Commit Graph

276 Commits

Author SHA1 Message Date
Ray Strode
fe7dd1305f authPrompt: don't allow next if entry is empty
Normally the user isn't allowed to proceed passed
the username question until they've filled it in.
To ensure this, the authprompt code desensitizes
the next button when the number of characters change to
zero.

Unfortunately it fails to desensitize the next button
up front when the entry starts out empty.

This commit addresses that bug.

https://bugzilla.gnome.org/show_bug.cgi?id=752739
2015-07-24 09:44:23 -04:00
Ray Strode
378a3df5ea authPrompt: set next button to next when asking for username
If the next button ever gets set to Sign In, it won't
get reset to next until the next question asked by pam.

This commit ensures it gets reset to Next when asking
for the username.

https://bugzilla.gnome.org/show_bug.cgi?id=752739
2015-07-24 09:44:21 -04:00
Ray Strode
fd3f03580d gdm: unconditionally cancel auth user verifier on reset
We currently only cancel the user verifier on reset if
verifying, but that means we don't properly cancel it when
asking for a username at the Not Listed screen.

The object already handles getting called when there is
nothing to cancel, so just cancel it unconditionally.

https://bugzilla.gnome.org/show_bug.cgi?id=752438
2015-07-16 09:41:39 -04:00
Ray Strode
0003760fd9 gdm: fix banner allocation computation
The code to figure how how much room that banner had was wrong.
This commit fixes it.

https://bugzilla.gnome.org/show_bug.cgi?id=751517
2015-06-25 16:04:14 -04:00
Shivam Mishra
6660342d2f authPrompt: Fix hang if user types password really fast
It's possible for a user to type their password so quickly
that GDM hasn't even had time to ask for the password yet,
much less have time to process the answer.
In that situation, we tuck the user response away as
_preemptiveAnswer, and pass it along to GDM when GDM is finally
ready for it.
The problem is, there's a bug in the code, where we send
null for the service name in the answer, instead of the right
service name (say "gdm-password").
This commit addresses the bug by making sure we don't pass the
answer along, until the service name is properly set in
_queryingService. To ensure that, answering query (answerQuery)
based on _preemptiveAnswer has been shifted right below
this._queryingService = serviceName;

https://bugzilla.gnome.org/show_bug.cgi?id=737586
2015-04-07 16:02:21 -04:00
Clément Guérin
8e802fd32f gdm: use integer coordinates for login dialog actors
If the login screen actors aren't placed at pixel
boundaries then they will show up blurred with fuzzy
text.

This commit ensures all actor allocations are floored
to integer coordinates.

https://bugzilla.gnome.org/show_bug.cgi?id=746912
2015-03-27 17:25:06 -04:00
Adel Gadllah
b00a1d6b7f Revert "Revert "Give user 48ms to read each character of a PAM message, earlier it was 16ms""
I mean't to attach that to the bug not revert it.

This reverts commit 23a9fb0314.
2015-03-27 14:36:05 +01:00
Adel Gadllah
23a9fb0314 Revert "Give user 48ms to read each character of a PAM message, earlier it was 16ms"
Seriously there has to be a better way to deal with this then slowing down
login for messages that hardly anyone cares about.

https://bugzilla.gnome.org/show_bug.cgi?id=720885

This reverts commit 8897385714.
2015-03-27 14:33:52 +01:00
Sarvjeet
8897385714 Give user 48ms to read each character of a PAM message, earlier it was 16ms
User read time per character has been changed from 16ms to 48ms because the
message of information about last login is displayed for half a sec that is not
a good user experience. So time to read a character is increased to 48ms from 16ms.

https://bugzilla.gnome.org/show_bug.cgi?id=720885
2015-03-26 18:42:00 -05:00
Florian Müllner
9934529a0b loginDialog: Move long session-list menus to the side
Currently the menu position below the button means that the menu
can extend to roughly half the screen height before ending up partly
off-screen. This is plenty of space for commonly installed sessions,
but some users have a significantly higher number of sessions in the
list. Move the menu to the side of the button in that case to maximize
the vertical space the menu may take up.

https://bugzilla.gnome.org/show_bug.cgi?id=734352
2015-03-23 20:25:21 +01:00
Ray Strode
e5270cb6ec Revert "loginDialog: Don't arbitrarily pick a random session for the user"
This reverts commit 6d40cb98e7.

https://bugzilla.gnome.org/show_bug.cgi?id=740142
2015-03-18 12:44:37 -04:00
Ray Strode
ee360d8749 Revert "loginDialog: Better handle setting the active session"
This reverts commit 681861c8c7.

https://bugzilla.gnome.org/show_bug.cgi?id=740142
2015-03-18 12:44:37 -04:00
Ray Strode
b1de1ada25 gdm: fix empty user list on user switching
There's some vestigial code for hiding the user list
that runs at the same time its parent is hidden.

Only the parent should be hidden, at this point, so
there's situations where the user list hides and
never comes back.

This commit fixes that, by deleting the vestigial code.

https://bugzilla.gnome.org/show_bug.cgi?id=719418
2015-03-17 12:22:06 -04:00
Jasper St. Pierre
681861c8c7 loginDialog: Better handle setting the active session
We currently use the setActiveSession method to both mark a menu item as
selected, and also tell gdm about the current session the user selected.

Since gdm is ultimately in charge of the state, we should decouple this
and simply ask gdm to set the session, and have the menu item reflect
what gdm thinks is the current session.

This prevents state getting mismatched and oscillations from happening,
where we get in a loop of constantly telling gdm what the session is.

https://bugzilla.gnome.org/show_bug.cgi?id=740142
2015-03-16 17:47:27 -04:00
Jasper St. Pierre
6d40cb98e7 loginDialog: Don't arbitrarily pick a random session for the user
gdm should be in charge of telling us the default session, and it
should pick one for the user if she doesn't already have one.

https://bugzilla.gnome.org/show_bug.cgi?id=740142
2015-03-16 17:47:27 -04:00
Ray Strode
5650355da5 gdm: fix handling of removed smartcard at startup
If a smartcard is missing from the reader when we start up,
and the system is configured to disable password authentication,
then we need to ask the user to insert their smartcard.

This commit fixes that.

https://bugzilla.gnome.org/show_bug.cgi?id=740143
2015-03-16 13:45:50 -04:00
Florian Müllner
8eb0782f25 loginDialog: Pass-through UserWidget's label-actor
https://bugzilla.gnome.org/show_bug.cgi?id=729603
2015-03-06 17:24:13 +01:00
David Liang
e23a03d639 gdm: prevent nextSignalId from being connected multiply times
The problem is caused by '_askForUsernameAndBeginVerification' being
called multiply times. So when we click 'next', the old connected
function will also be executed.
2015-02-26 15:45:12 -05:00
Jakub Steiner
48cfd35b65 theme: a button is a button is a button
https://bugzilla.gnome.org/show_bug.cgi?id=737785
2015-02-20 15:16:06 +01:00
Ray Strode
d04340c675 loginDialog: fix reactivity of first user in user list
After the login banner is shown and hidden, the first user
in the user list becomes non-reactive.  This is because the
banner is given an opacity of 0, but still allocated.

This commit fixes that by hiding the banner explicitly.

https://bugzilla.gnome.org/show_bug.cgi?id=743370
2015-01-22 16:56:31 -05:00
Ray Strode
c556d28b98 loginDialog: reset greeter proxy on auth prompt reset
Normally when a user uses the login screen to log in, the
login screen gets killed and the user session takes over
the display.

This doesn't happen for wayland sessions, though. Instead,
the login screen gets reset, and the wayland session is started
on another VT.

The greeter proxy object needs to be recreated after this reset,
since it's associated with state no longer coupled to the login
screen after the reset.

This commit moves greeter proxy creation to happen at reset time.

https://bugzilla.gnome.org/show_bug.cgi?id=743371
2015-01-22 14:02:50 -05:00
Florian Müllner
e0eebc90e0 Rename KeyBindingMode to ActionMode
The keybinding mode is no longer used exclusively for actions triggered
by keybindings, so reflect this by a more generic name.

https://bugzilla.gnome.org/show_bug.cgi?id=740237
2014-12-19 11:39:50 +01:00
Ray Strode
7b9be2188a loginDialog: use two column view if banner message long
Frequently banner messages are longer than can reasonable
fit in a one column view, which leads to a smooshed layout.

This commit changes the layout to a two column view, with the
banner on the left and the prompt on the right, if the banner
message is long enough that it can't fit well above the prompt.
If there isn't enough space for two columns then we keep the
one column layout but add scrollbars.

https://bugzilla.gnome.org/show_bug.cgi?id=703972
2014-12-18 13:58:10 -05:00
Ray Strode
117a81e06f loginDialog: display banner message when disable-user-list=true
The login screen supports showing a banner message which admins
can use to mention login rules or disclaimers.

This message only shows up currently if the user list is enabled.
Most people who want to show a banner message also want to disable
the user list.

This commit moves the banner message to display when the user is
prompted for login credentials instead of when showing the user
list. It also adds a scrollbar if the message is too long.

https://bugzilla.gnome.org/show_bug.cgi?id=703972
2014-12-18 13:58:09 -05:00
Ray Strode
522fe8e8bf loginDialog: allocate children manually
The login screen is pretty custom full screen container and the standard
layout managers aren't really a good fit for the kind of layout that's
happening. This will be even more problematic with upcoming changes
to login banners, so we need to switch techniques.

This commit moves login dialog over to using a custom allocate handler
that has specific domain knowledge of the parts of the login screen
and where they go.

https://bugzilla.gnome.org/show_bug.cgi?id=703972
2014-12-18 13:58:09 -05:00
Ray Strode
5961f162fa gdm: fix sensitivity of auth prompt when cancelling early and user list is disabled
If the user list is disabled and the user clicks cancel quickly enough
after typing their username, they can get in a state where the
auth prompt gets stuck in the insensitive state.

This is because the login dialog code makes the prompt insensitive
while while pam is processing the provided username, but the prompt
only makes itself sensitive again when it is hidden.

This commit makes it sensitive right before asking for a username again.

https://bugzilla.gnome.org/show_bug.cgi?id=740141
2014-11-17 12:11:03 -05:00
Ray Strode
5d440fa8d9 gdm: disallow cancel after verification succeeds
Once verification has succeeded, the train's already
left the building and we shouldn't allow canceling.

This commit renders the cancel button non-reactive
and makes the cancel function be a noop after
verification succeeds.

https://bugzilla.gnome.org/show_bug.cgi?id=740141
2014-11-17 12:11:02 -05:00
Jasper St. Pierre
0f63ad0fc1 gdm: Don't throw an error if there's no logo file 2014-10-14 20:00:25 -07:00
Cosimo Cecchi
49c4ba5656 theme: make a GResource
Now that we have all the infrastructure ready, port the theme to a
GResource.

https://bugzilla.gnome.org/show_bug.cgi?id=736936
2014-10-14 18:54:18 -07:00
Cosimo Cecchi
328bb1c21b st: always use GFile internally
We're moving the theme infrastructure towards GResource, so as a first
step move all the loading to use GFiles instead of URIs or paths.

https://bugzilla.gnome.org/show_bug.cgi?id=736936
2014-10-14 18:53:39 -07:00
Owen W. Taylor
6a969b934f gdm: fix missing braces
Incorrect braces meant that if the ShellUserVerifier was destroyed before
the call to fprintManager.GetDefaultDeviceRemote(), the reply would result in
an error.

https://bugzilla.gnome.org/show_bug.cgi?id=738256
2014-10-13 11:50:12 -04:00
Owen W. Taylor
8d3ff56846 gdm: disconnect signals
Many signal connections on global objects and on non-widgets were not
disconnected when the unlock screen was destroyed, causing leaks.

https://bugzilla.gnome.org/show_bug.cgi?id=738256
2014-10-13 11:50:11 -04:00
Owen W. Taylor
d8d046f2b3 AuthPrompt: properly remove user widgets
When replacing a user widget, we need to destroy the child, not just
unparent it, or it will leak.

https://bugzilla.gnome.org/show_bug.cgi?id=738256
2014-10-13 11:50:11 -04:00
Jasper St. Pierre
589e6c29f3 loginDialog: Push a modal for LOCK_SCREEN
So that we're in the correct keybinding mode.
2014-07-27 08:18:51 -04:00
Jasper St. Pierre
4b46533ce8 loginDialog: Fix the removal from the ctrlAltTabManager
When we ported away from ModalDialog, we forgot to change this one
reference to the dialog layout. Change it now.
2014-07-27 08:12:27 -04:00
Jasper St. Pierre
83cb26d70e js: Adapt to GSettings API change
The 'schema' property has been deprecated for a long time. Even though
this will likely be reverted in glib, let's stop using it.
2014-06-24 15:17:09 -04:00
Florian Müllner
2a63267be0 loginDialog: Remove unused variable 2014-05-28 22:01:54 +02:00
Bastien Nocera
cd2bd7685a js: Name all the timeouts and idles
With very uninventive names. Names now, good names later.

https://bugzilla.gnome.org/show_bug.cgi?id=727983
2014-04-10 21:08:16 +02:00
Cosimo Cecchi
9c88fec4fc texture-cache: use scale factor for load_uri_async()
https://bugzilla.gnome.org/show_bug.cgi?id=726907
2014-03-28 10:53:01 -07:00
Jasper St. Pierre
be291ee4f9 loginScreen: reset greeter when coming back to login screen
When a user logs in to a wayland session, we keep the login screen
running on the X server with the login screen running in a deactivated mode.

This commit makes sure it get reactivated when the user comes back to
the VT (from user switching, logout or just ctrl-alt-f1).

https://bugzilla.gnome.org/show_bug.cgi?id=726989
2014-03-25 10:41:12 -04:00
Ray Strode
f6ed3d9f88 authPrompt: Don't ever ask for a username if smartcard service is in foreground
The smartcard service is put in the foreground in two cases:

1) If password service is disabled by admin configuratoin
2) if a smartcard is inserted

In either case we don't want to ask the user to pick a user from the
userlist.  We currently only avoid asking in case 2.

This commit fixes case 1.

https://bugzilla.gnome.org/show_bug.cgi?id=726263
2014-03-13 15:08:00 -04:00
Ray Strode
ff5550c82b util: fix "login card" smartcard detection on unlock screen
We only want to react to the card the user logged in with, at
the unlock screen.  We check "at the unlock screen" by checking
the "reauthenticating" state variable.  That variable is the
wrong one, though. It gets set too late, and in some cases, gets
set at the login screen, too.  We should be checking this._reauthOnly
instead.

This commit fixes that.

https://bugzilla.gnome.org/show_bug.cgi?id=726262
2014-03-13 14:01:02 -04:00
Florian Müllner
0ba05b29b9 loginDialog: Defer loading user list until needed
Loading the user list can be expensive, for instance when there is
a large number of users and/or their avatars have to be fetched over
the network. In case the user list is disabled anyway, there is no
point in doing that work just to hide it, so stop doing that.

https://bugzilla.gnome.org/show_bug.cgi?id=725905
2014-03-08 00:29:11 +01:00
Florian Müllner
ef8123e3a2 loginDialog: Add missing return value
_loadUserList() may be used as idle handler, so we should explicitly
return a boolean.

https://bugzilla.gnome.org/show_bug.cgi?id=725905
2014-03-08 00:29:10 +01:00
Ray Strode
765d0228c0 loginDialog: move user list loading after actors are constructed
Right now we queue populating the user list in the middle of setting
up the dialog actors. Of course, the actual population happens some time
later after going back to the main loop.

It's more logical to structure the code so the the actors are
instantiated first in one block and then other things after that.

This commit moves the user list population enqueuing operation to the
bottom of the constuctor.

https://bugzilla.gnome.org/show_bug.cgi?id=721868
2014-01-13 12:42:39 -05:00
Ray Strode
2d2020a20d loginDialog: defer loading user list until idle
In some cases we load the user list after going back
to main loop and in other cases we load the user list
right away (depending on if accounts service is ready).

In the case we load the user list right away we cause a
traceback because loading the user list forces a reset,
which then tries to reset actors which aren't instantiated
yet.

This commit ensures the user list is loaded after the constructor
finishes and the event loop runs irregardless of the accountsservice
state.

https://bugzilla.gnome.org/show_bug.cgi?id=721868
2014-01-13 12:42:33 -05:00
Andika Triwidada
f3dad3765e Changed obsolete FSF postal address.
https://bugzilla.gnome.org/show_bug.cgi?id=721507
2014-01-08 04:35:14 +07:00
Florian Müllner
deb2f30b37 js: Use EVENT_PROPAGATE/EVENT_STOP constants in event handlers
Just as SOURCE_CONTINUE/SOURCE_REMOVE in source functions, these
constants increase code clarity over plain true/false.

https://bugzilla.gnome.org/show_bug.cgi?id=719567
2013-12-16 18:27:19 +01:00
Florian Müllner
751a3f0e94 js: Use SOURCE_CONTINUE/SOURCE_REMOVE constants in source functions
With support for boolean constants in g-i, we can finally use the
more readable constants instead of true/false.

https://bugzilla.gnome.org/show_bug.cgi?id=719567
2013-12-16 18:27:19 +01:00
Yosef Or Boczko
49189e0e43 authPrompt: Explicitly set horizontal alignment
When set to fill, the label will always end up left-aligned, which
is only correct in LTR locales. Set the alignment explicitly to
work in both RTL and LTR locales.

https://bugzilla.gnome.org/show_bug.cgi?id=712638
2013-12-11 22:36:15 +02:00
Florian Müllner
729c962b7c loginDialog: Implement cancel()
The screen shield expects a cancel() method on the unlockDialog
implementation, but LoginDialog does not provide it currently.

https://bugzilla.gnome.org/show_bug.cgi?id=719378
2013-11-27 14:30:24 +01:00
Ray Strode
b2f547e934 authPrompt: propagate gdm "reset" signal after user switching
After a user types in their password at the login screen, one
of two things can happen

1) a new session is started
2) an existing session is switched to

In the latter case, GDM sends a reset signal to the login screen,
so it knows to go back to the user list and wait to be summoned
again.

Unfortunately, all reset signals are ignored after verification
success.  The reason is because the reset handler was copied from
the unlock dialog as part of a deduplication effort in commit
7e7295f259 and the unlock dialog
handler at the time also emitted a "failed" signal on reset
(which wouldn't make sense to emit after success).

These days "failed" is handled in a different way.

This commit changes the code to let reset signals through after
successful verification.

https://bugzilla.gnome.org/show_bug.cgi?id=710456
2013-11-25 22:38:44 -05:00
Jasper St. Pierre
04a00f6564 loginDialog: Use UserWidget
https://bugzilla.gnome.org/show_bug.cgi?id=706851
2013-10-30 13:19:02 -04:00
Tim Lunn
b908a3d70a Stringify the xml definitions for E4X removal
https://bugzilla.gnome.org/show_bug.cgi?id=691409
2013-10-25 08:57:27 +11:00
Vinzenz Feenstra
4cda61a16a gdm: support pre-authenticated logins from oVirt
oVirt is software for managing medium-to-large scale deployments of
virtual machine guests across multiple hosts. It supports a feature
where users can authenticate with a central server and get
transparently connected to a guest system and then automatically get logged
into that guest to an associated user session.

Guests using old versions of GDM support this single-sign-on capability
by means of a greeter plugin, using the old greeter's extension
API.

This commit adds similar support to the gnome-shell based login screen.

How it works:

* The OVirtCredentialsManager singleton listens for

  'org.ovirt.vdsm.Credentials.UserAuthenticated'

  D-Bus signal on the system bus from the

  'org.ovirt.vdsm.Credentials'

  bus name. The service that provides that bus name is called
  the oVirt guest agent. It is also responsible for interacting
  with the the central server to get user credentials.

* This UserAuthenticated signal passes, as a parameter, the a token
  which needs to be passed through to the PAM service that is specifically
  set up to integrate with the oVirt authentication architecture.
  The singleton object keeps the token internally so it can be queried
  later on.

* The OVirtCredentialsManager emits a signal 'user-authenticated' on
  it's object once the dbus signal is triggered

* When the 'user-authenticated' signal is emitted, the login screen
  tells GDM to start user verification using the PAM service. The
  authentication stack of the service includes a PAM module
  provided by oVirt that securely retrieves user credentials
  from the oVirt guest agent. The PAM module then forwards those
  credentials on to other modules in the stack so, e.g.,
  the user's gnome keyring can be automatically unlocked.

* In case of the screen shield being visible, it also will react on that
  'user-authenticated' signal and lift the shield.
  In that case the login screen will check on construction time if
  the signal has already been triggered, and a token is available.
  If a token is available it will immediately trigger the functionality
  as described above.

Signed-off-by: Vinzenz Feenstra <evilissimo@redhat.com>

https://bugzilla.gnome.org/show_bug.cgi?id=702162
2013-10-14 13:54:30 -04:00
Jasper St. Pierre
8737b06559 loginDialog: MessageType is now in GdmUtil
https://bugzilla.gnome.org/show_bug.cgi?id=709286
2013-10-02 13:58:09 -04:00
Florian Müllner
02c99e4b25 authPrompt: Clear _queryingService on verification failure
A conversation is finished after failing, and we are expecting a new
one to be started shortly after. However if we encounter an existing
reference to a previously set _queryingService, we will clear the
password entry, which might already contain a partially typed password
at that point. The behavior does make sense in the case of conflicting
conversations, but in the failure case it is both unexpected and
annoying, so clear _queryingService early to prevent this.

https://bugzilla.gnome.org/show_bug.cgi?id=708186
2013-09-23 13:32:17 +02:00
Jasper St. Pierre
0b79e9cc9e loginDialog: Remove "Session" subtitle heading
It doesn't really add any value at all.

https://bugzilla.gnome.org/show_bug.cgi?id=707072
2013-08-30 10:45:46 -04:00
Ray Strode
8b977252f3 loginDialog: show session menu button when in auth failed
Right now we only show the session menu button when verifying,
but we should also show it when verification is failed or we
can end up in situation where the session menu disappears during
an authentication retry.

https://bugzilla.gnome.org/show_bug.cgi?id=707064
2013-08-29 14:02:21 -04:00
Ray Strode
88e3f6af47 authPrompt: give message label an initial style
This commit consolidates the styles of the various
message types into one 'login-dialog-message' style
and then adds additional styles on top to cover the
differences.

This allows us to give the message label an initial
style so that is padded properly before any messages
are displayed.

https://bugzilla.gnome.org/show_bug.cgi?id=706670
2013-08-27 10:20:16 -04:00
Jasper St. Pierre
41aa14eaf0 gdm: Remove constraints from authPrompt / loginDialog as well
https://bugzilla.gnome.org/show_bug.cgi?id=706843
2013-08-26 19:05:15 -04:00
Jasper St. Pierre
80ab28bc3a loginDialog: Fade in the gdm auth prompt on login 2013-08-26 18:17:35 -04:00
Jasper St. Pierre
48b7ebe1c0 loginDialog: Remove useless style class manipulation
StWidget already does this for us.
2013-08-26 18:17:35 -04:00
Jasper St. Pierre
c59cf18337 loginDialog: Provide a finish method
The screenShield expects to be able to call finish on the dialog.
2013-08-26 18:04:20 -04:00
Ray Strode
44e3811520 loginDialog: ask for username up front if disable-user-list==TRUE
Right now, we rely on PAM to ask for the username if disable-user-list
is TRUE.  This is suboptimal because it means we can't check if we
should show a session menu.

This commit changes disable-user-list==TRUE to ask for a username up
front, rather than have PAM do it.

https://bugzilla.gnome.org/show_bug.cgi?id=706607
2013-08-23 11:40:35 -04:00
Ray Strode
5f9e50175f loginDialog: add support for auth without username / fix Not Listed?
commit 93f072d1fc attempted to
add support for auth without a username to the login screen, but
do to a messed up rebase only partially added it.

This commit fixes that.

https://bugzilla.gnome.org/show_bug.cgi?id=706607
2013-08-22 15:40:55 -04:00
Ray Strode
9720301d01 gdmUtil: make _startService support no username
commit fd11ad95f6 factored
out duplicated code, but unintentionally dropped support
for beginning verification without a username.

This commit brings it back.

https://bugzilla.gnome.org/show_bug.cgi?id=706542
2013-08-22 09:40:51 -04:00
Ray Strode
a7bbbad185 loginDialog: consolidate message label and login hint label
Right now the login hint is showing up just above the the cancel
button, instead of just below the text entry field.

The mockup here:

https://raw.github.com/gnome-design-team/gnome-mockups/master/system-lock-login-boot/login-dissect.png

Says it should share a label with the PAM info/error messages.

This commit consolidates the two labels.

https://bugzilla.gnome.org/show_bug.cgi?id=706324
2013-08-19 15:13:01 -04:00
Ray Strode
059b75cdbb authPrompt: support smartcard authentication
This commit detects when a user inserts a smartcard,
and then initiates user verification using the gdm-smartcard
PAM service.

Likewise, if a user removes their smartcard, password verification
(or the user list depending on auth mode and configuration) are initiated

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:22:49 -04:00
Ray Strode
4394a05243 gdmUtil: support disabling password authentication
This commit skips trying password authentication if it's
disallowed, favoring fingerprint login instead.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:37 -04:00
Ray Strode
fd11ad95f6 gdmUtil: factor out some duplicated code in beginVerification
The duplication makes the function look a lot more complicated
than it actually is.

This commit moves the common code to a new _startService function.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:37 -04:00
Ray Strode
07b57de03e authPrompt: emit prompted when given a message
Some pam modules prompt without expecting the user to type
an answer back (e.g. "Please swipe finger").  We need to
emit prompted in this case too, so the the dialog will get shown.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:37 -04:00
Ray Strode
a2a5f5df3f gdmUtil: pave way for fingeprint to optionally be default auth service
Currently, fingerprint authentication is always a secondary thing.
If a user wants to swipe their finger when the computer is asking
for a password, so be it.

This commit paves the way for making fingerprint auth optionally
be the main way to authenticate.  Currently there's no way to enable
this, but in a future commit will honor

enable-password-authentication=false

in gsettings.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:33 -04:00
Ray Strode
148f2210ca util: abstract out default auth service in code
Right now, the primary way a user logs in is with
a password. They can also swipe their finger, if their
fingerprint is enrolled, but it's expected the fingerprint
auth service won't ask questions the user has to respond to
by typing. As such, we ignore questions that comes from
anything but the main auth service: gdm-password.

In the future, if a user inserts a smartcard, we'll want
to treat the gdm-smartcard service as the main auth service,
and let any questions from it get to the user.

This commit tries to prepare for that eventuality by storing
the name of the default auth service away in a _defaultService variable
before verification has begun, and then later checking incoming
queries against that service instead of checking against
string 'gdm-password' directly.

Of course, right now, _defaultService is always gdm-password.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
93f072d1fc authPrompt: add support for auth without username
This commit introduces a new BeginRequestType enum which gets
passed to the 'reset' signal to specify whether
a username should be provided to the begin() method and changes
the loginDialog to comply.

Currently, the signal only ever gets emitted with

AuthPrompt.BeginRequestType.PROVIDE_USERNAME

but that will change in the future when providing smartcard
support.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
1104a385fa unlockDialog: only emit 'failed' on reset after failure/cancel
We currently emit "failed" any time the UserVerifier is reset,
and user verification didn't succeed prior.

A more conceptually clear time to emit "failed" would be if
the UserVerifier is reset and user verification failed prior,
and to emit "failed" if the user cancels unlock.

This commit restructures things to do that. Aside from being
more conceptually clear, it also lays the groundwork for us
to be able to reset the unlock screen without failing.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
f5b2febf13 authPrompt: cancel user verification if verifying when reset
authPrompt.reset() currently only leaves the authPrompt in a
sane state if the user isn't verifying.

This commit makes sure to cancel verification if a reset happens
while verification is in process.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
945b357ed8 loginDialog: fix session menu visibility
The shouldShowSessionMenu function has a few bugs in it.
This fixes them.

https://bugzilla.gnome.org/show_bug.cgi?id=706153
2013-08-16 14:10:21 -04:00
Jasper St. Pierre
5c8c4e0aad panel: Move statuses to the aggregate menu
Swap out the implementation of SystemIndicator with a dummy,
and build the aggregate menu. At the same time, remove the
poweroff and login screen menus, as those were fake aggregate
menus beforehand.

We lose some flexibility as we lose session-mode-based menu
layout, but as each component of the aggregate menu is supposed
to be "smart" in response to updating itself when session
state changes, I believe it's better than a declarative model.

https://bugzilla.gnome.org/show_bug.cgi?id=705845
2013-08-13 06:50:24 -04:00
Jasper St. Pierre
5cca26a565 status: Port to a new SystemIndicator framework
We can't silently replace the old behavior of separate status
icons into a new system. Replace SystemStatusButton with a new
SystemIndicator class which will allow for the flexibility we
need. For now, make it a subclass of Button so that it mostly
feels the same, but we'll soon be swapping it out with a dummy
implementation that the aggregate menu will use.

I think the code cleanup here is worth it.

https://bugzilla.gnome.org/show_bug.cgi?id=705845
2013-08-13 06:50:24 -04:00
Ray Strode
58ca6ec6aa authPrompt: don't muck with cancelButton in onAskQuestion
onAskQuestion has this code:

    if (this.verifyingUser)
        this.cancelButton.show();
    else
        this.cancelButton.hide();

but onAskQuestion can only be called when this.verifyingUser is true.
Also, cancelButton is public, and it only ever otherwise gets hidden
from callers.

This commit drops mucking with cancelButton visibility, leaving it
entirely up to the callers to deal with.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-08 10:55:34 -04:00
Ray Strode
bb2599eb30 loginDialog: fix up cancel button visibility
This commit makes sure we hide when there's nothing to cancel
to and show it when there's something to cancel to.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-08 10:55:34 -04:00
Ray Strode
a70e74e478 authPrompt: fix disable-user-list / Not Listed?
If the first question asked to a user is from the
shell and not from the PAM service (i.e. Username: ),
then we'll save what the user types until PAM asks
a question and then try to send it to PAM.

This commit makes sure the preemptive answer can be used
before the PAM conversation gets started, and makes sure
to discard the preemptive answer if we're not expecting it.

https://bugzilla.gnome.org/show_bug.cgi?id=705370
2013-08-05 22:10:06 -04:00
Ray Strode
45ba07c214 util: clear user verifier after cancelling it
If we don't clear it, then the connection to gdm will remain open.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-01 16:08:23 -04:00
Ray Strode
4d72bfd495 authPrompt: consolidate verifyingUser/userVerified
Right now we have two booleans that specify when user verification
is happening and when it succeeded, respectively.

This commit consolidates them into one AuthPromptStatus enumeration.

This clean up will allow us to check for verification failure more
easily.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-01 16:08:23 -04:00
Ray Strode
925eaa1db0 loginDialog: don't ever call _reset directly
The only time we ever call _reset directly is when
detecting changes to disable-user-list.  We can implicitly
trigger a reset for this case, just as easily by calling
this._authPrompt.reset()

This commit makes that change for consistency and to make
it easier to adjust the authprompt workflow later.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-01 16:08:23 -04:00
Ray Strode
69957dac3d authPrompt: disassociate from userVerifier when destroyed
Otherwise, it won't get GC'd and we'll end up potentially calling
its signal handlers after destruction.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-01 16:08:22 -04:00
Ray Strode
f38d5a9c06 authPrompt: let PAM message wrap if longer than entry
Right now the whole authPrompt spreads out if a PAM message
comes in that longer than the entry.

This commit changes it to wrap instead, by forcing the
auth prompt to be a fixed width (slightly bigger than
the entry width was sized to previously).

https://bugzilla.gnome.org/show_bug.cgi?id=705037
2013-07-29 17:25:41 -04:00
Ray Strode
87245c7b33 authPrompt: Call next button "Unlock" when user switching
When a ShellUserVerifier is asked to verify a user at the login
screen it will transparently first try to reauthenticate the user
against an existing session and then fall back to logging a user
into a new session.  The former is used for user switching.
It's useful to know which type of verification is happening, so
the next button can be made to say "Unlock" instead of "Sign In" when
a user is already signed in.

This commit exports a new "reauthenticating" property on the
ShellUserVerifier that the auth prompt checks when deciding which
label to use for its next button.

https://bugzilla.gnome.org/show_bug.cgi?id=704795
2013-07-25 09:28:22 -04:00
Ray Strode
82ee6aed7f authPrompt: fade out message if user starts to type
If there are no messages in the queue and a user starts to
type then we can safely hide the message label since the
user has probably already read it.

This fixes a weirdness where "Incorrect Password" messages stay
around, even as the user types in the new correct password.

https://bugzilla.gnome.org/show_bug.cgi?id=704817
2013-07-24 13:22:10 -04:00
Ray Strode
d730fd0a5f loginDialog: correct typo
commit 7e7295f259 introduced a typo
(LOGIN instead of LOG_IN).

The follow up commit fixes that.
2013-07-24 11:27:53 -04:00
Ray Strode
7e7295f259 authPrompt: move unlock and login user verifier code here
There's quite a bit of duplicated code between the login dialog
and the unlock dialog dealing with the various signals from the
ShellUserVerifier.

This commit moves that duplicated code into the AuthPrompt.

https://bugzilla.gnome.org/show_bug.cgi?id=704707
2013-07-24 06:01:12 -04:00
Ray Strode
d30cb2d4d9 gdmUtil: separate AuthPrompt out into its own file
It's cleaner to have it in its own file than to cram it into
util.js, so this commit moves it.

https://bugzilla.gnome.org/show_bug.cgi?id=704707
2013-07-24 06:01:03 -04:00
Ray Strode
953f44bcc5 Revert "add annoying delay"
This reverts commit e9531487d9.

This is a testing commit and snuck in on accident.
2013-07-18 15:43:51 -04:00
Ray Strode
be4f259b71 util: add shell entry menu to auth prompt
This brings us parity with the unlock dialog, and is a prerequisite
for eventually moving the unlock dialog over to using the auth
prompt.

https://bugzilla.gnome.org/show_bug.cgi?id=702308
2013-07-18 15:41:02 -04:00
Ray Strode
e9531487d9 add annoying delay 2013-07-18 15:17:17 -04:00
Ray Strode
d715110961 loginDialog: factor auth prompt code out to utils
Right now there is a lot of duplicated code between the unlock
dialog and the login dialog.

This commit moves the login dialog's auth prompt to a separate
class, so that it can (in a subsequent commit) be used by the
unlock dialog.

https://bugzilla.gnome.org/show_bug.cgi?id=702308
2013-07-18 14:36:00 -04:00
Ray Strode
3c31908e08 loginDialog: s/button-press-event/key-press-event/
A bug got introduced when moving the login dialog away from modal
dialog, such that it listens for escape key presses in a mouse
event handler instead of a keyboard event handler.

This commit fixes that code to correctly listen for key-press-event
instead of button-press-event.

https://bugzilla.gnome.org/show_bug.cgi?id=702308
2013-07-18 13:12:25 -04:00
Ray Strode
e5e3f3c299 loginDialog: avoid blinking user list when disable-user-list=true
Right now if disable-user-list is true we show it briefly, just so
that we can fade it out to the user entry.

This commit avoids the fade in that case.

https://bugzilla.gnome.org/show_bug.cgi?id=704471
2013-07-18 13:08:31 -04:00
Ray Strode
7d5d7453c2 util: drop call that can't do anything
this._clearMessageQueue() is a noop when this.hasPendingMessages is
false so calling it in that case doesn't make sense.

This commit drops that call.

https://bugzilla.gnome.org/show_bug.cgi?id=704347
2013-07-18 09:23:11 -04:00