bugfix: prevent same PSK for all peers

This commit is contained in:
Callan Bryant 2020-03-08 14:10:38 +00:00
parent 8fd1114f01
commit 882643185b
No known key found for this signature in database
GPG Key ID: C31FA9DF3ACBFFAA
2 changed files with 14 additions and 39 deletions

View File

@ -179,11 +179,15 @@ func (conf DsnetConfig) GetWgPeerConfigs() []wgtypes.PeerConfig {
wgPeers := make([]wgtypes.PeerConfig, 0, len(conf.Peers))
for _, peer := range conf.Peers {
// create a new PSK in memory to avoid passing the same value by
// pointer to each peer (d'oh)
presharedKey := peer.PresharedKey.Key
wgPeers = append(wgPeers, wgtypes.PeerConfig{
PublicKey: peer.PublicKey.Key,
Remove: false,
UpdateOnly: false,
PresharedKey: &peer.PresharedKey.Key,
PresharedKey: &presharedKey,
Endpoint: nil,
ReplaceAllowedIPs: true,
AllowedIPs: []net.IPNet{

39
sync.go
View File

@ -12,48 +12,19 @@ func Sync() {
}
func ConfigureDevice(conf *DsnetConfig) {
wg, err := wgctrl.New()
check(err)
defer wg.Close()
dev, err := wg.Device(conf.InterfaceName)
if err != nil {
ExitFail("Could not retrieve device '%s' (%v)", conf.InterfaceName, err)
}
peers := conf.GetWgPeerConfigs()
// compare peers to see if any exist on the device and not the config. If
// so, they should be removed by appending a dummy peer with Remove:true + pubkey.
knownKeys := make(map[wgtypes.Key]bool)
for _, peer := range peers {
knownKeys[peer.PublicKey] = true
}
// find deleted peers, and append dummy "remove" peers
for _, peer := range dev.Peers {
if !knownKeys[peer.PublicKey] {
peers = append(peers, wgtypes.PeerConfig{
PublicKey: peer.PublicKey,
Remove: true,
})
}
}
wgConfig := wgtypes.Config{
PrivateKey: &conf.PrivateKey.Key,
ListenPort: &conf.ListenPort,
// ReplacePeers with the same peers results in those peers losing
// connection, so it's not possible to do declarative configuration
// idempotently with ReplacePeers like I had assumed. Instead, peers
// must be removed imperatively with Remove:true. Peers can still be
// added/updated with ConfigureDevice declaratively.
ReplacePeers: false,
ReplacePeers: true,
Peers: peers,
}
wg, err := wgctrl.New()
check(err)
defer wg.Close()
err = wg.ConfigureDevice(conf.InterfaceName, wgConfig)
if err != nil {