David Smith wrote: > For implementing PKCS#11 support in the network manager gnome applet > using gnome keyring as the backing store, it's necessary to tell > wpasupplicant the environment variable of GNOME_KEYRING_SOCKET before > loading the gnome keyring PKCS#11 library. This socket will be protected > to the local user, but since wpasupplicant must run as root, it should > be able to access it and indeed it must.
Not sure how we plan to address this. gnome-keyring doesn't currently support access by root to its sockets. > Attached is a patch to add a DBus interface to set environment variables > in wpasupplicant. I hope this is an acceptable compromise. In the long > term, a better interface from keyring might be made available and then > any necessary changes to wpasupplicant could be made at that time, but > for now this is a rather trivial addition that would primarily be useful > for working with the current implementation. Well, I'm not sure you have to add a DBus API to wpasupplicant. gnome-keyring-daemon has a small DBus API for exactly that purpose. To allow applications started by the DBus session (but without the environment variables) to retrieve the appropriate the socket path. libgnome-keyring uses this when the environment variable is not available. string org.gnome.keyring.Dameon.GetSocketPath() at /org/gnome/keyring/daemon See: http://svn.gnome.org/viewvc/gnome-keyring/trunk/daemon/gkr-daemon-dbus.c?revision=888&view=markup&pathrev=1189 http://svn.gnome.org/viewvc/gnome-keyring/trunk/library/gnome-keyring-private.h?revision=879&view=markup&pathrev=1169 http://svn.gnome.org/viewvc/gnome-keyring/trunk/library/gnome-keyring.c?revision=1120&view=markup&pathrev=1169 Another approach might be similar to what the NSS PKCS#11 components use. In order to initialize the NSS softkn3 PKCS#11 component you pass in an argument string into the pReserved member of the CK_C_INITIALIZE_ARGS_PTR structure passed to C_Initialize. In the case of the gnome-keyring PKCS#11 module we could make that be the socket path. Cheers, Stef Walter _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
