I'm not familiar with KAuth, but from a cursory read about it, it sounds like a wrapper around PolKit. The imply annotation, according to the docs:
> can be used to define meta actions. The way it works is that if a > subject is authorized for an action with this annotation, then it is > also authorized for any action specified by the annotation. A typical > use of this annotation is when defining an UI shell with a single > lock button that should unlock multiple actions from distinct > mechanisms. It sounds more like it was designed to group actions together rather than sustain the authentication. Regarding your goal of persisting authentication over multiple actions, there is a PolKit action value called "auth_admin_keep". > Like auth_admin but the authorization is kept for a brief period > (e.g. five minutes). I would suggest you look into whether KAuth Helper files support the 'auth_admin_keep' Policy value. Your KAuth helper file also sets Persistence to 'session'. According to the docs, that keeps the authentication for the entire logged in session. Is that your goal? > session: the authorization persists until the user logs out The imply annotation might help you authorize all your actions using a single request (delete, move, create, etc.). I think its your Persistence value that's keeping all of them authorized though. On Sun, 2017-05-14 at 19:06 +0530, chinmoy ranjan wrote: > Hello devs, > > I am a Google Summer of Code student working with KDE on the project > "Polkit support in KIO[1]". The goal of this project is to enable KIO > (this library provides file management functions in KDE softwares) to > perform file handling operations with escalated privilege. This way > the user can perform file handling operations in root owned location > without having to start the whole application as root. > My approach[2] involves using the KAuth library(authentication > framework for KDE) to create separate polkit actions for each file > handling operation, like delete, copy, symlink, rename etc. One of > the behavioural changes that is expected is when a user authenticates > himself for a polkit action, say delete, he should be able to perform > other actions , like copy or symlink, during the time period when > privileges are escalated for a while without having to provide his > credentials. > So in pursuit of this I found the imply annotation in the reference > manual of polkit. I used it in my PoC patch[3] (I directly modified > the policy file) and it did produced the desired behaviour. When I > authenticated myself for the delete operation, other actions like > symlink were unlocked as well for a while. In other words it solved > my little problem. > > Now this is my first time working with polkit. So my doubts are, > 1> Is this the actual work of imply annotation, i.e, to unlock(if I > am putting it correctly) other actions after authenticating for one > action? Although it is mentioned in the reference manual that it > unlocks multiple actions from distinct mechanisms but a little > clarification would help. > 2> If its not the purpose of the imply annotation then what is it > for? And what can I use in my project? > 3> If imply annotation is indeed suitable for my project then I will > have to add the support for annotations in KAuth library. In that > case is there any guideline or specification that I must comply with? > > I would be very grateful if anyone could provide any sort of help. > > Regards, > Chinmoy > > [1]: https://community.kde.org/GSoC/2017/Ideas#Project:_Polkit_suppor > t_in_KIO > [2] GSOC proposal: https://docs.google.com/document/d/1LhuHwwo_hCziM > 2-3UsffpODwnjypYQjMnB7YHEQd4dQ/edit?usp=sharing > [3]: https://git.reviewboard.kde.org/r/129983/ > > _______________________________________________ > polkit-devel mailing list > polkit-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/polkit-devel
signature.asc
Description: This is a digitally signed message part
_______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/polkit-devel
