Hide setters of shared provider defaults

Tunnel values were overwritable by app.

Instead:

- Write from app extension with "private" setter (_appexSet*)

- Read from app with public getter
This commit is contained in:
Davide De Rosa 2022-06-17 07:00:40 +02:00
parent 178dda56ac
commit 4eb9a92c2e
4 changed files with 46 additions and 44 deletions

View File

@ -199,7 +199,7 @@ open class OpenVPNTunnelProvider: NEPacketTunnelProvider {
} }
log.info("Starting tunnel...") log.info("Starting tunnel...")
cfg.lastError = nil cfg._appexSetLastError(nil)
guard OpenVPN.prepareRandomNumberGenerator(seedLength: prngSeedLength) else { guard OpenVPN.prepareRandomNumberGenerator(seedLength: prngSeedLength) else {
completionHandler(OpenVPNProviderConfigurationError.prngInitialization) completionHandler(OpenVPNProviderConfigurationError.prngInitialization)
@ -237,7 +237,7 @@ open class OpenVPNTunnelProvider: NEPacketTunnelProvider {
open override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) { open override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
pendingStartHandler = nil pendingStartHandler = nil
log.info("Stopping tunnel...") log.info("Stopping tunnel...")
cfg.lastError = nil cfg._appexSetLastError(nil)
guard let session = session else { guard let session = session else {
flushLog() flushLog()
@ -307,7 +307,7 @@ open class OpenVPNTunnelProvider: NEPacketTunnelProvider {
private func connectTunnel(via socket: GenericSocket) { private func connectTunnel(via socket: GenericSocket) {
log.info("Will connect to \(socket)") log.info("Will connect to \(socket)")
cfg.lastError = nil cfg._appexSetLastError(nil)
log.debug("Socket type is \(type(of: socket))") log.debug("Socket type is \(type(of: socket))")
self.socket = socket self.socket = socket
@ -380,10 +380,10 @@ open class OpenVPNTunnelProvider: NEPacketTunnelProvider {
self?.refreshDataCount() self?.refreshDataCount()
} }
guard isCountingData, let session = session, let dataCount = session.dataCount() else { guard isCountingData, let session = session, let dataCount = session.dataCount() else {
cfg.dataCount = nil cfg._appexSetDataCount(nil)
return return
} }
cfg.dataCount = dataCount cfg._appexSetDataCount(dataCount)
} }
} }
@ -521,7 +521,7 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate {
} }
} }
cfg.serverConfiguration = session.serverConfiguration() as? OpenVPN.Configuration cfg._appexSetServerConfiguration(session.serverConfiguration() as? OpenVPN.Configuration)
bringNetworkUp(remoteAddress: remoteAddress, localOptions: session.configuration, options: options) { (error) in bringNetworkUp(remoteAddress: remoteAddress, localOptions: session.configuration, options: options) { (error) in
@ -549,7 +549,7 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate {
} }
public func sessionDidStop(_: OpenVPNSession, withError error: Error?, shouldReconnect: Bool) { public func sessionDidStop(_: OpenVPNSession, withError error: Error?, shouldReconnect: Bool) {
cfg.serverConfiguration = nil cfg._appexSetServerConfiguration(nil)
if let error = error { if let error = error {
log.error("Session did stop with error: \(error)") log.error("Session did stop with error: \(error)")
@ -859,7 +859,7 @@ extension OpenVPNTunnelProvider {
// MARK: Errors // MARK: Errors
private func setErrorStatus(with error: Error) { private func setErrorStatus(with error: Error) {
cfg.lastError = unifiedError(from: error) cfg._appexSetLastError(unifiedError(from: error))
} }
private func unifiedError(from error: Error) -> OpenVPNProviderError { private func unifiedError(from error: Error) -> OpenVPNProviderError {

View File

@ -126,37 +126,22 @@ extension OpenVPN.ProviderConfiguration {
The most recent (received, sent) count in bytes. The most recent (received, sent) count in bytes.
*/ */
public var dataCount: DataCount? { public var dataCount: DataCount? {
get {
return defaults?.openVPNDataCount return defaults?.openVPNDataCount
} }
set {
defaults?.openVPNDataCount = newValue
}
}
/** /**
The server configuration pulled by the VPN. The server configuration pulled by the VPN.
*/ */
public var serverConfiguration: OpenVPN.Configuration? { public var serverConfiguration: OpenVPN.Configuration? {
get {
return defaults?.openVPNServerConfiguration return defaults?.openVPNServerConfiguration
} }
set {
defaults?.openVPNServerConfiguration = newValue
}
}
/** /**
The last error reported by the tunnel, if any. The last error reported by the tunnel, if any.
*/ */
public var lastError: OpenVPNProviderError? { public var lastError: OpenVPNProviderError? {
get {
return defaults?.openVPNLastError return defaults?.openVPNLastError
} }
set {
defaults?.openVPNLastError = newValue
}
}
/** /**
The URL of the latest debug log. The URL of the latest debug log.
@ -177,9 +162,24 @@ extension OpenVPN.ProviderConfiguration {
} }
} }
/// :nodoc:
extension OpenVPN.ProviderConfiguration {
public func _appexSetDataCount(_ newValue: DataCount?) {
defaults?.openVPNDataCount = newValue
}
public func _appexSetServerConfiguration(_ newValue: OpenVPN.Configuration?) {
defaults?.openVPNServerConfiguration = newValue
}
public func _appexSetLastError(_ newValue: OpenVPNProviderError?) {
defaults?.openVPNLastError = newValue
}
}
/// :nodoc: /// :nodoc:
extension UserDefaults { extension UserDefaults {
public var openVPNDataCount: DataCount? { public fileprivate(set) var openVPNDataCount: DataCount? {
get { get {
guard let rawValue = openVPNDataCountArray else { guard let rawValue = openVPNDataCountArray else {
return nil return nil
@ -211,7 +211,7 @@ extension UserDefaults {
removeObject(forKey: OpenVPN.ProviderConfiguration.Keys.dataCount.rawValue) removeObject(forKey: OpenVPN.ProviderConfiguration.Keys.dataCount.rawValue)
} }
public var openVPNServerConfiguration: OpenVPN.Configuration? { public fileprivate(set) var openVPNServerConfiguration: OpenVPN.Configuration? {
get { get {
guard let raw = data(forKey: OpenVPN.ProviderConfiguration.Keys.serverConfiguration.rawValue) else { guard let raw = data(forKey: OpenVPN.ProviderConfiguration.Keys.serverConfiguration.rawValue) else {
return nil return nil
@ -239,7 +239,7 @@ extension UserDefaults {
} }
} }
public var openVPNLastError: OpenVPNProviderError? { public fileprivate(set) var openVPNLastError: OpenVPNProviderError? {
get { get {
guard let rawValue = string(forKey: OpenVPN.ProviderConfiguration.Keys.lastError.rawValue) else { guard let rawValue = string(forKey: OpenVPN.ProviderConfiguration.Keys.lastError.rawValue) else {
return nil return nil

View File

@ -58,24 +58,24 @@ open class WireGuardTunnelProvider: NEPacketTunnelProvider {
switch adapterError { switch adapterError {
case .cannotLocateTunnelFileDescriptor: case .cannotLocateTunnelFileDescriptor:
wg_log(.error, staticMessage: "Starting tunnel failed: could not determine file descriptor") wg_log(.error, staticMessage: "Starting tunnel failed: could not determine file descriptor")
self.cfg.lastError = .couldNotDetermineFileDescriptor self.cfg._appexSetLastError(.couldNotDetermineFileDescriptor)
completionHandler(WireGuardProviderError.couldNotDetermineFileDescriptor) completionHandler(WireGuardProviderError.couldNotDetermineFileDescriptor)
case .dnsResolution(let dnsErrors): case .dnsResolution(let dnsErrors):
let hostnamesWithDnsResolutionFailure = dnsErrors.map { $0.address } let hostnamesWithDnsResolutionFailure = dnsErrors.map { $0.address }
.joined(separator: ", ") .joined(separator: ", ")
wg_log(.error, message: "DNS resolution failed for the following hostnames: \(hostnamesWithDnsResolutionFailure)") wg_log(.error, message: "DNS resolution failed for the following hostnames: \(hostnamesWithDnsResolutionFailure)")
self.cfg.lastError = .dnsResolutionFailure self.cfg._appexSetLastError(.dnsResolutionFailure)
completionHandler(WireGuardProviderError.dnsResolutionFailure) completionHandler(WireGuardProviderError.dnsResolutionFailure)
case .setNetworkSettings(let error): case .setNetworkSettings(let error):
wg_log(.error, message: "Starting tunnel failed with setTunnelNetworkSettings returning \(error.localizedDescription)") wg_log(.error, message: "Starting tunnel failed with setTunnelNetworkSettings returning \(error.localizedDescription)")
self.cfg.lastError = .couldNotSetNetworkSettings self.cfg._appexSetLastError(.couldNotSetNetworkSettings)
completionHandler(WireGuardProviderError.couldNotSetNetworkSettings) completionHandler(WireGuardProviderError.couldNotSetNetworkSettings)
case .startWireGuardBackend(let errorCode): case .startWireGuardBackend(let errorCode):
wg_log(.error, message: "Starting tunnel failed with wgTurnOn returning \(errorCode)") wg_log(.error, message: "Starting tunnel failed with wgTurnOn returning \(errorCode)")
self.cfg.lastError = .couldNotStartBackend self.cfg._appexSetLastError(.couldNotStartBackend)
completionHandler(WireGuardProviderError.couldNotStartBackend) completionHandler(WireGuardProviderError.couldNotStartBackend)
case .invalidState: case .invalidState:
@ -90,7 +90,7 @@ open class WireGuardTunnelProvider: NEPacketTunnelProvider {
adapter.stop { error in adapter.stop { error in
// BEGIN: TunnelKit // BEGIN: TunnelKit
self.cfg.lastError = nil self.cfg._appexSetLastError(nil)
// END: TunnelKit // END: TunnelKit
if let error = error { if let error = error {

View File

@ -92,13 +92,8 @@ extension WireGuard.ProviderConfiguration: NetworkExtensionConfiguration {
extension WireGuard.ProviderConfiguration { extension WireGuard.ProviderConfiguration {
public var lastError: WireGuardProviderError? { public var lastError: WireGuardProviderError? {
get {
return defaults?.wireGuardLastError return defaults?.wireGuardLastError
} }
set {
defaults?.wireGuardLastError = newValue
}
}
private var defaults: UserDefaults? { private var defaults: UserDefaults? {
return UserDefaults(suiteName: appGroup) return UserDefaults(suiteName: appGroup)
@ -113,9 +108,16 @@ extension WireGuard.ProviderConfiguration {
} }
} }
/// :nodoc:
extension WireGuard.ProviderConfiguration {
public func _appexSetLastError(_ newValue: WireGuardProviderError?) {
defaults?.wireGuardLastError = newValue
}
}
/// :nodoc: /// :nodoc:
extension UserDefaults { extension UserDefaults {
public var wireGuardLastError: WireGuardProviderError? { public fileprivate(set) var wireGuardLastError: WireGuardProviderError? {
get { get {
guard let rawValue = string(forKey: WireGuard.ProviderConfiguration.Keys.lastError.rawValue) else { guard let rawValue = string(forKey: WireGuard.ProviderConfiguration.Keys.lastError.rawValue) else {
return nil return nil