Commit 38b65946 authored by Jan Grulich's avatar Jan Grulich

Unbreak SSH agent support for SSH VPN tunnels.

Right now selecting SSH agent as authentication method for SSH VPNs
results in a password dialog being shown and then a failure no matter
what is entered. This is because the agent authentication method
does not expect a password to be returned but instead expects
a path to the agent socket to be sent. The upstream nm-ssh implements
this, but KDE's plasma-nm does not.

This change implements the behavior that nm-ssh-service expects
from the frontend, and allows using SSH agent authentication with
SSH VPNs set up by plasma-nm.

I fully admit that this change is a bit hacky in that it hardcodes nm-ssh
specific functionality in the core of plasma-nm, but I feel it could be
fine for the following reasons:

It fixes completely broken functionality at a relatively low cost.
There is similar hardcoded behavior already e.g. for OpenConnect
in PasswordDialog::initializeUi().
Doing this properly requires a major refactor of plasma-nm, that is
pulling VpnUiPlugin creation into SecretAgent instead of
PasswordDialog where it is now, and I have neither time nor
grasp of plasma-nm codebase to do this.


Reviewers: #plasma, jgrulich

Reviewed By: jgrulich

Subscribers: plasma-devel, #plasma

Tags: #plasma

Differential Revision:
parent 1feaa4ca
......@@ -358,6 +358,29 @@ bool SecretAgent::processGetSecrets(SecretsRequest &request) const
const bool allowInteraction = request.flags & AllowInteraction;
const bool isVpn = (setting->type() == NetworkManager::Setting::Vpn);
if (isVpn) {
NetworkManager::VpnSetting::Ptr vpnSetting = connectionSettings->setting(NetworkManager::Setting::Vpn).dynamicCast<NetworkManager::VpnSetting>();
if (vpnSetting->serviceType() == QLatin1String("org.freedesktop.NetworkManager.ssh") && vpnSetting->data()["auth-type"] == QLatin1String("ssh-agent")) {
QString authSock = qgetenv("SSH_AUTH_SOCK");
qCDebug(PLASMA_NM) << Q_FUNC_INFO << "Sending SSH auth socket" << authSock;
if (authSock.isEmpty()) {
QLatin1String("SSH_AUTH_SOCK not present"),
} else {
NMStringMap secrets;
secrets.insert(QLatin1String("ssh-auth-sock"), authSock);
QVariantMap secretData;
secretData.insert(QLatin1String("secrets"), QVariant::fromValue<NMStringMap>(secrets));
request.connection[request.setting_name] = secretData;
sendSecrets(request.connection, request.message);
return true;
NMStringMap secretsMap;
if (!requestNew && useWallet()) {
if (m_wallet->isOpen()) {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment