Jump to content

GSoC/2019/StatusReports/Shubham

From KDE Community Wiki

Port Authentication to Polkit-qt-1

KDE Partition Manager runs all the authentication or authorization protocols over KAuth (KDE Authentication), which is a tier 2 library from KDE Frameworks. In the current implementation of KDE Partition Manager, all the privileged tasks such as executing some external program like btrfs, sfdisk etc. Or copying a block of data from one partition to the other, which requires escalated permissions to execute are executed by a helper non GUI application. So, instead of running whole GUI application (KDE Partition Manager) as root or superuser, a helper non GUI application is spawned which runs as root and executes privileged tasks. This helper program communicates with KDE Partition Manager over simple DBus protocol. The current implementation may seem a good idea, but is not, the reason being that KAuth is an extra layer added over Polkit-qt which causes extra overhead. So, the proposal for this project is to port all the authentication/authorization code from KAuth to Polkit-qt without effecting the original behaviour of KDE Partition Manager.

Work Report

Month 1

1. Coding Month: May 27th - June 22nd Its been a great first month of Google Summer of Code for me. I was so excited that I had started writing code a week before the actual coding period started. First month as I had expected had been quite hectic and to add on it, my semester end examinations are also running. So I had to manage my time efficiently which I believed have done great so far. Coming to the progress made during this period, I have done the following:

1.1 Implement PolkitQt1 Authorization backend: Here I had aimed to implement the same Polkit back-end as the one implemented by KAuth currently. I had to replicate the same behaviour and just remove the mediator ie. KAuth from in between. (Patch no. 1)

1.2 Scrap Public Key Cryptography code based on QCA as QDbus is secure enough: QDbus already provides enough security to the calls made by the application to the helper. Hence no need to encrypt, sign the requests of the application and verify their integrity at the helper side. (Patch no. 2)

1.3 Establish QDBus communication from helper towards Application: Previously the Application to Helper communication was done through QDBus session and Helper to Application was done via KAuth. In this task, I had aimed to remove KAuth and establish QDbus mode of communication here as well. I have linked the patches to the above tasks below in "Patches" section. (Patch no. 3)

Month 2

2. Coding Month: June 28th - July 22nd This month has been quite fruit-full in terms of that I can see an authorization dialog been shown up by my Polkit Authorisation back-end which I have setup in the 1st month. Here are the details of what all I have done during the second month.

2.1 Refine and then merge the Polkit back-end and QDBus communication patches: I have refactored and refined the above stated patches by removing extra functionality which I had added during my first work period. I have written and arranged the code such that now it shows up authorization dialog generated by the KDE polkit daemon. After doing so, I have merged both the patches into one of which I will be providing the link to in the Patches section down below. (Patch no. 4)

2.2 Add Unit test for Polkit Authorization back-end: I have written a Unit test for Polkit Authorization back-end, testing the functionality of the authorization back-end. The link to the patch is provided into the Patches section below. (Patch no. 5)

2.3 Compile Helper into a stand-alone application: Helper itself is a separate non GUI application which works independently from Main application. Earlier, a macro provided by KAuth was used to compile it into stand-alone application. Now, I have completely removed the dependence on KAuth to do so. (Patch no. 6)

Month 3

3. Coding Month: July 26th - August 19th

Link to my blog

https://coderunner99.blogspot.com/

Patches

1. Implement PolkitQt1 Authorization backend

https://phabricator.kde.org/D21970

2. Scrap Public Key Cryptography code based on QCA as QDbus is secure enough

https://phabricator.kde.org/D21275

3. QDBus communication from helper towards Application

https://phabricator.kde.org/D21773

4. Authorize using Polkit backend and implement QDBus communication between App and Helper

https://phabricator.kde.org/D22438

5. Add Unit test for Polkit backend

https://phabricator.kde.org/D22321

6. Compile helper into standalone application

https://phabricator.kde.org/D22593

Git Branch

https://cgit.kde.org/kpmcore.git/?h=auth-polkit-backend

Contact Me

Email: [email protected]

IRC: shubham1000

Github Profile: https://github.com/Shubham-100