Bug 424678

Summary: [RFE] Support passing hints from SecretAgent::GetSecrets() to VPN plugins
Product: [Plasma] plasma-nm Reporter: emelenas
Component: generalAssignee: Jan Grulich <jgrulich>
Status: REPORTED ---    
Severity: normal CC: jgrulich
Priority: NOR    
Version: 5.18.5   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: Version Fixed In:

Description emelenas 2020-07-26 10:08:41 UTC 
SUMMARY
The registration process for plasma-nm to the NetworkManager system  does not provide for interactive secret management, precluding runtime secret handling for plasma and other agents

STEPS TO REPRODUCE
1. Setup a VPN that needs runtime secrets, such as a fortisslvpn with 2FA after login
2. Try to bring the VPN up with nmcli
3. 

OBSERVED RESULT

NetworkManager fails with the messages

Calling old Connect function as not all agents support interactive secrets

ERROR:  Failed to get PIN: GDBus.Error:org.freedesktop.NetworkManager.Settings.Connection.Failed: More secrets required but cannot ask interactively

Actually, it is plasma-nm that prevents interactively asking, since if I stop plasma-nm, then the message no longer appears and nmcli works as expected

EXPECTED RESULT


SOFTWARE/OS VERSIONS

Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION
Comment 1 Jan Grulich 2020-07-27 05:27:10 UTC 
I'm afraid this is not only about adding NM_SECRET_AGENT_CAPABILITY_VPN_HINTS flag, but we don't support passing hints to VPN plugins at this moment.
Comment 2 emelenas 2020-07-27 06:31:54 UTC 
How much work does this take? Do you have an idea? Would you provide some hints? :-) I'd be glad to lend a hand
Comment 3 Jan Grulich 2020-07-27 08:18:07 UTC 
First of all I think this flag needs to be added to networkmanager-qt framework, which is a library we use for communication with NetworkManager. 

We miss implementation of https://people.freedesktop.org/~lkundrak/nm-docs/gdbus-org.freedesktop.NetworkManager.AgentManager.html#gdbus-method-org-freedesktop-NetworkManager-AgentManager.RegisterWithCapabilities

This will allow you to pass the flag you need.


Then the second part will need to be done in plasma-nm/kded/secretagent.cpp, where we would need to pass hints to the PasswordDialog and from there to VPN plugin and handle the hint from there.

Some links: 
Here you need to add capabilities flag: 
https://invent.kde.org/frameworks/networkmanager-qt/-/blob/master/src/secretagent.h

Here you need to add the missing registration method:
https://invent.kde.org/frameworks/networkmanager-qt/-/blob/master/src/secretagent_p.h
https://invent.kde.org/frameworks/networkmanager-qt/-/blob/master/src/secretagent.cpp

Plasma-nm part:
https://invent.kde.org/plasma/plasma-nm/-/blob/master/kded/secretagent.cpp
https://invent.kde.org/plasma/plasma-nm/-/blob/master/kded/passworddialog.cpp

Plasma-nm generic VPN plugin implementation where you need to add a way to pass hints:
https://invent.kde.org/plasma/plasma-nm/-/blob/master/libs/editor/vpnuiplugin.h

And last but not least particular VPN implementations:
https://invent.kde.org/plasma/plasma-nm/-/tree/master/vpn
Comment 4 emelenas 2020-07-28 07:48:46 UTC 
OK, not that easy, but I'll try an report back
Comment 5 Jan Grulich 2020-07-28 07:53:49 UTC 
(In reply to emelenas from comment #4)
> OK, not that easy, but I'll try an report back

It's not that hard either, it's just probably harder to get oriented in all the code. If you need some hand just let me know either on irc on #freenode/plasma (my nick is jgrulich) or just send me an email.