From 2f5705b5debf958ebd6bd227a6367ddd24d5197f Mon Sep 17 00:00:00 2001 From: Nils Schneider Date: Sat, 26 Jul 2014 23:21:06 +0200 Subject: [PATCH] config-mode, mesh-vpn: refactor key generation Previously, the config-mode was responsible for generating the fastd secret. This patch sets the default secret to "generate" causing a secret to be generated on its first use (e.g. show_key or start). This also changes the info page (in Expert Mode) to show "n/a" when the public key is not yet available. --- .../controller/gluon-config-mode/index.lua | 4 +-- .../model/cbi/gluon-config-mode/wizard.lua | 4 --- .../lib/lua/luci/tools/gluon-config-mode.lua | 29 ------------------- .../usr/lib/lua/luci/view/admin/info.htm | 10 +++++-- .../invariant/020-secret-generate | 13 +++++++++ 5 files changed, 22 insertions(+), 38 deletions(-) delete mode 100644 package/gluon-config-mode/files/usr/lib/lua/luci/tools/gluon-config-mode.lua create mode 100755 package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/020-secret-generate diff --git a/package/gluon-config-mode/files/usr/lib/lua/luci/controller/gluon-config-mode/index.lua b/package/gluon-config-mode/files/usr/lib/lua/luci/controller/gluon-config-mode/index.lua index def9d401..521d8658 100644 --- a/package/gluon-config-mode/files/usr/lib/lua/luci/controller/gluon-config-mode/index.lua +++ b/package/gluon-config-mode/files/usr/lib/lua/luci/controller/gluon-config-mode/index.lua @@ -48,13 +48,13 @@ function index() end function action_reboot() - local configmode = require "luci.tools.gluon-config-mode" + local util = require "luci.util" local pubkey local uci = luci.model.uci.cursor() local meshvpn_enabled = uci:get("fastd", meshvpn_name, "enabled", "0") local sysconfig = require 'gluon.sysconfig' if meshvpn_enabled == "1" then - pubkey = configmode.get_fastd_pubkey(meshvpn_name) + pubkey = util.exec("/etc/init.d/fastd show_key " .. meshvpn_name) end uci:set("gluon-setup-mode", uci:get_first("gluon-setup-mode", "setup_mode"), "configured", "1") diff --git a/package/gluon-config-mode/files/usr/lib/lua/luci/model/cbi/gluon-config-mode/wizard.lua b/package/gluon-config-mode/files/usr/lib/lua/luci/model/cbi/gluon-config-mode/wizard.lua index ce7e549c..a663585b 100644 --- a/package/gluon-config-mode/files/usr/lib/lua/luci/model/cbi/gluon-config-mode/wizard.lua +++ b/package/gluon-config-mode/files/usr/lib/lua/luci/model/cbi/gluon-config-mode/wizard.lua @@ -1,11 +1,7 @@ -local configmode = require "luci.tools.gluon-config-mode" local meshvpn_name = "mesh_vpn" local uci = luci.model.uci.cursor() local f, s, o --- prepare fastd key as early as possible -configmode.setup_fastd_secret(meshvpn_name) - f = SimpleForm("wizard") f.reset = false f.template = "gluon-config-mode/cbi/wizard" diff --git a/package/gluon-config-mode/files/usr/lib/lua/luci/tools/gluon-config-mode.lua b/package/gluon-config-mode/files/usr/lib/lua/luci/tools/gluon-config-mode.lua deleted file mode 100644 index ba1748f1..00000000 --- a/package/gluon-config-mode/files/usr/lib/lua/luci/tools/gluon-config-mode.lua +++ /dev/null @@ -1,29 +0,0 @@ -local luci = require "luci" -local io = require "io" - -module "luci.tools.gluon-config-mode" - -function setup_fastd_secret(name) - local uci = luci.model.uci.cursor() - local secret = uci:get("fastd", name, "secret") - - if not secret or not secret:match("%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x") then - local f = io.popen("fastd --generate-key --machine-readable", "r") - local secret = f:read("*a") - f:close() - - uci:set("fastd", name, "secret", secret) - uci:save("fastd") - uci:commit("fastd") - end -end - -function get_fastd_pubkey(name) - local f = io.popen("/etc/init.d/fastd show_key " .. name, "r") - local key = f:read("*a") - f:close() - - return key -end - - diff --git a/package/gluon-luci-admin/files/usr/lib/lua/luci/view/admin/info.htm b/package/gluon-luci-admin/files/usr/lib/lua/luci/view/admin/info.htm index 5d243a89..9c384399 100644 --- a/package/gluon-luci-admin/files/usr/lib/lua/luci/view/admin/info.htm +++ b/package/gluon-luci-admin/files/usr/lib/lua/luci/view/admin/info.htm @@ -25,11 +25,15 @@ version = util.trim(fs.readfile('/lib/gluon/gluon-version')), release = util.trim(fs.readfile('/lib/gluon/release')), site = site.site_name, + pubkey = 'n/a', } - local pubkey = util.trim(util.exec('/etc/init.d/fastd show_key mesh_vpn')) - if pubkey ~= '' then - values.pubkey = pubkey + local meshvpn_enabled = uci:get("fastd", "mesh_vpn", "enabled", "0") + if meshvpn_enabled == "1" then + local pubkey = util.trim(util.exec('/etc/init.d/fastd show_key mesh_vpn')) + if pubkey ~= '' then + values.pubkey = pubkey + end end -%>

Info

diff --git a/package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/020-secret-generate b/package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/020-secret-generate new file mode 100755 index 00000000..68a2fe67 --- /dev/null +++ b/package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/020-secret-generate @@ -0,0 +1,13 @@ +#!/usr/bin/lua + +local uci = require 'luci.model.uci' + +local c = uci.cursor() + +local secret = c:get("fastd", "mesh_vpn", "secret") + +if not secret or not secret:match(("%x"):rep(64)) then + c:set("fastd", "mesh_vpn", "secret", "generate") + c:save("fastd") + c:commit("fastd") +end