Re: setEnvironmentVariable DBus method for wpasupplicant

My messages to networkmanager-list aren't getting through yet, but...

Jouni Malinen wrote:
> On Thu, Jul 24, 2008 at 02:29:32AM +0900, David Smith wrote:
>> For implementing PKCS#11 support in the network manager gnome applet
>> using gnome keyring as the backing store, it's necessary to tell
>> wpasupplicant the environment variable of GNOME_KEYRING_SOCKET before
>> loading the gnome keyring PKCS#11 library. This socket will be protected
>> to the local user, but since wpasupplicant must run as root, it should
>> be able to access it and indeed it must.
> wpa_supplicant can actually be run without root capabilities when using
> privacy separation. However, that may not be of much help here. Using
> environment variable for this type of configuration for a library sounds
> a bit odd, but maybe there is no better way of passing that information.

It's not configuration per-se. The socket is per session, and could be
different for multiple programs run on the same session. It would be
nice if the gnome-keyring pkcs11 module could could use the DBus session
bus to locate the daemon/socket. However PKCS#11 modules have to run in
all sorts of strange applications, and DBus wasn't an option. :(

> I have to say that I don't really like this at all.. If I understood the
> design correctly, it may indeed be necessary to be able to set
> GNOME_KEYRING_SOCKET. However, I don't see need for setting any other
> environment variable. I would certainly prefer to do this in some other
> way, but if this is the only feasible one, I would be fine with a
> compromise that adds a new DBus command for setting GNOME_KEYRING_SOCKET
> (i.e., just this particular environment variable, not arbitrary
> variables). I would rather not go through the details of what external
> programs could do by setting some other variables and as such, it would
> be simpler to just limit this to a single variable as a workaround for
> the particular issue.

It's easy enough to get around. gnome-keyring already has something to
address this problem. You can call the /org/gnome/keyring/daemon
interface and use the GetSocketPath call, which will return the socket
path of the currently running daemon. You can then easily set the
correct environment variable in your process.

> string org.gnome.keyring.Dameon.GetSocketPath()
> at /org/gnome/keyring/daemon



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]