diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2016-07-28 17:18:17 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-08-02 02:55:43 +0200 |
| commit | c27d64f703bb5f25e2008ed053200b99eeccd807 (patch) | |
| tree | bc86ca9bfba4cb0c302bc70369352338bfd3f0bf /src/tools | |
| parent | contrib: move patchers to contrib/kernel-tree (diff) | |
| download | wireguard-monolithic-historical-c27d64f703bb5f25e2008ed053200b99eeccd807.tar.xz wireguard-monolithic-historical-c27d64f703bb5f25e2008ed053200b99eeccd807.zip | |
tools: do not show private keys in pretty output
Diffstat (limited to 'src/tools')
| -rw-r--r-- | src/tools/show.c | 12 | ||||
| -rw-r--r-- | src/tools/terminal.c | 2 | ||||
| -rw-r--r-- | src/tools/wg.8 | 3 |
3 files changed, 14 insertions, 3 deletions
diff --git a/src/tools/show.c b/src/tools/show.c index 3a32cb8..05a8e3e 100644 --- a/src/tools/show.c +++ b/src/tools/show.c @@ -88,6 +88,14 @@ static char *key(const unsigned char key[static WG_KEY_LEN]) return b64; } +static char *masked_key(const unsigned char masked_key[static WG_KEY_LEN]) +{ + const char *var = getenv("WG_HIDE_KEYS"); + if (var && !strcmp(var, "never")) + return key(masked_key); + return "(hidden)"; +} + static char *ip(const struct wgipmask *ip) { static char buf[INET6_ADDRSTRLEN + 1]; @@ -205,9 +213,9 @@ static void pretty_print(struct wgdevice *device) if (memcmp(device->public_key, zero, WG_KEY_LEN)) terminal_printf(" " TERMINAL_BOLD "public key" TERMINAL_RESET ": %s\n", key(device->public_key)); if (memcmp(device->private_key, zero, WG_KEY_LEN)) - terminal_printf(" " TERMINAL_BOLD "private key" TERMINAL_RESET ": %s\n", key(device->private_key)); + terminal_printf(" " TERMINAL_BOLD "private key" TERMINAL_RESET ": %s\n", masked_key(device->private_key)); if (memcmp(device->preshared_key, zero, WG_KEY_LEN)) - terminal_printf(" " TERMINAL_BOLD "pre-shared key" TERMINAL_RESET ": %s\n", key(device->preshared_key)); + terminal_printf(" " TERMINAL_BOLD "pre-shared key" TERMINAL_RESET ": %s\n", masked_key(device->preshared_key)); if (device->port) terminal_printf(" " TERMINAL_BOLD "listening port" TERMINAL_RESET ": %u\n", device->port); if (device->num_peers) { diff --git a/src/tools/terminal.c b/src/tools/terminal.c index 74d04c2..c6f3f7f 100644 --- a/src/tools/terminal.c +++ b/src/tools/terminal.c @@ -13,7 +13,7 @@ static bool color_mode(FILE *file) { static int mode = -1; - char *var; + const char *var; if (mode != -1) return mode; var = getenv("WG_COLOR_MODE"); diff --git a/src/tools/wg.8 b/src/tools/wg.8 index b8e6596..0795fdf 100644 --- a/src/tools/wg.8 +++ b/src/tools/wg.8 @@ -194,6 +194,9 @@ Note that not all keys are required. .TP .I WG_COLOR_MODE If set to \fIalways\fP, always print ANSI colorized output. If set to \fInever\fP, never print ANSI colorized output. If set to \fIauto\fP, something invalid, or unset, then print ANSI colorized output only when writing to a TTY. +.TP +.I WG_HIDE_KEYS +If set to \fInever\fP, then the pretty-printing \fBshow\fP sub-command will show private and pre-shared keys in the output. If set to \fIalways\fP, something invalid, or unset, then private and pre-shared keys will be printed as "(hidden)". .SH SEE ALSO .BR ip (8), |