Open utun device

CBTunService/Actions.h

@@ -0,0 +1,16 @@
+//
+// Actions.h
+// SMJobBless
+//
+// Created by Ludovic Delaveau on 8/5/12.
+//
+//
+
+#import <Foundation/Foundation.h>
+
+@protocol TunHandler <NSObject>
+
+- (void)openTun:(void (^)(NSFileHandle *tun, NSError *error))reply;
+- (void)closeTun;
+
+@end

CBTunService/CBTunService-Info.plist

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http:https://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>CFBundleIdentifier</key>
+ <string>com.chrisballinger.CBTunService</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundleName</key>
+ <string>CBTunService</string>
+ <key>CFBundleVersion</key>
+ <string>1.1</string>
+ <key>SMAuthorizedClients</key>
+ <array>
+ <string>identifier com.chrisballinger.TetherMac and certificate leaf[subject.CN] = &quot;3rd Party Mac Developer Application&quot;</string>
+ </array>
+</dict>
+</plist>

CBTunService/CBTunService-Launchd.plist

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http:https://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>Label</key>
+ <string>com.chrisballinger.CBTunService</string>
+ <key>MachServices</key>
+ <dict>
+ <key>com.chrisballinger.CBTunService</key>
+ <true/>
+ </dict>
+</dict>
+</plist>

CBTunService/PrivilegedAgent.h

@@ -0,0 +1,16 @@
+//
+// PrivilegedActions.h
+// SMJobBless
+//
+// Created by Ludovic Delaveau on 8/5/12.
+//
+//
+
+#import <Foundation/Foundation.h>
+#import "Actions.h"
+
+@interface PrivilegedAgent : NSObject <TunHandler>
+
+@property (nonatomic, strong) NSFileHandle *tunHandle;
+
+@end

CBTunService/PrivilegedAgent.m

@@ -0,0 +1,94 @@
+//
+// PrivilegedActions.m
+// SMJobBless
+//
+// Created by Ludovic Delaveau on 8/5/12.
+//
+//
+
+#import <syslog.h>
+#import <unistd.h>
+#import "PrivilegedAgent.h"
+
+#include <sys/types.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/sys_domain.h>
+#include <sys/kern_control.h>
+#include <net/if_utun.h>
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#include <stdlib.h> // exit, etc.
+
+int
+tun(void)
+{
+ struct sockaddr_ctl sc;
+ struct ctl_info ctlInfo;
+ int fd;
+
+
+ memset(&ctlInfo, 0, sizeof(ctlInfo));
+ if (strlcpy(ctlInfo.ctl_name, UTUN_CONTROL_NAME, sizeof(ctlInfo.ctl_name)) >=
+ sizeof(ctlInfo.ctl_name)) {
+ fprintf(stderr,"UTUN_CONTROL_NAME too long");
+ return -1;
+ }
+ fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
+
+ if (fd == -1) {
+ perror ("socket(SYSPROTO_CONTROL)");
+ return -1;
+ }
+ if (ioctl(fd, CTLIOCGINFO, &ctlInfo) == -1) {
+ perror ("ioctl(CTLIOCGINFO)");
+ close(fd);
+ return -1;
+ }
+
+ sc.sc_id = ctlInfo.ctl_id;
+ sc.sc_len = sizeof(sc);
+ sc.sc_family = AF_SYSTEM;
+ sc.ss_sysaddr = AF_SYS_CONTROL;
+ sc.sc_unit = 2; /* Only have one, in this example... */
+
+
+ // If the connect is successful, a tun%d device will be created, where "%d"
+ // is our unit number -1
+
+ if (connect(fd, (struct sockaddr *)&sc, sizeof(sc)) == -1) {
+ perror ("connect(AF_SYS_CONTROL)");
+ close(fd);
+ return -1;
+ }
+ return fd;
+}
+
+@implementation PrivilegedAgent
+
+- (void)openTun:(void (^)(NSFileHandle *tun, NSError *error))reply {
+ [self closeTun];
+ int utunfd = tun();
+
+ NSError * error = nil;
+
+ if (utunfd != -1) {
+ self.tunHandle = [[NSFileHandle alloc] initWithFileDescriptor:utunfd closeOnDealloc:YES];
+ } else {
+ error = [NSError errorWithDomain:@"com.chrisballinger.CBTunService" code:100 userInfo:@{NSLocalizedDescriptionKey: @"Error opening TUN fd"}];
+ }
+
+ if (reply) {
+ reply(self.tunHandle, error);
+ }
+}
+
+- (void)closeTun {
+ self.tunHandle = nil;
+}
+
+@end

CBTunService/PrivilegedServiceDelegate.h

@@ -0,0 +1,13 @@
+//
+// PrivilegedServiceDelegate.h
+// SMJobBless
+//
+// Created by Ludovic Delaveau on 8/5/12.
+//
+//
+
+#import <Foundation/Foundation.h>
+
+@interface PrivilegedServiceDelegate : NSObject <NSXPCListenerDelegate>
+
+@end

CBTunService/PrivilegedServiceDelegate.m

@@ -0,0 +1,23 @@
+//
+// PrivilegedServiceDelegate.m
+// SMJobBless
+//
+// Created by Ludovic Delaveau on 8/5/12.
+//
+//
+
+#import "PrivilegedServiceDelegate.h"
+#import "Actions.h"
+#import "PrivilegedAgent.h"
+
+@implementation PrivilegedServiceDelegate
+
+- (BOOL)listener:(NSXPCListener *)listener shouldAcceptNewConnection:(NSXPCConnection *)newConnection {
+ newConnection.exportedInterface = [NSXPCInterface interfaceWithProtocol:@protocol(TunHandler)];
+ newConnection.exportedObject = [[PrivilegedAgent alloc] init];
+ [newConnection resume];
+
+ return YES;
+}
+
+@end

CBTunService/main.m

@@ -0,0 +1,70 @@
+/*
+ 
+ File: SMJobBlessHelper.c
+Abstract: A helper tool that doesn't do anything event remotely interesting.
+See the ssd sample for how to use GCD and launchd to set up an on-demand
+server via sockets.
+ Version: 1.2
+
+Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
+Inc. ("Apple") in consideration of your agreement to the following
+terms, and your use, installation, modification or redistribution of
+this Apple software constitutes acceptance of these terms. If you do
+not agree with these terms, please do not use, install, modify or
+redistribute this Apple software.
+
+In consideration of your agreement to abide by the following terms, and
+subject to these terms, Apple grants you a personal, non-exclusive
+license, under Apple's copyrights in this original Apple software (the
+"Apple Software"), to use, reproduce, modify and redistribute the Apple
+Software, with or without modifications, in source and/or binary forms;
+provided that if you redistribute the Apple Software in its entirety and
+without modifications, you must retain this notice and the following
+text and disclaimers in all such redistributions of the Apple Software.
+Neither the name, trademarks, service marks or logos of Apple Inc. may
+be used to endorse or promote products derived from the Apple Software
+without specific prior written permission from Apple. Except as
+expressly stated in this notice, no other rights or licenses, express or
+implied, are granted by Apple herein, including but not limited to any
+patent rights that may be infringed by your derivative works or by other
+works in which the Apple Software may be incorporated.
+
+The Apple Software is provided by Apple on an "AS IS" basis. APPLE
+MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
+THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS
+FOR A PARTICULAR PURPOSE, REGARDING THE APPLE SOFTWARE OR ITS USE AND
+OPERATION ALONE OR IN COMBINATION WITH YOUR PRODUCTS.
+
+IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL
+OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION,
+MODIFICATION AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
+AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING NEGLIGENCE),
+STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+Copyright (C) 2011 Apple Inc. All Rights Reserved.
+
+
+*/
+
+#import <Foundation/Foundation.h>
+#import <syslog.h>
+#import <xpc/xpc.h>
+
+#import "PrivilegedServiceDelegate.h"
+
+int main(int argc, const char *argv[]) {
+ @autoreleasepool {
+ NSXPCListener *service = [[NSXPCListener alloc] initWithMachServiceName:@"com.chrisballinger.CBTunService"];
+ PrivilegedServiceDelegate *serviceDelegate = [[PrivilegedServiceDelegate alloc] init];
+ service.delegate = serviceDelegate;
+ [service resume];
+
+ dispatch_main();
+
+ return EXIT_SUCCESS;
+ }
+}
+