wg: do not show private keys in pretty output

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2016-07-28 17:18:17 +02:00
parent 1b9a83c852
commit db69cc7119
3 changed files with 14 additions and 3 deletions

View file

@ -88,6 +88,14 @@ static char *key(const unsigned char key[static WG_KEY_LEN])
return b64; return b64;
} }
static char *masked_key(const unsigned char masked_key[static WG_KEY_LEN])
{
const char *var = getenv("WG_HIDE_KEYS");
if (var && !strcmp(var, "never"))
return key(masked_key);
return "(hidden)";
}
static char *ip(const struct wgipmask *ip) static char *ip(const struct wgipmask *ip)
{ {
static char buf[INET6_ADDRSTRLEN + 1]; static char buf[INET6_ADDRSTRLEN + 1];
@ -205,9 +213,9 @@ static void pretty_print(struct wgdevice *device)
if (memcmp(device->public_key, zero, WG_KEY_LEN)) if (memcmp(device->public_key, zero, WG_KEY_LEN))
terminal_printf(" " TERMINAL_BOLD "public key" TERMINAL_RESET ": %s\n", key(device->public_key)); terminal_printf(" " TERMINAL_BOLD "public key" TERMINAL_RESET ": %s\n", key(device->public_key));
if (memcmp(device->private_key, zero, WG_KEY_LEN)) if (memcmp(device->private_key, zero, WG_KEY_LEN))
terminal_printf(" " TERMINAL_BOLD "private key" TERMINAL_RESET ": %s\n", key(device->private_key)); terminal_printf(" " TERMINAL_BOLD "private key" TERMINAL_RESET ": %s\n", masked_key(device->private_key));
if (memcmp(device->preshared_key, zero, WG_KEY_LEN)) if (memcmp(device->preshared_key, zero, WG_KEY_LEN))
terminal_printf(" " TERMINAL_BOLD "pre-shared key" TERMINAL_RESET ": %s\n", key(device->preshared_key)); terminal_printf(" " TERMINAL_BOLD "pre-shared key" TERMINAL_RESET ": %s\n", masked_key(device->preshared_key));
if (device->port) if (device->port)
terminal_printf(" " TERMINAL_BOLD "listening port" TERMINAL_RESET ": %u\n", device->port); terminal_printf(" " TERMINAL_BOLD "listening port" TERMINAL_RESET ": %u\n", device->port);
if (device->num_peers) { if (device->num_peers) {

View file

@ -13,7 +13,7 @@
static bool color_mode(FILE *file) static bool color_mode(FILE *file)
{ {
static int mode = -1; static int mode = -1;
char *var; const char *var;
if (mode != -1) if (mode != -1)
return mode; return mode;
var = getenv("WG_COLOR_MODE"); var = getenv("WG_COLOR_MODE");

View file

@ -194,6 +194,9 @@ Note that not all keys are required.
.TP .TP
.I WG_COLOR_MODE .I WG_COLOR_MODE
If set to \fIalways\fP, always print ANSI colorized output. If set to \fInever\fP, never print ANSI colorized output. If set to \fIauto\fP, something invalid, or unset, then print ANSI colorized output only when writing to a TTY. If set to \fIalways\fP, always print ANSI colorized output. If set to \fInever\fP, never print ANSI colorized output. If set to \fIauto\fP, something invalid, or unset, then print ANSI colorized output only when writing to a TTY.
.TP
.I WG_HIDE_KEYS
If set to \fInever\fP, then the pretty-printing \fBshow\fP sub-command will show private and pre-shared keys in the output. If set to \fIalways\fP, something invalid, or unset, then private and pre-shared keys will be printed as "(hidden)".
.SH SEE ALSO .SH SEE ALSO
.BR ip (8), .BR ip (8),