[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: kdereview exemption for PolicyKit-KDE
From:       Trever Fischer <wm161 () wm161 ! net>
Date:       2008-11-17 17:04:45
Message-ID: 200811171205.04248.wm161 () wm161 ! net
[Download RAW message or body]


On Monday 17 November 2008 09:06:08 am Thiago Macieira wrote:
>
> I didn't understand.
>
> What kind of calls does it make through D-Bus? Are they blocking? Does it
> ever receive incoming calls or incoming signals?
>
>
> Qt does not do event-loop integration for you. It only does integration for
> its own connections.
>
> If you or your libraries are using libdbus-1 outside QtDBus, you need to
> write the integration yourself. It's a different connection (your
> application will appear twice in the "qdbus" listing).
We aren't using libdbus with polkit's libs. The helper does that. When we call 
some method (like polkit_auth_obtain), the polkit libraries setup the 
arguments to run a polkit-auth helper (specifically, polkit-grant-helper <pid> 
<action>). Since the helper is suid-root, it reads the authorization database 
to check if the current user and the process in POLKIT_AUTH_GRANT_TO_PID (or 
the parent pid) have good permissions. If so, it works magic on stdout that 
the polkit library handles. If not, the helper sends a dbus message to the 
authenticator to ask for the password. The authenticator in turn runs another 
polkit suid helper to store the entry in the database if authentication 
against pam worked (the helper itself checks against pam). The original helper 
notices this and returns with success or failure in the polkit library.

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]