From 957e20baa7d82f532134e02ef54c8368c18cd76f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Fri, 17 Mar 2017 15:48:22 +0100
Subject: [PATCH 1/2] screenShield: Do not lock the screen when locked down
When using the 'disable-lock-screen' setting to lock down the screen
lock, the expectation is that users cannot lock the screen. However
as it turns out, all the setting currently does is hiding the lock
button in the system menu and making the lock settings in the privacy
panel inactive. That means that if the 'lock-screen-enabled' setting
isn't disabled and locked down as well, we will just continue to
lock the screen on inactivity - not to mention the keyboard shortcut
that isn't subject to that setting anyway.
Instead of expecting administrators to hunt down every possible way
of locking the screen and disabling it individually, we can easily
handle all cases by refusing to lock the screen when disabled by the
lockdown settings.
https://bugzilla.gnome.org/show_bug.cgi?id=780212
---
js/ui/screenShield.js | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/js/ui/screenShield.js b/js/ui/screenShield.js
index 3d55375b0..0d822353a 100644
--- a/js/ui/screenShield.js
+++ b/js/ui/screenShield.js
@@ -33,6 +33,9 @@ const SCREENSAVER_SCHEMA = 'org.gnome.desktop.screensaver';
const LOCK_ENABLED_KEY = 'lock-enabled';
const LOCK_DELAY_KEY = 'lock-delay';
+const LOCKDOWN_SCHEMA = 'org.gnome.desktop.lockdown';
+const DISABLE_LOCK_KEY = 'disable-lock-screen';
+
const LOCKED_STATE_STR = 'screenShield.locked';
// fraction of screen height the arrow must reach before completing
// the slide up automatically
@@ -543,6 +546,8 @@ const ScreenShield = new Lang.Class({
this._settings = new Gio.Settings({ schema_id: SCREENSAVER_SCHEMA });
this._settings.connect('changed::' + LOCK_ENABLED_KEY, Lang.bind(this, this._syncInhibitor));
+ this._lockSettings = new Gio.Settings({ schema_id: LOCKDOWN_SCHEMA });
+
this._isModal = false;
this._hasLockScreen = false;
this._isGreeter = false;
@@ -1289,6 +1294,11 @@ const ScreenShield = new Lang.Class({
},
lock: function(animate) {
+ if (this._lockSettings.get_boolean(DISABLE_LOCK_KEY)) {
+ log('Screen lock is locked down, not locking') // lock, lock - who's there?
+ return;
+ }
+
// Warn the user if we can't become modal
if (!this._becomeModal()) {
Main.notifyError(_("Unable to lock"),
--
2.12.0
From 4ff403d64d44b220824122601656db847f0c1a7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
Date: Fri, 17 Mar 2017 15:48:22 +0100
Subject: [PATCH 2/2] screenShield: Do not take an inhibitor when disabled by
lockdown
Just as with the normal lock screen settings, we shouldn't request
a logind inhibitor when locking is disabled via lockdown settings.
https://bugzilla.gnome.org/show_bug.cgi?id=780212
---
js/ui/screenShield.js | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/js/ui/screenShield.js b/js/ui/screenShield.js
index 0d822353a..f6382d28f 100644
--- a/js/ui/screenShield.js
+++ b/js/ui/screenShield.js
@@ -547,6 +547,7 @@ const ScreenShield = new Lang.Class({
this._settings.connect('changed::' + LOCK_ENABLED_KEY, Lang.bind(this, this._syncInhibitor));
this._lockSettings = new Gio.Settings({ schema_id: LOCKDOWN_SCHEMA });
+ this._lockSettings.connect('changed::' + DISABLE_LOCK_KEY, Lang.bind(this, this._syncInhibitor));
this._isModal = false;
this._hasLockScreen = false;
@@ -705,8 +706,10 @@ const ScreenShield = new Lang.Class({
},
_syncInhibitor: function() {
+ let lockEnabled = this._settings.get_boolean(LOCK_ENABLED_KEY);
+ let lockLocked = this._lockSettings.get_boolean(DISABLE_LOCK_KEY);
let inhibit = (this._loginSession && this._loginSession.Active &&
- !this._isActive && this._settings.get_boolean(LOCK_ENABLED_KEY));
+ !this._isActive && lockEnabled && !lockLocked);
if (inhibit) {
this._loginManager.inhibit(_("GNOME needs to lock the screen"),
Lang.bind(this, function(inhibitor) {
--
2.12.0