Tokamak: KAuth into kdelibs
Yes, KAuth is finally in KDELibs. Yes, systemsettings has integration. Yes, the first module (date/time) is already ported & ready. I know this was a long awaited feature by many of you, and now it’s in. But today, I want to show developers how to enjoy the new power of this framework.
First of all, what is it? It is the first known framework to check for authorizations by fine granting them and/or granting applications high privileges in a transparent, secure way completely integrated with the desktop and completely native and multiplatform. So you have quite some power in your hands. Why should you use it? Well, if you want to lock out users from certain features, for example, or to perform privileged actions. But let’s get into details.
KPushButton and KAction have 2 new methods, which are setAuthAction and authAction. Just set a KAuth::Action into one of them and you will have the following things for free: the authentication will be automatically triggered when the action/button has been triggered, you will get an authorized() signal when the user actually got the authorization, and the button/action change their availability and appearance according to the action status. Quite straightforward, huh?
KCModule has a new method as well. It’s (set)needsAuthorization(). Whenever you set this to true, an action for it will be created, named “org.kde.kcontrol..save”, where name is your KCM’s main as specified in the KAboutData. Just do this, and you get all the ui integration for free and save() will get called just when the user grants that authorization. Even simpler, isn’t it?
Want to have a look? A tutorial on Techbase is coming up, but for now, you can simply have a look at kdebase/workspace/kcontrol/datetime and kdelibs/kdecore/auth/example to have an idea. I’ll ping you back when the tutorial gets ready 🙂 oh, and api.kde.org is your friend as well, Nicola made a great work in documenting all the library just for you guys to pick it up.
So put your thumbs up for a great GSoC project ended, and stay tuned, because this is just the beginning. The next keywords are now: KIO, GHNS, and KIOSK.
And put your hands up for the fun and the productivity we are having at Tokamak 3!!!
~ by Dario on 31 August, 2009.
Posted in KDE, Linux
Tags: authorization services, kauth, kde, mac, policykit
Fantastic man! I’m so glad to know it’s going to work nicely in future KDE4 versions 😉 It’s one of the features I really wanted in Linux (and KDE in particular)
warnec said this on 31 August, 2009 at 1:25 pm |
good job guys!! 🙂
Alessandro Diaferia said this on 31 August, 2009 at 2:31 pm |
Now what would happen when I start to mess with the memory of a program that gets authenticated … for example with ptrace. Can I change the settings from outside?
AFAIK, there’s nothing stopping me from doing so when the ptraced app is run with my username.
Peterix said this on 31 August, 2009 at 2:31 pm |
This article proves you were not drunk! 😛
Diego said this on 31 August, 2009 at 3:05 pm |
@Peterix: I suggest you to dive into the code to understand better what’s going on. The application is never elevated and the elevated job is delegated to an helper, and authorization security is handled by the system (PolicyKit, Authorization services,…)
drfav said this on 31 August, 2009 at 3:19 pm |
[…] a complete desktop authorization framework is in !kde https://drfav.wordpress.com/2009/08/31/tokamak-kauth-into-kdelibs/ a few seconds ago from […]
Vincent Panel (yoho) 's status on Monday, 31-Aug-09 15:26:07 UTC - Identi.ca said this on 31 August, 2009 at 5:26 pm |
[…] a complete desktop authorization framework is in !kde https://drfav.wordpress.com/2009/08/31/tokamak-kauth-into-kdelibs/ (via @yoho)q a few seconds ago from […]
Greg (osku) 's status on Monday, 31-Aug-09 18:50:17 UTC - Identi.ca said this on 31 August, 2009 at 8:50 pm |
One more question.
Are there any plans on adding KAuth support to at least some major KDE apps? (Dolphin, Okteta, Kate, Kwrite etc.)
Anonymous said this on 1 September, 2009 at 9:04 am |
We’re gonna do better. We will integrate this into KIO, so that every KDE component will take advantage of it without even knowing that.
drfav said this on 3 September, 2009 at 7:32 pm |