Re: setEnvironmentVariable DBus method for wpasupplicant

From: Stef <stef memberwebs com>
To: David Smith <dds google com>
Cc: hostap lists shmoo com, networkmanager-list gnome org
Subject: Re: setEnvironmentVariable DBus method for wpasupplicant
Date: Thu, 24 Jul 2008 02:24:46 +0000 (UTC)

David Smith wrote:
> For implementing PKCS#11 support in the network manager gnome applet
> using gnome keyring as the backing store, it's necessary to tell
> wpasupplicant the environment variable of GNOME_KEYRING_SOCKET before
> loading the gnome keyring PKCS#11 library. This socket will be protected
> to the local user, but since wpasupplicant must run as root, it should
> be able to access it and indeed it must.

Not sure how we plan to address this. gnome-keyring doesn't currently
support access by root to its sockets.

> Attached is a patch to add a DBus interface to set environment variables
> in wpasupplicant. I hope this is an acceptable compromise. In the long
> term, a better interface from keyring might be made available and then
> any necessary changes to wpasupplicant could be made at that time, but
> for now this is a rather trivial addition that would primarily be useful
> for working with the current implementation.

Well, I'm not sure you have to add a DBus API to wpasupplicant.

gnome-keyring-daemon has a small DBus API for exactly that purpose. To
allow applications started by the DBus session (but without the
environment variables) to retrieve the appropriate the socket path.
libgnome-keyring uses this when the environment variable is not available.

string org.gnome.keyring.Dameon.GetSocketPath()

at /org/gnome/keyring/daemon

See:

http://svn.gnome.org/viewvc/gnome-keyring/trunk/daemon/gkr-daemon-dbus.c?revision=888&view=markup&pathrev=1189
http://svn.gnome.org/viewvc/gnome-keyring/trunk/library/gnome-keyring-private.h?revision=879&view=markup&pathrev=1169
http://svn.gnome.org/viewvc/gnome-keyring/trunk/library/gnome-keyring.c?revision=1120&view=markup&pathrev=1169

Another approach might be similar to what the NSS PKCS#11 components use.

In order to initialize the NSS softkn3 PKCS#11 component you pass in an
argument string into the pReserved member of the
CK_C_INITIALIZE_ARGS_PTR structure passed to C_Initialize. In the case
of the gnome-keyring PKCS#11 module we could make that be the socket path.

Cheers,

Stef Walter

Follow-Ups:
- Re: setEnvironmentVariable DBus method for wpasupplicant
  - From: David Smith

References:
- setEnvironmentVariable DBus method for wpasupplicant
  - From: David Smith

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]