diff options
author | pacien | 2020-01-20 19:18:12 +0100 |
---|---|---|
committer | pacien | 2020-01-20 19:18:12 +0100 |
commit | b04d9581adb3e3176586f31ffdba123125546201 (patch) | |
tree | 468776749a6596b299d7075ab998117a06c58813 /app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt | |
parent | 883b5abc7b2a770146683e7e27bf275bd4064511 (diff) | |
download | tincapp-b04d9581adb3e3176586f31ffdba123125546201.tar.gz |
use private temp files to pass decrypted private keys
Android 10 (API 29) doesn't allow us to pass them by sharing file
descriptors anymore, making the use of temp files mandatory.
GitHub: https://github.com/pacien/tincapp/issues/92
Diffstat (limited to 'app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt')
-rw-r--r-- | app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt b/app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt index 48cb1df..c688742 100644 --- a/app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt +++ b/app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt | |||
@@ -102,12 +102,17 @@ class TincVpnService : VpnService() { | |||
102 | log.info("Starting tinc daemon for network \"$netName\".") | 102 | log.info("Starting tinc daemon for network \"$netName\".") |
103 | if (isConnected() || getCurrentNetName() != null) stopVpn().join() | 103 | if (isConnected() || getCurrentNetName() != null) stopVpn().join() |
104 | 104 | ||
105 | // FIXME: pass decrypted private keys via temp file | ||
106 | val privateKeys = try { | 105 | val privateKeys = try { |
107 | TincConfiguration.fromTincConfiguration(AppPaths.existing(AppPaths.tincConfFile(netName))).let { tincCfg -> | 106 | TincConfiguration.fromTincConfiguration(AppPaths.existing(AppPaths.tincConfFile(netName))).let { tincCfg -> |
108 | Pair( | 107 | Pair( |
109 | TincKeyring.openPrivateKey(tincCfg.ed25519PrivateKeyFile ?: AppPaths.defaultEd25519PrivateKeyFile(netName), passphrase), | 108 | TincKeyring.unlockKey( |
110 | TincKeyring.openPrivateKey(tincCfg.privateKeyFile ?: AppPaths.defaultRsaPrivateKeyFile(netName), passphrase)) | 109 | AppPaths.NET_DEFAULT_ED25519_PRIVATE_KEY_FILE, |
110 | tincCfg.ed25519PrivateKeyFile ?: AppPaths.defaultEd25519PrivateKeyFile(netName), | ||
111 | passphrase), | ||
112 | TincKeyring.unlockKey( | ||
113 | AppPaths.NET_DEFAULT_RSA_PRIVATE_KEY_FILE, | ||
114 | tincCfg.privateKeyFile ?: AppPaths.defaultRsaPrivateKeyFile(netName), | ||
115 | passphrase)) | ||
111 | } | 116 | } |
112 | } catch (e: FileNotFoundException) { | 117 | } catch (e: FileNotFoundException) { |
113 | Pair(null, null) | 118 | Pair(null, null) |
@@ -143,15 +148,12 @@ class TincVpnService : VpnService() { | |||
143 | val serverSocket = LocalServerSocket(DEVICE_FD_ABSTRACT_SOCKET) | 148 | val serverSocket = LocalServerSocket(DEVICE_FD_ABSTRACT_SOCKET) |
144 | Executor.runAsyncTask { serveDeviceFd(serverSocket, deviceFd) } | 149 | Executor.runAsyncTask { serveDeviceFd(serverSocket, deviceFd) } |
145 | 150 | ||
146 | // FIXME: pass decrypted private keys via temp file | 151 | val daemon = Tincd.start(netName, DEVICE_FD_ABSTRACT_SOCKET, privateKeys.first, privateKeys.second) |
147 | val daemon = Tincd.start(netName, DEVICE_FD_ABSTRACT_SOCKET, null, null) | ||
148 | setState(netName, passphrase, interfaceCfg, deviceFd, daemon) | 152 | setState(netName, passphrase, interfaceCfg, deviceFd, daemon) |
149 | 153 | ||
150 | waitForDaemonStartup().whenComplete { _, exception -> | 154 | waitForDaemonStartup().whenComplete { _, exception -> |
151 | serverSocket.close() | 155 | serverSocket.close() |
152 | deviceFd.close() | 156 | deviceFd.close() |
153 | privateKeys.first?.close() | ||
154 | privateKeys.second?.close() | ||
155 | 157 | ||
156 | if (exception != null) { | 158 | if (exception != null) { |
157 | reportError(resources.getString(R.string.notification_error_message_daemon_exited, exception.cause!!.defaultMessage()), exception) | 159 | reportError(resources.getString(R.string.notification_error_message_daemon_exited, exception.cause!!.defaultMessage()), exception) |