Commit Graph

145 Commits

Author SHA1 Message Date
Ray Strode
7d5ce1a159 screenShield: fix lifting when inserting smartcard
If a user inserts the smartcard they logged in with into the system,
it's supposed to lift the shield and prompt for pin.  That doesn't
happen because the parameter list of the smartcard-inserted signal
handler is wrong.

This commit fixes that.

https://bugzilla.gnome.org/show_bug.cgi?id=726262
2014-03-13 14:01:01 -04:00
Giovanni Campagna
edd66c40d9 ScreenShield: send a signal to GSD to wake up the screen
Instead of poking through IDLETIME, which confuses the state tracking
and can prevent automatic suspend, send a special signal to GSD
when the screen is to be waken up for a notification.

Someday we'll bring over all the state tracking and avoid this
ping-pong between gnome-shell and gnome-settings-daemon, but
that day's not today.

https://bugzilla.gnome.org/show_bug.cgi?id=712706
2014-03-11 18:10:05 +01:00
Matt Watson
7c8c811134 Dispose cairo contexts in osdWindow and screenShield
Need to manually dispose of cairo contexts used in gjs with $dispose(),
or the context object will leak. These classes used cairo for drawing but
were missing the dispose call.

https://bugzilla.gnome.org/show_bug.cgi?id=722812
2014-01-28 16:46:10 -08:00
Giovanni Campagna
bfb0235fc6 Remove our custom hashmap implementation
gjs uses Spidermonkey 24, which implements Map from the ES6
specification, so we can use that instead.

https://bugzilla.gnome.org/show_bug.cgi?id=722210
2014-01-15 00:55:00 +01:00
Florian Müllner
deb2f30b37 js: Use EVENT_PROPAGATE/EVENT_STOP constants in event handlers
Just as SOURCE_CONTINUE/SOURCE_REMOVE in source functions, these
constants increase code clarity over plain true/false.

https://bugzilla.gnome.org/show_bug.cgi?id=719567
2013-12-16 18:27:19 +01:00
Florian Müllner
751a3f0e94 js: Use SOURCE_CONTINUE/SOURCE_REMOVE constants in source functions
With support for boolean constants in g-i, we can finally use the
more readable constants instead of true/false.

https://bugzilla.gnome.org/show_bug.cgi?id=719567
2013-12-16 18:27:19 +01:00
Jasper St. Pierre
b52e74b615 messageTray: Remove transient sources
As far as I can tell, the only behavior change of a transient source
is that they auto-destroy after viewing their summary box pointer.
Since all transient sources are only associated with transient
notifications, it seems that we can never get to their summary box
pointer in the first place! Remove support for this.

https://bugzilla.gnome.org/show_bug.cgi?id=710115
2013-12-04 20:25:28 -05:00
Florian Müllner
1c68aee577 screenShield: Fix details in notifications
bannerBodyMarkup is a boolean flag to indicate that bannerBodyText
contains markup, not the markup text itself.

https://bugzilla.gnome.org/show_bug.cgi?id=711416
2013-11-04 16:46:25 +01:00
Vinzenz Feenstra
4cda61a16a gdm: support pre-authenticated logins from oVirt
oVirt is software for managing medium-to-large scale deployments of
virtual machine guests across multiple hosts. It supports a feature
where users can authenticate with a central server and get
transparently connected to a guest system and then automatically get logged
into that guest to an associated user session.

Guests using old versions of GDM support this single-sign-on capability
by means of a greeter plugin, using the old greeter's extension
API.

This commit adds similar support to the gnome-shell based login screen.

How it works:

* The OVirtCredentialsManager singleton listens for

  'org.ovirt.vdsm.Credentials.UserAuthenticated'

  D-Bus signal on the system bus from the

  'org.ovirt.vdsm.Credentials'

  bus name. The service that provides that bus name is called
  the oVirt guest agent. It is also responsible for interacting
  with the the central server to get user credentials.

* This UserAuthenticated signal passes, as a parameter, the a token
  which needs to be passed through to the PAM service that is specifically
  set up to integrate with the oVirt authentication architecture.
  The singleton object keeps the token internally so it can be queried
  later on.

* The OVirtCredentialsManager emits a signal 'user-authenticated' on
  it's object once the dbus signal is triggered

* When the 'user-authenticated' signal is emitted, the login screen
  tells GDM to start user verification using the PAM service. The
  authentication stack of the service includes a PAM module
  provided by oVirt that securely retrieves user credentials
  from the oVirt guest agent. The PAM module then forwards those
  credentials on to other modules in the stack so, e.g.,
  the user's gnome keyring can be automatically unlocked.

* In case of the screen shield being visible, it also will react on that
  'user-authenticated' signal and lift the shield.
  In that case the login screen will check on construction time if
  the signal has already been triggered, and a token is available.
  If a token is available it will immediately trigger the functionality
  as described above.

Signed-off-by: Vinzenz Feenstra <evilissimo@redhat.com>

https://bugzilla.gnome.org/show_bug.cgi?id=702162
2013-10-14 13:54:30 -04:00
Giovanni Campagna
3e8ab0645b ScreenShield: fix a typo due to the MetaCursorTracker switch
And replace another show_cursor() usage with the new API.

Reviewed-by: Carlos Soriano in IRC.
2013-09-12 13:17:23 +02:00
Giovanni Campagna
c58448817b ShellGlobal: use MetaCursorTracker to query the pointer position
Gdk uses Xwayland, so it only sees the events we forward to X11
clients. Instead, we can use the abstraction API provided by
mutter and get the right value automatically.
Also, we need to use MetaCursorTracker to handle the cursor
visibility too.

https://bugzilla.gnome.org/show_bug.cgi?id=707467
2013-09-12 10:34:25 +02:00
Jasper St. Pierre
b7b1260540 screenShield: Don't fade in the lock dialog
We slide the shield over it, so the animation is rarely seen, and
since no other actor is under the lock screen, the not-cleared stage
can show through, causing weird issues when trying to blend.

https://bugzilla.gnome.org/show_bug.cgi?id=706841
2013-08-26 17:52:57 -04:00
Giovanni Campagna
e0574d2861 Replace GnomeIdleMonitor with MetaIdleMonitor
Now that GnomeIdleMonitor is a DBus API for mutter, we need to
use own in-process thing, to avoid dead locks.

https://bugzilla.gnome.org/show_bug.cgi?id=706005
2013-08-23 16:22:44 +02:00
Giovanni Campagna
c7e3289396 ScreenShield: hide the lightboxes when resuming from suspend
We show a lightbox when we suspend, to animate the fading to black
caused by turning off the monitors, but we need to hide it when
coming back, otherwise the user is just staring at a black screen
it until he moves the mouse or presses a key.

https://bugzilla.gnome.org/show_bug.cgi?id=706654
2013-08-23 14:21:02 +02:00
Giovanni Campagna
2a2bcc8984 ScreenShield: fade the screen to black when locking manually
When locking manually (or locking with an animation), fade the
screen to black after a small timeout. This provides a smoother
experience, instead of abruptly turning off the screen.

https://bugzilla.gnome.org/show_bug.cgi?id=699112
2013-08-20 21:52:06 +02:00
Giovanni Campagna
32613ba544 ScreenShield: switch resetLockScreen to accept keyword arguments
Having two booleans as argument is just confusing.

https://bugzilla.gnome.org/show_bug.cgi?id=699112
2013-08-20 21:51:39 +02:00
Giovanni Campagna
fdc0832506 ScreenShield: use the screensaver background
Now that that's configurable in the control center, we should
use the appropriate background here.

https://bugzilla.gnome.org/show_bug.cgi?id=688210
2013-08-20 14:11:44 +02:00
Ray Strode
059b75cdbb authPrompt: support smartcard authentication
This commit detects when a user inserts a smartcard,
and then initiates user verification using the gdm-smartcard
PAM service.

Likewise, if a user removes their smartcard, password verification
(or the user list depending on auth mode and configuration) are initiated

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:22:49 -04:00
Giovanni Campagna
ef09596648 ScreenShield: don't allow events through the lock dialog
Make the lock dialog group reactive, to intercept any events
before they go to the actors below.
In the future, we may restructure our chrome to have a clear
layer system, but for now it fixes a security issue in the lock
screen (you can see the contents of the windows by dragging
if the screen was locked with the overview active)

https://bugzilla.gnome.org/show_bug.cgi?id=705840
2013-08-13 17:10:01 +02:00
Giovanni Campagna
137cbbd141 ScreenShield: wake up the screen when new notifications appear
This way the user is immediately notified when something happens.

https://bugzilla.gnome.org/show_bug.cgi?id=703084
2013-08-07 10:33:15 +02:00
Giovanni Campagna
24f142df1d ScreenShield: animate new notifications
Showing the new message at full size marks an abrubt change and looks
bad. Instead, gradually animate from 0px to full natural height.
Includes hacks to workaround flickering scrollbars while the animation
is in progress.

https://bugzilla.gnome.org/show_bug.cgi?id=687660
2013-08-07 10:33:15 +02:00
Giovanni Campagna
b16ee1a3a6 ScreenShield: consolidate code that handles dialog cancellation
This way we ensure the same behavior everywhere.

https://bugzilla.gnome.org/show_bug.cgi?id=701731
2013-08-07 10:33:15 +02:00
Giovanni Campagna
1b8580f12b ScreenShield: don't create an unlock dialog if the screen is not locked
Creating the unlock dialog starts the GDM conversation and activates
the fingerprint sensors, so don't do it unless necessary.

https://bugzilla.gnome.org/show_bug.cgi?id=697833
2013-08-07 10:33:15 +02:00
Giovanni Campagna
aefdf15a45 ScreenShield: don't lock if the user has no password
If the user has no configured password (like the default user in
a live cd), the behavior should be as if the session was not locked
at all.

https://bugzilla.gnome.org/show_bug.cgi?id=701495
2013-08-07 10:33:15 +02:00
Giovanni Campagna
99af697cd7 ScreenShield: properly handle ensureUnlockDialog() failure
If that fails (which only ever happens in initial-setup mode, which
has no unlock or login dialog), we don't want to go ahead with
whatever we were doing.

https://bugzilla.gnome.org/show_bug.cgi?id=701848
2013-08-07 10:33:14 +02:00
Giovanni Campagna
a8ea6c2c66 ScreenShield: don't really deactivate when acting as a greeter
In greeter mode, we don't want to hide the login dialog, drop the
modal or send spurious signals to gnome-settings-daemon.

https://bugzilla.gnome.org/show_bug.cgi?id=701761
2013-08-06 16:08:36 +02:00
Giovanni Campagna
7652f4272c ScreenShield: remove curtain animation when hiding without animation
If we don't remove the animation, we might leave a pending call
to _lockScreenShown() which would confuse our state tracking into
thinking we're active when we're not.

https://bugzilla.gnome.org/show_bug.cgi?id=700901
2013-08-06 16:08:36 +02:00
Jasper St. Pierre
899f7da032 screenShield: Remove confusing name
We have both finishDeactivate and completeDeactivate. Don't.
2013-08-06 09:49:08 -04:00
Jasper St. Pierre
eec4334a78 screenShield: Don't crash when trying to deactivate the shield
If the user has a lock delay, or deactivate() has been called at
any other time, we need to check for the unlock dialog, as it may
not always exist.
2013-08-06 09:26:51 -04:00
Jasper St. Pierre
34db64234f screenShield: Never show a horizontal scrollbar on the lock screen
It just looks awful.

https://bugzilla.gnome.org/show_bug.cgi?id=704327
2013-08-02 11:29:17 -04:00
Ray Strode
ded99b9a09 screenShield: defer deactivation until all messages are shown
Right now when a user types their password to unlock their session
we end up getting an unlock signal from GDM right away.  We then
proceed to deactivate the screensaver before the user has a chance
to read his messages.

This commit makes sure we clear out the message queue before processing
the deactivation request.

https://bugzilla.gnome.org/show_bug.cgi?id=704347
2013-07-18 09:24:01 -04:00
Ray Strode
55a04bbf2b unlockDialog: don't unlock explicitly on verification-complete
logind sends out an "unlock" signal separately when
verification completes and we already listen for that,
so we don't need to unlock on verification-complete, too.

https://bugzilla.gnome.org/show_bug.cgi?id=704347
2013-07-18 09:23:15 -04:00
Giovanni Campagna
d509ab7779 ScreenShield: when the user goes idle, check for active before pushing a modal
We can't assume "isActive implies isModal", so there is a risk
of pushing a modal that nothing else will ever pop, because we
take the early return and don't activate the user active watch.

https://bugzilla.gnome.org/show_bug.cgi?id=700901
2013-07-04 15:16:27 +02:00
Lionel Landwerlin
7403545a48 screenShield: fix empty screen shield
If the drag action ends after something else has put the screen shield
into a different state we can end up in an inconsistent screen shield
state where the whole thing is empty.

https://bugzilla.gnome.org/show_bug.cgi?id=703126
2013-06-27 11:14:09 +01:00
Florian Müllner
41ae93dba0 screenShield: Clear clipboard on lock
Currently the clipboard's contents may leak to unauthorized parties by
pasting into the unlock dialog's password entry and unmasking the entry.
Prevent this from happening by clearing the clipboard on lock.

https://bugzilla.gnome.org/show_bug.cgi?id=698922
2013-06-05 16:22:27 +02:00
Colin Walters
ccfa3d3be1 Re-lock the screen if we're restarted from a previously crashed shell
This way we "fail closed", which is better for security.

See https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/1064584

https://bugzilla.gnome.org/show_bug.cgi?id=691987
2013-05-23 16:10:03 -04:00
Jasper St. Pierre
a259016436 screenShield: Pop the modal immediately
Allow people to start typing immediately after unlocking their
session, rather than having to wait for a transition.

https://bugzilla.gnome.org/show_bug.cgi?id=700847
2013-05-22 12:11:19 -04:00
Giovanni Campagna
2591bc90ac ScreenShield: mark music notifications as acknowledged immediately
After all, the user is seeing it (or will see them before unlocking),
so there is no point in queing them as banners.

https://bugzilla.gnome.org/show_bug.cgi?id=698812
2013-05-12 20:19:06 +02:00
Giovanni Campagna
61fe000daa ScreenShield: clear the lock screen early when deactivating
Upon popMode, MessageTray will try readding all notifications
to their rightful parent, so we must tell NotificationBox to
relinquish them before st_bin_set_child() fails (leaving a dangling
child pointer and crashing at the next allocation)

https://bugzilla.gnome.org/show_bug.cgi?id=698812
2013-05-12 20:19:06 +02:00
Jasper St. Pierre
1ee88a2878 screenShield: Ensure we destroy background container widgets
We may accidentally leak a widget when monitors change while
locked otherwise. This is especially bad because we put a
box-shadow on this widget.

https://bugzilla.gnome.org/show_bug.cgi?id=697300
2013-04-04 19:16:49 -04:00
Rui Matos
9d18a2dff4 screenShield: Go back to a shorter animation when locking manually
Increasing it was mostly to paper over animation jerkiness which
shouldn't be a problem anymore since we removed the desaturate and
blur effects.

https://bugzilla.gnome.org/show_bug.cgi?id=696380
2013-03-26 09:27:24 +01:00
Cosimo Cecchi
869e1dc241 loginManager: listen to the correct object path
Use GetSession() to get the valid object path for the current
XDG_SESSION_ID.

https://bugzilla.gnome.org/show_bug.cgi?id=696287
2013-03-25 20:53:13 -04:00
Jasper St. Pierre
ba198034cb screenShield: Remove blur and desaturation from lock screen
There's large performance issues with both the blur and desaturation
that make the screen shield hard to use on slower computers, and this
has always been a temporary stopgap until the user can pick a different
image for the lock screen.

https://bugzilla.gnome.org/show_bug.cgi?id=696322
2013-03-22 12:36:43 -04:00
Giovanni Campagna
a9815ae1e9 ScreenShield: don't animate arrows if the user is idle
If the user is idle, it is very likely the monitor is off too, so let's
save some power by avoiding animations noone is going to see.

https://bugzilla.gnome.org/show_bug.cgi?id=690857
2013-03-17 19:20:43 +01:00
Florian Müllner
4b3bf05aaf screenShield: Only release logind inhibitor on suspend
To make sure that the screen shield is shown before suspending, we
take a logind inhibitor and release it when the screen shield is
shown. As the screen shield is not only shown on suspend, we can end
up releasing the inhibitor independently from suspending (lock, idle),
in which case the screen might not be locked when we do suspend.
To fix, only release the inhibitor after showing the screen shield
when we are about to suspend.

https://bugzilla.gnome.org/show_bug.cgi?id=693708
2013-03-14 19:09:15 +01:00
Colin Walters
a87e0f028a screenShield: Also unlock on Return/Enter
Since that's what I always did before, having it ignore those is
driving me mad.

https://bugzilla.gnome.org/show_bug.cgi?id=686740
2013-03-13 13:27:34 -04:00
Jasper St. Pierre
209014b083 screenShield: Forward key presses to tne entry when raising the shield
https://bugzilla.gnome.org/show_bug.cgi?id=686740
2013-03-11 15:08:21 -04:00
Jasper St. Pierre
127f10e7a8 screenShield: Don't wait until the dialog is loaded before opening it
If we wait asynchronously, key presses while the shield is opening
will be dropped in the void.

https://bugzilla.gnome.org/show_bug.cgi?id=686740
2013-03-11 15:08:21 -04:00
Jasper St. Pierre
67615a0cbc screenShield: Remove bump on key press
Any key press of a character-emitting key will now raise the shell.
Note that the key press will not be forwarded to the entry yet.

https://bugzilla.gnome.org/show_bug.cgi?id=686740
2013-03-11 15:08:20 -04:00
Jasper St. Pierre
dde20f0c76 screenShield: Move opening of screen shield to key press
This makes the screen shield much more responsive.

https://bugzilla.gnome.org/show_bug.cgi?id=686740
2013-03-11 15:08:20 -04:00