* auth: add an interface for different authentication methods
* auth: pick inline feedback based on last active implementation
* config: move auth options to auth:<auth_impl>
BREAKING:
- general:pam_module -> auth:pam:module
- general:enable_fingerprint -> auth:fingerprint:enabled
- general:fingerprint_ready_message -> auth:fingerprint:ready_message
- general:fingerprint_present_message ->
auth:fingerprint:present_message
* auth: don't clear password input for fingerprint auth check
* fingerprint: checkAuthenticated when handling verfiy status
* Revert conditionally clearing the password input buffer
Makes sure the input field can show the fail text for fingerprint auth.
* auth: virtual instead of override, remove braces
* pam: join the thread
* auth: remove isAuthenticated and switch to a control flow based unlock
* auth: initialize authentication before aquiring the session lock
* auth: Support parallel fingerprint auth
I chose to use Fprint's dbus interface directly rather than going through pam (which uses Fprint's dbus interface) due to poor handling of system sleep somewhere between fprintd and pam. When preparing for sleep, fprintd puts the device to sleep, which causes VerifyStatus to emit with verify-unknown-error, which normally should be responded to by calling both Device.StopVerify and Device.Release (and this is what pam does). Unfortunately, if you try to release the device when the system is preparing for sleep, you'll get an error that the device is busy and then you can't can't claim or release the device for 30 seconds.
pam also has a max timeout for pam_fprintd.so of 99 seconds, and so if we used pam, we'd have to deal with the timeouts and keep restarting the auth conversation.
gdm/gnome-session lock seems to get around these issues by having a shutter on top of the lock screen that you have to interact with first that gives gnome-session a trigger to start fingerprint auth.
* nix/overlays: add sdbus overlay
---------
Co-authored-by: Mihai Fufezan <mihai@fufexan.net>
* misc: use Vector2D, Box and Mat3x3 from hyprutils
* nix: flake update
Fix CI fails. We need hyprutils>=0.2.3
* misc: use a function to convert Hyprlang::VEC2 to Vector2D
* misc: fixup some includes
* lockSurface: reload widgets on output change
* lockSurface: only configure when scale actually changed
* lockSurface: enable fsv1 per default for all compositors
* config: add fractional_scaling option
0 -> off
1 -> on
2 -> auto
* core: default auto option for fractional_scaling
* locksurface: fallback to integer scaling
* core: check m_bTerminate for grace unlocks
* core: remove reference to the lock object on finished
* core: add isUnlocked
true if m_bFadeStarted or m_bTerminate
* auth: return early on grace or SIGUSR1 unlocks
* core: immediately create session lock surfaces
Instead of waiting for the `locked` event, create session lock surfaces
right away.
* core: don't allow unlock_and_destroy if `locked` has never been recieved
After realizing that pam modules sometimes implement a timeout, i think
it is not worth starting the convo it right away.
Now you won't get the initial PAM_PROMPT any more.
Prompt will be initialized to "Password: ", which is most commonly what
you get from pam. Subsequent prompts (e.g. 2fa) will be handled however.
* asyncResourceGatherer: start the asyncLoop at the same time as gather
This is a prerequesit for labels beeing drawn, while backgrounds are
note ready yet.
* core: allow immediate rendering even when backgrounds are not gathered yet
Note:
We don't really need to call `asyncResourceGatherer::apply` in the
`renderLock` function, since it will get called by a call to
`asyncResourceGatherer::getAssetById` anyways.
* background: render color rectangle when asset is not ready yet
* config: add general:immediate_render config option
* core: use the --immediate-render flag in attemptRestoreOnDeath
* core: check for sessionLockSurface before calling render
This is needed, because when a new monitor is added via `onGlobal` the
order of the events is not guaranteed. Meaning that render for a
particular monitor might get called before a `CSessionLockSurface` for
that monitor exists.
* renderer: remove widgets for destroyed lockSurfaces
* asyncResourceGatherer: don't create duplicate dma frames for a specific stringPort
* core: remove renderer widgets in ~CSessionLockSurface instead of in onGlobalRemoved
* Revert "core: remove renderer widgets in ~CSessionLockSurface instead of in onGlobalRemoved"
This reverts commit 405aa42de8.
Because of destruction order, it is safer to do it in `onGlobalRemoved`.
* core: ditch dynamic DMAFrame generation
* core: identify DMAFrames via output size and stringPort
* core: fallback to background color for dynamic outputs with background:path=screenshot
* core: remove output pointer from DMAFrame
* core: handle rerendering when frameCallback is pending
* core: log when skipping label updates
* asyncResourceGatherer: remove busy and use loopMutex
Makes getAssetById fail less often and thus labels get more stable
updates
* asyncResourceGatherer: revision locking
`assetsMutex` was not needed, since `apply` only gets called from the
main thread and resources are also only aquired via the main thread.
`preloadTargets`, previously kinda guarded by the `busy` flag are now
locked as suggested in #367 (but via a copy of `peloadTargets`).
`apply` now returns a boolean so that the locking of preloadTargets in
combination with checking `preloadTargets.empty()` is a bit nicer.
* asyncResourceGatherer: remove explicit template arg for unique lock
* widgets: add missing virtual destructor
destructor is missing and as a consequence all sub classes gets wrongly
destructed reported as "new-delete-type-mismatch" by asan.
* gatherer: free memory allocated by pango
with pango_parse_markup its up to the caller of the function to free the
pointer to the text returned stored in this buf.
* core: add destructor and free devices
add a destructor and free both drmDevice and gbmDevice, leaks reported
by asan.
* core: free xkb allocated state and keymap
free xkb state and keymap on destruction to prevent leak on exit and
less asan spam.
* locksurface: destroy the surface frame on done
the callback was never being destroyed and is leaking on each
frameCallback creation, call wl_callback_destroy in onCallback() and
free the memory. reported with asan.
* core: add support for repeating backspace when held
* core: move keysym handling to a seperate function in order to reuse it for key repeat
* core: get keyboard repeat info from wayland
* core: defaults for keyboard repeat and delay
* auth: implement a full pam conversation
* input-field: fixup failedAttempts and color change
Credits to @bvr-yr
* pam: set default module to hyprland
* input-field: backup previous asset
* auth: restart auth in onPasswordCheckTimer
* auth: immediately switch to waiting when input was submitted
* auth: remove redundant waitingForPamAuth
* auth: add inputRequested and reschedule submitInput
* auth: clear password buffer and handle submitInput before input is requested
* Revert "input-field: backup previous asset"
This reverts commit 89702945be6af4aa43f54688ad34a4ccba994a3e.
Without the backup we avoid rendering the prompt placeholder for one frame when the failText is not available.
Looks better this way.
* auth: fallback to su if pam_module not in /etc/pam.d
rare occasion where a path check even works on nix
* auth: rename inputSubmitted and resubmit callback
* auth: detach failText from the conversation
* fix rebase mistake
* auth: make sure prompt and failText are not reset when restarting auth
needed for labels
* auth: force update timers when the prompt changes
* auth: remove unused stuff
