set passwords only if changed

Jan Grulich jgrulich at redhat.com
Fri Sep 4 08:53:03 UTC 2015 

Hi,

you can add me to CC or send the mail directly to me next time, otherwise it's 
possible I won't notice it.

On Friday 04 of September 2015 07:45:52 Boettger, Heiko wrote:
> Hi Jan
> 
> when I don't read the secrets via NetworkManager::Connection::secrets and
> store the changes applied on a setting the passwords are always cleared. I
> assume the passwords are replaced by the empty string because I never set
> them. I tried to filter the secrets out by removing the password properties
> from the settings map before passing it to the ConenctionSettings::Update
> method. This doesn't seem to work. I just wonder whether I made a mistake
> somewhere or if it really isn't possible that way.
> 

Unfortunately you need also secrets to be part of your settings map which you pass to 
ConnectionSettings::Update() method, otherwise they will get lost.

>From NM documentation:
*Update ( a{sa{sv}}: properties ) → nothing*
Update the connection with new settings and properties (replacing all previous 
settings and properties) and save the connection to disk. Secrets may be part of the 
update request, and will be either stored in persistent storage or sent to a Secret 
Agent for storage, depending on the flags associated with each secret.

> The reason why I don't want to read the passwords is that a college thinks
> that this  might be insecure. There is no problem for me to just hide the
> passwords from the users eye.
> Are there any side effect calling NetworkManager::Connection::secrets? I
> mean, does the user need to have special permissions to get the passwords?
> And if so, does saving the password require less access rights?

You can define for each connection whether the user have access to it, by default if 
you don't set any permission then the connection should be readable/writable by 
everyone. Then there is also NM configuration where you can allow/disable to a certain 
user whether he can call various methods over DBus to control the network. But by 
default the user shouldn't need any special permission for getting/storing the secrets.

> May be all depends on the secret agent used in the system running behind, am
> I right?

Well, I would say that the secret agent is something like an extension and mostly it just 
provides additional secret storage because NetworkManager itself stores secrets 
unencrypted and also allows to display password dialogs. Eg. in case of KDE's secret 
agent we just added additional password storing/loading into/from KWallet and that's 
all and we use it just in case that the connection is limited to a certain user, if it's 
available for all users, then we don't store secrets there and we let NM to store them 
and make them available for everyone.

> Is it also right that the NetworkManager::SecretAgent class is not
> meant to be used directly and is internally used when I use 
> NetworkManager::Connection::secrets and ConenctionSettings::Update.

In nm-qt the NetworkManager::SecretAgent class is just a prescription how the 
implementation of secret agent should look like and is used only when you want to 
implement your own secret agent like we do in plasma-nm. When you call 
NetworkManager::Connection::Secrets() then NM first checks where the secrets are 
stored (this can be defined by secret flags) and when they have agent-owned flag, 
then NM asks the secret agent for the secrets, if there is any. If the secrets are not 
marked as agent-owned, then NM loads them from it's storage and secret agent is 
not used at all.

> Thank in advance for your help.
> 
> Best Regards
> Heiko

I hope that helps.

Regards,
Jan
-- 
Jan Grulich <jgrulich at redhat.com>
Software Engineer, Desktop team
Red Hat Czech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20150904/48e504ea/attachment-0001.html>

More information about the Kde-frameworks-devel mailing list