summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-10-27 22:37:42 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-10-28 00:48:32 +0200
commitc2ff9aa158b81fa66ce9c810e891ad25d4a7f14b (patch)
treec961287bca034d543c01271c692b0dc74e9608ff /src/conf_mode
parenta61e1a78fe116bb44fe55be3493de7c4dbe8db97 (diff)
downloadvyos-1x-c2ff9aa158b81fa66ce9c810e891ad25d4a7f14b.tar.gz
vyos-1x-c2ff9aa158b81fa66ce9c810e891ad25d4a7f14b.zip
wireguard: T4774: Prevent duplicate peer public keys
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-wireguard.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 8d738f55e..762bad94f 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -87,6 +87,8 @@ def verify(wireguard):
'cannot be used for the interface!')
# run checks on individual configured WireGuard peer
+ public_keys = []
+
for tmp in wireguard['peer']:
peer = wireguard['peer'][tmp]
@@ -100,6 +102,11 @@ def verify(wireguard):
raise ConfigError('Both Wireguard port and address must be defined '
f'for peer "{tmp}" if either one of them is set!')
+ if peer['public_key'] in public_keys:
+ raise ConfigError(f'Duplicate public-key defined on peer "{tmp}"')
+
+ public_keys.append(peer['public_key'])
+
def apply(wireguard):
tmp = WireGuardIf(wireguard['ifname'])
if 'deleted' in wireguard: