Commit Graph

175 Commits

Author SHA1 Message Date
Florian Müllner
a786f0bcd2 screenShield: Do not take an inhibitor when disabled by lockdown
Just as with the normal lock screen settings, we shouldn't request
a logind inhibitor when locking is disabled via lockdown settings.

https://bugzilla.gnome.org/show_bug.cgi?id=780212
2017-03-20 19:02:08 +01:00
Florian Müllner
199bc85bce screenShield: Do not lock the screen when locked down
When using the 'disable-lock-screen' setting to lock down the screen
lock, the expectation is that users cannot lock the screen. However
as it turns out, all the setting currently does is hiding the lock
button in the system menu and making the lock settings in the privacy
panel inactive. That means that if the 'lock-screen-enabled' setting
isn't disabled and locked down as well, we will just continue to
lock the screen on inactivity - not to mention the keyboard shortcut
that isn't subject to that setting anyway.

Instead of expecting administrators to hunt down every possible way
of locking the screen and disabling it individually, we can easily
handle all cases by refusing to lock the screen when disabled by the
lockdown settings.

https://bugzilla.gnome.org/show_bug.cgi?id=780212
2017-03-20 19:02:08 +01:00
Florian Müllner
347972e45f screenShield: Raise lightbox on blank
The lightboxes used for screen blanking are created during initialization
and shown each time the screen should blank. During the (potentially long)
time where the lightbox is hidden, any actor could be raised above the
lightbox - in particular any popup menu raises itself to the top when
opened. To not exclude those elements from screen blanking, raise the
lightbox every time it is shown.

https://bugzilla.gnome.org/show_bug.cgi?id=773875
2016-11-03 21:15:20 +01:00
Florian Müllner
205880e74e screenShield: Only allow graphs to lift shield when locked
Since commit 67615a0cbc, any printable key can be used to lift the
screen shield rather than just escape/enter/space. While this is
convenient for unlocking where the input is forwarded to the password
entry, it is potentially dangerous when the screen is inactive but
not locked: If the user types her password, the first character will
lift the shield and the remaining input will go to the focused window.
To prevent this from happening, only allow printable keys when the
screen is actually locked and restrict the key presses that lift the
shield to the original set of escape/enter/space otherwise.

https://bugzilla.gnome.org/show_bug.cgi?id=773328
2016-10-21 22:21:55 +02:00
Rui Matos
b5dd4d1456 screenShield: Chain up Arrow's style_changed vfunc
This makes style changes propagate to our child widget as they
should.

https://bugzilla.gnome.org/show_bug.cgi?id=739178
2016-06-28 19:53:17 +02:00
Rui Matos
a7562b4148 screenShield: Stop using an offscreen buffer for the arrow actor
This isn't a performance critical actor and the NVIDIA driver discards
offscreen buffers in some cases which would require us to go through
extra hoops to handle here which isn't worth it.

https://bugzilla.gnome.org/show_bug.cgi?id=739178
2016-06-28 19:53:17 +02:00
Rui Matos
408211ba73 Arrow: compute a paint volume that accounts for the shadow
Otherwise the shadow gets clipped to the actor's allocation.

https://bugzilla.gnome.org/show_bug.cgi?id=767954
2016-06-23 18:57:05 +02:00
Rui Matos
e02467eada ScreenShield: fix setting each arrow's opacity on _animateArrows()
https://bugzilla.gnome.org/show_bug.cgi?id=767954
2016-06-23 18:57:04 +02:00
Victor Toso
ddea54a539 ScreenShield: set LockedHint property from systemd
Logind recently got support for a hint property in Session Object to
inform if session is Locked or not. It is up to desktop environments
to keep this property up to date.

https://bugzilla.gnome.org/show_bug.cgi?id=764773
2016-05-12 15:24:06 +02:00
Rui Matos
182b1c1941 ScreenShield: only inhibit suspend if we're the active session
If we aren't the active session clutter can't animate and thus we
can't expect the shield to be shown before releasing the suspend
inhibitor so we should release it immediately when becoming inactive.

https://bugzilla.gnome.org/show_bug.cgi?id=749228
2015-05-14 15:11:19 +02:00
Rui Matos
bbc8010de3 ScreenShield: tie the suspend inhibitor to our isActive property
The whole point of holding a suspend inhibitor is to be able to lock
before suspending.

Currently, when resuming we immediately take the inhibitor without
checking that we're locked which means that we won't be able to
release this inhibitor if we don't unlock at least once.

To prevent that and to better match the inhibitor's intention in the
first place, we can tie the inhibitor with not being locked. In
practice, we also want to let the locking animation finish before
suspending, so we'll tie the inhibitor with not being active
instead.

https://bugzilla.gnome.org/show_bug.cgi?id=749228
2015-05-14 15:11:18 +02:00
Rui Matos
15baa56584 ScreenShield: ensure we don't leak logind inhibitors
This could happen if we are VT switched away and an animated
activation is requested because we're preparing to enter sleep. Since
we don't animate in this case we'd never reach
_completeLockScreenShown() before coming out of sleep, at which point
we _inhibitSuspend() again and would leak the previous inhibitor.

https://bugzilla.gnome.org/show_bug.cgi?id=749228
2015-05-14 15:11:16 +02:00
Florian Müllner
c2104dbf85 screenShield: Do not wake up screen after adding hidden source
The screen should be woken up when a new notification is shown on
the lock screen, but not when a notification arrives while disabled.
Add a missing condition to fix.

https://bugzilla.gnome.org/show_bug.cgi?id=744114
2015-02-26 23:39:01 +01:00
Florian Müllner
6a504f5c62 screenShield: Remove unused properties
The shield has been using WallClock for a while now ...
2015-02-25 22:17:18 +01:00
Carlos Soriano
ce5a82a294 theme: Adapt screenshield to mockups 2015-02-20 15:16:56 +01:00
Jakub Steiner
61be034c6d theme: login & screen shield theming 2015-02-20 15:16:08 +01:00
Florian Müllner
ea9e5bc52c messageTray: Remove support for Music notifications
Music is no longer a special type of notification according
to the design. If we want to resurrect the functionality, we
can reimplement it with a dedicated API like MPRIS rather
than piggy-bagging on the notification system.

https://bugzilla.gnome.org/show_bug.cgi?id=744815
2015-02-20 01:52:13 +01:00
Florian Müllner
e0eebc90e0 Rename KeyBindingMode to ActionMode
The keybinding mode is no longer used exclusively for actions triggered
by keybindings, so reflect this by a more generic name.

https://bugzilla.gnome.org/show_bug.cgi?id=740237
2014-12-19 11:39:50 +01:00
Adel Gadllah
73362beb0b screenShield: Don't lock after crash if locking is disabled
When the user has disabled locking we shouldn't lock the screen.

https://bugzilla.gnome.org/show_bug.cgi?id=704884
2014-11-09 18:32:05 +01:00
Bastien Nocera
52503c4c38 js: Fix util_translate_time_string() usage
util_translate_time_string() was called to use LC_TIME to translate
strings, but those strings were not marked as to be translated.

https://bugzilla.gnome.org/show_bug.cgi?id=739822
2014-11-08 21:55:16 +01:00
Christian Persch
568454abb8 screenShield: Recognise all Enter keys as Return
Bug #704339.
2014-11-07 10:14:17 +01:00
Florian Müllner
eb3fc7815e Use LC_TIME locale for strftime format string translations
We commonly mark strftime format strings for translation to account
for date/time representations without an existing strftime shortcut
("Yesterday %H%p"). As those translations are looked up according to
the locale defined by LC_MESSAGES, while the conversion characters
themselves are resolved according to LC_TIME, the result can be
rather odd when mixing locales ("Den 27. January"). The correct
solution would be to install translations for format strings in
the LC_TIME catalogue and look them up with dcgettext(), but we
don't have the infrastructure to do that easily. Work around this
by adding a helper method that looks up a string in LC_MESSAGES
using the locale defined by LC_TIME and use that to translate
format strings, which has the same result.

https://bugzilla.gnome.org/show_bug.cgi?id=738640
2014-10-16 23:41:51 +02:00
Ray Strode
4e8c476153 screenShield: fix trace back when unlocking session from another vt
commit 1d374ac8bd introduced a bug that
prevents unlock from working when initiated from another VT
(user switching).

This commit fixes the exception raised.

https://bugzilla.gnome.org/show_bug.cgi?id=708105
2014-10-08 09:43:33 -04:00
Ray Strode
1d374ac8bd screenShield: focus login screen after lifting shield
This commit ensures the login screen gets focused after
the screen shield is raised.

The code affects the unlock screen as well, but it's
less important since the unlock screen gets destroyed
and recreated each time the curtain moves, so it
has an opportunity to take focus on its own.

https://bugzilla.gnome.org/show_bug.cgi?id=708105
2014-10-07 10:54:48 -04:00
Jasper St. Pierre
d445bd17eb screenShield: Accept scrolls / swipes either way
If you turn on natural scrolling, instead of swiping up, you need to
swipe down, which is bizarre. Just accept any type of scroll and have
them contribute to the delta.

https://bugzilla.gnome.org/show_bug.cgi?id=734874
2014-09-01 13:15:49 -07:00
Bastien Nocera
ec932b2306 screenShield: Fix typo in comment
And remove outdated reference to gnome-screensaver

https://bugzilla.gnome.org/show_bug.cgi?id=735190
2014-08-21 22:49:58 +02:00
Giovanni Campagna
cd4eda8bef ScreenShield: remove obsolete comment and hack
We don't need to wait to until the stage window is mapped to take
the modal grab, because that code now runs in a startup-prepared
signal handler, which in turn runs some time after the mainloop
has started and well after the stage window is mapped.

https://bugzilla.gnome.org/show_bug.cgi?id=711682
2014-07-31 16:54:47 +02:00
Jasper St. Pierre
83cb26d70e js: Adapt to GSettings API change
The 'schema' property has been deprecated for a long time. Even though
this will likely be reverted in glib, let's stop using it.
2014-06-24 15:17:09 -04:00
Bastien Nocera
cd2bd7685a js: Name all the timeouts and idles
With very uninventive names. Names now, good names later.

https://bugzilla.gnome.org/show_bug.cgi?id=727983
2014-04-10 21:08:16 +02:00
Giovanni Campagna
5cdefc324d ScreenShield: wake up the screen when resuming from suspend
At some point ScreenShield had code to do this, I don't know when
it was lost, but it makes sense and avoids having to move the mouse
just to see the shield.

https://bugzilla.gnome.org/show_bug.cgi?id=726378
2014-03-14 23:27:20 +01:00
Ray Strode
7d5ce1a159 screenShield: fix lifting when inserting smartcard
If a user inserts the smartcard they logged in with into the system,
it's supposed to lift the shield and prompt for pin.  That doesn't
happen because the parameter list of the smartcard-inserted signal
handler is wrong.

This commit fixes that.

https://bugzilla.gnome.org/show_bug.cgi?id=726262
2014-03-13 14:01:01 -04:00
Giovanni Campagna
edd66c40d9 ScreenShield: send a signal to GSD to wake up the screen
Instead of poking through IDLETIME, which confuses the state tracking
and can prevent automatic suspend, send a special signal to GSD
when the screen is to be waken up for a notification.

Someday we'll bring over all the state tracking and avoid this
ping-pong between gnome-shell and gnome-settings-daemon, but
that day's not today.

https://bugzilla.gnome.org/show_bug.cgi?id=712706
2014-03-11 18:10:05 +01:00
Matt Watson
7c8c811134 Dispose cairo contexts in osdWindow and screenShield
Need to manually dispose of cairo contexts used in gjs with $dispose(),
or the context object will leak. These classes used cairo for drawing but
were missing the dispose call.

https://bugzilla.gnome.org/show_bug.cgi?id=722812
2014-01-28 16:46:10 -08:00
Giovanni Campagna
bfb0235fc6 Remove our custom hashmap implementation
gjs uses Spidermonkey 24, which implements Map from the ES6
specification, so we can use that instead.

https://bugzilla.gnome.org/show_bug.cgi?id=722210
2014-01-15 00:55:00 +01:00
Florian Müllner
deb2f30b37 js: Use EVENT_PROPAGATE/EVENT_STOP constants in event handlers
Just as SOURCE_CONTINUE/SOURCE_REMOVE in source functions, these
constants increase code clarity over plain true/false.

https://bugzilla.gnome.org/show_bug.cgi?id=719567
2013-12-16 18:27:19 +01:00
Florian Müllner
751a3f0e94 js: Use SOURCE_CONTINUE/SOURCE_REMOVE constants in source functions
With support for boolean constants in g-i, we can finally use the
more readable constants instead of true/false.

https://bugzilla.gnome.org/show_bug.cgi?id=719567
2013-12-16 18:27:19 +01:00
Jasper St. Pierre
b52e74b615 messageTray: Remove transient sources
As far as I can tell, the only behavior change of a transient source
is that they auto-destroy after viewing their summary box pointer.
Since all transient sources are only associated with transient
notifications, it seems that we can never get to their summary box
pointer in the first place! Remove support for this.

https://bugzilla.gnome.org/show_bug.cgi?id=710115
2013-12-04 20:25:28 -05:00
Florian Müllner
1c68aee577 screenShield: Fix details in notifications
bannerBodyMarkup is a boolean flag to indicate that bannerBodyText
contains markup, not the markup text itself.

https://bugzilla.gnome.org/show_bug.cgi?id=711416
2013-11-04 16:46:25 +01:00
Vinzenz Feenstra
4cda61a16a gdm: support pre-authenticated logins from oVirt
oVirt is software for managing medium-to-large scale deployments of
virtual machine guests across multiple hosts. It supports a feature
where users can authenticate with a central server and get
transparently connected to a guest system and then automatically get logged
into that guest to an associated user session.

Guests using old versions of GDM support this single-sign-on capability
by means of a greeter plugin, using the old greeter's extension
API.

This commit adds similar support to the gnome-shell based login screen.

How it works:

* The OVirtCredentialsManager singleton listens for

  'org.ovirt.vdsm.Credentials.UserAuthenticated'

  D-Bus signal on the system bus from the

  'org.ovirt.vdsm.Credentials'

  bus name. The service that provides that bus name is called
  the oVirt guest agent. It is also responsible for interacting
  with the the central server to get user credentials.

* This UserAuthenticated signal passes, as a parameter, the a token
  which needs to be passed through to the PAM service that is specifically
  set up to integrate with the oVirt authentication architecture.
  The singleton object keeps the token internally so it can be queried
  later on.

* The OVirtCredentialsManager emits a signal 'user-authenticated' on
  it's object once the dbus signal is triggered

* When the 'user-authenticated' signal is emitted, the login screen
  tells GDM to start user verification using the PAM service. The
  authentication stack of the service includes a PAM module
  provided by oVirt that securely retrieves user credentials
  from the oVirt guest agent. The PAM module then forwards those
  credentials on to other modules in the stack so, e.g.,
  the user's gnome keyring can be automatically unlocked.

* In case of the screen shield being visible, it also will react on that
  'user-authenticated' signal and lift the shield.
  In that case the login screen will check on construction time if
  the signal has already been triggered, and a token is available.
  If a token is available it will immediately trigger the functionality
  as described above.

Signed-off-by: Vinzenz Feenstra <evilissimo@redhat.com>

https://bugzilla.gnome.org/show_bug.cgi?id=702162
2013-10-14 13:54:30 -04:00
Giovanni Campagna
3e8ab0645b ScreenShield: fix a typo due to the MetaCursorTracker switch
And replace another show_cursor() usage with the new API.

Reviewed-by: Carlos Soriano in IRC.
2013-09-12 13:17:23 +02:00
Giovanni Campagna
c58448817b ShellGlobal: use MetaCursorTracker to query the pointer position
Gdk uses Xwayland, so it only sees the events we forward to X11
clients. Instead, we can use the abstraction API provided by
mutter and get the right value automatically.
Also, we need to use MetaCursorTracker to handle the cursor
visibility too.

https://bugzilla.gnome.org/show_bug.cgi?id=707467
2013-09-12 10:34:25 +02:00
Jasper St. Pierre
b7b1260540 screenShield: Don't fade in the lock dialog
We slide the shield over it, so the animation is rarely seen, and
since no other actor is under the lock screen, the not-cleared stage
can show through, causing weird issues when trying to blend.

https://bugzilla.gnome.org/show_bug.cgi?id=706841
2013-08-26 17:52:57 -04:00
Giovanni Campagna
e0574d2861 Replace GnomeIdleMonitor with MetaIdleMonitor
Now that GnomeIdleMonitor is a DBus API for mutter, we need to
use own in-process thing, to avoid dead locks.

https://bugzilla.gnome.org/show_bug.cgi?id=706005
2013-08-23 16:22:44 +02:00
Giovanni Campagna
c7e3289396 ScreenShield: hide the lightboxes when resuming from suspend
We show a lightbox when we suspend, to animate the fading to black
caused by turning off the monitors, but we need to hide it when
coming back, otherwise the user is just staring at a black screen
it until he moves the mouse or presses a key.

https://bugzilla.gnome.org/show_bug.cgi?id=706654
2013-08-23 14:21:02 +02:00
Giovanni Campagna
2a2bcc8984 ScreenShield: fade the screen to black when locking manually
When locking manually (or locking with an animation), fade the
screen to black after a small timeout. This provides a smoother
experience, instead of abruptly turning off the screen.

https://bugzilla.gnome.org/show_bug.cgi?id=699112
2013-08-20 21:52:06 +02:00
Giovanni Campagna
32613ba544 ScreenShield: switch resetLockScreen to accept keyword arguments
Having two booleans as argument is just confusing.

https://bugzilla.gnome.org/show_bug.cgi?id=699112
2013-08-20 21:51:39 +02:00
Giovanni Campagna
fdc0832506 ScreenShield: use the screensaver background
Now that that's configurable in the control center, we should
use the appropriate background here.

https://bugzilla.gnome.org/show_bug.cgi?id=688210
2013-08-20 14:11:44 +02:00
Ray Strode
059b75cdbb authPrompt: support smartcard authentication
This commit detects when a user inserts a smartcard,
and then initiates user verification using the gdm-smartcard
PAM service.

Likewise, if a user removes their smartcard, password verification
(or the user list depending on auth mode and configuration) are initiated

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:22:49 -04:00
Giovanni Campagna
ef09596648 ScreenShield: don't allow events through the lock dialog
Make the lock dialog group reactive, to intercept any events
before they go to the actors below.
In the future, we may restructure our chrome to have a clear
layer system, but for now it fixes a security issue in the lock
screen (you can see the contents of the windows by dragging
if the screen was locked with the overview active)

https://bugzilla.gnome.org/show_bug.cgi?id=705840
2013-08-13 17:10:01 +02:00
Giovanni Campagna
137cbbd141 ScreenShield: wake up the screen when new notifications appear
This way the user is immediately notified when something happens.

https://bugzilla.gnome.org/show_bug.cgi?id=703084
2013-08-07 10:33:15 +02:00