adding a VPN secret default flag property



Hi list,

would it be possible to add a default secret flag property to the VPN
setting? The rationale behind it is such: The OpenConnect plugin does
not know in advance what and how many secrets it will be storing, this
information is available only to the auth-dialog, which can not modify
the VPN data map. Thus, all secrets that need to be saved by the
auth-dialog, will be saved in plain text. Saving the password to
encrypted user storage is only possible by directly interfacing with the
storage backend, like the OpenConnect GNOME auth dialog does  with
GNOME-keyring, or hacking a special case for some specific OpenConnect
server configuration. I would like to avoid that approach in KDE, since
it kind of goes against the whole secret agent scheme (also, the KDE
agent can be configured to save secrets to plain text or encrypted
storage, saving the OpenConnect password always to encrypted storage
would be inconsistent, while reading the agent configuration in the auth
dialog would be an even uglier hack). Hence my proposal to add a VPN
property "default-secret-flags" (or something like that), which would
mark the default flag for this connection if no flag is provided in the
data map. It would have the same values as the secret flag types, with
the same default, but could be set by the OpenConnect plugin (and others
in a similar situation) upon connection creation to agent-owned.

I would be happy to try to write a patch, but I need to know if this
would be considered for inclusion (also, pointers on the patch would be
appreciated, I am not very familiar with NM source).

Ilia Kats


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]