Commit Graph

200 Commits

Author SHA1 Message Date
Jasper St. Pierre
fb824131ae gdm: Integrate username asking into the ShellUserVerifier flow
Currently, prompting for the username on the login screen is done
"out-of-band". This leads to subtle bugs where we're trying to
integrate two different state machines, or interpret results from
one state machine as part of another.

It also complicates the logic, as the ability to know whether we
need or want a username is currently in the UI layer rather than
the logic layer.

Move this into the verifier proper.
2014-03-07 19:36:18 -05:00
Jasper St. Pierre
056375cbcf gdm: Merge clear() and cancel()
cancel() isn't used anymore.
2014-03-07 18:49:41 -05:00
Jasper St. Pierre
84431cbc65 gdm: Move reset-on-smartcard / reset-on-ovirt code to ShellUserVerifier
We still need to expose smartcardDetected to determine whether to
prompt for a username. This part is another hairy mess of signals
and layer violations that will need untangling, but we'll get there...
2014-03-07 18:47:37 -05:00
Jasper St. Pierre
92c283da4d gdm: Move the verificationStatus state machine to ShellUserVerifier
The idea here is that the ShellUserVerifier does all the logic of
identifying the user, and the AuthPrompt is simply the UI on top
of it.

Thus, it makes sense for more of the state machine to be driven by
the ShellUserVerifier.

This will become more apparent in the next commit.
2014-03-07 18:47:37 -05:00
Jasper St. Pierre
6e27ef8ff9 gdm: Emit the 'failed' status immediately, and not on reset
There's really no reason to do it this way: it works in both cases,
and it's a lot simpler to reason about.
2014-03-07 18:47:37 -05:00
Jasper St. Pierre
0c511c884b gdm: Remove the (partially) unused cancelled signal
When we emit the 'cancelled' signal if we were previously verifying,
we'll always emit a 'failed' signal. LoginDialog doesn't care about
cancelled, only UnlockDialog cares about both, but it does the same
thing for both, so there's no reason to have the extra signal.
2014-03-07 18:47:37 -05:00
Jasper St. Pierre
7afb503666 gdm: Rearrange code to make it slightly easier to read 2014-03-07 18:47:37 -05:00
Jasper St. Pierre
0b9d01a1c0 gdm: Merge some duplicate code
Do a reset at initialization time.

Technically, this isn't needed, since to start the process we'll need
to reset(); anyway after all the signals have connected, but this helps
the code be clean.
2014-03-07 18:47:37 -05:00
Jasper St. Pierre
b978d99820 gdm: Remove params from AuthPrompt.begin();
It's just one parameter now.
2014-03-07 18:47:36 -05:00
Jasper St. Pierre
6d8d094e0c gdm: Remove the hold from AuthPrompt / UserVerifier
After the removal before, it's now unused.
2014-03-07 18:47:36 -05:00
Jasper St. Pierre
97e0175f48 gdm: Don't bother passing a Hold through to the authPrompt
beginVerificationForUser is always the last task in the last, so it
doesn't matter when it's released.
2014-03-07 18:47:36 -05:00
Jasper St. Pierre
ebef4ff174 gdm: Clean up pending messages handling
Introduce a new doAfterPendingMessages helper to wait until
we have no more pending messages before doing an action.
2014-03-07 18:47:36 -05:00
Jasper St. Pierre
82b8b32355 gdm: Correct placement of verification-failed emission
If we fail to verify, and don't have any pending messages, we'll retry
or cancel, which will cause a state change to VERIFYING or NOT_VERIFYING,
and then change the state again to VERIFICATION_FAILED, messing up our
state machine.
2014-03-07 18:47:35 -05:00
Jasper St. Pierre
5b4337f716 gdm: Remove _cancelAndReset
Calling Cancel(); on the UserVerifier will make us get a reset
signal eventually, so simply wait for the natural flow.
2014-03-07 18:42:17 -05:00
Jasper St. Pierre
5eb377bd3b gdm: Replace preemptingService with checks in getForegroundService
This removes a piece of the chicken-wire state machine to determine
what the current foreground service should be.
2014-03-07 18:42:17 -05:00
Jasper St. Pierre
8173110842 gdm: Make a method private 2014-03-07 18:42:17 -05:00
Florian Müllner
0ba05b29b9 loginDialog: Defer loading user list until needed
Loading the user list can be expensive, for instance when there is
a large number of users and/or their avatars have to be fetched over
the network. In case the user list is disabled anyway, there is no
point in doing that work just to hide it, so stop doing that.

https://bugzilla.gnome.org/show_bug.cgi?id=725905
2014-03-08 00:29:11 +01:00
Florian Müllner
ef8123e3a2 loginDialog: Add missing return value
_loadUserList() may be used as idle handler, so we should explicitly
return a boolean.

https://bugzilla.gnome.org/show_bug.cgi?id=725905
2014-03-08 00:29:10 +01:00
Ray Strode
765d0228c0 loginDialog: move user list loading after actors are constructed
Right now we queue populating the user list in the middle of setting
up the dialog actors. Of course, the actual population happens some time
later after going back to the main loop.

It's more logical to structure the code so the the actors are
instantiated first in one block and then other things after that.

This commit moves the user list population enqueuing operation to the
bottom of the constuctor.

https://bugzilla.gnome.org/show_bug.cgi?id=721868
2014-01-13 12:42:39 -05:00
Ray Strode
2d2020a20d loginDialog: defer loading user list until idle
In some cases we load the user list after going back
to main loop and in other cases we load the user list
right away (depending on if accounts service is ready).

In the case we load the user list right away we cause a
traceback because loading the user list forces a reset,
which then tries to reset actors which aren't instantiated
yet.

This commit ensures the user list is loaded after the constructor
finishes and the event loop runs irregardless of the accountsservice
state.

https://bugzilla.gnome.org/show_bug.cgi?id=721868
2014-01-13 12:42:33 -05:00
Andika Triwidada
f3dad3765e Changed obsolete FSF postal address.
https://bugzilla.gnome.org/show_bug.cgi?id=721507
2014-01-08 04:35:14 +07:00
Florian Müllner
deb2f30b37 js: Use EVENT_PROPAGATE/EVENT_STOP constants in event handlers
Just as SOURCE_CONTINUE/SOURCE_REMOVE in source functions, these
constants increase code clarity over plain true/false.

https://bugzilla.gnome.org/show_bug.cgi?id=719567
2013-12-16 18:27:19 +01:00
Florian Müllner
751a3f0e94 js: Use SOURCE_CONTINUE/SOURCE_REMOVE constants in source functions
With support for boolean constants in g-i, we can finally use the
more readable constants instead of true/false.

https://bugzilla.gnome.org/show_bug.cgi?id=719567
2013-12-16 18:27:19 +01:00
Yosef Or Boczko
49189e0e43 authPrompt: Explicitly set horizontal alignment
When set to fill, the label will always end up left-aligned, which
is only correct in LTR locales. Set the alignment explicitly to
work in both RTL and LTR locales.

https://bugzilla.gnome.org/show_bug.cgi?id=712638
2013-12-11 22:36:15 +02:00
Florian Müllner
729c962b7c loginDialog: Implement cancel()
The screen shield expects a cancel() method on the unlockDialog
implementation, but LoginDialog does not provide it currently.

https://bugzilla.gnome.org/show_bug.cgi?id=719378
2013-11-27 14:30:24 +01:00
Ray Strode
b2f547e934 authPrompt: propagate gdm "reset" signal after user switching
After a user types in their password at the login screen, one
of two things can happen

1) a new session is started
2) an existing session is switched to

In the latter case, GDM sends a reset signal to the login screen,
so it knows to go back to the user list and wait to be summoned
again.

Unfortunately, all reset signals are ignored after verification
success.  The reason is because the reset handler was copied from
the unlock dialog as part of a deduplication effort in commit
7e7295f259 and the unlock dialog
handler at the time also emitted a "failed" signal on reset
(which wouldn't make sense to emit after success).

These days "failed" is handled in a different way.

This commit changes the code to let reset signals through after
successful verification.

https://bugzilla.gnome.org/show_bug.cgi?id=710456
2013-11-25 22:38:44 -05:00
Jasper St. Pierre
04a00f6564 loginDialog: Use UserWidget
https://bugzilla.gnome.org/show_bug.cgi?id=706851
2013-10-30 13:19:02 -04:00
Tim Lunn
b908a3d70a Stringify the xml definitions for E4X removal
https://bugzilla.gnome.org/show_bug.cgi?id=691409
2013-10-25 08:57:27 +11:00
Vinzenz Feenstra
4cda61a16a gdm: support pre-authenticated logins from oVirt
oVirt is software for managing medium-to-large scale deployments of
virtual machine guests across multiple hosts. It supports a feature
where users can authenticate with a central server and get
transparently connected to a guest system and then automatically get logged
into that guest to an associated user session.

Guests using old versions of GDM support this single-sign-on capability
by means of a greeter plugin, using the old greeter's extension
API.

This commit adds similar support to the gnome-shell based login screen.

How it works:

* The OVirtCredentialsManager singleton listens for

  'org.ovirt.vdsm.Credentials.UserAuthenticated'

  D-Bus signal on the system bus from the

  'org.ovirt.vdsm.Credentials'

  bus name. The service that provides that bus name is called
  the oVirt guest agent. It is also responsible for interacting
  with the the central server to get user credentials.

* This UserAuthenticated signal passes, as a parameter, the a token
  which needs to be passed through to the PAM service that is specifically
  set up to integrate with the oVirt authentication architecture.
  The singleton object keeps the token internally so it can be queried
  later on.

* The OVirtCredentialsManager emits a signal 'user-authenticated' on
  it's object once the dbus signal is triggered

* When the 'user-authenticated' signal is emitted, the login screen
  tells GDM to start user verification using the PAM service. The
  authentication stack of the service includes a PAM module
  provided by oVirt that securely retrieves user credentials
  from the oVirt guest agent. The PAM module then forwards those
  credentials on to other modules in the stack so, e.g.,
  the user's gnome keyring can be automatically unlocked.

* In case of the screen shield being visible, it also will react on that
  'user-authenticated' signal and lift the shield.
  In that case the login screen will check on construction time if
  the signal has already been triggered, and a token is available.
  If a token is available it will immediately trigger the functionality
  as described above.

Signed-off-by: Vinzenz Feenstra <evilissimo@redhat.com>

https://bugzilla.gnome.org/show_bug.cgi?id=702162
2013-10-14 13:54:30 -04:00
Jasper St. Pierre
8737b06559 loginDialog: MessageType is now in GdmUtil
https://bugzilla.gnome.org/show_bug.cgi?id=709286
2013-10-02 13:58:09 -04:00
Florian Müllner
02c99e4b25 authPrompt: Clear _queryingService on verification failure
A conversation is finished after failing, and we are expecting a new
one to be started shortly after. However if we encounter an existing
reference to a previously set _queryingService, we will clear the
password entry, which might already contain a partially typed password
at that point. The behavior does make sense in the case of conflicting
conversations, but in the failure case it is both unexpected and
annoying, so clear _queryingService early to prevent this.

https://bugzilla.gnome.org/show_bug.cgi?id=708186
2013-09-23 13:32:17 +02:00
Jasper St. Pierre
0b79e9cc9e loginDialog: Remove "Session" subtitle heading
It doesn't really add any value at all.

https://bugzilla.gnome.org/show_bug.cgi?id=707072
2013-08-30 10:45:46 -04:00
Ray Strode
8b977252f3 loginDialog: show session menu button when in auth failed
Right now we only show the session menu button when verifying,
but we should also show it when verification is failed or we
can end up in situation where the session menu disappears during
an authentication retry.

https://bugzilla.gnome.org/show_bug.cgi?id=707064
2013-08-29 14:02:21 -04:00
Ray Strode
88e3f6af47 authPrompt: give message label an initial style
This commit consolidates the styles of the various
message types into one 'login-dialog-message' style
and then adds additional styles on top to cover the
differences.

This allows us to give the message label an initial
style so that is padded properly before any messages
are displayed.

https://bugzilla.gnome.org/show_bug.cgi?id=706670
2013-08-27 10:20:16 -04:00
Jasper St. Pierre
41aa14eaf0 gdm: Remove constraints from authPrompt / loginDialog as well
https://bugzilla.gnome.org/show_bug.cgi?id=706843
2013-08-26 19:05:15 -04:00
Jasper St. Pierre
80ab28bc3a loginDialog: Fade in the gdm auth prompt on login 2013-08-26 18:17:35 -04:00
Jasper St. Pierre
48b7ebe1c0 loginDialog: Remove useless style class manipulation
StWidget already does this for us.
2013-08-26 18:17:35 -04:00
Jasper St. Pierre
c59cf18337 loginDialog: Provide a finish method
The screenShield expects to be able to call finish on the dialog.
2013-08-26 18:04:20 -04:00
Ray Strode
44e3811520 loginDialog: ask for username up front if disable-user-list==TRUE
Right now, we rely on PAM to ask for the username if disable-user-list
is TRUE.  This is suboptimal because it means we can't check if we
should show a session menu.

This commit changes disable-user-list==TRUE to ask for a username up
front, rather than have PAM do it.

https://bugzilla.gnome.org/show_bug.cgi?id=706607
2013-08-23 11:40:35 -04:00
Ray Strode
5f9e50175f loginDialog: add support for auth without username / fix Not Listed?
commit 93f072d1fc attempted to
add support for auth without a username to the login screen, but
do to a messed up rebase only partially added it.

This commit fixes that.

https://bugzilla.gnome.org/show_bug.cgi?id=706607
2013-08-22 15:40:55 -04:00
Ray Strode
9720301d01 gdmUtil: make _startService support no username
commit fd11ad95f6 factored
out duplicated code, but unintentionally dropped support
for beginning verification without a username.

This commit brings it back.

https://bugzilla.gnome.org/show_bug.cgi?id=706542
2013-08-22 09:40:51 -04:00
Ray Strode
a7bbbad185 loginDialog: consolidate message label and login hint label
Right now the login hint is showing up just above the the cancel
button, instead of just below the text entry field.

The mockup here:

https://raw.github.com/gnome-design-team/gnome-mockups/master/system-lock-login-boot/login-dissect.png

Says it should share a label with the PAM info/error messages.

This commit consolidates the two labels.

https://bugzilla.gnome.org/show_bug.cgi?id=706324
2013-08-19 15:13:01 -04:00
Ray Strode
059b75cdbb authPrompt: support smartcard authentication
This commit detects when a user inserts a smartcard,
and then initiates user verification using the gdm-smartcard
PAM service.

Likewise, if a user removes their smartcard, password verification
(or the user list depending on auth mode and configuration) are initiated

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:22:49 -04:00
Ray Strode
4394a05243 gdmUtil: support disabling password authentication
This commit skips trying password authentication if it's
disallowed, favoring fingerprint login instead.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:37 -04:00
Ray Strode
fd11ad95f6 gdmUtil: factor out some duplicated code in beginVerification
The duplication makes the function look a lot more complicated
than it actually is.

This commit moves the common code to a new _startService function.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:37 -04:00
Ray Strode
07b57de03e authPrompt: emit prompted when given a message
Some pam modules prompt without expecting the user to type
an answer back (e.g. "Please swipe finger").  We need to
emit prompted in this case too, so the the dialog will get shown.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:37 -04:00
Ray Strode
a2a5f5df3f gdmUtil: pave way for fingeprint to optionally be default auth service
Currently, fingerprint authentication is always a secondary thing.
If a user wants to swipe their finger when the computer is asking
for a password, so be it.

This commit paves the way for making fingerprint auth optionally
be the main way to authenticate.  Currently there's no way to enable
this, but in a future commit will honor

enable-password-authentication=false

in gsettings.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:33 -04:00
Ray Strode
148f2210ca util: abstract out default auth service in code
Right now, the primary way a user logs in is with
a password. They can also swipe their finger, if their
fingerprint is enrolled, but it's expected the fingerprint
auth service won't ask questions the user has to respond to
by typing. As such, we ignore questions that comes from
anything but the main auth service: gdm-password.

In the future, if a user inserts a smartcard, we'll want
to treat the gdm-smartcard service as the main auth service,
and let any questions from it get to the user.

This commit tries to prepare for that eventuality by storing
the name of the default auth service away in a _defaultService variable
before verification has begun, and then later checking incoming
queries against that service instead of checking against
string 'gdm-password' directly.

Of course, right now, _defaultService is always gdm-password.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
93f072d1fc authPrompt: add support for auth without username
This commit introduces a new BeginRequestType enum which gets
passed to the 'reset' signal to specify whether
a username should be provided to the begin() method and changes
the loginDialog to comply.

Currently, the signal only ever gets emitted with

AuthPrompt.BeginRequestType.PROVIDE_USERNAME

but that will change in the future when providing smartcard
support.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
1104a385fa unlockDialog: only emit 'failed' on reset after failure/cancel
We currently emit "failed" any time the UserVerifier is reset,
and user verification didn't succeed prior.

A more conceptually clear time to emit "failed" would be if
the UserVerifier is reset and user verification failed prior,
and to emit "failed" if the user cancels unlock.

This commit restructures things to do that. Aside from being
more conceptually clear, it also lays the groundwork for us
to be able to reset the unlock screen without failing.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00