Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1060460 - Modifying username of VPN connection via nmcli produces wrong entry in config file
Summary: Modifying username of VPN connection via nmcli produces wrong entry in config...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rashid Khan
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-01 22:49 UTC by Oliver Haessler
Modified: 2015-03-05 13:48 UTC (History)
5 users (show)

Fixed In Version: NetworkManager-0.995.0.0-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 13:48:59 UTC
Target Upstream Version:


Attachments (Terms of Use)
[PATCH] keyfile: don't put VPN 'user-name' property to vpn.data (deleted)
2014-04-24 15:24 UTC, Jirka Klimes
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0311 normal SHIPPED_LIVE NetworkManager bug fix and enhancement update 2015-03-05 17:35:10 UTC

Description Oliver Haessler 2014-02-01 22:49:07 UTC
Description of problem:
If you modify a OpenVPN connection via nmcli to set a username, the entry in the config file is: user-name= instead of username= .


Version-Release number of selected component (if applicable):
NetworkManager-0.9.9.0-25.git20131108.el7.x86_64


How reproducible:
Every time you use nmcli to modify a VPN connection to set a username

Steps to Reproduce:
1. Create a OpenVPN config via the Networkmanager Applet or store a config in /etc/NetworkManager/system-connections without a username given.
2. use: nmcli con modify id <Connection ID>" vpn.user-name <USERNAME>

Actual results:
the entry in the config file is now: user-name=<USERNAME>

Expected results:
the entry in the config file needs to be: username=<USERNAME>

Additional info:
if you set the Username via the Networkmanager Applet the entry in the config file is correct (username=<USERNAME>)

Comment 2 RHEL Product and Program Management 2014-03-22 06:07:22 UTC
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 3 Jirka Klimes 2014-04-24 15:15:28 UTC
Different VPN services use different names for a user name:
- openvpn     -> "username"
- vpnc        -> "Xauth username"
- pptp        -> "user"
- openconnect -> "username"
- openswan    -> "leftxauthusername"

These names are configured in hash table - vpn.data property.

The vpn.user-name property should be left empty in most cases.

If you want modify the username, change "username" in vpn.data:
nmcli> set vpn.data username=my-new-name

Comment 4 Jirka Klimes 2014-04-24 15:24:24 UTC
Created attachment 889325 [details]
[PATCH] keyfile: don't put VPN 'user-name' property to vpn.data

Comment 5 Dan Williams 2014-04-30 22:48:31 UTC
The vpn.user-name property of NMSettingVPN is only used for passing the default username from NM to the VPN plugin, which is filled with the username of the agent that returned secrets for the request.  It shouldn't ever be read or written by the user session or by settings plugins.  If the user wishes to override the default username with a different one (eg, their VPN username is different than their Unix login) they set that manually in the VPN plugin's UI and the VPN uses custom data items for this.

So it's correct that no plugin should store vpn.user-name.

Patch looks good to me.

Comment 6 Thomas Haller 2014-05-05 14:28:15 UTC
Patch looks good to me too

Comment 7 Jirka Klimes 2014-05-09 12:27:13 UTC
The commit has been pushed to upstream master:
050c30d keyfile: don't put VPN 'user-name' property to vpn.data on read (rh #1060460)

Comment 9 Vitezslav Humpa 2015-01-16 16:19:59 UTC
I went by the original reproducer, configured an openvpn connection via gnome plugin with username vhumpa, then ran "nmcli con modify id openvpn vpn.user-name franta" getting both "user-name" and "username" present:

[vpn]
service-type=org.freedesktop.NetworkManager.openvpn
user-name=franta
username=vhumpa
remote=somegateway.org
connection-type=password
password-flags=1

Now, is that *what* we want here considering the vpn.user-name property should not really be used?

Comment 10 Vladimir Benes 2015-01-19 09:13:33 UTC
(In reply to Vitezslav Humpa from comment #9)
> I went by the original reproducer, configured an openvpn connection via
> gnome plugin with username vhumpa, then ran "nmcli con modify id openvpn
> vpn.user-name franta" getting both "user-name" and "username" present:
> 
> [vpn]
> service-type=org.freedesktop.NetworkManager.openvpn
> user-name=franta
> username=vhumpa
> remote=somegateway.org
> connection-type=password
> password-flags=1
> 
> Now, is that *what* we want here considering the vpn.user-name property
> should not really be used?

This is correct. Vpn.user-name option produces user-name line in keyfile. This vpn.user-name is used very rarely and should stay empty most of the times. The change is in the user-name option not being propagated to vpn.data hash table as it was before. Just username is. 
So the correct way of setting username for your vpn should be via set vpn.data username=franta if you want to pass it to openvpn. There is no incorrect user-name option in vpn.data and vpn.user-name is very likely ignored.

Comment 11 Jirka Klimes 2015-01-19 09:38:15 UTC
As Vladimir correctly described, "vpn.user-name" property is not interesting and is not used to configure the user name. User name should be configured in vpn.data and the actual property name differs according to VPN types - see comment #3.

What this bug changes is that now vpn.user-name (if set) won't overwrite usernames properties in vpn.data. (As you can see in your keyfile, "username" is still vhumpa).

Comment 14 errata-xmlrpc 2015-03-05 13:48:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0311.html


Note You need to log in before you can comment on or make changes to this bug.