On Wed, Aug 26, 2020 at 09:03:12AM +0300, Ionuț Leonte via networkmanager-list wrote:
Hello,
I have the following code:
[...]
It registers as a SecretAgent and prints the parameters that NetworkManager
sends to its GetSecret() method.
With KDE - tested on Gentoo (NM version 1.26.0) and Kubuntu 20.04 (NM version
1.22.10) - I see the following (correct?) behavior:
- when I go to System Settings > Connections and click on a VPN connection
(to see the settings of the connection) my GetSecrets() function gets
called once with flags=4 (ie. USER_REQUESTED - see [1])
- when I try to activate a VPN connection (via nmcli OR from the connections
page in System Settings OR via the Plasma NetworkManager applet) my
function gets called twice - once with flags=4 then immediately after
with flags=5 (USER_REQUESTED | ALLOW_INTERACTION)
With GNOME - tested on Fedora 32 (NM version 1.22.14) and Ubuntu 20.04 (NM
version 1.22.10) - I see the following (incorrect?)
behavior:
- when I go to Settings > Network and edit a VPN connection my function
gets called once with flags=4 (same as the KDE case)
- when I activate a VPN connection via nmcli or from Settings > Network my
function gets called twice - once with flags=4 and once with flags=5
immediately after
- (!!) when I activate a VPN connection via the GNOME NetworkManager applet
however my function only gets called once with flags=4. After that the
default authentication dialog pops up and my function never gets called
again. Furthermore, when testing with an OpenConnect VPN, I can see that
nm-openconnect-auth-dialog gets run with the `-i` (interactive) parameter
even though my function gets called without ALLOW_INTERACTION set in flags
If there are multiple agents registered, NM favors the one having the same PID of the process that is asking for secrets. So, if you are activating the VPN via the applet (which registers its own agent), NM will first ask flags=4 to the applet, then to yours. After that, since no agent could provide the secrets, it will try again them both in interactive mode (flags=5), in the same order. However, I think also the KDE applet or GNOME shell should behave in a similar way; I don't know why there is a difference. You should analyze NM logs as suggested by Thomas. Beniamino
I have tested with two types of VPN connection (OpenConnect and OpenVPN) and I have seen this in both cases. Is this intended behavior? Seems to me like the GNOME applet is maybe missing some fix that was applied to the Settings > Network page in GNOME. PS: On an older distribution (Ubuntu 18.04 with NM version 1.10.0) my function always gets called with flags=4 so it looks to me like support for ALLOW_INTERACTION was introduced only to some of the components. [1] https://lazka.github.io/pgi-docs/#NM-1.0/flags.html#NM.SecretAgentGetSecretsFlags [2] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/master/introspection/org.freedesktop.NetworkManager.SecretAgent.xml _______________________________________________ networkmanager-list mailing list networkmanager-list gnome org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Attachment:
signature.asc
Description: PGP signature