deletepassphrases

#!/usr/bin/python
"""
NetworkManager has no option to not store an 802.1x passphrase. This is
annoying when you use an OTP solution such as RSA key fobs. Place this
file in /etc/NetworkManager/dispatcher.d as 99deletepassphrases and make
it executable. The passphrases for the networks listed in
/etc/NetworkManager/delete_passprases will then be deleted immediately after
the network is up. That configuration file must list each relevant SSID
on a separate line

(c) 2010 Dennis Kaarsemaker - Dedicated to the public domain
"""

SSIDS = [x.strip() for x in open('/etc/NetworkManager/delete_passphrases')]
KEYRING = 'login'

import os
import stat
import sys

# This is called from n-m as <script> <device> <action>
# Only do things when interfaces are up
if sys.argv[2] != 'up':
    sys.exit(1)

# This is run as root, but the secret resides in a users keyring. Find the
# proc folder of nm-applet and copy its environment. Also setuid to the
# correct user so gnome-keyring accepts the connection
for d in os.listdir('/proc'):
    if not d.isdigit():
        continue
    d = os.path.join('/proc', d)
    try:
        exe = os.readlink(os.path.join(d, 'exe'))
    except OSError:
        continue
    if exe == '/usr/bin/nm-applet':
        uid = os.stat(d)[stat.ST_UID]
        env = open(os.path.join(d, 'environ')).read()
        env = dict([x.split('=', 1) for x in env.split('\x00') if x])
        os.environ.update(env)
        os.setuid(uid)
        break
else:
    # Can't find nm-applet
    sys.exit(0)

# Don't import glib/gk unless we're sure we need them
import glib
import gnomekeyring as gk
glib.set_application_name('delete-nm-passphrases')

# And finally, we delete all relevant keys
for item in gk.list_item_ids_sync(KEYRING):
    info = gk.item_get_info_sync(KEYRING, item)
    name = info.get_display_name()
    if name.startswith('Network secret'):
        for ssid in SSIDS:
            if ssid in name:
                print "Deleting '%s'" % name
                gk.item_delete_sync(KEYRING, item)