53 Commits

Author SHA1 Message Date
Ray Strode
f0a7395b30 shellActionModes: disable POPUP keybindings in unlock screen
Certain keybindings should continue to work even when a popup
menu is on screen. For instance, the keybinding for showing
the app menu and the keyinding for showing the calendar are
examples.

This is achieved by putting in place a special "POPUP" action
mode, whenever a popup menu is active.  This mode replaces
the (e.g., "NORMAL" or "OVERVIEW") action mode that was in place
for as long as the popup menu is active.

But those keybindings should not work when the user is at the
unlock dialog (which uses an action mode of "UNLOCK").

Unfortunately, since commit c79d24b6 they do.

This commit addresses the problem by forcing the action mode
to NONE at the unlock screen when popups are visible.

CVE-2019-3820

Closes https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
2019-02-05 11:09:40 -05:00
Florian Müllner
bacfdbbb03 cleanup: Port non-GObject classes to JS6 classes
ES6 finally adds standard class syntax to the language, so we can
replace our custom Lang.Class framework with the new syntax. Any
classes that inherit from GObject will need special treatment,
so limit the port to regular javascript classes for now.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/361
2019-01-25 14:02:44 +00:00
Florian Müllner
22e21ad7d1 animation: Add dedicated Spinner class
We use AnimatedIcon with the same resource all over the place, cut
down on the duplication by providing a dedicated class.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/316
2019-01-16 17:44:42 +00:00
Marco Trevisan (Treviño)
8f848925f6 authPrompt: Do not enable sensitivity if retries are disallowed
Set the sensitivity of the UI according to the canRetry parameter and thus
if no more logins are allowed don't take any input.

Fixes #311
2018-07-25 20:32:42 +00:00
Marco Trevisan (Treviño)
d21657fe61 authPrompt: Unset preemptiveAnswer on reset
When we get a reset signal the preemptiveAnswer should be also unset or it will
be used next time the user authPrompt will be activated, even without any further
user interaction.

Fixes #311
2018-07-25 20:32:41 +00:00
Florian Müllner
3b1330880f cleanup: Use Function.prototype.bind()
When not using arrow notation with anonymous functions, we use Lang.bind()
to bind `this` to named callbacks. However since ES5, this functionality
is already provided by Function.prototype.bind() - in fact, Lang.bind()
itself uses it when no extra arguments are specified. Just use the built-in
function directly where possible, and use arrow notation in the few places
where we pass additional arguments.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/23
2018-02-21 13:55:02 +00:00
Florian Müllner
213e38c2ef cleanup: Use arrow notation for anonymous functions
Arrow notation is great, use it consistently through-out the code base
to bind `this` to anonymous functions, replacing the more overbose
Lang.bind(this, function() {}).

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/23
2018-02-21 13:55:00 +00:00
Florian Müllner
76f09b1e49 cleanup: Use method syntax
Modern javascript has a short-hand for function properties, embrace
it for better readability and to prepare for an eventual port to
ES6 classes.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/23
2018-02-21 13:54:58 +00:00
Florian Müllner
033277b68f Define externally accessible contants with 'var' instead of 'const'
Just as we did with classes, define other constants that are (or
may be) used from other modules with 'var' to cut down on warnings.

https://bugzilla.gnome.org/show_bug.cgi?id=785084
2017-07-18 21:52:06 +02:00
Florian Müllner
2582d16ca7 Define classes with 'var' instead of 'const'
Any symbols (including class properties) that should be visible
outside the module it's defined in need to be defined as global.
For now gjs still allows the access for 'const', but get rid of
the warnings spill now by changing it.

https://bugzilla.gnome.org/show_bug.cgi?id=785084
2017-07-18 21:52:06 +02:00
Ray Strode
a782de6e06 authPrompt: allow empty response to PAM messages
Some PAM modules say "Press enter to continue" or
whatever.  We need to support them.

This commit allows empty responses to PAM questions,
but still requires a non-empty response for username.

https://bugzilla.gnome.org/show_bug.cgi?id=784360
2017-07-10 09:23:11 -04:00
Michael Catanzaro
a00a186772 authPrompt: Remove stray tab character 2017-06-29 18:16:32 -05:00
Michael Catanzaro
82e20f94f4 authPrompt: Reorder import
5b339c83714fd173298a83227be7c83f7975fc6d put this in the wrong place.
2017-06-28 02:35:46 -05:00
victoryang
5b339c8371 authPrompt.js: turn off the ellipsization of pam messages
When the user gets long failure messages from pam, the authPrompt
message label will clip the message and ellipsize with '…'.

This commit turns off ellipsization from the label, so it will
properly wrap.

https://bugzilla.gnome.org/show_bug.cgi?id=764445
2016-10-14 09:28:34 -04:00
Michael Catanzaro
c65a9c4d2e authPrompt: Do not allow bypassing disabled Sign In button
The Next and Sign In buttons are disabled when the username/password
field is empty. However, the user can still bypass this button by
pressing the enter key, leading to some odd glitches with the log in
for 'Not Listed?' users.

This is easy to fix by simply not progressing to the next screen when
the button is disabled.

https://bugzilla.gnome.org/show_bug.cgi?id=746180
2016-01-07 17:19:04 -06:00
Rui Matos
f2d4aa0822 authPrompt: hide/stop spinner after verfiication completes
When the user successfully types their password, we should hide
the spinner from the button well right away, so it doesn't
consume resources until reset (which may happen significantly later
if the user is vt switched away)

https://bugzilla.gnome.org/show_bug.cgi?id=753891
2015-08-31 15:24:27 -04:00
Ray Strode
030a22d795 authPrompt: stop spinner after its hidden
The code previously tried to stop spinner after it was hidden, but
due to an incorrect check was only stoppig it after it was shown.

Also, it was only stopping after hiding due to an animation, and
failing to stop it in the non-animated case.

This left the spinner hidden and running while VT switched away
from the login screen, only stopping when the auth prompt was
reset when switching back.

https://bugzilla.gnome.org/show_bug.cgi?id=753891
2015-08-31 15:19:26 -04:00
Ray Strode
08506eac2d gdm: clear user verifier when finished with it
We only need the user verifier for the purpose of user verification.
Once it's complete we should clear it so it doesn't get in the way
later.

This fixes a bug introduced in commit 3c8c5a557059 that leads to the
user session crashing when the login screen is reactivated.

https://bugzilla.gnome.org/show_bug.cgi?id=753181
2015-08-05 09:40:17 -04:00
Jakub Steiner
27a7194634 spinner: use a 60fps spinner
- sync with gtk+ and provide a fluid spinner

https://bugzilla.gnome.org/show_bug.cgi?id=753064
2015-08-05 13:44:32 +02:00
Ray Strode
778ad49ab4 authPrompt: allow cancellation before verification starts
The user should be allowed to cancel if verification hasn't
started yet and they're typing in their username. This
commit changes the authPrompt cancel function to not
ignore such requests.

https://bugzilla.gnome.org/show_bug.cgi?id=752739
2015-07-24 09:44:24 -04:00
Ray Strode
fe7dd1305f authPrompt: don't allow next if entry is empty
Normally the user isn't allowed to proceed passed
the username question until they've filled it in.
To ensure this, the authprompt code desensitizes
the next button when the number of characters change to
zero.

Unfortunately it fails to desensitize the next button
up front when the entry starts out empty.

This commit addresses that bug.

https://bugzilla.gnome.org/show_bug.cgi?id=752739
2015-07-24 09:44:23 -04:00
Ray Strode
378a3df5ea authPrompt: set next button to next when asking for username
If the next button ever gets set to Sign In, it won't
get reset to next until the next question asked by pam.

This commit ensures it gets reset to Next when asking
for the username.

https://bugzilla.gnome.org/show_bug.cgi?id=752739
2015-07-24 09:44:21 -04:00
Ray Strode
fd3f03580d gdm: unconditionally cancel auth user verifier on reset
We currently only cancel the user verifier on reset if
verifying, but that means we don't properly cancel it when
asking for a username at the Not Listed screen.

The object already handles getting called when there is
nothing to cancel, so just cancel it unconditionally.

https://bugzilla.gnome.org/show_bug.cgi?id=752438
2015-07-16 09:41:39 -04:00
Shivam Mishra
6660342d2f authPrompt: Fix hang if user types password really fast
It's possible for a user to type their password so quickly
that GDM hasn't even had time to ask for the password yet,
much less have time to process the answer.
In that situation, we tuck the user response away as
_preemptiveAnswer, and pass it along to GDM when GDM is finally
ready for it.
The problem is, there's a bug in the code, where we send
null for the service name in the answer, instead of the right
service name (say "gdm-password").
This commit addresses the bug by making sure we don't pass the
answer along, until the service name is properly set in
_queryingService. To ensure that, answering query (answerQuery)
based on _preemptiveAnswer has been shifted right below
this._queryingService = serviceName;

https://bugzilla.gnome.org/show_bug.cgi?id=737586
2015-04-07 16:02:21 -04:00
Jakub Steiner
48cfd35b65 theme: a button is a button is a button
https://bugzilla.gnome.org/show_bug.cgi?id=737785
2015-02-20 15:16:06 +01:00
Ray Strode
5d440fa8d9 gdm: disallow cancel after verification succeeds
Once verification has succeeded, the train's already
left the building and we shouldn't allow canceling.

This commit renders the cancel button non-reactive
and makes the cancel function be a noop after
verification succeeds.

https://bugzilla.gnome.org/show_bug.cgi?id=740141
2014-11-17 12:11:02 -05:00
Cosimo Cecchi
49c4ba5656 theme: make a GResource
Now that we have all the infrastructure ready, port the theme to a
GResource.

https://bugzilla.gnome.org/show_bug.cgi?id=736936
2014-10-14 18:54:18 -07:00
Cosimo Cecchi
328bb1c21b st: always use GFile internally
We're moving the theme infrastructure towards GResource, so as a first
step move all the loading to use GFiles instead of URIs or paths.

https://bugzilla.gnome.org/show_bug.cgi?id=736936
2014-10-14 18:53:39 -07:00
Owen W. Taylor
8d3ff56846 gdm: disconnect signals
Many signal connections on global objects and on non-widgets were not
disconnected when the unlock screen was destroyed, causing leaks.

https://bugzilla.gnome.org/show_bug.cgi?id=738256
2014-10-13 11:50:11 -04:00
Owen W. Taylor
d8d046f2b3 AuthPrompt: properly remove user widgets
When replacing a user widget, we need to destroy the child, not just
unparent it, or it will leak.

https://bugzilla.gnome.org/show_bug.cgi?id=738256
2014-10-13 11:50:11 -04:00
Ray Strode
f6ed3d9f88 authPrompt: Don't ever ask for a username if smartcard service is in foreground
The smartcard service is put in the foreground in two cases:

1) If password service is disabled by admin configuratoin
2) if a smartcard is inserted

In either case we don't want to ask the user to pick a user from the
userlist.  We currently only avoid asking in case 2.

This commit fixes case 1.

https://bugzilla.gnome.org/show_bug.cgi?id=726263
2014-03-13 15:08:00 -04:00
Florian Müllner
deb2f30b37 js: Use EVENT_PROPAGATE/EVENT_STOP constants in event handlers
Just as SOURCE_CONTINUE/SOURCE_REMOVE in source functions, these
constants increase code clarity over plain true/false.

https://bugzilla.gnome.org/show_bug.cgi?id=719567
2013-12-16 18:27:19 +01:00
Yosef Or Boczko
49189e0e43 authPrompt: Explicitly set horizontal alignment
When set to fill, the label will always end up left-aligned, which
is only correct in LTR locales. Set the alignment explicitly to
work in both RTL and LTR locales.

https://bugzilla.gnome.org/show_bug.cgi?id=712638
2013-12-11 22:36:15 +02:00
Ray Strode
b2f547e934 authPrompt: propagate gdm "reset" signal after user switching
After a user types in their password at the login screen, one
of two things can happen

1) a new session is started
2) an existing session is switched to

In the latter case, GDM sends a reset signal to the login screen,
so it knows to go back to the user list and wait to be summoned
again.

Unfortunately, all reset signals are ignored after verification
success.  The reason is because the reset handler was copied from
the unlock dialog as part of a deduplication effort in commit
7e7295f259febf34c89659a9bcb05f9924fa1976 and the unlock dialog
handler at the time also emitted a "failed" signal on reset
(which wouldn't make sense to emit after success).

These days "failed" is handled in a different way.

This commit changes the code to let reset signals through after
successful verification.

https://bugzilla.gnome.org/show_bug.cgi?id=710456
2013-11-25 22:38:44 -05:00
Vinzenz Feenstra
4cda61a16a gdm: support pre-authenticated logins from oVirt
oVirt is software for managing medium-to-large scale deployments of
virtual machine guests across multiple hosts. It supports a feature
where users can authenticate with a central server and get
transparently connected to a guest system and then automatically get logged
into that guest to an associated user session.

Guests using old versions of GDM support this single-sign-on capability
by means of a greeter plugin, using the old greeter's extension
API.

This commit adds similar support to the gnome-shell based login screen.

How it works:

* The OVirtCredentialsManager singleton listens for

  'org.ovirt.vdsm.Credentials.UserAuthenticated'

  D-Bus signal on the system bus from the

  'org.ovirt.vdsm.Credentials'

  bus name. The service that provides that bus name is called
  the oVirt guest agent. It is also responsible for interacting
  with the the central server to get user credentials.

* This UserAuthenticated signal passes, as a parameter, the a token
  which needs to be passed through to the PAM service that is specifically
  set up to integrate with the oVirt authentication architecture.
  The singleton object keeps the token internally so it can be queried
  later on.

* The OVirtCredentialsManager emits a signal 'user-authenticated' on
  it's object once the dbus signal is triggered

* When the 'user-authenticated' signal is emitted, the login screen
  tells GDM to start user verification using the PAM service. The
  authentication stack of the service includes a PAM module
  provided by oVirt that securely retrieves user credentials
  from the oVirt guest agent. The PAM module then forwards those
  credentials on to other modules in the stack so, e.g.,
  the user's gnome keyring can be automatically unlocked.

* In case of the screen shield being visible, it also will react on that
  'user-authenticated' signal and lift the shield.
  In that case the login screen will check on construction time if
  the signal has already been triggered, and a token is available.
  If a token is available it will immediately trigger the functionality
  as described above.

Signed-off-by: Vinzenz Feenstra <evilissimo@redhat.com>

https://bugzilla.gnome.org/show_bug.cgi?id=702162
2013-10-14 13:54:30 -04:00
Florian Müllner
02c99e4b25 authPrompt: Clear _queryingService on verification failure
A conversation is finished after failing, and we are expecting a new
one to be started shortly after. However if we encounter an existing
reference to a previously set _queryingService, we will clear the
password entry, which might already contain a partially typed password
at that point. The behavior does make sense in the case of conflicting
conversations, but in the failure case it is both unexpected and
annoying, so clear _queryingService early to prevent this.

https://bugzilla.gnome.org/show_bug.cgi?id=708186
2013-09-23 13:32:17 +02:00
Ray Strode
88e3f6af47 authPrompt: give message label an initial style
This commit consolidates the styles of the various
message types into one 'login-dialog-message' style
and then adds additional styles on top to cover the
differences.

This allows us to give the message label an initial
style so that is padded properly before any messages
are displayed.

https://bugzilla.gnome.org/show_bug.cgi?id=706670
2013-08-27 10:20:16 -04:00
Jasper St. Pierre
41aa14eaf0 gdm: Remove constraints from authPrompt / loginDialog as well
https://bugzilla.gnome.org/show_bug.cgi?id=706843
2013-08-26 19:05:15 -04:00
Ray Strode
a7bbbad185 loginDialog: consolidate message label and login hint label
Right now the login hint is showing up just above the the cancel
button, instead of just below the text entry field.

The mockup here:

https://raw.github.com/gnome-design-team/gnome-mockups/master/system-lock-login-boot/login-dissect.png

Says it should share a label with the PAM info/error messages.

This commit consolidates the two labels.

https://bugzilla.gnome.org/show_bug.cgi?id=706324
2013-08-19 15:13:01 -04:00
Ray Strode
059b75cdbb authPrompt: support smartcard authentication
This commit detects when a user inserts a smartcard,
and then initiates user verification using the gdm-smartcard
PAM service.

Likewise, if a user removes their smartcard, password verification
(or the user list depending on auth mode and configuration) are initiated

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:22:49 -04:00
Ray Strode
07b57de03e authPrompt: emit prompted when given a message
Some pam modules prompt without expecting the user to type
an answer back (e.g. "Please swipe finger").  We need to
emit prompted in this case too, so the the dialog will get shown.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:15:37 -04:00
Ray Strode
93f072d1fc authPrompt: add support for auth without username
This commit introduces a new BeginRequestType enum which gets
passed to the 'reset' signal to specify whether
a username should be provided to the begin() method and changes
the loginDialog to comply.

Currently, the signal only ever gets emitted with

AuthPrompt.BeginRequestType.PROVIDE_USERNAME

but that will change in the future when providing smartcard
support.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
1104a385fa unlockDialog: only emit 'failed' on reset after failure/cancel
We currently emit "failed" any time the UserVerifier is reset,
and user verification didn't succeed prior.

A more conceptually clear time to emit "failed" would be if
the UserVerifier is reset and user verification failed prior,
and to emit "failed" if the user cancels unlock.

This commit restructures things to do that. Aside from being
more conceptually clear, it also lays the groundwork for us
to be able to reset the unlock screen without failing.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
f5b2febf13 authPrompt: cancel user verification if verifying when reset
authPrompt.reset() currently only leaves the authPrompt in a
sane state if the user isn't verifying.

This commit makes sure to cancel verification if a reset happens
while verification is in process.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-18 21:14:35 -04:00
Ray Strode
58ca6ec6aa authPrompt: don't muck with cancelButton in onAskQuestion
onAskQuestion has this code:

    if (this.verifyingUser)
        this.cancelButton.show();
    else
        this.cancelButton.hide();

but onAskQuestion can only be called when this.verifyingUser is true.
Also, cancelButton is public, and it only ever otherwise gets hidden
from callers.

This commit drops mucking with cancelButton visibility, leaving it
entirely up to the callers to deal with.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-08 10:55:34 -04:00
Ray Strode
a70e74e478 authPrompt: fix disable-user-list / Not Listed?
If the first question asked to a user is from the
shell and not from the PAM service (i.e. Username: ),
then we'll save what the user types until PAM asks
a question and then try to send it to PAM.

This commit makes sure the preemptive answer can be used
before the PAM conversation gets started, and makes sure
to discard the preemptive answer if we're not expecting it.

https://bugzilla.gnome.org/show_bug.cgi?id=705370
2013-08-05 22:10:06 -04:00
Ray Strode
4d72bfd495 authPrompt: consolidate verifyingUser/userVerified
Right now we have two booleans that specify when user verification
is happening and when it succeeded, respectively.

This commit consolidates them into one AuthPromptStatus enumeration.

This clean up will allow us to check for verification failure more
easily.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-01 16:08:23 -04:00
Ray Strode
69957dac3d authPrompt: disassociate from userVerifier when destroyed
Otherwise, it won't get GC'd and we'll end up potentially calling
its signal handlers after destruction.

https://bugzilla.gnome.org/show_bug.cgi?id=683437
2013-08-01 16:08:22 -04:00
Ray Strode
f38d5a9c06 authPrompt: let PAM message wrap if longer than entry
Right now the whole authPrompt spreads out if a PAM message
comes in that longer than the entry.

This commit changes it to wrap instead, by forcing the
auth prompt to be a fixed width (slightly bigger than
the entry width was sized to previously).

https://bugzilla.gnome.org/show_bug.cgi?id=705037
2013-07-29 17:25:41 -04:00
Ray Strode
87245c7b33 authPrompt: Call next button "Unlock" when user switching
When a ShellUserVerifier is asked to verify a user at the login
screen it will transparently first try to reauthenticate the user
against an existing session and then fall back to logging a user
into a new session.  The former is used for user switching.
It's useful to know which type of verification is happening, so
the next button can be made to say "Unlock" instead of "Sign In" when
a user is already signed in.

This commit exports a new "reauthenticating" property on the
ShellUserVerifier that the auth prompt checks when deciding which
label to use for its next button.

https://bugzilla.gnome.org/show_bug.cgi?id=704795
2013-07-25 09:28:22 -04:00