Bug 1351272 - show name if ask is specified for 802.1x connections
Summary: show name if ask is specified for 802.1x connections
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager
Version: 7.3
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Beniamino Galvani
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-29 15:02 UTC by Vladimir Benes
Modified: 2016-11-03 19:23 UTC (History)
9 users (show)

Fixed In Version: NetworkManager-1.4.0-9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-03 19:23:29 UTC


Attachments (Terms of Use)
[PATCH] cli: display pre-filled values when the value asked for is not a real password (1.20 KB, patch)
2016-07-24 13:25 UTC, Blueowl
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2581 normal SHIPPED_LIVE Low: NetworkManager security, bug fix, and enhancement update 2016-11-03 12:08:07 UTC

Description Vladimir Benes 2016-06-29 15:02:05 UTC
Description of problem:
as stated here: https://bugzilla.redhat.com/show_bug.cgi?id=1141947#c9

it would be nice to see 

Username (802-1x.identity) [vbenes]:

if connecting to two factor secured 802.1x network. Enter is accepted as identity was stored and can be used. 

Version-Release number of selected component (if applicable):
1.3

How reproducible:


Steps to Reproduce:
1. store 802.1x network identity to some profile and set always ask password
2. connect to it via nmcli -a con up $con

Actual results:
no name shown even if it's stored

Expected results:
name should be shown as it can be used

Additional info:

Comment 1 Blueowl 2016-07-24 13:24:00 UTC
The identity is actually pre-filled, but it is not displayed because, when asking for passwords, echoing was off.
The echo can be switched on with "-s" option:
nmcli -a -s con up $con

Comment 2 Blueowl 2016-07-24 13:25:35 UTC
Created attachment 1183369 [details]
[PATCH] cli: display pre-filled values when the value asked for is not a real password

Comment 3 Beniamino Galvani 2016-08-12 14:10:36 UTC
(In reply to Blueowl from comment #2)
> Created attachment 1183369 [details]
> [PATCH] cli: display pre-filled values when the value asked for is not a
> real password

LGTM

Comment 4 Blueowl 2016-08-17 13:43:37 UTC
Pushed upstream:
master: c9f6309 cli: show pre-filled readline input if it is not a real password (rh #1351272)
nm-1-2: cbc5ffe cli: show pre-filled readline input if it is not a real password (rh #1351272)

Comment 6 Vladimir Benes 2016-09-08 12:17:48 UTC
this is fixed just partially.
[root@walderon NetworkManager]# nmcli connection add type ethernet ifname eth1 con-name connie 802-1x.identity jdoe 802-1x.eap leap
[root@walderon NetworkManager]# nmcli -a con up connie 
(null)
Network name (connection.id): connie
(null)
Username (802-1x.identity): jdoe
(null)
Password (802-1x.password): 
(null)
Network name (connection.id): connie
(null)
Username (802-1x.identity): jdoe
(null)
Password (802-1x.password): 
(null)
Network name (connection.id): connie
(null)
Username (802-1x.identity): jdoe
(null)
Password (802-1x.password): 
(null)
Network name (connection.id): connie
(null)
Username (802-1x.identity): jdoe
(null)
Password (802-1x.password): 
(null)
Network name (connection.id): connie
(null)
Username (802-1x.identity): jdoe
(null)
Password (802-1x.password): 
Error: Connection activation failed.

this (null) is ugly and whatmore I think connection should have been hidden if provided via cli. back to assigned.

Comment 7 Vladimir Benes 2016-09-08 12:23:53 UTC
even better after this:
[root@walderon NetworkManager]# nmcli connection up id testeth0
(null)
Warning: password for 'connection.id' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)

this is normal not 802.1x protected connection

Comment 8 Beniamino Galvani 2016-09-09 20:16:37 UTC
Fix for the "(null)" messages in branch bg/clients-agent-message-rh1351272.

(In reply to Vladimir Benes from comment #7)
> [root@walderon NetworkManager]# nmcli connection up id testeth0
> (null)
> Warning: password for 'connection.id' not given in 'passwd-file' and nmcli
> cannot ask without '--ask' option.
> Connection successfully activated (D-Bus active path:
> /org/freedesktop/NetworkManager/ActiveConnection/6)
> 
> this is normal not 802.1x protected connection

Strange, can you paste the output of "nmcli connection show testeth0" ?

Comment 9 Thomas Haller 2016-09-11 19:40:11 UTC
bg/clients-agent-message-rh1351272 lgtm

Comment 12 Beniamino Galvani 2016-09-13 13:17:33 UTC
Pushed 2 more commits to bg/clients-agent-message-rh1351272 to fix the issue reported in comment 7:

1e901ab clients: handle secret requests only for current connection
0ce6dd5 clients: fix matching of connection path

Comment 13 Thomas Haller 2016-09-13 13:55:40 UTC
1e901ab clients: handle secret requests only for current connection
0ce6dd5 clients: fix matching of connection path

why does this even use g_str_has_prefix() and not nm_streq0()? That's not clear, can you add a code comment as to why that is? (or fix it).



in request_secrets_from_ui(), let's move "gs_free_error GError *error = NULL;" inside the if-block?


Rest lgtm

Comment 14 Beniamino Galvani 2016-09-13 14:16:10 UTC
(In reply to Thomas Haller from comment #13)
> 1e901ab clients: handle secret requests only for current connection
> 0ce6dd5 clients: fix matching of connection path
> 
> why does this even use g_str_has_prefix() and not nm_streq0()? That's not
> clear, can you add a code comment as to why that is? (or fix it).

Because the request_id is created as "${CONNECTION_PATH}/${SETTING}". Added a comment.

> in request_secrets_from_ui(), let's move "gs_free_error GError *error =
> NULL;" inside the if-block?

Ok.

Comment 15 Francesco Giudici 2016-09-13 17:28:58 UTC
branch bg/clients-agent-message-rh1351272 looks good to me

Comment 16 Dan Williams 2016-09-14 16:58:44 UTC
LGTM

Comment 19 Vladimir Benes 2016-09-20 14:01:10 UTC
I can see name when connecting with ask option enabled.

Comment 21 errata-xmlrpc 2016-11-03 19:23:29 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2581.html


Note You need to log in before you can comment on or make changes to this bug.