debcrafters-packages team mailing list archive
-
debcrafters-packages team
-
Mailing list archive
-
Message #04469
[Bug 2076101] Re: Gnome openvpn saves authenticator code as password
Also targeting Jammy as it is effected according to multiple users in
the issue filed against the main project, for example:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/97#note_1954111
** Description changed:
+ [ Impact ]
+
+ * When saving an OpenVPN connection through network-manager-openvpn that has MFA enabled, the authentication code overwrites the saved password, making the saved preset invalid.
+ * As a result, the user has to enter their password every time instead of only upon initial creation.
+
+ [ Test Plan ]
+
+ Plan 1:
+ * Save an OpenVPN connection which requires MFA through the GNOME network settings panel, and perform the initial connection.
+ * Provide the MFA code when requested.
+ * Disconnect and try reconnecting to the saved OpenVPN preset.
+ * The saved preset should only require re-entering an MFA code to work; the saved password should be correct.
+
+ Plan 2:
+ * Save an OpenVPN connection that does not require MFA through the GNOME network settings panel, and perform the initial connection.
+ * Disconnect and try reconnecting to the saved OpenVPN preset.
+ * The saved preset should work without requiring any further interaction.
+
+ [ Where problems could occur ]
+
+ * The patch for this issue modifies how authentication for OpenVPN
+ connections are performed, so test plan #2 should be performed to ensure
+ connections without MFA still work as expected.
+
+ [ Other Info ]
+
+ * Issue against main project: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/97
+ * Upstream issue: https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/12
+ * Upstream fix: https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/commit/a6da86f9007ec7b324148f4e3492d68c9a03a4c5
+
+ [ Original Description ]
+
I added a VPN connection through Gnome settings. I configured the user
and password. Once I try to connect, as I've already set the user and
password, I'm only asked to inform the authentication code, as the VPN
has MFA enabled. After I inform the authentication code, I'm able to
connect to the VPN. If I disconnect and try to connect again, the
authentication code was saved as if it was the password, so my
authentication fails and I have to inform my password first, then after
that I'm asked for the authentication code. The authentication code is
being saved as the password, which shouldn't happen. Everything works
but it's pretty annoying having to do that every time. I have another
machine running Debian Trixie, which used to have the network-manager-
openvpn in the same version and it used to happen the same thing. Now
that it's updated to network-manager-openvpn (1.12.0-1) this issue is
gone, probably fixed.
doug@bolado:~$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
doug@bolado:~$ apt-cache policy network-manager-openvpn-gnome
network-manager-openvpn-gnome:
Installed: 1.10.2-4build2
Candidate: 1.10.2-4build2
Version table:
*** 1.10.2-4build2 500
500 http://br.archive.ubuntu.com/ubuntu noble/main amd64 Packages
100 /var/lib/dpkg/status
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: network-manager-openvpn-gnome 1.10.2-4build2
ProcVersionSignature: Ubuntu 6.8.0-39.39-generic 6.8.8
Uname: Linux 6.8.0-39-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Mon Aug 5 10:23:18 2024
InstallationDate: Installed on 2024-07-17 (19 days ago)
InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
SourcePackage: network-manager-openvpn
UpgradeStatus: No upgrade log present (probably fresh install)
** Also affects: network-manager-openvpn (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: network-manager-openvpn (Ubuntu Jammy)
Importance: Undecided
Status: New
** Bug watch added: gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues #97
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/97
--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to network-manager-openvpn in
Ubuntu.
https://bugs.launchpad.net/bugs/2076101
Title:
Gnome openvpn saves authenticator code as password
Status in network-manager-openvpn package in Ubuntu:
Triaged
Status in network-manager-openvpn source package in Jammy:
New
Status in network-manager-openvpn source package in Noble:
New
Bug description:
[ Impact ]
* When saving an OpenVPN connection through network-manager-openvpn that has MFA enabled, the authentication code overwrites the saved password, making the saved preset invalid.
* As a result, the user has to enter their password every time instead of only upon initial creation.
[ Test Plan ]
Plan 1:
* Save an OpenVPN connection which requires MFA through the GNOME network settings panel, and perform the initial connection.
* Provide the MFA code when requested.
* Disconnect and try reconnecting to the saved OpenVPN preset.
* The saved preset should only require re-entering an MFA code to work; the saved password should be correct.
Plan 2:
* Save an OpenVPN connection that does not require MFA through the GNOME network settings panel, and perform the initial connection.
* Disconnect and try reconnecting to the saved OpenVPN preset.
* The saved preset should work without requiring any further interaction.
[ Where problems could occur ]
* The patch for this issue modifies how authentication for OpenVPN
connections are performed, so test plan #2 should be performed to
ensure connections without MFA still work as expected.
[ Other Info ]
* Issue against main project: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/97
* Upstream issue: https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/12
* Upstream fix: https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/commit/a6da86f9007ec7b324148f4e3492d68c9a03a4c5
[ Original Description ]
I added a VPN connection through Gnome settings. I configured the user
and password. Once I try to connect, as I've already set the user and
password, I'm only asked to inform the authentication code, as the VPN
has MFA enabled. After I inform the authentication code, I'm able to
connect to the VPN. If I disconnect and try to connect again, the
authentication code was saved as if it was the password, so my
authentication fails and I have to inform my password first, then
after that I'm asked for the authentication code. The authentication
code is being saved as the password, which shouldn't happen.
Everything works but it's pretty annoying having to do that every
time. I have another machine running Debian Trixie, which used to have
the network-manager-openvpn in the same version and it used to happen
the same thing. Now that it's updated to network-manager-openvpn
(1.12.0-1) this issue is gone, probably fixed.
doug@bolado:~$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
doug@bolado:~$ apt-cache policy network-manager-openvpn-gnome
network-manager-openvpn-gnome:
Installed: 1.10.2-4build2
Candidate: 1.10.2-4build2
Version table:
*** 1.10.2-4build2 500
500 http://br.archive.ubuntu.com/ubuntu noble/main amd64 Packages
100 /var/lib/dpkg/status
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: network-manager-openvpn-gnome 1.10.2-4build2
ProcVersionSignature: Ubuntu 6.8.0-39.39-generic 6.8.8
Uname: Linux 6.8.0-39-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Mon Aug 5 10:23:18 2024
InstallationDate: Installed on 2024-07-17 (19 days ago)
InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
SourcePackage: network-manager-openvpn
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/2076101/+subscriptions
