From 106c58c5daa239e5738d5bcbac84220fb8ef5b92 Mon Sep 17 00:00:00 2001 From: Alejandro Mery Date: Wed, 30 Aug 2023 00:38:54 +0000 Subject: [PATCH] wireguard: switch from gcfg to asciigoat.org/ini/basic Signed-off-by: Alejandro Mery --- go.mod | 14 +-- go.sum | 28 +++--- pkg/wireguard/config.go | 117 ++---------------------- pkg/wireguard/config_parser.go | 162 +++++++++++++++++++++++++++++++++ 4 files changed, 191 insertions(+), 130 deletions(-) create mode 100644 pkg/wireguard/config_parser.go diff --git a/go.mod b/go.mod index 944154e..2067a8f 100644 --- a/go.mod +++ b/go.mod @@ -3,22 +3,23 @@ module git.jpi.io/amery/jpictl go 1.19 require ( - darvaza.org/core v0.9.5 + asciigoat.org/ini v0.2.3 + darvaza.org/core v0.9.8 darvaza.org/resolver v0.5.2 - darvaza.org/sidecar v0.0.0-20230721122716-b9c54b8adbaf - darvaza.org/slog v0.5.2 + darvaza.org/sidecar v0.0.2 + darvaza.org/slog v0.5.3 github.com/burntSushi/toml v0.3.1 github.com/hack-pad/hackpadfs v0.2.1 github.com/mgechev/revive v1.3.3 github.com/spf13/cobra v1.7.0 golang.org/x/crypto v0.12.0 - gopkg.in/gcfg.v1 v1.2.3 gopkg.in/yaml.v3 v3.0.1 ) require ( - darvaza.org/slog/handlers/filter v0.4.4 // indirect - darvaza.org/slog/handlers/zerolog v0.4.4 // indirect + asciigoat.org/core v0.3.9 // indirect + darvaza.org/slog/handlers/filter v0.4.5 // indirect + darvaza.org/slog/handlers/zerolog v0.4.5 // indirect github.com/BurntSushi/toml v1.3.2 // indirect github.com/chavacava/garif v0.1.0 // indirect github.com/fatih/color v1.15.0 // indirect @@ -40,5 +41,4 @@ require ( golang.org/x/sys v0.11.0 // indirect golang.org/x/text v0.13.0 // indirect golang.org/x/tools v0.12.0 // indirect - gopkg.in/warnings.v0 v0.1.2 // indirect ) diff --git a/go.sum b/go.sum index 018ee28..3715034 100644 --- a/go.sum +++ b/go.sum @@ -1,15 +1,19 @@ -darvaza.org/core v0.9.5 h1:sS5pZFwicaxJIQixEiqkMr9GknVHYL+EbKDMkR/4jDM= -darvaza.org/core v0.9.5/go.mod h1:O3tHBMlw+xB47uGh5CUx7dXAujBAMmD8BCRFPZmIw54= +asciigoat.org/core v0.3.9 h1:hgDDz4ecm3ZvehX++m8A/IzAt+B5oDPiRtxatzfUHPQ= +asciigoat.org/core v0.3.9/go.mod h1:CAaHwyw8MpAq4a1MYtN2dxJrsK+hmIdW50OndaQZYPI= +asciigoat.org/ini v0.2.3 h1:x5P+QDVZh79BoicYvgq3VK99ubW0e4KOq4MK2U3SNLg= +asciigoat.org/ini v0.2.3/go.mod h1:gmXzJ9XFqf1NLk5nQkj04USQ4tMtdRJHNQX6vp3DzjU= +darvaza.org/core v0.9.8 h1:luLxgfUc2pzuusYPo/Z/dC/qr9XZPKpSQw8/kS7zNUM= +darvaza.org/core v0.9.8/go.mod h1:Dbme64naxeshQfxcVJX9ZT7AiGyIY8kldfuELVtf8mw= darvaza.org/resolver v0.5.2 h1:VjHhEr/MJBszeDb7tYlXQ9Bsyh4xrDR7Sd10WAmPD6k= darvaza.org/resolver v0.5.2/go.mod h1:fFvsVPEFeMzUIWlLG47Go/6uJYtRLb9R8HIgYg3uaxE= -darvaza.org/sidecar v0.0.0-20230721122716-b9c54b8adbaf h1:ya5ZQicBb/GWll3rlqra8No7oJXks7y1m/cJGYBypv4= -darvaza.org/sidecar v0.0.0-20230721122716-b9c54b8adbaf/go.mod h1:by+bPsMa7Rxc/ZYG1qBunrtKocv/DkrPBmyFlmq/j2Q= -darvaza.org/slog v0.5.2 h1:8TG1WyHjOyh2vW6t3pjzZVaWzpko5MIIpeI7LWqHFvs= -darvaza.org/slog v0.5.2/go.mod h1:HAkEpxTA/mkiLNUXJo5qsCh8EVCtA3evje8GAaCDWHI= -darvaza.org/slog/handlers/filter v0.4.4 h1:b2e2T9fQzMdJ0ia+f6b7kw9/T9GFwhFCKob/2tqhGGU= -darvaza.org/slog/handlers/filter v0.4.4/go.mod h1:cQlJWuolB6guLug09sX/8Zrzct++M6SPCGvXR37E7Cc= -darvaza.org/slog/handlers/zerolog v0.4.4 h1:OR1ASvH1fBCq3t85t4OU6oJPPuqMB1tsDoSpsh6HVJU= -darvaza.org/slog/handlers/zerolog v0.4.4/go.mod h1:t60TeEbFcMLo74CkXC2S0rKlnwF4ixZyBR4fqIJV1GE= +darvaza.org/sidecar v0.0.2 h1:4H8FUxc43kkLjxdShN1CoxLTcoHQsZjDVwm7kt6eIK0= +darvaza.org/sidecar v0.0.2/go.mod h1:yFC3Qt3j+uS7n9CMpLxwrA68z+FNJhENoenBc9zBJJo= +darvaza.org/slog v0.5.3 h1:sQzmZXgqRh9oFMKBwEYrEpucLvKJVZxaxa2bHIA6GJ0= +darvaza.org/slog v0.5.3/go.mod h1:59d+yi+C7gn4pDDuwbbOKawERpdXthFFk1Yc+Sv6XB0= +darvaza.org/slog/handlers/filter v0.4.5 h1:CX1bMzldd67e3y3s3Sh4jK8Lyo0WMvTGBB2lD315jhc= +darvaza.org/slog/handlers/filter v0.4.5/go.mod h1:OuH9rHYg9CIErTJCZliMnFexBfP/HJ9PZ1V1VwSCZ1g= +darvaza.org/slog/handlers/zerolog v0.4.5 h1:W4cgGORx4wImr+RL96CWSQGTdkZzKX6YHXPSYJvdoB4= +darvaza.org/slog/handlers/zerolog v0.4.5/go.mod h1:mCoh/mIl8Nsa6Yu1Um7d7cos6RuEJzgaTXaX5LDRUao= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/burntSushi/toml v0.3.1 h1:Hu1cOEC2qtKULZJCzym5tyA35bZr3HREuolgiAzMlhY= @@ -92,10 +96,6 @@ golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss= golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/gcfg.v1 v1.2.3 h1:m8OOJ4ccYHnx2f4gQwpno8nAX5OGOh7RLaaz0pj3Ogs= -gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= -gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/pkg/wireguard/config.go b/pkg/wireguard/config.go index 7f3077c..8643db4 100644 --- a/pkg/wireguard/config.go +++ b/pkg/wireguard/config.go @@ -2,7 +2,6 @@ package wireguard import ( "bytes" - "errors" "fmt" "io" "net/netip" @@ -10,8 +9,8 @@ import ( "strings" "text/template" + "asciigoat.org/ini/basic" "darvaza.org/core" - "gopkg.in/gcfg.v1" ) var configTemplate = template.Must(template.New("config").Funcs(template.FuncMap{ @@ -132,98 +131,6 @@ func (ep *EndpointAddress) FromString(s string) error { return nil } -type intermediateConfig struct { - Interface interfaceConfig - Peer peersConfig -} - -func (v *intermediateConfig) Export() (*Config, error) { - var out Config - var err error - - // Interface - out.Interface, err = v.Interface.Export() - if err != nil { - return nil, err - } - - // Peers - peers, ok := v.PeersCount() - if !ok { - return nil, errors.New("inconsistent Peer data") - } - - for i := 0; i < peers; i++ { - p, err := v.ExportPeer(i) - if err != nil { - err = core.Wrapf(err, "Peer[%v]:", i) - return nil, err - } - - out.Peer = append(out.Peer, p) - } - - return &out, nil -} - -type interfaceConfig struct { - Address netip.Addr - PrivateKey string - ListenPort uint16 -} - -func (p interfaceConfig) Export() (InterfaceConfig, error) { - var err error - - out := InterfaceConfig{ - Address: p.Address, - ListenPort: p.ListenPort, - } - - out.PrivateKey, err = PrivateKeyFromBase64(p.PrivateKey) - if err != nil { - err = core.Wrap(err, "PrivateKey") - return InterfaceConfig{}, err - } - - return out, nil -} - -type peersConfig struct { - PublicKey []string - Endpoint []string - AllowedIPs []string -} - -func (v *intermediateConfig) ExportPeer(i int) (PeerConfig, error) { - var out PeerConfig - - // Endpoint - s := v.Peer.Endpoint[i] - err := out.Endpoint.FromString(s) - if err != nil { - err = core.Wrap(err, "Endpoint") - return out, err - } - - // PublicKey - out.PublicKey, err = PublicKeyFromBase64(v.Peer.PublicKey[i]) - if err != nil { - err = core.Wrap(err, "PublicKey") - return out, err - } - - // AllowedIPs - s = v.Peer.AllowedIPs[i] - out.AllowedIPs, err = parseAllowedIPs(s) - if err != nil { - err = core.Wrap(err, "AllowedIPs") - return out, err - } - - return out, nil -} - func parseAllowedIPs(data string) ([]netip.Prefix, error) { var out []netip.Prefix @@ -240,25 +147,17 @@ func parseAllowedIPs(data string) ([]netip.Prefix, error) { return out, nil } -func (v *intermediateConfig) PeersCount() (int, bool) { - c0 := len(v.Peer.Endpoint) - c1 := len(v.Peer.PublicKey) - c2 := len(v.Peer.AllowedIPs) - - if c0 != c1 || c1 != c2 { - return 0, false - } - - return c0, true -} - // NewConfigFromReader parses a wgN.conf file func NewConfigFromReader(r io.Reader) (*Config, error) { - temp := &intermediateConfig{} + doc, err := basic.Decode(r) + if err != nil { + return nil, err + } - if err := gcfg.ReadInto(temp, r); err != nil { + cfg, err := newConfigFromDocument(doc) + if err != nil { return nil, err } - return temp.Export() + return cfg, nil } diff --git a/pkg/wireguard/config_parser.go b/pkg/wireguard/config_parser.go new file mode 100644 index 0000000..4981564 --- /dev/null +++ b/pkg/wireguard/config_parser.go @@ -0,0 +1,162 @@ +package wireguard + +import ( + "io/fs" + "strconv" + + "asciigoat.org/ini/basic" + "darvaza.org/core" +) + +func loadConfSection(out *Config, src *basic.Section) error { + switch src.Key { + case "Interface": + return loadInterfaceConfSection(out, src) + case "Peer": + return loadPeerConfSection(out, src) + default: + return core.Wrapf(fs.ErrInvalid, "unknown section %q", src.Key) + } +} + +func loadInterfaceConfSection(out *Config, src *basic.Section) error { + var cfg InterfaceConfig + + for _, field := range src.Fields { + if err := loadInterfaceConfField(&cfg, field); err != nil { + return core.Wrap(err, "Interface") + } + } + + out.Interface = cfg + return nil +} + +func loadPeerConfSection(out *Config, src *basic.Section) error { + var cfg PeerConfig + + for _, field := range src.Fields { + if err := loadPeerConfField(&cfg, field); err != nil { + return core.Wrapf(err, "Peer[%v]", len(out.Peer)) + } + } + + out.Peer = append(out.Peer, cfg) + return nil +} + +// revive:disable:cyclomatic +// revive:disable:cognitive-complexity + +func loadInterfaceConfField(cfg *InterfaceConfig, field basic.Field) error { + // revive:enable:cyclomatic + // revive:enable:cognitive-complexity + switch field.Key { + case "Address": + if !core.IsZero(cfg.Address) { + return core.Wrapf(fs.ErrInvalid, "duplicate field %q", field.Key) + } + + err := cfg.Address.UnmarshalText([]byte(field.Value)) + switch { + case err != nil: + return core.Wrap(err, field.Key) + default: + return nil + } + case "PrivateKey": + if !core.IsZero(cfg.PrivateKey) { + return core.Wrapf(fs.ErrInvalid, "duplicate field %q", field.Key) + } + + err := cfg.PrivateKey.UnmarshalText([]byte(field.Value)) + switch { + case err != nil: + return core.Wrap(err, field.Key) + default: + return nil + } + case "ListenPort": + if cfg.ListenPort > 0 { + return core.Wrapf(fs.ErrInvalid, "duplicate field %q", field.Key) + } + + u64, err := strconv.ParseUint(field.Value, 10, 16) + switch { + case err != nil: + return core.Wrap(err, field.Key) + case u64 == 0: + return core.Wrapf(fs.ErrInvalid, "invalid %q value", field.Key) + default: + cfg.ListenPort = uint16(u64) + return nil + } + default: + return core.Wrapf(fs.ErrInvalid, "unknown field %q", field.Key) + } +} + +// revive:disable:cyclomatic +// revive:disable:cognitive-complexity + +func loadPeerConfField(cfg *PeerConfig, field basic.Field) error { + // revive:enable:cyclomatic + // revive:enable:cognitive-complexity + + switch field.Key { + case "PublicKey": + if !core.IsZero(cfg.PublicKey) { + return core.Wrapf(fs.ErrInvalid, "duplicate field %q", field.Key) + } + + err := cfg.PublicKey.UnmarshalText([]byte(field.Value)) + switch { + case err != nil: + return core.Wrap(err, field.Key) + default: + return nil + } + case "Endpoint": + if cfg.Endpoint.String() != "" { + return core.Wrapf(fs.ErrInvalid, "duplicate field %q", field.Key) + } + + err := cfg.Endpoint.UnmarshalText([]byte(field.Value)) + switch { + case err != nil: + return core.Wrap(err, field.Key) + default: + return nil + } + case "AllowedIPs": + s, err := parseAllowedIPs(field.Value) + switch { + case err != nil: + return core.Wrap(err, field.Key) + case len(s) > 0: + cfg.AllowedIPs = append(cfg.AllowedIPs, s...) + return nil + } + default: + return core.Wrapf(fs.ErrInvalid, "unknown field %q", field.Key) + } + return nil +} + +func newConfigFromDocument(doc *basic.Document) (*Config, error) { + var out Config + + if len(doc.Global) > 0 { + err := core.Wrap(fs.ErrInvalid, "fields before the first section") + return nil, err + } + + for i := range doc.Sections { + src := &doc.Sections[i] + if err := loadConfSection(&out, src); err != nil { + return nil, err + } + } + + return &out, nil +}