Notify when openconnect exits

rrva · Mar 20, 2022 · 5cb7d23 · 5cb7d23
1 parent fe43487
commit 5cb7d23
Show file tree

Hide file tree

Showing 16 changed files with 101 additions and 27 deletions.
diff --git a/OpenConnectUI2.xcodeproj/project.pbxproj b/OpenConnectUI2.xcodeproj/project.pbxproj
@@ -31,6 +31,8 @@
 		17B30B4927C714F800E8818E /* regexp.swift in Sources */ = {isa = PBXBuildFile; fileRef = 17B30B4827C714F800E8818E /* regexp.swift */; };
 		17B30B4B27C7161100E8818E /* stopOpenConnect.swift in Sources */ = {isa = PBXBuildFile; fileRef = 17B30B4A27C7161100E8818E /* stopOpenConnect.swift */; };
 		17BD60E9279A2D5000C2E4D0 /* se.rrva.OpenConnectUI2.ToolX in Embed Privileged Helper */ = {isa = PBXBuildFile; fileRef = 177882B2278A384800135919 /* se.rrva.OpenConnectUI2.ToolX */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; };
+		17C2BEDD27E77E75007D0916 /* openConnectPid.swift in Sources */ = {isa = PBXBuildFile; fileRef = 17C2BEDC27E77E75007D0916 /* openConnectPid.swift */; };
+		17C2BEDF27E7A970007D0916 /* noteExit.swift in Sources */ = {isa = PBXBuildFile; fileRef = 17C2BEDE27E7A970007D0916 /* noteExit.swift */; };
 		17C337A027A5DC09005A497D /* AboutView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 17C3379F27A5DC09005A497D /* AboutView.swift */; };
 		17C337A227A5E344005A497D /* Updater.swift in Sources */ = {isa = PBXBuildFile; fileRef = 17C337A127A5E344005A497D /* Updater.swift */; };
 		17CDB73627C943DC00147E76 /* Info.plist in Resources */ = {isa = PBXBuildFile; fileRef = 17BD60E3279A17B000C2E4D0 /* Info.plist */; };
@@ -96,6 +98,8 @@
 		17B30B4A27C7161100E8818E /* stopOpenConnect.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = stopOpenConnect.swift; sourceTree = "<group>"; };
 		17BD60E3279A17B000C2E4D0 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		17BD60E4279A188800C2E4D0 /* ToolX-Launchd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "ToolX-Launchd.plist"; sourceTree = "<group>"; };
+		17C2BEDC27E77E75007D0916 /* openConnectPid.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = openConnectPid.swift; sourceTree = "<group>"; };
+		17C2BEDE27E7A970007D0916 /* noteExit.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = noteExit.swift; sourceTree = "<group>"; };
 		17C3379F27A5DC09005A497D /* AboutView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AboutView.swift; sourceTree = "<group>"; };
 		17C337A127A5E344005A497D /* Updater.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Updater.swift; sourceTree = "<group>"; };
 		17D749E3278A2A29004D43CF /* OpenConnectUI2.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = OpenConnectUI2.app; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -148,6 +152,7 @@
 				17B30B4627C714AD00E8818E /* safeShell.swift */,
 				17B30B4827C714F800E8818E /* regexp.swift */,
 				17B30B4A27C7161100E8818E /* stopOpenConnect.swift */,
+				17C2BEDC27E77E75007D0916 /* openConnectPid.swift */,
 			);
 			path = ToolX;
 			sourceTree = "<group>";
@@ -193,6 +198,7 @@
 				17B30B2F27C709A600E8818E /* WindowController.swift */,
 				17B30B3127C70ABA00E8818E /* animateStatusbar.swift */,
 				17B30B3327C70B2D00E8818E /* adUsername.swift */,
+				17C2BEDE27E7A970007D0916 /* noteExit.swift */,
 			);
 			path = OpenConnectUI2;
 			sourceTree = "<group>";
@@ -309,7 +315,7 @@
 		176CF4E4279C8EDF00604C6C /* Increment Build Number */ = {
 			isa = PBXShellScriptBuildPhase;
 			alwaysOutOfDate = 1;
-			buildActionMask = 8;
+			buildActionMask = 12;
 			files = (
 			);
 			inputFileListPaths = (
@@ -321,7 +327,7 @@
 			);
 			outputPaths = (
 			);
-			runOnlyForDeploymentPostprocessing = 1;
+			runOnlyForDeploymentPostprocessing = 0;
 			shellPath = /bin/bash;
 			shellScript = "agvtool next-version -all ; xcrun agvtool new-marketing-version \\\"1.$(agvtool what-version | sed -n 2p |tr -d ' ')\\\"\n";
 		};
@@ -335,6 +341,7 @@
 				17B30B4327C7122200E8818E /* performUpgrade.swift in Sources */,
 				177882B5278A384800135919 /* main.swift in Sources */,
 				176CF4D1279C38E800604C6C /* CodeSignChecker.swift in Sources */,
+				17C2BEDD27E77E75007D0916 /* openConnectPid.swift in Sources */,
 				17B30B4127C711C000E8818E /* locateOpenConnect.swift in Sources */,
 				17B30B4B27C7161100E8818E /* stopOpenConnect.swift in Sources */,
 				17B30B3B27C70FDA00E8818E /* connectionIsValid.swift in Sources */,
@@ -365,6 +372,7 @@
 				17D749F8278A2B35004D43CF /* LogView.swift in Sources */,
 				171023C927C813D800EAC415 /* LicenseView.swift in Sources */,
 				17B30B3627C70EE100E8818E /* ToolXProtocol.swift in Sources */,
+				17C2BEDF27E7A970007D0916 /* noteExit.swift in Sources */,
 				176CF4EA279D79B400604C6C /* LineReader.swift in Sources */,
 				17D749F6278A2AD9004D43CF /* main.swift in Sources */,
 				17C337A227A5E344005A497D /* Updater.swift in Sources */,
@@ -392,7 +400,7 @@
 				CODE_SIGN_INJECT_BASE_ENTITLEMENTS = NO;
 				CODE_SIGN_STYLE = Automatic;
 				CREATE_INFOPLIST_SECTION_IN_BINARY = YES;
-				CURRENT_PROJECT_VERSION = 642;
+				CURRENT_PROJECT_VERSION = 654;
 				DEVELOPMENT_TEAM = 3563RJWBQP;
 				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = "ToolX/Info-Debug.plist";
@@ -425,7 +433,7 @@
 				CODE_SIGN_INJECT_BASE_ENTITLEMENTS = NO;
 				CODE_SIGN_STYLE = Automatic;
 				CREATE_INFOPLIST_SECTION_IN_BINARY = YES;
-				CURRENT_PROJECT_VERSION = 642;
+				CURRENT_PROJECT_VERSION = 654;
 				DEVELOPMENT_TEAM = 3563RJWBQP;
 				ENABLE_HARDENED_RUNTIME = YES;
 				INFOPLIST_FILE = ToolX/Info.plist;
@@ -574,7 +582,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 642;
+				CURRENT_PROJECT_VERSION = 654;
 				DEVELOPMENT_TEAM = 3563RJWBQP;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -607,7 +615,7 @@
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 642;
+				CURRENT_PROJECT_VERSION = 654;
 				DEVELOPMENT_TEAM = 3563RJWBQP;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;

diff --git a/OpenConnectUI2/Info-Debug.plist b/OpenConnectUI2/Info-Debug.plist
@@ -3,9 +3,9 @@
 <plist version="1.0">
 <dict>
 	<key>CFBundleShortVersionString</key>
-	<string>"1.642"</string>
+	<string>"1.654"</string>
 	<key>CFBundleVersion</key>
-	<string>642</string>
+	<string>654</string>
 	<key>LSUIElement</key>
 	<true/>
 	<key>SMPrivilegedExecutables</key>

diff --git a/OpenConnectUI2/Info.plist b/OpenConnectUI2/Info.plist
@@ -3,9 +3,9 @@
 <plist version="1.0">
 <dict>
 	<key>CFBundleShortVersionString</key>
-	<string>"1.642"</string>
+	<string>"1.654"</string>
 	<key>CFBundleVersion</key>
-	<string>642</string>
+	<string>654</string>
 	<key>LSUIElement</key>
 	<true/>
 	<key>SMPrivilegedExecutables</key>

diff --git a/OpenConnectUI2/PrefsView.swift b/OpenConnectUI2/PrefsView.swift
@@ -57,9 +57,9 @@ class UserSettings: ObservableObject {
     didSet {
       let result = addOrUpdatePassword("openconnect", account: username, password: password)
       if result == false {
-        print("Failed adding or updating password")
+        logger.log("Failed adding or updating password")
       } else {
-        print("Password updated")
+        logger.log("Password updated")
       }
     }
   }

diff --git a/OpenConnectUI2/ToolXClient.swift b/OpenConnectUI2/ToolXClient.swift
@@ -106,18 +106,26 @@ func startOpenConnect(
     guard let reader = LineReader(fileHandle: response) else {
       return
     }
+
     reader.forEach { line in
       logger.log(
         maskPassword(line.trimmingCharacters(in: .whitespacesAndNewlines), password: password))
       if line.starts(with: "openconnect not found") {
-        reply(false)
-      }
-      if line.starts(with: "Established") {
+          reply(false)
+        }
+        if line.starts(with: "Established") {
+          service()?.openConnectPid { pid in
+            logger.log("PID \(pid)")
+          noteExit(pid: pid, withReply: reply)
+        }
         reply(true)
       }
       if line.starts(with: "Reconnect failed") {
         reply(false)
       }
+      if line.starts(with: "Session terminated by server; exiting.") {
+        reply(false)
+      }
       if line.contains("fgets (stdin): Resource temporarily unavailable") {
         logger.log("Perhaps you entered the wrong password or your password expired?")
         reply(false)

diff --git a/OpenConnectUI2/ToolXProtocol.swift b/OpenConnectUI2/ToolXProtocol.swift
@@ -14,6 +14,7 @@ public protocol ToolXProtocol {
     internalIp4Address: String, withReply reply: @escaping (String) -> Void)
   func version(withReply reply: @escaping (String) -> Void)
   func die()
+  func openConnectPid(withReply reply: @escaping (pid_t) -> Void)
   @available(macOS 10.15.4, *)
   func upgrade(
     download: FileHandle,

diff --git a/OpenConnectUI2/Updater.swift b/OpenConnectUI2/Updater.swift
@@ -36,7 +36,7 @@ func newVersionAvailable(logs: Logs, _ block: @escaping (PublishedVersion) -> Vo
           return
         }
         let latestVersion = Int(publishedVersion.latest) ?? 0
-        if latestVersion > runningVersion {
+        if latestVersion > runningVersion || true {
           logs.log("Latest version: \(latestVersion)")
           logs.log("Running version: \(runningVersion)")
           block(publishedVersion)

diff --git a/OpenConnectUI2/UpgradeView.swift b/OpenConnectUI2/UpgradeView.swift
@@ -15,6 +15,7 @@ struct UpgradeView: View {
 
   var body: some View {
     VStack {
+      Text("OpenConnect updater").padding()
       Text(upgrade.message).padding()
       ProgressView(upgrade.action, value: upgrade.progress, total: 100)
       if upgrade.isRestartButtonVisible {

diff --git a/OpenConnectUI2/installHelper.swift b/OpenConnectUI2/installHelper.swift
@@ -7,7 +7,7 @@ func installHelper(authorized: DispatchSemaphore, installed: DispatchSemaphore)
   var authStatus = AuthorizationCreate(nil, nil, [.preAuthorize], &authRef)
 
   guard authStatus == errAuthorizationSuccess else {
-    print("Unable to get a valid empty authorization reference to load Helper daemon")
+    logger.log("Unable to get a valid empty authorization reference to load Helper daemon")
     return
   }
 
@@ -31,7 +31,7 @@ func installHelper(authorized: DispatchSemaphore, installed: DispatchSemaphore)
   authorized.signal()
 
   guard authStatus == errAuthorizationSuccess else {
-    print("Unable to get a valid loading authorization reference to load Helper daemon")
+    logger.log("Unable to get a valid loading authorization reference to load Helper daemon")
     return
   }
 
@@ -40,7 +40,7 @@ func installHelper(authorized: DispatchSemaphore, installed: DispatchSemaphore)
     kSMDomainSystemLaunchd, "se.rrva.OpenConnectUI2.ToolX" as CFString, authRef, &error)
   if installResult == false {
     let blessError = error!.takeRetainedValue() as Error
-    NSLog("Error while installing the Helper: \(blessError.localizedDescription)")
+    logger.log("Error while installing the Helper: \(blessError.localizedDescription)")
     installed.signal()
     return
   }

diff --git a/OpenConnectUI2/noteExit.swift b/OpenConnectUI2/noteExit.swift
@@ -0,0 +1,36 @@
+import Foundation
+
+func noteExit(pid: pid_t, withReply reply: @escaping (Bool) -> Void) {
+  let procKqueue = kqueue()
+  if procKqueue == -1 {
+    logger.log("Error creating kqueue")
+  }
+
+  var changes = kevent(
+    ident: UInt(pid),
+    filter: Int16(EVFILT_PROC),
+    flags: UInt16(EV_ADD | EV_RECEIPT),
+    fflags: NOTE_EXIT,
+    data: 0,
+    udata: nil
+  )
+  kevent(procKqueue, &changes, 1, nil, 0, nil)
+
+
+  DispatchQueue.global(qos: .default).async {
+    while true {
+      var event = kevent()
+      let status = kevent(procKqueue, nil, 0, &event, 1, nil)
+      if status == 0 {
+        logger.log("Timeout")
+      } else if status > 0 {
+        logger.log("OpenConnect exited")
+        reply(false)
+        break
+      } else {
+        logger.log("Error reading kevent")
+        close(procKqueue)
+      }
+    }
+  }
+}
diff --git a/ToolX/Info-Debug.plist b/ToolX/Info-Debug.plist
@@ -11,8 +11,8 @@
 		<string>identifier &quot;se.rrva.OpenConnectUI2&quot; and anchor apple generic and certificate leaf[subject.CN] = &quot;Apple Development: [email protected] (U34QC433V8)&quot; and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */</string>
 	</array>
 	<key>CFBundleVersion</key>
-	<string>642</string>
+	<string>654</string>
 	<key>CFBundleShortVersionString</key>
-	<string>"1.642"</string>
+	<string>"1.654"</string>
 </dict>
 </plist>
diff --git a/ToolX/Info.plist b/ToolX/Info.plist
@@ -7,9 +7,9 @@
 	<key>CFBundleName</key>
 	<string>ToolX</string>
 	<key>CFBundleShortVersionString</key>
-	<string>"1.642"</string>
+	<string>"1.654"</string>
 	<key>CFBundleVersion</key>
-	<string>642</string>
+	<string>654</string>
 	<key>SMAuthorizedClients</key>
 	<array>
 		<string>anchor apple generic and identifier &quot;se.rrva.OpenConnectUI2&quot; and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = &quot;3563RJWBQP&quot;)</string>

diff --git a/ToolX/ToolXProtocol.swift b/ToolX/ToolXProtocol.swift
@@ -1,8 +1,11 @@
 import Foundation
 
-@objc public protocol ToolXProtocol {
+@objc
+public protocol ToolXProtocol {
   func startOpenConnect(
-    localUser: String, username: String, password: String,
+    localUser: String,
+    username: String,
+    password: String,
     vpnHost: String,
     withReply reply: @escaping (FileHandle) -> Void)
   func stopOpenConnect(withReply reply: @escaping (String) -> Void)
@@ -11,9 +14,13 @@ import Foundation
     internalIp4Address: String, withReply reply: @escaping (String) -> Void)
   func version(withReply reply: @escaping (String) -> Void)
   func die()
+  func openConnectPid(withReply reply: @escaping (pid_t) -> Void)
   @available(macOS 10.15.4, *)
   func upgrade(
-    download: FileHandle, downloadSize: Int, appLocation: URL, pid: Int32,
+    download: FileHandle,
+    downloadSize: Int,
+    appLocation: URL,
+    pid: Int32,
     user: UInt32,
     withReply reply: @escaping (FileHandle) -> Void)
 }
diff --git a/ToolX/ToolXService.swift b/ToolX/ToolXService.swift
@@ -2,6 +2,9 @@ import AppKit
 import Foundation
 
 class ToolXService: NSObject, ToolXProtocol {
+  func openConnectPid(withReply reply: @escaping (pid_t) -> Void) {
+    reply(findOpenConnectPid())
+  }
 
   @available(macOS 10.15.4, *)
   func upgrade(

diff --git a/ToolX/openConnectPid.swift b/ToolX/openConnectPid.swift
@@ -0,0 +1,10 @@
+import Foundation
+
+func findOpenConnectPid() -> pid_t {
+  let fileContent = try? String(contentsOf: URL(fileURLWithPath: "/var/run/openconnect.pid"))
+  if let content = fileContent {
+    let pid = pid_t(content.trimmingCharacters(in: .whitespacesAndNewlines)) ?? 0
+    return pid
+  }
+  return 0
+}
diff --git a/ToolX/startOpenConnect.swift b/ToolX/startOpenConnect.swift
@@ -65,7 +65,7 @@ func doStartOpenConnect(
     return
   }
   let command = """
-    echo $OPENCONNECT_PASSWORD | \(String(describing: openConnect)) -b -s "\(programPath) vpnc" --setuid=\(localUser) --user=$AD_USERNAME \(vpnHost)
+    echo $OPENCONNECT_PASSWORD | \(String(describing: openConnect)) -b  --pid-file /var/run/openconnect.pid -s "\(programPath) vpnc" --setuid=\(localUser) --user=$AD_USERNAME \(vpnHost)
     """
 
   do {