Review Request 129983: [RFC] PoC patch for polkit support in kio.

Aleix Pol Gonzalez aleixpol at kde.org
Mon Mar 6 23:38:21 UTC 2017


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/129983/#review102738
-----------------------------------------------------------




src/ioslaves/file/file.cpp (line 1378)
<https://git.reviewboard.kde.org/r/129983/#comment68387>

    I'm not convinced, what's the point of requestroot? Why don't you let it call the action right away?


- Aleix Pol Gonzalez


On mar. 6, 2017, 4:51 p.m., Chinmoy Ranjan Pradhan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/129983/
> -----------------------------------------------------------
> 
> (Updated mar. 6, 2017, 4:51 p.m.)
> 
> 
> Review request for KDE Frameworks, David Faure and Elvis Angelaccio.
> 
> 
> Repository: kio
> 
> 
> Description
> -------
> 
> This is regarding the GSOC idea https://community.kde.org/GSoC/2017/Ideas#Project:_Polkit_support_in_KIO.
> 
> This patch intends to demonstrate one possible approach to provide polkit support in kio. Here its only for the delete operation. This is based on the patch in task https://phabricator.kde.org/T5070.
> 
> The approach is as follows;
> The file ioslave gets three methods, /*getRootPermission, execWithRoot and unsetRoot*/ with a variable /*isRoot*/ to store the persistance. The helper gets two actions, /*org.kde.kio.file.requestroot*/ and /*org.kde.kio.file.execute*/. 
> When an action encounters access denied error the method "execWithRoot" is called with the action you want to perform and the path of objects upon which you want to perform the action as arguments. This method then calls "getRootPermission" for authorisation purpose. Upon successfull authorisation this will then go on performing the desired action as privileged user. Once the job is finished "unsetRoot" is called.
> For authorisation a call to "org.kde.kio.file.requestroot" will be made. This action has its "Policy" set to "auth_admin" so as to prompt for password every time its called. And the action "org.kde.kio.file.execute" has its "Policy" set to "yes" so that it can carry out the desired action as a priviledged user without asking for authentication. 
> 
> As for the deletion of files and directories are concerned, the authentication dialog will pop up only once i.e, for the first file/directory that needs requires a priviledged user to delete them. If there are more files which only priviledge users can delete then they will be deleted straightaway without asking for authentication. This is decided by the truth of variable "isRoot". Once the delete job is finished "isRoot" is set to false. In short once the job has started and authentication's been done, the root access will persist and once the job is finished the root access will reset.
> 
> 
> Diffs
> -----
> 
>   src/ioslaves/file/CMakeLists.txt b9132ce 
>   src/ioslaves/file/file.h 109ea80 
>   src/ioslaves/file/file.cpp eaf6c88 
>   src/ioslaves/file/file_unix.cpp 82eb11a 
>   src/ioslaves/file/kauth/CMakeLists.txt PRE-CREATION 
>   src/ioslaves/file/kauth/file.actions PRE-CREATION 
>   src/ioslaves/file/kauth/helper.h PRE-CREATION 
>   src/ioslaves/file/kauth/helper.cpp PRE-CREATION 
> 
> Diff: https://git.reviewboard.kde.org/r/129983/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Chinmoy Ranjan Pradhan
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20170306/42058cff/attachment.html>


More information about the Kde-frameworks-devel mailing list