Bug 424678 - [RFE] Support passing hints from SecretAgent::GetSecrets() to VPN plugins
Summary: [RFE] Support passing hints from SecretAgent::GetSecrets() to VPN plugins
Status: REPORTED
Alias: None
Product: plasma-nm
Classification: Plasma
Component: general (show other bugs)
Version: 5.18.5
Platform: Fedora RPMs Linux
: NOR normal
Target Milestone: ---
Assignee: Jan Grulich
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-26 10:08 UTC by emelenas
Modified: 2020-07-28 07:53 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description emelenas 2020-07-26 10:08:41 UTC 
SUMMARY
The registration process for plasma-nm to the NetworkManager system  does not provide for interactive secret management, precluding runtime secret handling for plasma and other agents

STEPS TO REPRODUCE
1. Setup a VPN that needs runtime secrets, such as a fortisslvpn with 2FA after login
2. Try to bring the VPN up with nmcli
3. 

OBSERVED RESULT

NetworkManager fails with the messages

Calling old Connect function as not all agents support interactive secrets

ERROR:  Failed to get PIN: GDBus.Error:org.freedesktop.NetworkManager.Settings.Connection.Failed: More secrets required but cannot ask interactively

Actually, it is plasma-nm that prevents interactively asking, since if I stop plasma-nm, then the message no longer appears and nmcli works as expected

EXPECTED RESULT


SOFTWARE/OS VERSIONS

Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION
Comment 1 Jan Grulich 2020-07-27 05:27:10 UTC 
I'm afraid this is not only about adding NM_SECRET_AGENT_CAPABILITY_VPN_HINTS flag, but we don't support passing hints to VPN plugins at this moment.
Comment 2 emelenas 2020-07-27 06:31:54 UTC 
How much work does this take? Do you have an idea? Would you provide some hints? :-) I'd be glad to lend a hand
Comment 3 Jan Grulich 2020-07-27 08:18:07 UTC 
First of all I think this flag needs to be added to networkmanager-qt framework, which is a library we use for communication with NetworkManager. 

We miss implementation of https://people.freedesktop.org/~lkundrak/nm-docs/gdbus-org.freedesktop.NetworkManager.AgentManager.html#gdbus-method-org-freedesktop-NetworkManager-AgentManager.RegisterWithCapabilities

This will allow you to pass the flag you need.


Then the second part will need to be done in plasma-nm/kded/secretagent.cpp, where we would need to pass hints to the PasswordDialog and from there to VPN plugin and handle the hint from there.

Some links: 
Here you need to add capabilities flag: 
https://invent.kde.org/frameworks/networkmanager-qt/-/blob/master/src/secretagent.h

Here you need to add the missing registration method:
https://invent.kde.org/frameworks/networkmanager-qt/-/blob/master/src/secretagent_p.h
https://invent.kde.org/frameworks/networkmanager-qt/-/blob/master/src/secretagent.cpp

Plasma-nm part:
https://invent.kde.org/plasma/plasma-nm/-/blob/master/kded/secretagent.cpp
https://invent.kde.org/plasma/plasma-nm/-/blob/master/kded/passworddialog.cpp

Plasma-nm generic VPN plugin implementation where you need to add a way to pass hints:
https://invent.kde.org/plasma/plasma-nm/-/blob/master/libs/editor/vpnuiplugin.h

And last but not least particular VPN implementations:
https://invent.kde.org/plasma/plasma-nm/-/tree/master/vpn
Comment 4 emelenas 2020-07-28 07:48:46 UTC 
OK, not that easy, but I'll try an report back
Comment 5 Jan Grulich 2020-07-28 07:53:49 UTC 
(In reply to emelenas from comment #4)
> OK, not that easy, but I'll try an report back

It's not that hard either, it's just probably harder to get oriented in all the code. If you need some hand just let me know either on irc on #freenode/plasma (my nick is jgrulich) or just send me an email.