On Wed, 2020-08-26 at 09:03 +0300, Ionuț Leonte via networkmanager-list
wrote:
> Hello,
>
> I have the following code:
>
> import gi
> gi.require_version('NM', '1.0')
> from gi.repository import GLib, Gio, NM
>
>
> def handle_method_call(
> connection, sender, object_path, interface_name,
> method_name, params, invocation
> ):
> if interface_name ==
> 'org.freedesktop.NetworkManager.SecretAgent':
> if method_name == 'GetSecrets':
> conn, path, sett, hints, flags = params.unpack()
> print(f'GetSecrets():')
> print(f' path = {path}')
> print(f' sett = {sett}')
> print(f' hints = {hints}')
> print(f' flags = {flags}')
>
> invocation.return_value(
> GLib.Variant.new_tuple(GLib.Variant('a{sa{sv}}',
> {}))
> )
> return
>
> invocation.return_value(GLib.Variant('()', ()))
>
>
> xml_path = 'org.freedesktop.NetworkManager.SecretAgent.xml' #
> from [2]
>
> xml = open(xml_path, 'r').read()
> node = Gio.DBusNodeInfo.new_for_xml(xml)
>
> print(f'Getting DBus proxy for org.freedesktop.NetworkManager')
> proxy = Gio.DBusProxy.new_for_bus_sync(
> Gio.BusType.SYSTEM,
> Gio.DBusProxyFlags.NONE,
> None,
> "org.freedesktop.NetworkManager",
> "/org/freedesktop/NetworkManager/AgentManager",
> "org.freedesktop.NetworkManager.AgentManager",
> None,
> )
>
> print(f'Registering SecretAgent interface')
> proxy.get_connection().register_object(
> "/org/freedesktop/NetworkManager/SecretAgent",
> node.interfaces[0],
> handle_method_call,
> None, None
> )
>
> print(f'Registering SecretAgent object')
> proxy.call_sync(
> "Register",
> GLib.Variant.new_tuple(GLib.Variant.new_string('dev.ileonte.V
> PNSSO')),
> Gio.DBusCallFlags.NO_AUTO_START,
> -1,
> None)
>
> loop = GLib.MainLoop()
> loop.run()
>
> It registers as a SecretAgent and prints the parameters that
> NetworkManager
> sends to its GetSecret() method.
>
> With KDE - tested on Gentoo (NM version 1.26.0) and Kubuntu 20.04 (NM
> version
> 1.22.10) - I see the following (correct?) behavior:
> - when I go to System Settings > Connections and click on a VPN
> connection
> (to see the settings of the connection) my GetSecrets() function
> gets
> called once with flags=4 (ie. USER_REQUESTED - see [1])
> - when I try to activate a VPN connection (via nmcli OR from the
> connections
> page in System Settings OR via the Plasma NetworkManager applet)
> my
> function gets called twice - once with flags=4 then immediately
> after
> with flags=5 (USER_REQUESTED | ALLOW_INTERACTION)
>
> With GNOME - tested on Fedora 32 (NM version 1.22.14) and Ubuntu
> 20.04 (NM
> version 1.22.10) - I see the following (incorrect?)
> behavior:
> - when I go to Settings > Network and edit a VPN connection my
> function
> gets called once with flags=4 (same as the KDE case)
> - when I activate a VPN connection via nmcli or from Settings >
> Network my
> function gets called twice - once with flags=4 and once with
> flags=5
> immediately after
> - (!!) when I activate a VPN connection via the GNOME
> NetworkManager applet
> however my function only gets called once with flags=4. After
> that the
> default authentication dialog pops up and my function never gets
> called
> again. Furthermore, when testing with an OpenConnect VPN, I can
> see that
> nm-openconnect-auth-dialog gets run with the `-i` (interactive)
> parameter
> even though my function gets called without ALLOW_INTERACTION set
> in flags
>
> I have tested with two types of VPN connection (OpenConnect and
> OpenVPN) and
> I have seen this in both cases.
>
> Is this intended behavior? Seems to me like the GNOME applet is maybe
> missing
> some fix that was applied to the Settings > Network page in GNOME.
>
> PS: On an older distribution (Ubuntu 18.04 with NM version 1.10.0) my
> function
> always gets called with flags=4 so it looks to me like support for
> ALLOW_INTERACTION was introduced only to some of the components.
>
>
> [1]
> https://lazka.github.io/pgi-docs/#NM-1.0/flags.html#NM.SecretAgentGetSecretsFlags
> [2]
> https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/master/introspection/org.freedesktop.NetworkManager.SecretAgent.xmlhi, I don't know. Something does sound wrong here. I would think that NetworkManager shouldn't behave differently between nmcli, nm-applet or plasma-nm/KDE. In the end, they are all D-Bus clients, it's not clear why that would result in different behavior. Also, for the most part, the distros should ship something close to upstream, so it's not clear why you would see a difference on Fedora 32. I think to really understand you should look at level=TRACE logs of NetworkManager. It should tell you why/which secret-agents are prompted and why. I guess, you'd also have to check the sources. Sorry, that it isn't that straight forward, but new secret-agents only get implemented once per decade, and they are debugged only rarely. Looking at logs seems most important. See https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf#n28 for hints about logging. best, Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
