  We should do it
right away.

https://bugzilla.gnome.org/show_bug.cgi?id=754814
2015-10-20 17:10:06 -04:00
Michael Catanzaro
50b59e0ca6 batch: Add old commit message as comment at top of file
This is a lightly-edited version of Ray's commit message in
4902a600d5.
2015-10-13 14:43:39 -05:00
Florian Müllner
09dbe17da0 loginDialog: Limit user list to the available height
We currently will always allocate the user list's preferred size, so it
will grow indefinitely and never scroll; limit the height instead to
get the desired scrolling behavior when necessary.

https://bugzilla.gnome.org/show_bug.cgi?id=754525
2015-09-03 15:45:39 +02:00
Rui Matos
f2d4aa0822 authPrompt: hide/stop spinner after verfiication completes
When the user successfully types their password, we should hide
the spinner from the button well right away, so it doesn't
consume resources until reset (which may happen significantly later
if the user is vt switched away)

https://bugzilla.gnome.org/show_bug.cgi?id=753891
2015-08-31 15:24:27 -04:00
Ray Strode
030a22d795 authPrompt: stop spinner after its hidden
The code previously tried to stop spinner after it was hidden, but
due to an incorrect check was only stoppig it after it was shown.

Also, it was only stopping after hiding due to an animation, and
failing to stop it in the non-animated case.

This left the spinner hidden and running while VT switched away
from the login screen, only stopping when the auth prompt was
reset when switching back.

https://bugzilla.gnome.org/show_bug.cgi?id=753891
2015-08-31 15:19:26 -04:00
Ray Strode
08506eac2d gdm: clear user verifier when finished with it
We only need the user verifier for the purpose of user verification.
Once it's complete we should clear it so it doesn't get in the way
later.

This fixes a bug introduced in commit 3c8c5a5570 that leads to the
user session crashing when the login screen is reactivated.

https://bugzilla.gnome.org/show_bug.cgi?id=753181
2015-08-05 09:40:17 -04:00
Ray Strode
02c6b0374d gdm: make user list fade-in on vt switch more reliable
We fade out the authentication prompt when a user successfully
logs into a user session. We reset it and fade it back in when
the user switches back to the login screen VT.

The problem is, we only fade it back in if the auth prompt status is
VERIFICATION_SUCCEEDED.  It's possible for it to be NOT_VERIFYING
if the authprompt gets reset for some other reason in the interim.

This commit changes the check to be more precise. We now only skip
the fade-in, if we're already faded in, and we only skip the reset if
we're already reset.

https://bugzilla.gnome.org/show_bug.cgi?id=753181
2015-08-05 09:40:15 -04:00
Jakub Steiner
27a7194634 spinner: use a 60fps spinner
- sync with gtk+ and provide a fluid spinner

https://bugzilla.gnome.org/show_bug.cgi?id=753064
2015-08-05 13:44:32 +02:00
Ray Strode
778ad49ab4 authPrompt: allow cancellation before verification starts
The user should be allowed to cancel if verification hasn't
started yet and they're typing in their username. This
commit changes the authPrompt cancel function to not
ignore such requests.

https://bugzilla.gnome.org/show_bug.cgi?id=752739
2015-07-24 09:44:24 -04:00
Ray Strode
fe7dd1305f authPrompt: don't allow next if entry is empty
Normally the user isn't allowed to proceed passed
the username question until they've filled it in.
To ensure this, the authprompt code desensitizes
the next button when the number of characters change to
zero.

Unfortunately it fails to desensitize the next button
up front when the entry starts out empty.

This commit addresses that bug.

https://bugzilla.gnome.org/show_bug.cgi?id=752739
2015-07-24 09:44:23 -04:00
Ray Strode
378a3df5ea authPrompt: set next button to next when asking for username
If the next button ever gets set to Sign In, it won't
get reset to next until the next question asked by pam.

This commit ensures it gets reset to Next when asking
for the username.

https://bugzilla.gnome.org/show_bug.cgi?id=752739
2015-07-24 09:44:21 -04:00
Ray Strode
fd3f03580d gdm: unconditionally cancel auth user verifier on reset
We currently only cancel the user verifier on reset if
verifying, but that means we don't properly cancel it when
asking for a username at the Not Listed screen.

The object already handles getting called when there is
nothing to cancel, so just cancel it unconditionally.

https://bugzilla.gnome.org/show_bug.cgi?id=752438
2015-07-16 09:41:39 -04:00
Ray Strode
0003760fd9 gdm: fix banner allocation computation
The code to figure how how much room that banner had was wrong.
This commit fixes it.

https://bugzilla.gnome.org/show_bug.cgi?id=751517
2015-06-25 16:04:14 -04:00
Shivam Mishra
6660342d2f authPrompt: Fix hang if user types password really fast
It's possible for a user to type their password so quickly
that GDM hasn't even had time to ask for the password yet,
much less have time to process the answer.
In that situation, we tuck the user response away as
_preemptiveAnswer, and pass it along to GDM when GDM is finally
ready for it.
The problem is, there's a bug in the code, where we send
null for the service name in the answer, instead of the right
service name (say "gdm-password").
This commit addresses the bug by making sure we don't pass the
answer along, until the service name is properly set in
_queryingService. To ensure that, answering query (answerQuery)
based on _preemptiveAnswer has been shifted right below
this._queryingService = serviceName;

https://bugzilla.gnome.org/show_bug.cgi?id=737586
2015-04-07 16:02:21 -04:00
Clément Guérin
8e802fd32f gdm: use integer coordinates for login dialog actors
If the login screen actors aren't placed at pixel
boundaries then they will show up blurred with fuzzy
text.

This commit ensures all actor allocations are floored
to integer coordinates.

https://bugzilla.gnome.org/show_bug.cgi?id=746912
2015-03-27 17:25:06 -04:00
Adel Gadllah
b00a1d6b7f Revert "Revert "Give user 48ms to read each character of a PAM message, earlier it was 16ms""
I mean't to attach that to the bug not revert it.

This reverts commit 23a9fb0314.
2015-03-27 14:36:05 +01:00
Adel Gadllah
23a9fb0314 Revert "Give user 48ms to read each character of a PAM message, earlier it was 16ms"
Seriously there has to be a better way to deal with this then slowing down
login for messages that hardly anyone cares about.

https://bugzilla.gnome.org/show_bug.cgi?id=720885

This reverts commit 8897385714.
2015-03-27 14:33:52 +01:00
Sarvjeet
8897385714 Give user 48ms to read each character of a PAM message, earlier it was 16ms
User read time per character has been changed from 16ms to 48ms because the
message of information about last login is displayed for half a sec that is not
a good user experience. So time to read a character is increased to 48ms from 16ms.

https://bugzilla.gnome.org/show_bug.cgi?id=720885
2015-03-26 18:42:00 -05:00
Florian Müllner
9934529a0b loginDialog: Move long session-list menus to the side
Currently the menu position below the button means that the menu
can extend to roughly half the screen height before ending up partly
off-screen. This is plenty of space for commonly installed sessions,
but some users have a significantly higher number of sessions in the
list. Move the menu to the side of the button in that case to maximize
the vertical space the menu may take up.

https://bugzilla.gnome.org/show_bug.cgi?id=734352
2015-03-23 20:25:21 +01:00
Ray Strode
e5270cb6ec Revert "loginDialog: Don't arbitrarily pick a random session for the user"
This reverts commit 6d40cb98e7.

https://bugzilla.gnome.org/show_bug.cgi?id=740142
2015-03-18 12:44:37 -04:00
Ray Strode
ee360d8749 Revert "loginDialog: Better handle setting the active session"
This reverts commit 681861c8c7.

https://bugzilla.gnome.org/show_bug.cgi?id=740142
2015-03-18 12:44:37 -04:00
Ray Strode
b1de1ada25 gdm: fix empty user list on user switching
There's some vestigial code for hiding the user list
that runs at the same time its parent is hidden.

Only the parent should be hidden, at this point, so
there's situations where the user list hides and
never comes back.

This commit fixes that, by deleting the vestigial code.

https://bugzilla.gnome.org/show_bug.cgi?id=719418
2015-03-17 12:22:06 -04:00
Jasper St. Pierre
681861c8c7 loginDialog: Better handle setting the active session
We currently use the setActiveSession method to both mark a menu item as
selected, and also tell gdm about the current session the user selected.

Since gdm is ultimately in charge of the state, we should decouple this
and simply ask gdm to set the session, and have the menu item reflect
what gdm thinks is the current session.

This prevents state getting mismatched and oscillations from happening,
where we get in a loop of constantly telling gdm what the session is.

https://bugzilla.gnome.org/show_bug.cgi?id=740142
2015-03-16 17:47:27 -04:00
Jasper St. Pierre
6d40cb98e7 loginDialog: Don't arbitrarily pick a random session for the user
gdm should be in charge of telling us the default session, and it
should pick one for the user if she doesn't already have one.

https://bugzilla.gnome.org/show_bug.cgi?id=740142
2015-03-16 17:47:27 -04:00
Ray Strode
5650355da5 gdm: fix handling of removed smartcard at startup
If a smartcard is missing from the reader when we start up,
and the system is configured to disable password authentication,
then we need to ask the user to insert their smartcard.

This commit fixes that.

https://bugzilla.gnome.org/show_bug.cgi?id=740143
2015-03-16 13:45:50 -04:00
Florian Müllner
8eb0782f25 loginDialog: Pass-through UserWidget's label-actor
https://bugzilla.gnome.org/show_bug.cgi?id=729603
2015-03-06 17:24:13 +01:00
David Liang
e23a03d639 gdm: prevent nextSignalId from being connected multiply times
The problem is caused by '_askForUsernameAndBeginVerification' being
called multiply times. So when we click 'next', the old connected
function will also be executed.
2015-02-26 15:45:12 -05:00
Jakub Steiner
48cfd35b65 theme: a button is a button is a button
https://bugzilla.gnome.org/show_bug.cgi?id=737785
2015-02-20 15:16:06 +01:00
Ray Strode
d04340c675 loginDialog: fix reactivity of first user in user list
After the login banner is shown and hidden, the first user
in the user list becomes non-reactive.  This is because the
banner is given an opacity of 0, but still allocated.

This commit fixes that by hiding the banner explicitly.

https://bugzilla.gnome.org/show_bug.cgi?id=743370
2015-01-22 16:56:31 -05:00
Ray Strode
c556d28b98 loginDialog: reset greeter proxy on auth prompt reset
Normally when a user uses the login screen to log in, the
login screen gets killed and the user session takes over
the display.

This doesn't happen for wayland sessions, though. Instead,
the login screen gets reset, and the wayland session is started
on another VT.

The greeter proxy object needs to be recreated after this reset,
since it's associated with state no longer coupled to the login
screen after the reset.

This commit moves greeter proxy creation to happen at reset time.

https://bugzilla.gnome.org/show_bug.cgi?id=743371
2015-01-22 14:02:50 -05:00
Florian Müllner
e0eebc90e0 Rename KeyBindingMode to ActionMode
The keybinding mode is no longer used exclusively for actions triggered
by keybindings, so reflect this by a more generic name.

https://bugzilla.gnome.org/show_bug.cgi?id=740237
2014-12-19 11:39:50 +01:00
Ray Strode
7b9be2188a loginDialog: use two column view if banner message long
Frequently banner messages are longer than can reasonable
fit in a one column view, which leads to a smooshed layout.

This commit changes the layout to a two column view, with the
banner on the left and the prompt on the right, if the banner
message is long enough that it can't fit well above the prompt.
If there isn't enough space for two columns then we keep the
one column layout but add scrollbars.

https://bugzilla.gnome.org/show_bug.cgi?id=703972
2014-12-18 13:58:10 -05:00
Ray Strode
117a81e06f loginDialog: display banner message when disable-user-list=true
The login screen supports showing a banner message which admins
can use to mention login rules or disclaimers.

This message only shows up currently if the user list is enabled.
Most people who want to show a banner message also want to disable
the user list.

This commit moves the banner message to display when the user is
prompted for login credentials instead of when showing the user
list. It also adds a scrollbar if the message is too long.

https://bugzilla.gnome.org/show_bug.cgi?id=703972
2014-12-18 13:58:09 -05:00
Ray Strode
522fe8e8bf loginDialog: allocate children manually
The login screen is pretty custom full screen container and the standard
layout managers aren't really a good fit for the kind of layout that's
happening. This will be even more problematic with upcoming changes
to login banners, so we need to switch techniques.

This commit moves login dialog over to using a custom allocate handler
that has specific domain knowledge of the parts of the login screen
and where they go.

https://bugzilla.gnome.org/show_bug.cgi?id=703972
2014-12-18 13:58:09 -05:00
Ray Strode
5961f162fa gdm: fix sensitivity of auth prompt when cancelling early and user list is disabled
If the user list is disabled and the user clicks cancel quickly enough
after typing their username, they can get in a state where the
auth prompt gets stuck in the insensitive state.

This is because the login dialog code makes the prompt insensitive
while while pam is processing the provided username, but the prompt
only makes itself sensitive again when it is hidden.

This commit makes it sensitive right before asking for a username again.

https://bugzilla.gnome.org/show_bug.cgi?id=740141
2014-11-17 12:11:03 -05:00
Ray Strode
5d440fa8d9 gdm: disallow cancel after verification succeeds
Once verification has succeeded, the train's already
left the building and we shouldn't allow canceling.

This commit renders the cancel button non-reactive
and makes the cancel function be a noop after
verification succeeds.

https://bugzilla.gnome.org/show_bug.cgi?id=740141
2014-11-17 12:11:02 -05:00
Jasper St. Pierre
0f63ad0fc1 gdm: Don't throw an error if there's no logo file 2014-10-14 20:00:25 -07:00
Cosimo Cecchi
49c4ba5656 theme: make a GResource
Now that we have all the infrastructure ready, port the theme to a
GResource.

https://bugzilla.gnome.org/show_bug.cgi?id=736936
2014-10-14 18:54:18 -07:00
Cosimo Cecchi
328bb1c21b st: always use GFile internally
We're moving the theme infrastructure towards GResource, so as a first
step move all the loading to use GFiles instead of URIs or paths.

https://bugzilla.gnome.org/show_bug.cgi?id=736936
2014-10-14 18:53:39 -07:00
Owen W. Taylor
6a969b934f gdm: fix missing braces
Incorrect braces meant that if the ShellUserVerifier was destroyed before
the call to fprintManager.GetDefaultDeviceRemote(), the reply would result in
an error.

https://bugzilla.gnome.org/show_bug.cgi?id=738256
2014-10-13 11:50:12 -04:00
Owen W. Taylor
8d3ff56846 gdm: disconnect signals
Many signal connections on global objects and on non-widgets were not
disconnected when the unlock screen was destroyed, causing leaks.

https://bugzilla.gnome.org/show_bug.cgi?id=738256
2014-10-13 11:50:11 -04:00
Owen W. Taylor
d8d046f2b3 AuthPrompt: properly remove user widgets
When replacing a user widget, we need to destroy the child, not just
unparent it, or it will leak.

https://bugzilla.gnome.org/show_bug.cgi?id=738256
2014-10-13 11:50:11 -04:00
Jasper St. Pierre
589e6c29f3 loginDialog: Push a modal for LOCK_SCREEN
So that we're in the correct keybinding mode.
2014-07-27 08:18:51 -04:00
Jasper St. Pierre
4b46533ce8 loginDialog: Fix the removal from the ctrlAltTabManager
When we ported away from ModalDialog, we forgot to change this one
reference to the dialog layout. Change it now.
2014-07-27 08:12:27 -04:00
Jasper St. Pierre
83cb26d70e js: Adapt to GSettings API change
The 'schema' property has been deprecated for a long time. Even though
this will likely be reverted in glib, let's stop using it.
2014-06-24 15:17:09 -04:00
Florian Müllner
2a63267be0 loginDialog: Remove unused variable 2014-05-28 22:01:54 +02:00
Bastien Nocera
cd2bd7685a js: Name all the timeouts and idles
With very uninventive names. Names now, good names later.

https://bugzilla.gnome.org/show_bug.cgi?id=727983
2014-04-10 21:08:16 +02:00
Cosimo Cecchi
9c88fec4fc texture-cache: use scale factor for load_uri_async()
https://bugzilla.gnome.org/show_bug.cgi?id=726907
2014-03-28 10:53:01 -07:00
Jasper St. Pierre
be291ee4f9 loginScreen: reset greeter when coming back to login screen
When a user logs in to a wayland session, we keep the login screen
running on the X server with the login screen running in a deactivated mode.

This commit makes sure it get reactivated when the user comes back to
the VT (from user switching, logout or just ctrl-alt-f1).

https://bugzilla.gnome.org/show_bug.cgi?id=726989
2014-03-25 10:41:12 -04:00
Ray Strode
f6ed3d9f88 authPrompt: Don't ever ask for a username if smartcard service is in foreground
The smartcard service is put in the foreground in two cases:

1) If password service is disabled by admin configuratoin
2) if a smartcard is inserted

In either case we don't want to ask the user to pick a user from the
userlist.  We currently only avoid asking in case 2.

This commit fixes case 1.

https://bugzilla.gnome.org/show_bug.cgi?id=726263
2014-03-13 15:08:00 -04:00
Ray Strode
ff5550c82b util: fix "login card" smartcard detection on unlock screen
We only want to react to the card the user logged in with, at
the unlock screen.  We check "at the unlock screen" by checking
the "reauthenticating" state variable.  That variable is the
wrong one, though. It gets set too late, and in some cases, gets
set at the login screen, too.  We should be checking this._reauthOnly
instead.

This commit fixes that.

https://bugzilla.gnome.org/show_bug.cgi?id=726262
2014-03-13 14:01:02 -04:00
Florian Müllner
0ba05b29b9 loginDialog: Defer loading user list until needed
Loading the user list can be expensive, for instance when there is
a large number of users and/or their avatars have to be fetched over
the network. In case the user list is disabled anyway, there is no
point in doing that work just to hide it, so stop doing that.

https://bugzilla.gnome.org/show_bug.cgi?id=725905
2014-03-08 00:29:11 +01:00
Florian Müllner
ef8123e3a2 loginDialog: Add missing return value
_loadUserList() may be used as idle handler, so we should explicitly
return a boolean.

https://bugzilla.gnome.org/show_bug.cgi?id=725905
2014-03-08 00:29:10 +01:00
Ray Strode
765d0228c0 loginDialog: move user list loading after actors are constructed
Right now we queue populating the user list in the middle of setting
up the dialog actors. Of course, the actual population happens some time
later after going back to the main loop.

It's more logical to structure the code so the the actors are
instantiated first in one block and then other things after that.

This commit moves the user list population enqueuing operation to the
bottom of the constuctor.

https://bugzilla.gnome.org/show_bug.cgi?id=721868
2014-01-13 12:42:39 -05:00
Ray Strode
2d2020a20d loginDialog: defer loading user list until idle
In some cases we load the user list after going back
to main loop and in other cases we load the user list
right away (depending on if accounts service is ready).

In the case we load the user list right away we cause a
traceback because loading the user list forces a reset,
which then tries to reset actors which aren't instantiated
yet.

This commit ensures the user list is loaded after the constructor
finishes and the event loop runs irregardless of the accountsservice
state.

https://bugzilla.gnome.org/show_bug.cgi?id=721868
2014-01-13 12:42:33 -05:00
Andika Triwidada
f3dad3765e Changed obsolete FSF postal address.
https://bugzilla.gnome.org/show_bug.cgi?id=721507
2014-01-08 04:35:14 +07:00
Florian Müllner
deb2f30b37 js: Use EVENT_PROPAGATE/EVENT_STOP constants in event handlers
Just as SOURCE_CONTINUE/SOURCE_REMOVE in source functions, these
constants increase code clarity over plain true/false.

https://bugzilla.gnome.org/show_bug.cgi?id=719567
2013-12-16 18:27:19 +01:00
Florian Müllner
751a3f0e94 js: Use SOURCE_CONTINUE/SOURCE_REMOVE constants in source functions
With support for boolean constants in g-i, we can finally use the
more readable constants instead of true/false.

https://bugzilla.gnome.org/show_bug.cgi?id=719567
2013-12-16 18:27:19 +01:00
Yosef Or Boczko
49189e0e43 authPrompt: Explicitly set horizontal alignment
When set to fill, the label will always end up left-aligned, which
is only correct in LTR locales. Set the alignment explicitly to
work in both RTL and LTR locales.

https://bugzilla.gnome.org/show_bug.cgi?id=712638
2013-12-11 22:36:15 +02:00
Florian Müllner
729c962b7c loginDialog: Implement cancel()
The screen shield expects a cancel() method on the unlockDialog
implementation, but LoginDialog does not provide it currently.

https://bugzilla.gnome.org/show_bug.cgi?id=719378
2013-11-27 14:30:24 +01:00
Ray Strode
b2f547e934 authPrompt: propagate gdm "reset" signal after user switching
After a user types in their password at the login screen, one
of two things can happen

1) a new session is started
2) an existing session is switched to

In the latter case, GDM sends a reset signal to the login screen,
so it knows to go back to the user list and wait to be summoned
again.

Unfortunately, all reset signals are ignored after verification
success.  The reason is because the reset handler was copied from
the unlock dialog as part of a deduplication effort in commit
7e7295f259 and the unlock dialog
handler at the time also emitted a "failed" signal on reset
(which wouldn't make sense to emit after success).

These days "failed" is handled in a different way.

This commit changes the code to let reset signals through after
successful verification.

https://bugzilla.gnome.org/show_bug.cgi?id=710456
2013-11-25 22:38:44 -05:00
Jasper St. Pierre
04a00f6564 loginDialog: Use UserWidget
https://bugzilla.gnome.org/show_bug.cgi?id=706851
2013-10-30 13:19:02 -04:00
Tim Lunn
b908a3d70a Stringify the xml definitions for E4X removal
https://bugzilla.gnome.org/show_bug.cgi?id=691409
2013-10-25 08:57:27 +11:00
Vinzenz Feenstra
4cda61a16a gdm: support pre-authenticated logins from oVirt
oVirt is software for managing medium-to-large scale deployments of
virtual machine guests across multiple hosts. It supports a feature
where users can authenticate with a central server and get
transparently connected to a guest system and then automatically get logged
into that guest to an associated user session.

Guests using old versions of GDM support this single-sign-on capability
by means of a greeter plugin, using the old greeter's extension
API.

This commit adds similar support to the gnome-shell based login screen.

How it works:

* The OVirtCredentialsManager singleton listens for

  'org.ovirt.vdsm.Credentials.UserAuthenticated'

  D-Bus signal on the system bus from the

  'org.ovirt.vdsm.Credentials'

  bus name. The service that provides that bus name is called
  the oVirt guest agent. It is also responsible for interacting
  with the the central server to get user credentials.

* This UserAuthenticated signal passes, as a parameter, the a token
  which needs to be passed through to the PAM service that is specifically
  set up to integrate with the oVirt authentication architecture.
  The singleton object keeps the token internally so it can be queried
  later on.

* The OVirtCredentialsManager emits a signal 'user-authenticated' on
  it's object once the dbus signal is triggered

* When the 'user-authenticated' signal is emitted, the login screen
  tells GDM to start user verification using the PAM service. The
  authentication stack of the service includes a PAM module
  provided by oVirt that securely retrieves user credentials
  from the oVirt guest agent. The PAM module then forwards those
  credentials on to other modules in the stack so, e.g.,
  the user's gnome keyring can be automatically unlocked.

* In case of the screen shield being visible, it also will react on that
  'user-authenticated' signal and lift the shield.
  In that case the login screen will check on construction time if
  the signal has already been triggered, and a token is available.
  If a token is available it will immediately trigger the functionality
  as described above.

Signed-off-by: Vinzenz Feenstra <evilissimo@redhat.com>

https://bugzilla.gnome.org/show_bug.cgi?id=702162
2013-10-14 13:54:30 -04:00
Jasper St. Pierre
8737b06559 loginDialog: MessageType is now in GdmUtil
https://bugzilla.gnome.org/show_bug.cgi?id=709286
2013-10-02 13:58:09 -04:00
Florian Müllner
02c99e4b25 authPrompt: Clear _queryingService on verification failure
A conversation is finished after failing, and we are expecting a new
one to be started shortly after. However if we encounter an existing
reference to a previously set _queryingService, we will clear the
password entry, which might already contain a partially typed password
at that point. The behavior does make sense in the case of conflicting
conversations, but in the failure case it is both unexpected and
annoying, so clear _queryingService early to prevent this.

https://bugzilla.gnome.org/show_bug.cgi?id=708186
2013-09-23 13:32:17 +02:00
Jasper St. Pierre
0b79e9cc9e loginDialog: Remove "Session" subtitle heading
It doesn't really add any value at all.

https://bugzilla.gnome.org/show_bug.cgi?id=707072
2013-08-30 10:45:46 -04:00
Ray Strode
8b977252f3 loginDialog: show session menu button when in auth failed
Right now we only show the session menu button when verifying,
but we should also show it when verification is failed or we
can end up in situation where the session menu disappears during
an authentication retry.

https://bugzilla.gnome.org/show_bug.cgi?id=707064
2013-08-29 14:02:21 -04:00
Ray Strode
88e3f6af47 authPrompt: give message label an initial style
This commit consolidates the styles of the various
message types into one 'login-dialog-message' style
and then adds additional styles on top to cover the
differences.

This allows us to give the message label an initial
style so that is padded properly before any messages
are displayed.

https://bugzilla.gnome.org/show_bug.cgi?id=706670
2013-08-27 10:20:16 -04:00
Jasper St. Pierre
41aa14eaf0 gdm: Remove constraints from authPrompt / loginDialog as well
https://bugzilla.gnome.org/show_bug.cgi?id=706843
2013-08-26 19:05:15 -04:00
Jasper St. Pierre
80ab28bc3a loginDialog: Fade in the gdm auth prompt on login 2013-08-26 18:17:35 -04:00
Jasper St. Pierre
48b7ebe1c0 loginDialog: Remove useless style class manipulation
StWidget already does this for us.
2013-08-26 18:17:35 -04:00
Jasper St. Pierre
c59cf18337 loginDialog: Provide a finish method
The screenShield expects to be able to call finish on the dialog.
2013-08-26 18:04:20 -04:00
Ray Strode
44e3811520 loginDialog: ask for username up front if disable-user-list==TRUE
Right now, we rely on PAM to ask for the username if disable-user-list
is TRUE.  This is suboptimal because it means we can't check if we
should show a session menu.

This commit changes disable-user-list==TRUE to ask for a username up
front, rather than have PAM do it.

https://bugzilla.gnome.org/show_bug.cgi?id=706607
2013-08-23 11:40:35 -04:00
Ray Strode
5f9e50175f loginDialog: add support for auth without username / fix Not Listed?
commit 93f072d1fc attempted to
add support for auth without a username to the login screen, but
do to a messed up rebase only partially added it.

This commit fixes that.

https://bugzilla.gnome.org/show_bug.cgi?id=706607
2013-08-22 15:40:55 -04:00
Ray Strode
9720301d01 gdmUtil: make _startService support no username
commit fd11ad95f6 factored
out duplicated code, but unintentionally dropped support
for beginning verification without a username.

This commit brings it back.

https://bugzilla.gnome.org/show_bug.cgi?id=706542
2013-08-22 09:40:51 -04:00
Ray Strode
a7bbbad185 loginDialog: consolidate message label and login hint label
Right now the login hint is showing up just above the the cancel
button, instead of just below the text entry field.

The mockup here:

https://raw.github.com/gnome-design-team/gnome-mockups/master/system-lock-login-boot/login-dissect.png

Says it should share a label with the PAM info/error messages.

This commit consolidates the two labels.

https://bugzilla.gnome.org/show_bug.cgi?id=706324
2013-08-19 15:13:01 -04:00
Ray Strode
059b75cdbb authPrompt: support smartcard authentication
This commit detects when a user inserts a smartcard,
and then initiates user verification using the gdm-smartcard
PAM service.

Likewise, if a user removes their smartcard, password verification
(or the user list depending on auth mode and configuration) are initiated

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:22:49 -04:00
Ray Strode
4394a05243 gdmUtil: support disabling password authentication
This commit skips trying password authentication if it's
disallowed, favoring fingerprint login instead.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:37 -04:00
Ray Strode
fd11ad95f6 gdmUtil: factor out some duplicated code in beginVerification
The duplication makes the function look a lot more complicated
than it actually is.

This commit moves the common code to a new _startService function.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:37 -04:00
Ray Strode
07b57de03e authPrompt: emit prompted when given a message
Some pam modules prompt without expecting the user to type
an answer back (e.g. "Please swipe finger").  We need to
emit prompted in this case too, so the the dialog will get shown.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:37 -04:00
Ray Strode
a2a5f5df3f gdmUtil: pave way for fingeprint to optionally be default auth service
Currently, fingerprint authentication is always a secondary thing.
If a user wants to swipe their finger when the computer is asking
for a password, so be it.

This commit paves the way for making fingerprint auth optionally
be the main way to authenticate.  Currently there's no way to enable
this, but in a future commit will honor

enable-password-authentication=false

in gsettings.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:33 -04:00
Ray Strode
148f2210ca util: abstract out default auth service in code
Right now, the primary way a user logs in is with
a password. They can also swipe their finger, if their
fingerprint is enrolled, but it's expected the fingerprint
auth service won't ask questions the user has to respond to
by typing. As such, we ignore questions that comes from
anything but the main auth service: gdm-password.

In the future, if a user inserts a smartcard, we'll want
to treat the gdm-smartcard service as the main auth service,
and let any questions from it get to the user.

This commit tries to prepare for that eventuality by storing
the name of the default auth service away in a _defaultService variable
before verification has begun, and then later checking incoming
queries against that service instead of checking against
string 'gdm-password' directly.

Of course, right now, _defaultService is always gdm-password.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
93f072d1fc authPrompt: add support for auth without username
This commit introduces a new BeginRequestType enum which gets
passed to the 'reset' signal to specify whether
a username should be provided to the begin() method and changes
the loginDialog to comply.

Currently, the signal only ever gets emitted with

AuthPrompt.BeginRequestType.PROVIDE_USERNAME

but that will change in the future when providing smartcard
support.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
1104a385fa unlockDialog: only emit 'failed' on reset after failure/cancel
We currently emit "failed" any time the UserVerifier is reset,
and user verification didn't succeed prior.

A more conceptually clear time to emit "failed" would be if
the UserVerifier is reset and user verification failed prior,
and to emit "failed" if the user cancels unlock.

This commit restructures things to do that. Aside from being
more conceptually clear, it also lays the groundwork for us
to be able to reset the unlock screen without failing.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
f5b2febf13 authPrompt: cancel user verification if verifying when reset
authPrompt.reset() currently only leaves the authPrompt in a
sane state if the user isn't verifying.

This commit makes sure to cancel verification if a reset happens
while verification is in process.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00