Re: setEnvironmentVariable DBus method for wpasupplicant

David Smith wrote:
> For implementing PKCS#11 support in the network manager gnome applet
> using gnome keyring as the backing store, it's necessary to tell
> wpasupplicant the environment variable of GNOME_KEYRING_SOCKET before
> loading the gnome keyring PKCS#11 library. This socket will be protected
> to the local user, but since wpasupplicant must run as root, it should
> be able to access it and indeed it must.

Not sure how we plan to address this. gnome-keyring doesn't currently
support access by root to its sockets.

> Attached is a patch to add a DBus interface to set environment variables
> in wpasupplicant. I hope this is an acceptable compromise. In the long
> term, a better interface from keyring might be made available and then
> any necessary changes to wpasupplicant could be made at that time, but
> for now this is a rather trivial addition that would primarily be useful
> for working with the current implementation.

Well, I'm not sure you have to add a DBus API to wpasupplicant.

gnome-keyring-daemon has a small DBus API for exactly that purpose. To
allow applications started by the DBus session (but without the
environment variables) to retrieve the appropriate the socket path.
libgnome-keyring uses this when the environment variable is not available.

string org.gnome.keyring.Dameon.GetSocketPath()

at /org/gnome/keyring/daemon


Another approach might be similar to what the NSS PKCS#11 components use.

In order to initialize the NSS softkn3 PKCS#11 component you pass in an
argument string into the pReserved member of the
CK_C_INITIALIZE_ARGS_PTR structure passed to C_Initialize. In the case
of the gnome-keyring PKCS#11 module we could make that be the socket path.


Stef Walter

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]