kdereview exemption for PolicyKit-KDE
Trever Fischer
wm161 at wm161.net
Mon Nov 17 17:04:45 GMT 2008
On Monday 17 November 2008 09:06:08 am Thiago Macieira wrote:
>
> I didn't understand.
>
> What kind of calls does it make through D-Bus? Are they blocking? Does it
> ever receive incoming calls or incoming signals?
>
>
> Qt does not do event-loop integration for you. It only does integration for
> its own connections.
>
> If you or your libraries are using libdbus-1 outside QtDBus, you need to
> write the integration yourself. It's a different connection (your
> application will appear twice in the "qdbus" listing).
We aren't using libdbus with polkit's libs. The helper does that. When we call
some method (like polkit_auth_obtain), the polkit libraries setup the
arguments to run a polkit-auth helper (specifically, polkit-grant-helper <pid>
<action>). Since the helper is suid-root, it reads the authorization database
to check if the current user and the process in POLKIT_AUTH_GRANT_TO_PID (or
the parent pid) have good permissions. If so, it works magic on stdout that
the polkit library handles. If not, the helper sends a dbus message to the
authenticator to ask for the password. The authenticator in turn runs another
polkit suid helper to store the entry in the database if authentication
against pam worked (the helper itself checks against pam). The original helper
notices this and returns with success or failure in the polkit library.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20081117/b09be3d1/attachment.sig>
More information about the kde-core-devel
mailing list