Jump to: navigation, search

Port Authentication to Polkit-qt-1

KDE Partition Manager runs all the authentication or authorization protocols over KAuth (KDE Authentication), which is a tier 2 library from KDE Frameworks. In the current implementation of KDE Partition Manager, all the privileged tasks such as executing some external program like btrfs, sfdisk etc. Or copying a block of data from one partition to the other, which requires escalated permissions to execute are executed by a helper non GUI application. So, instead of running whole GUI application (KDE Partition Manager) as root or superuser, a helper non GUI application is spawned which runs as root and executes privileged tasks. This helper program communicates with KDE Partition Manager over simple DBus protocol. The current implementation may seem a good idea, but is not, the reason being that KAuth is an extra layer added over Polkit-qt which causes extra overhead. So, the proposal for this project is to port all the authentication/authorization code from KAuth to Polkit-qt without effecting the original behaviour of KDE Partition Manager.

Work Report

1. Coding Month: May 27th - June 22nd Its been a great first month of Google Summer of Code for me. I was so excited that I had started writing code a week before the actual coding period started. First month as I had expected had been quite hectic and to add on it, my semester end examinations are also running. So I had to manage mt time efficiently which I believed have done great so far. Coming to the progress made during this period, I have done the following:

1.1 Implement PolkitQt1 Authorization backend: Here I had aimed to implement the same Polkit back-end as the one implemented by KAuth currently. I had to replicate the same behaviour and just remove the mediator ie. KAuth from in between.

1.2 Scrap Public Key Cryptography code based on QCA as QDbus is secure enough: QDbus already provides enough security to the calls made by the application to the helper. Hence no need to encrypt, sign the requests of the application and verify their integrity at the helper side.

1.3 Establish QDBus communication from helper towards Application: Previously the Application to Helper communication was done through QDBus session and Helper to Application was done via KAuth. In this task, I had aimed to remove KAuth and establish QDbus mode of communication here as well. I have linked the patches to the above tasks below in "Patches" section.

2. Coding Month: June 28th - July 22nd

3. Coding Month: July 26th - August 19th

Link to my blog

https://coderunner99.github.io/

Patches

1. Implement PolkitQt1 Authorization backend

https://phabricator.kde.org/D21970

2. Scrap Public Key Cryptography code based on QCA as QDbus is secure enough

https://phabricator.kde.org/D21275

3. QDBus communication from helper towards Application

https://phabricator.kde.org/D21773

Git Branch

https://cgit.kde.org/kpmcore.git/log/?h=auth-polkit

Contact Me

Email: [email protected]

IRC: shubham1000

Github Profile: https://github.com/Shubham-100


This page was last edited on 26 June 2019, at 15:22. Content is available under Creative Commons License SA 4.0 unless otherwise noted.