Re: [RFC] Automatically remove stored SIM-PIN from gsm connection settings if it fails to unlock?
On Mon, 2018-10-08 at 09:24 +0200, Aleksander Morgado wrote: > Hey, > > I've SIM-PIN blocked one of my SIM cards just by having a gsm > autoconnected settings with a PIN stored and then PIN not matching > the > one in the device. When this happens, NM will try to unlock SIM-PIN > once, and if it fails it won't try again (good) (*)... until the next > reboot (bad). So, I forgot about this setup and after just a couple > of > system reboots got the SIM-PIN blocked, and had to recover it with > the > PUK. > > Don't know if this kind of thing is done in other kinds of settings, > but could we completely remove the SIM-PIN stored within the settings > if it fails once, so that not even on the next reboot the unlock with > the wrong PIN is attempted? Or is this considered a user error? I'm > not exactly sure where to draw the line about this issue, I think I > have pros and cons for both solutions, so just opening the question > here. > > What do you think? > > (*) It also doesn't re-ask the user for the PIN right away, still > need > to get trace logs as thaller suggested. Hi, That sounds good to me. it's slightly ugly, that activating a profile may result in writing it anew to disk. But we already do that when (for example with Wi-Fi), when the password is wrong and we get a better password from the secret agent. While a bit odd that activating a profile may re-write it, it probably makes sense. best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: No new PIN request to the user if PIN stored in settings is wrong
> > > I'm trying to understand whether this behavior is on purpose or > > > not. > > > > > > I have some "gsm" settings for a broadband connection, and the > > > settings have a PIN stored. I then try to use those settings on a > > > modem device but the expected PIN in the modem is a different one, > > > so > > > the connection attempt fails with a "sim-pin-incorrect" reason. At > > > this point NetworkManager doesn't request the user new secrets for > > > this connection after finding that the stored ones are wrong; i.e. > > > i > > > don't see any popup window in the shell asking to enter PIN. The > > > connection attempt just fails and we do get reported in the UI > > > about > > > the failed attempt. > > > > > > Is this behavior (asking the user for PIN after a "sim-pin- > > > incorrect" > > > failure) not implemented or am I missing some reason that would > > > prevent doing that? The behavior is different e.g. with WiFi; if I > > > change the key in my router and I request NM to connect to the WiFi > > > network, the authentication failure triggers a new request for > > > secrets > > > to the user. > > > > > > Cheers! > > > > > > Hi, > > > > > > sounds like a bug. If a secret/pin is wrong, NM should re-ask for it. > > We do have to be careful here, because by the time NM asks for the PIN, > we've already tried the stored PIN once, and if the user enters the > wrong pin in the dialog you have one try left before the PIN is > blocked. And then you have to find your PUK which often isn't right > next to you. > In the network-manager-applet days, we had the SIM-PIN unlocking dialog glued out of NetworkManager, so I understand this lack of re-asking the user was due to that, as the applet would detect the lock and trigger the user dialog. In that SIM-PIN unlocking dialog we could also do SIM-PUK unlocking if needed via the UI, and I don't really recall if we had remaining attempts shown When using gnome-shell, the SIM-PIN unlocking is only done through NM asking for secrets, there is no dedicated SIM-PIN unlocking dialog showing remaining attempts, and there is no way to unlock SIM-PUK through the UI. I discussed this a very long time ago with aday trying to draft a way to integrate this in the shell, but I think that we both lost interest about the problem, maybe it's time to revisit this. -- Aleksander https://aleksander.es ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[RFC] Automatically remove stored SIM-PIN from gsm connection settings if it fails to unlock?
Hey, I've SIM-PIN blocked one of my SIM cards just by having a gsm autoconnected settings with a PIN stored and then PIN not matching the one in the device. When this happens, NM will try to unlock SIM-PIN once, and if it fails it won't try again (good) (*)... until the next reboot (bad). So, I forgot about this setup and after just a couple of system reboots got the SIM-PIN blocked, and had to recover it with the PUK. Don't know if this kind of thing is done in other kinds of settings, but could we completely remove the SIM-PIN stored within the settings if it fails once, so that not even on the next reboot the unlock with the wrong PIN is attempted? Or is this considered a user error? I'm not exactly sure where to draw the line about this issue, I think I have pros and cons for both solutions, so just opening the question here. What do you think? (*) It also doesn't re-ask the user for the PIN right away, still need to get trace logs as thaller suggested. -- Aleksander https://aleksander.es ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
