From adcbd17ebeedaf6fa8106c8835ebf43667170878 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Wed, 22 Sep 2021 07:11:32 +0200
Subject: WireGuardApp: do not delete unverifying profiles ever

The Keychain code is much too fragile, and it's better to err on the
safe side. Instead just log an error when this happens.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 Sources/WireGuardApp/Tunnel/TunnelsManager.swift | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/Sources/WireGuardApp/Tunnel/TunnelsManager.swift b/Sources/WireGuardApp/Tunnel/TunnelsManager.swift
index 83c48c9..152d26e 100644
--- a/Sources/WireGuardApp/Tunnel/TunnelsManager.swift
+++ b/Sources/WireGuardApp/Tunnel/TunnelsManager.swift
@@ -56,21 +56,19 @@ class TunnelsManager {
                     tunnelManager.saveToPreferences { _ in }
                 }
                 #if os(iOS)
-                let passwordRef = proto.verifyConfigurationReference() ? proto.passwordReference : nil
+                let verify = true
                 #elseif os(macOS)
-                let passwordRef: Data?
-                if proto.providerConfiguration?["UID"] as? uid_t == getuid() {
-                    passwordRef = proto.verifyConfigurationReference() ? proto.passwordReference : nil
-                } else {
-                    passwordRef = proto.passwordReference // To handle multiple users in macOS, we skip verifying
-                }
+                let verify = proto.providerConfiguration?["UID"] as? uid_t == getuid()
                 #else
                 #error("Unimplemented")
                 #endif
-                if let ref = passwordRef {
+                if verify && !proto.verifyConfigurationReference() {
+                    wg_log(.error, message: "Unable to verify keychain entry of tunnel: \(tunnelManager.localizedDescription ?? "<unknown>")")
+                }
+                if let ref = proto.passwordReference {
                     refs.insert(ref)
                 } else {
-                    wg_log(.info, message: "Removing orphaned tunnel with non-verifying keychain entry: \(tunnelManager.localizedDescription ?? "<unknown>")")
+                    wg_log(.error, message: "Removing orphaned tunnel with missing keychain entry: \(tunnelManager.localizedDescription ?? "<unknown>")")
                     tunnelManager.removeFromPreferences { _ in }
                     tunnelManagers.remove(at: index)
                 }
-- 
cgit v1.2.3-59-g8ed1b