WireGuardApp: restore old keychain consistency behavior

This reverts commit adcbd17ebeedaf6fa8106c8835ebf43667170878. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2021-09-23 05:39:47 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2021-09-23 05:40:10 +0200
commit: dfb685f2580403cc28aeae7428d52f3655d3436b (patch)
tree: ad9e563afb859dfa06fc7a2e7fe26fb308fccb08
parent: App: version bump (diff)
download: wireguard-apple-dfb685f2580403cc28aeae7428d52f3655d3436b.tar.xz
wireguard-apple-dfb685f2580403cc28aeae7428d52f3655d3436b.zip
1 files changed, 9 insertions, 7 deletions
diff --git a/Sources/WireGuardApp/Tunnel/TunnelsManager.swift b/Sources/WireGuardApp/Tunnel/TunnelsManager.swift
index 152d26e..83c48c9 100644
--- a/Sources/WireGuardApp/Tunnel/TunnelsManager.swift
+++ b/Sources/WireGuardApp/Tunnel/TunnelsManager.swift
@@ -56,19 +56,21 @@ class TunnelsManager {
                     tunnelManager.saveToPreferences { _ in }
                 }
                 #if os(iOS)
-                let verify = true
+                let passwordRef = proto.verifyConfigurationReference() ? proto.passwordReference : nil
                 #elseif os(macOS)
-                let verify = proto.providerConfiguration?["UID"] as? uid_t == getuid()
+                let passwordRef: Data?
+                if proto.providerConfiguration?["UID"] as? uid_t == getuid() {
+                    passwordRef = proto.verifyConfigurationReference() ? proto.passwordReference : nil
+                } else {
+                    passwordRef = proto.passwordReference // To handle multiple users in macOS, we skip verifying
+                }
                 #else
                 #error("Unimplemented")
                 #endif
-                if verify && !proto.verifyConfigurationReference() {
-                    wg_log(.error, message: "Unable to verify keychain entry of tunnel: \(tunnelManager.localizedDescription ?? "<unknown>")")
-                }
-                if let ref = proto.passwordReference {
+                if let ref = passwordRef {
                     refs.insert(ref)
                 } else {
-                    wg_log(.error, message: "Removing orphaned tunnel with missing keychain entry: \(tunnelManager.localizedDescription ?? "<unknown>")")
+                    wg_log(.info, message: "Removing orphaned tunnel with non-verifying keychain entry: \(tunnelManager.localizedDescription ?? "<unknown>")")
                     tunnelManager.removeFromPreferences { _ in }
                     tunnelManagers.remove(at: index)
                 }
author	Jason A. Donenfeld <Jason@zx2c4.com>	2021-09-23 05:39:47 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2021-09-23 05:40:10 +0200
commit	dfb685f2580403cc28aeae7428d52f3655d3436b (patch)
tree	ad9e563afb859dfa06fc7a2e7fe26fb308fccb08
parent	App: version bump (diff)
download	wireguard-apple-dfb685f2580403cc28aeae7428d52f3655d3436b.tar.xz wireguard-apple-dfb685f2580403cc28aeae7428d52f3655d3436b.zip