Dan Williams <dcbw redhat com> writes: > On Thu, 2008-07-24 at 02:29 +0900, David Smith wrote: >> Hi, >> >> For implementing PKCS#11 support in the network manager gnome applet >> using gnome keyring as the backing store, it's necessary to tell >> wpasupplicant the environment variable of GNOME_KEYRING_SOCKET before >> loading the gnome keyring PKCS#11 library. This socket will be protected >> to the local user, but since wpasupplicant must run as root, it should >> be able to access it and indeed it must. >> >> This issue is currently being discussed in network manager's bugzilla at >> http://bugzilla.gnome.org/show_bug.cgi?id=537239 . >> >> Attached is a patch to add a DBus interface to set environment variables >> in wpasupplicant. I hope this is an acceptable compromise. In the long >> term, a better interface from keyring might be made available and then >> any necessary changes to wpasupplicant could be made at that time, but >> for now this is a rather trivial addition that would primarily be useful >> for working with the current implementation. > > I think the real fix for this is to get Gnome Keyring using D-Bus, not > sockets. That needs to be done anyway. Yeah, ignore this patch. I have another patch waiting for wpasupplicant to give it another configuration variable, pkcs11_init_args, that's settable over DBus. We'll pass to wpasupplicant the value of org.gnome.keyring.Daemon.GetSocketPath() as an init arg instead of using the environment variable. I haven't sent the patch to wpasupplicant yet because it depends on a patch to the PKCS#11 OpenSSL engine and libp11, both from OpenSC, that I sent them a few days ago. See http://article.gmane.org/gmane.comp.encryption.opensc.devel/7354 . Nobody from OpenSC has responded yet but hopefully they will soon. > This sort of call in the supplicant seems really ugly to me. It seems we all agree on at least that :) - dds
Attachment:
pgpNVe7v3ojje.pgp
Description: PGP signature