GNOME Bugzilla – Bug 353105
Implement LOCAL_CREDS socket credentials
Last modified: 2006-08-28 10:06:28 UTC
Please describe the problem: gnome-keyring uses socket credentials to authenticate incoming connections to the daemon. At the moment the code supports some implementations of socket credentials but does not implement LOCAL_CREDS, the only available implementation under NetBSD. Therefore, gnome-keyring does not work at all under this operating system, making multiple parts of the GNOME desktop behave oddly. gnome-keyring should be modified to support LOCAL_CREDS alongside all other socket credentials implementation. Simply telling NetBSD to implement another mechanism is a difficult approach and even if this happens, it won't be anytime soon. Not to mention that currently supported stable versions (2.x, 3.x and soon 4.x) wouldn't get the new feature, yet they should be able to use the gnome-keyring for a nice GNOME user experience. Why do I say the above? Well... the problem in supporting LOCAL_CREDS is that it behaves in a slightly different manner from all other socket credentials implementations. Under LOCAL_CREDS, the server must *first* enable LOCAL_CREDS on the socket and *only then*, the client has to send a message. After that the server receives the credentials in a manner very similar to the CMSGCRED implementation already supported. The reception of credentials is enabled only for a single message and then is automatically disabled. In other words, some kind of synchronization is needed between the two components so that the call to setsockopt() surely happens before the client sends the credentials message. As far as I can tell this is impossible to achieve with the current keyring protocol because just after the server does the accept() call it expects to receive the credentials byte; it is then impossible for it to enable LOCAL_CREDS in between in a safe way -- a race condition could appear otherwise. I've written a more complete explanation alongside a code example here: http://julipedia.blogspot.com/2006/08/localcreds-socket-credentials.html I'm now attaching a patch that adds support for LOCAL_CREDS and lets gnome-keyring work under NetBSD. It lacks support for PIDs (LOCAL_CREDS do not provide them) but I hope this is not an extremely big problem; after all, only Linux and FreeBSD currently implement them (and as far as I know other OSes are using the keyring, such as Solaris). It is very important that these changes get in before the eventual gnome-keyring 1.x version because they involve a protocol change. I hope that this is not a big issue at the moment. Steps to reproduce: 1. Install GNOME under NetBSD (through pkgsrc). 2. Start GNOME. 3. Launch an gnome-keyring aware application such as gnome-keyring-manager. 4. See it fail due to the lack of support for socket credentials. Actual results: Expected results: Does this happen every time? Other information:
Created attachment 71702 [details] [review] Implementation of LOCAL_CREDS support. Initial implementation of support for LOCAL_CREDS in gnome-keyring server and client parts. Please let me know if anything should be improved in it.
Created attachment 71705 [details] [review] Implementation of LOCAL_CREDS support. Sorry, the previous patch contains a little problem due to a last-minute change that makes everything fail. This one is fixed.
Oops, hold on! Havoc Pennington has found a way that might simplify the overall thing and avoid the protocol change. I will investigate if does indeed work and post an update here.
Yeah, adding LOCAL_CREDS support is much easier than I thought and does not require a protocol change. The code can set the LOCAL_CREDS option on the listening socket, which is later inherited by sockets returned by the accept(2) call. Doing so is safe because the new socket will always carry the flag during the reception of the credentials byte. After that happens the option can be disabled.
Created attachment 71749 [details] [review] Simpler implementation of LOCAL_CREDS.
Commited. Thanks.