github
/
openvpn-gui
mirror of https://github.com/OpenVPN/openvpn-gui
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '314ceb04b4'
${ noResults }
openvpn-gui/openvpn.c

2775 lines
85 KiB
Raw Normal View History Unescape

import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
/*
* OpenVPN-GUI -- A Windows GUI for OpenVPN.
*
* Copyright (C) 2004 Mathias Sundman <mathias@nilings.se>
remove support for openvpn version < 2.0
15 years ago
* 2010 Heiko Hund <heikoh@users.sf.net>
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
* 2016 Selva Nair <selva.nair@gmail.com>
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
use automake in build Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Edited to not use libtool and implicit automake rule to build resource object
13 years ago
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
use managment interface
14 years ago
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
#include <windows.h>
enforce entry of a username when querying auth
13 years ago
#include <windowsx.h>
Introduce "Always use interactive service" option We didn't use interactive service when gui was running under admin because of some privilege escalation vulnerability in Vista. Apparently this issue doesn't exist on Win7 and newer versions so it is safe to use iservice on those systems. Introduce "Always use interactive service" option, which is "on" by default. This should enable users, who by various reasons run gui as admin, use Wintun. When gui is running as admin and interactive service cannot be started or not installed, warn that wintun will not work. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
#include <versionhelpers.h>
config number for status dialog is now stored as property
16 years ago
#include <tchar.h>
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
#include <stdlib.h>
#include <stdio.h>
#include <process.h>
replace GUI_* with PACKAGE_* macros
15 years ago
#include <richedit.h>
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
#include <time.h>
Check for invalid characters in user inputs - Flag password and username input if these contain an invalid character (currently only embedded '\n' is disallowed). Shows a popup when OK is pressed so that the user can correct the input and resubmit. - Add an error message to the log when the management i/f returns ERROR for incorrectly parsed commands. Otherwise such errors go unnoticed. Note: IDS_ERR_INVALID_USERNAME/PASSWORD need translations. Reported and tested by: Florian Beier (H4ndl3 on github) Fixes Trac: #958 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
#include <commctrl.h>
replace GUI_* with PACKAGE_* macros
15 years ago
Support per-monitor DPI scaling
4 years ago
#ifndef WM_DPICHANGED
#define WM_DPICHANGED 0x02E0
#endif
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
#ifdef ENABLE_OVPN3
#include <json-c/json.h>
#endif
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
#include "tray.h"
#include "main.h"
#include "openvpn.h"
refactor option handling code
15 years ago
#include "openvpn_config.h"
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
#include "openvpn-gui-res.h"
#include "options.h"
#include "scripts.h"
#include "viewlog.h"
#include "proxy.h"
#include "passphrase.h"
switched to use of localization functions
16 years ago
#include "localization.h"
remove limit for user/pass length, closes #3498438 Generation of the "username" and "password" management commands now happens centrally in the helper function ManagementCommandFromInput() in misc.c
13 years ago
#include "misc.h"
Handle interactive service policy restrictions When a connection is attempted using a config in a location that would fail, offer an option to add the user to the "OpenVPN Administrators" group. This is done using shell-execute which will show a UAC prompt for elevation. If it fails (due to user chooses NO or the UAC dialog fails) the connection is not started. v2 Changes - Rebase to master - Automaticlaly add the admin group if it doesn't exist - Allow unicode strings in debug output - Use domain\username to identify user - Fix the PrintDebug macro Minor changes based on user feedback - Bring the window back to foreground after UAC prompt completion - Show a message if another connection is tried during authorization - Do not add user to ovpn_admin_group if it is same as the built-in admin group Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
#include "access.h"
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
#include "save_pass.h"
Support for 'setenv name var' using echo - Implement connection specific env variables. These are merged with the process environment strings and passed to scripts. - To set an env variable, use 'echo setenv name value' in the config or push from the server. This will set "OPENVPN_name=value" in the connections's env set. Note that "name" is mangled as "OPENVPN_name" to avoid servers overwriting sensitive variables such as PATH. Names are set in the order received and same name overwrites any previously set value. - Environment variable names are allowed to contain only alpha numeric characters and underscore as in openvpn.exe. But, unlike openvpn.exe, invalid names are ignored, not sanitized. v2 changes (Dec 16, 2017): - If value is missing, the directive is interpreted as a delete command and the env var with matching name in the connection's env set is removed. - Windows needs env block to be ordered: While merging connection specific env vars with process env block, order the entries 'alphabetically' (locale independent, case insensitive unicode ordinal order). In case of duplicates, the value in connection env set replaces the one in process env. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
#include "env_set.h"
Parse and display messages received by echo msg commands Process four new echo commands to construct messages to be displayed to the user: echo msg message-text echo msg-n message-text echo msg-window message-title echo msg-notify message-title Note: All rules of push and echo processing apply and determine what is received as echo commands by the GUI. In addition, 'url-encoded' characters (% followed by two hex digits) are decoded and displayed. The message is constructed in the GUI by concatenating the text specified in one or more "echo msg text" or "echo msg-n text" commands. In case of "echo msg text" text is appended with a new line. An empty text in this case will just add a new line. The message ends and gets displayed when one of the following are receieved: echo msg-window title echo msg-notify title where "title" becomes the title of the message window. In case of msg-window, a modeless window shows the message, in the latter case a notification balloon is shown. Example: when pushed from the server: push "echo msg I say let the world go to hell%2C" push "echo msg I must have my cup of tea." push "echo msg-window Notes from the underground" will display a modeless window with title "Notes from the underground" and a two line body -- I say let the world go to hell, I must have my cup of tea. -- Note that the message itself is not quoted in the above examples and so it relies on the server's option-parser combining individual words into a space separated string. Number of words on a line is limited by the maximum number of parameters allowed in openvpn commands (16). This limitation may be avoided by quoting the text that follows so that the option parser sees it as one parameter. The comma character is not allowed in pushed strings, so it has to be sent encoded as %2C as shown above. Such encoding of arbitrary bytes is suppored. For example, newlines may be embedded as %0A, though discouraged. Instead use multiple "echo msg" commands to separate lines by new line. An example with embedded spaces and multiple lines concatenated without a new line in between (note use of single quotes): push "echo msg-n I swear to you gentlemen%2C that to be" push "echo msg-n ' overly conscious is a sickness%2C ' " push "echo msg-n a real%2C thorough sickness." push "echo msg-notify Quote of the Day" will show up as a notification that displays for an OS-dependent interval as: -- Quote of the Day I swear to you gentlemen, that to be overly conscious is a sickness, a real, thorough sickness. -- where the location of the line break is automatically determined by the notification API and is OS version-dependent. Commands like "echo msg ..." in the config file are also processed the same way. It gets displayed when the GUI connects to the management interface and receives all pending echo. Pushed message(s) get displayed when the client daemon processes push-reply and passes on echo directives to the GUI. TODO: The actual window that displays the messages is implemented in the next commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
#include "echo.h"
Handle pkcs11-id query from daemon Add support for selecting pkcs11-id from the GUI. Requires --management-pkcs11-id in the config file. This option is not added by the GUI. A list of all available pkcs11 certificates are presented to the user with buttons OK, Cancel, Retry. OK submits the selected entry, Cancel closes the connection, Retry reconstructs the list of certificates by querying the daemon again. The latter can be used to retry after inserting a token. If no certificates are found, a message suggesting to insert a token and press 'Retry' is displayed. The list shows the "Issued-to", "Issued-by" names (usually the subject & issuer common names) and valid-until date in current locale for each certificate. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
#include "pkcs11.h"
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
#define OPENVPN_SERVICE_PIPE_NAME_OVPN2 L"\\\\.\\pipe\\openvpn\\service"
#define OPENVPN_SERVICE_PIPE_NAME_OVPN3 L"\\\\.\\pipe\\ovpnagent"
refactor option handling code
15 years ago
extern options_t o;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
static BOOL TerminateOpenVPN(connection_t *c);
static BOOL LaunchOpenVPN(connection_t *c);
Terminate any openvpn processes that fail to stop Sometimes gracefully stopping openvpn fails leaving the process running in background. This causes restarting of connections to fail until those processes are manually killed. - Read process ID from interactive service to get process handle when openvpn is started by the service. - Add a last resort method to forcefully terminate openvpn process that fails to exit aftier sending stop signal. Terminate is triggered after a 3 second timeout following Stop. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
ask for HTTP proxy credentials on demand * use "auto" parameter for --http-proxy option * pass proxy credentialsls via management interface * also closes #3223163
14 years ago
const TCHAR *cfgProp = _T("conn");
use managment interface
14 years ago
URL profile import: support for 2FA When 2FA is enabled, server (such as AS) replies with HTTP 401 and issues a challenge. Use existing facilities to parse CRV message and prompt user for a response, then call REST method again with encoded response as HTTP auth password. See https://github.com/OpenVPN/openvpn3/blob/master/doc/webauth.md#challengeresponse-authentication for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
3 years ago
void
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
free_auth_param (auth_param_t *param)
{
if (!param)
return;
free (param->str);
free (param->id);
free (param->user);
URL profile import: support for 2FA When 2FA is enabled, server (such as AS) replies with HTTP 401 and issues a challenge. Use existing facilities to parse CRV message and prompt user for a response, then call REST method again with encoded response as HTTP auth password. See https://github.com/OpenVPN/openvpn3/blob/master/doc/webauth.md#challengeresponse-authentication for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
3 years ago
free (param->cr_response);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
free (param);
}
void
AppendTextToCaption (HANDLE hwnd, const WCHAR *str)
{
WCHAR old[256];
WCHAR new[256];
GetWindowTextW (hwnd, old, _countof(old));
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
_sntprintf_0 (new, L"%ls (%ls)", old, str);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
SetWindowText (hwnd, new);
}
Check for invalid characters in user inputs - Flag password and username input if these contain an invalid character (currently only embedded '\n' is disallowed). Shows a popup when OK is pressed so that the user can correct the input and resubmit. - Add an error message to the log when the management i/f returns ERROR for incorrectly parsed commands. Otherwise such errors go unnoticed. Note: IDS_ERR_INVALID_USERNAME/PASSWORD need translations. Reported and tested by: Florian Beier (H4ndl3 on github) Fixes Trac: #958 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/*
* Show an error tooltip with msg attached to the specified
* editbox handle.
*/
static void
show_error_tip(HWND editbox, const WCHAR *msg)
{
EDITBALLOONTIP bt;
bt.cbStruct = sizeof(EDITBALLOONTIP);
bt.pszText = msg;
bt.pszTitle = L"Invalid input";
bt.ttiIcon = TTI_ERROR_LARGE;
SendMessage(editbox, EM_SHOWBALLOONTIP, 0, (LPARAM)&bt);
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
/*
use managment interface
14 years ago
* Receive banner on connection to management interface
* Format: <BANNER>
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
*/
use managment interface
14 years ago
void
tag unused variables to stop compiler warnings
13 years ago
OnReady(connection_t *c, UNUSED char *msg)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
use managment interface
14 years ago
ManagementCommand(c, "state on", NULL, regular);
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
ManagementCommand(c, "log on all", OnLogLine, combined);
ManagementCommand(c, "echo on all", OnEcho, combined);
Subscribe to bytecount message from management interface Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
ManagementCommand(c, "bytecount 5", NULL, regular);
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
/* ask for the current state, especially useful when the daemon was prestarted */
ManagementCommand(c, "state", OnStateChange, regular);
Parse config-auto directory for persistent connections - Parse the config-auto folder used by automatic service and mark these profiles as persistent. - These connections are marked as auto_connect to try attaching to them at start up with periodic retry in case the daemon or service are restarted. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
Option to disable attaching to persistent connections Three options are provided to control scanning of persistent (pre-satrted) connections in config-auto folder, and how they are attached to. Auto: Scan and list persistent connections and attach to their management i/f automatically at startup, and periodically retry on failure to attach. Manual: Scan and list as above, but do not attach automatically. User can attach to such connections by manually clicking connect. Never: Do not scan config-auto folder. Default is "Auto" Change of this setting in the settings menu will take full effect only if none of the connections are in connecting/connected/detached state so that the connection list can be updated. Otherwise restart the GUI. TODO: Copying the settings dialog changes to all languages Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if (c->flags & FLAG_DAEMON_PERSISTENT
&& o.enable_persistent == 2)
Parse config-auto directory for persistent connections - Parse the config-auto folder used by automatic service and mark these profiles as persistent. - These connections are marked as auto_connect to try attaching to them at start up with periodic retry in case the daemon or service are restarted. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
{
c->auto_connect = true;
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
/*
use managment interface
14 years ago
* Handle the request to release a hold from the OpenVPN management interface
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
*/
use managment interface
14 years ago
void
tag unused variables to stop compiler warnings
13 years ago
OnHold(connection_t *c, UNUSED char *msg)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
EnableWindow(GetDlgItem(c->hwndStatus, ID_RESTART), TRUE);
Add a button for detaching from the management interface Useful for releasing the management interface if the user wants to connect to it by other means. Detached connections are set to state = detached (no disconnected) and auto_connect disabled, so that they could be handled properly during a re-attach. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if ((c->flags & FLAG_DAEMON_PERSISTENT)
&& (c->state == disconnecting || c->state == resuming))
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
{
/* retain the hold state if we are here while disconnecting */
c->state = onhold;
SetMenuStatus(c, onhold);
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_ONHOLD));
SetStatusWinIcon(c->hwndStatus, ID_ICO_DISCONNECTED);
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), FALSE);
CheckAndSetTrayIcon();
return;
}
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), TRUE);
use managment interface
14 years ago
ManagementCommand(c, "hold off", NULL, regular);
ManagementCommand(c, "hold release", NULL, regular);
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
/*
* Handle a log line from the OpenVPN management interface
* Format <TIMESTAMP>,<FLAGS>,<MESSAGE>
*/
void
OnLogLine(connection_t *c, char *line)
{
HWND logWnd = GetDlgItem(c->hwndStatus, ID_EDT_LOG);
char *flags, *message;
time_t timestamp;
TCHAR *datetime;
const SETTEXTEX ste = {
.flags = ST_SELECTION,
make log window display unicode properly
13 years ago
.codepage = CP_UTF8
use managment interface
14 years ago
};
flags = strchr(line, ',') + 1;
if (flags - 1 == NULL)
return;
message = strchr(flags, ',') + 1;
if (message - 1 == NULL)
return;
Highlight warning and error messages in status window - Change text color of log lines with flags = W, N, F v2: replace strchr with memchr to avoid modifying line Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
size_t flag_size = message - flags - 1; /* message is always > flags */
use managment interface
14 years ago
/* Remove lines from log window if it is getting full */
if (SendMessage(logWnd, EM_GETLINECOUNT, 0, 0) > MAX_LOG_LINES)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
use managment interface
14 years ago
int pos = SendMessage(logWnd, EM_LINEINDEX, DEL_LOG_LINES, 0);
SendMessage(logWnd, EM_SETSEL, 0, pos);
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) _T(""));
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
use managment interface
14 years ago
timestamp = strtol(line, NULL, 10);
datetime = _tctime(&timestamp);
datetime[24] = _T(' ');
Highlight warning and error messages in status window - Change text color of log lines with flags = W, N, F v2: replace strchr with memchr to avoid modifying line Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* deselect current selection, if any */
use managment interface
14 years ago
SendMessage(logWnd, EM_SETSEL, (WPARAM) -1, (LPARAM) -1);
Highlight warning and error messages in status window - Change text color of log lines with flags = W, N, F v2: replace strchr with memchr to avoid modifying line Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* change text color if Warning or Error */
COLORREF text_clr = 0;
if (memchr(flags, 'N', flag_size) || memchr(flags, 'F', flag_size))
text_clr = o.clr_error;
else if (memchr(flags, 'W', flag_size))
text_clr = o.clr_warning;
if (text_clr != 0)
{
CHARFORMAT cfm = { .cbSize = sizeof(CHARFORMAT),
.dwMask = CFM_COLOR|CFM_BOLD,
.dwEffects = 0,
.crTextColor = text_clr,
};
SendMessage(logWnd, EM_SETCHARFORMAT, SCF_SELECTION, (LPARAM) &cfm);
}
/* Append line to log window */
use managment interface
14 years ago
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) datetime);
SendMessage(logWnd, EM_SETTEXTEX, (WPARAM) &ste, (LPARAM) message);
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) _T("\n"));
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
Show assigned ipv6 address in balloon and tray popup Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* expect ipv4,remote,port,,,ipv6 */
static void
parse_assigned_ip(connection_t *c, const char *msg)
{
char *sep;
Clear c->ip and c->ipv6 buffers before reset Trac: #1064 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
CLEAR(c->ip);
CLEAR(c->ipv6);
Show assigned ipv6 address in balloon and tray popup Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* extract local ipv4 address if available*/
sep = strchr(msg, ',');
if (sep == NULL)
return;
/* Convert the IP address to Unicode */
Clear c->ip and c->ipv6 buffers before reset Trac: #1064 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
if (sep - msg > 0
&& MultiByteToWideChar(CP_UTF8, 0, msg, sep-msg, c->ip, _countof(c->ip)-1) == 0)
{
WriteStatusLog(c, L"GUI> ", L"Failed to extract the assigned ipv4 address (error = %d)",
GetLastError());
c->ip[0] = L'\0';
}
Show assigned ipv6 address in balloon and tray popup Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* extract local ipv6 address if available */
Clear c->ip and c->ipv6 buffers before reset Trac: #1064 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
Show assigned ipv6 address in balloon and tray popup Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* skip 4 commas */
for (int i = 0; i < 4 && sep; i++)
{
sep = strchr(sep + 1, ',');
}
if (!sep)
return;
sep++; /* start of ipv6 address */
/* Convert the IP address to Unicode */
Clear c->ip and c->ipv6 buffers before reset Trac: #1064 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
if (MultiByteToWideChar(CP_UTF8, 0, sep, -1, c->ipv6, _countof(c->ipv6)-1) == 0)
{
WriteStatusLog(c, L"GUI> ", L"Failed to extract the assigned ipv6 address (error = %d)",
GetLastError());
c->ipv6[0] = L'\0';
}
Show assigned ipv6 address in balloon and tray popup Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
Notify dialog windows when OpenVPN state changes Use a custom message to pass state change notification from OpenVPN to all top level windows in the thread. Currently only the pending auth dialog responds to this message by closing when the state changes. The state change could be due to timeout, errors or success via out-of-band authentication which makes the dialog no longer valid. The case of CR_TEXT messages that do not require a response is handled in the next commit. See also issue #440 https://github.com/OpenVPN/openvpn-gui/issues/440 Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
/*
* Send a custom message to Window hwnd when state changes
* hwnd : handle of the window to which the message is sent
* lParam : pointer to the state string (char *) received from
* OpenVPN daemon (e., "CONNECTED")
* The function signature matches callback for EnumThreadWindows.
*/
openvpn.c: add missing calling convention Commit 131c75e5 ("Notify dialog windows when OpenVPN state changes") added callback function, but forgot to specify __stdcall calling convention with CALLBACK keyword. This is not an issue for x64 builds, but x86 requires __stdcall calling convention for callbacks, otherwise compiler throws an error: Error: D:\a\openvpn-gui\openvpn-gui\openvpn.c(292): error C2440: 'function': cannot convert from 'BOOL (__cdecl *)(HWND,LPARAM)' to 'WNDENUMPROC' Reported-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: Lev Stipakov <lev@openvpn.net>
3 years ago
BOOL CALLBACK
Notify dialog windows when OpenVPN state changes Use a custom message to pass state change notification from OpenVPN to all top level windows in the thread. Currently only the pending auth dialog responds to this message by closing when the state changes. The state change could be due to timeout, errors or success via out-of-band authentication which makes the dialog no longer valid. The case of CR_TEXT messages that do not require a response is handled in the next commit. See also issue #440 https://github.com/OpenVPN/openvpn-gui/issues/440 Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
NotifyStateChange(HWND hwnd, LPARAM lParam)
{
SendMessage(hwnd, WM_OVPN_STATE, 0, lParam);
return TRUE;
}
use managment interface
14 years ago
/*
* Handle a state change notification from the OpenVPN management interface
* Format <TIMESTAMP>,<STATE>,[<MESSAGE>],[<LOCAL_IP>][,<REMOTE_IP>]
*/
void
OnStateChange(connection_t *c, char *data)
remove support for openvpn version < 2.0
15 years ago
{
use managment interface
14 years ago
char *pos, *state, *message;
pos = strchr(data, ',');
if (pos == NULL)
return;
*pos = '\0';
state = pos + 1;
pos = strchr(state, ',');
if (pos == NULL)
return;
*pos = '\0';
message = pos + 1;
pos = strchr(message, ',');
if (pos == NULL)
return;
*pos = '\0';
Notify dialog windows when OpenVPN state changes Use a custom message to pass state change notification from OpenVPN to all top level windows in the thread. Currently only the pending auth dialog responds to this message by closing when the state changes. The state change could be due to timeout, errors or success via out-of-band authentication which makes the dialog no longer valid. The case of CR_TEXT messages that do not require a response is handled in the next commit. See also issue #440 https://github.com/OpenVPN/openvpn-gui/issues/440 Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
/* notify the all windows in the thread of state change */
EnumThreadWindows(GetCurrentThreadId(), NotifyStateChange, (LPARAM) state);
Show assigned ipv6 address in balloon and tray popup Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
if (strcmp(state, "CONNECTED") == 0)
{
parse_assigned_ip(c, pos + 1);
}
Mark status as connected only if openvpn reports CONNECTED,SUCCESS Avoid reporting a connection that completed with errors (state change message = CONNECTED,ERROR) as successful. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
if (strcmp(state, "CONNECTED") == 0 && strcmp(message, "SUCCESS") == 0)
use managment interface
14 years ago
{
Show assigned ipv6 address in balloon and tray popup Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* concatenate ipv4 and ipv6 addresses into one string */
WCHAR ip_txt[256];
WCHAR ip[64];
wcs_concat2(ip, _countof(ip), c->ip, c->ipv6, L", ");
LoadLocalizedStringBuf(ip_txt, _countof(ip_txt), IDS_NFO_ASSIGN_IP, ip);
use managment interface
14 years ago
/* Run Connect Script */
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if (!(c->flags & FLAG_DAEMON_PERSISTENT)
&& (c->state == connecting || c->state == resuming))
{
use managment interface
14 years ago
RunConnectScript(c, false);
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
}
use managment interface
14 years ago
/* Show connection tray balloon */
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if ((c->state == connecting && o.show_balloon != 0)
|| (c->state == resuming && o.show_balloon != 0)
|| (c->state == reconnecting && o.show_balloon == 2))
use managment interface
14 years ago
{
TCHAR msg[256];
use CRT's _countof instead of proprietary _tsizeof
13 years ago
LoadLocalizedStringBuf(msg, _countof(msg), IDS_NFO_NOW_CONNECTED, c->config_name);
Show assigned ipv6 address in balloon and tray popup Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
ShowTrayBalloon(msg, (ip[0] ? ip_txt : _T("")));
use managment interface
14 years ago
}
remove support for openvpn version < 2.0
15 years ago
use managment interface
14 years ago
/* Save time when we got connected. */
c->connected_since = atoi(data);
c->failed_psw_attempts = 0;
Distinguish between auth and key password failures Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
c->failed_auth_attempts = 0;
use managment interface
14 years ago
c->state = connected;
remove support for openvpn version < 2.0
15 years ago
use managment interface
14 years ago
SetMenuStatus(c, connected);
SetTrayIcon(connected);
remove support for openvpn version < 2.0
15 years ago
use managment interface
14 years ago
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_CONNECTED));
Display assigned IPs and connection stats on status window - Show the assigned IP numbers, traffic stats (bytes in/out), and the GUI and OpenVPN core versions on the status window. Note: IDS_TXT_BYTECOUNT = "Bytes in: %s out %s" needs translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
SetDlgItemTextW(c->hwndStatus, ID_TXT_IP, ip_txt);
use managment interface
14 years ago
SetStatusWinIcon(c->hwndStatus, ID_ICO_CONNECTED);
/* Hide Status Window */
ShowWindow(c->hwndStatus, SW_HIDE);
remove support for openvpn version < 2.0
15 years ago
}
use managment interface
14 years ago
else if (strcmp(state, "RECONNECTING") == 0)
{
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (!c->dynamic_cr)
{
Distinguish between auth and key password failures Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
if (strcmp(message, "auth-failure") == 0)
c->failed_auth_attempts++;
else if (strcmp(message, "private-key-password-failure") == 0)
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
c->failed_psw_attempts++;
}
use managment interface
14 years ago
Parse and display messages received by echo msg commands Process four new echo commands to construct messages to be displayed to the user: echo msg message-text echo msg-n message-text echo msg-window message-title echo msg-notify message-title Note: All rules of push and echo processing apply and determine what is received as echo commands by the GUI. In addition, 'url-encoded' characters (% followed by two hex digits) are decoded and displayed. The message is constructed in the GUI by concatenating the text specified in one or more "echo msg text" or "echo msg-n text" commands. In case of "echo msg text" text is appended with a new line. An empty text in this case will just add a new line. The message ends and gets displayed when one of the following are receieved: echo msg-window title echo msg-notify title where "title" becomes the title of the message window. In case of msg-window, a modeless window shows the message, in the latter case a notification balloon is shown. Example: when pushed from the server: push "echo msg I say let the world go to hell%2C" push "echo msg I must have my cup of tea." push "echo msg-window Notes from the underground" will display a modeless window with title "Notes from the underground" and a two line body -- I say let the world go to hell, I must have my cup of tea. -- Note that the message itself is not quoted in the above examples and so it relies on the server's option-parser combining individual words into a space separated string. Number of words on a line is limited by the maximum number of parameters allowed in openvpn commands (16). This limitation may be avoided by quoting the text that follows so that the option parser sees it as one parameter. The comma character is not allowed in pushed strings, so it has to be sent encoded as %2C as shown above. Such encoding of arbitrary bytes is suppored. For example, newlines may be embedded as %0A, though discouraged. Instead use multiple "echo msg" commands to separate lines by new line. An example with embedded spaces and multiple lines concatenated without a new line in between (note use of single quotes): push "echo msg-n I swear to you gentlemen%2C that to be" push "echo msg-n ' overly conscious is a sickness%2C ' " push "echo msg-n a real%2C thorough sickness." push "echo msg-notify Quote of the Day" will show up as a notification that displays for an OS-dependent interval as: -- Quote of the Day I swear to you gentlemen, that to be overly conscious is a sickness, a real, thorough sickness. -- where the location of the line break is automatically determined by the notification API and is OS version-dependent. Commands like "echo msg ..." in the config file are also processed the same way. It gets displayed when the GUI connects to the management interface and receives all pending echo. Pushed message(s) get displayed when the client daemon processes push-reply and passes on echo directives to the GUI. TODO: The actual window that displays the messages is implemented in the next commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
echo_msg_clear(c, false); /* do not clear history */
Only change to reconnecting when already connected
4 years ago
// We change the state to reconnecting only if there was a prior successful connection.
if (c->state == connected)
{
c->state = reconnecting;
// Update the tray icon
CheckAndSetTrayIcon();
use managment interface
14 years ago
Only change to reconnecting when already connected
4 years ago
// And the texts in the status window
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_RECONNECTING));
SetDlgItemTextW(c->hwndStatus, ID_TXT_IP, L"");
SetStatusWinIcon(c->hwndStatus, ID_ICO_CONNECTING);
}
remove support for openvpn version < 2.0
15 years ago
}
}
Auto submit saved auth-user-pass credentials after a brief delay - Effective only when username and password are saved. - The user may interrupt auto submission and edit the username/password. - If silent_connection is on the dialog is bypassed without any delay. v2 changes: - Display message in normal text color and show remaining time Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
static void
SimulateButtonPress(HWND hwnd, UINT btn)
{
SendMessage(hwnd, WM_COMMAND, MAKEWPARAM(btn, BN_CLICKED), (LPARAM)GetDlgItem(hwnd, btn));
}
/* A private struct to keep autoclose parameters */
typedef struct autoclose {
UINT start; /* start time in msec */
UINT timeout; /* timeout in msec at which autoclose triggers */
UINT btn; /* button which is 'pressed' for autoclose */
UINT txtid; /* id of a text control to display an informaltional message */
UINT txtres; /* resource id of localized text to use for message:
LoadLocalizedString(txtid, time_remaining_in_seconds)
is used to generate the message */
COLORREF txtclr; /* color for message text */
} autoclose;
/* Cancel scheduled auto close of a dialog */
static void
AutoCloseCancel(HWND hwnd)
{
autoclose *ac = (autoclose *)GetProp(hwnd, L"AutoClose");
if (!ac)
return;
if (ac->txtid)
SetDlgItemText(hwnd, ac->txtid, L"");
KillTimer(hwnd, 1);
RemoveProp(hwnd, L"AutoClose");
free(ac);
}
/* Called when autoclose timer expires. */
static void CALLBACK
AutoCloseHandler(HWND hwnd, UINT UNUSED msg, UINT_PTR id, DWORD now)
{
autoclose *ac = (autoclose *)GetProp(hwnd, L"AutoClose");
if (!ac)
return;
UINT end = ac->start + ac->timeout;
if (now >= end)
{
SimulateButtonPress(hwnd, ac->btn);
AutoCloseCancel(hwnd);
}
else
{
SetDlgItemText(hwnd, ac->txtid, LoadLocalizedString(ac->txtres, (end - now)/1000));
SetTimer(hwnd, id, 500, AutoCloseHandler);
}
}
/* Schedule an event to automatically activate specified btn after timeout seconds.
* Used for automatically closing a dialog after some delay unless user interrupts.
* Optionally a txtid and txtres resource may be specified to display a message.
* %u in the message is replaced by time remaining before timeout will trigger.
* Call AutoCloseCancel to cancel the scheduled event and clear the displayed
* text.
*/
static void
AutoCloseSetup(HWND hwnd, UINT btn, UINT timeout, UINT txtid, UINT txtres)
{
if (timeout == 0)
SimulateButtonPress(hwnd, btn);
else
{
autoclose *ac = GetPropW(hwnd, L"AutoClose"); /* reuse if set */
if (!ac && (ac = malloc(sizeof(autoclose))) == NULL)
return;
*ac = (autoclose) {.start = GetTickCount(), .timeout = timeout*1000, .btn = btn,
.txtid = txtid, .txtres = txtres, .txtclr = GetSysColor(COLOR_WINDOWTEXT)};
SetTimer(hwnd, 1, 500, AutoCloseHandler); /* using timer id = 1 */
if (txtid && txtres)
SetDlgItemText(hwnd, txtid, LoadLocalizedString(txtres, timeout));
SetPropW(hwnd, L"AutoClose", (HANDLE) ac);
}
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
/*
Adding static-challenge support
9 years ago
* DialogProc for OpenVPN username/password/challenge auth dialog windows
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
*/
don't define callback functions as static
11 years ago
INT_PTR CALLBACK
use managment interface
14 years ago
UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
Adding static-challenge support
9 years ago
auth_param_t *param;
Auto submit saved auth-user-pass credentials after a brief delay - Effective only when username and password are saved. - The user may interrupt auto submission and edit the username/password. - If silent_connection is on the dialog is bypassed without any delay. v2 changes: - Display message in normal text color and show remaining time Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
WCHAR username[USER_PASS_LEN] = L"";
WCHAR password[USER_PASS_LEN] = L"";
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
switch (msg)
{
case WM_INITDIALOG:
make auth popups show when returning from suspend
12 years ago
/* Set connection for this dialog and show it */
Adding static-challenge support
9 years ago
param = (auth_param_t *) lParam;
SetProp(hwndDlg, cfgProp, (HANDLE) param);
simplify caption on user/password auth window also add openvpn ico to auth window
7 years ago
SetStatusWinIcon(hwndDlg, ID_ICO_APP);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (param->str)
Adding static-challenge support
9 years ago
{
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
LPWSTR wstr = Widen (param->str);
Adding static-challenge support
9 years ago
HWND wnd_challenge = GetDlgItem(hwndDlg, ID_EDT_AUTH_CHALLENGE);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (!wstr)
WriteStatusLog(param->c, L"GUI> ", L"Error converting challenge string to widechar", false);
else
SetDlgItemTextW(hwndDlg, ID_TXT_AUTH_CHALLENGE, wstr);
Adding static-challenge support
9 years ago
free(wstr);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Adding static-challenge support
9 years ago
/* Set/Remove style ES_PASSWORD by SetWindowLong(GWL_STYLE) does nothing,
send EM_SETPASSWORDCHAR just works. */
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (param->flags & FLAG_CR_ECHO)
Adding static-challenge support
9 years ago
SendMessage(wnd_challenge, EM_SETPASSWORDCHAR, 0, 0);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Adding static-challenge support
9 years ago
}
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (RecallUsername(param->c->config_name, username))
Set focus to password field when username is filled When the username is filled automatically, set the focus to the password field. This way you can enter the password immedediately without having the press TAB (or even worst users using the mouse to click on the password field).
8 years ago
{
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
SetDlgItemTextW(hwndDlg, ID_EDT_AUTH_USER, username);
Set focus to password field when username is filled When the username is filled automatically, set the focus to the password field. This way you can enter the password immedediately without having the press TAB (or even worst users using the mouse to click on the password field).
8 years ago
SetFocus(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS));
}
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (RecallAuthPass(param->c->config_name, password))
{
SetDlgItemTextW(hwndDlg, ID_EDT_AUTH_PASS, password);
Do not auto submit username/password after an auth failure - This case was missed by commit 5fb23f6ad9 that introduced automatic username/password submission. - Also avoid auto submit if the recalled password is an empty string. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
if (username[0] != L'\0' && !(param->flags & FLAG_CR_TYPE_SCRV1)
&& password[0] != L'\0' && param->c->failed_auth_attempts == 0)
Auto submit saved auth-user-pass credentials after a brief delay - Effective only when username and password are saved. - The user may interrupt auto submission and edit the username/password. - If silent_connection is on the dialog is bypassed without any delay. v2 changes: - Display message in normal text color and show remaining time Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
{
/* user/pass available and no challenge response needed: skip dialog
* if silent_connection is on, else auto submit after a few seconds.
* User can interrupt.
*/
SetFocus(GetDlgItem(hwndDlg, IDOK));
UINT timeout = o.silent_connection ? 0 : 6; /* in seconds */
AutoCloseSetup(hwndDlg, IDOK, timeout, ID_TXT_WARNING, IDS_NFO_AUTO_CONNECT);
}
Do not clear saved passwords on verification failure After a failure the auth-pass dialog is shown with the password field prefilled but highlighted. This allows the user to easily overwrite the password or resubmit the old password if the failure was temporary. After a private key passphrase failure, the dialog is not prefilled with saved password as this failure happens locally and in such cases the password is very likely wrong. If the user aborts the dialog by pressing cancel, the saved password will get used during the next connection attempt. Wrong username or password warning text is changed to: "Wrong credentials". Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* if auth failed, highlight password so that user can type over */
else if (param->c->failed_auth_attempts)
{
SendMessage(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS), EM_SETSEL, 0, MAKELONG(0,-1));
}
set focus to challenge when password already filled
5 years ago
else if (param->flags & FLAG_CR_TYPE_SCRV1)
{
SetFocus(GetDlgItem(hwndDlg, ID_EDT_AUTH_CHALLENGE));
}
Do not auto submit username/password after an auth failure - This case was missed by commit 5fb23f6ad9 that introduced automatic username/password submission. - Also avoid auto submit if the recalled password is an empty string. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
SecureZeroMemory(password, sizeof(password));
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
}
Add a system-wide option to disable the password save feature - A new registry HKLM\Software\OpenVPN\disable_save_passwords (32 bit DWORD value) may be set to a non-zero value to disable password saving by users. Applies to both auth and private key passwords. Usernames are always saved. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
if (param->c->flags & FLAG_DISABLE_SAVE_PASS)
ShowWindow(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), SW_HIDE);
else if (param->c->flags & FLAG_SAVE_AUTH_PASS)
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Button_SetCheck(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_CHECKED);
simplify caption on user/password auth window also add openvpn ico to auth window
7 years ago
SetWindowText (hwndDlg, param->c->config_name);
Add a warning message when authentication is retried due to wrong credentials - "Wrong username or password" message shown in the auth userpass dialog after an auth failure - "Wrong password" message shown in the private key password dialog after a password failure. These message texts are colored red by default (TODO: make the color customizable) Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
if (param->c->failed_auth_attempts > 0)
SetDlgItemTextW(hwndDlg, ID_TXT_WARNING, LoadLocalizedString(IDS_NFO_AUTH_PASS_RETRY));
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Adding static-challenge support
9 years ago
if (param->c->state == resuming)
make auth popups show when returning from suspend
12 years ago
ForceForegroundWindow(hwndDlg);
else
SetForegroundWindow(hwndDlg);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
use managment interface
14 years ago
break;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
Auto submit saved auth-user-pass credentials after a brief delay - Effective only when username and password are saved. - The user may interrupt auto submission and edit the username/password. - If silent_connection is on the dialog is bypassed without any delay. v2 changes: - Display message in normal text color and show remaining time Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
case WM_LBUTTONDOWN:
case WM_RBUTTONDOWN:
case WM_NCLBUTTONDOWN:
case WM_NCRBUTTONDOWN:
/* user interrupt */
AutoCloseCancel(hwndDlg);
break;
use managment interface
14 years ago
case WM_COMMAND:
Adding static-challenge support
9 years ago
param = (auth_param_t *) GetProp(hwndDlg, cfgProp);
use managment interface
14 years ago
switch (LOWORD(wParam))
{
enforce entry of a username when querying auth
13 years ago
case ID_EDT_AUTH_USER:
In User-Auth dialog require non-empty password or PIN We had earlier supported blank passwords or OTPs to be submitted. Change this by enabling the OK button only if some minimal inputs are present. - In static challenge dialog require username and either password or challenge-reponse (OTP) fields to be non-empty - In normal user-auth dialog require username and password to be non-empty Signed-off-by: Selva Nair <selva.nair@gmail.com>
4 years ago
case ID_EDT_AUTH_PASS:
case ID_EDT_AUTH_CHALLENGE:
enforce entry of a username when querying auth
13 years ago
if (HIWORD(wParam) == EN_UPDATE)
{
In User-Auth dialog require non-empty password or PIN We had earlier supported blank passwords or OTPs to be submitted. Change this by enabling the OK button only if some minimal inputs are present. - In static challenge dialog require username and either password or challenge-reponse (OTP) fields to be non-empty - In normal user-auth dialog require username and password to be non-empty Signed-off-by: Selva Nair <selva.nair@gmail.com>
4 years ago
/* enable OK button only if username and either password or response are filled */
BOOL enableOK = GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_USER))
&& (GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS))
|| ((param->flags & FLAG_CR_TYPE_SCRV1)
&& GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_CHALLENGE)))
);
EnableWindow(GetDlgItem(hwndDlg, IDOK), enableOK);
enforce entry of a username when querying auth
13 years ago
}
Auto submit saved auth-user-pass credentials after a brief delay - Effective only when username and password are saved. - The user may interrupt auto submission and edit the username/password. - If silent_connection is on the dialog is bypassed without any delay. v2 changes: - Display message in normal text color and show remaining time Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
AutoCloseCancel(hwndDlg); /* user interrupt */
break;
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
case ID_CHK_SAVE_PASS:
param->c->flags ^= FLAG_SAVE_AUTH_PASS;
if (param->c->flags & FLAG_SAVE_AUTH_PASS)
Button_SetCheck(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_CHECKED);
else
{
DeleteSavedAuthPass(param->c->config_name);
Button_SetCheck(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_UNCHECKED);
}
Auto submit saved auth-user-pass credentials after a brief delay - Effective only when username and password are saved. - The user may interrupt auto submission and edit the username/password. - If silent_connection is on the dialog is bypassed without any delay. v2 changes: - Display message in normal text color and show remaining time Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
AutoCloseCancel(hwndDlg); /* user interrupt */
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
break;
use managment interface
14 years ago
case IDOK:
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (GetDlgItemTextW(hwndDlg, ID_EDT_AUTH_USER, username, _countof(username)))
{
Check for invalid characters in user inputs - Flag password and username input if these contain an invalid character (currently only embedded '\n' is disallowed). Shows a popup when OK is pressed so that the user can correct the input and resubmit. - Add an error message to the log when the management i/f returns ERROR for incorrectly parsed commands. Otherwise such errors go unnoticed. Note: IDS_ERR_INVALID_USERNAME/PASSWORD need translations. Reported and tested by: Florian Beier (H4ndl3 on github) Fixes Trac: #958 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
if (!validate_input(username, L"\n"))
{
show_error_tip(GetDlgItem(hwndDlg, ID_EDT_AUTH_USER), LoadLocalizedString(IDS_ERR_INVALID_USERNAME_INPUT));
return 0;
}
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
SaveUsername(param->c->config_name, username);
}
Check for invalid characters in user inputs - Flag password and username input if these contain an invalid character (currently only embedded '\n' is disallowed). Shows a popup when OK is pressed so that the user can correct the input and resubmit. - Add an error message to the log when the management i/f returns ERROR for incorrectly parsed commands. Otherwise such errors go unnoticed. Note: IDS_ERR_INVALID_USERNAME/PASSWORD need translations. Reported and tested by: Florian Beier (H4ndl3 on github) Fixes Trac: #958 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
if (GetDlgItemTextW(hwndDlg, ID_EDT_AUTH_PASS, password, _countof(password)))
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
Check for invalid characters in user inputs - Flag password and username input if these contain an invalid character (currently only embedded '\n' is disallowed). Shows a popup when OK is pressed so that the user can correct the input and resubmit. - Add an error message to the log when the management i/f returns ERROR for incorrectly parsed commands. Otherwise such errors go unnoticed. Note: IDS_ERR_INVALID_USERNAME/PASSWORD need translations. Reported and tested by: Florian Beier (H4ndl3 on github) Fixes Trac: #958 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
if (!validate_input(password, L"\n"))
{
show_error_tip(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS), LoadLocalizedString(IDS_ERR_INVALID_PASSWORD_INPUT));
SecureZeroMemory(password, sizeof(password));
return 0;
}
if ( param->c->flags & FLAG_SAVE_AUTH_PASS && wcslen(password) )
{
SaveAuthPass(param->c->config_name, password);
}
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
SecureZeroMemory(password, sizeof(password));
}
Adding static-challenge support
9 years ago
ManagementCommandFromInput(param->c, "username \"Auth\" \"%s\"", hwndDlg, ID_EDT_AUTH_USER);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (param->flags & FLAG_CR_TYPE_SCRV1)
Support for crtext This adds support for crtext method of pending authentication, used by Access Server 2.7 and newer. When enabled on the server side and on the client side (IV_SSO=crtext), server returns AUTH_PENDING with Info command like: CR_TEXT:R,E:Enter Authenticator Code Client prompts user for the response and sends base64-encoded response to the server via management interface command: cr-response SGFsbG8gV2VsdCE= See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part) for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
ManagementCommandFromTwoInputsBase64(param->c, "password \"Auth\" \"SCRV1:%s:%s\"", hwndDlg, ID_EDT_AUTH_PASS, ID_EDT_AUTH_CHALLENGE);
Adding static-challenge support
9 years ago
else
ManagementCommandFromInput(param->c, "password \"Auth\" \"%s\"", hwndDlg, ID_EDT_AUTH_PASS);
use managment interface
14 years ago
EndDialog(hwndDlg, LOWORD(wParam));
return TRUE;
case IDCANCEL:
EndDialog(hwndDlg, LOWORD(wParam));
Adding static-challenge support
9 years ago
StopOpenVPN(param->c);
use managment interface
14 years ago
return TRUE;
}
break;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
Add a warning message when authentication is retried due to wrong credentials - "Wrong username or password" message shown in the auth userpass dialog after an auth failure - "Wrong password" message shown in the private key password dialog after a password failure. These message texts are colored red by default (TODO: make the color customizable) Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
case WM_CTLCOLORSTATIC:
if (GetDlgCtrlID((HWND) lParam) == ID_TXT_WARNING)
{
Auto submit saved auth-user-pass credentials after a brief delay - Effective only when username and password are saved. - The user may interrupt auto submission and edit the username/password. - If silent_connection is on the dialog is bypassed without any delay. v2 changes: - Display message in normal text color and show remaining time Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
autoclose *ac = (autoclose *)GetProp(hwndDlg, L"AutoClose");
Add a warning message when authentication is retried due to wrong credentials - "Wrong username or password" message shown in the auth userpass dialog after an auth failure - "Wrong password" message shown in the private key password dialog after a password failure. These message texts are colored red by default (TODO: make the color customizable) Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
HBRUSH br = (HBRUSH) DefWindowProc(hwndDlg, msg, wParam, lParam);
Auto submit saved auth-user-pass credentials after a brief delay - Effective only when username and password are saved. - The user may interrupt auto submission and edit the username/password. - If silent_connection is on the dialog is bypassed without any delay. v2 changes: - Display message in normal text color and show remaining time Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* This text id is used for auth failure warning or autoclose message. Use appropriate color */
COLORREF clr = o.clr_warning;
if (ac && ac->txtid == ID_TXT_WARNING)
clr = ac->txtclr;
SetTextColor((HDC) wParam, clr);
Add a warning message when authentication is retried due to wrong credentials - "Wrong username or password" message shown in the auth userpass dialog after an auth failure - "Wrong password" message shown in the private key password dialog after a password failure. These message texts are colored red by default (TODO: make the color customizable) Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
return (INT_PTR) br;
}
break;
use managment interface
14 years ago
case WM_CLOSE:
EndDialog(hwndDlg, LOWORD(wParam));
simplify caption on user/password auth window also add openvpn ico to auth window
7 years ago
param = (auth_param_t *) GetProp(hwndDlg, cfgProp);
StopOpenVPN(param->c);
use managment interface
14 years ago
return TRUE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
case WM_NCDESTROY:
Adding static-challenge support
9 years ago
param = (auth_param_t *) GetProp(hwndDlg, cfgProp);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
free_auth_param (param);
Auto submit saved auth-user-pass credentials after a brief delay - Effective only when username and password are saved. - The user may interrupt auto submission and edit the username/password. - If silent_connection is on the dialog is bypassed without any delay. v2 changes: - Display message in normal text color and show remaining time Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
AutoCloseCancel(hwndDlg);
use managment interface
14 years ago
RemoveProp(hwndDlg, cfgProp);
break;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
use managment interface
14 years ago
return FALSE;
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/*
* DialogProc for challenge-response, token PIN etc.
*/
INT_PTR CALLBACK
GenericPassDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{
auth_param_t *param;
Check for invalid characters in user inputs - Flag password and username input if these contain an invalid character (currently only embedded '\n' is disallowed). Shows a popup when OK is pressed so that the user can correct the input and resubmit. - Add an error message to the log when the management i/f returns ERROR for incorrectly parsed commands. Otherwise such errors go unnoticed. Note: IDS_ERR_INVALID_USERNAME/PASSWORD need translations. Reported and tested by: Florian Beier (H4ndl3 on github) Fixes Trac: #958 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
WCHAR password[USER_PASS_LEN];
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
switch (msg)
{
case WM_INITDIALOG:
param = (auth_param_t *) lParam;
SetProp(hwndDlg, cfgProp, (HANDLE) param);
WCHAR *wstr = Widen (param->str);
if (!wstr)
{
WriteStatusLog(param->c, L"GUI> ", L"Error converting challenge string to widechar", false);
EndDialog(hwndDlg, LOWORD(wParam));
break;
}
Support for crtext This adds support for crtext method of pending authentication, used by Access Server 2.7 and newer. When enabled on the server side and on the client side (IV_SSO=crtext), server returns AUTH_PENDING with Info command like: CR_TEXT:R,E:Enter Authenticator Code Client prompts user for the response and sends base64-encoded response to the server via management interface command: cr-response SGFsbG8gV2VsdCE= See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part) for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
if (param->flags & FLAG_CR_TYPE_CRV1 || param->flags & FLAG_CR_TYPE_CRTEXT)
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
SetDlgItemTextW(hwndDlg, ID_TXT_DESCRIPTION, wstr);
/* Set password echo on if needed */
if (param->flags & FLAG_CR_ECHO)
SendMessage(GetDlgItem(hwndDlg, ID_EDT_RESPONSE), EM_SETPASSWORDCHAR, 0, 0);
Provide more space for challenge dialog text (#469) * Provide more space for challenge dialog text We do use a re-sizeable dialog box for dynamic challenge-response to cater for potentially long lines of challenge text. But the space specified for the widget is enough for only a single short line (~60 characters) of text. Increase the horizontal and vertical space to allow for up to two lines of ~120 characters per line. The default size of the Window is not changed. But it is automatically resized if the space required for the text is longer than the window width minus some margin. The max horizontal size of the window is capped at 640 nominal pixels as longer text will be wrapped in to two lines. Github issue #468 Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
/* Rendered size of challenge text and window rectangle */
SIZE sz = {0};
RECT rect = {0};
HDC hdc = GetDC(GetDlgItem(hwndDlg, ID_TXT_DESCRIPTION));
GetWindowRect(hwndDlg, &rect);
rect.right -= rect.left;
rect.bottom -= rect.top;
/* if space for text + some margin exceeds the window size, resize */
if (GetTextExtentPoint32W(hdc, wstr, wcslen(wstr), &sz)
&& LPtoDP(hdc, (POINT *) &sz, 1) /* logical to device units */
&& sz.cx + DPI_SCALE(15) > rect.right) /* 15 nominal pixel margin space */
{
/* new horizontal dimension with a max of 640 nominal pixels */
rect.right = min(DPI_SCALE(640), sz.cx + DPI_SCALE(15));
SetWindowPos(hwndDlg, NULL, 0, 0, rect.right, rect.bottom, SWP_NOMOVE);
PrintDebug(L"Window resized to = %d %d", rect.right, rect.bottom);
}
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
}
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
else if (param->flags & FLAG_PASS_TOKEN)
{
SetWindowText(hwndDlg, LoadLocalizedString(IDS_NFO_TOKEN_PASSWORD_CAPTION));
SetDlgItemText(hwndDlg, ID_TXT_DESCRIPTION, LoadLocalizedString(IDS_NFO_TOKEN_PASSWORD_REQUEST, param->id));
}
else
{
WriteStatusLog(param->c, L"GUI> ", L"Unknown password request", false);
SetDlgItemText(hwndDlg, ID_TXT_DESCRIPTION, wstr);
}
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
free(wstr);
AppendTextToCaption (hwndDlg, param->c->config_name);
if (param->c->state == resuming)
ForceForegroundWindow(hwndDlg);
else
SetForegroundWindow(hwndDlg);
Handle state change message when repsonse is not required Currently we show a messagebox with OK/CANCEL when response is not required but that cannot handle state change messages. Instead, show the "GenericPass" dialog with input disabled. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
/* If response is not required hide the response field */
if ((param->flags & FLAG_CR_TYPE_CRV1 || param->flags & FLAG_CR_TYPE_CRTEXT)
&& !(param->flags & FLAG_CR_RESPONSE))
{
ShowWindow(GetDlgItem(hwndDlg, ID_LTEXT_RESPONSE), SW_HIDE);
ShowWindow(GetDlgItem(hwndDlg, ID_EDT_RESPONSE), SW_HIDE);
}
else
{
/* disable OK button until response is filled-in */
EnableWindow(GetDlgItem(hwndDlg, IDOK), FALSE);
}
In generic password dialogs require non-empty inputs In private key passphrase and dynamic-challenge/pkcs11 PIN dialogs: - Disable the OK button by default - Require non-empty user input before the OK button is enabled Signed-off-by: Selva Nair <selva.nair@gmail.com>
4 years ago
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
break;
case WM_COMMAND:
param = (auth_param_t *) GetProp(hwndDlg, cfgProp);
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
const char *template;
char *fmt;
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
switch (LOWORD(wParam))
{
In generic password dialogs require non-empty inputs In private key passphrase and dynamic-challenge/pkcs11 PIN dialogs: - Disable the OK button by default - Require non-empty user input before the OK button is enabled Signed-off-by: Selva Nair <selva.nair@gmail.com>
4 years ago
case ID_EDT_RESPONSE:
if (HIWORD(wParam) == EN_UPDATE)
{
/* enable OK if response is non-empty */
BOOL enableOK = GetWindowTextLength((HWND) lParam);
EnableWindow(GetDlgItem(hwndDlg, IDOK), enableOK);
}
break;
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
case IDOK:
Check for invalid characters in user inputs - Flag password and username input if these contain an invalid character (currently only embedded '\n' is disallowed). Shows a popup when OK is pressed so that the user can correct the input and resubmit. - Add an error message to the log when the management i/f returns ERROR for incorrectly parsed commands. Otherwise such errors go unnoticed. Note: IDS_ERR_INVALID_USERNAME/PASSWORD need translations. Reported and tested by: Florian Beier (H4ndl3 on github) Fixes Trac: #958 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
if (GetDlgItemTextW(hwndDlg, ID_EDT_RESPONSE, password, _countof(password))
&& !validate_input(password, L"\n"))
{
show_error_tip(GetDlgItem(hwndDlg, ID_EDT_RESPONSE), LoadLocalizedString(IDS_ERR_INVALID_PASSWORD_INPUT));
SecureZeroMemory(password, sizeof(password));
return 0;
}
Support for crtext This adds support for crtext method of pending authentication, used by Access Server 2.7 and newer. When enabled on the server side and on the client side (IV_SSO=crtext), server returns AUTH_PENDING with Info command like: CR_TEXT:R,E:Enter Authenticator Code Client prompts user for the response and sends base64-encoded response to the server via management interface command: cr-response SGFsbG8gV2VsdCE= See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part) for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
if (param->flags & FLAG_CR_TYPE_CRTEXT)
{
Handling of CR_TEXT when no response is required As with CRV1, submit an empty string as the response. Our base64-encode functiton can handle empty input to generate an empty string as output. Also make ensure the message box is shown in foreground, and not dependent on the status window which may be hidden. Signed-off-by: Selva Nair <selva.nair@gmail.com>
4 years ago
ManagementCommandFromInputBase64(param->c, "cr-response \"%s\"", hwndDlg, ID_EDT_RESPONSE);
Support for crtext This adds support for crtext method of pending authentication, used by Access Server 2.7 and newer. When enabled on the server side and on the client side (IV_SSO=crtext), server returns AUTH_PENDING with Info command like: CR_TEXT:R,E:Enter Authenticator Code Client prompts user for the response and sends base64-encoded response to the server via management interface command: cr-response SGFsbG8gV2VsdCE= See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part) for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
EndDialog(hwndDlg, LOWORD(wParam));
return TRUE;
}
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (param->flags & FLAG_CR_TYPE_CRV1)
{
/* send username */
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
template = "username \"Auth\" \"%s\"";
Fix passing username for CRV1 response Escape the username string before passing to management interface. For other dialogs this is already done. Move string-escape to a function and process the username through it. Also escape space, single quote in addition to double quote and backslash. Reported by: Jakob Curdes <jc@info-systems.de> Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
char *username = escape_string(param->user);
fmt = malloc(strlen(template) + strlen(username));
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
Fix passing username for CRV1 response Escape the username string before passing to management interface. For other dialogs this is already done. Move string-escape to a function and process the username through it. Also escape space, single quote in addition to double quote and backslash. Reported by: Jakob Curdes <jc@info-systems.de> Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
if (fmt && username)
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
Fix passing username for CRV1 response Escape the username string before passing to management interface. For other dialogs this is already done. Move string-escape to a function and process the username through it. Also escape space, single quote in addition to double quote and backslash. Reported by: Jakob Curdes <jc@info-systems.de> Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
sprintf(fmt, template, username);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
ManagementCommand(param->c, fmt, NULL, regular);
}
else /* no memory? send an emty username and let it error out */
{
WriteStatusLog(param->c, L"GUI> ",
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
L"Out of memory: sending a generic username for dynamic CR", false);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
ManagementCommand(param->c, "username \"Auth\" \"user\"", NULL, regular);
}
Fix passing username for CRV1 response Escape the username string before passing to management interface. For other dialogs this is already done. Move string-escape to a function and process the username through it. Also escape space, single quote in addition to double quote and backslash. Reported by: Jakob Curdes <jc@info-systems.de> Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
free(fmt);
free(username);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
/* password template */
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
template = "password \"Auth\" \"CRV1::%s::%%s\"";
}
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
else /* generic password request of type param->id */
{
template = "password \"%s\" \"%%s\"";
}
fmt = malloc(strlen(template) + strlen(param->id));
if (fmt)
{
sprintf(fmt, template, param->id);
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
PrintDebug(L"Send passwd to mgmt with format: '%hs'", fmt);
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
ManagementCommandFromInput(param->c, fmt, hwndDlg, ID_EDT_RESPONSE);
free (fmt);
}
else /* no memory? send stop signal */
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
WriteStatusLog(param->c, L"GUI> ",
L"Out of memory in password dialog: sending stop signal", false);
StopOpenVPN (param->c);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
}
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
EndDialog(hwndDlg, LOWORD(wParam));
return TRUE;
case IDCANCEL:
EndDialog(hwndDlg, LOWORD(wParam));
StopOpenVPN(param->c);
return TRUE;
}
break;
Notify dialog windows when OpenVPN state changes Use a custom message to pass state change notification from OpenVPN to all top level windows in the thread. Currently only the pending auth dialog responds to this message by closing when the state changes. The state change could be due to timeout, errors or success via out-of-band authentication which makes the dialog no longer valid. The case of CR_TEXT messages that do not require a response is handled in the next commit. See also issue #440 https://github.com/OpenVPN/openvpn-gui/issues/440 Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
case WM_OVPN_STATE: /* state change message is received from OpenVPN daemon */
/*
* AUTH_PENDING immediately transitions to GET_CONFIG until
* auth succeeds or connection restarts/aborts.
* Close the CR_TEXT dialog if state changes to anything
* other than GET_CONFIG. The state is in lParam.
*/
param = (auth_param_t *) GetProp(hwndDlg, cfgProp);
if ((param->flags & FLAG_CR_TYPE_CRTEXT)
&& strcmp((const char *) lParam, "GET_CONFIG"))
{
EndDialog(hwndDlg, LOWORD(wParam));
}
return TRUE;
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
case WM_CLOSE:
EndDialog(hwndDlg, LOWORD(wParam));
return TRUE;
case WM_NCDESTROY:
param = (auth_param_t *) GetProp(hwndDlg, cfgProp);
free_auth_param (param);
RemoveProp(hwndDlg, cfgProp);
break;
}
return FALSE;
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
/*
* DialogProc for OpenVPN private key password dialog windows
*/
don't define callback functions as static
11 years ago
INT_PTR CALLBACK
use managment interface
14 years ago
PrivKeyPassDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{
connection_t *c;
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
WCHAR passphrase[KEY_PASS_LEN];
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
switch (msg)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
use managment interface
14 years ago
case WM_INITDIALOG:
make auth popups show when returning from suspend
12 years ago
/* Set connection for this dialog and show it */
c = (connection_t *) lParam;
SetProp(hwndDlg, cfgProp, (HANDLE) c);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
AppendTextToCaption (hwndDlg, c->config_name);
Do not clear saved passwords on verification failure After a failure the auth-pass dialog is shown with the password field prefilled but highlighted. This allows the user to easily overwrite the password or resubmit the old password if the failure was temporary. After a private key passphrase failure, the dialog is not prefilled with saved password as this failure happens locally and in such cases the password is very likely wrong. If the user aborts the dialog by pressing cancel, the saved password will get used during the next connection attempt. Wrong username or password warning text is changed to: "Wrong credentials". Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
if (RecallKeyPass(c->config_name, passphrase) && wcslen(passphrase)
&& c->failed_psw_attempts == 0)
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
/* Use the saved password and skip the dialog */
SetDlgItemTextW(hwndDlg, ID_EDT_PASSPHRASE, passphrase);
SecureZeroMemory(passphrase, sizeof(passphrase));
ManagementCommandFromInput(c, "password \"Private Key\" \"%s\"", hwndDlg, ID_EDT_PASSPHRASE);
EndDialog(hwndDlg, IDOK);
return TRUE;
}
Add a system-wide option to disable the password save feature - A new registry HKLM\Software\OpenVPN\disable_save_passwords (32 bit DWORD value) may be set to a non-zero value to disable password saving by users. Applies to both auth and private key passwords. Usernames are always saved. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
if (c->flags & FLAG_DISABLE_SAVE_PASS)
ShowWindow(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), SW_HIDE);
else if (c->flags & FLAG_SAVE_KEY_PASS)
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Button_SetCheck (GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_CHECKED);
Add a warning message when authentication is retried due to wrong credentials - "Wrong username or password" message shown in the auth userpass dialog after an auth failure - "Wrong password" message shown in the private key password dialog after a password failure. These message texts are colored red by default (TODO: make the color customizable) Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
if (c->failed_psw_attempts > 0)
SetDlgItemTextW(hwndDlg, ID_TXT_WARNING, LoadLocalizedString(IDS_NFO_KEY_PASS_RETRY));
make auth popups show when returning from suspend
12 years ago
if (c->state == resuming)
ForceForegroundWindow(hwndDlg);
else
SetForegroundWindow(hwndDlg);
In generic password dialogs require non-empty inputs In private key passphrase and dynamic-challenge/pkcs11 PIN dialogs: - Disable the OK button by default - Require non-empty user input before the OK button is enabled Signed-off-by: Selva Nair <selva.nair@gmail.com>
4 years ago
/* disable OK button by default - not disabled in resources */
EnableWindow(GetDlgItem(hwndDlg, IDOK), FALSE);
make auth popups show when returning from suspend
12 years ago
break;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
case WM_COMMAND:
c = (connection_t *) GetProp(hwndDlg, cfgProp);
switch (LOWORD(wParam))
{
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
case ID_CHK_SAVE_PASS:
c->flags ^= FLAG_SAVE_KEY_PASS;
if (c->flags & FLAG_SAVE_KEY_PASS)
Button_SetCheck (GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_CHECKED);
else
{
Button_SetCheck (GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_UNCHECKED);
DeleteSavedKeyPass(c->config_name);
}
break;
In generic password dialogs require non-empty inputs In private key passphrase and dynamic-challenge/pkcs11 PIN dialogs: - Disable the OK button by default - Require non-empty user input before the OK button is enabled Signed-off-by: Selva Nair <selva.nair@gmail.com>
4 years ago
case ID_EDT_PASSPHRASE:
if (HIWORD(wParam) == EN_UPDATE)
{
/* enable OK if response is non-empty */
BOOL enableOK = GetWindowTextLength((HWND) lParam);
EnableWindow(GetDlgItem(hwndDlg, IDOK), enableOK);
}
break;
use managment interface
14 years ago
case IDOK:
Check for invalid characters in user inputs - Flag password and username input if these contain an invalid character (currently only embedded '\n' is disallowed). Shows a popup when OK is pressed so that the user can correct the input and resubmit. - Add an error message to the log when the management i/f returns ERROR for incorrectly parsed commands. Otherwise such errors go unnoticed. Note: IDS_ERR_INVALID_USERNAME/PASSWORD need translations. Reported and tested by: Florian Beier (H4ndl3 on github) Fixes Trac: #958 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
if (GetDlgItemTextW(hwndDlg, ID_EDT_PASSPHRASE, passphrase, _countof(passphrase)))
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
Check for invalid characters in user inputs - Flag password and username input if these contain an invalid character (currently only embedded '\n' is disallowed). Shows a popup when OK is pressed so that the user can correct the input and resubmit. - Add an error message to the log when the management i/f returns ERROR for incorrectly parsed commands. Otherwise such errors go unnoticed. Note: IDS_ERR_INVALID_USERNAME/PASSWORD need translations. Reported and tested by: Florian Beier (H4ndl3 on github) Fixes Trac: #958 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
if (!validate_input(passphrase, L"\n"))
{
show_error_tip(GetDlgItem(hwndDlg, ID_EDT_PASSPHRASE), LoadLocalizedString(IDS_ERR_INVALID_PASSWORD_INPUT));
SecureZeroMemory(passphrase, sizeof(passphrase));
return 0;
}
if ((c->flags & FLAG_SAVE_KEY_PASS) && wcslen(passphrase) > 0)
{
SaveKeyPass(c->config_name, passphrase);
}
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
SecureZeroMemory(passphrase, sizeof(passphrase));
}
remove limit for user/pass length, closes #3498438 Generation of the "username" and "password" management commands now happens centrally in the helper function ManagementCommandFromInput() in misc.c
13 years ago
ManagementCommandFromInput(c, "password \"Private Key\" \"%s\"", hwndDlg, ID_EDT_PASSPHRASE);
use managment interface
14 years ago
EndDialog(hwndDlg, LOWORD(wParam));
return TRUE;
case IDCANCEL:
EndDialog(hwndDlg, LOWORD(wParam));
Simplify some parameters and registry keys - Replace allow_password by a runtime check that enables password change menu only when the user has write-access to the key file. - Read exe_path and priority from HKLM and do not duplicate in HKCU. - Always allow the user to view the config: edit will succeed if user has write access. - Always include the proxy settings tab which is the default. - Remove the unused power event handling and disconnect_on_suspend key. - Remove password_attempts -- user can stop the password dilaog by clicking cancel. - Remove allow_service: implicitly enabled if service_only is used. - Deprecate removed options in cmd-line parser - Update README.rst - Close config file before exit in GetKeyFileName - Close thread and dialog handles in passphrase.c Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
StopOpenVPN (c);
use managment interface
14 years ago
return TRUE;
}
break;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
Add a warning message when authentication is retried due to wrong credentials - "Wrong username or password" message shown in the auth userpass dialog after an auth failure - "Wrong password" message shown in the private key password dialog after a password failure. These message texts are colored red by default (TODO: make the color customizable) Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
case WM_CTLCOLORSTATIC:
if (GetDlgCtrlID((HWND) lParam) == ID_TXT_WARNING)
{
HBRUSH br = (HBRUSH) DefWindowProc(hwndDlg, msg, wParam, lParam);
SetTextColor((HDC) wParam, o.clr_warning);
return (INT_PTR) br;
}
break;
use managment interface
14 years ago
case WM_CLOSE:
EndDialog(hwndDlg, LOWORD(wParam));
return TRUE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
case WM_NCDESTROY:
RemoveProp(hwndDlg, cfgProp);
break;
}
return FALSE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
static void
free_dynamic_cr (connection_t *c)
{
free (c->dynamic_cr);
c->dynamic_cr = NULL;
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
/*
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
* Parse dynamic challenge string received from the server. Returns
* true on success. The caller must free param->str and param->id
* even on error.
*/
URL profile import: support for 2FA When 2FA is enabled, server (such as AS) replies with HTTP 401 and issues a challenge. Use existing facilities to parse CRV message and prompt user for a response, then call REST method again with encoded response as HTTP auth password. See https://github.com/OpenVPN/openvpn3/blob/master/doc/webauth.md#challengeresponse-authentication for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
3 years ago
BOOL
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
parse_dynamic_cr (const char *str, auth_param_t *param)
{
BOOL ret = FALSE;
char *token[4] = {0};
char *p = strdup (str);
int i;
char *p1;
if (!param || !p) goto out;
/* expected: str = "E,R:challenge_id:user_b64:challenge_str" */
Bug fix for challenge string parsing Fix parsing of the challenge text that could contain the delimiter ':' Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
const char *delim = ":";
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
for (i = 0, p1 = p; i < 4; ++i, p1 = NULL)
{
Bug fix for challenge string parsing Fix parsing of the challenge text that could contain the delimiter ':' Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
if (i == 3)
delim = "" ; /* take the entire trailing string as the challenge */
token[i] = strtok (p1, delim); /* strtok is thread-safe on Windows */
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (!token[i])
{
WriteStatusLog(param->c, L"GUI> ", L"Error parsing dynamic challenge string", false);
goto out;
}
}
if (Base64Decode(token[2], &param->user) < 0)
{
WriteStatusLog(param->c, L"GUI> ", L"Error decoding the username in dynamic challenge string", false);
goto out;
}
param->flags |= FLAG_CR_TYPE_CRV1;
param->flags |= strchr(token[0], 'E') ? FLAG_CR_ECHO : 0;
param->flags |= strchr(token[0], 'R') ? FLAG_CR_RESPONSE : 0;
param->id = strdup(token[1]);
param->str = strdup(token[3]);
if (!param->id || !param->str)
goto out;
ret = TRUE;
out:
free (p);
return ret;
}
Support for crtext This adds support for crtext method of pending authentication, used by Access Server 2.7 and newer. When enabled on the server side and on the client side (IV_SSO=crtext), server returns AUTH_PENDING with Info command like: CR_TEXT:R,E:Enter Authenticator Code Client prompts user for the response and sends base64-encoded response to the server via management interface command: cr-response SGFsbG8gV2VsdCE= See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part) for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
/*
* Parse crtext string received from the server. Returns
* true on success. The caller must free param->str even on error.
*/
static BOOL
parse_crtext (const char* str, auth_param_t* param)
{
BOOL ret = FALSE;
char* token[2] = { 0 };
char* p = strdup(str);
char* p1;
if (!param || !p) goto out;
/* expected: str = "E,R:challenge_str" */
Bug fix for challenge string parsing Fix parsing of the challenge text that could contain the delimiter ':' Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
token[0] = p;
p1 = strchr(p, ':');
if (!p1)
Support for crtext This adds support for crtext method of pending authentication, used by Access Server 2.7 and newer. When enabled on the server side and on the client side (IV_SSO=crtext), server returns AUTH_PENDING with Info command like: CR_TEXT:R,E:Enter Authenticator Code Client prompts user for the response and sends base64-encoded response to the server via management interface command: cr-response SGFsbG8gV2VsdCE= See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part) for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
{
Bug fix for challenge string parsing Fix parsing of the challenge text that could contain the delimiter ':' Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
WriteStatusLog(param->c, L"GUI> ", L"Error parsing crtext challenge string", false);
goto out;
Support for crtext This adds support for crtext method of pending authentication, used by Access Server 2.7 and newer. When enabled on the server side and on the client side (IV_SSO=crtext), server returns AUTH_PENDING with Info command like: CR_TEXT:R,E:Enter Authenticator Code Client prompts user for the response and sends base64-encoded response to the server via management interface command: cr-response SGFsbG8gV2VsdCE= See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part) for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
}
Bug fix for challenge string parsing Fix parsing of the challenge text that could contain the delimiter ':' Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
*p1 = '\0';
token[1] = p1 + 1;
Support for crtext This adds support for crtext method of pending authentication, used by Access Server 2.7 and newer. When enabled on the server side and on the client side (IV_SSO=crtext), server returns AUTH_PENDING with Info command like: CR_TEXT:R,E:Enter Authenticator Code Client prompts user for the response and sends base64-encoded response to the server via management interface command: cr-response SGFsbG8gV2VsdCE= See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part) for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
param->flags |= FLAG_CR_TYPE_CRTEXT;
param->flags |= strchr(token[0], 'E') ? FLAG_CR_ECHO : 0;
param->flags |= strchr(token[0], 'R') ? FLAG_CR_RESPONSE : 0;
param->str = strdup(token[1]);
if (!param->str)
goto out;
ret = TRUE;
out:
free(p);
return ret;
}
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
/*
* Parse password or string request of the form "Need 'What' password/string MSG:message"
* and assign param->id = What, param->str = message. Also set param->flags if the type
* of the requested info is known. If message is empty param->id is copied to param->str.
* Return true on succsess. The caller must free param even when the function fails.
*/
static BOOL
parse_input_request (const char *msg, auth_param_t *param)
{
BOOL ret = FALSE;
char *p = strdup (msg);
char *sep[4] = {" ", "'", " ", ""}; /* separators to use to break up msg */
char *token[4];
char *p1 = p;
for (int i = 0; i < 4; ++i, p1 = NULL)
{
token[i] = strtok (p1, sep[i]); /* strtok is thread-safe on Windows */
if (!token[i] && i < 3) /* first three tokens required */
goto out;
}
if (token[3] && strncmp(token[3], "MSG:", 4) == 0)
token[3] += 4;
if (!token[3] || !*token[3]) /* use id as the description if none provided */
token[3] = token[1];
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
PrintDebug (L"Tokens: '%hs' '%hs' '%hs' '%hs'", token[0], token[1],
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
token[2], token[3]);
if (strcmp (token[0], "Need") != 0)
goto out;
if ((param->id = strdup(token[1])) == NULL)
goto out;
if (strcmp(token[2], "password") == 0)
{
if (strcmp (param->id, "Private Key") == 0)
param->flags |= FLAG_PASS_PKEY;
else
param->flags |= FLAG_PASS_TOKEN;
}
else if (strcmp(token[2], "string") == 0
&& strcmp (param->id, "pkcs11-id-request") == 0)
{
param->flags |= FLAG_STRING_PKCS11;
}
param->str = strdup (token[3]);
if (param->str == NULL)
goto out;
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
PrintDebug (L"parse_input_request: id = '%hs' str = '%hs' flags = %u",
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
param->id, param->str, param->flags);
ret = TRUE;
out:
free (p);
if (!ret)
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
PrintDebug (L"Error parsing password/string request msg: <%hs>", msg);
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
return ret;
}
Parse ECHO directives from openvpn Support the following echo commands - "echo forget-passwords": delete passwords internally saved by the GUI but do not disable the password save feature. Useful when pushed from the server so that it gets processed after authentication. Also see management-notes.txt in openvpn docs. - "echo save-passwords": enables private-key and auth-user-pass passwords to be saved. Will be effective at startup only if present in the config file. If pushed from the server, will get used for subsequent password prompts. Essentially this has the effect of presenting the password dialogs to the user with save-password checkbox selected. The user may still uncheck it during the dialog. Note: echo commands are processed as and when they are received and in the order received. TODO: support for "echo setenv name var", "echo disable-save-passwords" etc.. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
/*
* Handle >ECHO: request from OpenVPN management interface
* Expect msg = timestamp,message
*/
void
OnEcho(connection_t *c, char *msg)
{
Support for 'setenv name var' using echo - Implement connection specific env variables. These are merged with the process environment strings and passed to scripts. - To set an env variable, use 'echo setenv name value' in the config or push from the server. This will set "OPENVPN_name=value" in the connections's env set. Note that "name" is mangled as "OPENVPN_name" to avoid servers overwriting sensitive variables such as PATH. Names are set in the order received and same name overwrites any previously set value. - Environment variable names are allowed to contain only alpha numeric characters and underscore as in openvpn.exe. But, unlike openvpn.exe, invalid names are ignored, not sanitized. v2 changes (Dec 16, 2017): - If value is missing, the directive is interpreted as a delete command and the env var with matching name in the connection's env set is removed. - Windows needs env block to be ordered: While merging connection specific env vars with process env block, order the entries 'alphabetically' (locale independent, case insensitive unicode ordinal order). In case of duplicates, the value in connection env set replaces the one in process env. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
time_t timestamp = strtoul(msg, NULL, 10); /* openvpn prints these as %u */
Parse ECHO directives from openvpn Support the following echo commands - "echo forget-passwords": delete passwords internally saved by the GUI but do not disable the password save feature. Useful when pushed from the server so that it gets processed after authentication. Also see management-notes.txt in openvpn docs. - "echo save-passwords": enables private-key and auth-user-pass passwords to be saved. Will be effective at startup only if present in the config file. If pushed from the server, will get used for subsequent password prompts. Essentially this has the effect of presenting the password dialogs to the user with save-password checkbox selected. The user may still uncheck it during the dialog. Note: echo commands are processed as and when they are received and in the order received. TODO: support for "echo setenv name var", "echo disable-save-passwords" etc.. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
PrintDebug(L"OnEcho with msg = %hs", msg);
Parse ECHO directives from openvpn Support the following echo commands - "echo forget-passwords": delete passwords internally saved by the GUI but do not disable the password save feature. Useful when pushed from the server so that it gets processed after authentication. Also see management-notes.txt in openvpn docs. - "echo save-passwords": enables private-key and auth-user-pass passwords to be saved. Will be effective at startup only if present in the config file. If pushed from the server, will get used for subsequent password prompts. Essentially this has the effect of presenting the password dialogs to the user with save-password checkbox selected. The user may still uncheck it during the dialog. Note: echo commands are processed as and when they are received and in the order received. TODO: support for "echo setenv name var", "echo disable-save-passwords" etc.. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
if (!(msg = strchr(msg, ',')))
{
PrintDebug(L"OnEcho: msg format not recognized");
return;
}
msg++;
if (strcmp(msg, "forget-passwords") == 0)
{
DeleteSavedPasswords(c->config_name);
}
else if (strcmp(msg, "save-passwords") == 0)
{
Do not allow echo save-passwords to override disable_save_passwords - As disable_save_passwords may be enforced system-wide by an Administrator, "echo save-passwords" should not be allowed to over-ride it. This was overlooked in commit d4090a8842990ba992d843c49eaec1760ac03b0e. Fix it by ignoring this echo directive if disable_save_passwords is in effect. Also write a log message to the status window. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
if (c->flags & FLAG_DISABLE_SAVE_PASS)
WriteStatusLog(c, L"GUI> echo save-passwords: ",
L"Ignored as disable_save_passwords is enabled.", false);
else
c->flags |= (FLAG_SAVE_KEY_PASS | FLAG_SAVE_AUTH_PASS);
Parse ECHO directives from openvpn Support the following echo commands - "echo forget-passwords": delete passwords internally saved by the GUI but do not disable the password save feature. Useful when pushed from the server so that it gets processed after authentication. Also see management-notes.txt in openvpn docs. - "echo save-passwords": enables private-key and auth-user-pass passwords to be saved. Will be effective at startup only if present in the config file. If pushed from the server, will get used for subsequent password prompts. Essentially this has the effect of presenting the password dialogs to the user with save-password checkbox selected. The user may still uncheck it during the dialog. Note: echo commands are processed as and when they are received and in the order received. TODO: support for "echo setenv name var", "echo disable-save-passwords" etc.. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
}
Support for 'setenv name var' using echo - Implement connection specific env variables. These are merged with the process environment strings and passed to scripts. - To set an env variable, use 'echo setenv name value' in the config or push from the server. This will set "OPENVPN_name=value" in the connections's env set. Note that "name" is mangled as "OPENVPN_name" to avoid servers overwriting sensitive variables such as PATH. Names are set in the order received and same name overwrites any previously set value. - Environment variable names are allowed to contain only alpha numeric characters and underscore as in openvpn.exe. But, unlike openvpn.exe, invalid names are ignored, not sanitized. v2 changes (Dec 16, 2017): - If value is missing, the directive is interpreted as a delete command and the env var with matching name in the connection's env set is removed. - Windows needs env block to be ordered: While merging connection specific env vars with process env block, order the entries 'alphabetically' (locale independent, case insensitive unicode ordinal order). In case of duplicates, the value in connection env set replaces the one in process env. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
else if (strbegins(msg, "setenv "))
{
process_setenv(c, timestamp, msg);
}
Parse and display messages received by echo msg commands Process four new echo commands to construct messages to be displayed to the user: echo msg message-text echo msg-n message-text echo msg-window message-title echo msg-notify message-title Note: All rules of push and echo processing apply and determine what is received as echo commands by the GUI. In addition, 'url-encoded' characters (% followed by two hex digits) are decoded and displayed. The message is constructed in the GUI by concatenating the text specified in one or more "echo msg text" or "echo msg-n text" commands. In case of "echo msg text" text is appended with a new line. An empty text in this case will just add a new line. The message ends and gets displayed when one of the following are receieved: echo msg-window title echo msg-notify title where "title" becomes the title of the message window. In case of msg-window, a modeless window shows the message, in the latter case a notification balloon is shown. Example: when pushed from the server: push "echo msg I say let the world go to hell%2C" push "echo msg I must have my cup of tea." push "echo msg-window Notes from the underground" will display a modeless window with title "Notes from the underground" and a two line body -- I say let the world go to hell, I must have my cup of tea. -- Note that the message itself is not quoted in the above examples and so it relies on the server's option-parser combining individual words into a space separated string. Number of words on a line is limited by the maximum number of parameters allowed in openvpn commands (16). This limitation may be avoided by quoting the text that follows so that the option parser sees it as one parameter. The comma character is not allowed in pushed strings, so it has to be sent encoded as %2C as shown above. Such encoding of arbitrary bytes is suppored. For example, newlines may be embedded as %0A, though discouraged. Instead use multiple "echo msg" commands to separate lines by new line. An example with embedded spaces and multiple lines concatenated without a new line in between (note use of single quotes): push "echo msg-n I swear to you gentlemen%2C that to be" push "echo msg-n ' overly conscious is a sickness%2C ' " push "echo msg-n a real%2C thorough sickness." push "echo msg-notify Quote of the Day" will show up as a notification that displays for an OS-dependent interval as: -- Quote of the Day I swear to you gentlemen, that to be overly conscious is a sickness, a real, thorough sickness. -- where the location of the line break is automatically determined by the notification API and is OS version-dependent. Commands like "echo msg ..." in the config file are also processed the same way. It gets displayed when the GUI connects to the management interface and receives all pending echo. Pushed message(s) get displayed when the client daemon processes push-reply and passes on echo directives to the GUI. TODO: The actual window that displays the messages is implemented in the next commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
else if (strbegins(msg, "msg"))
{
echo_msg_process(c, timestamp, msg);
}
Parse ECHO directives from openvpn Support the following echo commands - "echo forget-passwords": delete passwords internally saved by the GUI but do not disable the password save feature. Useful when pushed from the server so that it gets processed after authentication. Also see management-notes.txt in openvpn docs. - "echo save-passwords": enables private-key and auth-user-pass passwords to be saved. Will be effective at startup only if present in the config file. If pushed from the server, will get used for subsequent password prompts. Essentially this has the effect of presenting the password dialogs to the user with save-password checkbox selected. The user may still uncheck it during the dialog. Note: echo commands are processed as and when they are received and in the order received. TODO: support for "echo setenv name var", "echo disable-save-passwords" etc.. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
else
{
Support for 'setenv name var' using echo - Implement connection specific env variables. These are merged with the process environment strings and passed to scripts. - To set an env variable, use 'echo setenv name value' in the config or push from the server. This will set "OPENVPN_name=value" in the connections's env set. Note that "name" is mangled as "OPENVPN_name" to avoid servers overwriting sensitive variables such as PATH. Names are set in the order received and same name overwrites any previously set value. - Environment variable names are allowed to contain only alpha numeric characters and underscore as in openvpn.exe. But, unlike openvpn.exe, invalid names are ignored, not sanitized. v2 changes (Dec 16, 2017): - If value is missing, the directive is interpreted as a delete command and the env var with matching name in the connection's env set is removed. - Windows needs env block to be ordered: While merging connection specific env vars with process env block, order the entries 'alphabetically' (locale independent, case insensitive unicode ordinal order). In case of duplicates, the value in connection env set replaces the one in process env. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
wchar_t errmsg[256];
_sntprintf_0(errmsg, L"WARNING: Unknown ECHO directive '%hs' ignored.", msg);
Parse ECHO directives from openvpn Support the following echo commands - "echo forget-passwords": delete passwords internally saved by the GUI but do not disable the password save feature. Useful when pushed from the server so that it gets processed after authentication. Also see management-notes.txt in openvpn docs. - "echo save-passwords": enables private-key and auth-user-pass passwords to be saved. Will be effective at startup only if present in the config file. If pushed from the server, will get used for subsequent password prompts. Essentially this has the effect of presenting the password dialogs to the user with save-password checkbox selected. The user may still uncheck it during the dialog. Note: echo commands are processed as and when they are received and in the order received. TODO: support for "echo setenv name var", "echo disable-save-passwords" etc.. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
WriteStatusLog(c, L"GUI> ", errmsg, false);
}
}
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/*
* Handle >PASSWORD: request from OpenVPN management interface
use managment interface
14 years ago
*/
void
OnPassword(connection_t *c, char *msg)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
PrintDebug(L"OnPassword with msg = %hs", msg);
use managment interface
14 years ago
if (strncmp(msg, "Verification Failed", 19) == 0)
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
/* If the failure is due to dynamic challenge save the challenge string */
char *chstr = strstr(msg, "CRV1:");
free_dynamic_cr (c);
if (chstr)
{
chstr += 5; /* beginning of dynamic CR string */
/* Save the string for later processing during next Auth request */
c->dynamic_cr = strdup(chstr);
if (c->dynamic_cr && (chstr = strstr (c->dynamic_cr, "']")) != NULL)
*chstr = '\0';
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
PrintDebug(L"Got dynamic challenge: <%hs>", c->dynamic_cr);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
}
use managment interface
14 years ago
return;
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
if (strstr(msg, "'Auth'"))
{
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
char *chstr;
auth_param_t *param = (auth_param_t *) calloc(1, sizeof(auth_param_t));
if (!param)
{
WriteStatusLog (c, L"GUI> ", L"Error: Out of memory - ignoring user-auth request", false);
return;
}
Adding static-challenge support
9 years ago
param->c = c;
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (c->dynamic_cr)
Adding static-challenge support
9 years ago
{
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (!parse_dynamic_cr (c->dynamic_cr, param))
{
WriteStatusLog (c, L"GUI> ", L"Error parsing dynamic challenge string", FALSE);
free_dynamic_cr (c);
free_auth_param (param);
return;
}
LocalizedDialogBoxParam(ID_DLG_CHALLENGE_RESPONSE, GenericPassDialogFunc, (LPARAM) param);
free_dynamic_cr (c);
}
else if ( (chstr = strstr(msg, "SC:")) && strlen (chstr) > 5)
Adding static-challenge support
9 years ago
{
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
param->flags |= FLAG_CR_TYPE_SCRV1;
param->flags |= (*(chstr + 3) != '0') ? FLAG_CR_ECHO : 0;
param->str = strdup(chstr + 5);
Adding static-challenge support
9 years ago
LocalizedDialogBoxParam(ID_DLG_AUTH_CHALLENGE, UserAuthDialogFunc, (LPARAM) param);
}
else
{
LocalizedDialogBoxParam(ID_DLG_AUTH, UserAuthDialogFunc, (LPARAM) param);
}
use managment interface
14 years ago
}
else if (strstr(msg, "'Private Key'"))
{
LocalizedDialogBoxParam(ID_DLG_PASSPHRASE, PrivKeyPassDialogFunc, (LPARAM) c);
}
ask for HTTP proxy credentials on demand * use "auto" parameter for --http-proxy option * pass proxy credentialsls via management interface * also closes #3223163
14 years ago
else if (strstr(msg, "'HTTP Proxy'"))
{
support SOCKS 5 proxy auth notifications from mgmt
13 years ago
QueryProxyAuth(c, http);
}
else if (strstr(msg, "'SOCKS Proxy'"))
{
QueryProxyAuth(c, socks);
ask for HTTP proxy credentials on demand * use "auto" parameter for --http-proxy option * pass proxy credentialsls via management interface * also closes #3223163
14 years ago
}
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
/* All other password requests such as PKCS11 pin */
else if (strncmp(msg, "Need '", 6) == 0)
{
auth_param_t *param = (auth_param_t *) calloc(1, sizeof(auth_param_t));
if (!param)
{
WriteStatusLog (c, L"GUI> ", L"Error: Out of memory - ignoring user-auth request", false);
return;
}
param->c = c;
if (!parse_input_request (msg, param))
{
free_auth_param(param);
return;
}
LocalizedDialogBoxParam(ID_DLG_CHALLENGE_RESPONSE, GenericPassDialogFunc, (LPARAM) param);
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
Retry on management timeout instead of aborting In some cases the service may take a while to startup openvpn.exe, causing connection to the management interface to timeout. This could leave behind the OpenVPN process if/when it eventually starts up. (Trac 905, 1050). As errors in starting up the OpenVPN daemon are independently handled, its better to keep retrying the management interface connection until aborted due to errors or by the user. - On timeout, log a message on the status window and retry the management interface connection - Eliminate the timed-out state that is no longer used - Call StopOpenVPN() before abort so that OpenVPN daemon is not left running in case it starts up later. - In the unlikely event that OpenManagement() fails, show an error - User can abort by pressing disconnect A "retrying.." message is logged on to the status window every 15 seconds. See Trac: #905, #1050 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/*
* Handle management connection timeout
*/
void
OnTimeout(connection_t *c, UNUSED char *msg)
{
/* Connection to management timed out -- keep trying unless killed
* by a startup error from service or from openvpn daemon process.
* The user can terminate by pressing disconnect.
*/
if (o.silent_connection == 0)
{
SetForegroundWindow(c->hwndStatus);
ShowWindow(c->hwndStatus, SW_SHOW);
}
WriteStatusLog (c, L"GUI> ", LoadLocalizedString(IDS_NFO_CONN_TIMEOUT, c->log_path), false);
WriteStatusLog (c, L"GUI> ", L"Retrying. Press disconnect to abort", false);
c->state = connecting;
if (!OpenManagement(c))
{
MessageBoxEx(NULL, L"Failed to open management", _T(PACKAGE_NAME),
MB_OK|MB_SETFOREGROUND|MB_ICONERROR, GetGUILanguage());
StopOpenVPN(c);
}
return;
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
/*
* Handle exit of the OpenVPN process
*/
void
tag unused variables to stop compiler warnings
13 years ago
OnStop(connection_t *c, UNUSED char *msg)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
use managment interface
14 years ago
UINT txt_id, msg_id;
SetMenuStatus(c, disconnected);
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
switch (c->state)
{
case connected:
/* OpenVPN process ended unexpectedly */
c->failed_psw_attempts = 0;
Distinguish between auth and key password failures Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
c->failed_auth_attempts = 0;
use managment interface
14 years ago
c->state = disconnected;
CheckAndSetTrayIcon();
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_DISCONNECTED));
SetStatusWinIcon(c->hwndStatus, ID_ICO_DISCONNECTED);
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), FALSE);
EnableWindow(GetDlgItem(c->hwndStatus, ID_RESTART), FALSE);
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (o.silent_connection == 0)
don't show status window on openvpn exit if silent
13 years ago
{
SetForegroundWindow(c->hwndStatus);
ShowWindow(c->hwndStatus, SW_SHOW);
}
Do not start a connection when a previous thread has not fully exited When openvpn exits due to error, the GUI pops up a modal dialog and waits on user to click OK before cleaning up resources and closing the status window. During this phase if the user clicks "connect" from the tray menu, a new thread is started overwriiting several handles in the connection struct. Fix: Refuse to start a connection when previous status thread is still active. Instead, bring the exisiting status window to fore-ground. Also make the modal dialog a child of the status window for better visibility. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
MessageBox(c->hwndStatus, LoadLocalizedString(IDS_NFO_CONN_TERMINATED, c->config_file),
_T(PACKAGE_NAME), MB_OK);
use managment interface
14 years ago
SendMessage(c->hwndStatus, WM_CLOSE, 0, 0);
break;
make auth popups show when returning from suspend
12 years ago
case resuming:
use managment interface
14 years ago
case connecting:
case reconnecting:
/* We have failed to (re)connect */
make auth popups show when returning from suspend
12 years ago
txt_id = c->state == reconnecting ? IDS_NFO_STATE_FAILED_RECONN : IDS_NFO_STATE_FAILED;
msg_id = c->state == reconnecting ? IDS_NFO_RECONN_FAILED : IDS_NFO_CONN_FAILED;
use managment interface
14 years ago
c->state = disconnecting;
CheckAndSetTrayIcon();
c->state = disconnected;
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), FALSE);
EnableWindow(GetDlgItem(c->hwndStatus, ID_RESTART), FALSE);
SetStatusWinIcon(c->hwndStatus, ID_ICO_DISCONNECTED);
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(txt_id));
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (o.silent_connection == 0)
don't show status window on openvpn exit if silent
13 years ago
{
SetForegroundWindow(c->hwndStatus);
ShowWindow(c->hwndStatus, SW_SHOW);
}
Retry on management timeout instead of aborting In some cases the service may take a while to startup openvpn.exe, causing connection to the management interface to timeout. This could leave behind the OpenVPN process if/when it eventually starts up. (Trac 905, 1050). As errors in starting up the OpenVPN daemon are independently handled, its better to keep retrying the management interface connection until aborted due to errors or by the user. - On timeout, log a message on the status window and retry the management interface connection - Eliminate the timed-out state that is no longer used - Call StopOpenVPN() before abort so that OpenVPN daemon is not left running in case it starts up later. - In the unlikely event that OpenManagement() fails, show an error - User can abort by pressing disconnect A "retrying.." message is logged on to the status window every 15 seconds. See Trac: #905, #1050 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
MessageBox(c->hwndStatus, LoadLocalizedString(msg_id, c->config_name), _T(PACKAGE_NAME), MB_OK);
use managment interface
14 years ago
SendMessage(c->hwndStatus, WM_CLOSE, 0, 0);
break;
case disconnecting:
/* Shutdown was initiated by us */
c->failed_psw_attempts = 0;
Distinguish between auth and key password failures Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
c->failed_auth_attempts = 0;
use managment interface
14 years ago
c->state = disconnected;
Add a button for detaching from the management interface Useful for releasing the management interface if the user wants to connect to it by other means. Detached connections are set to state = detached (no disconnected) and auto_connect disabled, so that they could be handled properly during a re-attach. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if (c->flags & FLAG_DAEMON_PERSISTENT)
{
/* user initiated disconnection -- stay detached and do not auto-reconnect */
c->state = detached;
c->auto_connect = false;
}
use managment interface
14 years ago
CheckAndSetTrayIcon();
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_DISCONNECTED));
use managment interface
14 years ago
SendMessage(c->hwndStatus, WM_CLOSE, 0, 0);
break;
Add a button for detaching from the management interface Useful for releasing the management interface if the user wants to connect to it by other means. Detached connections are set to state = detached (no disconnected) and auto_connect disabled, so that they could be handled properly during a re-attach. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
case onhold:
/* stop triggered while on hold -- possibly the daemon exited. Treat same as detaching */
case detaching:
c->state = detached;
CheckAndSetTrayIcon();
SendMessage(c->hwndStatus, WM_CLOSE, 0, 0);
break;
use managment interface
14 years ago
case suspending:
c->state = suspended;
CheckAndSetTrayIcon();
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_SUSPENDED));
break;
default:
break;
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
Display assigned IPs and connection stats on status window - Show the assigned IP numbers, traffic stats (bytes in/out), and the GUI and OpenVPN core versions on the status window. Note: IDS_TXT_BYTECOUNT = "Bytes in: %s out %s" needs translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* Convert bytecount c to a human readable string.
* Input c converted to a string of the form "nnn.. (xxx.y XiB)"
* where X is K, M, G, T, P or E depending on the count. The result
* is returned in buf up to max of len - 1 wide characters.
* Return value: pointer to buf.
*/
static wchar_t *
format_bytecount(wchar_t *buf, size_t len, unsigned long long c)
{
const char *suf[] = {"B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB", NULL};
const char **s = suf;
double x = c;
if (c <= 1024)
{
Delete extra arg to swprintf() in format_bytecount() Found by cppcheck Signed-off-by: Selva Nair <selva.nair@gmail.com>
6 years ago
swprintf(buf, len, L"%I64u B", c);
Display assigned IPs and connection stats on status window - Show the assigned IP numbers, traffic stats (bytes in/out), and the GUI and OpenVPN core versions on the status window. Note: IDS_TXT_BYTECOUNT = "Bytes in: %s out %s" needs translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
buf[len-1] = L'\0';
return buf;
}
while (x > 1024 && *(s+1))
{
x /= 1024.0;
s++;
}
swprintf(buf, len, L"%I64u (%.1f %hs)", c, x, *s);
buf[len-1] = L'\0';
return buf;
}
Subscribe to bytecount message from management interface Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/*
* Handle bytecount report from OpenVPN
* Expect bytes-in,bytes-out
*/
void OnByteCount(connection_t *c, char *msg)
{
if (!msg || sscanf(msg, "%I64u,%I64u", &c->bytes_in, &c->bytes_out) != 2)
return;
Display assigned IPs and connection stats on status window - Show the assigned IP numbers, traffic stats (bytes in/out), and the GUI and OpenVPN core versions on the status window. Note: IDS_TXT_BYTECOUNT = "Bytes in: %s out %s" needs translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
wchar_t in[32], out[32];
format_bytecount(in, _countof(in), c->bytes_in);
format_bytecount(out, _countof(out), c->bytes_out);
SetDlgItemTextW(c->hwndStatus, ID_TXT_BYTECOUNT,
LoadLocalizedString(IDS_NFO_BYTECOUNT, in, out));
Subscribe to bytecount message from management interface Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
}
Web-based extra authentication This adds support for web-based extra authentication, which may be used by OpenVPN Cloud. When enabled and client sends IV_SSO=openurl, server pushes Info command OPEN_URL:<url>. The client opens that URL and user authenticates. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
/*
Support for crtext This adds support for crtext method of pending authentication, used by Access Server 2.7 and newer. When enabled on the server side and on the client side (IV_SSO=crtext), server returns AUTH_PENDING with Info command like: CR_TEXT:R,E:Enter Authenticator Code Client prompts user for the response and sends base64-encoded response to the server via management interface command: cr-response SGFsbG8gV2VsdCE= See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part) for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
* Handle INFOMSG from OpenVPN. At the moment it handles
* OPEN_URL:<url> and CR_TEXT:<flags>:<challenge-str> messages
* used by two-step authentication.
Web-based extra authentication This adds support for web-based extra authentication, which may be used by OpenVPN Cloud. When enabled and client sends IV_SSO=openurl, server pushes Info command OPEN_URL:<url>. The client opens that URL and user authenticates. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
*/
void OnInfoMsg(connection_t* c, char* msg)
{
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
PrintDebug(L"OnInfoMsg with msg = %hs", msg);
Web-based extra authentication This adds support for web-based extra authentication, which may be used by OpenVPN Cloud. When enabled and client sends IV_SSO=openurl, server pushes Info command OPEN_URL:<url>. The client opens that URL and user authenticates. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
if (strbegins(msg, "OPEN_URL:"))
{
wchar_t* url = Widen(msg + 9);
if (!open_url(url))
{
WriteStatusLog(c, L"GUI> ", L"Error: failed to open url from info msg", false);
}
free(url);
}
Support for crtext This adds support for crtext method of pending authentication, used by Access Server 2.7 and newer. When enabled on the server side and on the client side (IV_SSO=crtext), server returns AUTH_PENDING with Info command like: CR_TEXT:R,E:Enter Authenticator Code Client prompts user for the response and sends base64-encoded response to the server via management interface command: cr-response SGFsbG8gV2VsdCE= See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part) for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
else if (strbegins(msg, "CR_TEXT:"))
{
auth_param_t* param = (auth_param_t*)calloc(1, sizeof(auth_param_t));
if (!param)
{
WriteStatusLog(c, L"GUI> ", L"Error: Out of memory - ignoring CR_TEXT request", false);
return;
}
param->c = c;
if (!parse_crtext(msg + 8, param))
{
WriteStatusLog(c, L"GUI> ", L"Error parsing crtext string", FALSE);
free_auth_param(param);
return;
}
LocalizedDialogBoxParam(ID_DLG_CHALLENGE_RESPONSE, GenericPassDialogFunc, (LPARAM)param);
}
Web-based extra authentication This adds support for web-based extra authentication, which may be used by OpenVPN Cloud. When enabled and client sends IV_SSO=openurl, server pushes Info command OPEN_URL:<url>. The client opens that URL and user authenticates. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
}
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/*
* Break a long line into shorter segments
*/
static WCHAR *
WrapLine (WCHAR *line)
{
int i = 0;
WCHAR *next = NULL;
int len = 80;
for (i = 0; *line; i++, ++line)
{
if ((*line == L'\r') || (*line == L'\n'))
*line = L' ';
if (next && i > len) break;
if (iswspace(*line)) next = line;
}
if (!*line) next = NULL;
if (next)
{
*next = L'\0';
++next;
}
return next;
}
/*
* Write a line to the status log window and optionally to the log file
*/
Support for 'setenv name var' using echo - Implement connection specific env variables. These are merged with the process environment strings and passed to scripts. - To set an env variable, use 'echo setenv name value' in the config or push from the server. This will set "OPENVPN_name=value" in the connections's env set. Note that "name" is mangled as "OPENVPN_name" to avoid servers overwriting sensitive variables such as PATH. Names are set in the order received and same name overwrites any previously set value. - Environment variable names are allowed to contain only alpha numeric characters and underscore as in openvpn.exe. But, unlike openvpn.exe, invalid names are ignored, not sanitized. v2 changes (Dec 16, 2017): - If value is missing, the directive is interpreted as a delete command and the env var with matching name in the connection's env set is removed. - Windows needs env block to be ordered: While merging connection specific env vars with process env block, order the entries 'alphabetically' (locale independent, case insensitive unicode ordinal order). In case of duplicates, the value in connection env set replaces the one in process env. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
void
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
WriteStatusLog (connection_t *c, const WCHAR *prefix, const WCHAR *line, BOOL fileio)
{
URL profile import: support for 2FA When 2FA is enabled, server (such as AS) replies with HTTP 401 and issues a challenge. Use existing facilities to parse CRV message and prompt user for a response, then call REST method again with encoded response as HTTP auth password. See https://github.com/OpenVPN/openvpn3/blob/master/doc/webauth.md#challengeresponse-authentication for more information. Signed-off-by: Lev Stipakov <lev@openvpn.net>
3 years ago
/* this can be called without connection (AS profile import), so do nothing in this case */
if (!c) return;
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
HWND logWnd = GetDlgItem(c->hwndStatus, ID_EDT_LOG);
FILE *log_fd;
time_t now;
WCHAR datetime[26];
time (&now);
/* TODO: change this to use _wctime_s when mingw supports it */
wcsncpy (datetime, _wctime(&now), _countof(datetime));
datetime[24] = L' ';
/* Remove lines from log window if it is getting full */
if (SendMessage(logWnd, EM_GETLINECOUNT, 0, 0) > MAX_LOG_LINES)
{
int pos = SendMessage(logWnd, EM_LINEINDEX, DEL_LOG_LINES, 0);
SendMessage(logWnd, EM_SETSEL, 0, pos);
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) _T(""));
}
/* Append line to log window */
SendMessage(logWnd, EM_SETSEL, (WPARAM) -1, (LPARAM) -1);
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) datetime);
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) prefix);
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) line);
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) L"\n");
if (!fileio) return;
log_fd = _tfopen (c->log_path, TEXT("at+,ccs=UTF-8"));
if (log_fd)
{
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
fwprintf (log_fd, L"%ls%ls%ls\n", datetime, prefix, line);
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
fclose (log_fd);
}
}
#define IO_TIMEOUT 5000 /* milliseconds */
static void
CloseServiceIO (service_io_t *s)
{
if (s->hEvent)
CloseHandle(s->hEvent);
s->hEvent = NULL;
if (s->pipe && s->pipe != INVALID_HANDLE_VALUE)
CloseHandle(s->pipe);
s->pipe = NULL;
}
/*
* Open the service pipe and initialize service I/O.
* Failure is not fatal.
*/
static BOOL
InitServiceIO (service_io_t *s)
{
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
DWORD dwMode = o.ovpn_engine == OPENVPN_ENGINE_OVPN3 ? PIPE_READMODE_BYTE : PIPE_READMODE_MESSAGE;
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
CLEAR(*s);
/* auto-reset event used for signalling i/o completion*/
s->hEvent = CreateEvent (NULL, FALSE, FALSE, NULL);
if (!s->hEvent)
{
return FALSE;
}
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
s->pipe = CreateFile (o.ovpn_engine == OPENVPN_ENGINE_OVPN3 ?
OPENVPN_SERVICE_PIPE_NAME_OVPN3 : OPENVPN_SERVICE_PIPE_NAME_OVPN2,
GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL);
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if ( !s->pipe ||
s->pipe == INVALID_HANDLE_VALUE ||
!SetNamedPipeHandleState(s->pipe, &dwMode, NULL, NULL)
)
{
CloseServiceIO (s);
return FALSE;
}
return TRUE;
}
/*
* Read-completion routine for interactive service pipe. Call with
Re-queue reading from service only after previous message is handled The current code re-issues the next read request in the I/O completion routine before the previous message is fully handled. This could potentially lead to lost messages as the message buffer is reused. Fix by re-queuing the next read from OnService() after duplicating the previous message. The length check of the read message is omitted as it is implicitly checked when scanning the message. Makes the logic simpler. Reported by Lev Stipakov <lstipakov@gmail.com> Signed-off-by: Selva Nair <selva.nair@gmail.com>
5 years ago
* err = 0, bytes = 0 to queue a new read request.
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
*/
Add missing WINAPI in the definition of HandleServiceIO WINAPI is __stdcall in 32 bit windows (ignored in 64 bit) causing this bug to show up in the 32 bit version only. Also fix out-of-bounds write of ovpn_version[] in openvpn.c Resolves Trac #758 Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
static void WINAPI
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
HandleServiceIO (DWORD err, DWORD bytes, LPOVERLAPPED lpo)
{
service_io_t *s = (service_io_t *) lpo;
int len, capacity;
len = _countof(s->readbuf);
NUL terminate messages received from interactive service Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
capacity = (len-1)*sizeof(*(s->readbuf));
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (bytes > 0)
NUL terminate messages received from interactive service Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
/* messages from the service are not nul terminated */
int nchars = bytes/sizeof(s->readbuf[0]);
s->readbuf[nchars] = L'\0';
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
SetEvent (s->hEvent);
Re-queue reading from service only after previous message is handled The current code re-issues the next read request in the I/O completion routine before the previous message is fully handled. This could potentially lead to lost messages as the message buffer is reused. Fix by re-queuing the next read from OnService() after duplicating the previous message. The length check of the read message is omitted as it is implicitly checked when scanning the message. Makes the logic simpler. Reported by Lev Stipakov <lstipakov@gmail.com> Signed-off-by: Selva Nair <selva.nair@gmail.com>
5 years ago
return;
NUL terminate messages received from interactive service Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
}
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (err)
{
_snwprintf(s->readbuf, len, L"0x%08x\nInteractive Service disconnected\n", err);
s->readbuf[len-1] = L'\0';
SetEvent (s->hEvent);
return;
}
Re-queue reading from service only after previous message is handled The current code re-issues the next read request in the I/O completion routine before the previous message is fully handled. This could potentially lead to lost messages as the message buffer is reused. Fix by re-queuing the next read from OnService() after duplicating the previous message. The length check of the read message is omitted as it is implicitly checked when scanning the message. Makes the logic simpler. Reported by Lev Stipakov <lstipakov@gmail.com> Signed-off-by: Selva Nair <selva.nair@gmail.com>
5 years ago
/* Otherwise queue next read request */
Add missing WINAPI in the definition of HandleServiceIO WINAPI is __stdcall in 32 bit windows (ignored in 64 bit) causing this bug to show up in the 32 bit version only. Also fix out-of-bounds write of ovpn_version[] in openvpn.c Resolves Trac #758 Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
ReadFileEx (s->pipe, s->readbuf, capacity, lpo, HandleServiceIO);
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/* Any error in the above call will get checked in next round */
}
/*
* Write size bytes in buf to the pipe with a timeout.
* Retun value: TRUE on success FLASE on error
*/
static BOOL
WritePipe (HANDLE pipe, LPVOID buf, DWORD size)
{
OVERLAPPED o;
BOOL retval = FALSE;
CLEAR(o);
o.hEvent = CreateEvent (NULL, TRUE, FALSE, NULL);
if (!o.hEvent)
{
return retval;
}
if (WriteFile (pipe, buf, size, NULL, &o) ||
GetLastError() == ERROR_IO_PENDING )
{
if (WaitForSingleObject(o.hEvent, IO_TIMEOUT) == WAIT_OBJECT_0)
retval = TRUE;
else
CancelIo (pipe);
// TODO report error -- timeout
}
CloseHandle(o.hEvent);
return retval;
}
/*
* Called when read from service pipe signals
*/
static void
OnService(connection_t *c, UNUSED char *msg)
{
DWORD err = 0;
Terminate any openvpn processes that fail to stop Sometimes gracefully stopping openvpn fails leaving the process running in background. This causes restarting of connections to fail until those processes are manually killed. - Read process ID from interactive service to get process handle when openvpn is started by the service. - Add a last resort method to forcefully terminate openvpn process that fails to exit aftier sending stop signal. Terminate is triggered after a 3 second timeout following Stop. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
DWORD pid = 0;
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
WCHAR *p, *buf, *next;
const WCHAR *prefix = L"IService> ";
Re-queue reading from service only after previous message is handled The current code re-issues the next read request in the I/O completion routine before the previous message is fully handled. This could potentially lead to lost messages as the message buffer is reused. Fix by re-queuing the next read from OnService() after duplicating the previous message. The length check of the read message is omitted as it is implicitly checked when scanning the message. Makes the logic simpler. Reported by Lev Stipakov <lstipakov@gmail.com> Signed-off-by: Selva Nair <selva.nair@gmail.com>
5 years ago
/*
* Duplicate the read buffer and queue the next read request
* by calling HandleServiceIO with err = 0, bytes = 0.
*/
buf = wcsdup(c->iserv.readbuf);
HandleServiceIO(0, 0, (LPOVERLAPPED) &c->iserv);
if (buf == NULL) return;
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/* messages from the service are in the format "0x08x\n%s\n%s" */
if (swscanf (buf, L"0x%08x\n", &err) != 1)
{
free (buf);
return;
}
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
p = buf + 11;
Correct parsing of the process ID returned by interatcive service Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* next line is the pid if followed by "\nProcess ID" */
if (!err && wcsstr(p, L"\nProcess ID") && swscanf (p, L"0x%08x", &pid) == 1 && pid != 0)
Terminate any openvpn processes that fail to stop Sometimes gracefully stopping openvpn fails leaving the process running in background. This causes restarting of connections to fail until those processes are manually killed. - Read process ID from interactive service to get process handle when openvpn is started by the service. - Add a last resort method to forcefully terminate openvpn process that fails to exit aftier sending stop signal. Terminate is triggered after a 3 second timeout following Stop. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
PrintDebug (L"Process ID of openvpn started by IService: %d", pid);
c->hProcess = OpenProcess (PROCESS_TERMINATE|PROCESS_QUERY_INFORMATION, FALSE, pid);
if (!c->hProcess)
PrintDebug (L"Failed to get process handle from pid of openvpn: error = %lu",
GetLastError());
free (buf);
return;
}
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
while (iswspace(*p)) ++p;
while (p && *p)
{
next = WrapLine (p);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
WriteStatusLog (c, prefix, p, false);
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
p = next;
}
free (buf);
/* Error from iservice before management interface is connected */
switch (err)
{
case 0:
break;
case ERROR_STARTUP_DATA:
WriteStatusLog (c, prefix, L"OpenVPN not started due to previous errors", true);
OnStop (c, NULL);
break;
case ERROR_OPENVPN_STARTUP:
WriteStatusLog (c, prefix, L"Check the log file for details", false);
OnStop(c, NULL);
break;
default:
/* Unknown failure: let management connection timeout */
break;
}
}
/*
* Called when the directly started openvpn process exits
*/
static void
OnProcess (connection_t *c, UNUSED char *msg)
{
DWORD err;
WCHAR tmp[256];
if (!GetExitCodeProcess(c->hProcess, &err) || err == STILL_ACTIVE)
return;
_snwprintf(tmp, _countof(tmp), L"OpenVPN terminated with exit code %lu. "
L"See the log file for details", err);
tmp[_countof(tmp)-1] = L'\0';
WriteStatusLog(c, L"OpenVPN GUI> ", tmp, false);
OnStop (c, NULL);
}
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
/*
* Called when NEED-OK is received
*/
void
OnNeedOk (connection_t *c, char *msg)
{
char *resp = NULL;
WCHAR *wstr = NULL;
auth_param_t *param = (auth_param_t *) calloc(1, sizeof(auth_param_t));
if (!param)
{
WriteStatusLog(c, L"GUI> ", L"Error: out of memory while processing NEED-OK. Sending stop signal", false);
StopOpenVPN(c);
return;
}
if (!parse_input_request(msg, param))
goto out;
/* allocate space for response : "needok param->id cancel/ok" */
resp = malloc (strlen(param->id) + strlen("needok \' \' cancel"));
wstr = Widen(param->str);
if (!wstr || !resp)
{
WriteStatusLog(c, L"GUI> ", L"Error: out of memory while processing NEED-OK. Sending stop signal", false);
StopOpenVPN(c);
goto out;
}
const char *fmt;
if (MessageBoxW (NULL, wstr, L""PACKAGE_NAME, MB_OKCANCEL) == IDOK)
{
fmt = "needok \'%s\' ok";
}
else
{
ManagementCommand (c, "auth-retry none", NULL, regular);
fmt = "needok \'%s\' cancel";
}
sprintf (resp, fmt, param->id);
ManagementCommand (c, resp, NULL, regular);
out:
free_auth_param (param);
free(wstr);
free(resp);
}
/*
* Called when NEED-STR is received
*/
void
OnNeedStr (connection_t *c, UNUSED char *msg)
{
Handle pkcs11-id query from daemon Add support for selecting pkcs11-id from the GUI. Requires --management-pkcs11-id in the config file. This option is not added by the GUI. A list of all available pkcs11 certificates are presented to the user with buttons OK, Cancel, Retry. OK submits the selected entry, Cancel closes the connection, Retry reconstructs the list of certificates by querying the daemon again. The latter can be used to retry after inserting a token. If no certificates are found, a message suggesting to insert a token and press 'Retry' is displayed. The list shows the "Issued-to", "Issued-by" names (usually the subject & issuer common names) and valid-until date in current locale for each certificate. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
if (strstr(msg, "Need 'pkcs11-id-request'"))
{
msg = strstr(msg, "MSG:");
OnPkcs11(c, msg ? msg + 4 : "");
return;
}
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
WriteStatusLog (c, L"GUI> ", L"Error: Received NEED-STR message -- not implemented", false);
}
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
/* Stop the connection -- this sets the daemon to exit if
* started by us, else instructs the daemon to disconnect and
* and wait.
*/
static void
DisconnectDaemon(connection_t *c)
{
if (c->flags & FLAG_DAEMON_PERSISTENT)
{
Extend management socket state Distinguish between management socket connected and ready for interaction with the server. The former can happen even if the server is connected to another client and thus non-responsive. Use manage.connected = 1 in place of true when connected and = 2 when handshake with server completed and ready for input. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if (c->manage.connected > 1) /* connected and ready for input */
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
{
ManagementCommand(c, "hold on", NULL, regular);
ManagementCommand(c, "signal SIGHUP", NULL, regular);
}
else
{
OnStop(c, NULL);
}
}
else
{
SetEvent(c->exit_event);
SetTimer(c->hwndStatus, IDT_STOP_TIMER, 15000, NULL);
}
}
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/*
* Close open handles
*/
static void
Cleanup (connection_t *c)
{
CloseManagement (c);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
free_dynamic_cr (c);
Support for 'setenv name var' using echo - Implement connection specific env variables. These are merged with the process environment strings and passed to scripts. - To set an env variable, use 'echo setenv name value' in the config or push from the server. This will set "OPENVPN_name=value" in the connections's env set. Note that "name" is mangled as "OPENVPN_name" to avoid servers overwriting sensitive variables such as PATH. Names are set in the order received and same name overwrites any previously set value. - Environment variable names are allowed to contain only alpha numeric characters and underscore as in openvpn.exe. But, unlike openvpn.exe, invalid names are ignored, not sanitized. v2 changes (Dec 16, 2017): - If value is missing, the directive is interpreted as a delete command and the env var with matching name in the connection's env set is removed. - Windows needs env block to be ordered: While merging connection specific env vars with process env block, order the entries 'alphabetically' (locale independent, case insensitive unicode ordinal order). In case of duplicates, the value in connection env set replaces the one in process env. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
env_item_del_all(c->es);
c->es = NULL;
Parse and display messages received by echo msg commands Process four new echo commands to construct messages to be displayed to the user: echo msg message-text echo msg-n message-text echo msg-window message-title echo msg-notify message-title Note: All rules of push and echo processing apply and determine what is received as echo commands by the GUI. In addition, 'url-encoded' characters (% followed by two hex digits) are decoded and displayed. The message is constructed in the GUI by concatenating the text specified in one or more "echo msg text" or "echo msg-n text" commands. In case of "echo msg text" text is appended with a new line. An empty text in this case will just add a new line. The message ends and gets displayed when one of the following are receieved: echo msg-window title echo msg-notify title where "title" becomes the title of the message window. In case of msg-window, a modeless window shows the message, in the latter case a notification balloon is shown. Example: when pushed from the server: push "echo msg I say let the world go to hell%2C" push "echo msg I must have my cup of tea." push "echo msg-window Notes from the underground" will display a modeless window with title "Notes from the underground" and a two line body -- I say let the world go to hell, I must have my cup of tea. -- Note that the message itself is not quoted in the above examples and so it relies on the server's option-parser combining individual words into a space separated string. Number of words on a line is limited by the maximum number of parameters allowed in openvpn commands (16). This limitation may be avoided by quoting the text that follows so that the option parser sees it as one parameter. The comma character is not allowed in pushed strings, so it has to be sent encoded as %2C as shown above. Such encoding of arbitrary bytes is suppored. For example, newlines may be embedded as %0A, though discouraged. Instead use multiple "echo msg" commands to separate lines by new line. An example with embedded spaces and multiple lines concatenated without a new line in between (note use of single quotes): push "echo msg-n I swear to you gentlemen%2C that to be" push "echo msg-n ' overly conscious is a sickness%2C ' " push "echo msg-n a real%2C thorough sickness." push "echo msg-notify Quote of the Day" will show up as a notification that displays for an OS-dependent interval as: -- Quote of the Day I swear to you gentlemen, that to be overly conscious is a sickness, a real, thorough sickness. -- where the location of the line break is automatically determined by the notification API and is OS version-dependent. Commands like "echo msg ..." in the config file are also processed the same way. It gets displayed when the GUI connects to the management interface and receives all pending echo. Pushed message(s) get displayed when the client daemon processes push-reply and passes on echo directives to the GUI. TODO: The actual window that displays the messages is implemented in the next commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
echo_msg_clear(c, true); /* clear history */
Handle pkcs11-id query from daemon Add support for selecting pkcs11-id from the GUI. Requires --management-pkcs11-id in the config file. This option is not added by the GUI. A list of all available pkcs11 certificates are presented to the user with buttons OK, Cancel, Retry. OK submits the selected entry, Cancel closes the connection, Retry reconstructs the list of certificates by querying the daemon again. The latter can be used to retry after inserting a token. If no certificates are found, a message suggesting to insert a token and press 'Retry' is displayed. The list shows the "Issued-to", "Issued-by" names (usually the subject & issuer common names) and valid-until date in current locale for each certificate. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
pkcs11_list_clear(&c->pkcs11_list);
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (c->hProcess)
CloseHandle (c->hProcess);
c->hProcess = NULL;
Terminate any openvpn processes that fail to stop Sometimes gracefully stopping openvpn fails leaving the process running in background. This causes restarting of connections to fail until those processes are manually killed. - Read process ID from interactive service to get process handle when openvpn is started by the service. - Add a last resort method to forcefully terminate openvpn process that fails to exit aftier sending stop signal. Terminate is triggered after a 3 second timeout following Stop. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (c->iserv.hEvent)
CloseServiceIO (&c->iserv);
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (c->exit_event)
CloseHandle (c->exit_event);
c->exit_event = NULL;
}
Make the program DPI aware - Set dpi-awareness to true in the manifest (i.e., "system-dpi aware") - Check system dpi and scale and/or position widgets and windows that depend on the system dpi (only components within the status window are affected). Note: Declaring dpi awareness eliminates automatic rescaling of windows that causes blurred text on high dpi monitors. Windows 8.1 and later allow per monitor dpi setting which is not handled here.
8 years ago
/*
* Helper to position and scale widgets in status window using current dpi
* Takes status window width and height in screen pixels as input
*/
void
RenderStatusWindow(HWND hwndDlg, UINT w, UINT h)
{
Display assigned IPs and connection stats on status window - Show the assigned IP numbers, traffic stats (bytes in/out), and the GUI and OpenVPN core versions on the status window. Note: IDS_TXT_BYTECOUNT = "Bytes in: %s out %s" needs translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
MoveWindow(GetDlgItem(hwndDlg, ID_EDT_LOG), DPI_SCALE(20), DPI_SCALE(25), w - DPI_SCALE(40), h - DPI_SCALE(110), TRUE);
MoveWindow(GetDlgItem(hwndDlg, ID_TXT_STATUS), DPI_SCALE(20), DPI_SCALE(5), w-DPI_SCALE(30), DPI_SCALE(15), TRUE);
MoveWindow(GetDlgItem(hwndDlg, ID_TXT_IP), DPI_SCALE(20), h - DPI_SCALE(75), w-DPI_SCALE(30), DPI_SCALE(15), TRUE);
MoveWindow(GetDlgItem(hwndDlg, ID_TXT_BYTECOUNT), DPI_SCALE(20), h - DPI_SCALE(55), w-DPI_SCALE(210), DPI_SCALE(15), TRUE);
MoveWindow(GetDlgItem(hwndDlg, ID_TXT_VERSION), w-DPI_SCALE(180), h - DPI_SCALE(55), DPI_SCALE(170), DPI_SCALE(15), TRUE);
Make the program DPI aware - Set dpi-awareness to true in the manifest (i.e., "system-dpi aware") - Check system dpi and scale and/or position widgets and windows that depend on the system dpi (only components within the status window are affected). Note: Declaring dpi awareness eliminates automatic rescaling of windows that causes blurred text on high dpi monitors. Windows 8.1 and later allow per monitor dpi setting which is not handled here.
8 years ago
MoveWindow(GetDlgItem(hwndDlg, ID_DISCONNECT), DPI_SCALE(20), h - DPI_SCALE(30), DPI_SCALE(110), DPI_SCALE(23), TRUE);
MoveWindow(GetDlgItem(hwndDlg, ID_RESTART), DPI_SCALE(145), h - DPI_SCALE(30), DPI_SCALE(110), DPI_SCALE(23), TRUE);
Add a button for detaching from the management interface Useful for releasing the management interface if the user wants to connect to it by other means. Detached connections are set to state = detached (no disconnected) and auto_connect disabled, so that they could be handled properly during a re-attach. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
MoveWindow(GetDlgItem(hwndDlg, ID_DETACH), DPI_SCALE(270), h - DPI_SCALE(30), DPI_SCALE(110), DPI_SCALE(23), TRUE);
Make the program DPI aware - Set dpi-awareness to true in the manifest (i.e., "system-dpi aware") - Check system dpi and scale and/or position widgets and windows that depend on the system dpi (only components within the status window are affected). Note: Declaring dpi awareness eliminates automatic rescaling of windows that causes blurred text on high dpi monitors. Windows 8.1 and later allow per monitor dpi setting which is not handled here.
8 years ago
MoveWindow(GetDlgItem(hwndDlg, ID_HIDE), w - DPI_SCALE(130), h - DPI_SCALE(30), DPI_SCALE(110), DPI_SCALE(23), TRUE);
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
/*
* DialogProc for OpenVPN status dialog windows
*/
don't define callback functions as static
11 years ago
INT_PTR CALLBACK
use managment interface
14 years ago
StatusDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
use managment interface
14 years ago
connection_t *c;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
switch (msg)
{
case WM_MANAGEMENT:
/* Management interface related event */
OnManagement(wParam, lParam);
return TRUE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
case WM_INITDIALOG:
use managment interface
14 years ago
c = (connection_t *) lParam;
/* Set window icon "disconnected" */
SetStatusWinIcon(hwndDlg, ID_ICO_CONNECTING);
/* Set connection for this dialog */
SetProp(hwndDlg, cfgProp, (HANDLE) c);
/* Create log window */
HWND hLogWnd = CreateWindowEx(0, RICHEDIT_CLASS, NULL,
WS_CHILD|WS_VISIBLE|WS_HSCROLL|WS_VSCROLL|ES_SUNKEN|ES_LEFT|
ES_MULTILINE|ES_READONLY|ES_AUTOHSCROLL|ES_AUTOVSCROLL,
20, 25, 350, 160, hwndDlg, (HMENU) ID_EDT_LOG, o.hInstance, NULL);
if (!hLogWnd)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
use managment interface
14 years ago
ShowLocalizedMsg(IDS_ERR_CREATE_EDIT_LOGWINDOW);
return FALSE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
use managment interface
14 years ago
/* Set font and fontsize of the log window */
CHARFORMAT cfm = {
.cbSize = sizeof(CHARFORMAT),
.dwMask = CFM_SIZE|CFM_FACE|CFM_BOLD,
make log window display unicode properly
13 years ago
.szFaceName = _T("Microsoft Sans Serif"),
use managment interface
14 years ago
.dwEffects = 0,
make log window display unicode properly
13 years ago
.yHeight = 160
use managment interface
14 years ago
};
if (SendMessage(hLogWnd, EM_SETCHARFORMAT, SCF_DEFAULT, (LPARAM) &cfm) == 0)
ShowLocalizedMsg(IDS_ERR_SET_SIZE);
Display assigned IPs and connection stats on status window - Show the assigned IP numbers, traffic stats (bytes in/out), and the GUI and OpenVPN core versions on the status window. Note: IDS_TXT_BYTECOUNT = "Bytes in: %s out %s" needs translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* display version string as "OpenVPN GUI gui_version/core_version" */
wchar_t version[256];
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
_sntprintf_0(version, L"%hs %hs/%hs", PACKAGE_NAME, PACKAGE_VERSION_RESOURCE_STR, o.ovpn_version)
Display assigned IPs and connection stats on status window - Show the assigned IP numbers, traffic stats (bytes in/out), and the GUI and OpenVPN core versions on the status window. Note: IDS_TXT_BYTECOUNT = "Bytes in: %s out %s" needs translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
SetDlgItemText(hwndDlg, ID_TXT_VERSION, version);
use managment interface
14 years ago
/* Set size and position of controls */
RECT rect;
Open all active status windows on left-double-click Currently we pop up the status window on double click only if one connection is active though there is no strong reason to limit this behaviour. In fact, when multiple connections are stuck in the connecting state, its very useful to have a quick way to examine their progress instead of having to drill down the menu. Especially so when nested menu is in use. A random variation of up to 100 pixel is added to the initial position of the status window to avoid all windows falling on top of each other. To prevent an explosion of new windows in the very unlikely event of numerous active connections, restrict the maximum windows shown to 10. Signed-off-by: Selva Nair <selva.nair@gmail.com>
4 years ago
GetWindowRect(hwndDlg, &rect);
/* Move the window by upto 100 random pixels to avoid all
* status windows fall on top of each other.
*/
SetWindowPos(hwndDlg, HWND_TOP, rect.left + rand()%100,
rect.top + rand()%100, 0, 0, SWP_NOSIZE);
use managment interface
14 years ago
GetClientRect(hwndDlg, &rect);
Make the program DPI aware - Set dpi-awareness to true in the manifest (i.e., "system-dpi aware") - Check system dpi and scale and/or position widgets and windows that depend on the system dpi (only components within the status window are affected). Note: Declaring dpi awareness eliminates automatic rescaling of windows that causes blurred text on high dpi monitors. Windows 8.1 and later allow per monitor dpi setting which is not handled here.
8 years ago
RenderStatusWindow(hwndDlg, rect.right, rect.bottom);
Add a button for detaching from the management interface Useful for releasing the management interface if the user wants to connect to it by other means. Detached connections are set to state = detached (no disconnected) and auto_connect disabled, so that they could be handled properly during a re-attach. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if (c->flags & FLAG_DAEMON_PERSISTENT && o.enable_persistent > 0)
{
EnableWindow(GetDlgItem(hwndDlg, ID_DETACH), TRUE);
}
else
{
ShowWindow(GetDlgItem(hwndDlg, ID_DETACH), SW_HIDE);
}
use managment interface
14 years ago
/* Set focus on the LogWindow so it scrolls automatically */
SetFocus(hLogWnd);
return FALSE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
Support per-monitor DPI scaling
4 years ago
case WM_DPICHANGED:
DpiSetScale(&o, HIWORD(wParam));
RECT dlgRect;
GetClientRect(hwndDlg, &dlgRect);
RenderStatusWindow(hwndDlg, dlgRect.right, dlgRect.bottom);
return FALSE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
case WM_SIZE:
Make the program DPI aware - Set dpi-awareness to true in the manifest (i.e., "system-dpi aware") - Check system dpi and scale and/or position widgets and windows that depend on the system dpi (only components within the status window are affected). Note: Declaring dpi awareness eliminates automatic rescaling of windows that causes blurred text on high dpi monitors. Windows 8.1 and later allow per monitor dpi setting which is not handled here.
8 years ago
RenderStatusWindow(hwndDlg, LOWORD(lParam), HIWORD(lParam));
use managment interface
14 years ago
InvalidateRect(hwndDlg, NULL, TRUE);
return TRUE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
case WM_COMMAND:
use managment interface
14 years ago
c = (connection_t *) GetProp(hwndDlg, cfgProp);
switch (LOWORD(wParam))
{
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
case ID_DISCONNECT:
use managment interface
14 years ago
SetFocus(GetDlgItem(c->hwndStatus, ID_EDT_LOG));
StopOpenVPN(c);
return TRUE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
case ID_HIDE:
use managment interface
14 years ago
if (c->state != disconnected)
ShowWindow(hwndDlg, SW_HIDE);
else
DestroyWindow(hwndDlg);
return TRUE;
config number for status dialog is now stored as property
16 years ago
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
case ID_RESTART:
use managment interface
14 years ago
SetFocus(GetDlgItem(c->hwndStatus, ID_EDT_LOG));
Add restart button to connection menus - This works the same way as restart button in the status window but is more conveniently accessible from the tray menu. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
RestartOpenVPN(c);
use managment interface
14 years ago
return TRUE;
Add a button for detaching from the management interface Useful for releasing the management interface if the user wants to connect to it by other means. Detached connections are set to state = detached (no disconnected) and auto_connect disabled, so that they could be handled properly during a re-attach. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
case ID_DETACH:
SetFocus(GetDlgItem(c->hwndStatus, ID_EDT_LOG));
DetachOpenVPN(c);
return TRUE;
use managment interface
14 years ago
}
break;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
case WM_SHOWWINDOW:
use managment interface
14 years ago
if (wParam == TRUE)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
use managment interface
14 years ago
c = (connection_t *) GetProp(hwndDlg, cfgProp);
if (c->hwndStatus)
SetFocus(GetDlgItem(c->hwndStatus, ID_EDT_LOG));
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
use managment interface
14 years ago
return FALSE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
case WM_CLOSE:
use managment interface
14 years ago
c = (connection_t *) GetProp(hwndDlg, cfgProp);
Add a button for detaching from the management interface Useful for releasing the management interface if the user wants to connect to it by other means. Detached connections are set to state = detached (no disconnected) and auto_connect disabled, so that they could be handled properly during a re-attach. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if (c->state != disconnected && c->state != detached)
use managment interface
14 years ago
ShowWindow(hwndDlg, SW_HIDE);
else
DestroyWindow(hwndDlg);
return TRUE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
config number for status dialog is now stored as property
16 years ago
case WM_NCDESTROY:
use managment interface
14 years ago
RemoveProp(hwndDlg, cfgProp);
break;
config number for status dialog is now stored as property
16 years ago
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
case WM_DESTROY:
use managment interface
14 years ago
PostQuitMessage(0);
break;
Fix exit handling while in modal loops PostThreadMessage used to trigger exit event gets lost while in modal dialog loops such as auth dialog. Replace it by PostMessage and handle it in the status window callback. Fixes openvpn processes left behind if exit is pressed while user-auth dialog is active. Changes after feedback: - Use PostMessage correctly in SuspendOpenVPN() (error pointed out by leobasilio@gmail.com). Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
case WM_OVPN_RELEASE:
c = (connection_t *) GetProp(hwndDlg, cfgProp);
c->state = reconnecting;
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_RECONNECTING));
SetDlgItemTextW(c->hwndStatus, ID_TXT_IP, L"");
SetStatusWinIcon(c->hwndStatus, ID_ICO_CONNECTING);
OnHold(c, "");
break;
Fix exit handling while in modal loops PostThreadMessage used to trigger exit event gets lost while in modal dialog loops such as auth dialog. Replace it by PostMessage and handle it in the status window callback. Fixes openvpn processes left behind if exit is pressed while user-auth dialog is active. Changes after feedback: - Use PostMessage correctly in SuspendOpenVPN() (error pointed out by leobasilio@gmail.com). Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
case WM_OVPN_STOP:
c = (connection_t *) GetProp(hwndDlg, cfgProp);
Support sending commands to running instance - New option --command <action> <params> to send commands to a running instance of openvpn-gui.exe Supported actions are connect, disconnect, reconnect each of which takes the name of the config (with or without the extension .ovpn) as a parameter; disconnect_all, exit which take no parameter and silent_connection which takes an optional parameter = 0 or 1 (1 is the default) Examples: with the gui running, start a new instance as openvpn-gui.exe --command disconnect myvpn : ask running instance to disconnect myvpn if connected openvpn-gui.exe --command status myvpn : ask running instance to show the status window for myvpn if available openvpn-gui.exe --command disconnect_all : ask running instance to disconnect all active connections - The second instance exits after issuing a SendMessage to the already running instance. If no action is specified, the running instance is notified to show a balloon to alert the user - These messages may also be sent from scripts as COPYDATA messages with the wData element specifying the action to execute and lpData a pointer to the parameter. The dwData param must be one of WM_OVPN_xxx with xxx = START, STOP, RESTART, STOPALL, EXIT or SILENT. See main.h for their values. v2: Bug fixes based on test reports from larson0815 here: https://github.com/selvanair/openvpn-gui/issues/5 and cron410 here: https://github.com/OpenVPN/openvpn-gui/issues/104 Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/* external messages can trigger when we are not ready -- check the state */
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if (!IsWindowEnabled(GetDlgItem(c->hwndStatus, ID_DISCONNECT))
|| c->state == onhold)
{
Support sending commands to running instance - New option --command <action> <params> to send commands to a running instance of openvpn-gui.exe Supported actions are connect, disconnect, reconnect each of which takes the name of the config (with or without the extension .ovpn) as a parameter; disconnect_all, exit which take no parameter and silent_connection which takes an optional parameter = 0 or 1 (1 is the default) Examples: with the gui running, start a new instance as openvpn-gui.exe --command disconnect myvpn : ask running instance to disconnect myvpn if connected openvpn-gui.exe --command status myvpn : ask running instance to show the status window for myvpn if available openvpn-gui.exe --command disconnect_all : ask running instance to disconnect all active connections - The second instance exits after issuing a SendMessage to the already running instance. If no action is specified, the running instance is notified to show a balloon to alert the user - These messages may also be sent from scripts as COPYDATA messages with the wData element specifying the action to execute and lpData a pointer to the parameter. The dwData param must be one of WM_OVPN_xxx with xxx = START, STOP, RESTART, STOPALL, EXIT or SILENT. See main.h for their values. v2: Bug fixes based on test reports from larson0815 here: https://github.com/selvanair/openvpn-gui/issues/5 and cron410 here: https://github.com/OpenVPN/openvpn-gui/issues/104 Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
break;
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
}
Fix exit handling while in modal loops PostThreadMessage used to trigger exit event gets lost while in modal dialog loops such as auth dialog. Replace it by PostMessage and handle it in the status window callback. Fixes openvpn processes left behind if exit is pressed while user-auth dialog is active. Changes after feedback: - Use PostMessage correctly in SuspendOpenVPN() (error pointed out by leobasilio@gmail.com). Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
c->state = disconnecting;
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if (!(c->flags & FLAG_DAEMON_PERSISTENT))
{
RunDisconnectScript(c, false);
}
Fix exit handling while in modal loops PostThreadMessage used to trigger exit event gets lost while in modal dialog loops such as auth dialog. Replace it by PostMessage and handle it in the status window callback. Fixes openvpn processes left behind if exit is pressed while user-auth dialog is active. Changes after feedback: - Use PostMessage correctly in SuspendOpenVPN() (error pointed out by leobasilio@gmail.com). Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), FALSE);
EnableWindow(GetDlgItem(c->hwndStatus, ID_RESTART), FALSE);
SetMenuStatus(c, disconnecting);
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_WAIT_TERM));
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
DisconnectDaemon(c);
break;
case WM_OVPN_DETACH:
c = (connection_t *) GetProp(hwndDlg, cfgProp);
/* just stop the thread keeping openvpn.exe running */
Add a button for detaching from the management interface Useful for releasing the management interface if the user wants to connect to it by other means. Detached connections are set to state = detached (no disconnected) and auto_connect disabled, so that they could be handled properly during a re-attach. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
c->state = detaching;
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), FALSE);
EnableWindow(GetDlgItem(c->hwndStatus, ID_RESTART), FALSE);
OnStop(c, NULL);
Fix exit handling while in modal loops PostThreadMessage used to trigger exit event gets lost while in modal dialog loops such as auth dialog. Replace it by PostMessage and handle it in the status window callback. Fixes openvpn processes left behind if exit is pressed while user-auth dialog is active. Changes after feedback: - Use PostMessage correctly in SuspendOpenVPN() (error pointed out by leobasilio@gmail.com). Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
break;
case WM_OVPN_SUSPEND:
c = (connection_t *) GetProp(hwndDlg, cfgProp);
c->state = suspending;
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), FALSE);
EnableWindow(GetDlgItem(c->hwndStatus, ID_RESTART), FALSE);
SetMenuStatus(c, disconnecting);
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_WAIT_TERM));
SetEvent(c->exit_event);
Support sending commands to running instance - New option --command <action> <params> to send commands to a running instance of openvpn-gui.exe Supported actions are connect, disconnect, reconnect each of which takes the name of the config (with or without the extension .ovpn) as a parameter; disconnect_all, exit which take no parameter and silent_connection which takes an optional parameter = 0 or 1 (1 is the default) Examples: with the gui running, start a new instance as openvpn-gui.exe --command disconnect myvpn : ask running instance to disconnect myvpn if connected openvpn-gui.exe --command status myvpn : ask running instance to show the status window for myvpn if available openvpn-gui.exe --command disconnect_all : ask running instance to disconnect all active connections - The second instance exits after issuing a SendMessage to the already running instance. If no action is specified, the running instance is notified to show a balloon to alert the user - These messages may also be sent from scripts as COPYDATA messages with the wData element specifying the action to execute and lpData a pointer to the parameter. The dwData param must be one of WM_OVPN_xxx with xxx = START, STOP, RESTART, STOPALL, EXIT or SILENT. See main.h for their values. v2: Bug fixes based on test reports from larson0815 here: https://github.com/selvanair/openvpn-gui/issues/5 and cron410 here: https://github.com/OpenVPN/openvpn-gui/issues/104 Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
SetTimer(hwndDlg, IDT_STOP_TIMER, 15000, NULL);
Terminate any openvpn processes that fail to stop Sometimes gracefully stopping openvpn fails leaving the process running in background. This causes restarting of connections to fail until those processes are manually killed. - Read process ID from interactive service to get process handle when openvpn is started by the service. - Add a last resort method to forcefully terminate openvpn process that fails to exit aftier sending stop signal. Terminate is triggered after a 3 second timeout following Stop. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
break;
case WM_TIMER:
PrintDebug(L"WM_TIMER message with wParam = %lu", wParam);
c = (connection_t *) GetProp(hwndDlg, cfgProp);
if (wParam == IDT_STOP_TIMER)
{
/* openvpn failed to respond to stop signal -- terminate */
TerminateOpenVPN(c);
KillTimer (hwndDlg, IDT_STOP_TIMER);
}
Fix exit handling while in modal loops PostThreadMessage used to trigger exit event gets lost while in modal dialog loops such as auth dialog. Replace it by PostMessage and handle it in the status window callback. Fixes openvpn processes left behind if exit is pressed while user-auth dialog is active. Changes after feedback: - Use PostMessage correctly in SuspendOpenVPN() (error pointed out by leobasilio@gmail.com). Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
break;
Add restart button to connection menus - This works the same way as restart button in the status window but is more conveniently accessible from the tray menu. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
case WM_OVPN_RESTART:
c = (connection_t *) GetProp(hwndDlg, cfgProp);
/* external messages can trigger when we are not ready -- check the state */
if (IsWindowEnabled(GetDlgItem(c->hwndStatus, ID_RESTART)))
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
{
c->state = reconnecting;
Add restart button to connection menus - This works the same way as restart button in the status window but is more conveniently accessible from the tray menu. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
ManagementCommand(c, "signal SIGHUP", NULL, regular);
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_RECONNECTING));
SetDlgItemTextW(c->hwndStatus, ID_TXT_IP, L"");
SetStatusWinIcon(c->hwndStatus, ID_ICO_CONNECTING);
}
Add restart button to connection menus - This works the same way as restart button in the status window but is more conveniently accessible from the tray menu. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
if (!o.silent_connection)
{
SetForegroundWindow(c->hwndStatus);
ShowWindow(c->hwndStatus, SW_SHOW);
}
break;
use managment interface
14 years ago
}
return FALSE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
use managment interface
14 years ago
/*
* ThreadProc for OpenVPN status dialog windows
*/
static DWORD WINAPI
ThreadOpenVPNStatus(void *p)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
use managment interface
14 years ago
connection_t *c = p;
TCHAR conn_name[200];
MSG msg;
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
HANDLE wait_event;
CLEAR (msg);
Parse the config file for management i/f params - Parse the management interface address and password from the config file - Hide the status Window by default for persistent connections --- their startup is automated and may distract the user otherwise. The user can use the menu to review status when required. - Seed srand() using threadId instead of time. Although we use rand() only for cosmetics, the latter is almost never unique among threads when multiple connections can get started in a succession with this patch set. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
srand(c->threadId);
use managment interface
14 years ago
/* Cut of extention from config filename. */
use CRT's _countof instead of proprietary _tsizeof
13 years ago
_tcsncpy(conn_name, c->config_file, _countof(conn_name));
use managment interface
14 years ago
conn_name[_tcslen(conn_name) - _tcslen(o.ext_string) - 1] = _T('\0');
Add a button for detaching from the management interface Useful for releasing the management interface if the user wants to connect to it by other means. Detached connections are set to state = detached (no disconnected) and auto_connect disabled, so that they could be handled properly during a re-attach. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
c->state = (c->state == suspended || c->state == detached) ? resuming : connecting;
use managment interface
14 years ago
/* Create and Show Status Dialog */
c->hwndStatus = CreateLocalizedDialogParam(ID_DLG_STATUS, StatusDialogFunc, (LPARAM) c);
if (!c->hwndStatus)
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
{
/* kill daemon process if we started it */
SetEvent(c->exit_event);
Cleanup(c);
c->state = disconnected;
use managment interface
14 years ago
return 1;
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
}
use managment interface
14 years ago
CheckAndSetTrayIcon();
SetMenuStatus(c, connecting);
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_CONNECTING));
SetWindowText(c->hwndStatus, LoadLocalizedString(IDS_NFO_CONNECTION_XXX, conn_name));
keep trying to connect to mgmt itf for 15 seconds
13 years ago
if (!OpenManagement(c))
Retry on management timeout instead of aborting In some cases the service may take a while to startup openvpn.exe, causing connection to the management interface to timeout. This could leave behind the OpenVPN process if/when it eventually starts up. (Trac 905, 1050). As errors in starting up the OpenVPN daemon are independently handled, its better to keep retrying the management interface connection until aborted due to errors or by the user. - On timeout, log a message on the status window and retry the management interface connection - Eliminate the timed-out state that is no longer used - Call StopOpenVPN() before abort so that OpenVPN daemon is not left running in case it starts up later. - In the unlikely event that OpenManagement() fails, show an error - User can abort by pressing disconnect A "retrying.." message is logged on to the status window every 15 seconds. See Trac: #905, #1050 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
{
MessageBoxEx(NULL, L"Failed to open management", _T(PACKAGE_NAME),
MB_OK|MB_SETFOREGROUND|MB_ICONERROR, GetGUILanguage());
StopOpenVPN(c);
}
use managment interface
14 years ago
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/* Start the async read loop for service and set it as the wait event */
Terminate any openvpn processes that fail to stop Sometimes gracefully stopping openvpn fails leaving the process running in background. This causes restarting of connections to fail until those processes are manually killed. - Read process ID from interactive service to get process handle when openvpn is started by the service. - Add a last resort method to forcefully terminate openvpn process that fails to exit aftier sending stop signal. Terminate is triggered after a 3 second timeout following Stop. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (c->iserv.hEvent)
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
HandleServiceIO (0, 0, (LPOVERLAPPED) &c->iserv);
wait_event = c->iserv.hEvent;
}
else
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
{
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
wait_event = c->hProcess;
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
}
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Option to disable attaching to persistent connections Three options are provided to control scanning of persistent (pre-satrted) connections in config-auto folder, and how they are attached to. Auto: Scan and list persistent connections and attach to their management i/f automatically at startup, and periodically retry on failure to attach. Manual: Scan and list as above, but do not attach automatically. User can attach to such connections by manually clicking connect. Never: Do not scan config-auto folder. Default is "Auto" Change of this setting in the settings menu will take full effect only if none of the connections are in connecting/connected/detached state so that the connection list can be updated. Otherwise restart the GUI. TODO: Copying the settings dialog changes to all languages Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
/* For persistent connections, popup the status win only if we're in manual mode */
if (o.silent_connection == 0 && ((c->flags & FLAG_DAEMON_PERSISTENT) == 0 || o.enable_persistent == 1))
use managment interface
14 years ago
ShowWindow(c->hwndStatus, SW_SHOW);
Parse and display messages received by echo msg commands Process four new echo commands to construct messages to be displayed to the user: echo msg message-text echo msg-n message-text echo msg-window message-title echo msg-notify message-title Note: All rules of push and echo processing apply and determine what is received as echo commands by the GUI. In addition, 'url-encoded' characters (% followed by two hex digits) are decoded and displayed. The message is constructed in the GUI by concatenating the text specified in one or more "echo msg text" or "echo msg-n text" commands. In case of "echo msg text" text is appended with a new line. An empty text in this case will just add a new line. The message ends and gets displayed when one of the following are receieved: echo msg-window title echo msg-notify title where "title" becomes the title of the message window. In case of msg-window, a modeless window shows the message, in the latter case a notification balloon is shown. Example: when pushed from the server: push "echo msg I say let the world go to hell%2C" push "echo msg I must have my cup of tea." push "echo msg-window Notes from the underground" will display a modeless window with title "Notes from the underground" and a two line body -- I say let the world go to hell, I must have my cup of tea. -- Note that the message itself is not quoted in the above examples and so it relies on the server's option-parser combining individual words into a space separated string. Number of words on a line is limited by the maximum number of parameters allowed in openvpn commands (16). This limitation may be avoided by quoting the text that follows so that the option parser sees it as one parameter. The comma character is not allowed in pushed strings, so it has to be sent encoded as %2C as shown above. Such encoding of arbitrary bytes is suppored. For example, newlines may be embedded as %0A, though discouraged. Instead use multiple "echo msg" commands to separate lines by new line. An example with embedded spaces and multiple lines concatenated without a new line in between (note use of single quotes): push "echo msg-n I swear to you gentlemen%2C that to be" push "echo msg-n ' overly conscious is a sickness%2C ' " push "echo msg-n a real%2C thorough sickness." push "echo msg-notify Quote of the Day" will show up as a notification that displays for an OS-dependent interval as: -- Quote of the Day I swear to you gentlemen, that to be overly conscious is a sickness, a real, thorough sickness. -- where the location of the line break is automatically determined by the notification API and is OS version-dependent. Commands like "echo msg ..." in the config file are also processed the same way. It gets displayed when the GUI connects to the management interface and receives all pending echo. Pushed message(s) get displayed when the client daemon processes push-reply and passes on echo directives to the GUI. TODO: The actual window that displays the messages is implemented in the next commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* Load echo msg histroy from registry */
echo_msg_load(c);
use managment interface
14 years ago
/* Run the message loop for the status window */
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
while (WM_QUIT != msg.message)
use managment interface
14 years ago
{
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
DWORD res;
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if (wait_event == NULL) /* for persistent connections there is no wait_event */
{
res = GetMessage(&msg, NULL, 0, 0);
if (res == (DWORD) -1) /* log the error and continue */
{
MsgToEventLog(EVENTLOG_WARNING_TYPE, L"GetMessage for <%ls> returned error (status=%lu)",
c->config_name, GetLastError());
continue;
}
else if (res == 0) /* WM_QUIT */
{
break;
}
}
else if (!PeekMessage(&msg, NULL, 0, 0, PM_REMOVE))
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
if ((res = MsgWaitForMultipleObjectsEx (1, &wait_event, INFINITE, QS_ALLINPUT,
MWMO_ALERTABLE)) == WAIT_OBJECT_0)
{
Terminate any openvpn processes that fail to stop Sometimes gracefully stopping openvpn fails leaving the process running in background. This causes restarting of connections to fail until those processes are manually killed. - Read process ID from interactive service to get process handle when openvpn is started by the service. - Add a last resort method to forcefully terminate openvpn process that fails to exit aftier sending stop signal. Terminate is triggered after a 3 second timeout following Stop. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (wait_event == c->hProcess)
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
OnProcess (c, NULL);
Terminate any openvpn processes that fail to stop Sometimes gracefully stopping openvpn fails leaving the process running in background. This causes restarting of connections to fail until those processes are manually killed. - Read process ID from interactive service to get process handle when openvpn is started by the service. - Add a last resort method to forcefully terminate openvpn process that fails to exit aftier sending stop signal. Terminate is triggered after a 3 second timeout following Stop. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
else if (wait_event == c->iserv.hEvent)
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
OnService (c, NULL);
}
continue;
}
Fix exit handling while in modal loops PostThreadMessage used to trigger exit event gets lost while in modal dialog loops such as auth dialog. Replace it by PostMessage and handle it in the status window callback. Fixes openvpn processes left behind if exit is pressed while user-auth dialog is active. Changes after feedback: - Use PostMessage correctly in SuspendOpenVPN() (error pointed out by leobasilio@gmail.com). Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
if (IsDialogMessage(c->hwndStatus, &msg) == 0)
use managment interface
14 years ago
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/* release handles etc.*/
Cleanup (c);
Do not start a connection when a previous thread has not fully exited When openvpn exits due to error, the GUI pops up a modal dialog and waits on user to click OK before cleaning up resources and closing the status window. During this phase if the user clicks "connect" from the tray menu, a new thread is started overwriiting several handles in the connection struct. Fix: Refuse to start a connection when previous status thread is still active. Instead, bring the exisiting status window to fore-ground. Also make the modal dialog a child of the status window for better visibility. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
c->hwndStatus = NULL;
use managment interface
14 years ago
return 0;
}
/*
* Set priority based on the registry or cmd-line value
*/
static BOOL
SetProcessPriority(DWORD *priority)
{
*priority = NORMAL_PRIORITY_CLASS;
if (!_tcscmp(o.priority_string, _T("IDLE_PRIORITY_CLASS")))
*priority = IDLE_PRIORITY_CLASS;
else if (!_tcscmp(o.priority_string, _T("BELOW_NORMAL_PRIORITY_CLASS")))
*priority = BELOW_NORMAL_PRIORITY_CLASS;
else if (!_tcscmp(o.priority_string, _T("NORMAL_PRIORITY_CLASS")))
*priority = NORMAL_PRIORITY_CLASS;
else if (!_tcscmp(o.priority_string, _T("ABOVE_NORMAL_PRIORITY_CLASS")))
*priority = ABOVE_NORMAL_PRIORITY_CLASS;
else if (!_tcscmp(o.priority_string, _T("HIGH_PRIORITY_CLASS")))
*priority = HIGH_PRIORITY_CLASS;
else
{
ShowLocalizedMsg(IDS_ERR_UNKNOWN_PRIORITY, o.priority_string);
return FALSE;
}
return TRUE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
#ifdef ENABLE_OVPN3
inline static
struct json_object* json_object_new_utf16_string(wchar_t *utf16)
{
DWORD input_size = WideCharToMultiByte(CP_UTF8, 0, utf16, -1, NULL, 0, NULL, NULL);
struct json_object* jobj = NULL;
char *utf8 = malloc(input_size);
if (!utf8)
{
goto out;
}
WideCharToMultiByte(CP_UTF8, 0, utf16, -1, utf8, input_size, NULL, NULL);
jobj = json_object_new_string(utf8);
free(utf8);
out:
return jobj;
}
static char* PrepareStartJsonRequest(connection_t *c, wchar_t *exit_event_name)
{
const char *request_header = "POST /start HTTP/1.1\r\nContent-Type: application/json\r\nContent-Length: %zd\r\n\r\n";
json_object *jobj = json_object_new_object();
json_object_object_add(jobj, "config_file", json_object_new_utf16_string(c->config_file));
json_object_object_add(jobj, "config_dir", json_object_new_utf16_string(c->config_dir));
json_object_object_add(jobj, "exit_event_name", json_object_new_utf16_string(exit_event_name));
json_object_object_add(jobj, "management_password", json_object_new_string(c->manage.password));
json_object_object_add(jobj, "management_host", json_object_new_string(inet_ntoa(c->manage.skaddr.sin_addr)));
json_object_object_add(jobj, "management_port", json_object_new_int(ntohs(c->manage.skaddr.sin_port)));
json_object_object_add(jobj, "log", json_object_new_utf16_string(c->log_path));
json_object_object_add(jobj, "log-append", json_object_new_int(o.log_append));
const char *body = json_object_to_json_string(jobj);
int len = snprintf(NULL, 0, request_header, strlen(body)) + strlen(body) + 1;
char* request = calloc(1, len);
if (request == NULL)
{
goto out;
}
sprintf_s(request, len, request_header, strlen(body));
strcat_s(request, len, body);
out:
json_object_put(jobj);
return request;
}
#endif
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
/* If state is on hold -- release */
void
ReleaseOpenVPN(connection_t *c)
{
if (c->state != onhold)
{
return;
}
PostMessage(c->hwndStatus, WM_OVPN_RELEASE, 0, 0);
}
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
/* Start a thread to monitor a connection and launch openvpn.exe if required */
use managment interface
14 years ago
BOOL
StartOpenVPN(connection_t *c)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
support starting OpenVPN via interactive service
13 years ago
CLEAR(c->ip);
Do not start a connection when a previous thread has not fully exited When openvpn exits due to error, the GUI pops up a modal dialog and waits on user to click OK before cleaning up resources and closing the status window. During this phase if the user clicks "connect" from the tray menu, a new thread is started overwriiting several handles in the connection struct. Fix: Refuse to start a connection when previous status thread is still active. Instead, bring the exisiting status window to fore-ground. Also make the modal dialog a child of the status window for better visibility. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
if (c->hwndStatus)
{
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if (c->state == onhold)
{
ReleaseOpenVPN(c);
return true;
}
Support sending commands to running instance - New option --command <action> <params> to send commands to a running instance of openvpn-gui.exe Supported actions are connect, disconnect, reconnect each of which takes the name of the config (with or without the extension .ovpn) as a parameter; disconnect_all, exit which take no parameter and silent_connection which takes an optional parameter = 0 or 1 (1 is the default) Examples: with the gui running, start a new instance as openvpn-gui.exe --command disconnect myvpn : ask running instance to disconnect myvpn if connected openvpn-gui.exe --command status myvpn : ask running instance to show the status window for myvpn if available openvpn-gui.exe --command disconnect_all : ask running instance to disconnect all active connections - The second instance exits after issuing a SendMessage to the already running instance. If no action is specified, the running instance is notified to show a balloon to alert the user - These messages may also be sent from scripts as COPYDATA messages with the wData element specifying the action to execute and lpData a pointer to the parameter. The dwData param must be one of WM_OVPN_xxx with xxx = START, STOP, RESTART, STOPALL, EXIT or SILENT. See main.h for their values. v2: Bug fixes based on test reports from larson0815 here: https://github.com/selvanair/openvpn-gui/issues/5 and cron410 here: https://github.com/OpenVPN/openvpn-gui/issues/104 Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
PrintDebug(L"Connection request when already started -- ignored");
/* the tread can hang around after disconnect if user has not dismissed any popups */
if (c->state == disconnected)
WriteStatusLog(c, L"OpenVPN GUI> ",
L"Complete any pending dialog before starting a new connection", false);
if (!o.silent_connection)
{
SetForegroundWindow(c->hwndStatus);
ShowWindow(c->hwndStatus, SW_SHOW);
}
Do not start a connection when a previous thread has not fully exited When openvpn exits due to error, the GUI pops up a modal dialog and waits on user to click OK before cleaning up resources and closing the status window. During this phase if the user clicks "connect" from the tray menu, a new thread is started overwriiting several handles in the connection struct. Fix: Refuse to start a connection when previous status thread is still active. Instead, bring the exisiting status window to fore-ground. Also make the modal dialog a child of the status window for better visibility. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
return FALSE;
}
Add a button for detaching from the management interface Useful for releasing the management interface if the user wants to connect to it by other means. Detached connections are set to state = detached (no disconnected) and auto_connect disabled, so that they could be handled properly during a re-attach. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
else if (c->state != disconnected && c->state != detached)
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
{
return FALSE;
}
Do not start a connection when a previous thread has not fully exited When openvpn exits due to error, the GUI pops up a modal dialog and waits on user to click OK before cleaning up resources and closing the status window. During this phase if the user clicks "connect" from the tray menu, a new thread is started overwriiting several handles in the connection struct. Fix: Refuse to start a connection when previous status thread is still active. Instead, bring the exisiting status window to fore-ground. Also make the modal dialog a child of the status window for better visibility. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
PrintDebug(L"Starting openvpn on config %ls", c->config_name);
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
/* Create thread to show the connection's status dialog */
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
HANDLE hThread = CreateThread(NULL, 0, ThreadOpenVPNStatus, c, CREATE_SUSPENDED, &c->threadId);
use managment interface
14 years ago
if (hThread == NULL)
{
ShowLocalizedMsg(IDS_ERR_CREATE_THREAD_STATUS);
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
return false;
}
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if (c->flags & FLAG_DAEMON_PERSISTENT)
{
if (!ParseManagementAddress(c))
{
TerminateThread(hThread, 1);
return false;
}
}
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
/* Launch openvpn.exe using the service or directly */
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
else if (!LaunchOpenVPN(c))
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
{
TerminateThread(hThread, 1);
return false;
use managment interface
14 years ago
}
Refactor StartOpenVPN() - Split starting the status thread and launch of the daemon process (openvpn.exe) into separate functions. This is useful for implementing control of persistent connections where the daemon is launched externally: e.g., by the automatic service. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
/* Start the status dialog thread */
ResumeThread(hThread);
if (hThread && hThread != INVALID_HANDLE_VALUE)
CloseHandle(hThread);
return true;
}
/*
* Launch an OpenVPN process
*/
static BOOL
LaunchOpenVPN(connection_t *c)
{
TCHAR cmdline[1024];
TCHAR *options = cmdline + 8;
TCHAR exit_event_name[17];
HANDLE hStdInRead = NULL, hStdInWrite = NULL;
HANDLE hNul = NULL;
DWORD written;
BOOL retval = FALSE;
RunPreconnectScript(c);
use managment interface
14 years ago
/* Create an event object to signal OpenVPN to exit */
_sntprintf_0(exit_event_name, _T("%x%08x"), GetCurrentProcessId(), c->threadId);
c->exit_event = CreateEvent(NULL, TRUE, FALSE, exit_event_name);
if (c->exit_event == NULL)
{
ShowLocalizedMsg(IDS_ERR_CREATE_EVENT, exit_event_name);
support starting OpenVPN via interactive service
13 years ago
goto out;
use managment interface
14 years ago
}
/* Create a management interface password */
GetRandomPassword(c->manage.password, sizeof(c->manage.password) - 1);
Find a free port for management interface Bind a socket and then close to identify a free port and use it when starting openvpn.exe. Try port = offset + config-index is first, matching the current usage, and fallback to a dynamic port if the former fails. Trac: #1051 Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
find_free_tcp_port(&c->manage.skaddr);
Put --log first in the command line This is needed to avoid early messages going to stdout leaving no trace of errors when openvpn exits before management interface is up. It also ensures that any --log directives in the config do not override the log file location. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/* Construct command line -- put log first */
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
_sntprintf_0(cmdline, _T("openvpn --log%ls \"%ls\" --config \"%ls\" "
"--setenv IV_GUI_VER \"%hs\" --setenv IV_SSO openurl,crtext --service %ls 0 --auth-retry interact "
"--management %hs %hd stdin --management-query-passwords %ls"
Put --log first in the command line This is needed to avoid early messages going to stdout leaving no trace of errors when openvpn exits before management interface is up. It also ensures that any --log directives in the config do not override the log file location. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
"--management-hold"),
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
(o.log_append ? _T("-append") : _T("")), c->log_path,
Put --log first in the command line This is needed to avoid early messages going to stdout leaving no trace of errors when openvpn exits before management interface is up. It also ensures that any --log directives in the config do not override the log file location. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
c->config_file, PACKAGE_STRING, exit_event_name,
supply system proxy settings to management itf Proxy settings are fetched from the users Internet Options for the active connection. If WPAD or a PAC script is configured they are preferred and used for automatic proxy detection. Proxy bypass configuration is completely ignored.
13 years ago
inet_ntoa(c->manage.skaddr.sin_addr), ntohs(c->manage.skaddr.sin_port),
(o.proxy_source != config ? _T("--management-query-proxy ") : _T("")));
use managment interface
14 years ago
Introduce "Always use interactive service" option We didn't use interactive service when gui was running under admin because of some privilege escalation vulnerability in Vista. Apparently this issue doesn't exist on Win7 and newer versions so it is safe to use iservice on those systems. Introduce "Always use interactive service" option, which is "on" by default. This should enable users, who by various reasons run gui as admin, use Wintun. When gui is running as admin and interactive service cannot be started or not installed, warn that wintun will not work. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
BOOL use_iservice = (o.iservice_admin && IsWindows7OrGreater()) || !IsUserAdmin();
support starting OpenVPN via interactive service
13 years ago
/* Try to open the service pipe */
Introduce "Always use interactive service" option We didn't use interactive service when gui was running under admin because of some privilege escalation vulnerability in Vista. Apparently this issue doesn't exist on Win7 and newer versions so it is safe to use iservice on those systems. Introduce "Always use interactive service" option, which is "on" by default. This should enable users, who by various reasons run gui as admin, use Wintun. When gui is running as admin and interactive service cannot be started or not installed, warn that wintun will not work. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
if (use_iservice && InitServiceIO(&c->iserv))
use managment interface
14 years ago
{
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
BOOL res = FALSE;
Handle interactive service policy restrictions When a connection is attempted using a config in a location that would fail, offer an option to add the user to the "OpenVPN Administrators" group. This is done using shell-execute which will show a UAC prompt for elevation. If it fails (due to user chooses NO or the UAC dialog fails) the connection is not started. v2 Changes - Rebase to master - Automaticlaly add the admin group if it doesn't exist - Allow unicode strings in debug output - Use domain\username to identify user - Fix the PrintDebug macro Minor changes based on user feedback - Bring the window back to foreground after UAC prompt completion - Show a message if another connection is tried during authorization - Do not add user to ovpn_admin_group if it is same as the built-in admin group Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
if (o.ovpn_engine == OPENVPN_ENGINE_OVPN3)
Handle interactive service policy restrictions When a connection is attempted using a config in a location that would fail, offer an option to add the user to the "OpenVPN Administrators" group. This is done using shell-execute which will show a UAC prompt for elevation. If it fails (due to user chooses NO or the UAC dialog fails) the connection is not started. v2 Changes - Rebase to master - Automaticlaly add the admin group if it doesn't exist - Allow unicode strings in debug output - Use domain\username to identify user - Fix the PrintDebug macro Minor changes based on user feedback - Bring the window back to foreground after UAC prompt completion - Show a message if another connection is tried during authorization - Do not add user to ovpn_admin_group if it is same as the built-in admin group Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
#ifdef ENABLE_OVPN3
char *request = PrepareStartJsonRequest(c, exit_event_name);
res = (request != NULL) && WritePipe(c->iserv.pipe, request, strlen(request));
free(request);
#endif
Handle interactive service policy restrictions When a connection is attempted using a config in a location that would fail, offer an option to add the user to the "OpenVPN Administrators" group. This is done using shell-execute which will show a UAC prompt for elevation. If it fails (due to user chooses NO or the UAC dialog fails) the connection is not started. v2 Changes - Rebase to master - Automaticlaly add the admin group if it doesn't exist - Allow unicode strings in debug output - Use domain\username to identify user - Fix the PrintDebug macro Minor changes based on user feedback - Bring the window back to foreground after UAC prompt completion - Show a message if another connection is tried during authorization - Do not add user to ovpn_admin_group if it is same as the built-in admin group Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
}
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
else
{
DWORD size = _tcslen(c->config_dir) + _tcslen(options) + sizeof(c->manage.password) + 3;
TCHAR startup_info[1024];
if (!AuthorizeConfig(c))
{
CloseHandle(c->exit_event);
CloseServiceIO(&c->iserv);
goto out;
}
c->hProcess = NULL;
c->manage.password[sizeof(c->manage.password) - 1] = '\n';
Handle interactive service policy restrictions When a connection is attempted using a config in a location that would fail, offer an option to add the user to the "OpenVPN Administrators" group. This is done using shell-execute which will show a UAC prompt for elevation. If it fails (due to user chooses NO or the UAC dialog fails) the connection is not started. v2 Changes - Rebase to master - Automaticlaly add the admin group if it doesn't exist - Allow unicode strings in debug output - Use domain\username to identify user - Fix the PrintDebug macro Minor changes based on user feedback - Bring the window back to foreground after UAC prompt completion - Show a message if another connection is tried during authorization - Do not add user to ovpn_admin_group if it is same as the built-in admin group Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
/* Ignore pushed route-method when service is in use */
const wchar_t* extra_options = L" --pull-filter ignore route-method";
size += wcslen(extra_options);
Ignore pushed --route-method when interactive service is in use When using interactive service, route addition should use the service. The user may not have privileges to set routes otherwise. We already override any --route-method set in the config file as openvpn.exe is started with --msg-channel as the last option which sets route-method to ROUTE_METHOD_SERVICE. This patch extends that to pushed --route-method Also change _T("") to L"" in the edited lines to be explicit about wide and narrow strings. We no longer support non-unicode builds. No change when interactive service is not used. Ref: issue #281 Signed-off-by: Selva Nair <selva.nair@gmail.com>
6 years ago
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
_sntprintf_0(startup_info, L"%ls%lc%ls%ls%lc%.*hs", c->config_dir, L'\0',
options, extra_options, L'\0', sizeof(c->manage.password), c->manage.password);
c->manage.password[sizeof(c->manage.password) - 1] = '\0';
Ignore pushed --route-method when interactive service is in use When using interactive service, route addition should use the service. The user may not have privileges to set routes otherwise. We already override any --route-method set in the config file as openvpn.exe is started with --msg-channel as the last option which sets route-method to ROUTE_METHOD_SERVICE. This patch extends that to pushed --route-method Also change _T("") to L"" in the edited lines to be explicit about wide and narrow strings. We no longer support non-unicode builds. No change when interactive service is not used. Ref: issue #281 Signed-off-by: Selva Nair <selva.nair@gmail.com>
6 years ago
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
res = WritePipe(c->iserv.pipe, startup_info, size * sizeof(TCHAR));
}
support starting OpenVPN via interactive service
13 years ago
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
if (!res)
support starting OpenVPN via interactive service
13 years ago
{
Better error reporting when connection fails to come up - Handle early errors (openvpn exits before management connection is up) with a helpful error message that points the user to view log. - Include only readable config files in the connection list - Warn if no connection profiles found TODO: handle startup errors from interactive service
9 years ago
ShowLocalizedMsg (IDS_ERR_WRITE_SERVICE_PIPE);
support starting OpenVPN via interactive service
13 years ago
CloseHandle(c->exit_event);
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
CloseServiceIO(&c->iserv);
support starting OpenVPN via interactive service
13 years ago
goto out;
}
use managment interface
14 years ago
}
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
#ifdef ENABLE_OVPN3
else if (o.ovpn_engine == OPENVPN_ENGINE_OVPN3)
{
ShowLocalizedMsg(IDS_ERR_WRITE_SERVICE_PIPE);
CloseHandle(c->exit_event);
CloseServiceIO(&c->iserv);
goto out;
}
#endif
support starting OpenVPN via interactive service
13 years ago
else
{
/* Start OpenVPN directly */
DWORD priority;
STARTUPINFO si;
PROCESS_INFORMATION pi;
SECURITY_DESCRIPTOR sd;
/* Make I/O handles inheritable and accessible by all */
SECURITY_ATTRIBUTES sa = {
.nLength = sizeof(sa),
.lpSecurityDescriptor = &sd,
.bInheritHandle = TRUE
};
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
support starting OpenVPN via interactive service
13 years ago
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
{
ShowLocalizedMsg(IDS_ERR_INIT_SEC_DESC);
CloseHandle(c->exit_event);
return FALSE;
}
if (!SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE))
{
ShowLocalizedMsg(IDS_ERR_SET_SEC_DESC_ACL);
CloseHandle(c->exit_event);
return FALSE;
}
use managment interface
14 years ago
support starting OpenVPN via interactive service
13 years ago
/* Set process priority */
if (!SetProcessPriority(&priority))
{
CloseHandle(c->exit_event);
return FALSE;
}
/* Get a handle of the NUL device */
hNul = CreateFile(_T("NUL"), GENERIC_WRITE, FILE_SHARE_WRITE, &sa, OPEN_EXISTING, 0, NULL);
if (hNul == INVALID_HANDLE_VALUE)
{
CloseHandle(c->exit_event);
return FALSE;
}
/* Create the pipe for STDIN with only the read end inheritable */
if (!CreatePipe(&hStdInRead, &hStdInWrite, &sa, 0))
{
ShowLocalizedMsg(IDS_ERR_CREATE_PIPE_IN_READ);
CloseHandle(c->exit_event);
goto out;
}
if (!SetHandleInformation(hStdInWrite, HANDLE_FLAG_INHERIT, 0))
{
ShowLocalizedMsg(IDS_ERR_DUP_HANDLE_IN_WRITE);
CloseHandle(c->exit_event);
goto out;
}
/* Fill in STARTUPINFO struct */
GetStartupInfo(&si);
si.cb = sizeof(si);
si.dwFlags = STARTF_USESTDHANDLES;
si.hStdInput = hStdInRead;
si.hStdOutput = hNul;
si.hStdError = hNul;
/* Create an OpenVPN process for the connection */
if (!CreateProcess(o.exe_path, cmdline, NULL, NULL, TRUE,
priority | CREATE_NO_WINDOW, NULL, c->config_dir, &si, &pi))
{
ShowLocalizedMsg(IDS_ERR_CREATE_PROCESS, o.exe_path, cmdline, c->config_dir);
CloseHandle(c->exit_event);
goto out;
}
Promptly close pipe handles passed to child Parent keeping the handle to write end of child's stdout will cause ERROR_BROKEN_PIPE not signalled if/when the child exits. Also add a wrapper for CloseHandle() Fixes the GUI process hanging in read from child if the latter unexpectedly dies due to some error. Trac #1203 Signed-off-by: Selva Nair <selva.nair@gmail.com>
5 years ago
CloseHandleEx(&hStdInRead);
CloseHandleEx(&hNul);
support starting OpenVPN via interactive service
13 years ago
/* Pass management password to OpenVPN process */
c->manage.password[sizeof(c->manage.password) - 1] = '\n';
WriteFile(hStdInWrite, c->manage.password, sizeof(c->manage.password), &written, NULL);
c->manage.password[sizeof(c->manage.password) - 1] = '\0';
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
c->hProcess = pi.hProcess; /* Will be closed in the event loop on exit */
support starting OpenVPN via interactive service
13 years ago
CloseHandle(pi.hThread);
}
use managment interface
14 years ago
retval = TRUE;
support starting OpenVPN via interactive service
13 years ago
out:
if (hStdInWrite && hStdInWrite != INVALID_HANDLE_VALUE)
CloseHandle(hStdInWrite);
if (hStdInRead && hStdInRead != INVALID_HANDLE_VALUE)
CloseHandle(hStdInRead);
if (hNul && hNul != INVALID_HANDLE_VALUE)
CloseHandle(hNul);
use managment interface
14 years ago
return retval;
}
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
/* Close the status thread without disconnecting the tunnel.
* Meant to be used only on persistent connections which can
* stay connected without the GUI tending to it.
*/
void
DetachOpenVPN(connection_t *c)
{
/* currently supported only for persistent connections */
if (c->flags & FLAG_DAEMON_PERSISTENT)
{
Add a button for detaching from the management interface Useful for releasing the management interface if the user wants to connect to it by other means. Detached connections are set to state = detached (no disconnected) and auto_connect disabled, so that they could be handled properly during a re-attach. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
c->auto_connect = false;
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
PostMessage(c->hwndStatus, WM_OVPN_DETACH, 0, 0);
}
}
use managment interface
14 years ago
void
StopOpenVPN(connection_t *c)
{
Fix exit handling while in modal loops PostThreadMessage used to trigger exit event gets lost while in modal dialog loops such as auth dialog. Replace it by PostMessage and handle it in the status window callback. Fixes openvpn processes left behind if exit is pressed while user-auth dialog is active. Changes after feedback: - Use PostMessage correctly in SuspendOpenVPN() (error pointed out by leobasilio@gmail.com). Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
PostMessage(c->hwndStatus, WM_OVPN_STOP, 0, 0);
use managment interface
14 years ago
}
Terminate any openvpn processes that fail to stop Sometimes gracefully stopping openvpn fails leaving the process running in background. This causes restarting of connections to fail until those processes are manually killed. - Read process ID from interactive service to get process handle when openvpn is started by the service. - Add a last resort method to forcefully terminate openvpn process that fails to exit aftier sending stop signal. Terminate is triggered after a 3 second timeout following Stop. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/* force-kill as a last resort */
static BOOL
TerminateOpenVPN (connection_t *c)
{
DWORD exit_code = 0;
BOOL retval = TRUE;
if (!c->hProcess)
return retval;
if (!GetExitCodeProcess (c->hProcess, &exit_code))
{
PrintDebug (L"In TerminateOpenVPN: failed to get process status: error = %lu", GetLastError());
return FALSE;
}
if (exit_code == STILL_ACTIVE)
{
retval = TerminateProcess (c->hProcess, 1);
if (retval)
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
PrintDebug (L"Openvpn Process for config '%ls' terminated", c->config_name);
Terminate any openvpn processes that fail to stop Sometimes gracefully stopping openvpn fails leaving the process running in background. This causes restarting of connections to fail until those processes are manually killed. - Read process ID from interactive service to get process handle when openvpn is started by the service. - Add a last resort method to forcefully terminate openvpn process that fails to exit aftier sending stop signal. Terminate is triggered after a 3 second timeout following Stop. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
else
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
PrintDebug (L"Failed to terminate openvpn Process for config '%ls'", c->config_name);
Terminate any openvpn processes that fail to stop Sometimes gracefully stopping openvpn fails leaving the process running in background. This causes restarting of connections to fail until those processes are manually killed. - Read process ID from interactive service to get process handle when openvpn is started by the service. - Add a last resort method to forcefully terminate openvpn process that fails to exit aftier sending stop signal. Terminate is triggered after a 3 second timeout following Stop. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
}
else
PrintDebug(L"In TerminateOpenVPN: Process is not active");
return retval;
}
use managment interface
14 years ago
void
SuspendOpenVPN(int config)
{
Fix exit handling while in modal loops PostThreadMessage used to trigger exit event gets lost while in modal dialog loops such as auth dialog. Replace it by PostMessage and handle it in the status window callback. Fixes openvpn processes left behind if exit is pressed while user-auth dialog is active. Changes after feedback: - Use PostMessage correctly in SuspendOpenVPN() (error pointed out by leobasilio@gmail.com). Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
PostMessage(o.conn[config].hwndStatus, WM_OVPN_SUSPEND, 0, 0);
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
Add restart button to connection menus - This works the same way as restart button in the status window but is more conveniently accessible from the tray menu. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
void
RestartOpenVPN(connection_t *c)
{
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
if (c->state == onhold)
{
ReleaseOpenVPN(c);
}
else if (c->hwndStatus)
{
Support sending commands to running instance - New option --command <action> <params> to send commands to a running instance of openvpn-gui.exe Supported actions are connect, disconnect, reconnect each of which takes the name of the config (with or without the extension .ovpn) as a parameter; disconnect_all, exit which take no parameter and silent_connection which takes an optional parameter = 0 or 1 (1 is the default) Examples: with the gui running, start a new instance as openvpn-gui.exe --command disconnect myvpn : ask running instance to disconnect myvpn if connected openvpn-gui.exe --command status myvpn : ask running instance to show the status window for myvpn if available openvpn-gui.exe --command disconnect_all : ask running instance to disconnect all active connections - The second instance exits after issuing a SendMessage to the already running instance. If no action is specified, the running instance is notified to show a balloon to alert the user - These messages may also be sent from scripts as COPYDATA messages with the wData element specifying the action to execute and lpData a pointer to the parameter. The dwData param must be one of WM_OVPN_xxx with xxx = START, STOP, RESTART, STOPALL, EXIT or SILENT. See main.h for their values. v2: Bug fixes based on test reports from larson0815 here: https://github.com/selvanair/openvpn-gui/issues/5 and cron410 here: https://github.com/OpenVPN/openvpn-gui/issues/104 Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
PostMessage(c->hwndStatus, WM_OVPN_RESTART, 0, 0);
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
}
Support sending commands to running instance - New option --command <action> <params> to send commands to a running instance of openvpn-gui.exe Supported actions are connect, disconnect, reconnect each of which takes the name of the config (with or without the extension .ovpn) as a parameter; disconnect_all, exit which take no parameter and silent_connection which takes an optional parameter = 0 or 1 (1 is the default) Examples: with the gui running, start a new instance as openvpn-gui.exe --command disconnect myvpn : ask running instance to disconnect myvpn if connected openvpn-gui.exe --command status myvpn : ask running instance to show the status window for myvpn if available openvpn-gui.exe --command disconnect_all : ask running instance to disconnect all active connections - The second instance exits after issuing a SendMessage to the already running instance. If no action is specified, the running instance is notified to show a balloon to alert the user - These messages may also be sent from scripts as COPYDATA messages with the wData element specifying the action to execute and lpData a pointer to the parameter. The dwData param must be one of WM_OVPN_xxx with xxx = START, STOP, RESTART, STOPALL, EXIT or SILENT. See main.h for their values. v2: Bug fixes based on test reports from larson0815 here: https://github.com/selvanair/openvpn-gui/issues/5 and cron410 here: https://github.com/OpenVPN/openvpn-gui/issues/104 Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
else /* Not started: treat this as a request to connect */
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
{
Support sending commands to running instance - New option --command <action> <params> to send commands to a running instance of openvpn-gui.exe Supported actions are connect, disconnect, reconnect each of which takes the name of the config (with or without the extension .ovpn) as a parameter; disconnect_all, exit which take no parameter and silent_connection which takes an optional parameter = 0 or 1 (1 is the default) Examples: with the gui running, start a new instance as openvpn-gui.exe --command disconnect myvpn : ask running instance to disconnect myvpn if connected openvpn-gui.exe --command status myvpn : ask running instance to show the status window for myvpn if available openvpn-gui.exe --command disconnect_all : ask running instance to disconnect all active connections - The second instance exits after issuing a SendMessage to the already running instance. If no action is specified, the running instance is notified to show a balloon to alert the user - These messages may also be sent from scripts as COPYDATA messages with the wData element specifying the action to execute and lpData a pointer to the parameter. The dwData param must be one of WM_OVPN_xxx with xxx = START, STOP, RESTART, STOPALL, EXIT or SILENT. See main.h for their values. v2: Bug fixes based on test reports from larson0815 here: https://github.com/selvanair/openvpn-gui/issues/5 and cron410 here: https://github.com/OpenVPN/openvpn-gui/issues/104 Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
StartOpenVPN(c);
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
}
Add restart button to connection menus - This works the same way as restart button in the status window but is more conveniently accessible from the tray menu. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
}
use managment interface
14 years ago
void
SetStatusWinIcon(HWND hwndDlg, int iconId)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
Load icons at sizes given by DPI-dependent system metric - Check system metric for large and small icon sizes and try to load the correct size instaed of scaling from one size. Scaling will still happen if the required size is not available in the icon resource. As we add more icon sizes they will get automatically used as needed. LoadImage scales up from next smallest size available. Revisit this when LoadIconWithScaleDown (Vista+) becomes available in mingw. Resolves Trac: #772 (icon scaling issue) Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
HICON hIcon = LoadLocalizedSmallIcon(iconId);
use managment interface
14 years ago
if (!hIcon)
return;
Load icons at sizes given by DPI-dependent system metric - Check system metric for large and small icon sizes and try to load the correct size instaed of scaling from one size. Scaling will still happen if the required size is not available in the icon resource. As we add more icon sizes they will get automatically used as needed. LoadImage scales up from next smallest size available. Revisit this when LoadIconWithScaleDown (Vista+) becomes available in mingw. Resolves Trac: #772 (icon scaling issue) Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
HICON hIconBig = LoadLocalizedIcon(ID_ICO_APP);
if (!hIconBig)
hIconBig = hIcon;
use managment interface
14 years ago
SendMessage(hwndDlg, WM_SETICON, (WPARAM) ICON_SMALL, (LPARAM) hIcon);
Load icons at sizes given by DPI-dependent system metric - Check system metric for large and small icon sizes and try to load the correct size instaed of scaling from one size. Scaling will still happen if the required size is not available in the icon resource. As we add more icon sizes they will get automatically used as needed. LoadImage scales up from next smallest size available. Revisit this when LoadIconWithScaleDown (Vista+) becomes available in mingw. Resolves Trac: #772 (icon scaling issue) Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
SendMessage(hwndDlg, WM_SETICON, (WPARAM) ICON_BIG, (LPARAM) hIconBig);
use managment interface
14 years ago
}
/*
* Read one line from OpenVPN's stdout.
*/
static BOOL
ReadLineFromStdOut(HANDLE hStdOut, char *line, DWORD size)
{
DWORD len, read;
while (TRUE)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
use managment interface
14 years ago
if (!PeekNamedPipe(hStdOut, line, size, &read, NULL, NULL))
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
use managment interface
14 years ago
if (GetLastError() != ERROR_BROKEN_PIPE)
ShowLocalizedMsg(IDS_ERR_READ_STDOUT_PIPE);
return FALSE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
use managment interface
14 years ago
char *pos = memchr(line, '\r', read);
if (pos)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
use managment interface
14 years ago
len = pos - line + 2;
if (len > size)
return FALSE;
break;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
use managment interface
14 years ago
/* Line doesn't fit into the buffer */
if (read == size)
return FALSE;
Sleep(100);
}
if (!ReadFile(hStdOut, line, len, &read, NULL) || read != len)
{
if (GetLastError() != ERROR_BROKEN_PIPE)
ShowLocalizedMsg(IDS_ERR_READ_STDOUT_PIPE);
return FALSE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
use managment interface
14 years ago
line[read - 2] = '\0';
return TRUE;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
remove support for openvpn version < 2.0
15 years ago
BOOL
CheckVersion()
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
{
Promptly close pipe handles passed to child Parent keeping the handle to write end of child's stdout will cause ERROR_BROKEN_PIPE not signalled if/when the child exits. Also add a wrapper for CloseHandle() Fixes the GUI process hanging in read from child if the latter unexpectedly dies due to some error. Trac #1203 Signed-off-by: Selva Nair <selva.nair@gmail.com>
5 years ago
HANDLE hStdOutRead = NULL;
HANDLE hStdOutWrite = NULL;
remove support for openvpn version < 2.0
15 years ago
BOOL retval = FALSE;
STARTUPINFO si;
PROCESS_INFORMATION pi;
TCHAR cmdline[] = _T("openvpn --version");
char match_version[] = "OpenVPN 2.";
TCHAR pwd[MAX_PATH];
char line[1024];
TCHAR *p;
CLEAR(si);
CLEAR(pi);
use managment interface
14 years ago
/* Make handles inheritable and accessible by all */
SECURITY_DESCRIPTOR sd;
SECURITY_ATTRIBUTES sa = {
.nLength = sizeof(sa),
.lpSecurityDescriptor = &sd,
.bInheritHandle = TRUE
};
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
{
ShowLocalizedMsg(IDS_ERR_INIT_SEC_DESC);
return FALSE;
}
if (!SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE))
{
ShowLocalizedMsg(IDS_ERR_SET_SEC_DESC_ACL);
return FALSE;
}
/* Create the pipe for STDOUT with inheritable write end */
if (!CreatePipe(&hStdOutRead, &hStdOutWrite, &sa, 0))
{
ShowLocalizedMsg(IDS_ERR_CREATE_PIPE_IN_READ);
remove support for openvpn version < 2.0
15 years ago
return FALSE;
use managment interface
14 years ago
}
if (!SetHandleInformation(hStdOutRead, HANDLE_FLAG_INHERIT, 0))
{
ShowLocalizedMsg(IDS_ERR_DUP_HANDLE_IN_WRITE);
goto out;
}
remove support for openvpn version < 2.0
15 years ago
/* Construct the process' working directory */
use CRT's _countof instead of proprietary _tsizeof
13 years ago
_tcsncpy(pwd, o.exe_path, _countof(pwd));
remove support for openvpn version < 2.0
15 years ago
p = _tcsrchr(pwd, _T('\\'));
if (p != NULL)
*p = _T('\0');
/* Fill in STARTUPINFO struct */
si.cb = sizeof(si);
si.dwFlags = STARTF_USESTDHANDLES;
use managment interface
14 years ago
si.hStdInput = GetStdHandle(STD_INPUT_HANDLE);
si.hStdOutput = hStdOutWrite;
si.hStdError = hStdOutWrite;
remove support for openvpn version < 2.0
15 years ago
/* Start OpenVPN to check version */
Promptly close pipe handles passed to child Parent keeping the handle to write end of child's stdout will cause ERROR_BROKEN_PIPE not signalled if/when the child exits. Also add a wrapper for CloseHandle() Fixes the GUI process hanging in read from child if the latter unexpectedly dies due to some error. Trac #1203 Signed-off-by: Selva Nair <selva.nair@gmail.com>
5 years ago
bool success = CreateProcess(o.exe_path, cmdline, NULL, NULL, TRUE,
CREATE_NO_WINDOW, NULL, pwd, &si, &pi);
if (!success)
use managment interface
14 years ago
{
remove support for openvpn version < 2.0
15 years ago
ShowLocalizedMsg(IDS_ERR_CREATE_PROCESS, o.exe_path, cmdline, pwd);
Promptly close pipe handles passed to child Parent keeping the handle to write end of child's stdout will cause ERROR_BROKEN_PIPE not signalled if/when the child exits. Also add a wrapper for CloseHandle() Fixes the GUI process hanging in read from child if the latter unexpectedly dies due to some error. Trac #1203 Signed-off-by: Selva Nair <selva.nair@gmail.com>
5 years ago
goto out;
remove support for openvpn version < 2.0
15 years ago
}
Promptly close pipe handles passed to child Parent keeping the handle to write end of child's stdout will cause ERROR_BROKEN_PIPE not signalled if/when the child exits. Also add a wrapper for CloseHandle() Fixes the GUI process hanging in read from child if the latter unexpectedly dies due to some error. Trac #1203 Signed-off-by: Selva Nair <selva.nair@gmail.com>
5 years ago
CloseHandleEx(&hStdOutWrite);
CloseHandleEx(&pi.hThread);
CloseHandleEx(&pi.hProcess);
if (ReadLineFromStdOut(hStdOutRead, line, sizeof(line)))
use managment interface
14 years ago
{
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
#ifdef DEBUG
Use C standrad compliant printf specifications %S --> %hs in wide format strings, %ls otherwise %s --> %ls in wide format strings, unchanged otherwise %c --> %lc in wide format strings Resource files together have about 970 lines affected and were edited by looping through all with sed -i 's/%S/%hs/g' $file sed -i 's/%s/%ls/g' $file All other files were manually changed (about 85 lines). Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei). This breaks non-standard spec such as %S. Anyway, we have been gradually getting rid of those. MSVC builds should not be affected. v2: multiple occurrences in same line was missed in v1 (/g missing in sed expression). Fixed. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
PrintDebug(_T("VersionString: %hs"), line);
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
#endif
remove support for openvpn version < 2.0
15 years ago
/* OpenVPN version 2.x */
Check for interactive service only if OpenVPN version is >= 2.4 This makes it less confusing to run GUI v11 with OpenVPN 2.3.x Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
char *p = strstr(line, match_version);
if (p)
{
remove support for openvpn version < 2.0
15 years ago
retval = TRUE;
Check for interactive service only if OpenVPN version is >= 2.4 This makes it less confusing to run GUI v11 with OpenVPN 2.3.x Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
p = strtok(p+8, " ");
strncpy(o.ovpn_version, p, _countof(o.ovpn_version)-1);
Add missing WINAPI in the definition of HandleServiceIO WINAPI is __stdcall in 32 bit windows (ignored in 64 bit) causing this bug to show up in the 32 bit version only. Also fix out-of-bounds write of ovpn_version[] in openvpn.c Resolves Trac #758 Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
o.ovpn_version[_countof(o.ovpn_version)-1] = '\0';
Check for interactive service only if OpenVPN version is >= 2.4 This makes it less confusing to run GUI v11 with OpenVPN 2.3.x Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
}
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
use managment interface
14 years ago
out:
Promptly close pipe handles passed to child Parent keeping the handle to write end of child's stdout will cause ERROR_BROKEN_PIPE not signalled if/when the child exits. Also add a wrapper for CloseHandle() Fixes the GUI process hanging in read from child if the latter unexpectedly dies due to some error. Trac #1203 Signed-off-by: Selva Nair <selva.nair@gmail.com>
5 years ago
CloseHandleEx(&hStdOutWrite);
CloseHandleEx(&hStdOutRead);
remove support for openvpn version < 2.0
15 years ago
return retval;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
}
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Add a system-wide option to disable the password save feature - A new registry HKLM\Software\OpenVPN\disable_save_passwords (32 bit DWORD value) may be set to a non-zero value to disable password saving by users. Applies to both auth and private key passwords. Usernames are always saved. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
/* Delete saved passwords and reset the checkboxes to default */
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
void
Add a system-wide option to disable the password save feature - A new registry HKLM\Software\OpenVPN\disable_save_passwords (32 bit DWORD value) may be set to a non-zero value to disable password saving by users. Applies to both auth and private key passwords. Usernames are always saved. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
ResetSavePasswords(connection_t *c)
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
{
URL profile import: allow specifying owner window of message box This will be used later when parent window needs to be disabled when message box is displayed. Signed-off-by: Lev Stipakov <lev@openvpn.net>
3 years ago
if (ShowLocalizedMsgEx(MB_OKCANCEL, NULL, TEXT(PACKAGE_NAME), IDS_NFO_DELETE_PASS, c->config_name) == IDCANCEL)
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
return;
DeleteSavedPasswords(c->config_name);
c->flags &= ~(FLAG_SAVE_KEY_PASS | FLAG_SAVE_AUTH_PASS);
SetMenuStatus(c, c->state);
}