blob: 9016c3187231f0f4fd2f782233a646d0e173fd85 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
HACKING GNOME KEYRING
Patches should be submitted to bugzilla:
http://bugzilla.gnome.org/enter_bug.cgi?product=gnome-keyring
The gnome-keyring mailing list is:
gnome-keyring-list@gnome.org
An overview of the architecture and graphical outline can be found here:
http://live.gnome.org/GnomeKeyring/Architecture
Gnome Keyring is made up of several distinct parts working on concert with
each other. These parts generally live in different directories:
daemon
The main daemon startup code and gnome-keyring password protocol operations.
daemon/control
Binary protocol for controling and initializing the daemon.
daemon/dbus
Various DBus bits of the daemon including the Secret Service API.
daemon/gpg-agent
A GPG agent implementation that uses a PKCS#11 module for it's password storage.
daemon/login
Used to lock and unlock the daemon.
daemon/ssh-agent
An SSH agent implementation that uses a PKCS#11 module for it's cryto and key storage.
egg
Code that either: a) Really should be implemented elsewhere (eg: glib) but isn't.
b) Code that needs to be shared between loosely coupled gnome-keyring components.
gcr
A public library for bits of crypto UI and parsing etc...
gp11
A public library for accessing PKCS#11 modules.
pam
The PAM module that unlocks the login keyring when the user logs in.
pkcs11
The various bits of the PKCS#11 implementation.
pkcs11/gck
A base library for implementing our internal PKCS#11 modules.
pkcs11/roots-store
A PKCS#11 module that exposes Root CA certificates from a directory like /etc/ssl/certs
pkcs11/rpc-layer
A PKCS#11 module that calls into the daemon. This is the module that apps actually use.
pkcs11/ssh-store
A PKCS#11 module which exposes objects in ~/.ssh directory.
pkcs11/user-store
A PKCS#11 module for general storage of certificates and keys.
pkcs11/wrap-layer
A PKCS#11 module that combines slots from multiple PKCS#11 modules into one module.
testsing
Test tools and unit tests.
ui
Prompting the user, asking for passwords.
--------------------------------------------------------------------------------
USE OF WORKER THREADS
Gnome Keyring uses threads in a limited manner, as state machines, (ie: execution
stacks). Only one thread runs at any given time, each thread hands off execution
to another thread.
The *only* use of threading and/or synchronization primitives should be in:
common/gkr-async.c
Worker threads are created by using gkr_async_worker_start(). Each worker needs
to call gkr_async_yield() regularly, to give other threads a chance to run.
If a thread needs perform a blocking syscall, or do something that takes a long
time (like create a key) it can use the gkr_async_begin_concurrent() and
gkr_async_end_concurrent() functions. While running 'concurrent' no global
functions and/or data should be accessed.
|
