Bug 1019890

Summary:	kde-plasma-networkmanagement: vpnc plugin should use new cisco-decrypt mode
Product:	[Fedora] Fedora	Reporter:	Florian Weimer <fweimer>
Component:	kde-plasma-networkmanagement	Assignee:	Lukáš Tinkl <ltinkl>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	19	CC:	fweimer, jgrulich, kevin, ltinkl, rdieter, than
Target Milestone:	---	Keywords:	Reopened
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	kde-plasma-nm-0.9.3.1-6.fc20	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2013-11-12 00:34:59 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Bug Depends On:	1019888
Bug Blocks:

Description Florian Weimer 2013-10-16 15:06:12 UTC

Once vpnc supports this via 1019888, the vpnc plugin shouldn't pass the password over the command line, but use standard input instead.

Comment 1 Lukáš Tinkl 2013-10-16 15:19:19 UTC

We don't pass anything over cmd line, what exactly do you have on mind?

Comment 2 Florian Weimer 2013-10-16 16:04:16 UTC

These parts of VpncUiPlugin::importConnectionSettings() in vpnplugins/vpnc/vpnc.cpp:

        else if (!decrPlugin->readStringKeyValue(cg,"enc_UserPassword").isEmpty() && !ciscoDecryptBinary.isEmpty()) {
            // Decrypt the password and insert into map
            decrArgs.clear();
            decrArgs << decrPlugin->readStringKeyValue(cg,"enc_UserPassword");
            decrPlugin->ciscoDecrypt->setProgram(ciscoDecryptBinary, decrArgs);
            decrPlugin->ciscoDecrypt->start();
            if (decrPlugin->ciscoDecrypt->waitForStarted() && decrPlugin->ciscoDecrypt->waitForFinished()) {
                secretData.insert(NM_VPNC_KEY_XAUTH_PASSWORD, decrPlugin->decryptedPasswd);
            }
        }
…
        else if (!decrPlugin->readStringKeyValue(cg,"enc_GroupPwd").isEmpty() && !ciscoDecryptBinary.isEmpty()) {
            //Decrypt the password and insert into map
            decrArgs.clear();
            decrArgs << decrPlugin->readStringKeyValue(cg,"enc_GroupPwd");
            decrPlugin->ciscoDecrypt->setProgram(ciscoDecryptBinary, decrArgs);
            decrPlugin->ciscoDecrypt->start();
            if (decrPlugin->ciscoDecrypt->waitForStarted() && decrPlugin->ciscoDecrypt->waitForFinished()) {
                secretData.insert(NM_VPNC_KEY_SECRET, decrPlugin->decryptedPasswd);
                data.insert(NM_VPNC_KEY_SECRET"-flags", QString::number(Knm::Setting::AgentOwned));
            }
        }

The password-equivalent is passed over the command line to the cisco-decrypt program.

Comment 3 Lukáš Tinkl 2013-10-22 17:15:51 UTC

Fix committed here: http://commits.kde.org/plasma-nm/16b0df71b48c637884278e0f6a746c6909327c4e

It will be available with the next version

Comment 4 Florian Weimer 2013-10-22 18:36:04 UTC

(In reply to Lukáš Tinkl from comment #3)
> Fix committed here:
> http://commits.kde.org/plasma-nm/16b0df71b48c637884278e0f6a746c6909327c4e
> 
> It will be available with the next version

Thanks.  Have you tested this?  I couldn't find the required functionality in the cisco-decrypt versions I tested.

Comment 5 Lukáš Tinkl 2013-10-22 18:45:04 UTC

Nope I haven't tested it... I kinda assumed the cisco-decrypt binary already supports it

Comment 6 Fedora Update System 2013-10-23 09:15:12 UTC

kde-plasma-nm-0.9.3.1-5.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/kde-plasma-nm-0.9.3.1-5.fc20

Comment 7 Fedora Update System 2013-10-23 17:31:03 UTC

Package kde-plasma-nm-0.9.3.1-5.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing kde-plasma-nm-0.9.3.1-5.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-19756/kde-plasma-nm-0.9.3.1-5.fc20
then log in and leave karma (feedback).

Comment 8 Fedora Update System 2013-11-07 02:18:18 UTC

kde-plasma-nm-0.9.3.1-6.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/kde-plasma-nm-0.9.3.1-6.fc20

Comment 9 Fedora Update System 2013-11-07 19:05:01 UTC

Package kde-plasma-nm-0.9.3.1-6.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing kde-plasma-nm-0.9.3.1-6.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-20837/kde-plasma-nm-0.9.3.1-6.fc20
then log in and leave karma (feedback).

Comment 10 Fedora Update System 2013-11-12 00:34:59 UTC

kde-plasma-nm-0.9.3.1-6.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.