Commit Graph

83 Commits

Author SHA1 Message Date
Marco Trevisan (Treviño)
b916df1110 gdm: Cancel user verification on UserVerifier destruction
When we cancel an user authentication via Escape key or cancel button on
AuthPrompt we reset the view and we emit a 'cancelled' signal that leads
to destroying the auth prompt and the user verifier.

However, the verifier may still have an operation in progress and its
completion may take some time (as in the case of gdm-fingerprint), but
we just leave the gdm worker running until its pam module completes
(potentially never) clearing and disposing its handle.

So, instead of just clearing the verify, actually cancel and clear it.
In case the user verifier is set, clearing the relevant data will happen
anyway as part of the cancel() call.

Ideally this would have been handled by gdm itself, but unfortunately we
can't fix it there because the verifier itself is a class generated by
gdbus-codegen, so we can't handle this automatically on disposal nor we
can automatically monitor when the caller proxy is stopped on our side.

Fixes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3654
Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Razze
aa392d45c9 fingerprint: Show different strings depending on type
Fprintd knows if the fingerprint reader is of the swipe or press type. We now show different labels depending on that.

Closes https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2011

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1572>
2021-02-08 19:19:14 +00:00
Razze
824cdc9177 fingerprint: Use makeProxyWrapper for fprintManager
The reason this wasn't using the Gio.DBus.makeProxyWrapper() convenience API is that it passes custom flags to the proxy, and that wasn't supported by the wrapper at the time.

As this is now possible, this commit migrates us to the new API.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1572>
2021-02-08 19:19:14 +00:00
yun341
4ea0fca4fc gdm: Introduce vmware credential manager for pre-authenticated logins
The previous commit implemented a new CredentialManager interface to
    facilitate adding additional providers for pre-authenticating the user
    at the login screen.

    This commit implements a new credential manager using that interface
    for vmware deployments.

    Closes: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1983
2020-07-04 08:11:49 +08:00
yun341
809f820cd4 gdm: Refactor oVirt to a generic CredentialManager interface
Commit 4cda61a1 added support for pre-authenticated logins in
    oVirt environments. This feature prevents a user from having
    to type their password twice (once to the oVirt management machine,
    and then immediately again in the provisioned guest running gnome-shell).
    That feature is currently oVirt specific, but a similar feature would
    be useful in non-oVirt based virt farm environments.

    Toward that end, this commit generalizes the various aspects of the
    oVirt integration code, so that it can be reused in a subsequent
    commit for adding single sign on support in vmware deployments, too.

    Closes: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1983
2020-07-04 08:11:49 +08:00
Florian Müllner
764527c8c9 js: Promisify async operations
Promises make asynchronous operations easier to manage, in particular
when used through the async/await syntax that allows for asynchronous
code to closely resemble synchronous one.

gjs has included a Gio._promisify() helper for a while now, which
monkey-patches methods that follow GIO's async pattern to return a
Promise when called without a callback argument.

Use that to get rid of all those GAsyncReadyCallbacks!

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1126
2020-03-31 05:43:40 +00:00
Umang Jain
684b918915 js: Use StPasswordEntry for password entry fields
Use the new StPasswordEntry for password entry fields
and remove all direct handling of clutter text of the entry
 via clutter_text_set_password_char to show/hide the password
text. StPasswordEntry will provides a peek-password-icon which
will allow to show/hide the password present in the field to
the user in subsequent commits.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/619
2019-12-17 23:08:43 +01:00
Florian Müllner
a32c4f30d1 style: Allow lonely ifs where appropriate
We now have a lint rule to disallow lonely ifs, however there are
cases where the "lonely" part mirrors code from the preceding if
clause. Opt out of the lint rule in those cases.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/818
2019-11-11 23:51:17 +00:00
Florian Müllner
ebf77748a8 cleanup: Require "dangling" commas
Since ES5, trailing commas in arrays and object literals are valid.
We generally haven't used them so far, but they are actually a good
idea, as they make additions and removals in diffs much cleaner.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
2019-11-11 19:25:14 +00:00
Florian Müllner
c860409da5 cleanup: Use object shorthand where possible
ES6 allows to omit property names where they match the name of the
assigned variable, which makes code less redunant and thus cleaner.
We will soon enforce that in our eslint rules, so make sure we use
the shorthand wherever possible.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
2019-11-11 19:25:14 +00:00
Florian Müllner
67ea424525 cleanup: Avoid unnecessary braces
Our coding style has always been to avoid braces when all blocks
are single-lines.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
2019-11-11 19:25:14 +00:00
Florian Müllner
0846238f69 js: Use implicit animations for animatable properties
We now have everything in place to replace Tweener for all animatable
properties with implicit animations, which has the following benefits:

 - they run entirely in C, while Tweener requires context switches
   to JS each frame

 - they are more reliable, as Tweener only detects when an animation
   is overwritten with another Tween, while Clutter considers any
   property change

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/22
2019-08-06 23:54:29 +02:00
Florian Müllner
476816732f cleanup: Use milliseconds for animation times
The different units - seconds for Tweener and milliseconds for
timeouts - are not a big issue currently, as there is little
overlap. However this will change when we start using Clutter's
own animation framework (which uses milliseconds as well), in
particular where constants are shared between modules.

In order to prepare for the transition, define all animation times
as milliseconds and adjust them when passing them to Tweener.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/663
2019-08-05 21:55:20 +00:00
Florian Müllner
e357559582 cleanup: Mark globals used from other modules as exported
eslint cannot figure out that those symbols are used from other modules
via imports, so they trigger unused-variable errors. To fix, explicitly
mark those symbols as exported.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/627
2019-07-24 00:28:45 +02:00
Florian Müllner
11b116cb9d cleanup: Remove some unhelpful unused variables in destructuring
We aren't using them, and they don't add much in terms of clarity,
so drop them to fix a couple of eslint errors.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/627
2019-07-24 00:28:45 +02:00
Florian Müllner
2f97a1a55d cleanup: Mark unused arguments as unused
This will stop eslint from warning about them, while keeping their
self-documenting benefit.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/627
2019-07-24 00:28:45 +02:00
Florian Müllner
1398aa6562 style: Fix indentation errors
While we have some style inconsistencies - mostly regarding split lines,
i.e. aligning to the first arguments vs. a four-space indent - there are
a couple of places where the spacing is simply wrong. Fix those.

Spotted by eslint.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/608
2019-07-02 12:17:46 +00:00
Florian Müllner
29b04fcbf2 style: Fix stray/missing semi-colons
Spotted by eslint.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/607
2019-07-01 23:44:11 +02:00
Florian Müllner
f250643385 style: Use space after catch
We are currently inconsistent with whether or not to put a space
after catch clauses. While the predominant style is to omit it,
that's inconsistent with the style we use for any other statement.
There's not really a good reason to stick with it, so switch to
the style gjs/eslint default to.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/607
2019-07-01 23:44:11 +02:00
Florian Müllner
fd50b9a45e cleanup: Use destructuring for imports from GI
This is *much* nicer than repetitive "imports.gi" lines ...

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/399
2019-02-09 07:39:20 +01:00
Florian Müllner
a1534dab02 cleanup: Clean up unused imports
Spotted by eslint.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/399
2019-02-09 05:05:07 +01:00
Florian Müllner
bacfdbbb03 cleanup: Port non-GObject classes to JS6 classes
ES6 finally adds standard class syntax to the language, so we can
replace our custom Lang.Class framework with the new syntax. Any
classes that inherit from GObject will need special treatment,
so limit the port to regular javascript classes for now.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/361
2019-01-25 14:02:44 +00:00
Marco Trevisan (Treviño)
cf69fe4b18 gdm, util: Always allow to retry login in unlock mode
When in lockscreen mode there's no point of resetting the auth login as there's
no welcome screen, and that would just cause the UI to freeze, with no reason.
This could have been useful if we were stopping the user to login for a given
time after ALLOWED_FAILURES attempts, but this is not the case yet.
2018-07-25 20:32:42 +00:00
Marco Trevisan (Treviño)
8f848925f6 authPrompt: Do not enable sensitivity if retries are disallowed
Set the sensitivity of the UI according to the canRetry parameter and thus
if no more logins are allowed don't take any input.

Fixes #311
2018-07-25 20:32:42 +00:00
Florian Müllner
e36ba874a8 Stop using conditional catch statements
It is a mozilla extension that is going away in SpiderMonkey 60.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/151
2018-07-17 17:02:39 +00:00
Florian Müllner
3b1330880f cleanup: Use Function.prototype.bind()
When not using arrow notation with anonymous functions, we use Lang.bind()
to bind `this` to named callbacks. However since ES5, this functionality
is already provided by Function.prototype.bind() - in fact, Lang.bind()
itself uses it when no extra arguments are specified. Just use the built-in
function directly where possible, and use arrow notation in the few places
where we pass additional arguments.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/23
2018-02-21 13:55:02 +00:00
Florian Müllner
213e38c2ef cleanup: Use arrow notation for anonymous functions
Arrow notation is great, use it consistently through-out the code base
to bind `this` to anonymous functions, replacing the more overbose
Lang.bind(this, function() {}).

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/23
2018-02-21 13:55:00 +00:00
Florian Müllner
76f09b1e49 cleanup: Use method syntax
Modern javascript has a short-hand for function properties, embrace
it for better readability and to prepare for an eventual port to
ES6 classes.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/23
2018-02-21 13:54:58 +00:00
Ray Strode
58827ba36d gdm: use password authentication if all schemes are disabled
This prevents a traceback, at least.
2018-02-20 10:21:23 -05:00
Florian Müllner
e39f4ec0d6 gdmUtils: Define constants with 'var'
Most of those are accessed outside the module itself, but commit
033277b6 missed them ...

https://bugzilla.gnome.org/show_bug.cgi?id=785556
2017-08-10 20:16:06 +02:00
Florian Müllner
033277b68f Define externally accessible contants with 'var' instead of 'const'
Just as we did with classes, define other constants that are (or
may be) used from other modules with 'var' to cut down on warnings.

https://bugzilla.gnome.org/show_bug.cgi?id=785084
2017-07-18 21:52:06 +02:00
Florian Müllner
2582d16ca7 Define classes with 'var' instead of 'const'
Any symbols (including class properties) that should be visible
outside the module it's defined in need to be defined as global.
For now gjs still allows the access for 'const', but get rid of
the warnings spill now by changing it.

https://bugzilla.gnome.org/show_bug.cgi?id=785084
2017-07-18 21:52:06 +02:00
Florian Müllner
358133e82f Initialize properties in _init()
While we've always considered it good style to initialize JS properties,
some code that relies on uninitialized properties having an implicit
value of 'undefined' has slipped in over time. The updated SpiderMonkey
version used by gjs now warns when accessing those properties, so we
should make sure that they are properly initialized to avoid log spam,
even though all warnings addressed here occur in conditionals that
produce the correct result with 'undefined'.

https://bugzilla.gnome.org/show_bug.cgi?id=781471
2017-07-13 17:23:54 +02:00
Ray Strode
0f8718287a gdmUtil: Fix auth prompt drawing over user list
If the user fails to enter their password then hits escape, we
jump back to the user list, then ask again for a password in a
garbled screen. this commit fixes that by skipping a retry if
the operation is cancelled.

https://bugzilla.gnome.org/show_bug.cgi?id=784361
2017-07-10 09:22:32 -04:00
Ray Strode
e3330b638a Revert "gdmUtil: Fix auth prompt drawing over user list"
This reverts commit 875a1d6159.

(this was pushed accidentally, isn't the right patch, and lacks
 a bug reference)
2017-06-28 13:16:22 -04:00
Michael Catanzaro
293d1697fe Fix a typo 2017-06-26 13:47:19 -05:00
Ray Strode
875a1d6159 gdmUtil: Fix auth prompt drawing over user list
If the user fails to enter their password then hits escape, we
jump back to the user list, then ask again for a password in a
garbled screen. this commit fixes that by guarding against the retry
if the fail counter is reset.
2017-06-22 14:31:19 -04:00
Florian Müllner
c0861b1227 gdm: Handle absence of Fprint.Manager service
We rely on the service to detect whether a fingerprint reader is
present. It is fine to not support fingerprint authentication
when the service is missing, but currently we don't handle this
case at all and end up with a non-functional login screen.

https://bugzilla.gnome.org/show_bug.cgi?id=780063
2017-03-20 19:02:07 +01:00
Adel Gadllah
b00a1d6b7f Revert "Revert "Give user 48ms to read each character of a PAM message, earlier it was 16ms""
I mean't to attach that to the bug not revert it.

This reverts commit 23a9fb0314.
2015-03-27 14:36:05 +01:00
Adel Gadllah
23a9fb0314 Revert "Give user 48ms to read each character of a PAM message, earlier it was 16ms"
Seriously there has to be a better way to deal with this then slowing down
login for messages that hardly anyone cares about.

https://bugzilla.gnome.org/show_bug.cgi?id=720885

This reverts commit 8897385714.
2015-03-27 14:33:52 +01:00
Sarvjeet
8897385714 Give user 48ms to read each character of a PAM message, earlier it was 16ms
User read time per character has been changed from 16ms to 48ms because the
message of information about last login is displayed for half a sec that is not
a good user experience. So time to read a character is increased to 48ms from 16ms.

https://bugzilla.gnome.org/show_bug.cgi?id=720885
2015-03-26 18:42:00 -05:00
Ray Strode
5650355da5 gdm: fix handling of removed smartcard at startup
If a smartcard is missing from the reader when we start up,
and the system is configured to disable password authentication,
then we need to ask the user to insert their smartcard.

This commit fixes that.

https://bugzilla.gnome.org/show_bug.cgi?id=740143
2015-03-16 13:45:50 -04:00
Owen W. Taylor
6a969b934f gdm: fix missing braces
Incorrect braces meant that if the ShellUserVerifier was destroyed before
the call to fprintManager.GetDefaultDeviceRemote(), the reply would result in
an error.

https://bugzilla.gnome.org/show_bug.cgi?id=738256
2014-10-13 11:50:12 -04:00
Owen W. Taylor
8d3ff56846 gdm: disconnect signals
Many signal connections on global objects and on non-widgets were not
disconnected when the unlock screen was destroyed, causing leaks.

https://bugzilla.gnome.org/show_bug.cgi?id=738256
2014-10-13 11:50:11 -04:00
Jasper St. Pierre
83cb26d70e js: Adapt to GSettings API change
The 'schema' property has been deprecated for a long time. Even though
this will likely be reverted in glib, let's stop using it.
2014-06-24 15:17:09 -04:00
Bastien Nocera
cd2bd7685a js: Name all the timeouts and idles
With very uninventive names. Names now, good names later.

https://bugzilla.gnome.org/show_bug.cgi?id=727983
2014-04-10 21:08:16 +02:00
Ray Strode
ff5550c82b util: fix "login card" smartcard detection on unlock screen
We only want to react to the card the user logged in with, at
the unlock screen.  We check "at the unlock screen" by checking
the "reauthenticating" state variable.  That variable is the
wrong one, though. It gets set too late, and in some cases, gets
set at the login screen, too.  We should be checking this._reauthOnly
instead.

This commit fixes that.

https://bugzilla.gnome.org/show_bug.cgi?id=726262
2014-03-13 14:01:02 -04:00
Florian Müllner
751a3f0e94 js: Use SOURCE_CONTINUE/SOURCE_REMOVE constants in source functions
With support for boolean constants in g-i, we can finally use the
more readable constants instead of true/false.

https://bugzilla.gnome.org/show_bug.cgi?id=719567
2013-12-16 18:27:19 +01:00
Vinzenz Feenstra
4cda61a16a gdm: support pre-authenticated logins from oVirt
oVirt is software for managing medium-to-large scale deployments of
virtual machine guests across multiple hosts. It supports a feature
where users can authenticate with a central server and get
transparently connected to a guest system and then automatically get logged
into that guest to an associated user session.

Guests using old versions of GDM support this single-sign-on capability
by means of a greeter plugin, using the old greeter's extension
API.

This commit adds similar support to the gnome-shell based login screen.

How it works:

* The OVirtCredentialsManager singleton listens for

  'org.ovirt.vdsm.Credentials.UserAuthenticated'

  D-Bus signal on the system bus from the

  'org.ovirt.vdsm.Credentials'

  bus name. The service that provides that bus name is called
  the oVirt guest agent. It is also responsible for interacting
  with the the central server to get user credentials.

* This UserAuthenticated signal passes, as a parameter, the a token
  which needs to be passed through to the PAM service that is specifically
  set up to integrate with the oVirt authentication architecture.
  The singleton object keeps the token internally so it can be queried
  later on.

* The OVirtCredentialsManager emits a signal 'user-authenticated' on
  it's object once the dbus signal is triggered

* When the 'user-authenticated' signal is emitted, the login screen
  tells GDM to start user verification using the PAM service. The
  authentication stack of the service includes a PAM module
  provided by oVirt that securely retrieves user credentials
  from the oVirt guest agent. The PAM module then forwards those
  credentials on to other modules in the stack so, e.g.,
  the user's gnome keyring can be automatically unlocked.

* In case of the screen shield being visible, it also will react on that
  'user-authenticated' signal and lift the shield.
  In that case the login screen will check on construction time if
  the signal has already been triggered, and a token is available.
  If a token is available it will immediately trigger the functionality
  as described above.

Signed-off-by: Vinzenz Feenstra <evilissimo@redhat.com>

https://bugzilla.gnome.org/show_bug.cgi?id=702162
2013-10-14 13:54:30 -04:00
Ray Strode
9720301d01 gdmUtil: make _startService support no username
commit fd11ad95f6 factored
out duplicated code, but unintentionally dropped support
for beginning verification without a username.

This commit brings it back.

https://bugzilla.gnome.org/show_bug.cgi?id=706542
2013-08-22 09:40:51 -04:00