From 4eb9a92c2e6f6f57bab4a735d76e00c4c6c63777 Mon Sep 17 00:00:00 2001 From: Davide De Rosa Date: Fri, 17 Jun 2022 07:00:40 +0200 Subject: [PATCH] Hide setters of shared provider defaults Tunnel values were overwritable by app. Instead: - Write from app extension with "private" setter (_appexSet*) - Read from app with public getter --- .../OpenVPNTunnelProvider.swift | 16 +++---- .../OpenVPN+ProviderConfiguration.swift | 46 +++++++++---------- .../WireGuardTunnelProvider.swift | 10 ++-- .../WireGuard+ProviderConfiguration.swift | 18 ++++---- 4 files changed, 46 insertions(+), 44 deletions(-) diff --git a/Sources/TunnelKitOpenVPNAppExtension/OpenVPNTunnelProvider.swift b/Sources/TunnelKitOpenVPNAppExtension/OpenVPNTunnelProvider.swift index f441c2c..6e7337c 100644 --- a/Sources/TunnelKitOpenVPNAppExtension/OpenVPNTunnelProvider.swift +++ b/Sources/TunnelKitOpenVPNAppExtension/OpenVPNTunnelProvider.swift @@ -199,7 +199,7 @@ open class OpenVPNTunnelProvider: NEPacketTunnelProvider { } log.info("Starting tunnel...") - cfg.lastError = nil + cfg._appexSetLastError(nil) guard OpenVPN.prepareRandomNumberGenerator(seedLength: prngSeedLength) else { completionHandler(OpenVPNProviderConfigurationError.prngInitialization) @@ -237,7 +237,7 @@ open class OpenVPNTunnelProvider: NEPacketTunnelProvider { open override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) { pendingStartHandler = nil log.info("Stopping tunnel...") - cfg.lastError = nil + cfg._appexSetLastError(nil) guard let session = session else { flushLog() @@ -307,7 +307,7 @@ open class OpenVPNTunnelProvider: NEPacketTunnelProvider { private func connectTunnel(via socket: GenericSocket) { log.info("Will connect to \(socket)") - cfg.lastError = nil + cfg._appexSetLastError(nil) log.debug("Socket type is \(type(of: socket))") self.socket = socket @@ -380,10 +380,10 @@ open class OpenVPNTunnelProvider: NEPacketTunnelProvider { self?.refreshDataCount() } guard isCountingData, let session = session, let dataCount = session.dataCount() else { - cfg.dataCount = nil + cfg._appexSetDataCount(nil) return } - cfg.dataCount = dataCount + cfg._appexSetDataCount(dataCount) } } @@ -521,7 +521,7 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate { } } - cfg.serverConfiguration = session.serverConfiguration() as? OpenVPN.Configuration + cfg._appexSetServerConfiguration(session.serverConfiguration() as? OpenVPN.Configuration) bringNetworkUp(remoteAddress: remoteAddress, localOptions: session.configuration, options: options) { (error) in @@ -549,7 +549,7 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate { } public func sessionDidStop(_: OpenVPNSession, withError error: Error?, shouldReconnect: Bool) { - cfg.serverConfiguration = nil + cfg._appexSetServerConfiguration(nil) if let error = error { log.error("Session did stop with error: \(error)") @@ -859,7 +859,7 @@ extension OpenVPNTunnelProvider { // MARK: Errors private func setErrorStatus(with error: Error) { - cfg.lastError = unifiedError(from: error) + cfg._appexSetLastError(unifiedError(from: error)) } private func unifiedError(from error: Error) -> OpenVPNProviderError { diff --git a/Sources/TunnelKitOpenVPNManager/OpenVPN+ProviderConfiguration.swift b/Sources/TunnelKitOpenVPNManager/OpenVPN+ProviderConfiguration.swift index 3934825..54f18ed 100644 --- a/Sources/TunnelKitOpenVPNManager/OpenVPN+ProviderConfiguration.swift +++ b/Sources/TunnelKitOpenVPNManager/OpenVPN+ProviderConfiguration.swift @@ -126,38 +126,23 @@ extension OpenVPN.ProviderConfiguration { The most recent (received, sent) count in bytes. */ public var dataCount: DataCount? { - get { - return defaults?.openVPNDataCount - } - set { - defaults?.openVPNDataCount = newValue - } + return defaults?.openVPNDataCount } - + /** The server configuration pulled by the VPN. */ public var serverConfiguration: OpenVPN.Configuration? { - get { - return defaults?.openVPNServerConfiguration - } - set { - defaults?.openVPNServerConfiguration = newValue - } + return defaults?.openVPNServerConfiguration } /** The last error reported by the tunnel, if any. */ public var lastError: OpenVPNProviderError? { - get { - return defaults?.openVPNLastError - } - set { - defaults?.openVPNLastError = newValue - } + return defaults?.openVPNLastError } - + /** The URL of the latest debug log. */ @@ -177,9 +162,24 @@ extension OpenVPN.ProviderConfiguration { } } +/// :nodoc: +extension OpenVPN.ProviderConfiguration { + public func _appexSetDataCount(_ newValue: DataCount?) { + defaults?.openVPNDataCount = newValue + } + + public func _appexSetServerConfiguration(_ newValue: OpenVPN.Configuration?) { + defaults?.openVPNServerConfiguration = newValue + } + + public func _appexSetLastError(_ newValue: OpenVPNProviderError?) { + defaults?.openVPNLastError = newValue + } +} + /// :nodoc: extension UserDefaults { - public var openVPNDataCount: DataCount? { + public fileprivate(set) var openVPNDataCount: DataCount? { get { guard let rawValue = openVPNDataCountArray else { return nil @@ -211,7 +211,7 @@ extension UserDefaults { removeObject(forKey: OpenVPN.ProviderConfiguration.Keys.dataCount.rawValue) } - public var openVPNServerConfiguration: OpenVPN.Configuration? { + public fileprivate(set) var openVPNServerConfiguration: OpenVPN.Configuration? { get { guard let raw = data(forKey: OpenVPN.ProviderConfiguration.Keys.serverConfiguration.rawValue) else { return nil @@ -239,7 +239,7 @@ extension UserDefaults { } } - public var openVPNLastError: OpenVPNProviderError? { + public fileprivate(set) var openVPNLastError: OpenVPNProviderError? { get { guard let rawValue = string(forKey: OpenVPN.ProviderConfiguration.Keys.lastError.rawValue) else { return nil diff --git a/Sources/TunnelKitWireGuardAppExtension/WireGuardTunnelProvider.swift b/Sources/TunnelKitWireGuardAppExtension/WireGuardTunnelProvider.swift index 921d4b4..b2671c2 100644 --- a/Sources/TunnelKitWireGuardAppExtension/WireGuardTunnelProvider.swift +++ b/Sources/TunnelKitWireGuardAppExtension/WireGuardTunnelProvider.swift @@ -58,24 +58,24 @@ open class WireGuardTunnelProvider: NEPacketTunnelProvider { switch adapterError { case .cannotLocateTunnelFileDescriptor: wg_log(.error, staticMessage: "Starting tunnel failed: could not determine file descriptor") - self.cfg.lastError = .couldNotDetermineFileDescriptor + self.cfg._appexSetLastError(.couldNotDetermineFileDescriptor) completionHandler(WireGuardProviderError.couldNotDetermineFileDescriptor) case .dnsResolution(let dnsErrors): let hostnamesWithDnsResolutionFailure = dnsErrors.map { $0.address } .joined(separator: ", ") wg_log(.error, message: "DNS resolution failed for the following hostnames: \(hostnamesWithDnsResolutionFailure)") - self.cfg.lastError = .dnsResolutionFailure + self.cfg._appexSetLastError(.dnsResolutionFailure) completionHandler(WireGuardProviderError.dnsResolutionFailure) case .setNetworkSettings(let error): wg_log(.error, message: "Starting tunnel failed with setTunnelNetworkSettings returning \(error.localizedDescription)") - self.cfg.lastError = .couldNotSetNetworkSettings + self.cfg._appexSetLastError(.couldNotSetNetworkSettings) completionHandler(WireGuardProviderError.couldNotSetNetworkSettings) case .startWireGuardBackend(let errorCode): wg_log(.error, message: "Starting tunnel failed with wgTurnOn returning \(errorCode)") - self.cfg.lastError = .couldNotStartBackend + self.cfg._appexSetLastError(.couldNotStartBackend) completionHandler(WireGuardProviderError.couldNotStartBackend) case .invalidState: @@ -90,7 +90,7 @@ open class WireGuardTunnelProvider: NEPacketTunnelProvider { adapter.stop { error in // BEGIN: TunnelKit - self.cfg.lastError = nil + self.cfg._appexSetLastError(nil) // END: TunnelKit if let error = error { diff --git a/Sources/TunnelKitWireGuardManager/WireGuard+ProviderConfiguration.swift b/Sources/TunnelKitWireGuardManager/WireGuard+ProviderConfiguration.swift index dcd18fb..e34671b 100644 --- a/Sources/TunnelKitWireGuardManager/WireGuard+ProviderConfiguration.swift +++ b/Sources/TunnelKitWireGuardManager/WireGuard+ProviderConfiguration.swift @@ -92,14 +92,9 @@ extension WireGuard.ProviderConfiguration: NetworkExtensionConfiguration { extension WireGuard.ProviderConfiguration { public var lastError: WireGuardProviderError? { - get { - return defaults?.wireGuardLastError - } - set { - defaults?.wireGuardLastError = newValue - } + return defaults?.wireGuardLastError } - + private var defaults: UserDefaults? { return UserDefaults(suiteName: appGroup) } @@ -113,9 +108,16 @@ extension WireGuard.ProviderConfiguration { } } +/// :nodoc: +extension WireGuard.ProviderConfiguration { + public func _appexSetLastError(_ newValue: WireGuardProviderError?) { + defaults?.wireGuardLastError = newValue + } +} + /// :nodoc: extension UserDefaults { - public var wireGuardLastError: WireGuardProviderError? { + public fileprivate(set) var wireGuardLastError: WireGuardProviderError? { get { guard let rawValue = string(forKey: WireGuard.ProviderConfiguration.Keys.lastError.rawValue) else { return nil