kdereview exemption for PolicyKit-KDE

Trever Fischer wm161 at wm161.net
Mon Nov 17 17:04:45 GMT 2008


On Monday 17 November 2008 09:06:08 am Thiago Macieira wrote:
>
> I didn't understand.
>
> What kind of calls does it make through D-Bus? Are they blocking? Does it
> ever receive incoming calls or incoming signals?
>
>
> Qt does not do event-loop integration for you. It only does integration for
> its own connections.
>
> If you or your libraries are using libdbus-1 outside QtDBus, you need to
> write the integration yourself. It's a different connection (your
> application will appear twice in the "qdbus" listing).
We aren't using libdbus with polkit's libs. The helper does that. When we call 
some method (like polkit_auth_obtain), the polkit libraries setup the 
arguments to run a polkit-auth helper (specifically, polkit-grant-helper <pid> 
<action>). Since the helper is suid-root, it reads the authorization database 
to check if the current user and the process in POLKIT_AUTH_GRANT_TO_PID (or 
the parent pid) have good permissions. If so, it works magic on stdout that 
the polkit library handles. If not, the helper sends a dbus message to the 
authenticator to ask for the password. The authenticator in turn runs another 
polkit suid helper to store the entry in the database if authentication 
against pam worked (the helper itself checks against pam). The original helper 
notices this and returns with success or failure in the polkit library.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20081117/b09be3d1/attachment.sig>


More information about the kde-core-devel mailing list