1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
|
theming (#37349):
- maybe add a Themable plugin flag. if not set and no talker, abort.
- minor: show QWidgets only when the layout is ready and the theme was painted.
but one can't hide the widgets in a QLayout, as they have no size then.
- add attribute inheritance. apply attributes extracted from particular
elements of the (hidden) talker.
- make plugin return a QDom instead of embedding a QLayoutItem (QLabels look
just awful in the themed greeter). big problem: there is no KdmGrid ... try
to (ab)use QLayout.
- extract background from theme. use explicit node-id "background", i think.
- automatic talker node detection/creation. same for background, possibly.
- remote login can have the chosen host as the sessName
- popup menu grabs keyboard. that means it is ungrabbed afterwards ...
- error label uses fixed colors. red might be ok, but not black.
- message after switching to text mode
- handle non-linux VTs:
on systems without VT_GETSTATE, try activating all consoles in turn to
find free ones. wow, this sucks so much.
- BSD: 1st: pcvt, /dev/ttyC[0] (OpenBSD), /dev/ttyv[0] (other),
also emulated by wscons on /dev/ttyE.
2nd: syscons, /dev/ttyv[0], fallback /dev/vga
- Lynx, /dev/atc[0]
- Solaris, /dev/vt[00]
- SVR4, /dev/vc[00] (ESIX), /dev/vt[00] (other)
- SCO, /dev/tty[00], query current with CONS_GETINFO, counts 0-based
ref: xorg/programs/Xserver/hw/xfree86/os-support/xf86_OSlib.h
- act on BSD_INIT
- before nuking X server on other vt, save current vt and restore it before
disallocating server vt. or just make the xserver not switch wildly.
- possibly parse Xserver log to find failure cause. this is very hacky.
- try harder to get rid of processes, see X servers failure cleanup path
- make auto-re-login a per-user option; save in .dmrc.
- add Xserver option set selection (#56329)
- add support for XRandR (#48602)
save these options to .dmrc?
- per-display sections in .dmrc. read-only, as far as tdm is concerned, as
otherwise the GUI would become insanely complex.
- make config position independent
- parse /etc/kderc?
- merge multiple tdmrcs in the style of tdeconfig. how to set section priorities?
- gentdmconf: treat backgroundrc as an ini file, not as a text blob
- add proper quoting and dequoting to gentdmconf ini parser & writer
- write generic conversation plugin
- write modern conv plugin. or maybe this should be a parallel vs. serial
setting of the classic plugin?
- actually implement the libpam_client support
- check if pam works before trying to authenticate
- test whether nis, kerberos4 & kerberos5 work
- sync BSD_AUTH from xdm, sync osfc2 from kcheckpass
- swap pam_setcred and pam_open_session order.
- check how the system specific functions like setpcred (AIX) and
setusercontext (BSD) combine with pam_setcred.
- Move clock from greeter dialog to desktop
- add more clock types (#18178)
- add icons to action menu. icon theme selection!
- Add XDMCP _client_ to core (for remote login like in dtlogin).
Currently this is done by simply restarting the x-server with -query.
- add login restrictions for reserve displays (#59353)
- possibly do the authentication for the reserve display on the display it
is launched from (relates #59353)
- remote-accessible command sockets for remote shutdown, etc.
or maybe implement it as an xdmcp extension?
- LoginMode=DirectQuery
- "XDMCP over FiFo" - or at least a "manage <dpy> [<xauth>]" command
- the per-display sockets are in fact nonsense; gdm's approach is better
- add bgset to XDM_MANAGED
add FiFo command "background\t{inprogress,aborted,done}"
- lilo boot option <default>, i.e., -R with no argument
- support lilo -A mode
- support sleep/suspend in the shutdown menu. should this be really treated
like a shutdown? (#33839)
- add language selection (export as LC_*). kde should respect this until the
language is explicitly configured. and later? option "use system setting"?
integrate with $KDE_LANG somehow. (#55379, #63804)
- add keymap selection (via xkb) (#51245, #64642)
for both, one would preset a list of available options and make one entry
the greeter's own setting. explicitly setting it sets it for both the greeter
and the session. .dmrc later affects only the session, not the greeter.
- handle failsafe internally, take care of focus. see #32973
- TryExec for "custom" session type. always show the entry, but disable it
if it is unavailable for the selected user.
- cursor theming support via Xcursor (#66829)
- add screensaver (#41941)
- support DPMS (#18597)
- add a minimalistic window manager to the greeter (#17716, #51039)
- write a separate configurator application, as kcontrol does not scale well
enough to cover all of tdm's options.
- Different logos for each session type (see #74500)
- User pictures in logo field
- display user's .plan/.project (or .person? .userinfo?) in the greeter?
text area/label would suck -> tooltip?
- allow disabling full names or login names in userview (#54110)
- user list loading in the background (after first few to get a reasonable
width estimate)
- faking session parameters (type, language, etc.) of nonexistent users based
on statistical analysis of actual users ... severe overkill!?
- export password to the startup/session scripts. somehow ... (#35396)
- maybe reset CapsLock in the greeter. there is some CapsLock vs. ShiftLock
confusion, though.
- maybe add kiosk mode: the user and his options are preset and locked in
the greeter. i doubt it's usefulness, though.
- make builtin xconsole hideable; it should free the device when invisible.
possibly auto-hide it on vt switch - see kdesktop_lock for the x event
handling.
- ssh-agent/gpg-agent integration (#44177, #65709)
- lbxproxy integration (tell ghakko)
- in kcm_tdm, detach backgroundrc change status from tdmrc change status.
- when a shutdown is scheduled, don't remove all login possibilities.
instead, display a warning in the greeter. use SIGUSR1 to notify already
running greeters about changes.
- user notification about scheduled shutdown (and cancelled forced shutdown):
- wall
- greeter popup
- d-bus message. this would be best, particularly because screen savers
would need no special handling then.
- maybe bomb DefaultSdMode, save in state file instead. compare with ksmserver.
- gdm changelog indicates that PAM sometimes
- continues despite PAM_CONV_ERR
- asks user name twice
- gdm avoids the PAM_MESSAGE message box vs. prompt problem by displaying
everything in one "error area". all messages are simply appended; an empty
message clears the area.
- gdm stops cursor blinking on not used (remote) displays after 20 secs to
save bandwidth.
internal stuff:
- improve signal handling in the subdaemon, it's incredibly racy (GOpen/GClose).
depends on proper main loop.
alternative extreme measure: launch greeter from master daemon?
- the process reaping from GClose should be in sync with the main loop.
- kill warning on AIX - see bug #13628 (really present?)
- implement auto-re-login by keeping the display subdaemon alive instead
of starting a new one and feeding it the old auth data.
- options for running the greeter and the core unprivileged. problem: xauth.
- rethink the coupling of the tdm components, particularily the config reader.
options:
- keep things basically as-is, make the Xaccess interface even more flexible,
add capability flags.
- as previous, but don't use #defines, but textual constants. even more
flexible, but slower, bigger, no compile-time checking, and the typing
system would have to be more core-based. keys in the rc are considered
invalid if they were not queried.
- completely opposite: no explicit queries, but hard-code everything. that
kills the idea of having one backend binary for multiple frontends, but
that's a BlueSkyDream anyway.
following that path, the config reader could be nuked at all.
ralf says:
- put the kmenu sidebar image on the left of the greeter
- enable the clock by default
thoughts (not really todo):
- PAM sucks. big time.
historically, it is completely incapable of operating in event-driven contexts
when it comes to non-console authentication schemes. the module just hangs in
pam_sm_authenticate() (pam_authenticate() to the outside), waiting for input
from its device.
then came linux-pam 0.58, introducing PAM_BINARY_{MSG,PROMPT} to the
conversation function interface. no conversation function could handle the
binary prompts generically, of course. so came linux-pam 0.63 with a client
library that would add another layer of indirection, so the conversation
function could simply call into it and it would do whatever was configured
by the admin. and everbody was happy, right? wrong! i've yet to see a single
module (except for the demo module in linux-pam, of course) that actually
uses this feature. not to mention the non-existing portability (you don't
seriously expect TOG to extend the PAM standard within the next decade, do
you?). so we're right where we started from.
this imposes problems in two use cases:
- cancelling authentication alltogether. this happens when the user changes
the authentication method or when the greeter exits for some reason. if
the process waits in the conversation function, it can simply return
PAM_CONV_ABORT. if the module hangs, we're screwed.
- suspending authentication. this is needed for shutdowns that need auth.
if the module hangs, we're screwed, of course. if we're waiting in the
conversation function, we have three options: 1) just abort the auth
cycle and start a new one. this is what is done currently. 2) just open
a second pam handle and authenticate with it, all from within the "outer"
pam_authenticate(). if we're lucky, no involved modules use static variables
and things work out. 3) linux-pam 0.65 introduced the following: the
conversation function can return PAM_CONV_AGAIN. this in turn makes the
module and consequently libpam return PAM_INCOMPLETE, requesting the
application to call the resp. libpam function again. in theory this
guarantees that authentication with a second pam handle is safe. of course,
PAM_INCOMPLETE is just as popular and thus useful as PAM_BINARY_PROMPT.
we could just longjmp() out of hanging modules from a signal handler.
however, this might lead to resource leaks and even leave us with an unstable
libpam. killing the hanging process seems like the most viable solution.
however, for this we first need to make the greeter a child of the master
daemon. also, the display sub-daemon (which happens to do the main auth.)
is responsible for keeping the initial X connection open. killing it would
terminate the session according to the XDMCP spec. other issues are probable.
- multiple conv. plugins could be used in a row, each serving a pam module.
the plugins would have to detect that it's their turn by filtering messages
and prompts.
- consider making the menu an actions-only menu again and put an "options >>"
button somewhere. relates #63401, #61492
- pipe .xsession-errors through the daemon and put a size limit on it.
remove old logs in disk-full situation.
- set LC_ALL in the backend for i18n-capable PAM libs - does one exist?
last sync with XFree86 HEAD: 2004-04-02
|