On Fri, 2008-07-25 at 23:45 +0000, Stef wrote: > Dan Williams wrote: > > I think the real fix for this is to get Gnome Keyring using D-Bus, not > > sockets. That needs to be done anyway. This sort of call in the > > supplicant seems really ugly to me. > > Gnome Keyring supports a variety of standards and access methods for > various things. It sits as a bridge between a bunch of technologies, > some ancient and some modern. > > In this case wpasupplicant accessing gnome-keyring PKCS#11 via which > is a standardized API for public key access and crypto operations. This > API is provided by a module. > > Internally a socket it used to connect from the module to the > gnome-keyring daemon. Why isn't Dbus used for this connection? We tried > hard to make that work, but in the end: > > * DBus has a rigid locking and threading model is incompatible with > the threading model of PKCS#11 modules. > * DBus provides no credentials information on who the other side of the > caller is.
This last point isn't really true; D-Bus internally uses SO_PEERCRED and thus can find out things like the uid, pid, and SELinux context of the process sending messages. It's been that way for at least 2 years. What specific credentials requirements do you have that aren't met by D-Bus? For any given message to your service, calling dbus_message_get_sender() will give you the send. Next, you construct a D-Bus message to the bus itself to call "GetConnectionUnixUser", which will return the uid of the sender of the message. You can also get the PID and SELinux context. > This just isn't what DBus is designed for. This was discussed on the > DBus mailing list. Yeah, I've read over those messages and the threading initialization problem seems difficult if only because apps have to agree on a certain things like a mainloop, threading primitives, etc. But conceptually, D-Bus _is_ designed for this case; you're just trying to use IPC and that's what D-Bus is. Dan > http://lists.freedesktop.org/archives/dbus/2007-April/007454.html > http://lists.freedesktop.org/archives/dbus/2007-April/007458.html > > On the other hand, certain parts of gnome-keyring are exposed via DBus. > And you can get the appropriate socket path for the current user > session, via DBus. > > Cheers, > Stef Walter > _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
