passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Keychain: Use app group when dereferencing a password reference 

Co-authored-by: Davide De Rosa <keeshux@gmail.com>

Better retain access group every time keychain is written to or
read from, there is no good reason to omit it. Requires Keychain
method to be reverted to non-static.

Partially revert 4490f0c116, based
on wrong assumptions about password references.
This commit is contained in:
Roopesh Chander 2021-02-08 00:50:11 +05:30 committed by Davide De Rosa
parent 4114605520
commit 2b3eb5412c
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
TunnelKit/Sources/AppExtension/Keychain.swift
View File

@ -201,12 +201,10 @@ public class Keychain {
- Returns: The password for the input username and reference. - Returns: The password for the input username and reference.
- Throws: `KeychainError.notFound` if unable to find the password in the keychain. - Throws: `KeychainError.notFound` if unable to find the password in the keychain.
**/ **/
public static func password(for username: String, reference: Data, context: String? = nil) throws -> String { public func password(for username: String, reference: Data, context: String? = nil) throws -> String {
var query = [String: Any]() var query = [String: Any]()
setScope(query: &query, context: context)
query[kSecClass as String] = kSecClassGenericPassword query[kSecClass as String] = kSecClassGenericPassword
if let context = context {
query[kSecAttrService as String] = context
}
query[kSecAttrAccount as String] = username query[kSecAttrAccount as String] = username
query[kSecMatchItemList as String] = [reference] query[kSecMatchItemList as String] = [reference]
query[kSecReturnData as String] = true query[kSecReturnData as String] = true

9
TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider.swift
View File

@ -212,9 +212,12 @@ open class OpenVPNTunnelProvider: NEPacketTunnelProvider {
// optional credentials // optional credentials
let credentials: OpenVPN.Credentials? let credentials: OpenVPN.Credentials?
if let username = protocolConfiguration.username, let passwordReference = protocolConfiguration.passwordReference, if let username = protocolConfiguration.username, let passwordReference = protocolConfiguration.passwordReference {
let password = try? Keychain.password(for: username, reference: passwordReference) { let keychain = Keychain(group: appGroup)
guard let password = try? keychain.password(for: username, reference: passwordReference) else {
completionHandler(ProviderConfigurationError.credentials(details: "keychain.password(for:, reference:)"))
return
}
credentials = OpenVPN.Credentials(username, password) credentials = OpenVPN.Credentials(username, password)
} else { } else {
credentials = nil credentials = nil