setEnvironmentVariable DBus method for wpasupplicant

Dan Williams dcbw
Mon Aug 4 10:40:29 PDT 2008


On Fri, 2008-07-25 at 23:45 +0000, Stef wrote:
> Dan Williams wrote:
> > I think the real fix for this is to get Gnome Keyring using D-Bus, not
> > sockets.  That needs to be done anyway.  This sort of call in the
> > supplicant seems really ugly to me.
> 
> Gnome Keyring supports a variety of standards and access methods for
> various things. It sits as a bridge between a bunch of technologies,
> some ancient and some modern.
> 
> In this case wpasupplicant accessing gnome-keyring PKCS#11 via which
> is a standardized API for public key access and crypto operations. This
> API is provided by a module.
> 
> Internally a socket it used to connect from the module to the
> gnome-keyring daemon. Why isn't Dbus used for this connection? We tried
> hard to make that work, but in the end:
> 
>  * DBus has a rigid locking and threading model is incompatible with
>    the threading model of PKCS#11 modules.
>  * DBus provides no credentials information on who the other side of the
>    caller is.

This last point isn't really true; D-Bus internally uses SO_PEERCRED and
thus can find out things like the uid, pid, and SELinux context of the
process sending messages.  It's been that way for at least 2 years.
What specific credentials requirements do you have that aren't met by
D-Bus?

For any given message to your service, calling dbus_message_get_sender()
will give you the send.  Next, you construct a D-Bus message to the bus
itself to call "GetConnectionUnixUser", which will return the uid of the
sender of the message.  You can also get the PID and SELinux context.

> This just isn't what DBus is designed for. This was discussed on the
> DBus mailing list.

Yeah, I've read over those messages and the threading initialization
problem seems difficult if only because apps have to agree on a certain
things like a mainloop, threading primitives, etc.  But conceptually,
D-Bus _is_ designed for this case; you're just trying to use IPC and
that's what D-Bus is.

Dan

> http://lists.freedesktop.org/archives/dbus/2007-April/007454.html
> http://lists.freedesktop.org/archives/dbus/2007-April/007458.html
> 
> On the other hand, certain parts of gnome-keyring are exposed via DBus.
> And you can get the appropriate socket path for the current user
> session, via DBus.
> 
> Cheers,
> Stef Walter
> 




More information about the Hostap mailing list