Review Request 129983: [RFC] PoC patch for polkit support in kio.

Chinmoy Ranjan Pradhan chinmoyrp65 at gmail.com
Mon Mar 6 15:51:52 UTC 2017


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/129983/
-----------------------------------------------------------

(Updated March 6, 2017, 3:51 p.m.)


Review request for KDE Frameworks, David Faure and Elvis Angelaccio.


Summary (updated)
-----------------

[RFC] PoC patch for polkit support in kio. 


Repository: kio


Description
-------

This is regarding the GSOC idea https://community.kde.org/GSoC/2017/Ideas#Project:_Polkit_support_in_KIO.

This patch intends to demonstrate one possible approach to provide polkit support in kio. Here its only for the delete operation. This is based on the patch in task https://phabricator.kde.org/T5070.

The approach is as follows;
The file ioslave gets three methods, /*getRootPermission, execWithRoot and unsetRoot*/ with a variable /*isRoot*/ to store the persistance. The helper gets two actions, /*org.kde.kio.file.requestroot*/ and /*org.kde.kio.file.execute*/. 
When an action encounters access denied error the method "execWithRoot" is called with the action you want to perform and the path of objects upon which you want to perform the action as arguments. This method then calls "getRootPermission" for authorisation purpose. Upon successfull authorisation this will then go on performing the desired action as privileged user. Once the job is finished "unsetRoot" is called.
For authorisation a call to "org.kde.kio.file.requestroot" will be made. This action has its "Policy" set to "auth_admin" so as to prompt for password every time its called. And the action "org.kde.kio.file.execute" has its "Policy" set to "yes" so that it can carry out the desired action as a priviledged user without asking for authentication. 

As for the deletion of files and directories are concerned, the authentication dialog will pop up only once i.e, for the first file/directory that needs requires a priviledged user to delete them. If there are more files which only priviledge users can delete then they will be deleted straightaway without asking for authentication. This is decided by the truth of variable "isRoot". Once the delete job is finished "isRoot" is set to false. In short once the job has started and authentication's been done, the root access will persist and once the job is finished the root access will reset.


Diffs
-----

  src/ioslaves/file/CMakeLists.txt b9132ce 
  src/ioslaves/file/file.h 109ea80 
  src/ioslaves/file/file.cpp eaf6c88 
  src/ioslaves/file/file_unix.cpp 82eb11a 
  src/ioslaves/file/kauth/CMakeLists.txt PRE-CREATION 
  src/ioslaves/file/kauth/file.actions PRE-CREATION 
  src/ioslaves/file/kauth/helper.h PRE-CREATION 
  src/ioslaves/file/kauth/helper.cpp PRE-CREATION 

Diff: https://git.reviewboard.kde.org/r/129983/diff/


Testing
-------


Thanks,

Chinmoy Ranjan Pradhan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20170306/15c5a03c/attachment.html>


More information about the Kde-frameworks-devel mailing list