From 882643185b2777ba48f93aad1de766942fb0c5b7 Mon Sep 17 00:00:00 2001
From: Callan Bryant <callan.bryant@gmail.com>
Date: Sun, 8 Mar 2020 14:10:38 +0000
Subject: [PATCH] bugfix: prevent same PSK for all peers

---
 configtypes.go |  6 +++++-
 sync.go        | 47 +++++++++--------------------------------------
 2 files changed, 14 insertions(+), 39 deletions(-)

diff --git a/configtypes.go b/configtypes.go
index f0d9a09..ec0aa30 100644
--- a/configtypes.go
+++ b/configtypes.go
@@ -179,11 +179,15 @@ func (conf DsnetConfig) GetWgPeerConfigs() []wgtypes.PeerConfig {
 	wgPeers := make([]wgtypes.PeerConfig, 0, len(conf.Peers))
 
 	for _, peer := range conf.Peers {
+		// create a new PSK in memory to avoid passing the same value by
+		// pointer to each peer (d'oh)
+		presharedKey := peer.PresharedKey.Key
+
 		wgPeers = append(wgPeers, wgtypes.PeerConfig{
 			PublicKey:         peer.PublicKey.Key,
 			Remove:            false,
 			UpdateOnly:        false,
-			PresharedKey:      &peer.PresharedKey.Key,
+			PresharedKey:      &presharedKey,
 			Endpoint:          nil,
 			ReplaceAllowedIPs: true,
 			AllowedIPs: []net.IPNet{
diff --git a/sync.go b/sync.go
index 05ec725..19a810e 100644
--- a/sync.go
+++ b/sync.go
@@ -12,48 +12,19 @@ func Sync() {
 }
 
 func ConfigureDevice(conf *DsnetConfig) {
+	peers := conf.GetWgPeerConfigs()
+
+	wgConfig := wgtypes.Config{
+		PrivateKey:   &conf.PrivateKey.Key,
+		ListenPort:   &conf.ListenPort,
+		ReplacePeers: true,
+		Peers:        peers,
+	}
+
 	wg, err := wgctrl.New()
 	check(err)
 	defer wg.Close()
 
-	dev, err := wg.Device(conf.InterfaceName)
-
-	if err != nil {
-		ExitFail("Could not retrieve device '%s' (%v)", conf.InterfaceName, err)
-	}
-
-	peers := conf.GetWgPeerConfigs()
-
-	// compare peers to see if any exist on the device and not the config. If
-	// so, they should be removed by appending a dummy peer with Remove:true + pubkey.
-	knownKeys := make(map[wgtypes.Key]bool)
-
-	for _, peer := range peers {
-		knownKeys[peer.PublicKey] = true
-	}
-
-	// find deleted peers, and append dummy "remove" peers
-	for _, peer := range dev.Peers {
-		if !knownKeys[peer.PublicKey] {
-			peers = append(peers, wgtypes.PeerConfig{
-				PublicKey: peer.PublicKey,
-				Remove:    true,
-			})
-		}
-	}
-
-	wgConfig := wgtypes.Config{
-		PrivateKey: &conf.PrivateKey.Key,
-		ListenPort: &conf.ListenPort,
-		// ReplacePeers with the same peers results in those peers losing
-		// connection, so it's not possible to do declarative configuration
-		// idempotently with ReplacePeers like I had assumed. Instead, peers
-		// must be removed imperatively with Remove:true. Peers can still be
-		// added/updated with ConfigureDevice declaratively.
-		ReplacePeers: false,
-		Peers:        peers,
-	}
-
 	err = wg.ConfigureDevice(conf.InterfaceName, wgConfig)
 
 	if err != nil {