Inconsistency in flags sent to GetSecrets() for VPN connections


I have the following code:

    import gi
    gi.require_version('NM', '1.0')
    from gi.repository import GLib, Gio, NM

    def handle_method_call(
        connection, sender, object_path, interface_name,
        method_name, params, invocation
        if interface_name == 'org.freedesktop.NetworkManager.SecretAgent':
            if method_name == 'GetSecrets':
                conn, path, sett, hints, flags = params.unpack()
                print(f'  path = {path}')
                print(f'  sett = {sett}')
                print(f'  hints = {hints}')
                print(f'  flags = {flags}')

                    GLib.Variant.new_tuple(GLib.Variant('a{sa{sv}}', {}))

            invocation.return_value(GLib.Variant('()', ()))

    xml_path = 'org.freedesktop.NetworkManager.SecretAgent.xml'  # from [2]

    xml = open(xml_path, 'r').read()
    node = Gio.DBusNodeInfo.new_for_xml(xml)

    print(f'Getting DBus proxy for org.freedesktop.NetworkManager')
    proxy = Gio.DBusProxy.new_for_bus_sync(

    print(f'Registering SecretAgent interface')
        None, None

    print(f'Registering SecretAgent object')

    loop = GLib.MainLoop()

It registers as a SecretAgent and prints the parameters that NetworkManager
sends to its GetSecret() method.

With KDE - tested on Gentoo (NM version 1.26.0) and Kubuntu 20.04 (NM version
1.22.10) - I see the following (correct?) behavior:
  - when I go to System Settings > Connections and click on a VPN connection
    (to see the settings of the connection) my GetSecrets() function gets
    called once with flags=4 (ie. USER_REQUESTED - see [1])
  - when I try to activate a VPN connection (via nmcli OR from the connections
    page in System Settings OR via the Plasma NetworkManager applet) my
    function gets called twice - once with flags=4 then immediately after

With GNOME - tested on Fedora 32 (NM version 1.22.14) and Ubuntu 20.04 (NM
version 1.22.10) - I see the following (incorrect?)
  - when I go to Settings > Network and edit a VPN connection my function
    gets called once with flags=4 (same as the KDE case)
  - when I activate a VPN connection via nmcli or from Settings > Network my
    function gets called twice - once with flags=4 and once with flags=5
    immediately after
  - (!!) when I activate a VPN connection via the GNOME NetworkManager applet
    however my function only gets called once with flags=4. After that the
    default authentication dialog pops up and my function never gets called
    again. Furthermore, when testing with an OpenConnect VPN, I can see that
    nm-openconnect-auth-dialog gets run with the `-i` (interactive) parameter
    even though my function gets called without ALLOW_INTERACTION set in flags

I have tested with two types of VPN connection (OpenConnect and OpenVPN) and
I have seen this in both cases.

Is this intended behavior? Seems to me like the GNOME applet is maybe missing
some fix that was applied to the Settings > Network page in GNOME.

PS: On an older distribution (Ubuntu 18.04 with NM version 1.10.0) my function
always gets called with flags=4 so it looks to me like support for
ALLOW_INTERACTION was introduced only to some of the components.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]