libnmc: support 2FA authentication from VPN plugins (!1842) · Merge requests · NetworkManager / NetworkManager

Íñigo Huguet requested to merge ih/vpn-2fa into main Jan 23, 2024

Summary

Fix some issues that prevented or made annoying to use 2FA authentication from VPN plugins.

Purpose

When the VPN service sends a challenge as 2nd step of a 2FA authentication, clients like nmcli were requesting again the password. Fix that.

Also, attempts by VPN plugins to implement an ECHO mode so the response to the challenge is not hidden as a password were not successful because they tried to set IsSecret=false from the auth-dialog, but nm-secret-agent-simple ignores values without IsSecret. Fix that by adding a new "ForceEcho" option

This change is backwards compatible in the sense that it doesn't break any existing VPN plugin. Clients that doesn't support the auth-dialog might need to adapt if VPN plugins start using this mechanism. They will work fine if they support the auth-dialog, though.

See implementation of the new features in NetworkManager-openvpn: https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/merge_requests/66

Fixes #1434 (closed)
See #1451

Edited Jan 23, 2024 by Íñigo Huguet

libnmc: support 2FA authentication from VPN plugins

Summary

Purpose

Merge request reports