GNOME Bugzilla – Bug 618532
[enh] tie PIN to IMSI or other identifying SIM information
Last modified: 2016-03-11 17:42:49 UTC
Originally reported at: https://bugs.launchpad.net/bugs/555467 Binary package hint: network-manager Network Manager tries to use a PIN number i entered for one SIM card, when i insert another one, because it thinks same ISP means same PIN code. This leads to PUK-level blocking of the SIM card, provided i allow the keyring to remember the PIN code silently (typical user behaviour for most use cases). i need my PUK to unblock the SIM card again, and i usually don't carry that with me. NM doesn't care what SIM card a.k.a. phone number i'm using, as long as i don't identify the corresponding objects manually. ..1) i'm running Ubuntu Lucid on an NC-10. ..2) NetworkManager Applet 0.8 and "network-manager 0.8-0ubuntu2" cheers
Yeah, it's tied to the specific "connection" that you've created. Unfortunately, many modems do not allow us to retrieve the SIMs serial number *before* you've entered the PIN, so if we can't get that, we can't tie the PIN to the specific SIM and 100% solve this problem. Best we can do is try to get the IMSI and if the modem rejects the request (because the PIN hasn't been entered yet) then perhaps ask for the PIN each time regardless of whether you've saved it or not.
*** Bug 633362 has been marked as a duplicate of this bug. ***
*** Bug 631904 has been marked as a duplicate of this bug. ***
The best solution here is to use the ModemManager "SIM Identifier" (or if not available the "Device Identifier") properties to recognize the SIM. The first time, the applet would pop up the dialog and ask you for the PIN. It would save this PIN into the keyring along with the SIM identifier and device identifier. Next time you plug the modem in, it would look in the keyring for the SIM ID and send that PIN to modem-manager, without showing the dialog. That's the preferred way of doing it I think. Shouldn't be too hard to do, but I've had no time to do it. The problem with the PIN in the connection is that connections can apply to more than one device, and the connection is independent of the SIM. The PIN is specific to the SIM. So if you swap SIM cards and the new SIM has a different PIN, then NM would try to send the wrong PIN. Hence the modifications I did for MM 0.5 that provide a SIM ID and Device ID. I'm happy to provide more information if anyone wants to take a stab at this.
Thanks. From what I understand from the reporter of this bug, tying the PIN to the device might still cause a SIM to be blocked if using multiple SIMs with the same device, though? Is this an acceptable solution?
(In reply to comment #5) > Thanks. From what I understand from the reporter of this bug, tying the PIN to > the device might still cause a SIM to be blocked if using multiple SIMs with > the same device, though? Is this an acceptable solution? Yes, it might, but we have two ways to protect against this. First, there are only a few devices that don't provide the IMSI before unlocking. We have to account for these, but there aren't too many. Second, in the applet here, if the first unlock request fails for any reason, we *MUST* ask the user to provide the next unlock code. We should never automatically send a stored/saved PIN more than once in the applet if the first attempt fails. I believe these two protections are adequate for now. If we really want to, we can restrict automatic unlocking to devices for which ModemManager provides the "SimIdentifier".
Patch by Anders Feder committed for this issue: 7d837085c467675529a4e2be90f406e1cfcd6277 (master) 3aa73275a8c82dc18e1937787cf0a66944a26ef1 (0.8.x) Fix should show up in 0.9.2 and 0.8.6.