diff options
| author | Thomas Haller <thaller@redhat.com> | 2019-02-26 08:52:17 +0100 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2019-02-26 09:40:57 +0100 |
| commit | 4c8ff6f2207cb49d8770c46bac49afc8214da86e (patch) | |
| tree | 862435df92385d987d67dbbd681e8d6a4d8e15c6 /examples | |
| parent | 8b4247d31d8cba5d16cf3f9046a87bd4b257d6b9 (diff) | |
| download | NetworkManager-4c8ff6f2207cb49d8770c46bac49afc8214da86e.tar.gz | |
examples: fix handling secrets in nm-wg-set
When setting any secrets via D-Bus' Update2 call, then
it assumes that all settings are reset. That means, when
we modify any secrets in the client, we need to first load
them all.
Anyway, load always all secrets, then we can also print them
in the get output.
Honor WG_HIDE_KEYS like `wg` does.
(cherry picked from commit 6aa9e52bd88670f10861e402a8c61c282a1e97c2)
Diffstat (limited to 'examples')
| -rwxr-xr-x | examples/python/gi/nm-wg-set | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/examples/python/gi/nm-wg-set b/examples/python/gi/nm-wg-set index d295af2fdb..fc60f069e6 100755 --- a/examples/python/gi/nm-wg-set +++ b/examples/python/gi/nm-wg-set @@ -71,6 +71,7 @@ import sys import re +import os import gi gi.require_version('NM', '1.0') @@ -226,6 +227,13 @@ def secret_flags_to_string(flags): return num return '%s (%s)' % (num, nick) +def secret_to_string(secret): + if os.environ.get('WG_HIDE_KEYS', '') != 'never': + return '(hidden)' + if not secret: + return '' + return secret + ############################################################################### def wg_read_private_key(privkey_file): @@ -261,14 +269,14 @@ def do_get(nm_client, connection): print('interface: %s' % (s_con.get_interface_name())) print('uuid: %s' % (conn.get_uuid())) print('id: %s' % (conn.get_id())) - print('private-key: %s' % ('<hidden>')) + print('private-key: %s' % (secret_to_string(s_wg.get_private_key()))) print('private-key-flags: %s' % (secret_flags_to_string(s_wg.get_private_key_flags()))) print('listen-port: %s' % (s_wg.get_listen_port())) print('fwmark: 0x%x' % (s_wg.get_fwmark())) for i in range(s_wg.get_peers_len()): peer = s_wg.get_peer(i) print('peer[%d].public-key: %s' % (i, peer.get_public_key())) - print('peer[%d].preshared-key: %s' % (i, '<hidden>' if peer.get_preshared_key_flags() != NM.SettingSecretFlags.NOT_REQUIRED else '')) + print('peer[%d].preshared-key: %s' % (i, secret_to_string(peer.get_preshared_key()))) print('peer[%d].preshared-key-flags: %s' % (i, secret_flags_to_string(peer.get_preshared_key_flags()))) print('peer[%d].endpoint: %s' % (i, peer.get_endpoint() if peer.get_endpoint() else '')) print('peer[%d].persistent-keepalive: %s' % (i, peer.get_persistent_keepalive())) @@ -431,6 +439,13 @@ if __name__ == '__main__': print('See available profiles with `nmcli connection show`') sys.exit(1) + try: + secrets = conn.get_secrets(NM.SETTING_WIREGUARD_SETTING_NAME) + if secrets: + conn.update_secrets(NM.SETTING_WIREGUARD_SETTING_NAME, secrets) + except: + pass + if not argv: do_get(nm_client, conn) else: |