Re: Vpn plugin isn't invoking my save_secrets()

From: Dan Williams <dcbw redhat com>
To: Eivind Naess <eivnaes yahoo com>
Cc: networkmanager-list gnome org
Subject: Re: Vpn plugin isn't invoking my save_secrets()
Date: Wed, 06 Apr 2011 17:02:00 -0500
On Wed, 2011-04-06 at 07:23 -0700, Eivind Naess wrote:
> Hi Dan, 
> Thanks for the response! The problem seems to work for me now with the latest 
> set of patches, thank you very much! One question though, what does it really 
> mean for a secret to be agent owned? 

It means a secret agent in the user's session stores the secret and
gives it to NM upon request.  That agent is currently nm-applet, which
stores the secret in gnome-keyring, but there could be any number of
agents in any running user session.

If the secret is not agent-owned, then it is stored by NM in root-owned,
non-user-readable files in /etc/NetworkManager/system-connections (for
keyfile connections), or various other directories based on which
settings plugin you have enabled.

This duality allows more sensitive secrets (VPN passwords, private key
passwords, etc) to be stored in the user's session on a per-user basis,
or more generic passwords (wifi passphrases, etc) to be stored
system-wide for all users.

Dan

> 
> Regards,
> - Eivind
> 
> 
> 
> ----- Original Message ----
> From: Dan Williams <dcbw redhat com>
> To: Eivind Naess <eivnaes yahoo com>
> Cc: networkmanager-list gnome org
> Sent: Mon, April 4, 2011 8:00:49 PM
> Subject: Re: Vpn plugin isn't invoking my save_secrets()
> 
> On Tue, 2011-03-29 at 13:44 -0700, Eivind Naess wrote:
> > Hi All, 
> > 
> > I am compiling the following packages from sources on my Ubuntu system:
> > * NetworkManager
> > * network-manager-applet
> > * network-manager-pptp
> > 
> > Then I am trying to port the network-manager-pptp to network-manager-sstp (a 
> >new 
> >
> > project). That aside, the pptp or my sstp projects seems to have the same 
> > problem in getting/setting the password. I use the nm-connection-editor and add 
> >
> > the new connection. But it doesn't seem like the password is getting retrieved 
> 
> > successfully. I am also  not seeing the dispatch of the call 
> > plugin->save_secrets as defined by the vpn plugin code.
> 
> save_secrets will only get called if the password is "agent-owned", ie
> if the password flags for that password include
> NM_SETTING_SECRETS_FLAG_AGENT_OWNED.  The pptp plugin doesn't set up any
> of these flags when importing yet, something which I think I have to
> fix.  Basically, when importing a connection, or creating a new
> connection from scratch, the plugin should probably call:
> 
> nm_setting_set_secret_flags (s_vpn, NM_PPTP_KEY_PASSWORD, 
> NM_SETTING_SECRETS_FLAG_AGENT_OWNED);
> 
> Dan
> 
> > Looking at the debug output of NetworkManager below, I am pretty clueless on 
> >how 
> >
> > to continue debugging this. It seems like the invocation of a dbus call fails 
> > and returns "(null)". This is the value that I see when I re-open the 
> > connection's preferences and unmasks the password. Changing the "Allow all 
> > users" doesn't seem to make a difference. I also sprinkled a bunch of messages, 
> >
> > looked through the mailing lists, and tried the nm_setting_vpn_add_secret call 
> 
> > as it was suggested by the mailing list, and done by network-manager-vpnc. Any 
> 
> > help is appreciated!
> > 
> > Please advice,
> > - Eivind
> > 
> > 
> > 
> > lt-NetworkManager[8000]: <debug> [1301430356.183769] [nm-agent-manager.c:1005] 
> 
> > nm_agent_manager_get_secrets(): Secrets requested for connection 
> > /org/freedesktop/NetworkManager/Settings/0 (vpn)
> > lt-NetworkManager[8000]: <debug> [1301430356.183858] [nm-agent-manager.c:538] 
> > request_add_agent(): (:1.46/org.freedesktop.nm-applet/1000) agent allowed for 
> > secrets request 0x8387978/vpn
> > lt-NetworkManager[8000]: <debug> [1301430356.183889] 
> > [nm-settings-connection.c:714] nm_settings_connection_get_secrets(): 
> > (9d903ca7-fb3f-4321-9208-d8f3bbe234c3/vpn:2) secrets requested flags 0x0 hint 
> > '(null)'
> > lt-NetworkManager[8000]: <debug> [1301430356.184273] [nm-agent-manager.c:928] 
> > get_start(): (0x8387978/vpn) system settings secrets insufficient, asking 
> >agents
> > lt-NetworkManager[8000]: <debug> [1301430356.184301] [nm-agent-manager.c:613] 
> > next_generic(): (:1.46/org.freedesktop.nm-applet/1000) agent getting secrets 
> >for 
> >
> > request 0x8387978/vpn
> > lt-NetworkManager[8000]: <debug> [1301430356.184322] [nm-agent-manager.c:884] 
> > get_next_cb(): (0x8387978/vpn) requesting user-owned secrets from agent :1.46
> > lt-NetworkManager[8000]: <debug> [1301430356.388637] [nm-agent-manager.c:678] 
> > get_done_cb(): (:1.46/org.freedesktop.nm-applet/1000) agent returned secrets 
> >for 
> >
> > request 0x8387978/vpn
> > lt-NetworkManager[8000]: <debug> [1301430356.388713] 
> > [nm-settings-connection.c:533] agent_secrets_done_cb(): 
> > (9d903ca7-fb3f-4321-9208-d8f3bbe234c3/vpn:2) secrets returned from agent :1.46
> > lt-NetworkManager[8000]: <debug> [1301430356.388743] 
> > [nm-settings-connection.c:576] agent_secrets_done_cb(): 
> > (9d903ca7-fb3f-4321-9208-d8f3bbe234c3/vpn:2) secrets request completed
> > lt-NetworkManager[8000]: <debug> [1301430356.389235] 
> > [nm-settings-connection.c:615] agent_secrets_done_cb(): 
> > (9d903ca7-fb3f-4321-9208-d8f3bbe234c3/vpn:2) new agent secrets processed
> > lt-NetworkManager[8000]: <debug> [1301430382.537429] [nm-agent-manager.c:1133] 
> 
> > nm_agent_manager_save_secrets(): Saving secrets for connection 
> > /org/freedesktop/NetworkManager/Settings/0
> > lt-NetworkManager[8000]: <debug> [1301430382.546915] [nm-agent-manager.c:538] 
> > request_add_agent(): (:1.46/org.freedesktop.nm-applet/1000) agent allowed for 
> > secrets request 0x83a44d8/(null)
> > lt-NetworkManager[8000]: <debug> [1301430382.547282] [nm-agent-manager.c:613] 
> > next_generic(): (:1.46/org.freedesktop.nm-applet/1000) agent saving secrets for 
> >
> > request 0x83a44d8/(null)
> > lt-NetworkManager[8000]: <debug> [1301430392.558166] [nm-agent-manager.c:1071] 
> 
> > save_done_cb(): (:1.46/org.freedesktop.nm-applet/1000) agent failed save 
> >secrets 
> >
> > request 0x83a44d8/(null): (4) Did not receive a reply. Possible causes include: 
> >
> > the remote application did not send a reply, the message bus security policy 
> > blocked the reply, the reply timeout expired, or the network connection was 
> > broken.
> > 
> > _______________________________________________
> > networkmanager-list mailing list
> > networkmanager-list gnome org
> > http://mail.gnome.org/mailman/listinfo/networkmanager-list
Follow-Ups:
- Re: Vpn plugin isn't invoking my save_secrets()
  - From: Eivind Naess
References:
- Re: Vpn plugin isn't invoking my save_secrets()
  - From: Dan Williams
- Re: Vpn plugin isn't invoking my save_secrets()
  - From: Eivind Naess
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]