Re: Inconsistency in flags sent to GetSecrets() for VPN connections

On Wed, Aug 26, 2020 at 09:03:12AM +0300, Ionuț Leonte via networkmanager-list wrote:

I have the following code:


It registers as a SecretAgent and prints the parameters that NetworkManager
sends to its GetSecret() method.

With KDE - tested on Gentoo (NM version 1.26.0) and Kubuntu 20.04 (NM version
1.22.10) - I see the following (correct?) behavior:
  - when I go to System Settings > Connections and click on a VPN connection
    (to see the settings of the connection) my GetSecrets() function gets
    called once with flags=4 (ie. USER_REQUESTED - see [1])
  - when I try to activate a VPN connection (via nmcli OR from the connections
    page in System Settings OR via the Plasma NetworkManager applet) my
    function gets called twice - once with flags=4 then immediately after

With GNOME - tested on Fedora 32 (NM version 1.22.14) and Ubuntu 20.04 (NM
version 1.22.10) - I see the following (incorrect?)
  - when I go to Settings > Network and edit a VPN connection my function
    gets called once with flags=4 (same as the KDE case)
  - when I activate a VPN connection via nmcli or from Settings > Network my
    function gets called twice - once with flags=4 and once with flags=5
    immediately after
  - (!!) when I activate a VPN connection via the GNOME NetworkManager applet
    however my function only gets called once with flags=4. After that the
    default authentication dialog pops up and my function never gets called
    again. Furthermore, when testing with an OpenConnect VPN, I can see that
    nm-openconnect-auth-dialog gets run with the `-i` (interactive) parameter
    even though my function gets called without ALLOW_INTERACTION set in flags

If there are multiple agents registered, NM favors the one having the
same PID of the process that is asking for secrets. So, if you are
activating the VPN via the applet (which registers its own agent), NM
will first ask flags=4 to the applet, then to yours. After that, since
no agent could provide the secrets, it will try again them both in
interactive mode (flags=5), in the same order.

However, I think also the KDE applet or GNOME shell should behave in a
similar way; I don't know why there is a difference. You should
analyze NM logs as suggested by Thomas.


I have tested with two types of VPN connection (OpenConnect and OpenVPN) and
I have seen this in both cases.

Is this intended behavior? Seems to me like the GNOME applet is maybe missing
some fix that was applied to the Settings > Network page in GNOME.

PS: On an older distribution (Ubuntu 18.04 with NM version 1.10.0) my function
always gets called with flags=4 so it looks to me like support for
ALLOW_INTERACTION was introduced only to some of the components.

networkmanager-list mailing list
networkmanager-list gnome org

Attachment: signature.asc
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]