Commit Graph

114 Commits

Author SHA1 Message Date
Jason A. Donenfeld ccc7472fd7 WireGuardKitGo: bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2023-02-14 16:09:14 +01:00
John Biggs 12b095470a WireGuardKit: fix incorrect IP address allocation size
According to [1], the `capacity` parameter is specified as "the number
of instances of T in the re-bound region" and not the total size of the
rebound struct.

Without this patch, there are crashes in the extension with the
following error:

  Fatal error: self must be a properly aligned pointer for types Pointee and T`

Since the subsequent line in the code only reads `sizeof(in_addr)` or
`sizeof(in6_addr)` anyway, change the `capacity` parameter to just be a
count of 1.

[1] https://developer.apple.com/documentation/swift/unsafepointer/withmemoryrebound(to:capacity:_:)

Signed-off-by: John Biggs <john.biggs@proton.ch>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2023-02-08 13:08:40 -03:00
Jason A. Donenfeld 9c07693951 global: apply MIT more consistently
People keep asking.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-11-17 01:17:52 +01:00
Roopesh Chander 23618f994f UI: When saving on-demand rules, deactivate if reqd and then save
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-09-28 00:16:35 +05:30
Roopesh Chander ba644415c7 UI: When saving on-demand rules on a config, enable on-demand if active
When a user saves on-demand rules on the configuration, set
onDemandEnabled to true if the tunnel is active, and false if it isn't.
Then deactivate the tunnel.

Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-09-24 01:01:10 +05:30
Jason A. Donenfeld 10da5cfdef App: version bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-23 06:20:28 +02:00
Jason A. Donenfeld 75b6925deb UI: macOS: increase login detector file timeout
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-23 06:19:48 +02:00
Jason A. Donenfeld 03a59ff38e Model: migrate iOS 14 keychain references to iOS 15 format
Keychain references used to be bijective, but with the change in format,
Apple tried to be too clever, and references are no longer bijective.
This lead to us deleting keychain entries, which in turn emptied out
people's configs upon upgrading to iOS 15. Disaster!

Fix this by detecting the change in format and saving the new password
reference. We still rely on this being bijective moving forward;
hopefully this bug won't repeat itself. It would be nice to not rely on
that property, but doing so without grinding startup to a halt isn't
obviously done, given how slow the keychain accesses are and how limited
the API is.

Reported-by: Eddie <stunnel@attglobal.net>
Reported-by: Anatoli <me@anatoli.ws>
Reported-by: Alan Graham <alan@meshify.app>
Reported-by: Jacob Wilder <oss@jacobwilder.org>
Reported-by: Miguel Arroz <miguel.arroz@gmail.com>
Reported-by: Reid Rankin <reidrankin@gmail.com>
Reported-by: Fabien <patate.cosmique@pm.me>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-23 06:11:19 +02:00
Jason A. Donenfeld abf506c1fe UI: iOS: remove list pinking when no config
This reverts commit 86afd1a46a.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-23 06:08:53 +02:00
Jason A. Donenfeld dfb685f258 WireGuardApp: restore old keychain consistency behavior
This reverts commit adcbd17ebe.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-23 05:40:10 +02:00
Jason A. Donenfeld f3798d0e11 App: version bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-22 20:59:19 +02:00
Jason A. Donenfeld 86afd1a46a UI: iOS: disable list rows when no config
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-22 20:56:25 +02:00
Jason A. Donenfeld 7171df84fa WireGuardApp: use file to communicate launch-by-login-helper
Apple event params are broken on recent macOS versions.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-22 19:22:44 +02:00
Jason A. Donenfeld d882a486a9 Keychain: remove class constraint when copying
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-22 16:51:25 +02:00
Jason A. Donenfeld adcbd17ebe WireGuardApp: do not delete unverifying profiles ever
The Keychain code is much too fragile, and it's better to err on the
safe side. Instead just log an error when this happens.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-22 07:13:48 +02:00
Jason A. Donenfeld 3d8de22b96 WireGuardKitGo: bump wireguard-go version
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-22 06:58:14 +02:00
Roopesh Chander ba4d1e7b21 MacAppStoreUpdateDetector: Detect StoreAEService correctly
In macOS 10.15 and macOS 11, the quit Apple event is sent by:
  com.apple.AppStoreDaemon.StoreAEService

In some earlier macOS release, the quit Apple event was sent by:
  com.apple.CommerceKit.StoreAEService

Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-09-22 06:58:14 +02:00
Roopesh Chander f5a14b8434 MacAppStoreUpdateDetector: Add pid to the log
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-09-22 06:58:14 +02:00
Jason A. Donenfeld b74eb7239a WireGuardKitGo: include new homebrew location in PATH
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-22 06:58:14 +02:00
Roopesh Chander a8226b35d2 build: Fix swiftlint warnings
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-09-22 06:58:14 +02:00
Roopesh Chander 73c708d902 build: Fix swift warnings
Use 'AnyObject' instead of 'class' to restrict protocol inheritance

Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-09-22 06:58:14 +02:00
Jason A. Donenfeld 54697a3240 UI: Use 'On-Demand', with hyphen, consistently
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-22 06:58:14 +02:00
Jason A. Donenfeld 3428bfbc9e UI: macOS: do on-demand ritual for clicking list item too
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-09-22 02:40:49 +02:00
Roopesh Chander cfd1b16801 UI: Consider on-demand to be enabled iff the tunnel provider is enabled
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-08-03 16:35:18 +05:30
Roopesh Chander ca70fe9ddc UI: When setting on-demand, avoid a second saveToPreferences() call
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-08-03 16:34:57 +05:30
Roopesh Chander 55c587b443 UI: When saving on-demand rules, don't set isOnDemandEnabled
When adding or modifying a config, when on-demand options are set by a
user, the rules are saved, but isOnDemandEnabled is left unset (and can
be set by the appropriate control in the detail view (switch in iOS /
button in macOS)).

Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-08-02 23:25:53 +05:30
Roopesh Chander b6831c1aca UI: macOS: Incorporate on-demand-ness in status menu
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-30 13:29:38 +05:30
Roopesh Chander 2ac17da7cb UI: macOS: Tunnel detail: Incorporate on-demand-ness in toggle button
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-30 13:29:33 +05:30
Roopesh Chander 274c4cd092 UI: macOS: Tunnel detail: Incorporate on-demand-ness in the status row
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-30 13:29:28 +05:30
Roopesh Chander 95e1409bfb UI: macOS: Tunnel list: Incorporate on-demand-ness in the status circle
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-30 13:29:25 +05:30
Roopesh Chander 2c2c53b1f8 UI: macOS: Add yellow circle image
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-30 13:29:09 +05:30
Roopesh Chander 9cbfec99df UI: Localizations: Remove alertTunnelActivationFailureOnDemandAddendum
It's not used anymore.

Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 15:55:17 +05:30
Roopesh Chander 1bd6dcb7e7 UI: Remove addendum on on-demand from error on tunnel activation
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 11:52:54 +05:30
Roopesh Chander c1fe8b0162 UI: When setting on-demand, enable the tunnel if required
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 11:52:54 +05:30
Roopesh Chander 64c2fb337d UI: iOS: Tunnels list: Move the "On Demand" label to the right
Having that at the bottom makes it harder for iOS to get
the row height correctly.

Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:35:05 +05:30
Roopesh Chander 147ac02f0d UI: iOS: Show on-demand state in 'Status' if there are on-demand rules
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:35:05 +05:30
Roopesh Chander 03ef79c0fd UI: When reloading tunnels, preserve '.waiting' state
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:35:05 +05:30
Roopesh Chander a261d84fc6 UI: When deactivating for activating another tunnel, disable on-demand
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:35:05 +05:30
Roopesh Chander abaf1f1454 UI: Keep on-demand rules even if on-demand is disabled
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:34:36 +05:30
Roopesh Chander 1e9e21bacf UI: iOS: Tunnel detail: Incorporate on-demand-ness in 'Status'
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:18:02 +05:30
Andrej Mihajlov ac9f7b9f5e UI: iOS: Show "on-demand is active" for tunnels with the active on-demand
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:18:02 +05:30
Roopesh Chander a115dd3bd9 UI: iOS: Tunnels list: Incorporate on-demand-ness in the switch
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:18:01 +05:30
Roopesh Chander df9934a4b8 UI: TunnelsManager: Add setOnDemandEnabled() instance method
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:18:01 +05:30
Roopesh Chander 40f18de4d2 UI: TunnelsManager: Add TunnelContainer.hasOnDemandRules
Signed-off-by: Roopesh Chander <roop@roopc.net>
2021-07-28 03:18:01 +05:30
Jason A. Donenfeld 13b720442d Global: bump copyright year
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-17 16:56:46 +02:00
Andrej Mihajlov c1f509d65b Kit: add missing import for WireGuardKitC
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2021-06-17 15:15:41 +02:00
Jason A. Donenfeld 87f0526f09 App: version bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-16 18:34:54 +02:00
Jason A. Donenfeld 060c027325 Kit: Go: mod bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-16 18:03:28 +02:00
Jason A. Donenfeld 23bf3cfccb Kit: Adapter: use more reliable utun detection technique
Rather than hoping that the AF_SYSTEM fd is of type utun, and then
calling "2" on it to get the name -- which could be defined as something
else for a different AF_SYSTEM socket type -- instead simply query the
AF_SYSTEM control socket ID with getpeername. This has one catch, which
is that the ID is dynamically allocated, so we resolve it using the
qualified name. Normally we'd make a new AF_SYSTEM socket for this, but
since that's not allowed in the sandbox, we reuse the AF_SYSTEM socket
that we're checking. At this point in the flow, we know that it's a
proper AF_SYSTEM one, based on the first sockaddr member; we just don't
know that it's a utun variety.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-16 17:40:12 +02:00
Jason A. Donenfeld 7f5ad3e503 Kit: Adapter: iterate through all FDs to find UTUN
This is a bit of a kludge, until I find something better. We simply
iterate through all FDs, and call getsockopt on each one until we find
the utun FD. This works, and completes rather quickly (fd is usually 6
or 7). Rather than maintain the old path for older kernels, just use
this for all versions, to get more coverage. Other techniques involve
undocumented APIs; this one has the advantage of using nothing
undocumented.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2021-06-16 15:56:21 +02:00