• Dan Williams's avatar
    vpn: handle interactive plugin secrets requests · ab84a866
    Dan Williams authored
    If all agents can handle VPN hints, then we'll try to use
    ConnectInteractive() to let the VPN plugin ask for secrets
    interactively via the SecretsRequired signal.  These hints
    are then passed to agents during the connection process if
    the plugin needs more secrets or different secrets, and when
    the new secrets are returned, they are passed back to the VPN
    If at least one agent does not have the VPN hints capability,
    we can't use ConnectInteractive(), but fall back to the old
    Connect call, because that agent won't be able to send the
    hints to the VPN plugin's authentication dialog, and thus
    we won't get back the secrets the VPN plugin is looking for.
    So, for interactive secrets to work correctly, you need:
    1) A VPN plugin updated for interactive secrets requests
    2) NM updated for interactive secrets requests
    3) all agents to set the VPN_HINTS capability when
        registering with NetworkManager and to pass hints
        along to the VPN authentication dialog
    4) a VPN authentication dialog updated to look for hints
        and only return secrets corresponding to the hints
        requested by the plugin
nm-secret-agent.xml 12.2 KB