[PATCH 1/3] Added wpa_config_get_all function
Tue Nov 10 07:18:04 PST 2009
Jouni Malinen pisze:
> On Mon, Nov 09, 2009 at 10:23:57PM -0800, Dan Williams wrote:
>> At the moment, the D-Bus interface is restricted to 'root' only. This
>> is done by the D-Bus permissions config file (dbus-wpa_supplicant.conf).
>> I think the idea here was to ensure that an external program (like NM)
>> could get the actual key used to connect to the network after the WPS
>> exchange had succeeded. Otherwise, how would we know what PSK to send
>> back to the supplicant the next time we connect?
>> We can't really send out a signal (since signals are usually readable by
>> anyone) thus the original method of caching the response and using
>> properties to get it. If you don't like that (you didn't) then we can
>> let the supplicant update the network block in the in-memory config, and
>> then add a method to allow NM to read back the updated network block
>> (which I think you are now objecting to as well :). Not sure how we're
>> supposed to get out the negotiated PSK then?
> There were two reasons for me not liking the caching of WPS credentials:
> I did not know why it was needed (this explanation on signal readability
> seems to explain that) and it not working very well (at least in theory)
> should there be multiple new credentials being received close to
> each other with the latest one replacing the older ones which may or may
> not have been fetched.
> The original patches introduced both mechanisms (access to full config
> and caching of WPS credentials). Why? Would only one of them be enough?
The original patch doesn't introduce access to full config, but to
non-secret config entries only, but it can be easily changed (second
argument in wpa_config_get_all).
Actually, I was sure that DBus security policies applies to DBus signals
too. Apparently, I was wrong so it need to be fixed. If exposing full
config (including secret entries) only to root applications is secure
enough for you, then we don't need caching credentials, since
credentials data can be read from config.
In the other hand we can restrict config access to non-secret entries
only, but then we need to cache last credentials, and make them readable
In both scenarios we actually give access to secret data to root
applications (via config or via WPS credentials), so I think that there
is no big difference and we should choose full config access since it is
> Or to be more specific, would caching of WPS credentials be enough?
Yes, it would, but as I mentioned above, full config access for root
seams to be cleaner.
More information about the Hostap