Ubuntu
network-manager-openconnect package

VPN password not stored

Bug #799701 reported by Flo Ebnet on 2011-06-20

This bug affects 9 people

Affects		Status	Importance	Assigned to	Milestone
	network-manager-openconnect	Fix Released	Wishlist	gnome-bugs #638861
	network-manager-openconnect (Ubuntu)	Fix Released	Wishlist	Unassigned	Ubuntu later

Bug Description

Binary package hint: network-manager-openconnect-gnome

The GNOME GUI to the OpenConnect plugin for Network Manager does not store the user's VPN password along with the user name. This is highly inconvenient. There should either be a way to securely store the password in the GNOME keyring or at least a way to (either through GUI or manually in the GNOME configuration editor) set a property like "form:main:password" to hold the password in plain text (along with a warning about the security implications).

Related branches

lp:~network-manager/network-manager-openconnect/ubuntu

lp:ubuntu/quantal/network-manager-openconnect

Revision history for this message

Mathieu Trudel-Lapierre (cyphermox) wrote on 2011-08-05:

Marking Triaged/Medium. I haven't been able to double-check this because I'm on oneiric and n-m-openconnect needs an update there to work, but as soon as openconnect is sync'ed I'll be able to build n-m-openconnect 0.8.999 and test this (and fix it is it's not done already).

Changed in network-manager-openconnect (Ubuntu):
status:	New → Triaged
importance:	Undecided → Medium

Revision history for this message

dwmw2 (dwmw2) wrote on 2011-09-30:

Patches to fix this would be very welcome. This is https://bugzilla.gnome.org/show_bug.cgi?id=638861

Storing the password should be *optional*. Probably configured in the VPN setup rather than having the option right there in the auth-dialog?

For bonus points, you could also make it store the HTTP login cookie in gnome-keyring. That would allow us to reconnect to the VPN using the *same* cookie (and hence resume with the same IP address etc.) if our physical network gets disconnected.

Revision history for this message

Mathieu Trudel-Lapierre (cyphermox) wrote on 2012-04-09:

Adding the link to the upstream bug.

I think I may be able to set aside a bit of time to fix this after Precise, but it probably wouldn't be something we could release as an update anyway, so only available once the patch is written, tested, and accepted in some release.

Changed in network-manager-openconnect (Ubuntu):
assignee:	nobody → Mathieu Trudel-Lapierre (mathieu-tl)
milestone:	none → later

Bug Watch Updater (bug-watch-updater) on 2012-05-11

Changed in network-manager-openconnect:
importance:	Unknown → Wishlist
status:	Unknown → In Progress

Mathieu Trudel-Lapierre (cyphermox) on 2012-05-17

Changed in network-manager-openconnect (Ubuntu):
importance:	Medium → Wishlist
assignee:	Mathieu Trudel-Lapierre (mathieu-tl) → nobody

Bug Watch Updater (bug-watch-updater) on 2012-06-16

Changed in network-manager-openconnect:
status:	In Progress → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-07-20:

This bug was fixed in the package network-manager-openconnect - 0.9.5.95-0ubuntu1

---------------
network-manager-openconnect (0.9.5.95-0ubuntu1) quantal; urgency=low

  * New upstream release.
    - Use gnome-keyring for password fields. (LP: #799701)
  * debian/patches/04_fix-hitting-cancel-after-failure.patch,
    debian/patches/02_fix-ignoring-return-value.patch,
    debian/patches/01_implement-proper-cancellation.patch: dropped, these
    patches are included in the 0.9.5.95 release.
  * debian/patches/dont_fail_if_no_ip6_714dea4.patch: don't fail activation
    if there is no IPv6 address passed. Some people still don't have IPv6...
  * debian/control:
    - update Build-Depends to require NM >= 0.9.5.95.
    - add libgnome-keyring-dev to Build-Depends.
  * debian/patches/auth_dialog_libexecdir.patch: specify libexecdir as
    /usr/lib/NetworkManager for the auth dialog to be able to spawn it properly
    in GNOME Shell. (LP: #985788)
-- Mathieu Trudel-Lapierre <email address hidden> Fri, 20 Jul 2012 16:44:24 -0400

Changed in network-manager-openconnect (Ubuntu):
status:	Triaged → Fix Released

Revision history for this message

Matt Lavin (matt-lavin) wrote on 2012-08-16:

Any chance that this could get backported to 12.04?

Revision history for this message

Mathieu Trudel-Lapierre (cyphermox) wrote on 2012-08-20:

If you need a fix for the bug in previous versions of Ubuntu, please do steps 1 and 2 of the SRU Procedure [1] to bring the need to a developer's attention.

[1]: https://wiki.ubuntu.com/StableReleaseUpdates#Procedure