From c4f743e2a33ba39036f7e9919b7adc80415b1754 Mon Sep 17 00:00:00 2001 From: Hristo Venev Date: Tue, 4 Feb 2020 20:31:51 +0100 Subject: Reference preshared keys by path. --- src/config.rs | 6 +++--- src/fileutil.rs | 7 +------ src/main.rs | 8 +++----- src/manager/builder.rs | 4 ++-- src/manager/mod.rs | 6 ++++-- src/model.rs | 18 +++++++++++++++++- src/wg.rs | 24 +++++------------------- 7 files changed, 35 insertions(+), 38 deletions(-) diff --git a/src/config.rs b/src/config.rs index 6269525..362c962 100644 --- a/src/config.rs +++ b/src/config.rs @@ -2,7 +2,7 @@ // // Copyright 2019 Hristo Venev -use crate::model::{Ipv4Set, Ipv6Set, Key}; +use crate::model::{Ipv4Set, Ipv6Set, Key, Secret}; use serde_derive; use std::collections::HashMap; use std::path::PathBuf; @@ -11,7 +11,7 @@ use std::path::PathBuf; #[serde(deny_unknown_fields)] pub struct Source { pub url: String, - pub psk: Option, + pub psk: Option, pub ipv4: Ipv4Set, pub ipv6: Ipv6Set, #[serde(default)] @@ -22,7 +22,7 @@ pub struct Source { #[serde(deny_unknown_fields)] pub struct Peer { pub source: Option, - pub psk: Option, + pub psk: Option, } #[derive(Clone, PartialEq, Eq, Debug)] diff --git a/src/fileutil.rs b/src/fileutil.rs index c124fae..b138955 100644 --- a/src/fileutil.rs +++ b/src/fileutil.rs @@ -23,11 +23,6 @@ impl Drop for Temp { } impl Temp { - #[inline] - pub fn path(&self) -> &Path { - &*self.path - } - #[inline] pub fn leave(mut self) -> PathBuf { mem::replace(&mut self.path, PathBuf::new()) @@ -67,7 +62,7 @@ impl Writer { #[inline] pub fn sync_done(self) -> io::Result { self.file.sync_data()?; - Ok(self.inner) + Ok(self.done()) } #[inline] diff --git a/src/main.rs b/src/main.rs index ca4068d..8ab9fb3 100644 --- a/src/main.rs +++ b/src/main.rs @@ -37,8 +37,7 @@ fn cli_config(mut args: impl Iterator) -> Option { if key == "psk" { arg = args.next()?; - let arg = arg.to_str()?; - s.psk = Some(model::Key::from_str(arg).ok()?); + s.psk = Some(model::Secret::new(arg.into())); continue; } if key == "ipv4" { @@ -65,8 +64,7 @@ fn cli_config(mut args: impl Iterator) -> Option { if key == "psk" { arg = args.next()?; - let arg = arg.to_str()?; - p.psk = Some(model::Key::from_str(arg).ok()?); + p.psk = Some(model::Secret::new(arg.into())); continue; } if key == "source" { @@ -137,7 +135,7 @@ fn help(argv0: &str, args: Vec) -> i32 { print!( "\ Usage: - {} IFNAME CONFIG - run daemon on iterface + {} IFNAME CONFIG - run daemon on interface {} --check-source PATH - validate source JSON {} --cmdline IFNAME ... - run daemon using config passed as arguments ", diff --git a/src/manager/builder.rs b/src/manager/builder.rs index 9580d07..6ee71f2 100644 --- a/src/manager/builder.rs +++ b/src/manager/builder.rs @@ -135,7 +135,7 @@ fn insert_peer<'b>( err: &mut Vec, src: &Source, p: &proto::Peer, - psk: Option<&model::Key>, + psk: Option<&model::Secret>, update: impl for<'c> FnOnce(&'c mut model::Peer) -> (), ) -> &'b mut model::Peer { match c.peers.entry(p.public_key) { @@ -161,7 +161,7 @@ fn find_psk<'a>( gc: &'a config::GlobalConfig, src: &'a Source, p: &proto::Peer, -) -> Result, Error> { +) -> Result, Error> { let want = match gc.peers.get(&p.public_key) { Some(v) => v, None => return Ok(None), diff --git a/src/manager/mod.rs b/src/manager/mod.rs index 8df4d23..b7fb8c2 100644 --- a/src/manager/mod.rs +++ b/src/manager/mod.rs @@ -35,10 +35,12 @@ impl Manager { let runtime_directory = c.runtime_directory.ok_or_else(|| { io::Error::new(io::ErrorKind::InvalidInput, "runtime directory required") })?; - let mut state_path = runtime_directory.clone(); + + let mut state_path = runtime_directory; state_path.push("state.json"); + let mut m = Self { - dev: wg::Device::open(ifname, runtime_directory)?, + dev: wg::Device::open(ifname)?, global_config: c.global, sources: vec![], current: model::Config::empty(), diff --git a/src/model.rs b/src/model.rs index f0e1a7a..1f537bc 100644 --- a/src/model.rs +++ b/src/model.rs @@ -8,6 +8,7 @@ use base64; use std::collections::HashMap; use std::fmt; +use std::path::{Path, PathBuf}; use std::str::FromStr; mod ip; @@ -29,6 +30,21 @@ impl Key { } } +#[derive(serde_derive::Serialize, serde_derive::Deserialize, Clone, PartialEq, Eq, Debug)] +pub struct Secret(PathBuf); + +impl Secret { + #[inline] + pub fn new(path: PathBuf) -> Self { + Self(path) + } + + #[inline] + pub fn path(&self) -> &Path { + &self.0 + } +} + impl fmt::Display for Key { #[inline] fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { @@ -184,7 +200,7 @@ impl<'de> serde::Deserialize<'de> for Endpoint { #[derive(serde_derive::Serialize, serde_derive::Deserialize, Clone, PartialEq, Eq, Debug)] pub struct Peer { pub endpoint: Option, - pub psk: Option, + pub psk: Option, pub keepalive: u32, pub ipv4: Vec, pub ipv6: Vec, diff --git a/src/wg.rs b/src/wg.rs index 6a13d4e..879251b 100644 --- a/src/wg.rs +++ b/src/wg.rs @@ -2,21 +2,19 @@ // // Copyright 2019 Hristo Venev -use crate::{fileutil, model}; +use crate::model; use std::ffi::{OsStr, OsString}; -use std::path::PathBuf; use std::process::{Command, Stdio}; -use std::{env, io, mem}; +use std::{env, io}; pub struct Device { ifname: OsString, - tmpdir: PathBuf, } impl Device { #[inline] - pub fn open(ifname: OsString, tmpdir: PathBuf) -> io::Result { - let dev = Self { ifname, tmpdir }; + pub fn open(ifname: OsString) -> io::Result { + let dev = Self { ifname }; let _ = dev.get_public_key()?; Ok(dev) } @@ -60,8 +58,6 @@ impl Device { proc.arg("set"); proc.arg(&self.ifname); - let mut tmps = vec![]; - for (pubkey, conf) in &new.peers { let old_endpoint; if let Some(old_peer) = old.peers.get(pubkey) { @@ -88,16 +84,7 @@ impl Device { if let Some(psk) = &conf.psk { proc.arg("preshared-key"); - let mut tmp = self.tmpdir.clone(); - tmp.push(format!("tmp-{}", tmps.len())); - let mut tmp = fileutil::Writer::new(tmp)?; - { - use io::Write; - writeln!(tmp.file(), "{}", psk)?; - } - let tmp = tmp.done(); - proc.arg(tmp.path()); - tmps.push(tmp); + proc.arg(psk.path()); } let mut ips = String::new(); @@ -131,7 +118,6 @@ impl Device { } let r = proc.status()?; - mem::drop(tmps); if !r.success() { return Err(io::Error::new(io::ErrorKind::Other, "child process failed")); } -- cgit