Re: Activating a VPN connection without displaying the authentication dialog



On Sun, 2020-08-16 at 18:08 +0300, Ionuț Leonte wrote:
Hello Thomas,

I don't think subclassing NMSecretAgentOld is possible in Python.

You can subclass things in pygobject ([1]), but I think you cannot
override a virtual function (as you'd need).

https://pygobject.readthedocs.io/en/latest/guide/api/gobject.html

I am now
trying to use the DBus interface to register my script as a Secret
Agent but
my code never gets called. Here's my current script:

    import os
    import sys

    import gi
    gi.require_version('NM', '1.0')
    from gi.repository import Gio, GLib, NM

    base_path = os.path.abspath(os.path.dirname(sys.argv[0]))
    xml_path = os.path.join(
        base_path,
        'org.freedesktop.NetworkManager.SecretAgent.xml')

    xml = open(xml_path, 'r').read()
    node = Gio.DBusNodeInfo.new_for_xml(xml)
    loop = GLib.MainLoop()

    def handle_method_call(
        connection, sender, object_path, interface_name,
        method_name, params, invocation
    ):
        print(f"CALLED: {method_name}({params.unpack()})")
        invocation.return_gerror(GLib.Error())

    def on_bus_acquired(connection, name):
        print("Bus acquired for name, ", name)
        reg_id = connection.register_object(
            "/dev/ileonte/VPNSSO",
            node.interfaces[0],
            handle_method_call,
            None, None
        )
        print(f'reg_id = {reg_id}')

    def on_name_acquired(connection, name):
        print("Name acquired :", name)
        proxy = Gio.DBusProxy.new_for_bus_sync(
            Gio.BusType.SYSTEM,
            Gio.DBusProxyFlags.NONE,
            None,
            "org.freedesktop.NetworkManager",
            "/org/freedesktop/NetworkManager/AgentManager",
            "org.freedesktop.NetworkManager.AgentManager",
            None,
        )
        val = GLib.Variant(
            '(su)',
            (name, NM.SecretAgentCapabilities.VPN_HINTS))
        ret = proxy.call_sync(
            "RegisterWithCapabilities",
            val,
            Gio.DBusCallFlags.NO_AUTO_START,
            -1,
            None)
        print(ret)

    def on_name_lost(connection, name):
        print("Name lost :", name)
        exit(0)


    if __name__ == "__main__":
        owner_id = Gio.bus_own_name(

I don't think you need to own a (well known) name. Every connection to
the D-Bus has a unique name already (like ":1.42"). You can thus call
"RegisterWithCapabilities" and NetworkManager will try to contact you
on that name (":1.42"), where it expects you to have a D-Bus object
"/org/freedesktop/NetworkManager/SecretAgent" (with interface
"org.freedesktop.NetworkManager.SecretAgent").

            Gio.BusType.SESSION,
            "dev.ileonte.VPNSSO",
            Gio.BusNameOwnerFlags.NONE,
            on_bus_acquired,
            on_name_acquired,
            on_name_lost,
        )

        loop.run()
        Gio.bus_unown_name(owner_id)
        print("Exiting...")

I can see my object on the session bus, the call to
RegisterWithCapabilities()
seems to succeed however I never get any GetSecret() calls.

What am I doing wrong?

I'd suggest to enable level=TRACE logs and look what NetworkManager is saying.
See https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf#n28
Did it see your secret-agent register? Did it consider it for secret-
requests?


best,
Thomas

Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]