Integrate high privileges in KIO and GHNS

David Faure faure at kde.org
Fri Aug 21 11:55:12 BST 2009 

On Friday 21 August 2009, Dario Freddi wrote:
> By now, when KIO, trying to read or write on a file, finds out that it has
> no permission to do so, it simply quits the job. I would like to integrate
> KAuth into KIO. In this case, when trying to read a file on which the user
> has no read permission, it would check if the user is authorized to do so,
> eventually ask for password, and eventually perform the job.

Sounds great. A very much needed feature.

I see several approaches, but since I don't know kauth, no idea which is 
better... Let me do a bit of brainstorming:

Is there some caching of passwords?
If yes: then we can indeed "ask for permission" at the lowlevel (kio file-copy 
job, or inside the kioslave itself) and other files to be copied (e.g. as part 
of a higher-level directory CopyJob) will be copied using the cached password.

In fact, do we have to use a password dialog from kauth, or could the 
kioslaves request for auth just like they do already when going to an ftp or 
http site that needs a password, and then give that password to kauth?

So, one idea is that the slave could detect the problem, ask for 
authentication (via the main process, of course, we don't want GUIs in 
slaves), and proceed;
we would have the issue of sharing that information with other kioslaves 
involved in the same operation (e.g. recursive directory listing), though
(I guess we don't want to just cache the password in kpasswdserver like we do 
for FTP/HTTP, that would allow -other- operations to have root access).

A different approach would be that libkio reacts on the error codes that 
indicate a lack of permission, call kauth, and "try again"? There are quite a 
few jobs that would need touching, but that's less duplication/work than the 
solution below.

Finally another approach would be that the application's slotResult detects 
the error and retries the _whole_ job after authentication. But that limits 
the feature to file managers (and GHNS), so I guess we don't want that, if we 
want "save file" in any application, to be able to save in /etc for instance.

All of this depends on whether kauth can give other processes (kioslaves)
permissions, or if it's all in-process.

-- 
David Faure, faure at kde.org, sponsored by Qt Software @ Nokia to work on KDE,
Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).

More information about the kde-core-devel mailing list