AZEN-SGG/amnezia-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

iOS Wireguard

Browse source
This commit is contained in:
pokamest 2021-10-23 04:26:47 -07:00
parent 421f665e85
commit 7701efc704
117 changed files with 6577 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
client/platforms/ios/iosadjusthelper.h Normal file
View file

@ -0,0 +1,16 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef IOSADJUSTHELPER_H
#define IOSADJUSTHELPER_H
#include <QString>
class IOSAdjustHelper final {
public:
static void initialize();
static void trackEvent(const QString& eventToken);
};
#endif // IOSADJUSTHELPER_H

37
client/platforms/ios/iosadjusthelper.mm Normal file
View file

@ -0,0 +1,37 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "iosadjusthelper.h"
#include "logger.h"
#include "constants.h"
#import <AdjustSdk/Adjust.h>
namespace {
Logger logger(LOG_IOS, "IOSAdjustHelper");
} // namespace
void IOSAdjustHelper::initialize() {
NSString *adjustToken = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"ADJUST_SDK_TOKEN"];
if(adjustToken.length) {
NSString *environment = Constants::inProduction() ? ADJEnvironmentProduction : ADJEnvironmentSandbox;
ADJConfig *adjustConfig = [ADJConfig configWithAppToken:adjustToken
environment:environment];
[adjustConfig setLogLevel:ADJLogLevelDebug];
[Adjust appDidLaunch:adjustConfig];
}
}
void IOSAdjustHelper::trackEvent(const QString& eventToken) {
NSString *adjustToken = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"ADJUST_SDK_TOKEN"];
if(adjustToken.length) {
ADJEvent *event = [ADJEvent eventWithEventToken:eventToken.toNSString()];
[Adjust trackEvent:event];
}
}

23
client/platforms/ios/iosauthenticationlistener.h Normal file
View file

@ -0,0 +1,23 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef IOSAUTHENTICATIONLISTENER_H
#define IOSAUTHENTICATIONLISTENER_H
#include "authenticationlistener.h"
#include <QObject>
class IOSAuthenticationListener final : public AuthenticationListener {
Q_DISABLE_COPY_MOVE(IOSAuthenticationListener)
public:
IOSAuthenticationListener(QObject* parent);
~IOSAuthenticationListener();
void start(const QString& codeChallenge, const QString& codeChallengeMethod,
const QString& emailAddress) override;
};
#endif // IOSAUTHENTICATIONLISTENER_H

139
client/platforms/ios/iosauthenticationlistener.mm Normal file
View file

@ -0,0 +1,139 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "iosauthenticationlistener.h"
#include "leakdetector.h"
#include "logger.h"
#include "mozillavpn.h"
#include "qmlengineholder.h"
#include <QApplication>
#include <QUrl>
#include <QUrlQuery>
#include <QtGui/qpa/qplatformnativeinterface.h>
#include <QtGui>
#include <QWindow>
#include <QQmlApplicationEngine>
#import <UIKit/UIKit.h>
#import <AuthenticationServices/ASWebAuthenticationSession.h>
namespace {
Logger logger({LOG_IOS, LOG_MAIN}, "IOSAuthenticationListener");
ASWebAuthenticationSession* session = nullptr;
} // namespace
#if __IPHONE_OS_VERSION_MAX_ALLOWED >= 130000
@interface ContextProvider : NSObject <ASWebAuthenticationPresentationContextProviding> {
UIView* m_view;
}
@end
@implementation ContextProvider
- (id)initWithUIView:(UIView*)uiView {
self = [super init];
if (self) {
m_view = uiView;
}
return self;
}
# pragma mark - ASWebAuthenticationPresentationContextProviding
- (nonnull ASPresentationAnchor)presentationAnchorForWebAuthenticationSession:
(nonnull ASWebAuthenticationSession*)session API_AVAILABLE(ios(13.0)) {
return m_view.window;
}
@end
#endif
IOSAuthenticationListener::IOSAuthenticationListener(QObject* parent)
: AuthenticationListener(parent) {
MVPN_COUNT_CTOR(IOSAuthenticationListener);
}
IOSAuthenticationListener::~IOSAuthenticationListener() {
MVPN_COUNT_DTOR(IOSAuthenticationListener);
}
void IOSAuthenticationListener::start(const QString& codeChallenge,
const QString& codeChallengeMethod,
const QString& emailAddress) {
logger.debug() << "IOSAuthenticationListener initialize";
QUrl url(createAuthenticationUrl(AmneziaVPN::AuthenticationInBrowser, codeChallenge,
codeChallengeMethod, emailAddress));
QUrlQuery query(url.query());
query.addQueryItem("platform", "ios");
url.setQuery(query);
#ifdef QT_DEBUG
logger.debug() << "Authentication URL:" << url.toString();
#endif
if (session) {
[session dealloc];
session = nullptr;
}
session = [[ASWebAuthenticationSession alloc]
initWithURL:url.toNSURL()
callbackURLScheme:@"mozilla-vpn"
completionHandler:^(NSURL* _Nullable callbackURL, NSError* _Nullable error) {
[session dealloc];
session = nullptr;
if (error) {
logger.error() << "Authentication failed:"
<< QString::fromNSString([error localizedDescription]);
logger.error() << "Code:" << [error code];
logger.error() << "Suggestion:"
<< QString::fromNSString([error localizedRecoverySuggestion]);
logger.error() << "Reason:" << QString::fromNSString([error localizedFailureReason]);
if ([error code] == ASWebAuthenticationSessionErrorCodeCanceledLogin) {
emit abortedByUser();
} else {
emit failed(ErrorHandler::RemoteServiceError);
}
return;
}
QUrl callbackUrl = QUrl::fromNSURL(callbackURL);
logger.debug() << "Authentication completed";
Q_ASSERT(callbackUrl.hasQuery());
QUrlQuery callbackUrlQuery(callbackUrl.query());
Q_ASSERT(callbackUrlQuery.hasQueryItem("code"));
QString code = callbackUrlQuery.queryItemValue("code");
emit completed(code);
}];
#if __IPHONE_OS_VERSION_MAX_ALLOWED >= 130000
QObject* rootObject = QmlEngineHolder::instance()->engine()->rootObjects().first();
QWindow* window = qobject_cast<QWindow*>(rootObject);
Q_ASSERT(window);
UIView* view = static_cast<UIView*>(
QGuiApplication::platformNativeInterface()->nativeResourceForWindow("uiview", window));
if (@available(iOS 13, *)) {
session.presentationContextProvider = [[ContextProvider alloc] initWithUIView:view];
}
#endif
if (![session start]) {
[session dealloc];
session = nullptr;
logger.error() << "Authentication failed: session doesn't start.";
emit failed(ErrorHandler::RemoteServiceError);
}
}

39
client/platforms/ios/ioscontroller.h Normal file
View file

@ -0,0 +1,39 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef IOSCONTROLLER_H
#define IOSCONTROLLER_H
#include "controllerimpl.h"
#include <QObject>
class IOSController final : public ControllerImpl {
Q_DISABLE_COPY_MOVE(IOSController)
public:
IOSController();
~IOSController();
void initialize(const Device* device, const Keys* keys) override;
void activate(const QList<Server>& serverList, const Device* device,
const Keys* keys,
const QList<IPAddressRange>& allowedIPAddressRanges,
const QList<QString>& vpnDisabledApps,
const QHostAddress& dnsServer, Reason reason) override;
void deactivate(Reason reason) override;
void checkStatus() override;
void getBackendLogs(std::function<void(const QString&)>&& callback) override;
void cleanupBackendLogs() override;
private:
bool m_checkingStatus = false;
};
#endif // IOSCONTROLLER_H

240
client/platforms/ios/ioscontroller.mm Normal file
View file

@ -0,0 +1,240 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "ioscontroller.h"
#include "Mozilla_VPN-Swift.h"
#include "device.h"
#include "ipaddressrange.h"
#include "keys.h"
#include "leakdetector.h"
#include "logger.h"
#include "mozillavpn.h"
#include "server.h"
#include "settingsholder.h"
#include <QByteArray>
#include <QFile>
#include <QHostAddress>
namespace {
Logger logger({LOG_IOS, LOG_CONTROLLER}, "IOSController");
// Our Swift singleton.
IOSControllerImpl* impl = nullptr;
} // namespace
IOSController::IOSController() {
MVPN_COUNT_CTOR(IOSController);
logger.debug() << "created";
Q_ASSERT(!impl);
}
IOSController::~IOSController() {
MVPN_COUNT_DTOR(IOSController);
logger.debug() << "deallocated";
if (impl) {
[impl dealloc];
impl = nullptr;
}
}
void IOSController::initialize(const Device* device, const Keys* keys) {
Q_ASSERT(!impl);
Q_UNUSED(device);
logger.debug() << "Initializing Swift Controller";
static bool creating = false;
// No nested creation!
Q_ASSERT(creating == false);
creating = true;
QByteArray key = QByteArray::fromBase64(keys->privateKey().toLocal8Bit());
impl = [[IOSControllerImpl alloc] initWithBundleID:@VPN_NE_BUNDLEID
privateKey:key.toNSData()
deviceIpv4Address:device->ipv4Address().toNSString()
deviceIpv6Address:device->ipv6Address().toNSString()
closure:^(ConnectionState state, NSDate* date) {
logger.debug() << "Creation completed with connection state:" << state;
creating = false;
switch (state) {
case ConnectionStateError: {
[impl dealloc];
impl = nullptr;
emit initialized(false, false, QDateTime());
return;
}
case ConnectionStateConnected: {
Q_ASSERT(date);
QDateTime qtDate(QDateTime::fromNSDate(date));
emit initialized(true, true, qtDate);
return;
}
case ConnectionStateDisconnected:
// Just in case we are connecting, let's call disconnect.
[impl disconnect];
emit initialized(true, false, QDateTime());
return;
}
}
callback:^(BOOL a_connected) {
logger.debug() << "State changed: " << a_connected;
if (a_connected) {
emit connected();
return;
}
emit disconnected();
}];
}
void IOSController::activate(const QList<Server>& serverList, const Device* device,
const Keys* keys, const QList<IPAddressRange>& allowedIPAddressRanges,
const QList<QString>& vpnDisabledApps, const QHostAddress& dnsServer,
Reason reason) {
Q_UNUSED(device);
Q_UNUSED(keys);
Q_ASSERT(serverList.length() == 1);
const Server& server = serverList[0];
// This feature is not supported on macos/ios yet.
Q_ASSERT(vpnDisabledApps.isEmpty());
logger.debug() << "IOSController activating" << server.hostname();
if (!impl) {
logger.error() << "Controller not correctly initialized";
emit disconnected();
return;
}
NSMutableArray<VPNIPAddressRange*>* allowedIPAddressRangesNS =
[NSMutableArray<VPNIPAddressRange*> arrayWithCapacity:allowedIPAddressRanges.length()];
for (const IPAddressRange& i : allowedIPAddressRanges) {
VPNIPAddressRange* range =
[[VPNIPAddressRange alloc] initWithAddress:i.ipAddress().toNSString()
networkPrefixLength:i.range()
isIpv6:i.type() == IPAddressRange::IPv6];
[allowedIPAddressRangesNS addObject:[range autorelease]];
}
[impl connectWithDnsServer:dnsServer.toString().toNSString()
serverIpv6Gateway:server.ipv6Gateway().toNSString()
serverPublicKey:server.publicKey().toNSString()
serverIpv4AddrIn:server.ipv4AddrIn().toNSString()
serverPort:server.choosePort()
allowedIPAddressRanges:allowedIPAddressRangesNS
ipv6Enabled:SettingsHolder::instance()->ipv6Enabled()
reason:reason
failureCallback:^() {
logger.error() << "IOSSWiftController - connection failed";
emit disconnected();
}];
}
void IOSController::deactivate(Reason reason) {
logger.debug() << "IOSController deactivated";
if (reason != ReasonNone) {
logger.debug() << "We do not need to disable the VPN for switching or connection check.";
emit disconnected();
return;
}
if (!impl) {
logger.error() << "Controller not correctly initialized";
emit disconnected();
return;
}
[impl disconnect];
}
void IOSController::checkStatus() {
logger.debug() << "Checking status";
if (m_checkingStatus) {
logger.warning() << "We are still waiting for the previous status.";
return;
}
if (!impl) {
logger.error() << "Controller not correctly initialized";
return;
}
m_checkingStatus = true;
[impl checkStatusWithCallback:^(NSString* serverIpv4Gateway, NSString* deviceIpv4Address,
NSString* configString) {
QString config = QString::fromNSString(configString);
m_checkingStatus = false;
if (config.isEmpty()) {
return;
}
uint64_t txBytes = 0;
uint64_t rxBytes = 0;
QStringList lines = config.split("\n");
for (const QString& line : lines) {
if (line.startsWith("tx_bytes=")) {
txBytes = line.split("=")[1].toULongLong();
} else if (line.startsWith("rx_bytes=")) {
rxBytes = line.split("=")[1].toULongLong();
}
if (txBytes && rxBytes) {
break;
}
}
logger.debug() << "ServerIpv4Gateway:" << QString::fromNSString(serverIpv4Gateway)
<< "DeviceIpv4Address:" << QString::fromNSString(deviceIpv4Address)
<< "RxBytes:" << rxBytes << "TxBytes:" << txBytes;
emit statusUpdated(QString::fromNSString(serverIpv4Gateway),
QString::fromNSString(deviceIpv4Address), txBytes, rxBytes);
}];
}
void IOSController::getBackendLogs(std::function<void(const QString&)>&& a_callback) {
std::function<void(const QString&)> callback = std::move(a_callback);
QString groupId(GROUP_ID);
NSURL* groupPath = [[NSFileManager defaultManager]
containerURLForSecurityApplicationGroupIdentifier:groupId.toNSString()];
NSURL* path = [groupPath URLByAppendingPathComponent:@"networkextension.log"];
QFile file(QString::fromNSString([path path]));
if (!file.open(QIODevice::ReadOnly)) {
callback("Network extension log file missing or unreadable.");
return;
}
QByteArray content = file.readAll();
callback(content);
}
void IOSController::cleanupBackendLogs() {
QString groupId(GROUP_ID);
NSURL* groupPath = [[NSFileManager defaultManager]
containerURLForSecurityApplicationGroupIdentifier:groupId.toNSString()];
NSURL* path = [groupPath URLByAppendingPathComponent:@"networkextension.log"];
QFile file(QString::fromNSString([path path]));
file.remove();
}

289
client/platforms/ios/ioscontroller.swift Normal file
View file

@ -0,0 +1,289 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
import Foundation
import NetworkExtension
let vpnName = "Mozilla VPN"
var vpnBundleID = "";
@objc class VPNIPAddressRange : NSObject {
public var address: NSString = ""
public var networkPrefixLength: UInt8 = 0
public var isIpv6: Bool = false
@objc init(address: NSString, networkPrefixLength: UInt8, isIpv6: Bool) {
super.init()
self.address = address
self.networkPrefixLength = networkPrefixLength
self.isIpv6 = isIpv6
}
}
public class IOSControllerImpl : NSObject {
private var tunnel: NETunnelProviderManager? = nil
private var stateChangeCallback: ((Bool) -> Void?)? = nil
private var privateKey : PrivateKey? = nil
private var deviceIpv4Address: String? = nil
private var deviceIpv6Address: String? = nil
@objc enum ConnectionState: Int { case Error, Connected, Disconnected }
@objc init(bundleID: String, privateKey: Data, deviceIpv4Address: String, deviceIpv6Address: String, closure: @escaping (ConnectionState, Date?) -> Void, callback: @escaping (Bool) -> Void) {
super.init()
Logger.configureGlobal(tagged: "APP", withFilePath: "")
vpnBundleID = bundleID;
precondition(!vpnBundleID.isEmpty)
stateChangeCallback = callback
self.privateKey = PrivateKey(rawValue: privateKey)
self.deviceIpv4Address = deviceIpv4Address
self.deviceIpv6Address = deviceIpv6Address
NotificationCenter.default.addObserver(self, selector: #selector(self.vpnStatusDidChange(notification:)), name: Notification.Name.NEVPNStatusDidChange, object: nil)
NETunnelProviderManager.loadAllFromPreferences { [weak self] managers, error in
if let error = error {
Logger.global?.log(message: "Loading from preference failed: \(error)")
closure(ConnectionState.Error, nil)
return
}
if self == nil {
Logger.global?.log(message: "We are shutting down.")
return
}
let nsManagers = managers ?? []
Logger.global?.log(message: "We have received \(nsManagers.count) managers.")
let tunnel = nsManagers.first(where: IOSControllerImpl.isOurManager(_:))
if tunnel == nil {
Logger.global?.log(message: "Creating the tunnel")
self!.tunnel = NETunnelProviderManager()
closure(ConnectionState.Disconnected, nil)
return
}
Logger.global?.log(message: "Tunnel already exists")
self!.tunnel = tunnel
if tunnel?.connection.status == .connected {
closure(ConnectionState.Connected, tunnel?.connection.connectedDate)
} else {
closure(ConnectionState.Disconnected, nil)
}
}
}
@objc private func vpnStatusDidChange(notification: Notification) {
guard let session = (notification.object as? NETunnelProviderSession), tunnel?.connection == session else { return }
switch session.status {
case .connected:
Logger.global?.log(message: "STATE CHANGED: connected")
case .connecting:
Logger.global?.log(message: "STATE CHANGED: connecting")
case .disconnected:
Logger.global?.log(message: "STATE CHANGED: disconnected")
case .disconnecting:
Logger.global?.log(message: "STATE CHANGED: disconnecting")
case .invalid:
Logger.global?.log(message: "STATE CHANGED: invalid")
case .reasserting:
Logger.global?.log(message: "STATE CHANGED: reasserting")
default:
Logger.global?.log(message: "STATE CHANGED: unknown status")
}
// We care about "unknown" state changes.
if (session.status != .connected && session.status != .disconnected) {
return
}
stateChangeCallback?(session.status == .connected)
}
private static func isOurManager(_ manager: NETunnelProviderManager) -> Bool {
guard
let proto = manager.protocolConfiguration,
let tunnelProto = proto as? NETunnelProviderProtocol
else {
Logger.global?.log(message: "Ignoring manager because the proto is invalid.")
return false
}
if (tunnelProto.providerBundleIdentifier == nil) {
Logger.global?.log(message: "Ignoring manager because the bundle identifier is null.")
return false
}
if (tunnelProto.providerBundleIdentifier != vpnBundleID) {
Logger.global?.log(message: "Ignoring manager because the bundle identifier doesn't match.")
return false;
}
Logger.global?.log(message: "Found the manager with the correct bundle identifier: \(tunnelProto.providerBundleIdentifier!)")
return true
}
@objc func connect(dnsServer: String, serverIpv6Gateway: String, serverPublicKey: String, serverIpv4AddrIn: String, serverPort: Int, allowedIPAddressRanges: Array<VPNIPAddressRange>, ipv6Enabled: Bool, reason: Int, failureCallback: @escaping () -> Void) {
Logger.global?.log(message: "Connecting")
assert(tunnel != nil)
// Let's remove the previous config if it exists.
(tunnel!.protocolConfiguration as? NETunnelProviderProtocol)?.destroyConfigurationReference()
let keyData = PublicKey(base64Key: serverPublicKey)!
let dnsServerIP = IPv4Address(dnsServer)
let ipv6GatewayIP = IPv6Address(serverIpv6Gateway)
var peerConfiguration = PeerConfiguration(publicKey: keyData)
peerConfiguration.endpoint = Endpoint(from: serverIpv4AddrIn + ":\(serverPort )")
peerConfiguration.allowedIPs = []
allowedIPAddressRanges.forEach {
if (!$0.isIpv6) {
peerConfiguration.allowedIPs.append(IPAddressRange(address: IPv4Address($0.address as String)!, networkPrefixLength: $0.networkPrefixLength))
} else if (ipv6Enabled) {
peerConfiguration.allowedIPs.append(IPAddressRange(address: IPv6Address($0.address as String)!, networkPrefixLength: $0.networkPrefixLength))
}
}
var peerConfigurations: [PeerConfiguration] = []
peerConfigurations.append(peerConfiguration)
var interface = InterfaceConfiguration(privateKey: privateKey!)
if let ipv4Address = IPAddressRange(from: deviceIpv4Address!),
let ipv6Address = IPAddressRange(from: deviceIpv6Address!) {
interface.addresses = [ipv4Address]
if (ipv6Enabled) {
interface.addresses.append(ipv6Address)
}
}
interface.dns = [ DNSServer(address: dnsServerIP!)]
if (ipv6Enabled) {
interface.dns.append(DNSServer(address: ipv6GatewayIP!))
}
let config = TunnelConfiguration(name: vpnName, interface: interface, peers: peerConfigurations)
self.configureTunnel(config: config, reason: reason, failureCallback: failureCallback)
}
func configureTunnel(config: TunnelConfiguration, reason: Int, failureCallback: @escaping () -> Void) {
let proto = NETunnelProviderProtocol(tunnelConfiguration: config)
proto!.providerBundleIdentifier = vpnBundleID
tunnel!.protocolConfiguration = proto
tunnel!.localizedDescription = vpnName
tunnel!.isEnabled = true
tunnel!.saveToPreferences { [unowned self] saveError in
if let error = saveError {
Logger.global?.log(message: "Connect Tunnel Save Error: \(error)")
failureCallback()
return
}
Logger.global?.log(message: "Saving the tunnel succeeded")
self.tunnel!.loadFromPreferences { error in
if let error = error {
Logger.global?.log(message: "Connect Tunnel Load Error: \(error)")
failureCallback()
return
}
Logger.global?.log(message: "Loading the tunnel succeeded")
do {
if (reason == 1 /* ReasonSwitching */) {
let settings = config.asWgQuickConfig()
let settingsData = settings.data(using: .utf8)!
try (self.tunnel!.connection as? NETunnelProviderSession)?
.sendProviderMessage(settingsData) { data in
guard let data = data,
let configString = String(data: data, encoding: .utf8)
else {
Logger.global?.log(message: "Failed to convert response to string")
return
}
}
} else {
try (self.tunnel!.connection as? NETunnelProviderSession)?.startTunnel()
}
} catch let error {
Logger.global?.log(message: "Something went wrong: \(error)")
failureCallback()
return
}
}
}
}
@objc func disconnect() {
Logger.global?.log(message: "Disconnecting")
assert(tunnel != nil)
(tunnel!.connection as? NETunnelProviderSession)?.stopTunnel()
}
@objc func checkStatus(callback: @escaping (String, String, String) -> Void) {
Logger.global?.log(message: "Check status")
assert(tunnel != nil)
let proto = tunnel!.protocolConfiguration as? NETunnelProviderProtocol
if proto == nil {
callback("", "", "")
return
}
let tunnelConfiguration = proto?.asTunnelConfiguration()
if tunnelConfiguration == nil {
callback("", "", "")
return
}
let serverIpv4Gateway = tunnelConfiguration?.interface.dns[0].address
if serverIpv4Gateway == nil {
callback("", "", "")
return
}
let deviceIpv4Address = tunnelConfiguration?.interface.addresses[0].address
if deviceIpv4Address == nil {
callback("", "", "")
return
}
guard let session = tunnel?.connection as? NETunnelProviderSession
else {
callback("", "", "")
return
}
do {
try session.sendProviderMessage(Data([UInt8(0)])) { [callback] data in
guard let data = data,
let configString = String(data: data, encoding: .utf8)
else {
Logger.global?.log(message: "Failed to convert data to string")
callback("", "", "")
return
}
callback("\(serverIpv4Gateway!)", "\(deviceIpv4Address!)", configString)
}
} catch {
Logger.global?.log(message: "Failed to retrieve data from session")
callback("", "", "")
}
}
}

15
client/platforms/ios/iosdatamigration.h Normal file
View file

@ -0,0 +1,15 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef IOSDATAMIGRATION_H
#define IOSDATAMIGRATION_H
#include <QString>
class IOSDataMigration final {
public:
static void migrate();
};
#endif // IOSDATAMIGRATION_H

172
client/platforms/ios/iosdatamigration.mm Normal file
View file

@ -0,0 +1,172 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "iosdatamigration.h"
#include "device.h"
#include "logger.h"
#include "mozillavpn.h"
#include "user.h"
#include <QByteArray>
#include <QJsonArray>
#include <QJsonDocument>
#include <QJsonObject>
#include <QJsonValue>
#import <Foundation/Foundation.h>
namespace {
Logger logger(LOG_IOS, "IOSDataMigration");
void migrateUserDefaultData() {
AmneziaVPN* vpn = AmneziaVPN::instance();
Q_ASSERT(vpn);
NSUserDefaults* sud = [NSUserDefaults standardUserDefaults];
if (!sud) {
return;
}
NSData* userData = [sud dataForKey:@"user"];
if (userData) {
QByteArray json = QByteArray::fromNSData(userData);
if (!json.isEmpty()) {
logger.debug() << "User data to be migrated";
vpn->accountChecked(json);
}
}
NSData* deviceData = [sud dataForKey:@"device"];
if (deviceData) {
QByteArray json = QByteArray::fromNSData(deviceData);
logger.debug() << "Device data to be migrated";
// Nothing has to be done here because the device data is part of the user data.
}
NSData* serversData = [sud dataForKey:@"vpnServers"];
if (serversData) {
QByteArray json = QByteArray::fromNSData(serversData);
if (!json.isEmpty()) {
logger.debug() << "Server list data to be migrated";
// We need to wrap the server list in a object to make it similar to the REST API response.
QJsonDocument serverList = QJsonDocument::fromJson(json);
if (!serverList.isArray()) {
logger.error() << "Server list should be an array!";
return;
}
QJsonObject countriesObj;
countriesObj.insert("countries", QJsonValue(serverList.array()));
QJsonDocument doc;
doc.setObject(countriesObj);
if (!vpn->setServerList(doc.toJson())) {
logger.error() << "Server list cannot be imported";
return;
}
}
}
NSData* selectedCityData = [sud dataForKey:@"selectedCity"];
if (selectedCityData) {
QByteArray json = QByteArray::fromNSData(selectedCityData);
logger.debug() << "SelectedCity data to be migrated" << json;
// Nothing has to be done here because the device data is part of the user data.
QJsonDocument doc = QJsonDocument::fromJson(json);
if (!doc.isObject()) {
logger.error() << "SelectedCity should be an object";
return;
}
QJsonObject obj = doc.object();
QJsonValue code = obj.value("flagCode");
if (!code.isString()) {
logger.error() << "SelectedCity code should be a string";
return;
}
QJsonValue name = obj.value("code");
if (!name.isString()) {
logger.error() << "SelectedCity name should be a string";
return;
}
ServerData serverData;
if (vpn->serverCountryModel()->pickIfExists(code.toString(), name.toString(), serverData)) {
logger.debug() << "ServerCity found";
serverData.writeSettings();
}
}
}
void migrateKeychainData() {
NSData* service = [@"org.mozilla.guardian.credentials" dataUsingEncoding:NSUTF8StringEncoding];
NSMutableDictionary* query = [[NSMutableDictionary alloc] init];
[query setObject:(id)kSecClassGenericPassword forKey:(id)kSecClass];
[query setObject:service forKey:(id)kSecAttrService];
[query setObject:(id)kCFBooleanTrue forKey:(id)kSecReturnData];
[query setObject:(id)kSecMatchLimitOne forKey:(id)kSecMatchLimit];
NSData* dataNS = NULL;
OSStatus status = SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef*)(void*)&dataNS);
[query release];
if (status != noErr) {
logger.error() << "No credentials found";
return;
}
QByteArray data = QByteArray::fromNSData(dataNS);
logger.debug() << "Credentials:" << logger.sensitive(data);
QJsonDocument json = QJsonDocument::fromJson(data);
if (!json.isObject()) {
logger.error() << "JSON object expected";
return;
}
QJsonObject obj = json.object();
QJsonValue deviceKeyValue = obj.value("deviceKeys");
if (!deviceKeyValue.isObject()) {
logger.error() << "JSON object should have a deviceKeys object";
return;
}
QJsonObject deviceKeyObj = deviceKeyValue.toObject();
QJsonValue publicKey = deviceKeyObj.value("publicKey");
if (!publicKey.isString()) {
logger.error() << "JSON deviceKey object should contain a publicKey value as string";
return;
}
QJsonValue privateKey = deviceKeyObj.value("privateKey");
if (!privateKey.isString()) {
logger.error() << "JSON deviceKey object should contain a privateKey value as string";
return;
}
QJsonValue token = obj.value("verificationToken");
if (!token.isString()) {
logger.error() << "JSON object should contain a verificationToken value s string";
return;
}
AmneziaVPN::instance()->deviceAdded(Device::currentDeviceName(), publicKey.toString(),
privateKey.toString());
AmneziaVPN::instance()->setToken(token.toString());
}
}
// static
void IOSDataMigration::migrate() {
logger.debug() << "IOS Data Migration";
migrateKeychainData();
migrateUserDefaultData();
}

249
client/platforms/ios/iosglue.mm Normal file
View file

@ -0,0 +1,249 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
// This file contains all the C functions needed by the Wireguard swift code.
#include <stdlib.h>
#include <string.h>
#ifndef NETWORK_EXTENSION
# include "logger.h"
#else
# import <Foundation/Foundation.h>
# import <os/log.h>
#endif
#define MAX_LOG_FILE_SIZE 204800
// Key base64/hex functions
// ------------------------
#define WG_KEY_LEN (32)
#define WG_KEY_LEN_BASE64 (45)
#define WG_KEY_LEN_HEX (65)
#define EXPORT __attribute__((visibility("default")))
extern "C" {
EXPORT void key_to_base64(char base64[WG_KEY_LEN_BASE64], const uint8_t key[WG_KEY_LEN]);
EXPORT bool key_from_base64(uint8_t key[WG_KEY_LEN], const char* base64);
EXPORT void key_to_hex(char hex[WG_KEY_LEN_HEX], const uint8_t key[WG_KEY_LEN]);
EXPORT bool key_from_hex(uint8_t key[WG_KEY_LEN], const char* hex);
EXPORT bool key_eq(const uint8_t key1[WG_KEY_LEN], const uint8_t key2[WG_KEY_LEN]);
EXPORT void write_msg_to_log(const char* tag, const char* msg);
}
EXPORT void key_to_base64(char base64[WG_KEY_LEN_BASE64], const uint8_t key[WG_KEY_LEN]) {
const char range[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
const char padchar = '=';
int padlen = 0;
char* out = base64;
const uint8_t* in = key;
for (int i = 0; i < WG_KEY_LEN;) {
int chunk = 0;
chunk |= int(in[i++]) << 16;
if (i == WG_KEY_LEN) {
padlen = 2;
} else {
chunk |= int(in[i++]) << 8;
if (i == WG_KEY_LEN) {
padlen = 1;
} else {
chunk |= int(in[i++]);
}
}
int j = (chunk & 0x00fc0000) >> 18;
int k = (chunk & 0x0003f000) >> 12;
int l = (chunk & 0x00000fc0) >> 6;
int m = (chunk & 0x0000003f);
*out++ = range[j];
*out++ = range[k];
if (padlen > 1) {
*out++ = padchar;
} else {
*out++ = range[l];
}
if (padlen > 0) {
*out++ = padchar;
} else {
*out++ = range[m];
}
}
base64[WG_KEY_LEN_BASE64 - 1] = 0;
}
EXPORT bool key_from_base64(uint8_t key[WG_KEY_LEN], const char* base64) {
if (strlen(base64) != WG_KEY_LEN_BASE64 - 1 || base64[WG_KEY_LEN_BASE64 - 2] != '=') {
return false;
}
unsigned int buf = 0;
int nbits = 0;
uint8_t* out = key;
int offset = 0;
for (int i = 0; i < WG_KEY_LEN_BASE64; ++i) {
int ch = base64[i];
int d;
if (ch >= 'A' && ch <= 'Z') {
d = ch - 'A';
} else if (ch >= 'a' && ch <= 'z') {
d = ch - 'a' + 26;
} else if (ch >= '0' && ch <= '9') {
d = ch - '0' + 52;
} else if (ch == '+') {
d = 62;
} else if (ch == '/') {
d = 63;
} else {
d = -1;
}
if (d != -1) {
buf = (buf << 6) | d;
nbits += 6;
if (nbits >= 8) {
nbits -= 8;
out[offset++] = buf >> nbits;
buf &= (1 << nbits) - 1;
}
}
}
return true;
}
inline char toHex(uint8_t value) { return "0123456789abcdef"[value & 0xF]; }
inline int fromHex(uint8_t c) {
return ((c >= '0') && (c <= '9'))
? int(c - '0')
: ((c >= 'A') && (c <= 'F')) ? int(c - 'A' + 10)
: ((c >= 'a') && (c <= 'f')) ? int(c - 'a' + 10) : -1;
}
EXPORT void key_to_hex(char hex[WG_KEY_LEN_HEX], const uint8_t key[WG_KEY_LEN]) {
char* hexData = hex;
const unsigned char* data = (const unsigned char*)key;
for (int i = 0, o = 0; i < WG_KEY_LEN; ++i) {
hexData[o++] = toHex(data[i] >> 4);
hexData[o++] = toHex(data[i] & 0xf);
}
hex[WG_KEY_LEN_HEX - 1] = 0;
}
EXPORT bool key_from_hex(uint8_t key[WG_KEY_LEN], const char* hex) {
if (strlen(hex) != WG_KEY_LEN_HEX - 1) {
return false;
}
bool odd_digit = true;
unsigned char* result = (unsigned char*)key + WG_KEY_LEN;
for (int i = WG_KEY_LEN_HEX - 1; i >= 0; --i) {
int tmp = fromHex((unsigned char)(hex[i]));
if (tmp == -1) {
continue;
}
if (odd_digit) {
--result;
*result = tmp;
odd_digit = false;
} else {
*result |= tmp << 4;
odd_digit = true;
}
}
return true;
}
EXPORT bool key_eq(const uint8_t key1[WG_KEY_LEN], const uint8_t key2[WG_KEY_LEN]) {
for (int i = 0; i < WG_KEY_LEN; i++) {
if (key1[i] != key2[i]) {
return false;
}
}
return true;
}
// Logging functions
// -----------------
#ifndef NETWORK_EXTENSION
namespace {
Logger logger(LOG_IOS, "IOSSGlue");
}
#endif
EXPORT void write_msg_to_log(const char* tag, const char* msg) {
#ifndef NETWORK_EXTENSION
logger.debug() << "Swift log - tag:" << tag << "msg: " << msg;
#else
os_log_with_type(OS_LOG_DEFAULT, OS_LOG_TYPE_DEBUG, "tag: %s - msg: %s", tag, msg);
@autoreleasepool {
NSString* groupId = [NSString stringWithUTF8String:GROUP_ID];
NSURL* groupPath =
[[NSFileManager defaultManager] containerURLForSecurityApplicationGroupIdentifier:groupId];
NSURL* pathUrl = [groupPath URLByAppendingPathComponent:@"networkextension.log"];
NSString* path = [pathUrl path];
if (![[NSFileManager defaultManager] fileExistsAtPath:path]) {
[[NSFileManager defaultManager] createFileAtPath:path contents:nil attributes:nil];
} else {
NSError* error = nil;
NSDictionary* fileAttributes = [[NSFileManager defaultManager] attributesOfItemAtPath:path
error:&error];
if (error) {
return;
}
NSNumber* fileSizeNumber = [fileAttributes objectForKey:NSFileSize];
long long fileSize = [fileSizeNumber longLongValue];
if (fileSize > MAX_LOG_FILE_SIZE) {
[[NSFileManager defaultManager] removeItemAtPath:path error:&error];
[[NSFileManager defaultManager] createFileAtPath:path contents:nil attributes:nil];
}
}
NSError* error = nil;
NSFileHandle* fh = [NSFileHandle fileHandleForWritingToURL:pathUrl error:&error];
if (!fh) {
return;
}
NSString* dateString = [NSDateFormatter localizedStringFromDate:[NSDate date]
dateStyle:NSDateFormatterShortStyle
timeStyle:NSDateFormatterFullStyle];
NSString* str = [NSString stringWithFormat:@" - %s\n", msg];
NSData* data =
[[dateString stringByAppendingString:str] dataUsingEncoding:NSUTF8StringEncoding];
@try {
[fh seekToEndOfFile];
[fh writeData:data];
} @catch (NSException* exception) {
}
[fh closeFile];
}
#endif
}

30
client/platforms/ios/iosiaphandler.h Normal file
View file

@ -0,0 +1,30 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef IOSIAPHANDLER_H
#define IOSIAPHANDLER_H
#include "iaphandler.h"
class IOSIAPHandler final : public IAPHandler {
Q_OBJECT
Q_DISABLE_COPY_MOVE(IOSIAPHandler)
public:
explicit IOSIAPHandler(QObject* parent);
~IOSIAPHandler();
public slots:
void productRegistered(void* product);
void processCompletedTransactions(const QStringList& ids);
protected:
void nativeRegisterProducts() override;
void nativeStartSubscription(Product* product) override;
private:
void* m_delegate = nullptr;
};
#endif // IOSIAPHANDLER_H

369
client/platforms/ios/iosiaphandler.mm Normal file
View file

@ -0,0 +1,369 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "platforms/ios/iosiaphandler.h"
#include "constants.h"
#include "iosutils.h"
#include "leakdetector.h"
#include "logger.h"
#include "mozillavpn.h"
#include "networkrequest.h"
#include "settingsholder.h"
#include <QCoreApplication>
#include <QJsonArray>
#include <QJsonDocument>
#include <QJsonObject>
#include <QJsonValue>
#include <QScopeGuard>
#import <Foundation/Foundation.h>
#import <StoreKit/StoreKit.h>
namespace {
Logger logger(LOG_IAP, "IOSIAPHandler");
} // namespace
@interface IOSIAPHandlerDelegate
: NSObject <SKRequestDelegate, SKProductsRequestDelegate, SKPaymentTransactionObserver> {
IOSIAPHandler* m_handler;
}
@end
@implementation IOSIAPHandlerDelegate
- (id)initWithObject:(IOSIAPHandler*)handler {
self = [super init];
if (self) {
m_handler = handler;
}
return self;
}
- (void)productsRequest:(nonnull SKProductsRequest*)request
didReceiveResponse:(nonnull SKProductsResponse*)response {
logger.debug() << "Registration completed";
if (response.invalidProductIdentifiers) {
NSArray<NSString*>* products = response.invalidProductIdentifiers;
logger.error() << "Registration failure" << [products count];
for (unsigned long i = 0, count = [products count]; i < count; ++i) {
NSString* identifier = [products objectAtIndex:i];
QMetaObject::invokeMethod(m_handler, "unknownProductRegistered", Qt::QueuedConnection,
Q_ARG(QString, QString::fromNSString(identifier)));
}
}
NSArray<SKProduct*>* products = response.products;
if (products) {
logger.debug() << "Products registered" << [products count];
for (unsigned long i = 0, count = [products count]; i < count; ++i) {
SKProduct* product = [[products objectAtIndex:i] retain];
QMetaObject::invokeMethod(m_handler, "productRegistered", Qt::QueuedConnection,
Q_ARG(void*, product));
}
}
QMetaObject::invokeMethod(m_handler, "productsRegistrationCompleted", Qt::QueuedConnection);
[request release];
}
- (void)paymentQueue:(nonnull SKPaymentQueue*)queue
updatedTransactions:(nonnull NSArray<SKPaymentTransaction*>*)transactions {
logger.debug() << "payment queue:" << [transactions count];
QStringList completedTransactionIds;
bool failedTransactions = false;
bool canceledTransactions = false;
bool completedTransactions = false;
for (SKPaymentTransaction* transaction in transactions) {
switch (transaction.transactionState) {
case SKPaymentTransactionStateFailed:
logger.error() << "transaction failed";
if (transaction.error.code == SKErrorPaymentCancelled) {
canceledTransactions = true;
} else {
failedTransactions = true;
}
break;
case SKPaymentTransactionStateRestored:
[[fallthrough]];
case SKPaymentTransactionStatePurchased: {
QString identifier = QString::fromNSString(transaction.transactionIdentifier);
QDateTime date = QDateTime::fromNSDate(transaction.transactionDate);
logger.debug() << "transaction purchased - identifier: " << identifier
<< "- date:" << date.toString();
if (transaction.transactionState == SKPaymentTransactionStateRestored) {
SKPaymentTransaction* originalTransaction = transaction.originalTransaction;
if (originalTransaction) {
QString originalIdentifier =
QString::fromNSString(originalTransaction.transactionIdentifier);
QDateTime originalDate = QDateTime::fromNSDate(originalTransaction.transactionDate);
logger.debug() << "original transaction identifier: " << originalIdentifier
<< "- date:" << originalDate.toString();
}
}
completedTransactions = true;
SettingsHolder* settingsHolder = SettingsHolder::instance();
if (settingsHolder->hasSubscriptionTransaction(identifier)) {
logger.warning() << "This transaction has already been processed. Let's ignore it.";
} else {
completedTransactionIds.append(identifier);
}
break;
}
case SKPaymentTransactionStatePurchasing:
logger.debug() << "transaction purchasing";
break;
case SKPaymentTransactionStateDeferred:
logger.debug() << "transaction deferred";
break;
default:
logger.warning() << "transaction unknwon state";
break;
}
}
if (!completedTransactions && !canceledTransactions && !failedTransactions) {
// Nothing completed, nothing restored, nothing failed. Just purchasing transactions.
return;
}
if (canceledTransactions) {
logger.debug() << "Subscription canceled";
QMetaObject::invokeMethod(m_handler, "stopSubscription", Qt::QueuedConnection);
QMetaObject::invokeMethod(m_handler, "subscriptionCanceled", Qt::QueuedConnection);
} else if (failedTransactions) {
logger.error() << "Subscription failed";
QMetaObject::invokeMethod(m_handler, "stopSubscription", Qt::QueuedConnection);
QMetaObject::invokeMethod(m_handler, "subscriptionCanceled", Qt::QueuedConnection);
} else if (completedTransactionIds.isEmpty()) {
Q_ASSERT(completedTransactions);
logger.debug() << "Subscription completed - but all the transactions are known";
QMetaObject::invokeMethod(m_handler, "stopSubscription", Qt::QueuedConnection);
QMetaObject::invokeMethod(m_handler, "subscriptionCanceled", Qt::QueuedConnection);
} else if (AmneziaVPN::instance()->userAuthenticated()) {
Q_ASSERT(completedTransactions);
logger.debug() << "Subscription completed. Let's start the validation";
QMetaObject::invokeMethod(m_handler, "processCompletedTransactions", Qt::QueuedConnection,
Q_ARG(QStringList, completedTransactionIds));
} else {
Q_ASSERT(completedTransactions);
logger.debug() << "Subscription completed - but the user is not authenticated yet";
QMetaObject::invokeMethod(m_handler, "stopSubscription", Qt::QueuedConnection);
QMetaObject::invokeMethod(m_handler, "subscriptionCanceled", Qt::QueuedConnection);
}
for (SKPaymentTransaction* transaction in transactions) {
switch (transaction.transactionState) {
case SKPaymentTransactionStateFailed:
[[fallthrough]];
case SKPaymentTransactionStateRestored:
[[fallthrough]];
case SKPaymentTransactionStatePurchased:
[queue finishTransaction:transaction];
break;
default:
break;
}
}
}
- (void)requestDidFinish:(SKRequest*)request {
logger.debug() << "Receipt refreshed correctly";
QMetaObject::invokeMethod(m_handler, "stopSubscription", Qt::QueuedConnection);
QMetaObject::invokeMethod(m_handler, "processCompletedTransactions", Qt::QueuedConnection,
Q_ARG(QStringList, QStringList()));
}
- (void)request:(SKRequest*)request didFailWithError:(NSError*)error {
logger.error() << "Failed to refresh the receipt"
<< QString::fromNSString(error.localizedDescription);
QMetaObject::invokeMethod(m_handler, "stopSubscription", Qt::QueuedConnection);
QMetaObject::invokeMethod(m_handler, "subscriptionFailed", Qt::QueuedConnection);
}
@end
IOSIAPHandler::IOSIAPHandler(QObject* parent) : IAPHandler(parent) {
MVPN_COUNT_CTOR(IOSIAPHandler);
m_delegate = [[IOSIAPHandlerDelegate alloc] initWithObject:this];
[[SKPaymentQueue defaultQueue]
addTransactionObserver:static_cast<IOSIAPHandlerDelegate*>(m_delegate)];
}
IOSIAPHandler::~IOSIAPHandler() {
MVPN_COUNT_DTOR(IOSIAPHandler);
IOSIAPHandlerDelegate* delegate = static_cast<IOSIAPHandlerDelegate*>(m_delegate);
[[SKPaymentQueue defaultQueue] removeTransactionObserver:delegate];
[delegate dealloc];
m_delegate = nullptr;
}
void IOSIAPHandler::nativeRegisterProducts() {
NSSet<NSString*>* productIdentifiers = [NSSet<NSString*> set];
for (const Product& product : m_products) {
productIdentifiers = [productIdentifiers setByAddingObject:product.m_name.toNSString()];
}
logger.debug() << "We are about to register" << [productIdentifiers count] << "products";
SKProductsRequest* productsRequest =
[[SKProductsRequest alloc] initWithProductIdentifiers:productIdentifiers];
IOSIAPHandlerDelegate* delegate = static_cast<IOSIAPHandlerDelegate*>(m_delegate);
productsRequest.delegate = delegate;
[productsRequest start];
}
void IOSIAPHandler::nativeStartSubscription(Product* product) {
Q_ASSERT(product->m_extra);
SKProduct* skProduct = static_cast<SKProduct*>(product->m_extra);
SKPayment* payment = [SKPayment paymentWithProduct:skProduct];
[[SKPaymentQueue defaultQueue] addPayment:payment];
}
void IOSIAPHandler::productRegistered(void* a_product) {
SKProduct* product = static_cast<SKProduct*>(a_product);
Q_ASSERT(m_productsRegistrationState == eRegistering);
logger.debug() << "Product registered";
NSString* nsProductIdentifier = [product productIdentifier];
QString productIdentifier = QString::fromNSString(nsProductIdentifier);
Product* productData = findProduct(productIdentifier);
Q_ASSERT(productData);
logger.debug() << "Id:" << productIdentifier;
logger.debug() << "Title:" << QString::fromNSString([product localizedTitle]);
logger.debug() << "Description:" << QString::fromNSString([product localizedDescription]);
QString priceValue;
{
NSNumberFormatter* numberFormatter = [[NSNumberFormatter alloc] init];
[numberFormatter setFormatterBehavior:NSNumberFormatterBehavior10_4];
[numberFormatter setNumberStyle:(NSNumberFormatterStyle)NSNumberFormatterCurrencyStyle];
[numberFormatter setLocale:product.priceLocale];
NSString* price = [numberFormatter stringFromNumber:product.price];
priceValue = QString::fromNSString(price);
[numberFormatter release];
}
logger.debug() << "Price:" << priceValue;
QString monthlyPriceValue;
NSDecimalNumber* monthlyPriceNS = nullptr;
{
NSNumberFormatter* numberFormatter = [[NSNumberFormatter alloc] init];
[numberFormatter setFormatterBehavior:NSNumberFormatterBehavior10_4];
[numberFormatter setNumberStyle:(NSNumberFormatterStyle)NSNumberFormatterCurrencyStyle];
[numberFormatter setLocale:product.priceLocale];
int32_t mounthCount = productTypeToMonthCount(productData->m_type);
Q_ASSERT(mounthCount >= 1);
if (mounthCount == 1) {
monthlyPriceNS = product.price;
} else {
NSDecimalNumber* divider = [[NSDecimalNumber alloc] initWithDouble:(double)mounthCount];
monthlyPriceNS = [product.price decimalNumberByDividingBy:divider];
[divider release];
}
NSString* price = [numberFormatter stringFromNumber:monthlyPriceNS];
monthlyPriceValue = QString::fromNSString(price);
[numberFormatter release];
}
logger.debug() << "Monthly Price:" << monthlyPriceValue;
productData->m_price = priceValue;
productData->m_monthlyPrice = monthlyPriceValue;
productData->m_nonLocalizedMonthlyPrice = [monthlyPriceNS doubleValue];
productData->m_extra = product;
}
void IOSIAPHandler::processCompletedTransactions(const QStringList& ids) {
logger.debug() << "process completed transactions";
if (m_subscriptionState != eActive) {
logger.warning() << "Random transaction to be completed. Let's ignore it";
return;
}
QString receipt = IOSUtils::IAPReceipt();
if (receipt.isEmpty()) {
logger.warning() << "Empty receipt found";
emit subscriptionFailed();
return;
}
NetworkRequest* request = NetworkRequest::createForIOSPurchase(this, receipt);
connect(request, &NetworkRequest::requestFailed,
[this](QNetworkReply::NetworkError error, const QByteArray& data) {
logger.error() << "Purchase request failed" << error;
if (m_subscriptionState != eActive) {
logger.warning() << "We have been canceled in the meantime";
return;
}
stopSubscription();
QJsonDocument json = QJsonDocument::fromJson(data);
if (!json.isObject()) {
AmneziaVPN::instance()->errorHandle(ErrorHandler::toErrorType(error));
emit subscriptionFailed();
return;
}
QJsonObject obj = json.object();
QJsonValue errorValue = obj.value("errno");
if (!errorValue.isDouble()) {
AmneziaVPN::instance()->errorHandle(ErrorHandler::toErrorType(error));
emit subscriptionFailed();
return;
}
int errorNumber = errorValue.toInt();
if (errorNumber != 145) {
AmneziaVPN::instance()->errorHandle(ErrorHandler::toErrorType(error));
emit subscriptionFailed();
return;
}
emit alreadySubscribed();
});
connect(request, &NetworkRequest::requestCompleted, [this, ids](const QByteArray&) {
logger.debug() << "Purchase request completed";
SettingsHolder::instance()->addSubscriptionTransactions(ids);
if (m_subscriptionState != eActive) {
logger.warning() << "We have been canceled in the meantime";
return;
}
stopSubscription();
emit subscriptionCompleted();
});
}

53
client/platforms/ios/ioslogger.swift Normal file
View file

@ -0,0 +1,53 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
import Foundation
import os.log
public class Logger {
static var global: Logger?
var tag: String
init(tagged tag: String) {
self.tag = tag
}
deinit {}
func log(message: String) {
write_msg_to_log(tag, message.trimmingCharacters(in: .newlines))
}
func writeLog(to targetFile: String) -> Bool {
return true;
}
static func configureGlobal(tagged tag: String, withFilePath filePath: String?) {
if Logger.global != nil {
return
}
Logger.global = Logger(tagged: tag)
var appVersion = Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String ?? "Unknown version"
if let appBuild = Bundle.main.infoDictionary?["CFBundleVersion"] as? String {
appVersion += " (\(appBuild))"
}
let goBackendVersion = WIREGUARD_GO_VERSION
Logger.global?.log(message: "App version: \(appVersion); Go backend version: \(goBackendVersion)")
}
}
func wg_log(_ type: OSLogType, staticMessage msg: StaticString) {
os_log(msg, log: OSLog.default, type: type)
Logger.global?.log(message: "\(msg)")
}
func wg_log(_ type: OSLogType, message msg: String) {
os_log("%{public}s", log: OSLog.default, type: type, msg)
Logger.global?.log(message: msg)
}

27
client/platforms/ios/iosnotificationhandler.h Normal file
View file

@ -0,0 +1,27 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef IOSNOTIFICATIONHANDLER_H
#define IOSNOTIFICATIONHANDLER_H
#include "notificationhandler.h"
#include <QObject>
class IOSNotificationHandler final : public NotificationHandler {
Q_DISABLE_COPY_MOVE(IOSNotificationHandler)
public:
IOSNotificationHandler(QObject* parent);
~IOSNotificationHandler();
protected:
void notify(const QString& title, const QString& message,
int timerSec) override;
private:
void* m_delegate = nullptr;
};
#endif // IOSNOTIFICATIONHANDLER_H

87
client/platforms/ios/iosnotificationhandler.mm Normal file
View file

@ -0,0 +1,87 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "platforms/ios/iosnotificationhandler.h"
#include "leakdetector.h"
#import <UserNotifications/UserNotifications.h>
#import <Foundation/Foundation.h>
#import <UIKit/UIKit.h>
@interface IOSNotificationDelegate
: UIResponder <UIApplicationDelegate, UNUserNotificationCenterDelegate> {
IOSNotificationHandler* m_iosNotificationHandler;
}
@end
@implementation IOSNotificationDelegate
- (id)initWithObject:(IOSNotificationHandler*)notification {
self = [super init];
if (self) {
m_iosNotificationHandler = notification;
}
return self;
}
- (void)userNotificationCenter:(UNUserNotificationCenter*)center
willPresentNotification:(UNNotification*)notification
withCompletionHandler:
(void (^)(UNNotificationPresentationOptions options))completionHandler {
Q_UNUSED(center)
completionHandler(UNNotificationPresentationOptionAlert);
}
- (void)userNotificationCenter:(UNUserNotificationCenter*)center
didReceiveNotificationResponse:(UNNotificationResponse*)response
withCompletionHandler:(void (^)())completionHandler {
Q_UNUSED(center)
Q_UNUSED(response)
completionHandler();
}
@end
IOSNotificationHandler::IOSNotificationHandler(QObject* parent) : NotificationHandler(parent) {
MVPN_COUNT_CTOR(IOSNotificationHandler);
UNUserNotificationCenter* center = [UNUserNotificationCenter currentNotificationCenter];
[center requestAuthorizationWithOptions:(UNAuthorizationOptionSound | UNAuthorizationOptionAlert |
UNAuthorizationOptionBadge)
completionHandler:^(BOOL granted, NSError* _Nullable error) {
Q_UNUSED(granted);
if (!error) {
m_delegate = [[IOSNotificationDelegate alloc] initWithObject:this];
}
}];
}
IOSNotificationHandler::~IOSNotificationHandler() { MVPN_COUNT_DTOR(IOSNotificationHandler); }
void IOSNotificationHandler::notify(const QString& title, const QString& message, int timerSec) {
if (!m_delegate) {
return;
}
UNMutableNotificationContent* content = [[UNMutableNotificationContent alloc] init];
content.title = title.toNSString();
content.body = message.toNSString();
content.sound = [UNNotificationSound defaultSound];
UNTimeIntervalNotificationTrigger* trigger =
[UNTimeIntervalNotificationTrigger triggerWithTimeInterval:timerSec repeats:NO];
UNNotificationRequest* request = [UNNotificationRequest requestWithIdentifier:@"mozillavpn"
content:content
trigger:trigger];
UNUserNotificationCenter* center = [UNUserNotificationCenter currentNotificationCenter];
center.delegate = id(m_delegate);
[center addNotificationRequest:request
withCompletionHandler:^(NSError* _Nullable error) {
if (error) {
NSLog(@"Local Notification failed");
}
}];
}

147
client/platforms/ios/iostunnel.swift Normal file
View file

@ -0,0 +1,147 @@
// SPDX-License-Identifier: MIT
// Copyright © 2018-2020 WireGuard LLC. All Rights Reserved.
import Foundation
import NetworkExtension
import os
class PacketTunnelProvider: NEPacketTunnelProvider {
private lazy var adapter: WireGuardAdapter = {
return WireGuardAdapter(with: self) { logLevel, message in
wg_log(logLevel.osLogLevel, message: message)
}
}()
override func startTunnel(options: [String: NSObject]?, completionHandler: @escaping (Error?) -> Void) {
let activationAttemptId = options?["activationAttemptId"] as? String
let errorNotifier = ErrorNotifier(activationAttemptId: activationAttemptId)
Logger.configureGlobal(tagged: "NET", withFilePath: FileManager.logFileURL?.path)
wg_log(.info, message: "Starting tunnel from the " + (activationAttemptId == nil ? "OS directly, rather than the app" : "app"))
guard let tunnelProviderProtocol = self.protocolConfiguration as? NETunnelProviderProtocol,
let tunnelConfiguration = tunnelProviderProtocol.asTunnelConfiguration() else {
errorNotifier.notify(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid)
completionHandler(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid)
return
}
// Start the tunnel
adapter.start(tunnelConfiguration: tunnelConfiguration) { adapterError in
guard let adapterError = adapterError else {
let interfaceName = self.adapter.interfaceName ?? "unknown"
wg_log(.info, message: "Tunnel interface is \(interfaceName)")
completionHandler(nil)
return
}
switch adapterError {
case .cannotLocateTunnelFileDescriptor:
wg_log(.error, staticMessage: "Starting tunnel failed: could not determine file descriptor")
errorNotifier.notify(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
completionHandler(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
case .dnsResolution(let dnsErrors):
let hostnamesWithDnsResolutionFailure = dnsErrors.map { $0.address }
.joined(separator: ", ")
wg_log(.error, message: "DNS resolution failed for the following hostnames: \(hostnamesWithDnsResolutionFailure)")
errorNotifier.notify(PacketTunnelProviderError.dnsResolutionFailure)
completionHandler(PacketTunnelProviderError.dnsResolutionFailure)
case .setNetworkSettings(let error):
wg_log(.error, message: "Starting tunnel failed with setTunnelNetworkSettings returning \(error.localizedDescription)")
errorNotifier.notify(PacketTunnelProviderError.couldNotSetNetworkSettings)
completionHandler(PacketTunnelProviderError.couldNotSetNetworkSettings)
case .startWireGuardBackend(let errorCode):
wg_log(.error, message: "Starting tunnel failed with wgTurnOn returning \(errorCode)")
errorNotifier.notify(PacketTunnelProviderError.couldNotStartBackend)
completionHandler(PacketTunnelProviderError.couldNotStartBackend)
case .invalidState:
// Must never happen
fatalError()
}
}
}
override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
wg_log(.info, staticMessage: "Stopping tunnel")
adapter.stop { error in
ErrorNotifier.removeLastErrorFile()
if let error = error {
wg_log(.error, message: "Failed to stop WireGuard adapter: \(error.localizedDescription)")
}
completionHandler()
#if os(macOS)
// HACK: This is a filthy hack to work around Apple bug 32073323 (dup'd by us as 47526107).
// Remove it when they finally fix this upstream and the fix has been rolled out to
// sufficient quantities of users.
exit(0)
#endif
}
}
override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
guard let completionHandler = completionHandler else { return }
if messageData.count == 1 && messageData[0] == 0 {
adapter.getRuntimeConfiguration { settings in
var data: Data?
if let settings = settings {
data = settings.data(using: .utf8)!
}
completionHandler(data)
}
} else if messageData.count >= 1 {
// Updates the tunnel configuration and responds with the active configuration
wg_log(.info, message: "Switching tunnel configuration")
guard let configString = String(data: messageData, encoding: .utf8)
else {
completionHandler(nil)
return
}
do {
let tunnelConfiguration = try TunnelConfiguration(fromWgQuickConfig: configString)
adapter.update(tunnelConfiguration: tunnelConfiguration) { error in
if let error = error {
wg_log(.error, message: "Failed to switch tunnel configuration: \(error.localizedDescription)")
completionHandler(nil)
return
}
self.adapter.getRuntimeConfiguration { settings in
var data: Data?
if let settings = settings {
data = settings.data(using: .utf8)!
}
completionHandler(data)
}
}
} catch {
completionHandler(nil)
}
} else {
completionHandler(nil)
}
}
}
extension WireGuardLogLevel {
var osLogLevel: OSLogType {
switch self {
case .verbose:
return .debug
case .error:
return .error
}
}
}

17
client/platforms/ios/iosutils.h Normal file
View file

@ -0,0 +1,17 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef IOSUTILS_H
#define IOSUTILS_H
#include <QString>
class IOSUtils final {
public:
static QString computerName();
static QString IAPReceipt();
};
#endif // IOSUTILS_H

63
client/platforms/ios/iosutils.mm Normal file
View file

@ -0,0 +1,63 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "iosutils.h"
#include "logger.h"
#include <QDateTime>
#include <QString>
#import <UIKit/UIKit.h>
namespace {
Logger logger(LOG_IOS, "IOSUtils");
}
// static
QString IOSUtils::computerName() {
NSString* name = [[UIDevice currentDevice] name];
return QString::fromNSString(name);
}
// static
QString IOSUtils::IAPReceipt() {
logger.debug() << "Retrieving IAP receipt";
NSURL* receiptURL = [[NSBundle mainBundle] appStoreReceiptURL];
NSData* receipt = [NSData dataWithContentsOfURL:receiptURL];
// All the following is for debug only.
NSString* path = [receiptURL path];
Q_ASSERT(path);
logger.debug() << "Receipt URL:" << QString::fromNSString(path);
NSFileManager* fileManager = [NSFileManager defaultManager];
Q_ASSERT(fileManager);
NSDictionary* fileAttributes = [fileManager attributesOfItemAtPath:path error:NULL];
if (fileAttributes) {
NSNumber* fileSize = [fileAttributes objectForKey:NSFileSize];
if (fileSize) {
logger.debug() << "File size:" << [fileSize unsignedLongLongValue];
}
NSString* fileOwner = [fileAttributes objectForKey:NSFileOwnerAccountName];
if (fileOwner) {
logger.debug() << "Owner:" << QString::fromNSString(fileOwner);
}
NSDate* fileModDate = [fileAttributes objectForKey:NSFileModificationDate];
if (fileModDate) {
logger.debug() << "Modification date:" << QDateTime::fromNSDate(fileModDate).toString();
}
}
if (!receipt) {
return QString();
}
NSString* encodedReceipt = [receipt base64EncodedStringWithOptions:0];
return QString::fromNSString(encodedReceipt);
}

222
client/platforms/macos/daemon/dnsutilsmacos.cpp Normal file
View file

@ -0,0 +1,222 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "dnsutilsmacos.h"
#include "leakdetector.h"
#include "logger.h"
#include <QScopeGuard>
#include <systemconfiguration/scpreferences.h>
#include <systemconfiguration/scdynamicstore.h>
namespace {
Logger logger(LOG_MACOS, "DnsUtilsMacos");
}
DnsUtilsMacos::DnsUtilsMacos(QObject* parent) : DnsUtils(parent) {
MVPN_COUNT_CTOR(DnsUtilsMacos);
m_scStore = SCDynamicStoreCreate(kCFAllocatorSystemDefault,
CFSTR("mozillavpn"), nullptr, nullptr);
if (m_scStore == nullptr) {
logger.error() << "Failed to create system configuration store ref";
}
logger.debug() << "DnsUtilsMacos created.";
}
DnsUtilsMacos::~DnsUtilsMacos() {
MVPN_COUNT_DTOR(DnsUtilsMacos);
restoreResolvers();
logger.debug() << "DnsUtilsMacos destroyed.";
}
static QString cfParseString(CFTypeRef ref) {
if (CFGetTypeID(ref) != CFStringGetTypeID()) {
return QString();
}
CFStringRef stringref = (CFStringRef)ref;
CFRange range;
range.location = 0;
range.length = CFStringGetLength(stringref);
if (range.length <= 0) {
return QString();
}
UniChar* buf = (UniChar*)malloc(range.length * sizeof(UniChar));
if (!buf) {
return QString();
}
auto guard = qScopeGuard([&] { free(buf); });
CFStringGetCharacters(stringref, range, buf);
return QString::fromUtf16(buf, range.length);
}
static QStringList cfParseStringList(CFTypeRef ref) {
if (CFGetTypeID(ref) != CFArrayGetTypeID()) {
return QStringList();
}
CFArrayRef array = (CFArrayRef)ref;
QStringList result;
for (CFIndex i = 0; i < CFArrayGetCount(array); i++) {
CFTypeRef value = CFArrayGetValueAtIndex(array, i);
result.append(cfParseString(value));
}
return result;
}
static void cfDictSetString(CFMutableDictionaryRef dict, CFStringRef name,
const QString& value) {
if (value.isNull()) {
return;
}
CFStringRef cfValue = CFStringCreateWithCString(
kCFAllocatorSystemDefault, qUtf8Printable(value), kCFStringEncodingUTF8);
CFDictionarySetValue(dict, name, cfValue);
CFRelease(cfValue);
}
static void cfDictSetStringList(CFMutableDictionaryRef dict, CFStringRef name,
const QStringList& valueList) {
if (valueList.isEmpty()) {
return;
}
CFMutableArrayRef array;
array = CFArrayCreateMutable(kCFAllocatorSystemDefault, 0,
&kCFTypeArrayCallBacks);
if (array == nullptr) {
return;
}
for (const QString& rstring : valueList) {
CFStringRef cfAddr = CFStringCreateWithCString(kCFAllocatorSystemDefault,
qUtf8Printable(rstring),
kCFStringEncodingUTF8);
CFArrayAppendValue(array, cfAddr);
CFRelease(cfAddr);
}
CFDictionarySetValue(dict, name, array);
CFRelease(array);
}
bool DnsUtilsMacos::updateResolvers(const QString& ifname,
const QList<QHostAddress>& resolvers) {
Q_UNUSED(ifname);
// Get the list of current network services.
CFArrayRef netServices = SCDynamicStoreCopyKeyList(
m_scStore, CFSTR("Setup:/Network/Service/[0-9A-F-]+"));
if (netServices == nullptr) {
return false;
}
auto serviceGuard = qScopeGuard([&] { CFRelease(netServices); });
// Prepare the DNS configuration.
CFMutableDictionaryRef dnsConfig = CFDictionaryCreateMutable(
kCFAllocatorSystemDefault, 0, &kCFCopyStringDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
auto configGuard = qScopeGuard([&] { CFRelease(dnsConfig); });
QStringList list;
for (const QHostAddress& addr : resolvers) {
list.append(addr.toString());
}
cfDictSetStringList(dnsConfig, kSCPropNetDNSServerAddresses, list);
cfDictSetString(dnsConfig, kSCPropNetDNSDomainName, "lan");
// Backup each network service's DNS config, and replace it with ours.
for (CFIndex i = 0; i < CFArrayGetCount(netServices); i++) {
QString service = cfParseString(CFArrayGetValueAtIndex(netServices, i));
QString uuid = service.section('/', 3, 3);
if (uuid.isEmpty()) {
continue;
}
backupService(uuid);
logger.debug() << "Setting DNS config for" << uuid;
CFStringRef dnsPath = CFStringCreateWithFormat(
kCFAllocatorSystemDefault, nullptr,
CFSTR("Setup:/Network/Service/%s/DNS"), qPrintable(uuid));
if (!dnsPath) {
continue;
}
SCDynamicStoreSetValue(m_scStore, dnsPath, dnsConfig);
CFRelease(dnsPath);
}
return true;
}
bool DnsUtilsMacos::restoreResolvers() {
for (const QString& uuid : m_prevServices.keys()) {
CFStringRef path = CFStringCreateWithFormat(
kCFAllocatorSystemDefault, nullptr,
CFSTR("Setup:/Network/Service/%s/DNS"), qPrintable(uuid));
logger.debug() << "Restoring DNS config for" << uuid;
const DnsBackup& backup = m_prevServices[uuid];
if (backup.isValid()) {
CFMutableDictionaryRef config;
config = CFDictionaryCreateMutable(kCFAllocatorSystemDefault, 0,
&kCFCopyStringDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
cfDictSetString(config, kSCPropNetDNSDomainName, backup.m_domain);
cfDictSetStringList(config, kSCPropNetDNSSearchDomains, backup.m_search);
cfDictSetStringList(config, kSCPropNetDNSServerAddresses,
backup.m_servers);
cfDictSetStringList(config, kSCPropNetDNSSortList, backup.m_sortlist);
SCDynamicStoreSetValue(m_scStore, path, config);
CFRelease(config);
} else {
SCDynamicStoreRemoveValue(m_scStore, path);
}
CFRelease(path);
}
m_prevServices.clear();
return true;
}
void DnsUtilsMacos::backupService(const QString& uuid) {
DnsBackup backup;
CFStringRef path = CFStringCreateWithFormat(
kCFAllocatorSystemDefault, nullptr,
CFSTR("Setup:/Network/Service/%s/DNS"), qPrintable(uuid));
CFDictionaryRef config =
(CFDictionaryRef)SCDynamicStoreCopyValue(m_scStore, path);
auto serviceGuard = qScopeGuard([&] {
if (config) {
CFRelease(config);
}
CFRelease(path);
});
// Parse the DNS protocol entry and save it for later.
if (config) {
CFTypeRef value;
value = CFDictionaryGetValue(config, kSCPropNetDNSDomainName);
if (value) {
backup.m_domain = cfParseString(value);
}
value = CFDictionaryGetValue(config, kSCPropNetDNSServerAddresses);
if (value) {
backup.m_servers = cfParseStringList(value);
}
value = CFDictionaryGetValue(config, kSCPropNetDNSSearchDomains);
if (value) {
backup.m_search = cfParseStringList(value);
}
value = CFDictionaryGetValue(config, kSCPropNetDNSSortList);
if (value) {
backup.m_sortlist = cfParseStringList(value);
}
}
m_prevServices[uuid] = backup;
}

51
client/platforms/macos/daemon/dnsutilsmacos.h Normal file
View file

@ -0,0 +1,51 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef DNSUTILSMACOS_H
#define DNSUTILSMACOS_H
#include "dnsutils.h"
#include <QHostAddress>
#include <QMap>
#include <QString>
#include <systemconfiguration/scdynamicstore.h>
#include <systemconfiguration/systemconfiguration.h>
class DnsUtilsMacos final : public DnsUtils {
Q_OBJECT
Q_DISABLE_COPY_MOVE(DnsUtilsMacos)
public:
explicit DnsUtilsMacos(QObject* parent);
virtual ~DnsUtilsMacos();
bool updateResolvers(const QString& ifname,
const QList<QHostAddress>& resolvers) override;
bool restoreResolvers() override;
private:
void backupResolvers();
void backupService(const QString& uuid);
private:
class DnsBackup {
public:
DnsBackup() {}
bool isValid() const {
return !m_domain.isEmpty() || !m_search.isEmpty() ||
!m_servers.isEmpty() || !m_sortlist.isEmpty();
}
QString m_domain;
QStringList m_search;
QStringList m_servers;
QStringList m_sortlist;
};
SCDynamicStoreRef m_scStore = nullptr;
QMap<QString, DnsBackup> m_prevServices;
};
#endif // DNSUTILSMACOS_H

180
client/platforms/macos/daemon/iputilsmacos.cpp Normal file
View file

@ -0,0 +1,180 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "iputilsmacos.h"
#include "leakdetector.h"
#include "logger.h"
#include "macosdaemon.h"
#include "daemon/wireguardutils.h"
#include <QHostAddress>
#include <QScopeGuard>
#include <arpa/inet.h>
#include <net/if.h>
#include <net/if_var.h>
#include <netinet/in.h>
#include <netinet/in_var.h>
#include <sys/ioctl.h>
#include <unistd.h>
constexpr uint32_t ETH_MTU = 1500;
constexpr uint32_t WG_MTU_OVERHEAD = 80;
namespace {
Logger logger(LOG_MACOS, "IPUtilsMacos");
}
IPUtilsMacos::IPUtilsMacos(QObject* parent) : IPUtils(parent) {
MVPN_COUNT_CTOR(IPUtilsMacos);
logger.debug() << "IPUtilsMacos created.";
}
IPUtilsMacos::~IPUtilsMacos() {
MVPN_COUNT_DTOR(IPUtilsMacos);
logger.debug() << "IPUtilsMacos destroyed.";
}
bool IPUtilsMacos::addInterfaceIPs(const InterfaceConfig& config) {
if (!addIP4AddressToDevice(config)) {
return false;
}
if (config.m_ipv6Enabled) {
if (!addIP6AddressToDevice(config)) {
return false;
}
}
return true;
}
bool IPUtilsMacos::setMTUAndUp(const InterfaceConfig& config) {
Q_UNUSED(config);
QString ifname = MacOSDaemon::instance()->m_wgutils->interfaceName();
struct ifreq ifr;
// Create socket file descriptor to perform the ioctl operations on
int sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP);
if (sockfd < 0) {
logger.error() << "Failed to create ioctl socket.";
return false;
}
auto guard = qScopeGuard([&] { close(sockfd); });
// MTU
strncpy(ifr.ifr_name, qPrintable(ifname), IFNAMSIZ);
ifr.ifr_mtu = ETH_MTU - WG_MTU_OVERHEAD;
int ret = ioctl(sockfd, SIOCSIFMTU, &ifr);
if (ret) {
logger.error() << "Failed to set MTU:" << strerror(errno);
return false;
}
// Get the interface flags
strncpy(ifr.ifr_name, qPrintable(ifname), IFNAMSIZ);
ret = ioctl(sockfd, SIOCGIFFLAGS, &ifr);
if (ret) {
logger.error() << "Failed to get interface flags:" << strerror(errno);
return false;
}
// Up
ifr.ifr_flags |= (IFF_UP | IFF_RUNNING);
ret = ioctl(sockfd, SIOCSIFFLAGS, &ifr);
if (ret) {
logger.error() << "Failed to set device up:" << strerror(errno);
return false;
}
return true;
}
bool IPUtilsMacos::addIP4AddressToDevice(const InterfaceConfig& config) {
Q_UNUSED(config);
QString ifname = MacOSDaemon::instance()->m_wgutils->interfaceName();
struct ifaliasreq ifr;
struct sockaddr_in* ifrAddr = (struct sockaddr_in*)&ifr.ifra_addr;
struct sockaddr_in* ifrMask = (struct sockaddr_in*)&ifr.ifra_mask;
struct sockaddr_in* ifrBcast = (struct sockaddr_in*)&ifr.ifra_broadaddr;
// Name the interface and set family
memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifra_name, qPrintable(ifname), IFNAMSIZ);
// Get the device address to add to interface
QPair<QHostAddress, int> parsedAddr =
QHostAddress::parseSubnet(config.m_deviceIpv4Address);
QByteArray _deviceAddr = parsedAddr.first.toString().toLocal8Bit();
char* deviceAddr = _deviceAddr.data();
ifrAddr->sin_family = AF_INET;
ifrAddr->sin_len = sizeof(struct sockaddr_in);
inet_pton(AF_INET, deviceAddr, &ifrAddr->sin_addr);
// Set the netmask to /32
ifrMask->sin_family = AF_INET;
ifrMask->sin_len = sizeof(struct sockaddr_in);
memset(&ifrMask->sin_addr, 0xff, sizeof(ifrMask->sin_addr));
// Set the broadcast address.
ifrBcast->sin_family = AF_INET;
ifrBcast->sin_len = sizeof(struct sockaddr_in);
ifrBcast->sin_addr.s_addr =
(ifrAddr->sin_addr.s_addr | ~ifrMask->sin_addr.s_addr);
// Create an IPv4 socket to perform the ioctl operations on
int sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP);
if (sockfd < 0) {
logger.error() << "Failed to create ioctl socket.";
return false;
}
auto guard = qScopeGuard([&] { close(sockfd); });
// Set ifr to interface
int ret = ioctl(sockfd, SIOCAIFADDR, &ifr);
if (ret) {
logger.error() << "Failed to set IPv4: " << deviceAddr
<< "error:" << strerror(errno);
return false;
}
return true;
}
bool IPUtilsMacos::addIP6AddressToDevice(const InterfaceConfig& config) {
Q_UNUSED(config);
QString ifname = MacOSDaemon::instance()->m_wgutils->interfaceName();
struct in6_aliasreq ifr6;
// Name the interface and set family
memset(&ifr6, 0, sizeof(ifr6));
strncpy(ifr6.ifra_name, qPrintable(ifname), IFNAMSIZ);
ifr6.ifra_addr.sin6_family = AF_INET6;
ifr6.ifra_addr.sin6_len = sizeof(ifr6.ifra_addr);
ifr6.ifra_lifetime.ia6t_vltime = ifr6.ifra_lifetime.ia6t_pltime = 0xffffffff;
ifr6.ifra_prefixmask.sin6_family = AF_INET6;
ifr6.ifra_prefixmask.sin6_len = sizeof(ifr6.ifra_prefixmask);
memset(&ifr6.ifra_prefixmask.sin6_addr, 0xff, sizeof(struct in6_addr));
// Get the device address to add to interface
QPair<QHostAddress, int> parsedAddr =
QHostAddress::parseSubnet(config.m_deviceIpv6Address);
QByteArray _deviceAddr = parsedAddr.first.toString().toLocal8Bit();
char* deviceAddr = _deviceAddr.data();
inet_pton(AF_INET6, deviceAddr, &ifr6.ifra_addr.sin6_addr);
// Create IPv4 socket to perform the ioctl operations on
int sockfd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP);
if (sockfd < 0) {
logger.error() << "Failed to create ioctl socket.";
return false;
}
auto guard = qScopeGuard([&] { close(sockfd); });
// Set ifr to interface
int ret = ioctl(sockfd, SIOCAIFADDR_IN6, &ifr6);
if (ret) {
logger.error() << "Failed to set IPv6: " << deviceAddr
<< "error:" << strerror(errno);
return false;
}
return true;
}

28
client/platforms/macos/daemon/iputilsmacos.h Normal file
View file

@ -0,0 +1,28 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef IPUTILSMACOS_H
#define IPUTILSMACOS_H
#include "daemon/iputils.h"
#include <arpa/inet.h>
class IPUtilsMacos final : public IPUtils {
public:
IPUtilsMacos(QObject* parent);
~IPUtilsMacos();
bool addInterfaceIPs(const InterfaceConfig& config) override;
bool setMTUAndUp(const InterfaceConfig& config) override;
void setIfname(const QString& ifname) { m_ifname = ifname; }
private:
bool addIP4AddressToDevice(const InterfaceConfig& config);
bool addIP6AddressToDevice(const InterfaceConfig& config);
private:
QString m_ifname;
};
#endif // IPUTILSMACOS_H

74
client/platforms/macos/daemon/macosdaemon.cpp Normal file
View file

@ -0,0 +1,74 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "macosdaemon.h"
#include "leakdetector.h"
#include "logger.h"
#include "wgquickprocess.h"
#include <QCoreApplication>
#include <QDir>
#include <QJsonDocument>
#include <QJsonObject>
#include <QJsonValue>
#include <QLocalSocket>
#include <QProcess>
#include <QSettings>
#include <QTextStream>
#include <QtGlobal>
namespace {
Logger logger(LOG_MACOS, "MacOSDaemon");
MacOSDaemon* s_daemon = nullptr;
} // namespace
MacOSDaemon::MacOSDaemon() : Daemon(nullptr) {
MVPN_COUNT_CTOR(MacOSDaemon);
logger.debug() << "Daemon created";
m_wgutils = new WireguardUtilsMacos(this);
m_dnsutils = new DnsUtilsMacos(this);
m_iputils = new IPUtilsMacos(this);
Q_ASSERT(s_daemon == nullptr);
s_daemon = this;
}
MacOSDaemon::~MacOSDaemon() {
MVPN_COUNT_DTOR(MacOSDaemon);
logger.debug() << "Daemon released";
Q_ASSERT(s_daemon == this);
s_daemon = nullptr;
}
// static
MacOSDaemon* MacOSDaemon::instance() {
Q_ASSERT(s_daemon);
return s_daemon;
}
QByteArray MacOSDaemon::getStatus() {
logger.debug() << "Status request";
bool connected = m_connections.contains(0);
QJsonObject obj;
obj.insert("type", "status");
obj.insert("connected", connected);
if (connected) {
const ConnectionState& state = m_connections.value(0).m_config;
WireguardUtils::peerStatus status =
m_wgutils->getPeerStatus(state.m_config.m_serverPublicKey);
obj.insert("serverIpv4Gateway", state.m_config.m_serverIpv4Gateway);
obj.insert("deviceIpv4Address", state.m_config.m_deviceIpv4Address);
obj.insert("date", state.m_date.toString());
obj.insert("txBytes", QJsonValue(status.txBytes));
obj.insert("rxBytes", QJsonValue(status.rxBytes));
}
return QJsonDocument(obj).toJson(QJsonDocument::Compact);
}

37
client/platforms/macos/daemon/macosdaemon.h Normal file
View file

@ -0,0 +1,37 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef MACOSDAEMON_H
#define MACOSDAEMON_H
#include "daemon.h"
#include "dnsutilsmacos.h"
#include "iputilsmacos.h"
#include "wireguardutilsmacos.h"
class MacOSDaemon final : public Daemon {
friend class IPUtilsMacos;
public:
MacOSDaemon();
~MacOSDaemon();
static MacOSDaemon* instance();
QByteArray getStatus() override;
protected:
WireguardUtils* wgutils() const override { return m_wgutils; }
bool supportDnsUtils() const override { return true; }
DnsUtils* dnsutils() override { return m_dnsutils; }
bool supportIPUtils() const override { return true; }
IPUtils* iputils() override { return m_iputils; }
private:
WireguardUtilsMacos* m_wgutils = nullptr;
DnsUtilsMacos* m_dnsutils = nullptr;
IPUtilsMacos* m_iputils = nullptr;
};
#endif // MACOSDAEMON_H

60
client/platforms/macos/daemon/macosdaemonserver.cpp Normal file
View file

@ -0,0 +1,60 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "macosdaemonserver.h"
#include "commandlineparser.h"
#include "daemon/daemonlocalserver.h"
#include "leakdetector.h"
#include "logger.h"
#include "macosdaemon.h"
#include "mozillavpn.h"
#include "signalhandler.h"
#include <QCoreApplication>
namespace {
Logger logger(LOG_MACOS, "MacOSDaemonServer");
}
MacOSDaemonServer::MacOSDaemonServer(QObject* parent)
: Command(parent, "macosdaemon", "Activate the macos daemon") {
MVPN_COUNT_CTOR(MacOSDaemonServer);
}
MacOSDaemonServer::~MacOSDaemonServer() { MVPN_COUNT_DTOR(MacOSDaemonServer); }
int MacOSDaemonServer::run(QStringList& tokens) {
Q_ASSERT(!tokens.isEmpty());
QString appName = tokens[0];
QCoreApplication app(CommandLineParser::argc(), CommandLineParser::argv());
QCoreApplication::setApplicationName("Mozilla VPN Daemon");
QCoreApplication::setApplicationVersion(APP_VERSION);
if (tokens.length() > 1) {
QList<CommandLineParser::Option*> options;
return CommandLineParser::unknownOption(this, appName, tokens[1], options,
false);
}
MacOSDaemon daemon;
DaemonLocalServer server(qApp);
if (!server.initialize()) {
logger.error() << "Failed to initialize the server";
return 1;
}
// Signal handling for a proper shutdown.
SignalHandler sh;
QObject::connect(&sh, &SignalHandler::quitRequested,
[]() { MacOSDaemon::instance()->deactivate(); });
QObject::connect(&sh, &SignalHandler::quitRequested, &app,
&QCoreApplication::quit, Qt::QueuedConnection);
return app.exec();
}
static Command::RegistrationProxy<MacOSDaemonServer> s_commandMacOSDaemon;

18
client/platforms/macos/daemon/macosdaemonserver.h Normal file
View file

@ -0,0 +1,18 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef MACOSDAEMONSERVER_H
#define MACOSDAEMONSERVER_H
#include "command.h"
class MacOSDaemonServer final : public Command {
public:
explicit MacOSDaemonServer(QObject* parent);
~MacOSDaemonServer();
int run(QStringList& tokens) override;
};
#endif // MACOSDAEMONSERVER_H

354
client/platforms/macos/daemon/macosroutemonitor.cpp Normal file
View file

@ -0,0 +1,354 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "macosroutemonitor.h"
#include "leakdetector.h"
#include "logger.h"
#include <QCoreApplication>
#include <QHostAddress>
#include <QScopeGuard>
#include <QTimer>
#include <QProcess>
#include <arpa/inet.h>
#include <errno.h>
#include <ifaddrs.h>
#include <net/if.h>
#include <net/if_dl.h>
#include <net/if_types.h>
#include <net/route.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <unistd.h>
namespace {
Logger logger(LOG_MACOS, "MacosRouteMonitor");
template <typename T>
static T* sockaddr_cast(QByteArray& data) {
const struct sockaddr* sa = (const struct sockaddr*)data.constData();
Q_ASSERT(sa->sa_len <= data.length());
if (data.length() >= (int)sizeof(T)) {
return (T*)data.data();
}
return nullptr;
}
} // namespace
MacosRouteMonitor::MacosRouteMonitor(const QString& ifname, QObject* parent)
: QObject(parent), m_ifname(ifname) {
MVPN_COUNT_CTOR(MacosRouteMonitor);
logger.debug() << "MacosRouteMonitor created.";
m_rtsock = socket(PF_ROUTE, SOCK_RAW, 0);
if (m_rtsock < 0) {
logger.error() << "Failed to create routing socket:" << strerror(errno);
return;
}
// Disable replies to our own messages.
int off = 0;
setsockopt(m_rtsock, SOL_SOCKET, SO_USELOOPBACK, &off, sizeof(off));
m_notifier = new QSocketNotifier(m_rtsock, QSocketNotifier::Read, this);
connect(m_notifier, &QSocketNotifier::activated, this,
&MacosRouteMonitor::rtsockReady);
}
MacosRouteMonitor::~MacosRouteMonitor() {
MVPN_COUNT_DTOR(MacosRouteMonitor);
if (m_rtsock >= 0) {
close(m_rtsock);
}
logger.debug() << "MacosRouteMonitor destroyed.";
}
void MacosRouteMonitor::handleRtmAdd(const struct rt_msghdr* rtm,
const QByteArray& payload) {
QList<QByteArray> addrlist = parseAddrList(payload);
// Ignore routing changes on the tunnel interfaces
if ((rtm->rtm_addrs & RTA_DST) && (rtm->rtm_addrs & RTA_GATEWAY)) {
if (m_ifname == addrToString(addrlist[1])) {
return;
}
}
QStringList list;
for (auto addr : addrlist) {
list.append(addrToString(addr));
}
logger.debug() << "Route added by" << rtm->rtm_pid
<< QString("addrs(%1):").arg(rtm->rtm_addrs) << list.join(" ");
}
void MacosRouteMonitor::handleRtmDelete(const struct rt_msghdr* rtm,
const QByteArray& payload) {
QList<QByteArray> addrlist = parseAddrList(payload);
// Ignore routing changes on the tunnel interfaces
if ((rtm->rtm_addrs & RTA_DST) && (rtm->rtm_addrs & RTA_GATEWAY)) {
if (m_ifname == addrToString(addrlist[1])) {
return;
}
}
QStringList list;
for (auto addr : addrlist) {
list.append(addrToString(addr));
}
logger.debug() << "Route deleted by" << rtm->rtm_pid
<< QString("addrs(%1):").arg(rtm->rtm_addrs) << list.join(" ");
}
void MacosRouteMonitor::handleRtmChange(const struct rt_msghdr* rtm,
const QByteArray& payload) {
QList<QByteArray> addrlist = parseAddrList(payload);
// Ignore routing changes on the tunnel interfaces
if ((rtm->rtm_addrs & RTA_DST) && (rtm->rtm_addrs & RTA_GATEWAY)) {
if (m_ifname == addrToString(addrlist[1])) {
return;
}
}
QStringList list;
for (auto addr : addrlist) {
list.append(addrToString(addr));
}
logger.debug() << "Route chagned by" << rtm->rtm_pid
<< QString("addrs(%1):").arg(rtm->rtm_addrs) << list.join(" ");
}
void MacosRouteMonitor::handleIfaceInfo(const struct if_msghdr* ifm,
const QByteArray& payload) {
QList<QByteArray> addrlist = parseAddrList(payload);
if (ifm->ifm_index != if_nametoindex(qPrintable(m_ifname))) {
return;
}
m_ifflags = ifm->ifm_flags;
QStringList list;
for (auto addr : addrlist) {
list.append(addrToString(addr));
}
logger.debug() << "Interface " << ifm->ifm_index
<< "chagned flags:" << ifm->ifm_flags
<< QString("addrs(%1):").arg(ifm->ifm_addrs) << list.join(" ");
}
void MacosRouteMonitor::rtsockReady() {
char buf[1024];
ssize_t len = recv(m_rtsock, buf, sizeof(buf), MSG_DONTWAIT);
if (len <= 0) {
return;
}
#ifndef RTMSG_NEXT
# define RTMSG_NEXT(_rtm_) \
(struct rt_msghdr*)((char*)(_rtm_) + (_rtm_)->rtm_msglen)
#endif
struct rt_msghdr* rtm = (struct rt_msghdr*)buf;
struct rt_msghdr* end = (struct rt_msghdr*)(&buf[len]);
while (rtm < end) {
// Ensure the message fits within the buffer
if (RTMSG_NEXT(rtm) > end) {
break;
}
// Handle the routing message.
QByteArray message((char*)rtm, rtm->rtm_msglen);
switch (rtm->rtm_type) {
case RTM_ADD:
message.remove(0, sizeof(struct rt_msghdr));
handleRtmAdd(rtm, message);
break;
case RTM_DELETE:
message.remove(0, sizeof(struct rt_msghdr));
handleRtmDelete(rtm, message);
break;
case RTM_CHANGE:
message.remove(0, sizeof(struct rt_msghdr));
handleRtmChange(rtm, message);
break;
case RTM_IFINFO:
message.remove(0, sizeof(struct if_msghdr));
handleIfaceInfo((struct if_msghdr*)rtm, message);
break;
default:
logger.debug() << "Unknown routing message:" << rtm->rtm_type;
break;
}
rtm = RTMSG_NEXT(rtm);
}
}
void MacosRouteMonitor::rtmAppendAddr(struct rt_msghdr* rtm, size_t maxlen,
int rtaddr, const void* sa) {
size_t sa_len = ((struct sockaddr*)sa)->sa_len;
Q_ASSERT((rtm->rtm_addrs & rtaddr) == 0);
if ((rtm->rtm_msglen + sa_len) > maxlen) {
return;
}
memcpy((char*)rtm + rtm->rtm_msglen, sa, sa_len);
rtm->rtm_addrs |= rtaddr;
rtm->rtm_msglen += sa_len;
if (rtm->rtm_msglen % sizeof(uint32_t)) {
rtm->rtm_msglen += sizeof(uint32_t) - (rtm->rtm_msglen % sizeof(uint32_t));
}
}
bool MacosRouteMonitor::rtmSendRoute(int action, const IPAddressRange& prefix) {
constexpr size_t rtm_max_size = sizeof(struct rt_msghdr) +
sizeof(struct sockaddr_in6) * 2 +
sizeof(struct sockaddr_dl);
char buf[rtm_max_size];
struct rt_msghdr* rtm = (struct rt_msghdr*)buf;
memset(rtm, 0, rtm_max_size);
rtm->rtm_msglen = sizeof(struct rt_msghdr);
rtm->rtm_version = RTM_VERSION;
rtm->rtm_type = action;
rtm->rtm_index = if_nametoindex(qPrintable(m_ifname));
rtm->rtm_flags = RTF_STATIC | RTF_UP;
rtm->rtm_addrs = 0;
rtm->rtm_pid = 0;
rtm->rtm_seq = m_rtseq++;
rtm->rtm_errno = 0;
rtm->rtm_inits = 0;
memset(&rtm->rtm_rmx, 0, sizeof(rtm->rtm_rmx));
// Append RTA_DST
if (prefix.type() == IPAddressRange::IPv6) {
struct sockaddr_in6 sin6;
Q_IPV6ADDR dst = QHostAddress(prefix.ipAddress()).toIPv6Address();
memset(&sin6, 0, sizeof(sin6));
sin6.sin6_family = AF_INET6;
sin6.sin6_len = sizeof(sin6);
memcpy(&sin6.sin6_addr, &dst, 16);
rtmAppendAddr(rtm, rtm_max_size, RTA_DST, &sin6);
} else {
struct sockaddr_in sin;
quint32 dst = QHostAddress(prefix.ipAddress()).toIPv4Address();
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_len = sizeof(sin);
sin.sin_addr.s_addr = htonl(dst);
rtmAppendAddr(rtm, rtm_max_size, RTA_DST, &sin);
}
// Append RTA_GATEWAY
if (action != RTM_DELETE) {
struct sockaddr_dl sdl;
memset(&sdl, 0, sizeof(sdl));
sdl.sdl_family = AF_LINK;
sdl.sdl_len = offsetof(struct sockaddr_dl, sdl_data) + m_ifname.length();
sdl.sdl_index = rtm->rtm_index;
sdl.sdl_type = IFT_OTHER;
sdl.sdl_nlen = m_ifname.length();
sdl.sdl_alen = 0;
sdl.sdl_slen = 0;
memcpy(&sdl.sdl_data, qPrintable(m_ifname), sdl.sdl_nlen);
rtmAppendAddr(rtm, rtm_max_size, RTA_GATEWAY, &sdl);
}
// Append RTA_NETMASK
int plen = prefix.range();
if (prefix.type() == IPAddressRange::IPv6) {
struct sockaddr_in6 sin6;
memset(&sin6, 0, sizeof(sin6));
sin6.sin6_family = AF_INET6;
sin6.sin6_len = sizeof(sin6);
memset(&sin6.sin6_addr.s6_addr, 0xff, plen / 8);
if (plen % 8) {
sin6.sin6_addr.s6_addr[plen / 8] = 0xFF ^ (0xFF >> (plen % 8));
}
rtmAppendAddr(rtm, rtm_max_size, RTA_NETMASK, &sin6);
} else if (prefix.type() == IPAddressRange::IPv4) {
struct sockaddr_in sin;
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_len = sizeof(struct sockaddr_in);
sin.sin_addr.s_addr = 0xffffffff;
if (plen < 32) {
sin.sin_addr.s_addr ^= htonl(0xffffffff >> plen);
}
rtmAppendAddr(rtm, rtm_max_size, RTA_NETMASK, &sin);
}
// Send the routing message to the kernel.
int len = write(m_rtsock, rtm, rtm->rtm_msglen);
if (len == rtm->rtm_msglen) {
return true;
}
if ((action == RTM_ADD) && (errno == EEXIST)) {
return true;
}
if ((action == RTM_DELETE) && (errno == ESRCH)) {
return true;
}
logger.warning() << "Failed to send routing message:" << strerror(errno);
return false;
}
bool MacosRouteMonitor::insertRoute(const IPAddressRange& prefix) {
return rtmSendRoute(RTM_ADD, prefix);
}
bool MacosRouteMonitor::deleteRoute(const IPAddressRange& prefix) {
return rtmSendRoute(RTM_DELETE, prefix);
}
// static
QList<QByteArray> MacosRouteMonitor::parseAddrList(const QByteArray& payload) {
QList<QByteArray> list;
int offset = 0;
constexpr int minlen = offsetof(struct sockaddr, sa_len) + sizeof(u_short);
while ((offset + minlen) <= payload.length()) {
struct sockaddr* sa = (struct sockaddr*)(payload.constData() + offset);
int paddedSize = sa->sa_len;
if (!paddedSize || (paddedSize % sizeof(uint32_t))) {
paddedSize += sizeof(uint32_t) - (paddedSize % sizeof(uint32_t));
}
if ((offset + paddedSize) > payload.length()) {
break;
}
list.append(payload.mid(offset, paddedSize));
offset += paddedSize;
}
return list;
}
// static
QString MacosRouteMonitor::addrToString(const struct sockaddr* sa) {
if (sa->sa_family == AF_INET) {
const struct sockaddr_in* sin = (const struct sockaddr_in*)sa;
return QString(inet_ntoa(sin->sin_addr));
}
if (sa->sa_family == AF_INET6) {
const struct sockaddr_in6* sin6 = (const struct sockaddr_in6*)sa;
char buf[INET6_ADDRSTRLEN];
return QString(inet_ntop(AF_INET6, &sin6->sin6_addr, buf, sizeof(buf)));
}
if (sa->sa_family == AF_LINK) {
const struct sockaddr_dl* sdl = (const struct sockaddr_dl*)sa;
return QString(link_ntoa(sdl));
}
return QString("unknown(af=%1)").arg(sa->sa_family);
}
// static
QString MacosRouteMonitor::addrToString(const QByteArray& data) {
const struct sockaddr* sa = (const struct sockaddr*)data.constData();
Q_ASSERT(sa->sa_len <= data.length());
return addrToString(sa);
}

54
client/platforms/macos/daemon/macosroutemonitor.h Normal file
View file

@ -0,0 +1,54 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef MACOSROUTEMONITOR_H
#define MACOSROUTEMONITOR_H
#include "ipaddressrange.h"
#include <QByteArray>
#include <QList>
#include <QObject>
#include <QSocketNotifier>
struct if_msghdr;
struct rt_msghdr;
struct sockaddr;
class MacosRouteMonitor final : public QObject {
Q_OBJECT
public:
MacosRouteMonitor(const QString& ifname, QObject* parent = nullptr);
~MacosRouteMonitor();
bool insertRoute(const IPAddressRange& prefix);
bool deleteRoute(const IPAddressRange& prefix);
int interfaceFlags() { return m_ifflags; }
private:
void handleRtmAdd(const struct rt_msghdr* msg, const QByteArray& payload);
void handleRtmDelete(const struct rt_msghdr* msg, const QByteArray& payload);
void handleRtmChange(const struct rt_msghdr* msg, const QByteArray& payload);
void handleIfaceInfo(const struct if_msghdr* msg, const QByteArray& payload);
bool rtmSendRoute(int action, const IPAddressRange& prefix);
static void rtmAppendAddr(struct rt_msghdr* rtm, size_t maxlen, int rtaddr,
const void* sa);
static QList<QByteArray> parseAddrList(const QByteArray& data);
private slots:
void rtsockReady();
private:
static QString addrToString(const struct sockaddr* sa);
static QString addrToString(const QByteArray& data);
QString m_ifname;
int m_ifflags = 0;
int m_rtsock = -1;
int m_rtseq = 0;
QSocketNotifier* m_notifier = nullptr;
};
#endif // MACOSROUTEMONITOR_H

309
client/platforms/macos/daemon/wireguardutilsmacos.cpp Normal file
View file

@ -0,0 +1,309 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "wireguardutilsmacos.h"
#include "leakdetector.h"
#include "logger.h"
#include <QByteArray>
#include <QDir>
#include <QFile>
#include <QLocalSocket>
#include <QTimer>
#include <errno.h>
constexpr const int WG_TUN_PROC_TIMEOUT = 5000;
constexpr const char* WG_RUNTIME_DIR = "/var/run/wireguard";
namespace {
Logger logger(LOG_MACOS, "WireguardUtilsMacos");
Logger logwireguard(LOG_MACOS, "WireguardGo");
}; // namespace
WireguardUtilsMacos::WireguardUtilsMacos(QObject* parent)
: WireguardUtils(parent), m_tunnel(this) {
MVPN_COUNT_CTOR(WireguardUtilsMacos);
logger.debug() << "WireguardUtilsMacos created.";
connect(&m_tunnel, SIGNAL(readyReadStandardOutput()), this,
SLOT(tunnelStdoutReady()));
connect(&m_tunnel, SIGNAL(errorOccurred(QProcess::ProcessError)), this,
SLOT(tunnelErrorOccurred(QProcess::ProcessError)));
}
WireguardUtilsMacos::~WireguardUtilsMacos() {
MVPN_COUNT_DTOR(WireguardUtilsMacos);
logger.debug() << "WireguardUtilsMacos destroyed.";
}
void WireguardUtilsMacos::tunnelStdoutReady() {
for (;;) {
QByteArray line = m_tunnel.readLine();
if (line.length() <= 0) {
break;
}
logwireguard.debug() << QString::fromUtf8(line);
}
}
void WireguardUtilsMacos::tunnelErrorOccurred(QProcess::ProcessError error) {
logger.warning() << "Tunnel process encountered an error:" << error;
emit backendFailure();
}
bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
Q_UNUSED(config);
if (m_tunnel.state() != QProcess::NotRunning) {
logger.warning() << "Unable to start: tunnel process already running";
return false;
}
QDir wgRuntimeDir(WG_RUNTIME_DIR);
if (!wgRuntimeDir.exists()) {
wgRuntimeDir.mkpath(".");
}
QProcessEnvironment pe = QProcessEnvironment::systemEnvironment();
QString wgNameFile = wgRuntimeDir.filePath(QString(WG_INTERFACE) + ".name");
pe.insert("WG_TUN_NAME_FILE", wgNameFile);
#ifdef QT_DEBUG
pe.insert("LOG_LEVEL", "debug");
#endif
m_tunnel.setProcessEnvironment(pe);
QDir appPath(QCoreApplication::applicationDirPath());
appPath.cdUp();
appPath.cd("Resources");
appPath.cd("utils");
QStringList wgArgs = {"-f", "utun"};
m_tunnel.start(appPath.filePath("wireguard-go"), wgArgs);
if (!m_tunnel.waitForStarted(WG_TUN_PROC_TIMEOUT)) {
logger.error() << "Unable to start tunnel process due to timeout";
m_tunnel.kill();
return false;
}
m_ifname = waitForTunnelName(wgNameFile);
if (m_ifname.isNull()) {
logger.error() << "Unable to read tunnel interface name";
m_tunnel.kill();
return false;
}
logger.debug() << "Created wireguard interface" << m_ifname;
// Start the routing table monitor.
m_rtmonitor = new MacosRouteMonitor(m_ifname, this);
// Send a UAPI command to configure the interface
QString message("set=1\n");
QByteArray privateKey = QByteArray::fromBase64(config.m_privateKey.toUtf8());
QTextStream out(&message);
out << "private_key=" << QString(privateKey.toHex()) << "\n";
out << "replace_peers=true\n";
int err = uapiErrno(uapiCommand(message));
if (err != 0) {
logger.error() << "Interface configuration failed:" << strerror(err);
}
return (err == 0);
}
bool WireguardUtilsMacos::deleteInterface() {
if (m_rtmonitor) {
delete m_rtmonitor;
m_rtmonitor = nullptr;
}
if (m_tunnel.state() == QProcess::NotRunning) {
return false;
}
// Attempt to terminate gracefully.
m_tunnel.terminate();
if (!m_tunnel.waitForFinished(WG_TUN_PROC_TIMEOUT)) {
m_tunnel.kill();
m_tunnel.waitForFinished(WG_TUN_PROC_TIMEOUT);
}
// Garbage collect.
QDir wgRuntimeDir(WG_RUNTIME_DIR);
QFile::remove(wgRuntimeDir.filePath(QString(WG_INTERFACE) + ".name"));
return true;
}
// dummy implementations for now
bool WireguardUtilsMacos::updatePeer(const InterfaceConfig& config) {
QByteArray publicKey =
QByteArray::fromBase64(qPrintable(config.m_serverPublicKey));
// Update/create the peer config
QString message;
QTextStream out(&message);
out << "set=1\n";
out << "public_key=" << QString(publicKey.toHex()) << "\n";
if (!config.m_serverIpv4AddrIn.isNull()) {
out << "endpoint=" << config.m_serverIpv4AddrIn << ":";
} else if (!config.m_serverIpv6AddrIn.isNull()) {
out << "endpoint=[" << config.m_serverIpv6AddrIn << "]:";
} else {
logger.warning() << "Failed to create peer with no endpoints";
return false;
}
out << config.m_serverPort << "\n";
out << "replace_allowed_ips=true\n";
for (const IPAddressRange& ip : config.m_allowedIPAddressRanges) {
out << "allowed_ip=" << ip.toString() << "\n";
}
int err = uapiErrno(uapiCommand(message));
if (err != 0) {
logger.error() << "Peer configuration failed:" << strerror(err);
}
return (err == 0);
}
bool WireguardUtilsMacos::deletePeer(const QString& pubkey) {
QByteArray publicKey = QByteArray::fromBase64(qPrintable(pubkey));
QString message;
QTextStream out(&message);
out << "set=1\n";
out << "public_key=" << QString(publicKey.toHex()) << "\n";
out << "remove=true\n";
int err = uapiErrno(uapiCommand(message));
if (err != 0) {
logger.error() << "Peer deletion failed:" << strerror(err);
}
return (err == 0);
}
WireguardUtils::peerStatus WireguardUtilsMacos::getPeerStatus(
const QString& pubkey) {
peerStatus status = {0, 0};
QString hexkey = QByteArray::fromBase64(pubkey.toUtf8()).toHex();
QString reply = uapiCommand("get=1");
bool match = false;
for (const QString& line : reply.split('\n')) {
int eq = line.indexOf('=');
if (eq <= 0) {
continue;
}
QString name = line.left(eq);
QString value = line.mid(eq + 1);
if (name == "public_key") {
match = (value == hexkey);
continue;
} else if (!match) {
continue;
}
if (name == "tx_bytes") {
status.txBytes = value.toDouble();
}
if (name == "rx_bytes") {
status.rxBytes = value.toDouble();
}
}
return status;
}
bool WireguardUtilsMacos::updateRoutePrefix(const IPAddressRange& prefix,
int hopindex) {
Q_UNUSED(hopindex);
if (!m_rtmonitor) {
return false;
}
return m_rtmonitor->insertRoute(prefix);
}
bool WireguardUtilsMacos::deleteRoutePrefix(const IPAddressRange& prefix,
int hopindex) {
Q_UNUSED(hopindex);
if (!m_rtmonitor) {
return false;
}
return m_rtmonitor->deleteRoute(prefix);
}
QString WireguardUtilsMacos::uapiCommand(const QString& command) {
QLocalSocket socket;
QTimer uapiTimeout;
QDir wgRuntimeDir(WG_RUNTIME_DIR);
QString wgSocketFile = wgRuntimeDir.filePath(m_ifname + ".sock");
uapiTimeout.setSingleShot(true);
uapiTimeout.start(WG_TUN_PROC_TIMEOUT);
socket.connectToServer(wgSocketFile, QIODevice::ReadWrite);
if (!socket.waitForConnected(WG_TUN_PROC_TIMEOUT)) {
logger.error() << "QLocalSocket::waitForConnected() failed:"
<< socket.errorString();
return QString();
}
// Send the message to the UAPI socket.
QByteArray message = command.toLocal8Bit();
while (!message.endsWith("\n\n")) {
message.append('\n');
}
socket.write(message);
QByteArray reply;
while (!reply.contains("\n\n")) {
if (!uapiTimeout.isActive()) {
logger.error() << "UAPI command timed out";
return QString();
}
QCoreApplication::processEvents(QEventLoop::AllEvents, 100);
reply.append(socket.readAll());
}
return QString::fromUtf8(reply).trimmed();
}
// static
int WireguardUtilsMacos::uapiErrno(const QString& reply) {
for (const QString& line : reply.split("\n")) {
int eq = line.indexOf('=');
if (eq <= 0) {
continue;
}
if (line.left(eq) == "errno") {
return line.mid(eq + 1).toInt();
}
}
return EINVAL;
}
QString WireguardUtilsMacos::waitForTunnelName(const QString& filename) {
QTimer timeout;
timeout.setSingleShot(true);
timeout.start(WG_TUN_PROC_TIMEOUT);
QFile file(filename);
while ((m_tunnel.state() == QProcess::Running) && timeout.isActive()) {
QCoreApplication::processEvents(QEventLoop::AllEvents, 100);
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
continue;
}
QString ifname = QString::fromLocal8Bit(file.readLine()).trimmed();
file.close();
// Test-connect to the UAPI socket.
QLocalSocket sock;
QDir wgRuntimeDir(WG_RUNTIME_DIR);
QString sockName = wgRuntimeDir.filePath(ifname + ".sock");
sock.connectToServer(sockName, QIODevice::ReadWrite);
if (sock.waitForConnected(100)) {
return ifname;
}
}
return QString();
}

52
client/platforms/macos/daemon/wireguardutilsmacos.h Normal file
View file

@ -0,0 +1,52 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef WIREGUARDUTILSMACOS_H
#define WIREGUARDUTILSMACOS_H
#include "daemon/wireguardutils.h"
#include "macosroutemonitor.h"
#include <QObject>
#include <QProcess>
class WireguardUtilsMacos final : public WireguardUtils {
Q_OBJECT
public:
WireguardUtilsMacos(QObject* parent);
~WireguardUtilsMacos();
bool interfaceExists() override {
return m_tunnel.state() == QProcess::Running;
}
QString interfaceName() override { return m_ifname; }
bool addInterface(const InterfaceConfig& config) override;
bool deleteInterface() override;
bool updatePeer(const InterfaceConfig& config) override;
bool deletePeer(const QString& pubkey) override;
peerStatus getPeerStatus(const QString& pubkey) override;
bool updateRoutePrefix(const IPAddressRange& prefix, int hopindex) override;
bool deleteRoutePrefix(const IPAddressRange& prefix, int hopindex) override;
signals:
void backendFailure();
private slots:
void tunnelStdoutReady();
void tunnelErrorOccurred(QProcess::ProcessError error);
private:
QString uapiCommand(const QString& command);
static int uapiErrno(const QString& command);
QString waitForTunnelName(const QString& filename);
QString m_ifname;
QProcess m_tunnel;
MacosRouteMonitor* m_rtmonitor = nullptr;
};
#endif // WIREGUARDUTILSMACOS_H

136
client/platforms/macos/macoscryptosettings.mm Normal file
View file

@ -0,0 +1,136 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "cryptosettings.h"
#include "logger.h"
#include <QRandomGenerator>
constexpr const NSString* SERVICE = @"Mozilla VPN";
#import <Foundation/Foundation.h>
namespace {
Logger logger({LOG_MACOS, LOG_MAIN}, "MacOSCryptoSettings");
bool initialized = false;
QByteArray key;
} // anonymous
// static
void CryptoSettings::resetKey() {
logger.debug() << "Reset the key in the keychain";
NSData* service = [SERVICE dataUsingEncoding:NSUTF8StringEncoding];
NSString* appId = [[NSBundle mainBundle] bundleIdentifier];
NSMutableDictionary* query = [[NSMutableDictionary alloc] init];
[query setObject:(id)kSecClassGenericPassword forKey:(id)kSecClass];
[query setObject:service forKey:(id)kSecAttrGeneric];
[query setObject:service forKey:(id)kSecAttrAccount];
[query setObject:appId forKey:(id)kSecAttrService];
SecItemDelete((CFDictionaryRef)query);
[query release];
initialized = false;
}
// static
bool CryptoSettings::getKey(uint8_t output[CRYPTO_SETTINGS_KEY_SIZE]) {
#if defined(MVPN_IOS) || defined(MVPN_MACOS_NETWORKEXTENSION) || defined(MVPN_MACOS_DAEMON)
if (!initialized) {
initialized = true;
logger.debug() << "Retrieving the key from the keychain";
NSData* service = [SERVICE dataUsingEncoding:NSUTF8StringEncoding];
NSString* appId = [[NSBundle mainBundle] bundleIdentifier];
NSMutableDictionary* query = [[NSMutableDictionary alloc] init];
[query setObject:(id)kSecClassGenericPassword forKey:(id)kSecClass];
[query setObject:service forKey:(id)kSecAttrGeneric];
[query setObject:service forKey:(id)kSecAttrAccount];
[query setObject:appId forKey:(id)kSecAttrService];
[query setObject:(id)kCFBooleanTrue forKey:(id)kSecReturnData];
[query setObject:(id)kSecMatchLimitOne forKey:(id)kSecMatchLimit];
NSData* keyData = NULL;
OSStatus status = SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef*)(void*)&keyData);
[query release];
if (status == noErr) {
key = QByteArray::fromNSData(keyData);
logger.debug() << "Key found with length:" << key.length();
if (key.length() == CRYPTO_SETTINGS_KEY_SIZE) {
memcpy(output, key.data(), CRYPTO_SETTINGS_KEY_SIZE);
return true;
}
}
logger.warning() << "Key not found. Let's create it. Error:" << status;
key = QByteArray(CRYPTO_SETTINGS_KEY_SIZE, 0x00);
QRandomGenerator* rg = QRandomGenerator::system();
for (int i = 0; i < CRYPTO_SETTINGS_KEY_SIZE; ++i) {
key[i] = rg->generate() & 0xFF;
}
query = [[NSMutableDictionary alloc] init];
[query setObject:(id)kSecClassGenericPassword forKey:(id)kSecClass];
[query setObject:service forKey:(id)kSecAttrGeneric];
[query setObject:service forKey:(id)kSecAttrAccount];
[query setObject:appId forKey:(id)kSecAttrService];
SecItemDelete((CFDictionaryRef)query);
keyData = key.toNSData();
[query setObject:keyData forKey:(id)kSecValueData];
status = SecItemAdd((CFDictionaryRef)query, NULL);
if (status != noErr) {
logger.error() << "Failed to store the key. Error:" << status;
key = QByteArray();
}
[query release];
}
if (key.length() == CRYPTO_SETTINGS_KEY_SIZE) {
memcpy(output, key.data(), CRYPTO_SETTINGS_KEY_SIZE);
return true;
}
logger.error() << "Invalid key";
#else
Q_UNUSED(output);
#endif
return false;
}
// static
CryptoSettings::Version CryptoSettings::getSupportedVersion() {
logger.debug() << "Get supported settings method";
#if defined(MVPN_IOS) || defined(MVPN_MACOS_NETWORKEXTENSION) || defined(MVPN_MACOS_DAEMON)
uint8_t key[CRYPTO_SETTINGS_KEY_SIZE];
if (getKey(key)) {
logger.debug() << "Encryption supported!";
return CryptoSettings::EncryptionChachaPolyV1;
}
#endif
logger.debug() << "No encryption";
return CryptoSettings::NoEncryption;
}

106
client/platforms/macos/macosmenubar.cpp Normal file
View file

@ -0,0 +1,106 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "macosmenubar.h"
#include "leakdetector.h"
#include "logger.h"
#include "mozillavpn.h"
#include "qmlengineholder.h"
#ifdef MVPN_MACOS
# include "platforms/macos/macosutils.h"
#endif
#include <QAction>
#include <QMenu>
#include <QMenuBar>
namespace {
Logger logger(LOG_MACOS, "MacOSManuBar");
MacOSMenuBar* s_instance = nullptr;
} // namespace
MacOSMenuBar::MacOSMenuBar() {
MVPN_COUNT_CTOR(MacOSMenuBar);
Q_ASSERT(!s_instance);
s_instance = this;
}
MacOSMenuBar::~MacOSMenuBar() {
MVPN_COUNT_DTOR(MacOSMenuBar);
Q_ASSERT(s_instance == this);
s_instance = nullptr;
}
// static
MacOSMenuBar* MacOSMenuBar::instance() {
Q_ASSERT(s_instance);
return s_instance;
}
void MacOSMenuBar::initialize() {
logger.debug() << "Creating menubar";
AmneziaVPN* vpn = AmneziaVPN::instance();
m_menuBar = new QMenuBar(nullptr);
//% "File"
QMenu* fileMenu = m_menuBar->addMenu(qtTrId("menubar.file.title"));
// Do not use qtTrId here!
QAction* quit =
fileMenu->addAction("quit", vpn->controller(), &Controller::quit);
quit->setMenuRole(QAction::QuitRole);
// Do not use qtTrId here!
m_aboutAction =
fileMenu->addAction("about.vpn", vpn, &AmneziaVPN::requestAbout);
m_aboutAction->setMenuRole(QAction::AboutRole);
m_aboutAction->setVisible(vpn->state() == AmneziaVPN::StateMain);
// Do not use qtTrId here!
m_preferencesAction =
fileMenu->addAction("preferences", vpn, &AmneziaVPN::requestSettings);
m_preferencesAction->setMenuRole(QAction::PreferencesRole);
m_preferencesAction->setVisible(vpn->state() == AmneziaVPN::StateMain);
m_closeAction = fileMenu->addAction("close", []() {
QmlEngineHolder::instance()->hideWindow();
#ifdef MVPN_MACOS
MacOSUtils::hideDockIcon();
#endif
});
m_closeAction->setShortcut(QKeySequence::Close);
m_helpMenu = m_menuBar->addMenu("");
retranslate();
};
void MacOSMenuBar::controllerStateChanged() {
AmneziaVPN* vpn = AmneziaVPN::instance();
m_preferencesAction->setVisible(vpn->state() == AmneziaVPN::StateMain);
m_aboutAction->setVisible(vpn->state() == AmneziaVPN::StateMain);
}
void MacOSMenuBar::retranslate() {
logger.debug() << "Retranslate";
//% "Close"
m_closeAction->setText(qtTrId("menubar.file.close"));
//% "Help"
m_helpMenu->setTitle(qtTrId("menubar.help.title"));
for (QAction* action : m_helpMenu->actions()) {
m_helpMenu->removeAction(action);
}
AmneziaVPN* vpn = AmneziaVPN::instance();
vpn->helpModel()->forEach([&](const char* nameId, int id) {
m_helpMenu->addAction(qtTrId(nameId),
[help = vpn->helpModel(), id]() { help->open(id); });
});
}

42
client/platforms/macos/macosmenubar.h Normal file
View file

@ -0,0 +1,42 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef MACOSMENUBAR_H
#define MACOSMENUBAR_H
#include <QObject>
class QAction;
class QMenu;
class QMenuBar;
class MacOSMenuBar final : public QObject {
Q_OBJECT
Q_DISABLE_COPY_MOVE(MacOSMenuBar)
public:
MacOSMenuBar();
~MacOSMenuBar();
static MacOSMenuBar* instance();
void initialize();
void retranslate();
QMenuBar* menuBar() const { return m_menuBar; }
public slots:
void controllerStateChanged();
private:
QMenuBar* m_menuBar = nullptr;
QAction* m_aboutAction = nullptr;
QAction* m_preferencesAction = nullptr;
QAction* m_closeAction = nullptr;
QMenu* m_helpMenu = nullptr;
};
#endif // MACOSMENUBAR_H

25
client/platforms/macos/macosnetworkwatcher.h Normal file
View file

@ -0,0 +1,25 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef MACOSNETWORKWATCHER_H
#define MACOSNETWORKWATCHER_H
#include "networkwatcherimpl.h"
class MacOSNetworkWatcher final : public NetworkWatcherImpl {
public:
MacOSNetworkWatcher(QObject* parent);
~MacOSNetworkWatcher();
void initialize() override;
void start() override;
void checkInterface();
private:
void* m_delegate = nullptr;
};
#endif // MACOSNETWORKWATCHER_H

131
client/platforms/macos/macosnetworkwatcher.mm Normal file
View file

@ -0,0 +1,131 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "macosnetworkwatcher.h"
#include "leakdetector.h"
#include "logger.h"
#import <CoreWLAN/CoreWLAN.h>
namespace {
Logger logger(LOG_MACOS, "MacOSNetworkWatcher");
}
@interface MacOSNetworkWatcherDelegate : NSObject <CWEventDelegate> {
MacOSNetworkWatcher* m_watcher;
}
@end
@implementation MacOSNetworkWatcherDelegate
- (id)initWithObject:(MacOSNetworkWatcher*)watcher {
self = [super init];
if (self) {
m_watcher = watcher;
}
return self;
}
- (void)bssidDidChangeForWiFiInterfaceWithName:(NSString*)interfaceName {
logger.debug() << "BSSID changed!" << QString::fromNSString(interfaceName);
if (m_watcher) {
m_watcher->checkInterface();
}
}
@end
MacOSNetworkWatcher::MacOSNetworkWatcher(QObject* parent) : NetworkWatcherImpl(parent) {
MVPN_COUNT_CTOR(MacOSNetworkWatcher);
}
MacOSNetworkWatcher::~MacOSNetworkWatcher() {
MVPN_COUNT_DTOR(MacOSNetworkWatcher);
if (m_delegate) {
CWWiFiClient* client = CWWiFiClient.sharedWiFiClient;
if (!client) {
logger.debug() << "Unable to retrieve the CWWiFiClient shared instance";
return;
}
[client stopMonitoringAllEventsAndReturnError:nullptr];
[static_cast<MacOSNetworkWatcherDelegate*>(m_delegate) dealloc];
m_delegate = nullptr;
}
}
void MacOSNetworkWatcher::initialize() {
// Nothing to do here
}
void MacOSNetworkWatcher::start() {
NetworkWatcherImpl::start();
checkInterface();
if (m_delegate) {
logger.debug() << "Delegate already registered";
return;
}
CWWiFiClient* client = CWWiFiClient.sharedWiFiClient;
if (!client) {
logger.error() << "Unable to retrieve the CWWiFiClient shared instance";
return;
}
logger.debug() << "Registering delegate";
m_delegate = [[MacOSNetworkWatcherDelegate alloc] initWithObject:this];
[client setDelegate:static_cast<MacOSNetworkWatcherDelegate*>(m_delegate)];
[client startMonitoringEventWithType:CWEventTypeBSSIDDidChange error:nullptr];
}
void MacOSNetworkWatcher::checkInterface() {
logger.debug() << "Checking interface";
if (!isActive()) {
logger.debug() << "Feature disabled";
return;
}
CWWiFiClient* client = CWWiFiClient.sharedWiFiClient;
if (!client) {
logger.debug() << "Unable to retrieve the CWWiFiClient shared instance";
return;
}
CWInterface* interface = [client interface];
if (!interface) {
logger.debug() << "No default wifi interface";
return;
}
if (![interface powerOn]) {
logger.debug() << "The interface is off";
return;
}
NSString* ssidNS = [interface ssid];
if (!ssidNS) {
logger.debug() << "WiFi is not in used";
return;
}
QString ssid = QString::fromNSString(ssidNS);
if (ssid.isEmpty()) {
logger.debug() << "WiFi doesn't have a valid SSID";
return;
}
CWSecurity security = [interface security];
if (security == kCWSecurityNone || security == kCWSecurityWEP) {
logger.debug() << "Unsecured network found!";
emit unsecuredNetwork(ssid, ssid);
return;
}
logger.debug() << "Secure WiFi interface";
}

122
client/platforms/macos/macospingsender.cpp Normal file
View file

@ -0,0 +1,122 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "macospingsender.h"
#include "leakdetector.h"
#include "logger.h"
#include <QSocketNotifier>
#include <arpa/inet.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <unistd.h>
namespace {
Logger logger({LOG_MACOS, LOG_NETWORKING}, "MacOSPingSender");
int identifier() { return (getpid() & 0xFFFF); }
}; // namespace
MacOSPingSender::MacOSPingSender(const QString& source, QObject* parent)
: PingSender(parent) {
MVPN_COUNT_CTOR(MacOSPingSender);
if (getuid()) {
m_socket = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
} else {
m_socket = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
}
if (m_socket < 0) {
logger.error() << "Socket creation failed";
return;
}
struct sockaddr_in addr;
bzero(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_len = sizeof(addr);
if (inet_aton(source.toLocal8Bit().constData(), &addr.sin_addr) == 0) {
logger.error() << "source address error";
return;
}
if (bind(m_socket, (struct sockaddr*)&addr, sizeof(addr)) != 0) {
logger.error() << "bind error:" << strerror(errno);
return;
}
m_notifier = new QSocketNotifier(m_socket, QSocketNotifier::Read, this);
connect(m_notifier, &QSocketNotifier::activated, this,
&MacOSPingSender::socketReady);
}
MacOSPingSender::~MacOSPingSender() {
MVPN_COUNT_DTOR(MacOSPingSender);
if (m_socket >= 0) {
close(m_socket);
}
}
void MacOSPingSender::sendPing(const QString& dest, quint16 sequence) {
struct sockaddr_in addr;
bzero(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_len = sizeof(addr);
if (inet_aton(dest.toLocal8Bit().constData(), &addr.sin_addr) == 0) {
logger.error() << "DNS lookup failed";
return;
}
struct icmp packet;
bzero(&packet, sizeof packet);
packet.icmp_type = ICMP_ECHO;
packet.icmp_id = identifier();
packet.icmp_seq = htons(sequence);
packet.icmp_cksum = inetChecksum(&packet, sizeof(packet));
if (sendto(m_socket, (char*)&packet, sizeof(packet), 0,
(struct sockaddr*)&addr, sizeof(addr)) != sizeof(packet)) {
logger.error() << "ping sending failed:" << strerror(errno);
return;
}
}
void MacOSPingSender::socketReady() {
struct msghdr msg;
bzero(&msg, sizeof(msg));
struct sockaddr_in addr;
msg.msg_name = (caddr_t)&addr;
msg.msg_namelen = sizeof(addr);
struct iovec iov;
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
u_char packet[IP_MAXPACKET];
iov.iov_base = packet;
iov.iov_len = IP_MAXPACKET;
ssize_t rc = recvmsg(m_socket, &msg, MSG_DONTWAIT);
if (rc <= 0) {
logger.error() << "Recvmsg failed";
return;
}
struct ip* ip = (struct ip*)packet;
int hlen = ip->ip_hl << 2;
struct icmp* icmp = (struct icmp*)(((char*)packet) + hlen);
if (icmp->icmp_type == ICMP_ECHOREPLY && icmp->icmp_id == identifier()) {
emit recvPing(htons(icmp->icmp_seq));
}
}

30
client/platforms/macos/macospingsender.h Normal file
View file

@ -0,0 +1,30 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef MACOSPINGSENDER_H
#define MACOSPINGSENDER_H
#include "pingsender.h"
class QSocketNotifier;
class MacOSPingSender final : public PingSender {
Q_OBJECT
Q_DISABLE_COPY_MOVE(MacOSPingSender)
public:
MacOSPingSender(const QString& source, QObject* parent = nullptr);
~MacOSPingSender();
void sendPing(const QString& dest, quint16 sequence) override;
private slots:
void socketReady();
private:
QSocketNotifier* m_notifier = nullptr;
int m_socket = -1;
};
#endif // MACOSPINGSENDER_H

28
client/platforms/macos/macosstartatbootwatcher.cpp Normal file
View file

@ -0,0 +1,28 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "macosstartatbootwatcher.h"
#include "leakdetector.h"
#include "logger.h"
#include "macosutils.h"
namespace {
Logger logger(LOG_MACOS, "MacOSStartAtBootWatcher");
}
MacOSStartAtBootWatcher::MacOSStartAtBootWatcher(bool startAtBoot) {
MVPN_COUNT_CTOR(MacOSStartAtBootWatcher);
logger.debug() << "StartAtBoot watcher";
MacOSUtils::enableLoginItem(startAtBoot);
}
MacOSStartAtBootWatcher::~MacOSStartAtBootWatcher() {
MVPN_COUNT_DTOR(MacOSStartAtBootWatcher);
}
void MacOSStartAtBootWatcher::startAtBootChanged(bool startAtBoot) {
logger.debug() << "StartAtBoot changed:" << startAtBoot;
MacOSUtils::enableLoginItem(startAtBoot);
}

22
client/platforms/macos/macosstartatbootwatcher.h Normal file
View file

@ -0,0 +1,22 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef MACOSSTARTATBOOTWATCHER_H
#define MACOSSTARTATBOOTWATCHER_H
#include <QObject>
class MacOSStartAtBootWatcher final : public QObject {
Q_OBJECT
Q_DISABLE_COPY_MOVE(MacOSStartAtBootWatcher)
public:
explicit MacOSStartAtBootWatcher(bool startAtBoot);
~MacOSStartAtBootWatcher();
public slots:
void startAtBootChanged(bool value);
};
#endif // MACOSSTARTATBOOTWATCHER_H

23
client/platforms/macos/macosutils.h Normal file
View file

@ -0,0 +1,23 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef MACOSUTILS_H
#define MACOSUTILS_H
#include <QObject>
#include <QString>
class MacOSUtils final {
public:
static QString computerName();
static void enableLoginItem(bool startAtBoot);
static void setDockClickHandler();
static void hideDockIcon();
static void showDockIcon();
};
#endif // MACOSUTILS_H

91
client/platforms/macos/macosutils.mm Normal file
View file

@ -0,0 +1,91 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "macosutils.h"
#include "logger.h"
#include "models/helpmodel.h"
#include "qmlengineholder.h"
#include <objc/message.h>
#include <objc/objc.h>
#include <QFile>
#include <QMenuBar>
#import <Cocoa/Cocoa.h>
#import <ServiceManagement/ServiceManagement.h>
namespace {
Logger logger(LOG_MACOS, "MacOSUtils");
}
// static
QString MacOSUtils::computerName() {
NSString* name = [[NSHost currentHost] localizedName];
return QString::fromNSString(name);
}
// static
void MacOSUtils::enableLoginItem(bool startAtBoot) {
logger.debug() << "Enabling login-item";
NSString* appId = [[NSBundle mainBundle] bundleIdentifier];
NSString* loginItemAppId =
QString("%1.login-item").arg(QString::fromNSString(appId)).toNSString();
CFStringRef cfs = (__bridge CFStringRef)loginItemAppId;
Boolean ok = SMLoginItemSetEnabled(cfs, startAtBoot ? YES : NO);
logger.debug() << "Result: " << ok;
}
namespace {
bool dockClickHandler(id self, SEL cmd, ...) {
Q_UNUSED(self);
Q_UNUSED(cmd);
logger.debug() << "Dock icon clicked.";
QmlEngineHolder::instance()->showWindow();
return FALSE;
}
} // namespace
// static
void MacOSUtils::setDockClickHandler() {
NSApplication* app = [NSApplication sharedApplication];
if (!app) {
logger.debug() << "No sharedApplication";
return;
}
id delegate = [app delegate];
if (!delegate) {
logger.debug() << "No delegate";
return;
}
Class delegateClass = [delegate class];
if (!delegateClass) {
logger.debug() << "No delegate class";
return;
}
SEL shouldHandle = sel_registerName("applicationShouldHandleReopen:hasVisibleWindows:");
if (class_getInstanceMethod(delegateClass, shouldHandle)) {
if (!class_replaceMethod(delegateClass, shouldHandle, (IMP)dockClickHandler, "B@:")) {
logger.error() << "Failed to replace the dock click handler";
}
} else if (!class_addMethod(delegateClass, shouldHandle, (IMP)dockClickHandler, "B@:")) {
logger.error() << "Failed to register the dock click handler";
}
}
void MacOSUtils::hideDockIcon() {
[NSApp setActivationPolicy:NSApplicationActivationPolicyAccessory];
}
void MacOSUtils::showDockIcon() {
[NSApp setActivationPolicy:NSApplicationActivationPolicyRegular];
}