diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-10-27 22:37:42 +0200 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-10-28 00:48:32 +0200 |
commit | c2ff9aa158b81fa66ce9c810e891ad25d4a7f14b (patch) | |
tree | c961287bca034d543c01271c692b0dc74e9608ff /src/conf_mode | |
parent | a61e1a78fe116bb44fe55be3493de7c4dbe8db97 (diff) | |
download | vyos-1x-c2ff9aa158b81fa66ce9c810e891ad25d4a7f14b.tar.gz vyos-1x-c2ff9aa158b81fa66ce9c810e891ad25d4a7f14b.zip |
wireguard: T4774: Prevent duplicate peer public keys
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces-wireguard.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 8d738f55e..762bad94f 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -87,6 +87,8 @@ def verify(wireguard): 'cannot be used for the interface!') # run checks on individual configured WireGuard peer + public_keys = [] + for tmp in wireguard['peer']: peer = wireguard['peer'][tmp] @@ -100,6 +102,11 @@ def verify(wireguard): raise ConfigError('Both Wireguard port and address must be defined ' f'for peer "{tmp}" if either one of them is set!') + if peer['public_key'] in public_keys: + raise ConfigError(f'Duplicate public-key defined on peer "{tmp}"') + + public_keys.append(peer['public_key']) + def apply(wireguard): tmp = WireGuardIf(wireguard['ifname']) if 'deleted' in wireguard: |