Compare commits
8 Commits
1.0.14-25
...
am/codable
| Author | SHA1 | Date | |
|---|---|---|---|
| 977ec25e79 | |||
| 23618f994f | |||
| ba644415c7 | |||
| 10da5cfdef | |||
| 75b6925deb | |||
| 03a59ff38e | |||
| abf506c1fe | |||
| dfb685f258 |
@ -72,7 +72,7 @@ extension NETunnelProviderProtocol {
|
||||
#error("Unimplemented")
|
||||
#endif
|
||||
guard passwordReference == nil else { return true }
|
||||
wg_log(.debug, message: "Migrating tunnel configuration '\(name)'")
|
||||
wg_log(.info, message: "Migrating tunnel configuration '\(name)'")
|
||||
passwordReference = Keychain.makeReference(containing: oldConfig, called: name)
|
||||
return true
|
||||
}
|
||||
@ -81,6 +81,27 @@ extension NETunnelProviderProtocol {
|
||||
providerConfiguration = ["UID": getuid()]
|
||||
return true
|
||||
}
|
||||
#elseif os(iOS)
|
||||
if #available(iOS 15, *) {
|
||||
/* Update the stored reference from the old iOS 14 one to the canonical iOS 15 one.
|
||||
* The iOS 14 ones are 96 bits, while the iOS 15 ones are 160 bits. We do this so
|
||||
* that we can have fast set exclusion in deleteReferences safely. */
|
||||
if passwordReference != nil && passwordReference!.count == 12 {
|
||||
var result: CFTypeRef?
|
||||
let ret = SecItemCopyMatching([kSecValuePersistentRef: passwordReference!,
|
||||
kSecReturnPersistentRef: true] as CFDictionary,
|
||||
&result)
|
||||
if ret != errSecSuccess || result == nil {
|
||||
return false
|
||||
}
|
||||
guard let newReference = result as? Data else { return false }
|
||||
if !newReference.elementsEqual(passwordReference!) {
|
||||
wg_log(.info, message: "Migrating iOS 14-style keychain reference to iOS 15-style keychain reference for '\(name)'")
|
||||
passwordReference = newReference
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
return false
|
||||
}
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
VERSION_NAME = 1.0.14
|
||||
VERSION_ID = 25
|
||||
VERSION_NAME = 1.0.15
|
||||
VERSION_ID = 26
|
||||
|
||||
@ -42,7 +42,7 @@ extension ActivateOnDemandOption {
|
||||
}
|
||||
}
|
||||
tunnelProviderManager.onDemandRules = rules
|
||||
tunnelProviderManager.isOnDemandEnabled = false
|
||||
tunnelProviderManager.isOnDemandEnabled = (rules != nil) && tunnelProviderManager.isOnDemandEnabled
|
||||
}
|
||||
|
||||
init(from tunnelProviderManager: NETunnelProviderManager) {
|
||||
|
||||
@ -56,19 +56,21 @@ class TunnelsManager {
|
||||
tunnelManager.saveToPreferences { _ in }
|
||||
}
|
||||
#if os(iOS)
|
||||
let verify = true
|
||||
let passwordRef = proto.verifyConfigurationReference() ? proto.passwordReference : nil
|
||||
#elseif os(macOS)
|
||||
let verify = proto.providerConfiguration?["UID"] as? uid_t == getuid()
|
||||
let passwordRef: Data?
|
||||
if proto.providerConfiguration?["UID"] as? uid_t == getuid() {
|
||||
passwordRef = proto.verifyConfigurationReference() ? proto.passwordReference : nil
|
||||
} else {
|
||||
passwordRef = proto.passwordReference // To handle multiple users in macOS, we skip verifying
|
||||
}
|
||||
#else
|
||||
#error("Unimplemented")
|
||||
#endif
|
||||
if verify && !proto.verifyConfigurationReference() {
|
||||
wg_log(.error, message: "Unable to verify keychain entry of tunnel: \(tunnelManager.localizedDescription ?? "<unknown>")")
|
||||
}
|
||||
if let ref = proto.passwordReference {
|
||||
if let ref = passwordRef {
|
||||
refs.insert(ref)
|
||||
} else {
|
||||
wg_log(.error, message: "Removing orphaned tunnel with missing keychain entry: \(tunnelManager.localizedDescription ?? "<unknown>")")
|
||||
wg_log(.info, message: "Removing orphaned tunnel with non-verifying keychain entry: \(tunnelManager.localizedDescription ?? "<unknown>")")
|
||||
tunnelManager.removeFromPreferences { _ in }
|
||||
tunnelManagers.remove(at: index)
|
||||
}
|
||||
@ -204,7 +206,10 @@ class TunnelsManager {
|
||||
}
|
||||
}
|
||||
|
||||
func modify(tunnel: TunnelContainer, tunnelConfiguration: TunnelConfiguration, onDemandOption: ActivateOnDemandOption, completionHandler: @escaping (TunnelsManagerError?) -> Void) {
|
||||
func modify(tunnel: TunnelContainer, tunnelConfiguration: TunnelConfiguration,
|
||||
onDemandOption: ActivateOnDemandOption,
|
||||
shouldEnsureOnDemandEnabled: Bool = false,
|
||||
completionHandler: @escaping (TunnelsManagerError?) -> Void) {
|
||||
let tunnelName = tunnelConfiguration.name ?? ""
|
||||
if tunnelName.isEmpty {
|
||||
completionHandler(TunnelsManagerError.tunnelNameEmpty)
|
||||
@ -212,6 +217,20 @@ class TunnelsManager {
|
||||
}
|
||||
|
||||
let tunnelProviderManager = tunnel.tunnelProvider
|
||||
|
||||
let isIntroducingOnDemandRules = (tunnelProviderManager.onDemandRules ?? []).isEmpty && onDemandOption != .off
|
||||
if isIntroducingOnDemandRules && tunnel.status != .inactive && tunnel.status != .deactivating {
|
||||
tunnel.onDeactivated = { [weak self] in
|
||||
self?.modify(tunnel: tunnel, tunnelConfiguration: tunnelConfiguration,
|
||||
onDemandOption: onDemandOption, shouldEnsureOnDemandEnabled: true,
|
||||
completionHandler: completionHandler)
|
||||
}
|
||||
self.startDeactivation(of: tunnel)
|
||||
return
|
||||
} else {
|
||||
tunnel.onDeactivated = nil
|
||||
}
|
||||
|
||||
let oldName = tunnelProviderManager.localizedDescription ?? ""
|
||||
let isNameChanged = tunnelName != oldName
|
||||
if isNameChanged {
|
||||
@ -229,8 +248,11 @@ class TunnelsManager {
|
||||
}
|
||||
tunnelProviderManager.isEnabled = true
|
||||
|
||||
let isActivatingOnDemand = !tunnelProviderManager.isOnDemandEnabled && onDemandOption != .off
|
||||
let isActivatingOnDemand = !tunnelProviderManager.isOnDemandEnabled && shouldEnsureOnDemandEnabled
|
||||
onDemandOption.apply(on: tunnelProviderManager)
|
||||
if shouldEnsureOnDemandEnabled {
|
||||
tunnelProviderManager.isOnDemandEnabled = true
|
||||
}
|
||||
|
||||
tunnelProviderManager.saveToPreferences { [weak self] error in
|
||||
if let error = error {
|
||||
@ -497,6 +519,11 @@ class TunnelsManager {
|
||||
}
|
||||
}
|
||||
|
||||
if session.status == .disconnected {
|
||||
tunnel.onDeactivated?()
|
||||
tunnel.onDeactivated = nil
|
||||
}
|
||||
|
||||
if tunnel.status == .restarting && session.status == .disconnected {
|
||||
tunnel.startActivation(activationDelegate: self.activationDelegate)
|
||||
return
|
||||
@ -567,6 +594,7 @@ class TunnelContainer: NSObject {
|
||||
var activationAttemptId: String?
|
||||
var activationTimer: Timer?
|
||||
var deactivationTimer: Timer?
|
||||
var onDeactivated: (() -> Void)?
|
||||
|
||||
fileprivate var tunnelProvider: NETunnelProviderManager {
|
||||
didSet {
|
||||
|
||||
@ -159,10 +159,6 @@ class TunnelListCell: UITableViewCell {
|
||||
statusSwitch.isUserInteractionEnabled = (status == .inactive || status == .active)
|
||||
}
|
||||
|
||||
if tunnel.tunnelConfiguration == nil {
|
||||
statusSwitch.isUserInteractionEnabled = false
|
||||
backgroundColor = .systemPink
|
||||
}
|
||||
}
|
||||
|
||||
private func reset(animated: Bool) {
|
||||
|
||||
@ -344,7 +344,6 @@ extension TunnelsListTableViewController: UITableViewDelegate {
|
||||
}
|
||||
guard let tunnelsManager = tunnelsManager else { return }
|
||||
let tunnel = tunnelsManager.tunnel(at: indexPath.row)
|
||||
guard tunnel.tunnelConfiguration != nil else { return }
|
||||
showTunnelDetail(for: tunnel, animated: true)
|
||||
}
|
||||
|
||||
|
||||
@ -14,6 +14,6 @@ class LaunchedAtLoginDetector {
|
||||
let then = data.withUnsafeBytes { ptr in
|
||||
ptr.load(as: UInt64.self)
|
||||
}
|
||||
return now - then <= 5000000000
|
||||
return now - then <= 20000000000
|
||||
}
|
||||
}
|
||||
|
||||
@ -27,6 +27,29 @@ extension IPAddressRange: Hashable {
|
||||
}
|
||||
}
|
||||
|
||||
extension IPAddressRange: Codable {
|
||||
public func encode(to encoder: Encoder) throws {
|
||||
var container = encoder.singleValueContainer()
|
||||
|
||||
try container.encode(self.stringRepresentation)
|
||||
}
|
||||
|
||||
public init(from decoder: Decoder) throws {
|
||||
let container = try decoder.singleValueContainer()
|
||||
let value = try container.decode(String.self)
|
||||
|
||||
if let ipAddressRange = IPAddressRange(from: value) {
|
||||
self = ipAddressRange
|
||||
} else {
|
||||
let context = DecodingError.Context(
|
||||
codingPath: container.codingPath,
|
||||
debugDescription: "Invalid IPAddressRange representation"
|
||||
)
|
||||
throw DecodingError.dataCorrupted(context)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
extension IPAddressRange {
|
||||
public var stringRepresentation: String {
|
||||
return "\(address)/\(networkPrefixLength)"
|
||||
|
||||
Reference in New Issue
Block a user