examples: fix handling secrets in nm-wg-set

When setting any secrets via D-Bus' Update2 call, then it assumes that all settings are reset. That means, when we modify any secrets in the client, we need to first load them all. Anyway, load always all secrets, then we can also print them in the get output. Honor WG_HIDE_KEYS like `wg` does. (cherry picked from commit 6aa9e52bd8)
2026-01-03 21:00:16 +01:00 · 2019-02-26 08:52:17 +01:00 · 2019-02-26 08:52:17 +01:00 · 4c8ff6f220
commit 4c8ff6f220
parent 8b4247d31d
1 changed files with 17 additions and 2 deletions
--- a/examples/python/gi/nm-wg-set
+++ b/examples/python/gi/nm-wg-set
@ -71,6 +71,7 @@

 import sys
 import re
+import os

 import gi
 gi.require_version('NM', '1.0')
@ -226,6 +227,13 @@ def secret_flags_to_string(flags):
        return num
    return '%s (%s)' % (num, nick)

+def secret_to_string(secret):
+    if os.environ.get('WG_HIDE_KEYS', '') != 'never':
+        return '(hidden)'
+    if not secret:
+        return ''
+    return secret
+
 ###############################################################################

 def wg_read_private_key(privkey_file):
@ -261,14 +269,14 @@ def do_get(nm_client, connection):
    print('interface:                    %s' % (s_con.get_interface_name()))
    print('uuid:                         %s' % (conn.get_uuid()))
    print('id:                           %s' % (conn.get_id()))
-    print('private-key:                  %s' % ('<hidden>'))
+    print('private-key:                  %s' % (secret_to_string(s_wg.get_private_key())))
    print('private-key-flags:            %s' % (secret_flags_to_string(s_wg.get_private_key_flags())))
    print('listen-port:                  %s' % (s_wg.get_listen_port()))
    print('fwmark:                       0x%x' % (s_wg.get_fwmark()))
    for i in range(s_wg.get_peers_len()):
        peer = s_wg.get_peer(i)
        print('peer[%d].public-key:           %s' % (i, peer.get_public_key()))
-        print('peer[%d].preshared-key:        %s' % (i, '<hidden>' if peer.get_preshared_key_flags() != NM.SettingSecretFlags.NOT_REQUIRED else ''))
+        print('peer[%d].preshared-key:        %s' % (i, secret_to_string(peer.get_preshared_key())))
        print('peer[%d].preshared-key-flags:  %s' % (i, secret_flags_to_string(peer.get_preshared_key_flags())))
        print('peer[%d].endpoint:             %s' % (i, peer.get_endpoint() if peer.get_endpoint() else ''))
        print('peer[%d].persistent-keepalive: %s' % (i, peer.get_persistent_keepalive()))
@ -431,6 +439,13 @@ if __name__ == '__main__':
        print('See available profiles with `nmcli connection show`')
        sys.exit(1)

+    try:
+        secrets = conn.get_secrets(NM.SETTING_WIREGUARD_SETTING_NAME)
+        if secrets:
+            conn.update_secrets(NM.SETTING_WIREGUARD_SETTING_NAME, secrets)
+    except:
+        pass
+
    if not argv:
        do_get(nm_client, conn)
    else: