gnome-shell/SOURCES/login-screen-extensions.patch

From 4024d59871d0c8990ef5e4243c9fc485971755e7 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Tue, 10 Aug 2021 13:25:57 -0400
Subject: [PATCH 1/3] extensionSystem: Get rid of _enabled boolean optimization

At the moment a session mode either allows extensions or it doesn't.
If it allows extensions, then the entire available list of
configured extensions get enabled as soon as the session mode is
entered.

Since enabling or disabling extensions is an all or nothing situation,
the code tracks whether extensions are already enabled when entering
the session mode, and if so, avoids iterating through the extension list
needlessly. It does this using a boolean named _enabled.

In the future, the extensions themselves will be given some say on
whether or not they should be enabled in a given session mode. This
means, the configured extension list may contain extensions that
shouldn't be enabled for a given session mode, and the _enabled boolean
will no longer be appropriated.

This commit drops the _enabled boolean optimization.
---
 js/ui/extensionSystem.js | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js
index 9f4eb757b..2aae44b53 100644
--- a/js/ui/extensionSystem.js
+++ b/js/ui/extensionSystem.js
@@ -23,7 +23,6 @@ const UPDATE_CHECK_TIMEOUT = 24 * 60 * 60; // 1 day in seconds
 var ExtensionManager = class {
     constructor() {
         this._initialized = false;
-        this._enabled = false;
         this._updateNotified = false;
 
         this._extensions = new Map();
@@ -597,9 +596,6 @@ var ExtensionManager = class {
     }
 
     _enableAllExtensions() {
-        if (this._enabled)
-            return;
-
         if (!this._initialized) {
             this._loadExtensions();
             this._initialized = true;
@@ -608,20 +604,14 @@ var ExtensionManager = class {
                 this._callExtensionEnable(uuid);
             });
         }
-        this._enabled = true;
     }
 
     _disableAllExtensions() {
-        if (!this._enabled)
-            return;
-
         if (this._initialized) {
             this._extensionOrder.slice().reverse().forEach(uuid => {
                 this._callExtensionDisable(uuid);
             });
         }
-
-        this._enabled = false;
     }
 
     _sessionUpdated() {
-- 
2.33.1


From f883c3f87f9778a0c2ed34db648aad73668949e3 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Sat, 28 Aug 2021 13:54:39 -0400
Subject: [PATCH 2/3] extensionSystem: Allow extensions to run on the login
 screen

At the moment it's not realy possible to extend the login screen to do
things it doesn't have built-in support for. This means in order
to support niche use cases, those cases have to change the main
code base. For instance, oVirt and Vmware deployments want to be able
to automaticaly log in guest VMs when a user pre-authenticates through a
console on a management host. To support those use cases, we added
code to the login screen directly, even though most machines will never
be associated with oVirt or Vmware management hosts.

We also get requests from e.g. government users that need certain features
at the login screen that wouldn't get used much outside of government
deployments. For instance, we've gotten requests that a machine contains
prominently displays that it has "Top Secret" information.

All of these use cases seem like they would better handled via
extensions that could be installed in the specific deployments. The
problem is extensions only run in the user session, and get
disabled at the login screen automatically.

This commit changes that. Now extensions can specify in their metadata
via a new sessionModes property, which modes that want to run in. For
backward compatibility, if an extension doesn't specify which session
modes it works in, its assumed the extension only works in the user
session.
---
 js/ui/extensionSystem.js | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/js/ui/extensionSystem.js b/js/ui/extensionSystem.js
index 2aae44b53..937f86199 100644
--- a/js/ui/extensionSystem.js
+++ b/js/ui/extensionSystem.js
@@ -75,6 +75,28 @@ var ExtensionManager = class {
         return [...this._extensions.keys()];
     }
 
+    _extensionSupportsSessionMode(uuid) {
+        const extension = this.lookup(uuid);
+        if (!extension)
+            return false;
+
+        if (extension.sessionModes.includes(Main.sessionMode.currentMode))
+            return true;
+        if (extension.sessionModes.includes(Main.sessionMode.parentMode))
+            return true;
+        return false;
+    }
+
+    _sessionModeCanUseExtension(uuid) {
+        if (!Main.sessionMode.allowExtensions)
+            return false;
+
+        if (!this._extensionSupportsSessionMode(uuid))
+            return false;
+
+        return true;
+    }
+
     _callExtensionDisable(uuid) {
         let extension = this.lookup(uuid);
         if (!extension)
@@ -134,7 +156,7 @@ var ExtensionManager = class {
     }
 
     _callExtensionEnable(uuid) {
-        if (!Main.sessionMode.allowExtensions)
+        if (!this._sessionModeCanUseExtension(uuid))
             return;
 
         let extension = this.lookup(uuid);
@@ -316,6 +338,7 @@ var ExtensionManager = class {
             hasPrefs: dir.get_child('prefs.js').query_exists(null),
             hasUpdate: false,
             canChange: false,
+            sessionModes: meta['session-modes'] ? meta['session-modes'] : [ 'user' ],
         };
         this._extensions.set(uuid, extension);
 
@@ -398,7 +421,7 @@ var ExtensionManager = class {
     }
 
     _callExtensionInit(uuid) {
-        if (!Main.sessionMode.allowExtensions)
+        if (!this._sessionModeCanUseExtension(uuid))
             return false;
 
         let extension = this.lookup(uuid);
@@ -487,13 +510,15 @@ var ExtensionManager = class {
         // Find and enable all the newly enabled extensions: UUIDs found in the
         // new setting, but not in the old one.
         newEnabledExtensions
-            .filter(uuid => !this._enabledExtensions.includes(uuid))
+            .filter(uuid => !this._enabledExtensions.includes(uuid) &&
+                             this._extensionSupportsSessionMode(uuid))
             .forEach(uuid => this._callExtensionEnable(uuid));
 
         // Find and disable all the newly disabled extensions: UUIDs found in the
         // old setting, but not in the new one.
         this._extensionOrder
-            .filter(uuid => !newEnabledExtensions.includes(uuid))
+            .filter(uuid => !newEnabledExtensions.includes(uuid) ||
+                            !this._extensionSupportsSessionMode(uuid))
             .reverse().forEach(uuid => this._callExtensionDisable(uuid));
 
         this._enabledExtensions = newEnabledExtensions;
-- 
2.33.1


From c637d0a14ea7223ea7d763e1c4dedb4d6b6609a4 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Tue, 10 Aug 2021 15:31:00 -0400
Subject: [PATCH 3/3] sessionMode: Allow extensions at the login and unlock
 screens

Now extensions can specify which session modes they work in,
but specifying the login screen or unlock screen session modes in
an extensions metadata still won't work, because those session
modes disallow extensions.

This commit fixes that.
---
 js/ui/sessionMode.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/js/ui/sessionMode.js b/js/ui/sessionMode.js
index 4d4fb2444..0534fd1d4 100644
--- a/js/ui/sessionMode.js
+++ b/js/ui/sessionMode.js
@@ -43,6 +43,7 @@ const _modes = {
     },
 
     'gdm': {
+        allowExtensions: true,
         hasNotifications: true,
         isGreeter: true,
         isPrimary: true,
@@ -59,6 +60,7 @@ const _modes = {
     },
 
     'unlock-dialog': {
+        allowExtensions: true,
         isLocked: true,
         unlockDialog: undefined,
         components: ['polkitAgent', 'telepathyClient'],
-- 
2.33.1