colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

examples: fix handling secrets in nm-wg-set

Browse Source 
When setting any secrets via D-Bus' Update2 call, then
it assumes that all settings are reset. That means, when
we modify any secrets in the client, we need to first load
them all.

Anyway, load always all secrets, then we can also print them
in the get output.

Honor WG_HIDE_KEYS like `wg` does.
This commit is contained in:
Thomas Haller
2019-02-26 08:52:17 +01:00
parent b5a458c5ff
commit 6aa9e52bd8
1 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
examples/python/gi/nm-wg-set
View File

@@ -71,6 +71,7 @@
import sys import sys
import re import re
import os
import gi import gi
gi.require_version('NM', '1.0') gi.require_version('NM', '1.0')
@@ -226,6 +227,13 @@ def secret_flags_to_string(flags):
return num return num
return '%s (%s)' % (num, nick) return '%s (%s)' % (num, nick)
def secret_to_string(secret):
if os.environ.get('WG_HIDE_KEYS', '') != 'never':
return '(hidden)'
if not secret:
return ''
return secret
############################################################################### ###############################################################################
def wg_read_private_key(privkey_file): def wg_read_private_key(privkey_file):
@@ -261,14 +269,14 @@ def do_get(nm_client, connection):
print('interface: %s' % (s_con.get_interface_name())) print('interface: %s' % (s_con.get_interface_name()))
print('uuid: %s' % (conn.get_uuid())) print('uuid: %s' % (conn.get_uuid()))
print('id: %s' % (conn.get_id())) print('id: %s' % (conn.get_id()))
print('private-key: %s' % ('<hidden>')) print('private-key: %s' % (secret_to_string(s_wg.get_private_key())))
print('private-key-flags: %s' % (secret_flags_to_string(s_wg.get_private_key_flags()))) print('private-key-flags: %s' % (secret_flags_to_string(s_wg.get_private_key_flags())))
print('listen-port: %s' % (s_wg.get_listen_port())) print('listen-port: %s' % (s_wg.get_listen_port()))
print('fwmark: 0x%x' % (s_wg.get_fwmark())) print('fwmark: 0x%x' % (s_wg.get_fwmark()))
for i in range(s_wg.get_peers_len()): for i in range(s_wg.get_peers_len()):
peer = s_wg.get_peer(i) peer = s_wg.get_peer(i)
print('peer[%d].public-key: %s' % (i, peer.get_public_key())) print('peer[%d].public-key: %s' % (i, peer.get_public_key()))
print('peer[%d].preshared-key: %s' % (i, '<hidden>' if peer.get_preshared_key_flags() != NM.SettingSecretFlags.NOT_REQUIRED else '')) print('peer[%d].preshared-key: %s' % (i, secret_to_string(peer.get_preshared_key())))
print('peer[%d].preshared-key-flags: %s' % (i, secret_flags_to_string(peer.get_preshared_key_flags()))) print('peer[%d].preshared-key-flags: %s' % (i, secret_flags_to_string(peer.get_preshared_key_flags())))
print('peer[%d].endpoint: %s' % (i, peer.get_endpoint() if peer.get_endpoint() else '')) print('peer[%d].endpoint: %s' % (i, peer.get_endpoint() if peer.get_endpoint() else ''))
print('peer[%d].persistent-keepalive: %s' % (i, peer.get_persistent_keepalive())) print('peer[%d].persistent-keepalive: %s' % (i, peer.get_persistent_keepalive()))
@@ -431,6 +439,13 @@ if __name__ == '__main__':
print('See available profiles with `nmcli connection show`') print('See available profiles with `nmcli connection show`')
sys.exit(1) sys.exit(1)
try:
secrets = conn.get_secrets(NM.SETTING_WIREGUARD_SETTING_NAME)
if secrets:
conn.update_secrets(NM.SETTING_WIREGUARD_SETTING_NAME, secrets)
except:
pass
if not argv: if not argv:
do_get(nm_client, conn) do_get(nm_client, conn)
else: else: