wg: remove key for any empty file
Rather than just using /dev/null to mean key removal, match on any empty file, so that this interface is cross platform. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
666623a82e
commit
3606898d23
14
src/config.c
14
src/config.c
|
@ -390,7 +390,6 @@ static int read_line(char **dst, const char *path)
|
||||||
{
|
{
|
||||||
FILE *f;
|
FILE *f;
|
||||||
size_t n = 0;
|
size_t n = 0;
|
||||||
struct stat stat;
|
|
||||||
|
|
||||||
*dst = NULL;
|
*dst = NULL;
|
||||||
|
|
||||||
|
@ -399,22 +398,15 @@ static int read_line(char **dst, const char *path)
|
||||||
perror("fopen");
|
perror("fopen");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (fstat(fileno(f), &stat) < 0) {
|
if (getline(dst, &n, f) < 0 && errno) {
|
||||||
perror("fstat");
|
|
||||||
fclose(f);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (S_ISCHR(stat.st_mode) && stat.st_rdev == makedev(1, 3)) {
|
|
||||||
fclose(f);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
if (getline(dst, &n, f) < 0) {
|
|
||||||
perror("getline");
|
perror("getline");
|
||||||
fclose(f);
|
fclose(f);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
fclose(f);
|
fclose(f);
|
||||||
n = strlen(*dst);
|
n = strlen(*dst);
|
||||||
|
if (!n)
|
||||||
|
return 1;
|
||||||
while (--n) {
|
while (--n) {
|
||||||
if (isspace((*dst)[n]))
|
if (isspace((*dst)[n]))
|
||||||
(*dst)[n] = '\0';
|
(*dst)[n] = '\0';
|
||||||
|
|
29
src/wg.8
29
src/wg.8
|
@ -60,20 +60,21 @@ most systems but if you are using
|
||||||
.BR bash (1),
|
.BR bash (1),
|
||||||
you may safely pass in a string by specifying as \fIprivate-key\fP or
|
you may safely pass in a string by specifying as \fIprivate-key\fP or
|
||||||
\fIpreshared-key\fP the expression: <(echo PRIVATEKEYSTRING). If
|
\fIpreshared-key\fP the expression: <(echo PRIVATEKEYSTRING). If
|
||||||
\fI/dev/null\fP is specified as the filename for either \fIprivate-key\fP or
|
\fI/dev/null\fP or another empty file is specified as the filename for
|
||||||
\fIpreshared-key\fP, the key is removed from the device. The use of
|
either \fIprivate-key\fP or \fIpreshared-key\fP, the key is removed from
|
||||||
\fIpreshared-key\fP is optional, and may be omitted; it adds an additional
|
the device. The use of \fIpreshared-key\fP is optional, and may be omitted;
|
||||||
layer of symmetric-key cryptography to be mixed into the already existing
|
it adds an additional layer of symmetric-key cryptography to be mixed into
|
||||||
public-key cryptography, for post-quantum resistance. If \fIallowed-ips\fP
|
the already existing public-key cryptography, for post-quantum resistance.
|
||||||
is specified, but the value is the empty string, all allowed ips are removed
|
If \fIallowed-ips\fP is specified, but the value is the empty string, all
|
||||||
from the peer. The use of \fIpersistent-keepalive\fP is optional and is by
|
allowed ips are removed from the peer. The use of \fIpersistent-keepalive\fP
|
||||||
default off; setting it to 0 or "off", disables it. Otherwise it represents,
|
is optional and is by default off; setting it to 0 or "off", disables it.
|
||||||
in seconds, between 1 and 65535 inclusive, how often to send an authenticated
|
Otherwise it represents, in seconds, between 1 and 65535 inclusive, how often
|
||||||
empty packet to the peer, for the purpose of keeping a stateful firewall or NAT
|
to send an authenticated empty packet to the peer, for the purpose of keeping
|
||||||
mapping valid persistently. For example, if the interface very rarely sends
|
a stateful firewall or NAT mapping valid persistently. For example, if the
|
||||||
traffic, but it might at anytime receive traffic from a peer, and it is behind
|
interface very rarely sends traffic, but it might at anytime receive traffic
|
||||||
NAT, the interface might benefit from having a persistent keepalive interval
|
from a peer, and it is behind NAT, the interface might benefit from having a
|
||||||
of 25 seconds; however, most users will not need this.
|
persistent keepalive interval of 25 seconds; however, most users will not need
|
||||||
|
this.
|
||||||
.TP
|
.TP
|
||||||
\fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP
|
\fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP
|
||||||
Sets the current configuration of \fI<interface>\fP to the contents of
|
Sets the current configuration of \fI<interface>\fP to the contents of
|
||||||
|
|
Loading…
Reference in a new issue