From 2d62756f52f653135ca27602fcc84a1abf4c9376 Mon Sep 17 00:00:00 2001 From: Apple Date: Mon, 19 Apr 2021 23:55:01 +0000 Subject: [PATCH] configd-1109.101.1.tar.gz --- Plugins/IPMonitor/controller.m | 116 ++++++++++++++--- Plugins/IPMonitor/ip_plugin.c | 40 ++++-- .../SCNetworkConfigurationInternal.c | 6 +- .../SCNetworkInterface.c | 6 +- SystemConfiguration.fproj/SCNetworkSet.c | 10 +- SystemConfiguration.fproj/SCP.c | 7 +- SystemConfiguration.fproj/SCProxies.c | 117 +++++++++++++----- .../SCSchemaDefinitions.c | 6 + .../SCSchemaDefinitionsPrivate.h | 53 +++++++- SystemConfiguration.fproj/genSCPreferences.c | 20 ++- scutil.tproj/net_protocol.c | 97 +++++++++++++-- 11 files changed, 396 insertions(+), 82 deletions(-) diff --git a/Plugins/IPMonitor/controller.m b/Plugins/IPMonitor/controller.m index b7b7c5d..6d1bd53 100644 --- a/Plugins/IPMonitor/controller.m +++ b/Plugins/IPMonitor/controller.m @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017 Apple Inc. All rights reserved. + * Copyright (c) 2015-2017, 2020 Apple Inc. All rights reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -56,6 +56,7 @@ typedef struct resolverList { @interface AgentController() @property (nonatomic) NSMutableDictionary * floatingProxyAgentList; +@property (nonatomic) NSMutableDictionary * floatingProxyAgentList_TCPConverter; @property (nonatomic) NSMutableDictionary * floatingDNSAgentList; @property (nonatomic) NSMutableDictionary * policyDB; @property (nonatomic) NEPolicySession * policySession; @@ -125,6 +126,14 @@ typedef struct resolverList { } } + if (self.floatingProxyAgentList_TCPConverter == nil) { + self.floatingProxyAgentList_TCPConverter = [NSMutableDictionary dictionary]; + if (self.floatingProxyAgentList_TCPConverter == nil) { + errorMessage = "Failed to create a dictionary"; + break; + } + } + /* A dictionary of all floating dns agents * Key : (can be an interface name or domain name) * Value : agent object @@ -183,6 +192,7 @@ typedef struct resolverList { /* Make sure that we have all our data structures in place */ return ((self.policySession != nil) && (self.floatingProxyAgentList != nil) && + (self.floatingProxyAgentList_TCPConverter != nil) && (self.floatingDNSAgentList != nil) && (self.policyDB != nil) && (self.controllerQueue != nil)); @@ -259,22 +269,31 @@ typedef struct resolverList { - (int)countProxyEntriesEnabled:(CFDictionaryRef)proxies { - int enabled = 0; + const CFStringRef enableKeys[] = { + kSCPropNetProxiesHTTPEnable, + kSCPropNetProxiesHTTPSEnable, + kSCPropNetProxiesProxyAutoConfigEnable, + kSCPropNetProxiesFTPEnable, + kSCPropNetProxiesGopherEnable, + kSCPropNetProxiesRTSPEnable, + kSCPropNetProxiesSOCKSEnable, + kSCPropNetProxiesTransportConverterEnable, + kSCPropNetProxiesProxyAutoDiscoveryEnable, + }; if (proxies == NULL) { - SC_log(LOG_NOTICE, "Invalid proxies"); + SC_log(LOG_NOTICE, "No proxies"); return 0; } - if (([self getIntValue:CFDictionaryGetValue(proxies, kSCPropNetProxiesHTTPEnable) valuePtr:&enabled] && enabled > 0) || - ([self getIntValue:CFDictionaryGetValue(proxies, kSCPropNetProxiesHTTPSEnable) valuePtr:&enabled] && enabled > 0) || - ([self getIntValue:CFDictionaryGetValue(proxies, kSCPropNetProxiesProxyAutoConfigEnable) valuePtr:&enabled] && enabled > 0) || - ([self getIntValue:CFDictionaryGetValue(proxies, kSCPropNetProxiesFTPEnable) valuePtr:&enabled] && enabled > 0) || - ([self getIntValue:CFDictionaryGetValue(proxies, kSCPropNetProxiesGopherEnable) valuePtr:&enabled] && enabled > 0) || - ([self getIntValue:CFDictionaryGetValue(proxies, kSCPropNetProxiesRTSPEnable) valuePtr:&enabled] && enabled > 0) || - ([self getIntValue:CFDictionaryGetValue(proxies, kSCPropNetProxiesSOCKSEnable) valuePtr:&enabled] && enabled > 0) || - ([self getIntValue:CFDictionaryGetValue(proxies, kSCPropNetProxiesProxyAutoDiscoveryEnable) valuePtr:&enabled] && enabled > 0)) { - return enabled; + for (size_t i = 0; i < (sizeof(enableKeys) / sizeof(enableKeys[0])); i++) { + int enabled = 0; + + if ([self getIntValue:CFDictionaryGetValue(proxies, enableKeys[i]) + valuePtr:&enabled] && + (enabled > 0)) { + return enabled; + } } return 0; @@ -648,6 +667,43 @@ typedef struct resolverList { return NO; } +- (BOOL)isTCPConverterProxyEnabled:(CFDictionaryRef)proxies +{ + int enabled = 0; + CFNumberRef num = NULL; + + if (CFDictionaryGetValueIfPresent(proxies, + kSCPropNetProxiesTransportConverterEnable, + (const void **)&num) && + isA_CFNumber(num) && + CFNumberGetValue(num, kCFNumberIntType, &enabled) && + (enabled != 0)) { + return YES; + } + + return NO; +} + +#define ALLOW_AGGREGATE "net.inet.mptcp.allow_aggregate" + +static void +updateTransportConverterProxyEnabled(BOOL enabled) +{ + int ret; + int val = enabled ? 1 : 0; + + ret = sysctlbyname(ALLOW_AGGREGATE, NULL, 0, &val, sizeof(val)); + if (ret != -1) { + SC_log(LOG_NOTICE, "Transport Converter Proxy: sysctl " ALLOW_AGGREGATE "=%d", val); + } else { + if (errno != ENOENT) { + SC_log(LOG_ERR, "sysctlbyname(" ALLOW_AGGREGATE ") failed: %s", strerror(errno)); + } + } + + return; +} + - (void)processDefaultProxyChanges:(CFDictionaryRef)proxies { CFArrayRef global_proxy; @@ -684,6 +740,8 @@ typedef struct resolverList { } if (spawnAgent) { + BOOL ok; + AgentSubType subtype = kAgentSubTypeDefault; NEPolicyConditionType conditionType = NEPolicyConditionTypeNone; if ([self isGlobalProxy:proxies_copy]) { @@ -692,11 +750,22 @@ typedef struct resolverList { subtype = kAgentSubTypeGlobal; } - [self spawnFloatingAgent:[ProxyAgent class] - entity:@proxyAgentDefault - agentSubType:subtype - addPolicyOfType:conditionType - publishData:data]; + ok = [self spawnFloatingAgent:[ProxyAgent class] + entity:@proxyAgentDefault + agentSubType:subtype + addPolicyOfType:conditionType + publishData:data]; + if (ok && + (subtype == kAgentSubTypeGlobal) && + [self isTCPConverterProxyEnabled:proxies_copy]) { + proxyAgent = [self.floatingProxyAgentList objectForKey:@proxyAgentDefault]; + if ((proxyAgent != nil) && + [data isEqual:[proxyAgent getAgentData]]) { + [self.floatingProxyAgentList_TCPConverter setObject:proxyAgent + forKey:@proxyAgentDefault]; + updateTransportConverterProxyEnabled(TRUE); // enable "net.inet.mptcp.allow_aggregate" + } + } } } else { /* No default proxy config OR generic (no protocols enabled) default proxy config. @@ -2043,6 +2112,7 @@ done: BOOL ok = NO; if ( agent != nil) { + NSString * entity = [agent getAssociatedEntity]; NSMutableArray * policyArray; policyArray = [self.policyDB objectForKey:[agent getAgentName]]; @@ -2063,8 +2133,15 @@ done: [self.policyDB removeObjectForKey:[agent getAgentName]]; } + SC_log(LOG_INFO, "Destroying floating agent for %@", entity); + if ([agent getAgentType] == kAgentTypeProxy) { - [self.floatingProxyAgentList removeObjectForKey:[agent getAssociatedEntity]]; + [self.floatingProxyAgentList removeObjectForKey:entity]; + + [self.floatingProxyAgentList_TCPConverter removeObjectForKey:entity]; + if ([self.floatingProxyAgentList_TCPConverter count] == 0) { + updateTransportConverterProxyEnabled(FALSE); // disable "net.inet.mptcp.allow_aggregate" + } } else { [self.floatingDNSAgentList removeObjectForKey:[agent getAssociatedEntity]]; } @@ -2073,8 +2150,6 @@ done: [self unregisterAgent:agent]; } - SC_log(LOG_INFO, "X - Destroyed agent %@", [agent getAgentName]); - /* Check if we need to close the "control" policy session */ if (self.controlPolicySession != nil) { NSMutableArray *globalProxyAgentList; @@ -2091,6 +2166,7 @@ done: self.controlPolicySession = nil; SC_log(LOG_NOTICE, "Closed control policy session"); + } } diff --git a/Plugins/IPMonitor/ip_plugin.c b/Plugins/IPMonitor/ip_plugin.c index 3eb06e5..259fd77 100644 --- a/Plugins/IPMonitor/ip_plugin.c +++ b/Plugins/IPMonitor/ip_plugin.c @@ -5173,18 +5173,42 @@ get_proxies_changes(CFStringRef serviceID, CFDictionaryRef state_dict, CFStringRef key2; CFStringRef key3; } pick_list[] = { - { kSCPropNetProxiesFTPEnable, kSCPropNetProxiesFTPProxy, kSCPropNetProxiesFTPPort }, - { kSCPropNetProxiesGopherEnable, kSCPropNetProxiesGopherProxy, kSCPropNetProxiesGopherPort }, - { kSCPropNetProxiesHTTPEnable, kSCPropNetProxiesHTTPProxy, kSCPropNetProxiesHTTPPort }, - { kSCPropNetProxiesHTTPSEnable, kSCPropNetProxiesHTTPSProxy, kSCPropNetProxiesHTTPSPort }, - { kSCPropNetProxiesRTSPEnable, kSCPropNetProxiesRTSPProxy, kSCPropNetProxiesRTSPPort }, - { kSCPropNetProxiesSOCKSEnable, kSCPropNetProxiesSOCKSProxy, kSCPropNetProxiesSOCKSPort }, + { kSCPropNetProxiesFTPEnable, + kSCPropNetProxiesFTPProxy, + kSCPropNetProxiesFTPPort + }, + { kSCPropNetProxiesGopherEnable, + kSCPropNetProxiesGopherProxy, + kSCPropNetProxiesGopherPort + }, + { kSCPropNetProxiesHTTPEnable, + kSCPropNetProxiesHTTPProxy, + kSCPropNetProxiesHTTPPort + }, + { kSCPropNetProxiesHTTPSEnable, + kSCPropNetProxiesHTTPSProxy, + kSCPropNetProxiesHTTPSPort + }, + { kSCPropNetProxiesRTSPEnable, + kSCPropNetProxiesRTSPProxy, + kSCPropNetProxiesRTSPPort + }, + { kSCPropNetProxiesSOCKSEnable, + kSCPropNetProxiesSOCKSProxy, + kSCPropNetProxiesSOCKSPort + }, + { kSCPropNetProxiesTransportConverterEnable, + kSCPropNetProxiesTransportConverterProxy, + kSCPropNetProxiesTransportConverterPort + }, { kSCPropNetProxiesProxyAutoConfigEnable, kSCPropNetProxiesProxyAutoConfigURLString, - kSCPropNetProxiesProxyAutoConfigJavaScript, }, + kSCPropNetProxiesProxyAutoConfigJavaScript + }, { kSCPropNetProxiesProxyAutoDiscoveryEnable, NULL, - NULL, } + NULL + } }; if ((state_dict == NULL) && (setup_dict == NULL)) { diff --git a/SystemConfiguration.fproj/SCNetworkConfigurationInternal.c b/SystemConfiguration.fproj/SCNetworkConfigurationInternal.c index bd4da05..f22ed1e 100644 --- a/SystemConfiguration.fproj/SCNetworkConfigurationInternal.c +++ b/SystemConfiguration.fproj/SCNetworkConfigurationInternal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2007, 2009, 2010-2013, 2015-2020 Apple Inc. All rights reserved. + * Copyright (c) 2004-2007, 2009, 2010-2013, 2015-2021 Apple Inc. All rights reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -183,7 +183,7 @@ logConfiguration_preferences(int level, const char *description, SCPreferencesRe SC_log(level, " Service %2ld : %@, %2d (%@%s%@%s%@)", orderIndex + 1, serviceID, - __SCNetworkInterfaceOrder(SCNetworkServiceGetInterface(service)), // temp? + __SCNetworkInterfaceOrder(interface), // temp? serviceName, bsdName != NULL ? ", " : "", bsdName != NULL ? bsdName : CFSTR(""), @@ -192,7 +192,7 @@ logConfiguration_preferences(int level, const char *description, SCPreferencesRe } else { SC_log(level, " Service : %@, %2d (%@%s%@%s%@)", serviceID, - __SCNetworkInterfaceOrder(SCNetworkServiceGetInterface(service)), // temp? + __SCNetworkInterfaceOrder(interface), // temp? serviceName, bsdName != NULL ? ", " : "", bsdName != NULL ? bsdName : CFSTR(""), diff --git a/SystemConfiguration.fproj/SCNetworkInterface.c b/SystemConfiguration.fproj/SCNetworkInterface.c index 59a97f0..6d7d409 100644 --- a/SystemConfiguration.fproj/SCNetworkInterface.c +++ b/SystemConfiguration.fproj/SCNetworkInterface.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2020 Apple Inc. All rights reserved. + * Copyright (c) 2004-2021 Apple Inc. All rights reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -1170,6 +1170,10 @@ __SCNetworkInterfaceOrder(SCNetworkInterfaceRef interface) SCNetworkInterfacePrivateRef interfacePrivate = (SCNetworkInterfacePrivateRef)interface; int order; + if (isA_SCNetworkInterface(interface) == NULL) { + // arbitrarily large number + return INT_MAX; + } order = interfacePrivate->sort_order << 1; if (!interfacePrivate->builtin) { order |= 0x1; // push non-builtin after built-in diff --git a/SystemConfiguration.fproj/SCNetworkSet.c b/SystemConfiguration.fproj/SCNetworkSet.c index 43fca63..86e5d4f 100644 --- a/SystemConfiguration.fproj/SCNetworkSet.c +++ b/SystemConfiguration.fproj/SCNetworkSet.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2020 Apple Inc. All rights reserved. + * Copyright (c) 2004-2021 Apple Inc. All rights reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -868,7 +868,13 @@ SCNetworkSetCopyServices(SCNetworkSetRef set) setPrivate->setID); continue; // if the service is not a link } - + if (SCPreferencesPathGetValue(setPrivate->prefs, link) == NULL) { + SC_log(LOG_INFO, "service \"%@\" for set \"%@\" broken link \"%@\"", + keys[i], + setPrivate->setID, + link); + continue; // the link is broken + } components = CFStringCreateArrayBySeparatingStrings(NULL, link, CFSTR("/")); if (CFArrayGetCount(components) == 3) { CFStringRef serviceID; diff --git a/SystemConfiguration.fproj/SCP.c b/SystemConfiguration.fproj/SCP.c index b220ae6..b93d4d1 100644 --- a/SystemConfiguration.fproj/SCP.c +++ b/SystemConfiguration.fproj/SCP.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2001, 2003-2005, 2007-2009, 2011, 2014-2020 Apple Inc. All rights reserved. + * Copyright (c) 2000, 2001, 2003-2005, 2007-2009, 2011, 2014-2021 Apple Inc. All rights reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -186,6 +186,11 @@ __SCPreferencesUsingDefaultPrefs(SCPreferencesRef prefs) Boolean isDefault = FALSE; SCPreferencesPrivateRef prefsPrivate = (SCPreferencesPrivateRef)prefs; + if (prefs == NULL) { + // if no prefs, assume that we are using the "default" prefs + return TRUE; + } + curPath = prefsPrivate->newPath ? prefsPrivate->newPath : prefsPrivate->path; if (curPath != NULL) { char* defPath; diff --git a/SystemConfiguration.fproj/SCProxies.c b/SystemConfiguration.fproj/SCProxies.c index 043a0fa..53eb323 100644 --- a/SystemConfiguration.fproj/SCProxies.c +++ b/SystemConfiguration.fproj/SCProxies.c @@ -50,16 +50,17 @@ SCDynamicStoreKeyCreateProxies(CFAllocatorRef allocator) static void validate_proxy_content(CFMutableDictionaryRef proxies, - CFStringRef proxy_enable, - CFStringRef proxy_host, - CFStringRef proxy_port, - const char * proxy_service, - int proxy_defaultport) + CFStringRef proxy_enable_key, + CFStringRef proxy_host_key, + CFStringRef proxy_port_key, + const char * proxy_service_name, + int proxy_defaultport, + Boolean multiple_proxies) { int enabled = 0; CFNumberRef num; - num = CFDictionaryGetValue(proxies, proxy_enable); + num = CFDictionaryGetValue(proxies, proxy_enable_key); if (num != NULL) { if (!isA_CFNumber(num) || !CFNumberGetValue(num, kCFNumberIntType, &enabled)) { @@ -67,25 +68,56 @@ validate_proxy_content(CFMutableDictionaryRef proxies, } } - if (proxy_host != NULL) { - CFStringRef host; + if (proxy_host_key != NULL) { + CFTypeRef host_val; - host = CFDictionaryGetValue(proxies, proxy_host); - if ((enabled == 0) && (host != NULL)) { + host_val = CFDictionaryGetValue(proxies, proxy_host_key); + if ((enabled == 0) && (host_val != NULL)) { goto disable; // if not enabled, remove provided key/value } - if ((enabled != 0) && - (!isA_CFString(host) || (CFStringGetLength(host) == 0))) { - goto disable; // if enabled, not provided (or not valid) + if (enabled != 0) { + if (isA_CFString(host_val)) { + CFStringRef host = (CFStringRef)host_val; + + if (multiple_proxies) { + goto disable; // if multiple proxies expected + } + + if (CFStringGetLength(host) == 0) { + goto disable; // if proxy host string not valid + } + } else if (isA_CFArray(host_val)) { + CFArrayRef hosts = (CFArrayRef)host_val; + CFIndex n; + + if (!multiple_proxies) { + goto disable; // if single proxy expected + } + + n = CFArrayGetCount(hosts); + if (n == 0) { + goto disable; // if no hosts provided + } + + for (CFIndex i = 0; i < n; i++) { + CFStringRef host = CFArrayGetValueAtIndex(hosts, i); + + if (!isA_CFString(host) || (CFStringGetLength(host) == 0)) { + goto disable; // if proxy host string not valid + } + } + } else { + goto disable; // not valid + } } } - if (proxy_port != NULL) { + if (proxy_port_key != NULL) { CFNumberRef port; int s_port = 0; - port = CFDictionaryGetValue(proxies, proxy_port); + port = CFDictionaryGetValue(proxies, proxy_port_key); if ((enabled == 0) && (port != NULL)) { goto disable; // if not enabled, remove provided key/value } @@ -105,14 +137,18 @@ validate_proxy_content(CFMutableDictionaryRef proxies, if ((enabled != 0) && (port == NULL)) { struct servent *service; - service = getservbyname(proxy_service, "tcp"); + if (proxy_service_name == NULL) { + goto disable; // no "default" port available + } + + service = getservbyname(proxy_service_name, "tcp"); if (service != NULL) { s_port = ntohs(service->s_port); } else { s_port = proxy_defaultport; } num = CFNumberCreate(NULL, kCFNumberIntType, &s_port); - CFDictionarySetValue(proxies, proxy_port, num); + CFDictionarySetValue(proxies, proxy_port_key, num); CFRelease(num); } } @@ -123,13 +159,13 @@ validate_proxy_content(CFMutableDictionaryRef proxies, enabled = 0; num = CFNumberCreate(NULL, kCFNumberIntType, &enabled); - CFDictionarySetValue(proxies, proxy_enable, num); + CFDictionarySetValue(proxies, proxy_enable_key, num); CFRelease(num); - if (proxy_host != NULL) { - CFDictionaryRemoveValue(proxies, proxy_host); + if (proxy_host_key != NULL) { + CFDictionaryRemoveValue(proxies, proxy_host_key); } - if (proxy_port != NULL) { - CFDictionaryRemoveValue(proxies, proxy_port); + if (proxy_port_key != NULL) { + CFDictionaryRemoveValue(proxies, proxy_port_key); } return; @@ -175,44 +211,58 @@ __SCNetworkProxiesCopyNormalized(CFDictionaryRef proxy) kSCPropNetProxiesFTPProxy, kSCPropNetProxiesFTPPort, "ftp", - 21); + 21, + FALSE); validate_proxy_content(newProxy, kSCPropNetProxiesGopherEnable, kSCPropNetProxiesGopherProxy, kSCPropNetProxiesGopherPort, "gopher", - 70); + 70, + FALSE); validate_proxy_content(newProxy, kSCPropNetProxiesHTTPEnable, kSCPropNetProxiesHTTPProxy, kSCPropNetProxiesHTTPPort, "http", - 80); + 80, + FALSE); validate_proxy_content(newProxy, kSCPropNetProxiesHTTPSEnable, kSCPropNetProxiesHTTPSProxy, kSCPropNetProxiesHTTPSPort, "https", - 443); + 443, + FALSE); validate_proxy_content(newProxy, kSCPropNetProxiesRTSPEnable, kSCPropNetProxiesRTSPProxy, kSCPropNetProxiesRTSPPort, "rtsp", - 554); + 554, + FALSE); validate_proxy_content(newProxy, kSCPropNetProxiesSOCKSEnable, kSCPropNetProxiesSOCKSProxy, kSCPropNetProxiesSOCKSPort, "socks", - 1080); + 1080, + FALSE); + validate_proxy_content(newProxy, + kSCPropNetProxiesTransportConverterEnable, + kSCPropNetProxiesTransportConverterProxy, + kSCPropNetProxiesTransportConverterPort, + NULL, + 0, + TRUE); if (CFDictionaryContainsKey(newProxy, kSCPropNetProxiesProxyAutoConfigURLString)) { validate_proxy_content(newProxy, kSCPropNetProxiesProxyAutoConfigEnable, kSCPropNetProxiesProxyAutoConfigURLString, NULL, NULL, - 0); + 0, + FALSE); // and we can't have both URLString and JavaScript keys CFDictionaryRemoveValue(newProxy, kSCPropNetProxiesProxyAutoConfigJavaScript); @@ -222,21 +272,24 @@ __SCNetworkProxiesCopyNormalized(CFDictionaryRef proxy) kSCPropNetProxiesProxyAutoConfigJavaScript, NULL, NULL, - 0); + 0, + FALSE); } validate_proxy_content(newProxy, kSCPropNetProxiesProxyAutoDiscoveryEnable, NULL, NULL, NULL, - 0); + 0, + FALSE); validate_proxy_content(newProxy, kSCPropNetProxiesFallBackAllowed, NULL, NULL, NULL, - 0); + 0, + FALSE); // validate FTP passive setting num = CFDictionaryGetValue(newProxy, kSCPropNetProxiesFTPPassive); diff --git a/SystemConfiguration.fproj/SCSchemaDefinitions.c b/SystemConfiguration.fproj/SCSchemaDefinitions.c index d6f60d3..b0f9d0f 100644 --- a/SystemConfiguration.fproj/SCSchemaDefinitions.c +++ b/SystemConfiguration.fproj/SCSchemaDefinitions.c @@ -371,6 +371,12 @@ const CFStringRef kSCPropNetProxiesProxyAutoConfigEnable = CFSTR("Prox const CFStringRef kSCPropNetProxiesProxyAutoConfigJavaScript = CFSTR("ProxyAutoConfigJavaScript"); const CFStringRef kSCPropNetProxiesProxyAutoConfigURLString = CFSTR("ProxyAutoConfigURLString"); const CFStringRef kSCPropNetProxiesProxyAutoDiscoveryEnable = CFSTR("ProxyAutoDiscoveryEnable"); +const CFStringRef kSCPropNetProxiesTransportConverterEnable = CFSTR("TransportConverterEnable"); +const CFStringRef kSCPropNetProxiesTransportConverterPort = CFSTR("TransportConverterPort"); +const CFStringRef kSCPropNetProxiesTransportConverterProxy = CFSTR("TransportConverterProxy"); +const CFStringRef kSCPropNetProxiesTransportConverterFallBackAllowed = CFSTR("TransportConverterFallBackAllowed"); +const CFStringRef kSCPropNetProxiesTransportConverterMultipathServiceType = CFSTR("TransportConverterMultipathServiceType"); +const CFStringRef kSCPropNetProxiesTransportConverterTFOMode = CFSTR("TransportConverterTFOMode"); const CFStringRef kSCPropNetProxiesBypassAllowed = CFSTR("BypassAllowed"); const CFStringRef kSCPropNetProxiesFallBackAllowed = CFSTR("FallBackAllowed"); const CFStringRef kSCPropNetProxiesSupplementalMatchDomains = CFSTR("SupplementalMatchDomains"); diff --git a/SystemConfiguration.fproj/SCSchemaDefinitionsPrivate.h b/SystemConfiguration.fproj/SCSchemaDefinitionsPrivate.h index 247f859..c14c6ba 100644 --- a/SystemConfiguration.fproj/SCSchemaDefinitionsPrivate.h +++ b/SystemConfiguration.fproj/SCSchemaDefinitionsPrivate.h @@ -190,6 +190,13 @@ * * kSCEntNetProxies Entity Keys * + * kSCPropNetProxiesTransportConverterEnable "TransportConverterEnable" CFNumber (0 or 1) + * kSCPropNetProxiesTransportConverterPort "TransportConverterPort" CFNumber + * kSCPropNetProxiesTransportConverterProxy "TransportConverterProxy" CFArray[CFString] + * kSCPropNetProxiesTransportConverterFallBackAllowed "TransportConverterFallBackAllowed" CFNumber (0 or 1) + * kSCPropNetProxiesTransportConverterMultipathServiceType "TransportConverterMultipathServiceType" CFNumber + * kSCPropNetProxiesTransportConverterTFOMode "TransportConverterTFOMode" CFNumber + * * kSCPropNetProxiesBypassAllowed "BypassAllowed" CFNumber (0 or 1) * kSCPropNetProxiesFallBackAllowed "FallBackAllowed" CFNumber (0 or 1) * kSCPropNetProxiesSupplementalMatchDomains "SupplementalMatchDomains" CFArray[CFString] @@ -389,7 +396,7 @@ extern const CFStringRef kSCEntNetAppLayer API_ @const kSCEntNetCaptivePortal @discussion Value is a CFDictionary */ -extern const CFStringRef kSCEntNetCaptivePortal SPI_AVAILABLE(macos(10.16), ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0)); +extern const CFStringRef kSCEntNetCaptivePortal SPI_AVAILABLE(macos(11.0), ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0)); #define kSCEntNetCaptivePortal kSCEntNetCaptivePortal /*! @@ -581,7 +588,7 @@ extern const CFStringRef kSCPropNetDNSSupplementalMatchDomainsNoSearch API_ @const kSCPropNetCaptivePortalURL @discussion Value is a CFString */ -extern const CFStringRef kSCPropNetCaptivePortalURL SPI_AVAILABLE(macos(10.16), ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0)); +extern const CFStringRef kSCPropNetCaptivePortalURL SPI_AVAILABLE(macos(11.0), ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0)); #define kSCPropNetCaptivePortalURL kSCPropNetCaptivePortalURL /*! @@ -1073,6 +1080,48 @@ extern const CFStringRef kSCPropNetNAT64PLATDiscoveryCompletionTime API_ @group kSCEntNetProxies Entity Keys */ +/*! + @const kSCPropNetProxiesTransportConverterEnable + @discussion Value is a CFNumber (0 or 1) + */ +extern const CFStringRef kSCPropNetProxiesTransportConverterEnable API_AVAILABLE(macos(11.0)) SPI_AVAILABLE(ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0)); +#define kSCPropNetProxiesTransportConverterEnable kSCPropNetProxiesTransportConverterEnable + +/*! + @const kSCPropNetProxiesTransportConverterPort + @discussion Value is a CFNumber + */ +extern const CFStringRef kSCPropNetProxiesTransportConverterPort API_AVAILABLE(macos(11.0)) SPI_AVAILABLE(ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0)); +#define kSCPropNetProxiesTransportConverterPort kSCPropNetProxiesTransportConverterPort + +/*! + @const kSCPropNetProxiesTransportConverterProxy + @discussion Value is a CFArray[CFString] + */ +extern const CFStringRef kSCPropNetProxiesTransportConverterProxy API_AVAILABLE(macos(11.0)) SPI_AVAILABLE(ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0)); +#define kSCPropNetProxiesTransportConverterProxy kSCPropNetProxiesTransportConverterProxy + +/*! + @const kSCPropNetProxiesTransportConverterFallBackAllowed + @discussion Value is a CFNumber (0 or 1) + */ +extern const CFStringRef kSCPropNetProxiesTransportConverterFallBackAllowed API_AVAILABLE(macos(11.0)) SPI_AVAILABLE(ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0)); +#define kSCPropNetProxiesTransportConverterFallBackAllowed kSCPropNetProxiesTransportConverterFallBackAllowed + +/*! + @const kSCPropNetProxiesTransportConverterMultipathServiceType + @discussion Value is a CFNumber + */ +extern const CFStringRef kSCPropNetProxiesTransportConverterMultipathServiceType API_AVAILABLE(macos(11.0)) SPI_AVAILABLE(ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0)); +#define kSCPropNetProxiesTransportConverterMultipathServiceType kSCPropNetProxiesTransportConverterMultipathServiceType + +/*! + @const kSCPropNetProxiesTransportConverterTFOMode + @discussion Value is a CFNumber + */ +extern const CFStringRef kSCPropNetProxiesTransportConverterTFOMode API_AVAILABLE(macos(11.0)) SPI_AVAILABLE(ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0)); +#define kSCPropNetProxiesTransportConverterTFOMode kSCPropNetProxiesTransportConverterTFOMode + /*! @const kSCPropNetProxiesBypassAllowed @discussion Value is a CFNumber (0 or 1) diff --git a/SystemConfiguration.fproj/genSCPreferences.c b/SystemConfiguration.fproj/genSCPreferences.c index 09fd827..238bab5 100644 --- a/SystemConfiguration.fproj/genSCPreferences.c +++ b/SystemConfiguration.fproj/genSCPreferences.c @@ -130,6 +130,7 @@ typedef enum { SC_10_14_IPHONE_12_0_PRIVATE, SC_10_15_IPHONE_13_0_PRIVATE, SC_10_15_4_IPHONE_13_4_PRIVATE, + SC_11_0_IPHONE_14_0_PRIVATE, SC_IPHONE_2_0_PRIVATE, SC_IPHONE_7_0_PRIVATE, SC_IPHONE_8_0_PRIVATE, @@ -369,6 +370,7 @@ typedef enum { #define MSCHAP1 "MSCHAP1" #define MSCHAP2 "MSCHAP2" #define MTU "MTU" +#define MULTIPATH "Multipath" #define NAME "Name" #define NAT64 "NAT64" #define NETBIOS "NetBIOS" @@ -492,12 +494,14 @@ typedef enum { #define TAG "Tag" #define TAGS "Tags" #define TERMINALSCRIPT "TerminalScript" +#define TFO "TFO" #define TIMEOUT "Timeout" #define TIMER "Timer" #define TIMESTAMP "TimeStamp" #define TOKEN "Token" #define TRANSMITACCM "TransmitACCM" #define TRANSPORT "Transport" +#define TRANSPORTCONVERTER "TransportConverter" #define TSO "TSO" #define TSO4 "TSO4" #define TSO6 "TSO6" @@ -1151,6 +1155,13 @@ static schemaDefinition names[] = { { GROUP_PRIVATE, NETPROP PROXIES, KEY_PREFIX NETENT PROXIES " Entity Keys", NULL, NULL }, + { SC_11_0_IPHONE_14_0_PRIVATE, NETPROP PROXIES, TRANSPORTCONVERTER ENABLE, NULL, CFNUMBER_BOOL }, + { SC_11_0_IPHONE_14_0_PRIVATE, NETPROP PROXIES, TRANSPORTCONVERTER PORT, NULL, CFNUMBER }, + { SC_11_0_IPHONE_14_0_PRIVATE, NETPROP PROXIES, TRANSPORTCONVERTER PROXY, NULL, CFARRAY_CFSTRING }, + { SC_11_0_IPHONE_14_0_PRIVATE, NETPROP PROXIES, TRANSPORTCONVERTER FALLBACK ALLOWED, NULL, CFNUMBER_BOOL }, + { SC_11_0_IPHONE_14_0_PRIVATE, NETPROP PROXIES, TRANSPORTCONVERTER MULTIPATH SERVICE TYPE, NULL, CFNUMBER }, + { SC_11_0_IPHONE_14_0_PRIVATE, NETPROP PROXIES, TRANSPORTCONVERTER TFO MODE, NULL, CFNUMBER }, + { COMMENT_PRIVATE, "", NULL, NULL, NULL }, { SC_10_9_IPHONE_7_0_PRIVATE, NETPROP PROXIES, BYPASS ALLOWED, NULL, CFNUMBER_BOOL }, { SC_10_9_IPHONE_6_0_PRIVATE, NETPROP PROXIES, FALLBACK ALLOWED, NULL, CFNUMBER_BOOL }, { SC_10_7_IPHONE_5_0_PRIVATE, NETPROP PROXIES, SUPPLEMENTAL MATCH DOMAINS, NULL, CFARRAY_CFSTRING}, @@ -1532,6 +1543,9 @@ print_headerdoc(schemaDefinition *def) case SC_10_15_4_IPHONE_13_4_PRIVATE: printf(" API_AVAILABLE(macos(10.15.4)) SPI_AVAILABLE(ios(13.4), tvos(13.4), watchos(6.2), bridgeos(4.0));\n"); break; + case SC_11_0_IPHONE_14_0_PRIVATE: + printf(" API_AVAILABLE(macos(11.0)) SPI_AVAILABLE(ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0));\n"); + break; case SC_IPHONE_2_0_PRIVATE: printf(" SPI_AVAILABLE(macos(10.6), ios(2.0), tvos(9.0), watchos(1.0), bridgeos(1.0));\n"); break; @@ -1542,7 +1556,7 @@ print_headerdoc(schemaDefinition *def) printf(" SPI_AVAILABLE(macos(10.0), ios(8.0), tvos(9.0), watchos(1.0), bridgeos(1.0));\n"); break; case SC_IPHONE_14_PRIVATE: - printf(" SPI_AVAILABLE(macos(10.16), ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0));\n"); + printf(" SPI_AVAILABLE(macos(11.0), ios(14.0), tvos(14.0), watchos(7.0), bridgeos(5.0));\n"); break; default: printf("\n"); @@ -1724,6 +1738,7 @@ dump_names(int type) case SC_10_14_IPHONE_12_0_PRIVATE: case SC_10_15_IPHONE_13_0_PRIVATE: case SC_10_15_4_IPHONE_13_4_PRIVATE: + case SC_11_0_IPHONE_14_0_PRIVATE: case SC_IPHONE_2_0_PRIVATE: case SC_IPHONE_7_0_PRIVATE: case SC_IPHONE_8_0_PRIVATE: @@ -1765,6 +1780,7 @@ dump_names(int type) case SC_10_14_IPHONE_12_0_PRIVATE: case SC_10_15_IPHONE_13_0_PRIVATE: case SC_10_15_4_IPHONE_13_4_PRIVATE: + case SC_11_0_IPHONE_14_0_PRIVATE: case SC_IPHONE_2_0_PRIVATE: case SC_IPHONE_7_0_PRIVATE: case SC_IPHONE_8_0_PRIVATE: @@ -1797,6 +1813,7 @@ dump_names(int type) case SC_10_14_IPHONE_12_0_PRIVATE: case SC_10_15_IPHONE_13_0_PRIVATE: case SC_10_15_4_IPHONE_13_4_PRIVATE: + case SC_11_0_IPHONE_14_0_PRIVATE: case SC_IPHONE_2_0_PRIVATE: case SC_IPHONE_7_0_PRIVATE: case SC_IPHONE_8_0_PRIVATE: @@ -1827,6 +1844,7 @@ dump_names(int type) case SC_10_14_IPHONE_12_0_PRIVATE: case SC_10_15_IPHONE_13_0_PRIVATE: case SC_10_15_4_IPHONE_13_4_PRIVATE: + case SC_11_0_IPHONE_14_0_PRIVATE: case SC_IPHONE_2_0_PRIVATE: case SC_IPHONE_7_0_PRIVATE: case SC_IPHONE_8_0_PRIVATE: diff --git a/scutil.tproj/net_protocol.c b/scutil.tproj/net_protocol.c index b0392fa..5057fd1 100644 --- a/scutil.tproj/net_protocol.c +++ b/scutil.tproj/net_protocol.c @@ -962,16 +962,71 @@ typedef const struct { const CFStringRef *keyProxy; const CFStringRef *keyPort; const CFStringRef *keyURL; + const Boolean multiple_proxies; } proxyKeys; -static proxyKeys proxyKeys_FTP = { "FTP" , &kSCPropNetProxiesFTPEnable , &kSCPropNetProxiesFTPProxy , &kSCPropNetProxiesFTPPort , NULL }; -static proxyKeys proxyKeys_Gopher = { "Gopher", &kSCPropNetProxiesGopherEnable , &kSCPropNetProxiesGopherProxy, &kSCPropNetProxiesGopherPort, NULL }; -static proxyKeys proxyKeys_HTTP = { "HTTP" , &kSCPropNetProxiesHTTPEnable , &kSCPropNetProxiesHTTPProxy , &kSCPropNetProxiesHTTPPort , NULL }; -static proxyKeys proxyKeys_HTTPS = { "HTTPS" , &kSCPropNetProxiesHTTPSEnable , &kSCPropNetProxiesHTTPSProxy , &kSCPropNetProxiesHTTPSPort , NULL }; -static proxyKeys proxyKeys_RTSP = { "RTSP" , &kSCPropNetProxiesRTSPEnable , &kSCPropNetProxiesRTSPProxy , &kSCPropNetProxiesRTSPPort , NULL }; -static proxyKeys proxyKeys_SOCKS = { "SOCKS" , &kSCPropNetProxiesSOCKSEnable , &kSCPropNetProxiesSOCKSProxy , &kSCPropNetProxiesSOCKSPort , NULL }; -static proxyKeys proxyKeys_PAC = { ".pac" , &kSCPropNetProxiesProxyAutoConfigEnable , NULL , NULL , &kSCPropNetProxiesProxyAutoConfigURLString }; -static proxyKeys proxyKeys_WPAD = { "WPAD" , &kSCPropNetProxiesProxyAutoDiscoveryEnable, NULL , NULL , NULL }; +static proxyKeys proxyKeys_FTP = { "FTP", + &kSCPropNetProxiesFTPEnable, + &kSCPropNetProxiesFTPProxy, + &kSCPropNetProxiesFTPPort, + NULL, + FALSE + }; +static proxyKeys proxyKeys_Gopher = { "Gopher", + &kSCPropNetProxiesGopherEnable, + &kSCPropNetProxiesGopherProxy, + &kSCPropNetProxiesGopherPort, + NULL, + FALSE + }; +static proxyKeys proxyKeys_HTTP = { "HTTP", + &kSCPropNetProxiesHTTPEnable, + &kSCPropNetProxiesHTTPProxy, + &kSCPropNetProxiesHTTPPort, + NULL, + FALSE + }; +static proxyKeys proxyKeys_HTTPS = { "HTTPS", + &kSCPropNetProxiesHTTPSEnable, + &kSCPropNetProxiesHTTPSProxy, + &kSCPropNetProxiesHTTPSPort, + NULL, + FALSE + }; +static proxyKeys proxyKeys_RTSP = { "RTSP", + &kSCPropNetProxiesRTSPEnable, + &kSCPropNetProxiesRTSPProxy, + &kSCPropNetProxiesRTSPPort, + NULL, + FALSE + }; +static proxyKeys proxyKeys_SOCKS = { "SOCKS", + &kSCPropNetProxiesSOCKSEnable, + &kSCPropNetProxiesSOCKSProxy, + &kSCPropNetProxiesSOCKSPort, + NULL, + FALSE + }; +static proxyKeys proxyKeys_TransportConverter = + { "TransportConverter", + &kSCPropNetProxiesTransportConverterEnable, + &kSCPropNetProxiesTransportConverterProxy, + &kSCPropNetProxiesTransportConverterPort, + NULL, + TRUE + }; +static proxyKeys proxyKeys_PAC = { ".pac", + &kSCPropNetProxiesProxyAutoConfigEnable, + NULL, + NULL, + &kSCPropNetProxiesProxyAutoConfigURLString, + FALSE}; +static proxyKeys proxyKeys_WPAD = { "WPAD", + &kSCPropNetProxiesProxyAutoDiscoveryEnable, + NULL, + NULL, + NULL, + FALSE}; static proxyKeys *currentProxy = NULL; @@ -995,6 +1050,7 @@ static options proxyOptions[] = { { "HTTPS" , NULL , isOther , NULL , __doProxySelect , (void *)&proxyKeys_HTTPS }, { "RTSP" , NULL , isOther , NULL , __doProxySelect , (void *)&proxyKeys_RTSP }, { "SOCKS" , NULL , isOther , NULL , __doProxySelect , (void *)&proxyKeys_SOCKS }, + { "TransportConverter" , NULL , isOther , NULL , __doProxySelect , (void *)&proxyKeys_TransportConverter }, { "ProxyAutoConfig" , NULL , isOther , NULL , __doProxySelect , (void *)&proxyKeys_PAC }, { ".pac" , NULL , isOther , NULL , __doProxySelect , (void *)&proxyKeys_PAC }, { "ProxyAutoDiscovery" , NULL , isOther , NULL , __doProxySelect , (void *)&proxyKeys_WPAD }, @@ -1004,6 +1060,8 @@ static options proxyOptions[] = { { "enable" , NULL , isOther , NULL , __doProxyEnable , (void *)TRUE }, { "proxy" , NULL , isOther , NULL , __doProxyHost , NULL }, { "host" , NULL , isOther , NULL , __doProxyHost , NULL }, + { "proxies" , NULL , isOther , NULL , __doProxyHost , NULL }, + { "hosts" , NULL , isOther , NULL , __doProxyHost , NULL }, { "port" , NULL , isOther , NULL , __doProxyPort , NULL }, { "url" , NULL , isOther , NULL , __doProxyURL , NULL }, // (ftp) proxy modifiers @@ -1036,6 +1094,10 @@ static options proxyOptions[] = { " set protocol socks host proxy-host\n" " set protocol socks port proxy-port\n" "\n" + " set protocol transportconverter {enable|disable}\n" + " set protocol transportconverter host[s] proxy-host[,proxy-host-2]\n" + " set protocol transportconverter port proxy-port\n" + "\n" " set protocol .pac {enable|disable}\n" " set protocol .pac url .pac-url\n" "\n" @@ -1163,11 +1225,22 @@ __doProxyHost(CFStringRef key, const char *description, void *info, int argc, ch } if (strlen(argv[0]) > 0) { - CFStringRef host; + if (!currentProxy->multiple_proxies) { + CFStringRef host; - host = CFStringCreateWithCString(NULL, argv[0], kCFStringEncodingUTF8); - CFDictionarySetValue(newConfiguration, *(currentProxy->keyProxy), host); - CFRelease(host); + host = CFStringCreateWithCString(NULL, argv[0], kCFStringEncodingUTF8); + CFDictionarySetValue(newConfiguration, *(currentProxy->keyProxy), host); + CFRelease(host); + } else { + CFArrayRef hosts; + CFStringRef hosts_str; + + hosts_str = CFStringCreateWithCString(NULL, argv[0], kCFStringEncodingUTF8); + hosts = CFStringCreateArrayBySeparatingStrings(NULL, hosts_str, CFSTR(",")); + CFDictionarySetValue(newConfiguration, *(currentProxy->keyProxy), hosts); + CFRelease(hosts); + CFRelease(hosts_str); + } } else { CFDictionaryRemoveValue(newConfiguration, *(currentProxy->keyProxy)); } -- 2.45.2