summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2019-09-10 11:28:53 -0700
committerhagbard <vyosdev@derith.de>2019-09-10 11:28:53 -0700
commitdb07e6fa76d90eaf80a06729753fb89266437674 (patch)
tree03fc289e6a3ab71d11e80a0d625338f4d506c33a
parent1017c8103f12ebd6db4f250d8a154571fff32db1 (diff)
downloadvyos-1x-db07e6fa76d90eaf80a06729753fb89266437674.tar.gz
vyos-1x-db07e6fa76d90eaf80a06729753fb89266437674.zip
[wireguard]: T1650 - cli option to delete default wg key
-rw-r--r--op-mode-definitions/wireguard.xml6
-rwxr-xr-xsrc/conf_mode/interface-wireguard.py7
-rwxr-xr-xsrc/op_mode/wireguard.py18
3 files changed, 14 insertions, 17 deletions
diff --git a/op-mode-definitions/wireguard.xml b/op-mode-definitions/wireguard.xml
index 785af202c..3c54c81bd 100644
--- a/op-mode-definitions/wireguard.xml
+++ b/op-mode-definitions/wireguard.xml
@@ -12,7 +12,7 @@
<properties>
<help>generate a wireguard keypair</help>
</properties>
- <command>${vyos_op_scripts_dir}/wireguard.py --genkey</command>
+ <command>sudo ${vyos_op_scripts_dir}/wireguard.py --genkey</command>
</leafNode>
<leafNode name="preshared-key">
<properties>
@@ -119,9 +119,9 @@
<help>Delete wireguard properties</help>
</properties>
<children>
- <tagNode name="named-keypair">
+ <tagNode name="keypair">
<properties>
- <help>Delete wireguard named keypair</help>
+ <help>Delete a wireguard keypair</help>
<completionHelp>
<script>${vyos_op_scripts_dir}/wireguard.py --listkdir</script>
</completionHelp>
diff --git a/src/conf_mode/interface-wireguard.py b/src/conf_mode/interface-wireguard.py
index 0f9e66aa6..d51a7a08d 100755
--- a/src/conf_mode/interface-wireguard.py
+++ b/src/conf_mode/interface-wireguard.py
@@ -31,7 +31,6 @@ intfc = WireGuardIf(ifname)
kdir = r'/config/auth/wireguard'
-
def check_kmod():
if not os.path.exists('/sys/module/wireguard'):
sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod")
@@ -55,7 +54,7 @@ def get_config():
'fwmark': 0x00,
'mtu': 1420,
'peer': {},
- 'pk': '{}/private.key'.format(kdir)
+ 'pk' : '{}/default/private.key'.format(kdir)
}
}
@@ -81,8 +80,7 @@ def get_config():
if c.exists(ifname + ' mtu'):
config_data[ifname]['mtu'] = c.return_value(ifname + ' mtu')
if c.exists(ifname + ' private-key'):
- config_data[ifname]['pk'] = "{0}/{1}/private.key".format(
- kdir, c.return_value(ifname + ' private-key'))
+ config_data[ifname]['pk'] = "{0}/{1}/private.key".format(kdir,c.return_value(ifname + ' private-key'))
if c.exists(ifname + ' peer'):
for p in c.list_nodes(ifname + ' peer'):
if not c.exists(ifname + ' peer ' + p + ' disable'):
@@ -113,7 +111,6 @@ def get_config():
return config_data
-
def verify(c):
if not c:
return None
diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py
index e48da2e40..4e93ec6aa 100755
--- a/src/op_mode/wireguard.py
+++ b/src/op_mode/wireguard.py
@@ -91,18 +91,16 @@ def genpsk():
subprocess.call(['wg genpsk'], shell=True)
-
def list_key_dirs():
- """ lists all dirs under /config/auth/wireguard """
+ """ lists all dirs under /config/auth/wireguard """
if os.path.exists(dir):
nks = next(os.walk(dir))[1]
for nk in nks:
print (nk)
-
def del_key_dir(kname):
""" deletes /config/auth/wireguard/<kname> """
- kdir = "{0}/{1}".format(dir, kname)
+ kdir = "{0}/{1}".format(dir,kname)
if not os.path.isdir(kdir):
print ("named keypair {} not found".format(kname))
return 1
@@ -133,24 +131,26 @@ if __name__ == '__main__':
if args.location:
genkey("{0}/{1}".format(dir, args.location))
else:
- genkey(dir)
-
+ genkey("{}/default".format(dir))
if args.showpub:
if args.location:
showkey("{0}/{1}/public.key".format(dir, args.location))
else:
- showkey("{}/public.key".format(dir))
+ showkey("{}/default/public.key".format(dir))
if args.showpriv:
if args.location:
showkey("{0}/{1}/private.key".format(dir, args.location))
else:
- showkey("{}/private".format(dir))
+ showkey("{}/default/private.key".format(dir))
if args.genpsk:
genpsk()
if args.listkdir:
list_key_dirs()
if args.delkdir:
- del_key_dir(args.location)
+ if args.location:
+ del_key_dir(args.location)
+ else:
+ del_key_dir("default")
except ConfigError as e:
print(e)