On Fri, 27.06.14 01:54, David Härdeman ([email protected]) wrote: > Add binary string handling functions and extend the password agent > protocol to support binary strings (using "=" as a string prefix > instead of "+").
I am feeling a bit uneasy about this one. I have the suspicion that the entire password logic should be changed around: we should never transfer the passwords in userspace, but use the kernel keyring for this. And the queries should probably be triggered via dbus (as soon as kdbus is done, and we can use dbus in early-boot). THis all makes me want to stay away from this for now. The kernel keyring is binary-safe anyway, so half the problem goes away there. The kernel also already has a key request API iirc (though a weird one, from a cursory look), so we really should align ourselves a lot more with that. Sorry if this sounds disappointing, but I think the proper fix to get binary passwords done is the kernel keyring, not just polishing what we have right now. Sorry (in particular, because I didn't reply to your mail any more quicker, but I was unsure about this whole thing myself...), Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
