service/polkit: add service module to write Polkit agents

Author: Cu3PO42

.github/workflows/build.yml

@@ -53,6 +53,7 @@ jobs:
  libxcb \
  libpipewire \
  cli11 \
+ polkit \
  jemalloc
 
  - name: Build

BUILD.md

@@ -192,6 +192,13 @@ To disable: `-DSERVICE_PAM=OFF`
 
 Dependencies: `pam`
 
+### Polkit
+This feature enables creating Polkit agents that can prompt user for authentication.
+
+To disable: `-DSERVICE_POLKIT=OFF`
+
+Dependencies: `polkit`, `glib`
+
 ### Hyprland
 This feature enables hyprland specific integrations. It requires wayland support
 but has no extra dependencies.

CMakeLists.txt

@@ -67,6 +67,7 @@ boption(SERVICE_STATUS_NOTIFIER "System Tray" ON)
 boption(SERVICE_PIPEWIRE "PipeWire" ON)
 boption(SERVICE_MPRIS "Mpris" ON)
 boption(SERVICE_PAM "Pam" ON)
+boption(SERVICE_POLKIT "Polkit" ON)
 boption(SERVICE_GREETD "Greetd" ON)
 boption(SERVICE_UPOWER "UPower" ON)
 boption(SERVICE_NOTIFICATIONS "Notifications" ON)

changelog/next.md

@@ -11,6 +11,7 @@ set shell id.
 
 ## New Features
 
+- Added support for creating Polkit agents.
 - Added support for creating wayland idle inhibitors.
 - Added support for wayland idle timeouts.
 - Added the ability to override Quickshell.cacheDir with a custom path.
@@ -22,3 +23,7 @@ set shell id.
 ## Bug Fixes
 
 - Fixed volume control breaking with pipewire pro audio mode.
+
+## Packaging Changes
+
+`glib` and `polkit` have been added as dependencies when compiling with polkit agent support.

default.nix

@@ -21,6 +21,8 @@
  libgbm ? null,
  pipewire,
  pam,
+ polkit,
+ glib,
 
  gitRev ? (let
  headExists = builtins.pathExists ./.git/HEAD;
@@ -43,6 +45,7 @@
  withPam ? true,
  withHyprland ? true,
  withI3 ? true,
+ withPolkit ? true,
 }: let
  unwrapped = stdenv.mkDerivation {
  pname = "quickshell${lib.optionalString debug "-debug"}";
@@ -76,7 +79,8 @@
  ++ lib.optionals (withWayland && libgbm != null) [ libdrm libgbm ]
  ++ lib.optional withX11 xorg.libxcb
  ++ lib.optional withPam pam
- ++ lib.optional withPipewire pipewire;
+ ++ lib.optional withPipewire pipewire
+ ++ lib.optionals withPolkit [ polkit glib ];
 
  cmakeBuildType = if debug then "Debug" else "RelWithDebInfo";
 
@@ -91,6 +95,7 @@
  (lib.cmakeBool "SCREENCOPY" (libgbm != null))
  (lib.cmakeBool "SERVICE_PIPEWIRE" withPipewire)
  (lib.cmakeBool "SERVICE_PAM" withPam)
+ (lib.cmakeBool "SERVICE_POLKIT" withPolkit)
  (lib.cmakeBool "HYPRLAND" withHyprland)
  (lib.cmakeBool "I3" withI3)
  ];

quickshell.scm

@@ -42,6 +42,7 @@
  libxcb
  libxkbcommon
  linux-pam
+ polkit
  mesa
  pipewire
  qtbase

src/services/CMakeLists.txt

@@ -14,6 +14,10 @@ if (SERVICE_PAM)
 add_subdirectory(pam)
 endif()
 
+if (SERVICE_POLKIT)
+add_subdirectory(polkit)
+endif()
+
 if (SERVICE_GREETD)
 add_subdirectory(greetd)
 endif()

src/services/polkit/CMakeLists.txt

@@ -0,0 +1,35 @@
+find_package(PkgConfig REQUIRED)
+pkg_check_modules(glib REQUIRED IMPORTED_TARGET glib-2.0>=2.36)
+pkg_check_modules(gobject REQUIRED IMPORTED_TARGET gobject-2.0)
+pkg_check_modules(polkit_agent REQUIRED IMPORTED_TARGET polkit-agent-1)
+pkg_check_modules(polkit REQUIRED IMPORTED_TARGET polkit-gobject-1)
+
+qt_add_library(quickshell-service-polkit STATIC
+agentimpl.cpp
+flow.cpp
+identity.cpp
+listener.cpp
+session.cpp
+qml.cpp
+)
+
+qt_add_qml_module(quickshell-service-polkit
+URI Quickshell.Services.Polkit
+VERSION 0.1
+DEPENDENCIES QtQml
+)
+
+install_qml_module(quickshell-service-polkit)
+
+target_link_libraries(quickshell-service-polkit PRIVATE
+Qt::Qml
+Qt::Quick
+PkgConfig::glib
+PkgConfig::gobject
+PkgConfig::polkit_agent
+PkgConfig::polkit
+)
+
+qs_module_pch(quickshell-service-polkit)
+
+target_link_libraries(quickshell PRIVATE quickshell-service-polkitplugin)

src/services/polkit/agentimpl.cpp

@@ -0,0 +1,179 @@
+#include "agentimpl.hpp"
+#include <algorithm>
+#include <utility>
+
+#include <qlist.h>
+#include <qlogging.h>
+#include <qloggingcategory.h>
+#include <qobject.h>
+#include <qproperty.h>
+#include <qtmetamacros.h>
+
+#include "../../core/generation.hpp"
+#include "../../core/logcat.hpp"
+#include "gobjectref.hpp"
+#include "listener.hpp"
+#include "qml.hpp"
+
+namespace {
+QS_LOGGING_CATEGORY(logPolkit, "quickshell.service.polkit", QtWarningMsg);
+}
+
+namespace qs::service::polkit {
+PolkitAgentImpl* PolkitAgentImpl::instance = nullptr;
+
+PolkitAgentImpl::PolkitAgentImpl(PolkitAgent* agent)
+ : QObject(nullptr)
+ , listener(qs_polkit_agent_new(this), G_OBJECT_NO_REF)
+ , qmlAgent(agent)
+ , path(this->qmlAgent->path()) {
+auto utf8Path = this->path.toUtf8();
+qs_polkit_agent_register(this->listener.get(), utf8Path.constData());
+}
+
+PolkitAgentImpl::~PolkitAgentImpl() { this->cancelAllRequests("PolkitAgent is being destroyed"); }
+
+void PolkitAgentImpl::cancelAllRequests(const QString& reason) {
+for (; !this->queuedRequests.empty(); this->queuedRequests.pop_back()) {
+AuthRequest* req = this->queuedRequests.back();
+qCDebug(logPolkit) << "destroying queued authentication request for action" << req->actionId;
+req->cancel(reason);
+delete req;
+}
+
+auto* flow = this->bActiveFlow.value();
+if (flow) {
+flow->cancelAuthenticationRequest();
+flow->deleteLater();
+}
+
+if (this->bIsRegistered.value()) qs_polkit_agent_unregister(this->listener.get());
+}
+
+PolkitAgentImpl* PolkitAgentImpl::tryGetOrCreate(PolkitAgent* agent) {
+if (instance == nullptr) instance = new PolkitAgentImpl(agent);
+if (instance->qmlAgent == agent) return instance;
+return nullptr;
+}
+
+PolkitAgentImpl* PolkitAgentImpl::tryGet(const PolkitAgent* agent) {
+if (instance == nullptr) return nullptr;
+if (instance->qmlAgent == agent) return instance;
+return nullptr;
+}
+
+PolkitAgentImpl* PolkitAgentImpl::tryTakeoverOrCreate(PolkitAgent* agent) {
+if (auto* impl = tryGetOrCreate(agent); impl != nullptr) return impl;
+
+auto* prevGen = EngineGeneration::findObjectGeneration(instance->qmlAgent);
+auto* myGen = EngineGeneration::findObjectGeneration(agent);
+if (prevGen == myGen) return nullptr;
+
+qCDebug(logPolkit) << "taking over listener from previous generation";
+instance->qmlAgent = agent;
+instance->setPath(agent->path());
+
+return instance;
+}
+
+void PolkitAgentImpl::onEndOfQmlAgent(PolkitAgent* agent) {
+if (instance != nullptr && instance->qmlAgent == agent) {
+delete instance;
+instance = nullptr;
+}
+}
+
+void PolkitAgentImpl::setPath(const QString& path) {
+if (this->path == path) return;
+
+this->path = path;
+auto utf8Path = path.toUtf8();
+
+this->cancelAllRequests("PolkitAgent path changed");
+qs_polkit_agent_unregister(this->listener.get());
+this->bIsRegistered = false;
+
+qs_polkit_agent_register(this->listener.get(), utf8Path.constData());
+}
+
+void PolkitAgentImpl::registerComplete(bool success) {
+if (success) this->bIsRegistered = true;
+else qCWarning(logPolkit) << "failed to register listener on path" << this->qmlAgent->path();
+}
+
+void PolkitAgentImpl::initiateAuthentication(AuthRequest* request) {
+qCDebug(logPolkit) << "incoming authentication request for action" << request->actionId;
+
+this->queuedRequests.emplace_back(request);
+
+if (this->queuedRequests.size() == 1) {
+this->activateAuthenticationRequest();
+}
+}
+
+void PolkitAgentImpl::cancelAuthentication(AuthRequest* request) {
+qCDebug(logPolkit) << "cancelling authentication request from agent";
+
+auto* flow = this->bActiveFlow.value();
+if (flow && flow->authRequest() == request) {
+flow->cancelFromAgent();
+} else if (auto it = std::ranges::find(this->queuedRequests, request);
+ it != this->queuedRequests.end())
+{
+qCDebug(logPolkit) << "removing queued authentication request for action" << (*it)->actionId;
+(*it)->cancel("Authentication request was cancelled");
+delete (*it);
+this->queuedRequests.erase(it);
+} else {
+qCWarning(logPolkit) << "the cancelled request was not found in the queue.";
+}
+}
+
+void PolkitAgentImpl::activateAuthenticationRequest() {
+if (this->queuedRequests.empty()) return;
+
+AuthRequest* req = this->queuedRequests.front();
+this->queuedRequests.pop_front();
+qCDebug(logPolkit) << "activating authentication request for action" << req->actionId
+ << ", cookie: " << req->cookie;
+
+QList<Identity*> identities;
+for (auto& identity: req->identities) {
+auto* obj = Identity::fromPolkitIdentity(identity);
+if (obj) identities.append(obj);
+}
+if (identities.isEmpty()) {
+qCWarning(logPolkit
+) << "no supported identities available for authentication request, cancelling.";
+req->cancel("Error requesting authentication: no supported identities available.");
+delete req;
+return;
+}
+
+this->bActiveFlow = new AuthFlow(req, std::move(identities));
+
+QObject::connect(
+ this->bActiveFlow.value(),
+ &AuthFlow::isCompletedChanged,
+ this,
+ &PolkitAgentImpl::finishAuthenticationRequest
+);
+
+emit this->qmlAgent->authenticationRequestStarted();
+}
+
+void PolkitAgentImpl::finishAuthenticationRequest() {
+if (!this->bActiveFlow.value()) return;
+
+qCDebug(logPolkit) << "finishing authentication request for action"
+ << this->bActiveFlow.value()->actionId();
+
+this->bActiveFlow.value()->deleteLater();
+
+if (!this->queuedRequests.empty()) {
+this->activateAuthenticationRequest();
+} else {
+this->bActiveFlow = nullptr;
+}
+}
+} // namespace qs::service::polkit

src/services/polkit/agentimpl.hpp

@@ -0,0 +1,66 @@
+#pragma once
+
+#include <deque>
+
+#include <qobject.h>
+#include <qproperty.h>
+
+#include "flow.hpp"
+#include "gobjectref.hpp"
+#include "listener.hpp"
+
+namespace qs::service::polkit {
+class PolkitAgent;
+
+class PolkitAgentImpl
+ : public QObject
+ , public ListenerCb {
+Q_OBJECT;
+Q_DISABLE_COPY_MOVE(PolkitAgentImpl);
+
+public:
+~PolkitAgentImpl() override;
+
+static PolkitAgentImpl* tryGetOrCreate(PolkitAgent* agent);
+static PolkitAgentImpl* tryGet(const PolkitAgent* agent);
+static PolkitAgentImpl* tryTakeoverOrCreate(PolkitAgent* agent);
+static void onEndOfQmlAgent(PolkitAgent* agent);
+
+[[nodiscard]] QBindable<AuthFlow*> activeFlow() { return &this->bActiveFlow; };
+[[nodiscard]] QBindable<bool> isRegistered() { return &this->bIsRegistered; };
+
+[[nodiscard]] const QString& getPath() const { return this->path; }
+void setPath(const QString& path);
+
+void initiateAuthentication(AuthRequest* request) override;
+void cancelAuthentication(AuthRequest* request) override;
+void registerComplete(bool success) override;
+
+void cancelAllRequests(const QString& reason);
+
+signals:
+void activeFlowChanged();
+void isRegisteredChanged();
+
+private:
+PolkitAgentImpl(PolkitAgent* agent);
+
+static PolkitAgentImpl* instance;
+
+/// Start handling of the next authentication request in the queue.
+void activateAuthenticationRequest();
+/// Finalize and remove the current authentication request.
+void finishAuthenticationRequest();
+
+GObjectRef<QsPolkitAgent> listener;
+PolkitAgent* qmlAgent = nullptr;
+QString path;
+
+std::deque<AuthRequest*> queuedRequests;
+
+// clang-format off
+Q_OBJECT_BINDABLE_PROPERTY(PolkitAgentImpl, AuthFlow*, bActiveFlow, &PolkitAgentImpl::activeFlowChanged);
+Q_OBJECT_BINDABLE_PROPERTY(PolkitAgentImpl, bool, bIsRegistered, &PolkitAgentImpl::isRegisteredChanged);
+// clang-format on
+};
+} // namespace qs::service::polkit