Add a SecretAgent class that makes it easy to write your own secret agents.

seveas · seveas · commit d28783c2aa10 · 2017-03-06T21:25:19.000+01:00
diff --git a/NetworkManager.py b/NetworkManager.py
@@ -6,6 +6,7 @@
 
 import copy
 import dbus
+import dbus.service
 import os
 import six
 import socket
@@ -413,11 +414,36 @@ class IP6Config(TransientNMDbusInterface): pass
 class DHCP4Config(TransientNMDbusInterface): pass
 class DHCP6Config(TransientNMDbusInterface): pass
 
-# These three are interfaces that must be provided to NetworkManager. Keep them
+# Evil hack to work around not being able to specify a method name in the
+# dbus.service.method decorator.
+class SecretAgentType(type(dbus.service.Object)):
+    def __new__(type_, name, bases, attrs):
+        if bases != (dbus.service.Object,):
+            attrs['GetSecretsImpl'] = attrs.pop('GetSecrets')
+        return super(SecretAgentType, type_).__new__(type_, name, bases, attrs)
+
+@six.add_metaclass(SecretAgentType)
+class SecretAgent(dbus.service.Object):
+    object_path = '/org/freedesktop/NetworkManager/SecretAgent'
+    interface_name = 'org.freedesktop.NetworkManager.SecretAgent'
+
+    def __init__(self, identifier):
+        self.identifier = identifier
+        dbus.service.Object.__init__(self, dbus.SystemBus(), self.object_path)
+        AgentManager.Register(self.identifier)
+
+    @dbus.service.method(dbus_interface=interface_name, in_signature='a{sa{sv}}osasu', out_signature='a{sa{sv}}')
+    def GetSecrets(self, connection, connection_path, setting_name, hints, flags):
+        settings = fixups.to_python('SecretAgent', 'GetSecrets', 'connection', connection, 'a{sa{sv}}')
+        connection = fixups.to_python('SecretAgent', 'GetSecrets', 'connection_path', connection_path, 'o')
+        setting_name = fixups.to_python('SecretAgent', 'GetSecrets', 'setting_name', setting_name, 's')
+        hints = fixups.to_python('SecretAgent', 'GetSecrets', 'hints', hints, 'as')
+        return self.GetSecretsImpl(settings, connection, setting_name, hints, flags)
+
+# These two are interfaces that must be provided to NetworkManager. Keep them
 # as comments for documentation purposes.
 #
 # class PPP(NMDbusInterface): pass
-# class SecretAgent(NMDbusInterface): pass
 # class VPNPlugin(NMDbusInterface):
 #     interface_names = ['org.freedesktop.NetworkManager.VPN.Plugin']
 
diff --git a/docs/index.rst b/docs/index.rst
@@ -184,5 +184,30 @@ interface, which gives you access to basic device properties. Note that you will
 `Wired <https://developer.gnome.org/NetworkManager/1.2/gdbus-org.freedesktop.NetworkManager.Device.Wired.html>`_ and
 `Wireless <https://developer.gnome.org/NetworkManager/1.2/gdbus-org.freedesktop.NetworkManager.Device.Wireless.html>`_
 
+.. class:: SecretAgent
+
+The NetworkManager daemon can ask separate programs, called agents, for secrets
+if it needs them. The NetworkManager applet and the `nmcli` command-line tool
+are examples of such agents. You can also write such agents by subclassing the
+`SecretAgent` class and providing a `GetSecrets` method as in the following
+example, which returns a static password for each secret::
+
+    import dbus.mainloop.glib
+    import GObject
+    import NetworkManager
+
+    class MyAgent(NetworkManager.SecretAgent):
+        def GetSecrets(self, settings, connection, setting_name, hints, flags):
+            return {setting_name: {'secrets': {'password': 'TopSecret!'}}}
+
+    agent = MyAgent()
+    dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
+    Gobject.MainLoop().run()
+
+Beware that NetworkManager will ask each agent in turn in what is in essence
+random order. Except it will prioritize the program that activated the
+connection. So if you want to make sure your agent is called first, activate
+the connection from the same application.
+
 .. toctree::
    :maxdepth: 2
