libnm-glib-vpn: add support for interactive secrets requests

There are three additions to the D-Bus interface for VPN plugins as
part of this patch:

1) ConnectInteractive(): called by NM instead of Connect() to let
the plugin know that it can request additional secrets during the
connection process using SecretsRequired

2) SecretsRequired: a new signal emitted by the plugin to indicate
to NetworkManager that additional secrets are required to connect;
can only be called if NetworkManager initiated the connection by
calling the ConnectInteractive() method

3) NewSecrets(): a new method of the plugin that NetworkManager calls
when new secrets requested by the SecretsRequired signal have been
retrieved from secret agents

We need new methods because agents need to be aware of the hints that
the VPN plugins may send with the SecretsRequired signal (detailing
the specific secrets that are required) and at this time, not all
agents support passing those hints to the VPN plugin authentication
dialogs.

1 files changed, 73 insertions, 1 deletions

diff --git a/introspection/nm-vpn-plugin.xml b/introspection/nm-vpn-plugin.xml
index 5fb11622a5..79081f7b2e 100644
--- a/introspection/nm-vpn-plugin.xml
+++ b/introspection/nm-vpn-plugin.xml
@@ -5,9 +5,11 @@
     <tp:docstring>
       This interface is provided by plugins providing VPN services to the NetworkManager daemon.
     </tp:docstring>
+
     <method name="Connect">
       <tp:docstring>
-        Tells the plugin to connect.
+        Tells the plugin to connect.  Interactive secrets requests (eg, emitting
+        the SecretsRequired signal) are not allowed.
       </tp:docstring>
       <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_vpn_plugin_connect"/>
       <arg name="connection" type="a{sa{sv}}" direction="in" tp:type="String_String_Variant_Map_Map">
@@ -21,6 +23,35 @@
         <tp:error name="org.freedesktop.NetworkManager.VPN.Error.StoppingInProgress"/>
         <tp:error name="org.freedesktop.NetworkManager.VPN.Error.BadArguments"/>
         <tp:error name="org.freedesktop.NetworkManager.VPN.Error.LaunchFailed"/>
+        <tp:error name="org.freedesktop.NetworkManager.VPN.Error.WrongState"/>
+      </tp:possible-errors>
+    </method>
+
+    <method name="ConnectInteractive">
+      <tp:docstring>
+        Tells the plugin to connect, allowing interactive secrets requests (eg
+        the plugin is allowed to emit the SecretsRequired signal if the VPN
+        service indicates that it needs additional secrets during the connect
+        process).
+      </tp:docstring>
+      <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_vpn_plugin_connect_interactive"/>
+      <arg name="connection" type="a{sa{sv}}" direction="in" tp:type="String_String_Variant_Map_Map">
+        <tp:docstring>
+          Describes the connection to be established.
+        </tp:docstring>
+      </arg>
+      <arg name="details" type="a{sv}" direction="in" tp:type="String_Variant_Map">
+        <tp:docstring>
+          Additional details about the Connect process.
+        </tp:docstring>
+      </arg>
+      <tp:possible-errors>
+        <tp:error name="org.freedesktop.NetworkManager.VPN.Error.StartingInProgress"/>
+        <tp:error name="org.freedesktop.NetworkManager.VPN.Error.AlreadyStarted"/>
+        <tp:error name="org.freedesktop.NetworkManager.VPN.Error.StoppingInProgress"/>
+        <tp:error name="org.freedesktop.NetworkManager.VPN.Error.BadArguments"/>
+        <tp:error name="org.freedesktop.NetworkManager.VPN.Error.LaunchFailed"/>
+        <tp:error name="org.freedesktop.NetworkManager.VPN.Error.WrongState"/>
       </tp:possible-errors>
     </method>
 
@@ -122,6 +153,47 @@
       </arg>
     </signal>
 
+    <signal name="SecretsRequired">
+      <tp:docstring>
+        Emitted during an ongoing ConnectInteractive() request when the plugin
+        has determined that new secrets are required.  NetworkManager will then
+        call the NewSecrets() method with a connection hash including the new
+        secrets.
+      </tp:docstring>
+      <arg name="message" type="s" direction="out">
+          <tp:docstring>
+              Informational message, if any, about the request.  For example, if
+              a second PIN is required, could indicate to the user to wait for
+              the token code to change until entering the next PIN.
+          </tp:docstring>
+      </arg>
+      <arg name="secrets" type="as" direction="out">
+          <tp:docstring>
+              Array of strings of VPN secret names which the plugin thinks
+              secrets may be required for, or other VPN-specific data to be
+              processed by the VPN's front-end.
+          </tp:docstring>
+      </arg>
+    </signal>
+
+    <method name="NewSecrets">
+      <tp:docstring>
+        Called in response to a SecretsRequired signal to deliver updated secrets
+        or other information to the plugin.
+      </tp:docstring>
+      <annotation name="org.freedesktop.DBus.GLib.CSymbol" value="impl_vpn_plugin_new_secrets"/>
+      <arg name="connection" type="a{sa{sv}}" direction="in" tp:type="String_String_Variant_Map_Map">
+        <tp:docstring>
+          Describes the connection including the new secrets.
+        </tp:docstring>
+      </arg>
+      <tp:possible-errors>
+        <tp:error name="org.freedesktop.NetworkManager.VPN.Error.WrongState"/>
+        <tp:error name="org.freedesktop.NetworkManager.VPN.Error.BadArguments"/>
+        <tp:error name="org.freedesktop.NetworkManager.VPN.Error.LaunchFailed"/>
+      </tp:possible-errors>
+    </method>
+
     <signal name="Config">
       <tp:docstring>
         The plugin obtained generic configuration information.