Port Authentication to Polkit-qt-1
KDE Partition Manager runs all the authentication or authorization protocols over KAuth (KDE Authentication), which is a tier 2 library from KDE Frameworks. In the current implementation of KDE Partition Manager, all the privileged tasks such as executing some external program like btrfs, sfdisk etc. Or copying a block of data from one partition to the other, which requires escalated permissions to execute are executed by a helper non GUI application. So, instead of running whole GUI application (KDE Partition Manager) as root or superuser, a helper non GUI application is spawned which runs as root and executes privileged tasks. This helper program communicates with KDE Partition Manager over simple DBus protocol. The current implementation may seem a good idea, but is not, the reason being that KAuth is an extra layer added over Polkit-qt which causes extra overhead. So, the proposal for this project is to port all the authentication/authorization code from KAuth to Polkit-qt without effecting the original behaviour of KDE Partition Manager.
- Authorize using Polkit-Qt-1 Backend
- Status: Done
- Replace KAuth by QDBus to communicate with the main Application
- Status: Done
- Scrap away redundant Public Key Cryptography code
- Status: Done
- Helper as a stand alone application
- Status: Done
- Scanning after successful authentication
- Status: Pending
1. Coding Month: May 27th - June 22nd Its been a great first month of Google Summer of Code for me. I was so excited that I had started writing code a week before the actual coding period started. First month as I had expected had been quite hectic and to add on it, my semester end examinations are also running. So I had to manage my time efficiently which I believed have done great so far. Coming to the progress made during this period, I have done the following:
1.1 Implement PolkitQt1 Authorization backend: Here I had aimed to implement the same Polkit back-end as the one implemented by KAuth currently. I had to replicate the same behaviour and just remove the mediator ie. KAuth from in between. (Patch no. 1)
1.2 Scrap Public Key Cryptography code based on QCA as QDbus is secure enough: QDbus already provides enough security to the calls made by the application to the helper. Hence no need to encrypt, sign the requests of the application and verify their integrity at the helper side. (Patch no. 2)
1.3 Establish QDBus communication from helper towards Application: Previously the Application to Helper communication was done through QDBus session and Helper to Application was done via KAuth. In this task, I had aimed to remove KAuth and establish QDbus mode of communication here as well. I have linked the patches to the above tasks below in "Patches" section. (Patch no. 3)
2. Coding Month: June 28th - July 22nd This month has been quite fruit-full in terms of that I can see an authorization dialog been shown up by my Polkit Authorisation back-end which I have setup in the 1st month. Here are the details of what all I have done during the second month.
2.1 Refine and then merge the Polkit back-end and QDBus communication patches: I have refactored and refined the above stated patches by removing extra functionality which I had added during my first work period. I have written and arranged the code such that now it shows up authorization dialog generated by the KDE polkit daemon. After doing so, I have merged both the patches into one of which I will be providing the link to in the Patches section down below. (Patch no. 4)
2.2 Add Unit test for Polkit Authorization back-end: I have written a Unit test for Polkit Authorization back-end, testing the functionality of the authorization back-end. The link to the patch is provided into the Patches section below. (Patch no. 5)
2.3 Compile Helper into a stand-alone application: Helper itself is a separate non GUI application which works independently from Main application. Earlier, a macro provided by KAuth was used to compile it into stand-alone application. Now, I have completely removed the dependence on KAuth to do so. (Patch no. 6)
3. Coding Month: July 26th - August 19th Final month has been pretty hectic I have to say. Nonetheless, I have done the following:
3.1 Complete QDBus communication from Helper towards main Application: In the 3rd phase, I have completed the leftover QDBus communication from Phase 1 and 2 and removed complete dependence on KAuth to send the job progress and status to the main GUI application.(Patch no. 7)
3.2 Starting the helper from main Application: During porting process, a regression was caused, the helper was unable to kick start. I have tried brain storming the issue and at last fixed it.
Things yet to work:
There are one thing which is yet to work before we reach complete independence from KAuth:
1. Scanning issue: This is an issue in which after successfully authenticating, KDE Partition Manager is stuck on the scanning window. I believe this issue may be directly related to the QDBus communication from Helper towards Application but can't say for sure.
The above mentioned issue is an obstacle in between achieving a KAuth free KDE Partition Manager.
Plans after GSoC
The project is almost complete(In terms of code written). I plan to continue completing the remaining parts and issues after the GSoC ending.
Link to my blog
1. Implement PolkitQt1 Authorization backend
2. Scrap Public Key Cryptography code based on QCA as QDbus is secure enough
3. QDBus communication from helper towards Application
4. Authorize using Polkit backend and implement QDBus communication between App and Helper
5. Add Unit test for Polkit backend
6. Compile helper into standalone application
7. Finish up QDBus communication
Github Profile: https://github.com/Shubham-100