Commit 38b65946 authored by Jan Grulich's avatar Jan Grulich
Browse files

Unbreak SSH agent support for SSH VPN tunnels.

Right now selecting SSH agent as authentication method for SSH VPNs
results in a password dialog being shown and then a failure no matter
what is entered. This is because the agent authentication method
does not expect a password to be returned but instead expects
a path to the agent socket to be sent. The upstream nm-ssh implements
this, but KDE's plasma-nm does not.

This change implements the behavior that nm-ssh-service expects
from the frontend, and allows using SSH agent authentication with
SSH VPNs set up by plasma-nm.

I fully admit that this change is a bit hacky in that it hardcodes nm-ssh
specific functionality in the core of plasma-nm, but I feel it could be
fine for the following reasons:

It fixes completely broken functionality at a relatively low cost.
There is similar hardcoded behavior already e.g. for OpenConnect
in PasswordDialog::initializeUi().
Doing this properly requires a major refactor of plasma-nm, that is
pulling VpnUiPlugin creation into SecretAgent instead of
PasswordDialog where it is now, and I have neither time nor
grasp of plasma-nm codebase to do this.


Reviewers: #plasma, jgrulich

Reviewed By: jgrulich

Subscribers: plasma-devel, #plasma

Tags: #plasma

Differential Revision:
parent 1feaa4ca
......@@ -358,6 +358,29 @@ bool SecretAgent::processGetSecrets(SecretsRequest &request) const
const bool allowInteraction = request.flags & AllowInteraction;
const bool isVpn = (setting->type() == NetworkManager::Setting::Vpn);
if (isVpn) {
NetworkManager::VpnSetting::Ptr vpnSetting = connectionSettings->setting(NetworkManager::Setting::Vpn).dynamicCast<NetworkManager::VpnSetting>();
if (vpnSetting->serviceType() == QLatin1String("org.freedesktop.NetworkManager.ssh") && vpnSetting->data()["auth-type"] == QLatin1String("ssh-agent")) {
QString authSock = qgetenv("SSH_AUTH_SOCK");
qCDebug(PLASMA_NM) << Q_FUNC_INFO << "Sending SSH auth socket" << authSock;
if (authSock.isEmpty()) {
QLatin1String("SSH_AUTH_SOCK not present"),
} else {
NMStringMap secrets;
secrets.insert(QLatin1String("ssh-auth-sock"), authSock);
QVariantMap secretData;
secretData.insert(QLatin1String("secrets"), QVariant::fromValue<NMStringMap>(secrets));
request.connection[request.setting_name] = secretData;
sendSecrets(request.connection, request.message);
return true;
NMStringMap secretsMap;
if (!requestNew && useWallet()) {
if (m_wallet->isOpen()) {
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment