From 4490f0c116d64d1c79f3ce2a1d2b0fe67549f640 Mon Sep 17 00:00:00 2001 From: Davide De Rosa Date: Wed, 27 Jan 2021 01:27:28 +0100 Subject: [PATCH] Pick tunnel password reference from existing item Assume that credentials already exist elsewhere for reuse as password reference. Avoids a redundant keychain entry. --- CHANGELOG.md | 4 ++++ .../OpenVPNTunnelProvider+Configuration.swift | 23 ++++++++++--------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9ed7343..048cdb24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Handle `--data-ciphers` and `data-ciphers-fallback` from OpenVPN 2.5 - Support DNS over HTTPS (DoH) and TLS (DoT). +### Changed + +- Pick tunnel password reference from an existing keychain item context. + ### Fixed - Do not override network DNS settings when not provided by VPN. [#197](https://github.com/passepartoutvpn/tunnelkit/issues/197) diff --git a/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider+Configuration.swift b/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider+Configuration.swift index 29acc8bd..35587183 100644 --- a/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider+Configuration.swift +++ b/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider+Configuration.swift @@ -273,24 +273,25 @@ extension OpenVPNTunnelProvider { - Parameter bundleIdentifier: The provider bundle identifier required to locate the tunnel extension. - Parameter appGroup: The name of the app group in which the tunnel extension lives in. - - Parameter credentials: The optional credentials to authenticate with. + - Parameter context: The keychain context where to look for the password reference. + - Parameter username: The username to authenticate with. - Returns: The generated `NETunnelProviderProtocol` object. - Throws: `ProviderError.credentials` if unable to store `credentials.password` to the `appGroup` keychain. */ - public func generatedTunnelProtocol(withBundleIdentifier bundleIdentifier: String, appGroup: String, credentials: OpenVPN.Credentials? = nil) throws -> NETunnelProviderProtocol { - let protocolConfiguration = NETunnelProviderProtocol() + public func generatedTunnelProtocol( + withBundleIdentifier bundleIdentifier: String, + appGroup: String, + context: String, + username: String?) throws -> NETunnelProviderProtocol { + let protocolConfiguration = NETunnelProviderProtocol() + let keychain = Keychain(group: appGroup) + protocolConfiguration.providerBundleIdentifier = bundleIdentifier protocolConfiguration.serverAddress = sessionConfiguration.hostname ?? resolvedAddresses?.first - if let username = credentials?.username, let password = credentials?.password { - let keychain = Keychain(group: appGroup) - do { - try keychain.set(password: password, for: username, context: bundleIdentifier) - } catch _ { - throw ProviderConfigurationError.credentials(details: "keychain.set()") - } + if let username = username { protocolConfiguration.username = username - protocolConfiguration.passwordReference = try? keychain.passwordReference(for: username, context: bundleIdentifier) + protocolConfiguration.passwordReference = try? keychain.passwordReference(for: username, context: context) } protocolConfiguration.providerConfiguration = generatedProviderConfiguration(appGroup: appGroup)