Jump to content

GSoC/2019/StatusReports/Shubham: Difference between revisions

From KDE Community Wiki
Shubham (talk | contribs)
No edit summary
Shubham (talk | contribs)
No edit summary
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Port Authentication to Polkit-qt-1 ==
== Port Authentication to Polkit-qt-1 ==
KDE Partition Manager runs all the authentication or authorization protocols over KAuth (KDE Authentication), which is a tier 2 library from KDE Frameworks. In the current implementation of KDE Partition Manager, all the privileged tasks such as executing some external program like btrfs, sfdisk etc. Or copying a block of data from one partition to the other, which requires escalated permissions to execute are executed by a helper non GUI application. So, instead of running whole GUI application (KDE Partition Manager) as root or superuser, a helper non GUI application is spawned which runs as root and executes privileged tasks. This helper program communicates with KDE Partition Manager over simple DBus protocol. The current implementation may seem a good idea, but is not, the reason being that KAuth is an extra layer added over Polkit-qt which causes extra overhead. So, the proposal for this project is to port all the authentication/authorization code from KAuth to Polkit-qt without effecting the original behaviour of KDE Partition Manager.
KDE Partition Manager runs all the authentication or authorization protocols over KAuth (KDE Authentication), which is a tier 2 library from KDE Frameworks. In the current implementation of KDE Partition Manager, all the privileged tasks such as executing some external program like btrfs, sfdisk etc. Or copying a block of data from one partition to the other, which requires escalated permissions to execute are executed by a helper non GUI application. So, instead of running whole GUI application (KDE Partition Manager) as root or superuser, a helper non GUI application is spawned which runs as root and executes privileged tasks. This helper program communicates with KDE Partition Manager over simple DBus protocol. The current implementation may seem a good idea, but is not, the reason being that KAuth is an extra layer added over Polkit-qt which causes extra overhead. So, the proposal for this project is to port all the authentication/authorization code from KAuth to Polkit-qt without effecting the original behaviour of KDE Partition Manager.
== Work Report ==
 
==Project Goals==
* Authorize using Polkit-Qt-1 Backend
** Status: '''Done'''
* Replace KAuth by QDBus to communicate with the main Application
** Status: '''Done'''
* Scrap away redundant Public Key Cryptography code
** Status: '''Done'''
* Helper as a stand alone application
** Status: '''Done'''
* Scanning after successful authentication
** Status: '''Pending'''
 
==Month 1==
'''1. Coding Month: May 27th - June 22nd'''
'''1. Coding Month: May 27th - June 22nd'''
Its been a great first month of Google Summer of Code for me. I was so excited that I had started writing code a week before the actual coding period started. First month as I had expected had been quite hectic and to add on it, my semester end examinations are also running. So I had to manage my time efficiently which I believed have done great so far. Coming to the progress made during this period, I have done the following:
Its been a great first month of Google Summer of Code for me. I was so excited that I had started writing code a week before the actual coding period started. First month as I had expected had been quite hectic and to add on it, my semester end examinations are also running. So I had to manage my time efficiently which I believed have done great so far. Coming to the progress made during this period, I have done the following:


'''1.1 Implement PolkitQt1 Authorization backend:'''
'''1.1 Implement PolkitQt1 Authorization backend:'''
 
Here I had aimed to implement the same Polkit back-end as the one implemented by KAuth currently. I had to replicate the same behaviour and just remove the mediator ie. KAuth from in between. (Patch no. 1)
Here I had aimed to implement the same Polkit back-end as the one implemented by KAuth currently. I had to replicate the same behaviour and just remove the mediator ie. KAuth from in between.  


'''1.2 Scrap Public Key Cryptography code based on QCA as QDbus is secure enough:'''
'''1.2 Scrap Public Key Cryptography code based on QCA as QDbus is secure enough:'''
 
QDbus already provides enough security to the calls made by the application to the helper. Hence no need to encrypt, sign the requests of the application and verify their integrity at the helper side. (Patch no. 2)
QDbus already provides enough security to the calls made by the application to the helper. Hence no need to encrypt, sign the requests of the application and verify their integrity at the helper side.


'''1.3 Establish QDBus communication from helper towards Application:'''
'''1.3 Establish QDBus communication from helper towards Application:'''
Previously the Application to Helper communication was done through QDBus session and Helper to Application was done via  KAuth. In this task, I had aimed to remove KAuth and establish QDbus mode of communication here as well.
Previously the Application to Helper communication was done through QDBus session and Helper to Application was done via  KAuth. In this task, I had aimed to remove KAuth and establish QDbus mode of communication here as well.
I have linked the patches to the above tasks below in "Patches" section.
I have linked the patches to the above tasks below in "Patches" section. (Patch no. 3)


==Month 2==
'''2. Coding Month: June 28th - July 22nd'''
'''2. Coding Month: June 28th - July 22nd'''
This month has been quite fruit-full in terms of that I can see an authorization dialog been shown up by my Polkit Authorisation back-end which I have setup in the 1st month. Here are the details of what all I have done during the second month.
'''2.1 Refine and then merge the Polkit back-end and QDBus communication patches:'''
I have refactored and refined the above stated patches by removing extra functionality which I had added during my first work period. I have written and arranged the code such that now it shows up authorization dialog generated by the KDE polkit daemon. After doing so, I have merged both the patches into one of which I will be providing the link to in the Patches section down below.  (Patch no. 4)
'''2.2 Add Unit test for Polkit Authorization back-end:'''
I have written a Unit test for Polkit Authorization back-end, testing the functionality of the authorization back-end. The link to the patch is provided into the Patches section below.  (Patch no. 5)


'''2.3 Compile Helper into a stand-alone application:'''
Helper itself is a separate non GUI application which works independently from Main application. Earlier, a macro provided by KAuth was used to compile it into stand-alone application. Now, I have completely removed the dependence on KAuth to do so.  (Patch no. 6)
==Month 3==
'''3. Coding Month: July 26th - August 19th'''
'''3. Coding Month: July 26th - August 19th'''
Final month has been pretty hectic I have to say. Nonetheless, I have done the following:
'''3.1 Complete QDBus communication from Helper towards main Application:'''
In the 3rd phase, I have completed the leftover QDBus communication from Phase 1 and 2 and removed complete dependence on KAuth to send the job progress and status to the main GUI application.(Patch no. 7)
'''3.2 Starting the helper from main Application:'''
During porting process, a regression was caused, the helper was unable to kick start. I have tried brain storming the issue and at last fixed it.
==Things yet to work:==
There are one thing which is yet to work before we reach complete independence from KAuth:
1. Scanning issue: This is an issue in which after successfully authenticating, KDE Partition Manager is stuck on the scanning window. I believe this issue may be directly related to the QDBus communication from Helper towards Application but can't say for sure.
The above mentioned issue is an obstacle in between achieving a KAuth free KDE Partition Manager.
==Plans after GSoC==
The project is almost complete(In terms of code written). I plan to continue completing the remaining parts and issues after the GSoC ending.
== Link to my blog ==
== Link to my blog ==
https://coderunner99.blogspot.com/
https://coderunner99.blogspot.com/
Line 35: Line 75:


https://phabricator.kde.org/D21773
https://phabricator.kde.org/D21773
'''4. Authorize using Polkit backend and implement QDBus communication between App and Helper'''
https://phabricator.kde.org/D22438
'''5. Add Unit test for Polkit backend'''
https://phabricator.kde.org/D22321
'''6. Compile helper into standalone application'''
https://phabricator.kde.org/D22593
'''7. Finish up QDBus communication'''
https://phabricator.kde.org/D22889
== Git Branch ==
== Git Branch ==
https://cgit.kde.org/kpmcore.git/?h=auth-polkit
https://cgit.kde.org/kpmcore.git/?h=auth-polkit-backend
== Contact Me ==
== Contact Me ==
'''Email:''' [email protected]
'''Email:''' [email protected]

Latest revision as of 14:25, 23 August 2019

Port Authentication to Polkit-qt-1

KDE Partition Manager runs all the authentication or authorization protocols over KAuth (KDE Authentication), which is a tier 2 library from KDE Frameworks. In the current implementation of KDE Partition Manager, all the privileged tasks such as executing some external program like btrfs, sfdisk etc. Or copying a block of data from one partition to the other, which requires escalated permissions to execute are executed by a helper non GUI application. So, instead of running whole GUI application (KDE Partition Manager) as root or superuser, a helper non GUI application is spawned which runs as root and executes privileged tasks. This helper program communicates with KDE Partition Manager over simple DBus protocol. The current implementation may seem a good idea, but is not, the reason being that KAuth is an extra layer added over Polkit-qt which causes extra overhead. So, the proposal for this project is to port all the authentication/authorization code from KAuth to Polkit-qt without effecting the original behaviour of KDE Partition Manager.

Project Goals

  • Authorize using Polkit-Qt-1 Backend
    • Status: Done
  • Replace KAuth by QDBus to communicate with the main Application
    • Status: Done
  • Scrap away redundant Public Key Cryptography code
    • Status: Done
  • Helper as a stand alone application
    • Status: Done
  • Scanning after successful authentication
    • Status: Pending

Month 1

1. Coding Month: May 27th - June 22nd Its been a great first month of Google Summer of Code for me. I was so excited that I had started writing code a week before the actual coding period started. First month as I had expected had been quite hectic and to add on it, my semester end examinations are also running. So I had to manage my time efficiently which I believed have done great so far. Coming to the progress made during this period, I have done the following:

1.1 Implement PolkitQt1 Authorization backend: Here I had aimed to implement the same Polkit back-end as the one implemented by KAuth currently. I had to replicate the same behaviour and just remove the mediator ie. KAuth from in between. (Patch no. 1)

1.2 Scrap Public Key Cryptography code based on QCA as QDbus is secure enough: QDbus already provides enough security to the calls made by the application to the helper. Hence no need to encrypt, sign the requests of the application and verify their integrity at the helper side. (Patch no. 2)

1.3 Establish QDBus communication from helper towards Application: Previously the Application to Helper communication was done through QDBus session and Helper to Application was done via KAuth. In this task, I had aimed to remove KAuth and establish QDbus mode of communication here as well. I have linked the patches to the above tasks below in "Patches" section. (Patch no. 3)

Month 2

2. Coding Month: June 28th - July 22nd This month has been quite fruit-full in terms of that I can see an authorization dialog been shown up by my Polkit Authorisation back-end which I have setup in the 1st month. Here are the details of what all I have done during the second month.

2.1 Refine and then merge the Polkit back-end and QDBus communication patches: I have refactored and refined the above stated patches by removing extra functionality which I had added during my first work period. I have written and arranged the code such that now it shows up authorization dialog generated by the KDE polkit daemon. After doing so, I have merged both the patches into one of which I will be providing the link to in the Patches section down below. (Patch no. 4)

2.2 Add Unit test for Polkit Authorization back-end: I have written a Unit test for Polkit Authorization back-end, testing the functionality of the authorization back-end. The link to the patch is provided into the Patches section below. (Patch no. 5)

2.3 Compile Helper into a stand-alone application: Helper itself is a separate non GUI application which works independently from Main application. Earlier, a macro provided by KAuth was used to compile it into stand-alone application. Now, I have completely removed the dependence on KAuth to do so. (Patch no. 6)

Month 3

3. Coding Month: July 26th - August 19th Final month has been pretty hectic I have to say. Nonetheless, I have done the following:

3.1 Complete QDBus communication from Helper towards main Application: In the 3rd phase, I have completed the leftover QDBus communication from Phase 1 and 2 and removed complete dependence on KAuth to send the job progress and status to the main GUI application.(Patch no. 7)

3.2 Starting the helper from main Application: During porting process, a regression was caused, the helper was unable to kick start. I have tried brain storming the issue and at last fixed it.

Things yet to work:

There are one thing which is yet to work before we reach complete independence from KAuth:

1. Scanning issue: This is an issue in which after successfully authenticating, KDE Partition Manager is stuck on the scanning window. I believe this issue may be directly related to the QDBus communication from Helper towards Application but can't say for sure.

The above mentioned issue is an obstacle in between achieving a KAuth free KDE Partition Manager.

Plans after GSoC

The project is almost complete(In terms of code written). I plan to continue completing the remaining parts and issues after the GSoC ending.

Link to my blog

https://coderunner99.blogspot.com/

Patches

1. Implement PolkitQt1 Authorization backend

https://phabricator.kde.org/D21970

2. Scrap Public Key Cryptography code based on QCA as QDbus is secure enough

https://phabricator.kde.org/D21275

3. QDBus communication from helper towards Application

https://phabricator.kde.org/D21773

4. Authorize using Polkit backend and implement QDBus communication between App and Helper

https://phabricator.kde.org/D22438

5. Add Unit test for Polkit backend

https://phabricator.kde.org/D22321

6. Compile helper into standalone application

https://phabricator.kde.org/D22593

7. Finish up QDBus communication

https://phabricator.kde.org/D22889

Git Branch

https://cgit.kde.org/kpmcore.git/?h=auth-polkit-backend

Contact Me

Email: [email protected]

IRC: shubham1000

Github Profile: https://github.com/Shubham-100