diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-09-25 09:12:58 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2022-09-25 09:18:53 +0200 |
commit | 01fcfb82122f1f1ae1dc4efe6636474c06c6ede4 (patch) | |
tree | 6fe6eb6f4b2e76c305995dfdb4c7f45926afb8d5 /python/vyos | |
parent | adc59ad72d914073595c587f7ed98eb2e7fdd5c8 (diff) | |
download | vyos-1x-01fcfb82122f1f1ae1dc4efe6636474c06c6ede4.tar.gz vyos-1x-01fcfb82122f1f1ae1dc4efe6636474c06c6ede4.zip |
wireguard: ifconfig: T2653: use NamedTemporaryFile() when dealing with private key
This prevents habing any leftover private-key files in /tmp directory.
Diffstat (limited to 'python/vyos')
-rw-r--r-- | python/vyos/ifconfig/wireguard.py | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py index 9a92c71b8..0ae431163 100644 --- a/python/vyos/ifconfig/wireguard.py +++ b/python/vyos/ifconfig/wireguard.py @@ -1,4 +1,4 @@ -# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2022 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -17,6 +17,7 @@ import os import time from datetime import timedelta +from tempfile import NamedTemporaryFile from hurry.filesize import size from hurry.filesize import alternative @@ -170,17 +171,18 @@ class WireGuardIf(Interface): for peer, public_key in config['peer_remove'].items(): self._cmd(f'wg set {self.ifname} peer {public_key} remove') - config['private_key_file'] = '/tmp/tmp.wireguard.key' - with open(config['private_key_file'], 'w') as f: - f.write(config['private_key']) + tmp_file = NamedTemporaryFile('w') + tmp_file.write(config['private_key']) + tmp_file.flush() # Wireguard base command is identical for every peer - base_cmd = 'wg set {ifname} private-key {private_key_file}' + base_cmd = 'wg set {ifname}' if 'port' in config: base_cmd += ' listen-port {port}' if 'fwmark' in config: base_cmd += ' fwmark {fwmark}' + base_cmd += f' private-key {tmp_file.name}' base_cmd = base_cmd.format(**config) if 'peer' in config: |