Hi,
you can add me to CC or send the mail directly to me next time, otherwise it's
possible I won't notice it.
On Friday 04 of September 2015 07:45:52 Boettger, Heiko wrote:
> Hi Jan
>
> when I don't read the secrets via NetworkManager::Connection::secrets and
> store the changes applied on a setting the passwords are always cleared. I
> assume the passwords are replaced by the empty string because I never set
> them. I tried to filter the secrets out by removing the password properties
> from the settings map before passing it to the ConenctionSettings::Update
> method. This doesn't seem to work. I just wonder whether I made a mistake
> somewhere or if it really isn't possible that way.
>
Unfortunately you need also secrets to be part of your settings map which you
pass to
ConnectionSettings::Update() method, otherwise they will get lost.
>From NM documentation:
*Update ( a{sa{sv}}: properties ) → nothing*
Update the connection with new settings and properties (replacing all previous
settings and properties) and save the connection to disk. Secrets may be part
of the
update request, and will be either stored in persistent storage or sent to a
Secret
Agent for storage, depending on the flags associated with each secret.
> The reason why I don't want to read the passwords is that a college thinks
> that this might be insecure. There is no problem for me to just hide the
> passwords from the users eye.
> Are there any side effect calling NetworkManager::Connection::secrets? I
> mean, does the user need to have special permissions to get the passwords?
> And if so, does saving the password require less access rights?
You can define for each connection whether the user have access to it, by
default if
you don't set any permission then the connection should be readable/writable by
everyone. Then there is also NM configuration where you can allow/disable to a
certain
user whether he can call various methods over DBus to control the network. But
by
default the user shouldn't need any special permission for getting/storing the
secrets.
> May be all depends on the secret agent used in the system running behind, am
> I right?
Well, I would say that the secret agent is something like an extension and
mostly it just
provides additional secret storage because NetworkManager itself stores secrets
unencrypted and also allows to display password dialogs. Eg. in case of KDE's
secret
agent we just added additional password storing/loading into/from KWallet and
that's
all and we use it just in case that the connection is limited to a certain
user, if it's
available for all users, then we don't store secrets there and we let NM to
store them
and make them available for everyone.
> Is it also right that the NetworkManager::SecretAgent class is not
> meant to be used directly and is internally used when I use
> NetworkManager::Connection::secrets and ConenctionSettings::Update.
In nm-qt the NetworkManager::SecretAgent class is just a prescription how the
implementation of secret agent should look like and is used only when you want
to
implement your own secret agent like we do in plasma-nm. When you call
NetworkManager::Connection::Secrets() then NM first checks where the secrets
are
stored (this can be defined by secret flags) and when they have agent-owned
flag,
then NM asks the secret agent for the secrets, if there is any. If the secrets
are not
marked as agent-owned, then NM loads them from it's storage and secret agent is
not used at all.
> Thank in advance for your help.
>
> Best Regards
> Heiko
I hope that helps.
Regards,
Jan
--
Jan Grulich <jgrul...@redhat.com>
Software Engineer, Desktop team
Red Hat Czech
_______________________________________________
Kde-frameworks-devel mailing list
Kde-frameworks-devel@kde.org
https://mail.kde.org/mailman/listinfo/kde-frameworks-devel
