wg: remove key for any empty file

Rather than just using /dev/null to mean key removal, match on any empty
file, so that this interface is cross platform.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2017-01-24 04:20:05 +01:00
parent 666623a82e
commit 3606898d23
2 changed files with 18 additions and 25 deletions

View file

@ -390,7 +390,6 @@ static int read_line(char **dst, const char *path)
{ {
FILE *f; FILE *f;
size_t n = 0; size_t n = 0;
struct stat stat;
*dst = NULL; *dst = NULL;
@ -399,22 +398,15 @@ static int read_line(char **dst, const char *path)
perror("fopen"); perror("fopen");
return -1; return -1;
} }
if (fstat(fileno(f), &stat) < 0) { if (getline(dst, &n, f) < 0 && errno) {
perror("fstat");
fclose(f);
return -1;
}
if (S_ISCHR(stat.st_mode) && stat.st_rdev == makedev(1, 3)) {
fclose(f);
return 1;
}
if (getline(dst, &n, f) < 0) {
perror("getline"); perror("getline");
fclose(f); fclose(f);
return -1; return -1;
} }
fclose(f); fclose(f);
n = strlen(*dst); n = strlen(*dst);
if (!n)
return 1;
while (--n) { while (--n) {
if (isspace((*dst)[n])) if (isspace((*dst)[n]))
(*dst)[n] = '\0'; (*dst)[n] = '\0';

View file

@ -60,20 +60,21 @@ most systems but if you are using
.BR bash (1), .BR bash (1),
you may safely pass in a string by specifying as \fIprivate-key\fP or you may safely pass in a string by specifying as \fIprivate-key\fP or
\fIpreshared-key\fP the expression: <(echo PRIVATEKEYSTRING). If \fIpreshared-key\fP the expression: <(echo PRIVATEKEYSTRING). If
\fI/dev/null\fP is specified as the filename for either \fIprivate-key\fP or \fI/dev/null\fP or another empty file is specified as the filename for
\fIpreshared-key\fP, the key is removed from the device. The use of either \fIprivate-key\fP or \fIpreshared-key\fP, the key is removed from
\fIpreshared-key\fP is optional, and may be omitted; it adds an additional the device. The use of \fIpreshared-key\fP is optional, and may be omitted;
layer of symmetric-key cryptography to be mixed into the already existing it adds an additional layer of symmetric-key cryptography to be mixed into
public-key cryptography, for post-quantum resistance. If \fIallowed-ips\fP the already existing public-key cryptography, for post-quantum resistance.
is specified, but the value is the empty string, all allowed ips are removed If \fIallowed-ips\fP is specified, but the value is the empty string, all
from the peer. The use of \fIpersistent-keepalive\fP is optional and is by allowed ips are removed from the peer. The use of \fIpersistent-keepalive\fP
default off; setting it to 0 or "off", disables it. Otherwise it represents, is optional and is by default off; setting it to 0 or "off", disables it.
in seconds, between 1 and 65535 inclusive, how often to send an authenticated Otherwise it represents, in seconds, between 1 and 65535 inclusive, how often
empty packet to the peer, for the purpose of keeping a stateful firewall or NAT to send an authenticated empty packet to the peer, for the purpose of keeping
mapping valid persistently. For example, if the interface very rarely sends a stateful firewall or NAT mapping valid persistently. For example, if the
traffic, but it might at anytime receive traffic from a peer, and it is behind interface very rarely sends traffic, but it might at anytime receive traffic
NAT, the interface might benefit from having a persistent keepalive interval from a peer, and it is behind NAT, the interface might benefit from having a
of 25 seconds; however, most users will not need this. persistent keepalive interval of 25 seconds; however, most users will not need
this.
.TP .TP
\fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP \fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP
Sets the current configuration of \fI<interface>\fP to the contents of Sets the current configuration of \fI<interface>\fP to the contents of