openconnect: patch which add support for seperate pin value for pkcs11 url
plasma-nm openconnect should support separate pin value in config file for pkcs11 url. (Pin should not be visible in log)
jgrulich | |
• sbmultimedia |
Plasma |
openconnect: patch which add support for seperate pin value for pkcs11 url
plasma-nm openconnect should support separate pin value in config file for pkcs11 url. (Pin should not be visible in log)
No Linters Available |
No Unit Test Coverage |
I discussed this witn Openconnect maintainer and I was told basically the same I told you first. NM_OPENCONNECT_KEY_PIN is something what NetworkManager-openconnect plugin doesn't support. Do you have your own patched nm-openconnect plugin or something like that?
The openconnect-plugin is not used for parsing this variable. Maybe it was in the past.
I add my pin in "nm-servie-defines.h" near NM_OPENCONNECT_KEY_USERCERT. It was not used.
I try to add this code in openconnect plugin in first place, but it was not working because the code in openconnect-plugin is not used anymore. Imho only the virtual "need_secrets" method is used from plugin. "connect" and "disconnect" are not used.
So i searched for a different place where all the vpn variables were used. And a fellow told me to have a look on plasma-nm.
I moved my stuff from openconnect plugin to plasma-nm. Now its working.
What else could i say? I am shure openconnect-plugin is not in use, because i renamed userkey in userkey2 in openconnect-plugin. But the connection ist still working.
I'm not sure I understand. Let me describe how this is working:
In theory this will work if you manually modify your openconnect connection in /etc/NetworkManager/system-connections, but it's not the way openconnect devs want to handle passing this "pin" property. I will have to probably discuss this deeper with Openconnect devs what would be the correct way to support this.
What you are missing is the Gui part to store the pin in the network-manager config file.
This is correct. I've not implementet a GUI yet. This is just the part for reading the config file values.
All values in group [vpn] were read to the dataMap. No filtering from the plugin is done.
Maybe a filter is missing or not working?
For my case i deliver a fully preconfigured configuration file which is read-only for the gui user.
If a Gui user wants to use pkcs11 with pin, it is not neccessary to hide pin.
The pin could be provided within the uri or the gui will ask interactively for the pin.
This is already working.
Current supported workflows:
Not supported enterprise case: pin is not visible for gui user
This is what i want to add with this patch.