Review Request 129983: [RFC] PoC patch for polkit support in kio.

Chinmoy Ranjan Pradhan chinmoyrp65 at gmail.com
Thu Mar 9 14:57:09 UTC 2017 


> On March 6, 2017, 11:38 p.m., Aleix Pol Gonzalez wrote:
> > src/ioslaves/file/file.cpp, line 1378
> > <https://git.reviewboard.kde.org/r/129983/diff/1/?file=492139#file492139line1378>
> >
> >     I'm not convinced, what's the point of requestroot? Why don't you let it call the action right away?
> 
> Chinmoy Ranjan Pradhan wrote:
>     For a single file calling action right away might work but doing this for multiple files will show the authentication dialog everytime before file is deleted. This is something we don't want. 
>     One way to solve this is to store all the paths and delete them in helper but this approach might  cause problem while porting FileProtocol::copy.
> 
> Elvis Angelaccio wrote:
>     > doing this for multiple files will show the authentication dialog everytime before file is deleted.
>     
>     This should not happen, sounds like a bug in KAuth? With `Persistence=session` the authorization is supposed to last until the user logs out, according to https://api.kde.org/frameworks/kauth/html/namespaceKAuth.html

It happened because I ommited the Persistence=session statement and this behaviour is not a bug. 
My previous comment was somewhat misleading, really sorry for that.


- Chinmoy Ranjan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/129983/#review102738
-----------------------------------------------------------


On March 9, 2017, 2:57 p.m., Chinmoy Ranjan Pradhan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/129983/
> -----------------------------------------------------------
> 
> (Updated March 9, 2017, 2:57 p.m.)
> 
> 
> Review request for KDE Frameworks, David Faure and Elvis Angelaccio.
> 
> 
> Repository: kio
> 
> 
> Description
> -------
> 
> This is regarding the GSOC idea https://community.kde.org/GSoC/2017/Ideas#Project:_Polkit_support_in_KIO.
> 
> This patch intends to demonstrate one possible approach to provide polkit support in kio. Here its only for the delete operation. This is based on the patch in task https://phabricator.kde.org/T5070.
> 
> The approach is as follows;
> The file ioslave gets three methods, /*getRootPermission, execWithRoot and unsetRoot*/ with a variable /*isRoot*/ to store the persistance. The helper gets two actions, /*org.kde.kio.file.requestroot*/ and /*org.kde.kio.file.execute*/. 
> When an action encounters access denied error the method "execWithRoot" is called with the action you want to perform and the path of objects upon which you want to perform the action as arguments. This method then calls "getRootPermission" for authorisation purpose. Upon successfull authorisation this will then go on performing the desired action as privileged user. Once the job is finished "unsetRoot" is called.
> For authorisation a call to "org.kde.kio.file.requestroot" will be made. This action has its "Policy" set to "auth_admin" so as to prompt for password every time its called. And the action "org.kde.kio.file.execute" has its "Policy" set to "yes" so that it can carry out the desired action as a priviledged user without asking for authentication. 
> 
> As for the deletion of files and directories are concerned, the authentication dialog will pop up only once i.e, for the first file/directory that needs requires a priviledged user to delete them. If there are more files which only priviledge users can delete then they will be deleted straightaway without asking for authentication. This is decided by the truth of variable "isRoot". Once the delete job is finished "isRoot" is set to false. In short once the job has started and authentication's been done, the root access will persist and once the job is finished the root access will reset.
> 
> 
> Diffs
> -----
> 
>   src/ioslaves/file/CMakeLists.txt b9132ce 
>   src/ioslaves/file/file.h 109ea80 
>   src/ioslaves/file/file.cpp eaf6c88 
>   src/ioslaves/file/file_unix.cpp 82eb11a 
>   src/ioslaves/file/kauth/CMakeLists.txt PRE-CREATION 
>   src/ioslaves/file/kauth/file.actions PRE-CREATION 
>   src/ioslaves/file/kauth/helper.h PRE-CREATION 
>   src/ioslaves/file/kauth/helper.cpp PRE-CREATION 
> 
> Diff: https://git.reviewboard.kde.org/r/129983/diff/
> 
> 
> Testing
> -------
> 
> 
> File Attachments
> ----------------
> 
> warning dialog
>   https://git.reviewboard.kde.org/media/uploaded/files/2017/03/09/d42570e8-aedf-4c02-801e-362a68755c2c__polkit_integration.png
> 
> 
> Thanks,
> 
> Chinmoy Ranjan Pradhan
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20170309/7351dfc0/attachment-0001.html>

More information about the Kde-frameworks-devel mailing list