PolicyKit integration in KDE take 1: systemsettings and kcmshell
fearee at gmail.com
Tue Mar 10 07:55:13 GMT 2009
I think polkit-kde can also integrated to kiosk someway to make kde's
security mechanism fully polkit based.
2009/3/10 Dario Freddi <drf54321 at gmail.com>:
> Hello guys,
> As you might know me and Daniel got polkit-qt and polkit-kde ready for the
> masses. This is only the first step though, since now the real integration can
> begin. And before we start pushing out tutorials (just give us time to find an
> easy and bullet-proof system and you'll get them, we are still experimenting),
> I wanted to talk you about what seems the most obvious implementation realm:
> KCMShell and SystemSettings (*shake*)
> Let's face it: the old administration button was a ugly and unsecure hack. We
> don't need to start a GUI as root, instead we will delegate an helper to do
> that. The model will be the following:
> - Developer x develops his nice KCM module that needs saving as root, just as
> if this wasn't needed.
> - In the save() function, instead of saving, he starts a DBus-activated
> helper that will verify if the caller is authorized to perform that action
> through PolicyKit (that will manage eventually authentication on its own).
> That part will be covered by the tutorial.
> - Everyone wins: developers just need to split their code to a separate small
> app (and we are planning to provide interfaces and eventually cmake macros for
> it), no more hacks, everything is more secure, and users will have their
> functionality back.
> Now, everything seems so cool, but there is one small details. I am already
> planning the patch to both systemsettings and kcmshell, but I have some doubts
> about implementation that I wanted to share with you. Let's go:
> - How to implement this on the GUI side? I thought about two options: 1) just
> make the "Apply" button call PolicyKit if needed 2) Add an "Unlock" button
> that makes all the widgets in the module active (just as GNOME does). I
> personally favor for the first, if we can get some nice icons (think about the
> shield in Vista).
> - New KCModule interface. I plan to add a function setPolicyKitAction(action)
> that, when called, takes care of modifying the GUI as above and makes
> authentication for action needed for saving. I think this is the easiest
> approach, but I appreciate opinions.
> - Saving. We could make save() get called only if authorization is obtained,
> or add a saveOnAuthorization() method that gets called only if authorization
> is obtained, while save() will get called in any case. I strongly favor for
> the first as it would make things a lot easier for everyone.
> I'd like to hear thoughts, suggestions, ideas, whatever.
> Thanks and cheers everyone
> Dario Freddi
> KDE Developer
> GPG Key Signature: 511A9A3B
More information about the kde-core-devel