diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-07-28 17:18:17 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-08-02 02:55:43 +0200 |
commit | c27d64f703bb5f25e2008ed053200b99eeccd807 (patch) | |
tree | bc86ca9bfba4cb0c302bc70369352338bfd3f0bf /src/tools/show.c | |
parent | contrib: move patchers to contrib/kernel-tree (diff) | |
download | wireguard-monolithic-historical-c27d64f703bb5f25e2008ed053200b99eeccd807.tar.xz wireguard-monolithic-historical-c27d64f703bb5f25e2008ed053200b99eeccd807.zip |
tools: do not show private keys in pretty output
Diffstat (limited to 'src/tools/show.c')
-rw-r--r-- | src/tools/show.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/tools/show.c b/src/tools/show.c index 3a32cb8..05a8e3e 100644 --- a/src/tools/show.c +++ b/src/tools/show.c @@ -88,6 +88,14 @@ static char *key(const unsigned char key[static WG_KEY_LEN]) return b64; } +static char *masked_key(const unsigned char masked_key[static WG_KEY_LEN]) +{ + const char *var = getenv("WG_HIDE_KEYS"); + if (var && !strcmp(var, "never")) + return key(masked_key); + return "(hidden)"; +} + static char *ip(const struct wgipmask *ip) { static char buf[INET6_ADDRSTRLEN + 1]; @@ -205,9 +213,9 @@ static void pretty_print(struct wgdevice *device) if (memcmp(device->public_key, zero, WG_KEY_LEN)) terminal_printf(" " TERMINAL_BOLD "public key" TERMINAL_RESET ": %s\n", key(device->public_key)); if (memcmp(device->private_key, zero, WG_KEY_LEN)) - terminal_printf(" " TERMINAL_BOLD "private key" TERMINAL_RESET ": %s\n", key(device->private_key)); + terminal_printf(" " TERMINAL_BOLD "private key" TERMINAL_RESET ": %s\n", masked_key(device->private_key)); if (memcmp(device->preshared_key, zero, WG_KEY_LEN)) - terminal_printf(" " TERMINAL_BOLD "pre-shared key" TERMINAL_RESET ": %s\n", key(device->preshared_key)); + terminal_printf(" " TERMINAL_BOLD "pre-shared key" TERMINAL_RESET ": %s\n", masked_key(device->preshared_key)); if (device->port) terminal_printf(" " TERMINAL_BOLD "listening port" TERMINAL_RESET ": %u\n", device->port); if (device->num_peers) { |