github
/
openvpn-gui
mirror of https://github.com/OpenVPN/openvpn-gui
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
849 Commits
3 Branches
112 Tags
18 MiB
Tag: v11.50.0.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'v11.50.0.0'
${ noResults }
openvpn-gui/options.h

276 lines
10 KiB
Raw Permalink Normal View History Unescape

import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
/*
* OpenVPN-GUI -- A Windows GUI for OpenVPN.
*
* Copyright (C) 2004 Mathias Sundman <mathias@nilings.se>
refactor option handling code
15 years ago
* 2010 Heiko Hund <heikoh@users.sf.net>
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
* 2016 Selva Nair <selva.nair@gmail.com>
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
refactor option handling code
15 years ago
#ifndef OPTIONS_H
#define OPTIONS_H
use managment interface
14 years ago
typedef struct connection connection_t;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
#include <windows.h>
use managment interface
14 years ago
#include <stdio.h>
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
#include <time.h>
Handle interactive service policy restrictions When a connection is attempted using a config in a location that would fail, offer an option to add the user to the "OpenVPN Administrators" group. This is done using shell-execute which will show a UAC prompt for elevation. If it fails (due to user chooses NO or the UAC dialog fails) the connection is not started. v2 Changes - Rebase to master - Automaticlaly add the admin group if it doesn't exist - Allow unicode strings in debug output - Use domain\username to identify user - Fix the PrintDebug macro Minor changes based on user feedback - Bring the window back to foreground after UAC prompt completion - Show a message if another connection is tried during authorization - Do not add user to ovpn_admin_group if it is same as the built-in admin group Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
#include <lmcons.h>
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
use managment interface
14 years ago
#include "manage.h"
Parse and display messages received by echo msg commands Process four new echo commands to construct messages to be displayed to the user: echo msg message-text echo msg-n message-text echo msg-window message-title echo msg-notify message-title Note: All rules of push and echo processing apply and determine what is received as echo commands by the GUI. In addition, 'url-encoded' characters (% followed by two hex digits) are decoded and displayed. The message is constructed in the GUI by concatenating the text specified in one or more "echo msg text" or "echo msg-n text" commands. In case of "echo msg text" text is appended with a new line. An empty text in this case will just add a new line. The message ends and gets displayed when one of the following are receieved: echo msg-window title echo msg-notify title where "title" becomes the title of the message window. In case of msg-window, a modeless window shows the message, in the latter case a notification balloon is shown. Example: when pushed from the server: push "echo msg I say let the world go to hell%2C" push "echo msg I must have my cup of tea." push "echo msg-window Notes from the underground" will display a modeless window with title "Notes from the underground" and a two line body -- I say let the world go to hell, I must have my cup of tea. -- Note that the message itself is not quoted in the above examples and so it relies on the server's option-parser combining individual words into a space separated string. Number of words on a line is limited by the maximum number of parameters allowed in openvpn commands (16). This limitation may be avoided by quoting the text that follows so that the option parser sees it as one parameter. The comma character is not allowed in pushed strings, so it has to be sent encoded as %2C as shown above. Such encoding of arbitrary bytes is suppored. For example, newlines may be embedded as %0A, though discouraged. Instead use multiple "echo msg" commands to separate lines by new line. An example with embedded spaces and multiple lines concatenated without a new line in between (note use of single quotes): push "echo msg-n I swear to you gentlemen%2C that to be" push "echo msg-n ' overly conscious is a sickness%2C ' " push "echo msg-n a real%2C thorough sickness." push "echo msg-notify Quote of the Day" will show up as a notification that displays for an OS-dependent interval as: -- Quote of the Day I swear to you gentlemen, that to be overly conscious is a sickness, a real, thorough sickness. -- where the location of the line break is automatically determined by the notification API and is OS version-dependent. Commands like "echo msg ..." in the config file are also processed the same way. It gets displayed when the GUI connects to the management interface and receives all pending echo. Pushed message(s) get displayed when the client daemon processes push-reply and passes on echo directives to the GUI. TODO: The actual window that displays the messages is implemented in the next commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
#include "echo.h"
Handle pkcs11-id query from daemon Add support for selecting pkcs11-id from the GUI. Requires --management-pkcs11-id in the config file. This option is not added by the GUI. A list of all available pkcs11 certificates are presented to the user with buttons OK, Cancel, Retry. OK submits the selected entry, Cancel closes the connection, Retry reconstructs the list of certificates by querying the daemon again. The latter can be used to retry after inserting a token. If no certificates are found, a message suggesting to insert a token and press 'Retry' is displayed. The list shows the "Issued-to", "Issued-by" names (usually the subject & issuer common names) and valid-until date in current locale for each certificate. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
#include "pkcs11.h"
use managment interface
14 years ago
Handle interactive service policy restrictions When a connection is attempted using a config in a location that would fail, offer an option to add the user to the "OpenVPN Administrators" group. This is done using shell-execute which will show a UAC prompt for elevation. If it fails (due to user chooses NO or the UAC dialog fails) the connection is not started. v2 Changes - Rebase to master - Automaticlaly add the admin group if it doesn't exist - Allow unicode strings in debug output - Use domain\username to identify user - Fix the PrintDebug macro Minor changes based on user feedback - Bring the window back to foreground after UAC prompt completion - Show a message if another connection is tried during authorization - Do not add user to ovpn_admin_group if it is same as the built-in admin group Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
#define MAX_NAME (UNLEN + 1)
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
/*
* Maximum number of parameters associated with an option,
* including the option name itself.
*/
Remove the limit on number of config subdirectories Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
#define MAX_PARMS 5 /* Max number of parameters per option */
refactor option handling code
15 years ago
support SOCKS 5 proxy auth notifications from mgmt
13 years ago
typedef enum {
service_noaccess = -1,
service_disconnected = 0,
service_connecting = 1,
service_connected = 2
} service_state_t;
typedef enum {
config,
windows,
manual
} proxy_source_t;
typedef enum {
http,
socks
} proxy_t;
refactor option handling code
15 years ago
/* connection states */
typedef enum {
disconnected,
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
onhold,
refactor option handling code
15 years ago
connecting,
reconnecting,
connected,
disconnecting,
suspending,
make auth popups show when returning from suspend
12 years ago
suspended,
Better error reporting when connection fails to come up - Handle early errors (openvpn exits before management connection is up) with a helpful error message that points the user to view log. - Include only readable config files in the connection list - Warn if no connection profiles found TODO: handle startup errors from interactive service
9 years ago
resuming,
Add a button for detaching from the management interface Useful for releasing the management interface if the user wants to connect to it by other means. Detached connections are set to state = detached (no disconnected) and auto_connect disabled, so that they could be handled properly during a re-attach. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
detaching,
detached,
refactor option handling code
15 years ago
} conn_state_t;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/* Interactive Service IO parameters */
typedef struct {
OVERLAPPED o; /* This has to be the first element */
HANDLE pipe;
HANDLE hEvent;
WCHAR readbuf[512];
} service_io_t;
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
#define FLAG_ALLOW_CHANGE_PASSPHRASE (1<<1)
Support pkcs11 token insertion request and pin input Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST strings need translation. TODO: support for selecting pkcs11-id from the GUI Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
#define FLAG_SAVE_KEY_PASS (1<<4)
#define FLAG_SAVE_AUTH_PASS (1<<5)
Add a system-wide option to disable the password save feature - A new registry HKLM\Software\OpenVPN\disable_save_passwords (32 bit DWORD value) may be set to a non-zero value to disable password saving by users. Applies to both auth and private key passwords. Usernames are always saved. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
#define FLAG_DISABLE_SAVE_PASS (1<<6)
Parse and display messages received by echo msg commands Process four new echo commands to construct messages to be displayed to the user: echo msg message-text echo msg-n message-text echo msg-window message-title echo msg-notify message-title Note: All rules of push and echo processing apply and determine what is received as echo commands by the GUI. In addition, 'url-encoded' characters (% followed by two hex digits) are decoded and displayed. The message is constructed in the GUI by concatenating the text specified in one or more "echo msg text" or "echo msg-n text" commands. In case of "echo msg text" text is appended with a new line. An empty text in this case will just add a new line. The message ends and gets displayed when one of the following are receieved: echo msg-window title echo msg-notify title where "title" becomes the title of the message window. In case of msg-window, a modeless window shows the message, in the latter case a notification balloon is shown. Example: when pushed from the server: push "echo msg I say let the world go to hell%2C" push "echo msg I must have my cup of tea." push "echo msg-window Notes from the underground" will display a modeless window with title "Notes from the underground" and a two line body -- I say let the world go to hell, I must have my cup of tea. -- Note that the message itself is not quoted in the above examples and so it relies on the server's option-parser combining individual words into a space separated string. Number of words on a line is limited by the maximum number of parameters allowed in openvpn commands (16). This limitation may be avoided by quoting the text that follows so that the option parser sees it as one parameter. The comma character is not allowed in pushed strings, so it has to be sent encoded as %2C as shown above. Such encoding of arbitrary bytes is suppored. For example, newlines may be embedded as %0A, though discouraged. Instead use multiple "echo msg" commands to separate lines by new line. An example with embedded spaces and multiple lines concatenated without a new line in between (note use of single quotes): push "echo msg-n I swear to you gentlemen%2C that to be" push "echo msg-n ' overly conscious is a sickness%2C ' " push "echo msg-n a real%2C thorough sickness." push "echo msg-notify Quote of the Day" will show up as a notification that displays for an OS-dependent interval as: -- Quote of the Day I swear to you gentlemen, that to be overly conscious is a sickness, a real, thorough sickness. -- where the location of the line break is automatically determined by the notification API and is OS version-dependent. Commands like "echo msg ..." in the config file are also processed the same way. It gets displayed when the GUI connects to the management interface and receives all pending echo. Pushed message(s) get displayed when the client daemon processes push-reply and passes on echo directives to the GUI. TODO: The actual window that displays the messages is implemented in the next commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
#define FLAG_DISABLE_ECHO_MSG (1<<7)
Add support for marking connections as persistent Persistent connections have openvpn.exe daemon started external to the GUI (e.g., by the automatic service). This patch adds support for attaching to the management i/f of such daemons from the GUI and control the connection. The GUI never stops or starts the openvpn.exe process in this case. Instead, connect and disconnect buttons signal the management interface of a running openvpn.exe process to start the tunnel by attaching to mgmt i/f and sending hold-release if needed or stop it and wait in management-hold state (see DisconnectDaemon()). When the GUI process exits, persistent connections are left in their current state using DetachOpenVPN(). No connections are marked as persistent as yet. That is done in a following commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
#define FLAG_DAEMON_PERSISTENT (1<<8)
Detach persistent connections on switch user This allows a new user to attach to the mgmt i/f of persistent connections which would be otherwise blocked by the previously logged in user. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
#define FLAG_WAIT_UNLOCK (1<<9)
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
Group configs based on the directory structure to support a nested view - Group all configs in a subdirectory with directory name as the label. - If any connection is active, newly found configs are added to the root group to keep the logic simple. - Directory hierarchy is scanned up to a depth of 4: i.e., config_dir and global_config_dir and its subdirectories up to 3 levels down. Only support for scanning configs and attaching group labels is added here. Rendering the nested menu is the subject of a later commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
#define CONFIG_VIEW_AUTO (0)
#define CONFIG_VIEW_FLAT (1)
#define CONFIG_VIEW_NESTED (2)
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
#define OPENVPN_ENGINE_OVPN2 (0)
#define OPENVPN_ENGINE_OVPN3 (1)
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
typedef struct {
unsigned short major, minor, build, revision;
} version_t;
Group configs based on the directory structure to support a nested view - Group all configs in a subdirectory with directory name as the label. - If any connection is active, newly found configs are added to the root group to keep the logic simple. - Directory hierarchy is scanned up to a depth of 4: i.e., config_dir and global_config_dir and its subdirectories up to 3 levels down. Only support for scanning configs and attaching group labels is added here. Rendering the nested menu is the subject of a later commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
/* A node of config groups tree that can be navigated from the end
* node (where config file is attached) to the root. The nodes are stored
* as array (o.groups[]) with each node linked to its parent.
* Not a complete tree: only navigation from child to parent is supported
* which is enough for our purposes.
*/
typedef struct config_group {
Bug fix config-group data structure As config group is reallocated when full, do not store the pointer to the parent group. Instead use the id of the group which is invariant across reallocs. Similarly in connection array store the id of the group instead of a pointer. Also - Do not call ActivateConfigGroups() -- when connections are active: in this case we want preserve config data structures during rescan. Signed-off-by: Selva Nair <selva.nair@gmail.com> fixup
6 years ago
int id; /* A unique id for the group >= 0*/
Group configs based on the directory structure to support a nested view - Group all configs in a subdirectory with directory name as the label. - If any connection is active, newly found configs are added to the root group to keep the logic simple. - Directory hierarchy is scanned up to a depth of 4: i.e., config_dir and global_config_dir and its subdirectories up to 3 levels down. Only support for scanning configs and attaching group labels is added here. Rendering the nested menu is the subject of a later commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
wchar_t name[40]; /* Name of the group -- possibly truncated */
Bug fix config-group data structure As config group is reallocated when full, do not store the pointer to the parent group. Instead use the id of the group which is invariant across reallocs. Similarly in connection array store the id of the group instead of a pointer. Also - Do not call ActivateConfigGroups() -- when connections are active: in this case we want preserve config data structures during rescan. Signed-off-by: Selva Nair <selva.nair@gmail.com> fixup
6 years ago
int parent; /* Id of parent group. -1 implies no parent */
Group configs based on the directory structure to support a nested view - Group all configs in a subdirectory with directory name as the label. - If any connection is active, newly found configs are added to the root group to keep the logic simple. - Directory hierarchy is scanned up to a depth of 4: i.e., config_dir and global_config_dir and its subdirectories up to 3 levels down. Only support for scanning configs and attaching group labels is added here. Rendering the nested menu is the subject of a later commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
BOOL active; /* Displayed in the menu if true -- used to prune empty groups */
int children; /* Number of children groups and configs */
int pos; /* Index within the parent group -- used for rendering */
HMENU menu; /* Handle to menu entry for this group */
} config_group_t;
Bug fix config-group data structure As config group is reallocated when full, do not store the pointer to the parent group. Instead use the id of the group which is invariant across reallocs. Similarly in connection array store the id of the group instead of a pointer. Also - Do not call ActivateConfigGroups() -- when connections are active: in this case we want preserve config data structures during rescan. Signed-off-by: Selva Nair <selva.nair@gmail.com> fixup
6 years ago
/* short hand for pointer to the group a config belongs to */
#define CONFIG_GROUP(c) (&o.groups[(c)->group])
#define PARENT_GROUP(cg) ((cg)->parent < 0 ? NULL : &o.groups[(cg)->parent])
Always show persistent connections under a separate sub-menu Since version 11.30, we scan config-auto folder and show them in the menu of available connection profiles. To reduce user-confusion, always group these configs under a submenu ("Persistent Connections") even when nested config menu view is not in use. ActivateConfigGroups() is now always called as Persistent and System profile groups can now go from empty to non-empty on rescan. When nested config menu view is enabled, "persistent", "system" and "user" configs are always shown in separate groups. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
#define PERSISTENT_ROOT_GROUP (&o.groups[1])
Bug fix config-group data structure As config group is reallocated when full, do not store the pointer to the parent group. Instead use the id of the group which is invariant across reallocs. Similarly in connection array store the id of the group instead of a pointer. Also - Do not call ActivateConfigGroups() -- when connections are active: in this case we want preserve config data structures during rescan. Signed-off-by: Selva Nair <selva.nair@gmail.com> fixup
6 years ago
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
/* Connections parameters */
use managment interface
14 years ago
struct connection {
refactor option handling code
15 years ago
TCHAR config_file[MAX_PATH]; /* Name of the config file */
TCHAR config_name[MAX_PATH]; /* Name of the connection */
TCHAR config_dir[MAX_PATH]; /* Path to this configs dir */
TCHAR log_path[MAX_PATH]; /* Path to Logfile */
TCHAR ip[16]; /* Assigned IP address for this connection */
Show assigned ipv6 address in balloon and tray popup Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
TCHAR ipv6[46]; /* Assigned IPv6 address */
refactor option handling code
15 years ago
BOOL auto_connect; /* AutoConnect at startup id TRUE */
conn_state_t state; /* State the connection currently is in */
use managment interface
14 years ago
int failed_psw_attempts; /* # of failed attempts entering password(s) */
Distinguish between auth and key password failures Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
int failed_auth_attempts; /* # of failed user-auth attempts */
refactor option handling code
15 years ago
time_t connected_since; /* Time when the connection was established */
support SOCKS 5 proxy auth notifications from mgmt
13 years ago
proxy_t proxy_type; /* Set during querying proxy credentials */
Bug fix config-group data structure As config group is reallocated when full, do not store the pointer to the parent group. Instead use the id of the group which is invariant across reallocs. Similarly in connection array store the id of the group instead of a pointer. Also - Do not call ActivateConfigGroups() -- when connections are active: in this case we want preserve config data structures during rescan. Signed-off-by: Selva Nair <selva.nair@gmail.com> fixup
6 years ago
int group; /* ID of the group this config belongs to */
Group configs based on the directory structure to support a nested view - Group all configs in a subdirectory with directory name as the label. - If any connection is active, newly found configs are added to the root group to keep the logic simple. - Directory hierarchy is scanned up to a depth of 4: i.e., config_dir and global_config_dir and its subdirectories up to 3 levels down. Only support for scanning configs and attaching group labels is added here. Rendering the nested menu is the subject of a later commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
int pos; /* Index of the config within its group */
refactor option handling code
15 years ago
use managment interface
14 years ago
struct {
SOCKET sk;
keep trying to connect to mgmt itf for 15 seconds
13 years ago
SOCKADDR_IN skaddr;
time_t timeout;
Increase max size of management password buffer As we now allow users to set a management password (for persistent connections), the max size of password should match what openvpn.exe can handle (128 or 4096 bytes depending on build options). Increase the buffer size to 4096 though such large passwords may not work in practice. 127 bytes + NUL, may be a safe upper limit. For the random password used for connections spawned by the GUI, the current size of 15 bytes + NUL is retained. Fixes: #567 Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
char password[4096]; /* match with largest possible passwd in openvpn.exe */
correct how data from mgmt itf is received
12 years ago
char *saved_data;
size_t saved_size;
use managment interface
14 years ago
mgmt_cmd_t *cmd_queue;
Extend management socket state Distinguish between management socket connected and ready for interaction with the server. The former can happen even if the server is connected to another client and thus non-responsive. Use manage.connected = 1 in place of true when connected and = 2 when handshake with server completed and ready for input. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
DWORD connected; /* 1: management interface connected, 2: connected and ready */
use managment interface
14 years ago
} manage;
Read errors from the service pipe and handle fatal ones Asynchronously read Input on the service pipe which are mostly errors reported by the service. Display the errors on the status log window and to the log file if its not opened by openvpn. If/when openvpn fails to start or exits with error, close the connection without waiting for management socket timeout. v2: - rebase to master - fix a bug in setting manage.connected state - ensure management socket is closed and resources freed before thread exit Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
HANDLE hProcess; /* Handle of openvpn process if directly started */
service_io_t iserv;
use managment interface
14 years ago
HANDLE exit_event;
DWORD threadId;
refactor option handling code
15 years ago
HWND hwndStatus;
Save username and optionally passwords - Username and, optionally, password as well as the private key passphrase are saved in config-specific registry keys - All saved data are kept encrypted using DPAPI - The passphrase dialog is skipped if a valid saved private key password is available. However, the user-auth dialog is always presented, prefilled with the saved username and password. Note: A text string "Save password" is added to three dialogs in all language resource files. Additional text with ids IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the STRINGTABLE only in the English language resource file. All these need translations. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
int flags;
Handle dynamic challenge/response - Add a base64 decode function using Windows CyptoAPI - Move multibyte to widechar conversions to a function - Add config name to caption of password dialogs to help user identify the request - Add new dialog template for generic password/PIN requests and use it to handle dynamic challenge Note 1: if dynamic challenge response verification fails, an auth-failed message is returned by the server causing the GUI to clear any saved password even if the user-auth dialog itself succeeeded. Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language files may require translation. Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
char *dynamic_cr; /* Pointer to buffer for dynamic challenge string received */
Subscribe to bytecount message from management interface Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
unsigned long long int bytes_in;
unsigned long long int bytes_out;
Support for 'setenv name var' using echo - Implement connection specific env variables. These are merged with the process environment strings and passed to scripts. - To set an env variable, use 'echo setenv name value' in the config or push from the server. This will set "OPENVPN_name=value" in the connections's env set. Note that "name" is mangled as "OPENVPN_name" to avoid servers overwriting sensitive variables such as PATH. Names are set in the order received and same name overwrites any previously set value. - Environment variable names are allowed to contain only alpha numeric characters and underscore as in openvpn.exe. But, unlike openvpn.exe, invalid names are ignored, not sanitized. v2 changes (Dec 16, 2017): - If value is missing, the directive is interpreted as a delete command and the env var with matching name in the connection's env set is removed. - Windows needs env block to be ordered: While merging connection specific env vars with process env block, order the entries 'alphabetically' (locale independent, case insensitive unicode ordinal order). In case of duplicates, the value in connection env set replaces the one in process env. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
struct env_item *es; /* Pointer to the head of config-specific env variables list */
Parse and display messages received by echo msg commands Process four new echo commands to construct messages to be displayed to the user: echo msg message-text echo msg-n message-text echo msg-window message-title echo msg-notify message-title Note: All rules of push and echo processing apply and determine what is received as echo commands by the GUI. In addition, 'url-encoded' characters (% followed by two hex digits) are decoded and displayed. The message is constructed in the GUI by concatenating the text specified in one or more "echo msg text" or "echo msg-n text" commands. In case of "echo msg text" text is appended with a new line. An empty text in this case will just add a new line. The message ends and gets displayed when one of the following are receieved: echo msg-window title echo msg-notify title where "title" becomes the title of the message window. In case of msg-window, a modeless window shows the message, in the latter case a notification balloon is shown. Example: when pushed from the server: push "echo msg I say let the world go to hell%2C" push "echo msg I must have my cup of tea." push "echo msg-window Notes from the underground" will display a modeless window with title "Notes from the underground" and a two line body -- I say let the world go to hell, I must have my cup of tea. -- Note that the message itself is not quoted in the above examples and so it relies on the server's option-parser combining individual words into a space separated string. Number of words on a line is limited by the maximum number of parameters allowed in openvpn commands (16). This limitation may be avoided by quoting the text that follows so that the option parser sees it as one parameter. The comma character is not allowed in pushed strings, so it has to be sent encoded as %2C as shown above. Such encoding of arbitrary bytes is suppored. For example, newlines may be embedded as %0A, though discouraged. Instead use multiple "echo msg" commands to separate lines by new line. An example with embedded spaces and multiple lines concatenated without a new line in between (note use of single quotes): push "echo msg-n I swear to you gentlemen%2C that to be" push "echo msg-n ' overly conscious is a sickness%2C ' " push "echo msg-n a real%2C thorough sickness." push "echo msg-notify Quote of the Day" will show up as a notification that displays for an OS-dependent interval as: -- Quote of the Day I swear to you gentlemen, that to be overly conscious is a sickness, a real, thorough sickness. -- where the location of the line break is automatically determined by the notification API and is OS version-dependent. Commands like "echo msg ..." in the config file are also processed the same way. It gets displayed when the GUI connects to the management interface and receives all pending echo. Pushed message(s) get displayed when the client daemon processes push-reply and passes on echo directives to the GUI. TODO: The actual window that displays the messages is implemented in the next commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
struct echo_msg echo_msg; /* Message echo-ed from server or client config and related data */
Handle pkcs11-id query from daemon Add support for selecting pkcs11-id from the GUI. Requires --management-pkcs11-id in the config file. This option is not added by the GUI. A list of all available pkcs11 certificates are presented to the user with buttons OK, Cancel, Retry. OK submits the selected entry, Cancel closes the connection, Retry reconstructs the list of certificates by querying the daemon again. The latter can be used to retry after inserting a token. If no certificates are found, a message suggesting to insert a token and press 'Retry' is displayed. The list shows the "Issued-to", "Issued-by" names (usually the subject & issuer common names) and valid-until date in current locale for each certificate. Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
struct pkcs11_list pkcs11_list;
Store daemon_state in connection struct Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
char daemon_state[20]; /* state of openvpn.ex: WAIT, AUTH, GET_CONFIG etc.. */
Use a list instead of array for connections list Currently we use an array of connection pointers which needs to be reallocated when space runs out. But, that happens from the main thread while the status thread may be referring to those pointers. Its very hard to fence against possible invalid memory access. Instead, use a list so that connection pointer never changes once created. The connection list is no longer recreated from scratch even when no connections are active. This means configs added while GUI is running will always appear at the bottom of the root group listing until the GUI is restarted. TODO: This behaviour could be improved by scanning through the groups to graft new configs at the right branch in the config-group tree. v2: removed unused references to SetMenuStatusById() Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
int id; /* index of config -- treat as immutable once assigned */
connection_t *next;
use managment interface
14 years ago
};
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
/* All options used within OpenVPN GUI */
refactor option handling code
15 years ago
typedef struct {
/* Array of configs to autostart */
Eliminate MAX_CONFIGS limit using a dynamic array The number of configs is now unlimited. But there is a limit of 2^16 menu items which permits only about 2^12 configs to be displayed in the menu. A warning is shown if the number of configs exceeds this value. For a responsive menu keep the number of configs under ~1000. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
const TCHAR **auto_connect;
refactor option handling code
15 years ago
/* Connection parameters */
Use a list instead of array for connections list Currently we use an array of connection pointers which needs to be reallocated when space runs out. But, that happens from the main thread while the status thread may be referring to those pointers. Its very hard to fence against possible invalid memory access. Instead, use a list so that connection pointer never changes once created. The connection list is no longer recreated from scratch even when no connections are active. This means configs added while GUI is running will always appear at the bottom of the root group listing until the GUI is restarted. TODO: This behaviour could be improved by scanning through the groups to graft new configs at the right branch in the config-group tree. v2: removed unused references to SetMenuStatusById() Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
connection_t *chead; /* Head of connection list */
connection_t *ctail; /* Tail of connection list */
Group configs based on the directory structure to support a nested view - Group all configs in a subdirectory with directory name as the label. - If any connection is active, newly found configs are added to the root group to keep the logic simple. - Directory hierarchy is scanned up to a depth of 4: i.e., config_dir and global_config_dir and its subdirectories up to 3 levels down. Only support for scanning configs and attaching group labels is added here. Rendering the nested menu is the subject of a later commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
config_group_t *groups; /* Array of nodes defining the config groups tree */
refactor option handling code
15 years ago
int num_configs; /* Number of configs */
Eliminate MAX_CONFIGS limit using a dynamic array The number of configs is now unlimited. But there is a limit of 2^16 menu items which permits only about 2^12 configs to be displayed in the menu. A warning is shown if the number of configs exceeds this value. For a responsive menu keep the number of configs under ~1000. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
int num_auto_connect; /* Number of auto-connect configs */
Group configs based on the directory structure to support a nested view - Group all configs in a subdirectory with directory name as the label. - If any connection is active, newly found configs are added to the root group to keep the logic simple. - Directory hierarchy is scanned up to a depth of 4: i.e., config_dir and global_config_dir and its subdirectories up to 3 levels down. Only support for scanning configs and attaching group labels is added here. Rendering the nested menu is the subject of a later commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
int num_groups; /* Number of config groups */
Eliminate MAX_CONFIGS limit using a dynamic array The number of configs is now unlimited. But there is a limit of 2^16 menu items which permits only about 2^12 configs to be displayed in the menu. A warning is shown if the number of configs exceeds this value. For a responsive menu keep the number of configs under ~1000. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
int max_configs; /* Current capacity of conn array */
int max_auto_connect; /* Current capacity of auto_connect array */
Group configs based on the directory structure to support a nested view - Group all configs in a subdirectory with directory name as the label. - If any connection is active, newly found configs are added to the root group to keep the logic simple. - Directory hierarchy is scanned up to a depth of 4: i.e., config_dir and global_config_dir and its subdirectories up to 3 levels down. Only support for scanning configs and attaching group labels is added here. Rendering the nested menu is the subject of a later commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
int max_groups; /* Current capacity of groups array */
refactor option handling code
15 years ago
service_state_t service_state; /* State of the OpenVPN Service */
/* Proxy Settings */
proxy_source_t proxy_source; /* Where to get proxy information from */
proxy_t proxy_type; /* The type of proxy to use */
TCHAR proxy_http_address[100]; /* HTTP Proxy Address */
TCHAR proxy_http_port[6]; /* HTTP Proxy Port */
TCHAR proxy_socks_address[100]; /* SOCKS Proxy Address */
TCHAR proxy_socks_port[6]; /* SOCKS Proxy Address */
Simplify some parameters and registry keys - Replace allow_password by a runtime check that enables password change menu only when the user has write-access to the key file. - Read exe_path and priority from HKLM and do not duplicate in HKCU. - Always allow the user to view the config: edit will succeed if user has write access. - Always include the proxy settings tab which is the default. - Remove the unused power event handling and disconnect_on_suspend key. - Remove password_attempts -- user can stop the password dilaog by clicking cancel. - Remove allow_service: implicitly enabled if service_only is used. - Deprecate removed options in cmd-line parser - Update README.rst - Close config file before exit in GetKeyFileName - Close thread and dialog handles in passphrase.c Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/* HKLM Registry values */
refactor option handling code
15 years ago
TCHAR exe_path[MAX_PATH];
Update OpenSSL initialization - Set env variables such as OPENSSL_CONF and OPENSSL_MODULES - Replace deprecated initialization (since OpenSSL 1.1.0) by OpenSSL_init_crypto() Signed-off-by: Selva Nair <selva.nair@gmail.com>
3 years ago
TCHAR install_path[MAX_PATH];
Support user and global config directories - Set default config directory (config_dir) to %UserProfile%\OpenVPN\config (saved and read back from HKCU\Software\OpenVPN-GUI\config_dir) - Add a global_config_dir variable read from HKLM\Software\OpenVPN\config_dir or set to OpenVPN-install-path\config - Scan both directories and their sub directories for connection profiles. In case of name conflicts config_dir gets priority over global_config_dir - Eliminate multiple warnings of duplicate configs Fixed on review (Thanks to leobasilio@gmail.com) - Fix wrongly used o.config_dir in 2 locations - Unrelated: Added missing CheckIServiceStatus to service.h Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
TCHAR global_config_dir[MAX_PATH];
Parse config-auto directory for persistent connections - Parse the config-auto folder used by automatic service and mark these profiles as persistent. - These connections are marked as auto_connect to try attaching to them at start up with periodic retry in case the daemon or service are restarted. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
TCHAR config_auto_dir[MAX_PATH];
TCHAR global_log_dir[MAX_PATH];
Simplify some parameters and registry keys - Replace allow_password by a runtime check that enables password change menu only when the user has write-access to the key file. - Read exe_path and priority from HKLM and do not duplicate in HKCU. - Always allow the user to view the config: edit will succeed if user has write access. - Always include the proxy settings tab which is the default. - Remove the unused power event handling and disconnect_on_suspend key. - Remove password_attempts -- user can stop the password dilaog by clicking cancel. - Remove allow_service: implicitly enabled if service_only is used. - Deprecate removed options in cmd-line parser - Update README.rst - Close config file before exit in GetKeyFileName - Close thread and dialog handles in passphrase.c Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
TCHAR priority_string[64];
TCHAR ovpn_admin_group[MAX_NAME];
Add a system-wide option to disable the password save feature - A new registry HKLM\Software\OpenVPN\disable_save_passwords (32 bit DWORD value) may be set to a non-zero value to disable password saving by users. Applies to both auth and private key passwords. Usernames are always saved. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
DWORD disable_save_passwords;
Simplify some parameters and registry keys - Replace allow_password by a runtime check that enables password change menu only when the user has write-access to the key file. - Read exe_path and priority from HKLM and do not duplicate in HKCU. - Always allow the user to view the config: edit will succeed if user has write access. - Always include the proxy settings tab which is the default. - Remove the unused power event handling and disconnect_on_suspend key. - Remove password_attempts -- user can stop the password dilaog by clicking cancel. - Remove allow_service: implicitly enabled if service_only is used. - Deprecate removed options in cmd-line parser - Update README.rst - Close config file before exit in GetKeyFileName - Close thread and dialog handles in passphrase.c Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
/* HKCU registry values */
TCHAR config_dir[MAX_PATH];
refactor option handling code
15 years ago
TCHAR ext_string[16];
TCHAR log_dir[MAX_PATH];
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
DWORD log_append;
refactor option handling code
15 years ago
TCHAR log_viewer[MAX_PATH];
TCHAR editor[MAX_PATH];
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
DWORD silent_connection;
Introduce "Always use interactive service" option We didn't use interactive service when gui was running under admin because of some privilege escalation vulnerability in Vista. Apparently this issue doesn't exist on Win7 and newer versions so it is safe to use iservice on those systems. Introduce "Always use interactive service" option, which is "on" by default. This should enable users, who by various reasons run gui as admin, use Wintun. When gui is running as admin and interactive service cannot be started or not installed, warn that wintun will not work. Signed-off-by: Lev Stipakov <lev@openvpn.net>
4 years ago
DWORD iservice_admin;
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
DWORD show_balloon;
DWORD show_script_window;
DWORD connectscript_timeout; /* Connect Script execution timeout (sec) */
DWORD disconnectscript_timeout; /* Disconnect Script execution timeout (sec) */
DWORD preconnectscript_timeout; /* Preconnect Script execution timeout (sec) */
Group configs based on the directory structure to support a nested view - Group all configs in a subdirectory with directory name as the label. - If any connection is active, newly found configs are added to the root group to keep the logic simple. - Directory hierarchy is scanned up to a depth of 4: i.e., config_dir and global_config_dir and its subdirectories up to 3 levels down. Only support for scanning configs and attaching group labels is added here. Rendering the nested menu is the subject of a later commit. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
DWORD config_menu_view; /* 0 for auto, 1 for original flat menu, 2 for hierarchical */
Mute echo message if repeated or disabled - Suppress messages with exactly same content as previously displayed within popup_mute_interval (24h by default). This parameter may be set on command line as "--popup_mute_interval n" where n is in hours. - Command line option '--disable_popup_messages' disables all echo message popups (window and notification). This patch only handles suppression of repeated messages during reconnections. TODO: Persist message history in the registry and use it to mute repeated messages after disconnects and across restarts of the GUI. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
DWORD disable_popup_messages; /* set nonzero to suppress all echo msg messages */
DWORD popup_mute_interval; /* Interval in hours to suppress repeated echo messages */
Make 'management port offset' and 'menu view' user-configurable - Add an option in the advanced settings menu for the management port offset. Allows any value in the range 1 to 61000 which with upto ~4000 added as connection id keeps it in range. Default is the currently hard coded value of 25340. As Windows has no concept of privileged ports and the ephemeral range used varies from version to version, no attempt is made to avoid conflicts with ports in use. - Add an option to choose the config menu view from the advanced settings with three options: Auto: Automatically switch to the nested view when number of configs exceed a limit (currently 25) Flat: Force the flat view irrespective of the number of configs Nested: Force the nested view irrespective of the number of configs Issues: 370 and 387 Signed-off-by: Selva Nair <selva.nair@gmail.com>
4 years ago
DWORD mgmt_port_offset; /* management interface port = this offset + index of connection profile */
refactor option handling code
15 years ago
Support for OpenVPN 3 This adds optional support for using OpenVPN3 client as an alternative to openvpn2. Just replacing one client with another will not work: - OpenVPN3 doesn't use interactive service, it uses "agent" service with completely different protocol. OpenVPN GUI needs to talk to agent using HTTP and JSON. - OpenVPN3 management interface realtime notifications must be explicitly turned on in order for GUI to work. To enable using openvpn3: - use any of *-ovpn3 presets (cmake build system) - ./configure --enable-ovpn3 (mingw) To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine" radiobutton group in Settings -> Advanced dialog. OnReady() implementation was slighly changed - "log all on" replaced with "log on all" - according to management interface documentation this is the right way to do it, and also OpenVPN3 only supports "on all" order. Management interface - enabled OpenVPN3 client (omiclient.exe) and agent (ovpnagent.exe) are now part of openvpn3 repo. Co-authored-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Christopher Ng <facboy@gmail.com> Signed-off-by: Lev Stipakov <lev@openvpn.net>
5 years ago
DWORD ovpn_engine; /* 0 - openvpn2, 1 - openvpn3 */
Option to disable attaching to persistent connections Three options are provided to control scanning of persistent (pre-satrted) connections in config-auto folder, and how they are attached to. Auto: Scan and list persistent connections and attach to their management i/f automatically at startup, and periodically retry on failure to attach. Manual: Scan and list as above, but do not attach automatically. User can attach to such connections by manually clicking connect. Never: Do not scan config-auto folder. Default is "Auto" Change of this setting in the settings menu will take full effect only if none of the connections are in connecting/connected/detached state so that the connection list can be updated. Otherwise restart the GUI. TODO: Copying the settings dialog changes to all languages Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
DWORD enable_persistent; /* 0 - disabled, 1 - enabled, 2 - enabled & auto attach */
Save active connections on exit and auto-start in next session New feature: any connection that is not disconnected on exit will auto-connect when the GUi is started the next time. There is no option to toggle auto-connect of any profile. Instead, just connect normally and leave the connection open while closing the GUI directly or indirectly (on logout, for example). Such a connection will auto-connect when the GUI is started the next time. If auto-connect is not desired for a particular connection, stop it before exit. Or, the whole feature may be disabled in the setings menu (implemented in next commit). Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
DWORD enable_auto_restart; /* 0 - disabled, >0 enabled */
Password-reveal: Respect group policy setting, if any - The policy setting is checked when GUI is started. Any change in policy will be effective only after restarting the GUI. Signed-off-by: Selva Nair <selva.nair@gmail.com>
2 years ago
DWORD disable_password_reveal; /* read from group policy */
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
#ifdef DEBUG
refactor option handling code
15 years ago
FILE *debug_fp;
import of openvpn-gui-1.0.3.zip git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
16 years ago
#endif
refactor option handling code
15 years ago
HWND hWnd;
HINSTANCE hInstance;
make auth popups show when returning from suspend
12 years ago
BOOL session_locked;
Handle interactive service policy restrictions When a connection is attempted using a config in a location that would fail, offer an option to add the user to the "OpenVPN Administrators" group. This is done using shell-execute which will show a UAC prompt for elevation. If it fails (due to user chooses NO or the UAC dialog fails) the connection is not started. v2 Changes - Rebase to master - Automaticlaly add the admin group if it doesn't exist - Allow unicode strings in debug output - Use domain\username to identify user - Fix the PrintDebug macro Minor changes based on user feedback - Bring the window back to foreground after UAC prompt completion - Show a message if another connection is tried during authorization - Do not add user to ovpn_admin_group if it is same as the built-in admin group Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
HANDLE netcmd_semaphore;
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
version_t version;
Check for interactive service only if OpenVPN version is >= 2.4 This makes it less confusing to run GUI v11 with OpenVPN 2.3.x Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
char ovpn_version[16]; /* OpenVPN version string: 2.3.12, 2.4_alpha2 etc.. */
Make the program DPI aware - Set dpi-awareness to true in the manifest (i.e., "system-dpi aware") - Check system dpi and scale and/or position widgets and windows that depend on the system dpi (only components within the status window are affected). Note: Declaring dpi awareness eliminates automatic rescaling of windows that causes blurred text on high dpi monitors. Windows 8.1 and later allow per monitor dpi setting which is not handled here.
8 years ago
unsigned int dpi_scale;
Add a warning message when authentication is retried due to wrong credentials - "Wrong username or password" message shown in the auth userpass dialog after an auth failure - "Wrong password" message shown in the private key password dialog after a password failure. These message texts are colored red by default (TODO: make the color customizable) Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
COLORREF clr_warning;
COLORREF clr_error;
Support sending commands to running instance - New option --command <action> <params> to send commands to a running instance of openvpn-gui.exe Supported actions are connect, disconnect, reconnect each of which takes the name of the config (with or without the extension .ovpn) as a parameter; disconnect_all, exit which take no parameter and silent_connection which takes an optional parameter = 0 or 1 (1 is the default) Examples: with the gui running, start a new instance as openvpn-gui.exe --command disconnect myvpn : ask running instance to disconnect myvpn if connected openvpn-gui.exe --command status myvpn : ask running instance to show the status window for myvpn if available openvpn-gui.exe --command disconnect_all : ask running instance to disconnect all active connections - The second instance exits after issuing a SendMessage to the already running instance. If no action is specified, the running instance is notified to show a balloon to alert the user - These messages may also be sent from scripts as COPYDATA messages with the wData element specifying the action to execute and lpData a pointer to the parameter. The dwData param must be one of WM_OVPN_xxx with xxx = START, STOP, RESTART, STOPALL, EXIT or SILENT. See main.h for their values. v2: Bug fixes based on test reports from larson0815 here: https://github.com/selvanair/openvpn-gui/issues/5 and cron410 here: https://github.com/OpenVPN/openvpn-gui/issues/104 Signed-off-by: Selva Nair <selva.nair@gmail.com>
9 years ago
int action; /* action to send to a running instance */
TCHAR *action_arg;
Fix detection of running instance When openvpn is run with --help option it pops up a help message and exits when that window is closed. Such instances cannot accept any commands and should not be treated as a running instance. Fix by (i) When run with --help, promptly release the semaphore used to restrict to a single running instance. (ii) Wait for a short interval (200 msec) before timing out of locking the semaphore. This helps avoid race conditions. While at it also make sure the semaphore is released and closed on exit. Fixes issue: #237 Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
HANDLE session_semaphore;
Log --command option errors to the event log This supplements the non-zero exit-code. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
HANDLE event_log;
refactor option handling code
15 years ago
} options_t;
void InitOptions(options_t *);
Reformat source code with uncrustify Closes: #445 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
1 year ago
refactor option handling code
15 years ago
void ProcessCommandLine(options_t *, TCHAR *);
Reformat source code with uncrustify Closes: #445 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
1 year ago
refactor option handling code
15 years ago
int CountConnState(conn_state_t);
Reformat source code with uncrustify Closes: #445 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
1 year ago
connection_t *GetConnByManagement(SOCKET);
connection_t *GetConnByName(const WCHAR *config_name);
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
INT_PTR CALLBACK ScriptSettingsDlgProc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
Reformat source code with uncrustify Closes: #445 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
1 year ago
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
INT_PTR CALLBACK ConnectionSettingsDlgProc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
Reformat source code with uncrustify Closes: #445 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
1 year ago
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
INT_PTR CALLBACK AdvancedSettingsDlgProc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
Reformat source code with uncrustify Closes: #445 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
1 year ago
Add a system-wide option to disable the password save feature - A new registry HKLM\Software\OpenVPN\disable_save_passwords (32 bit DWORD value) may be set to a non-zero value to disable password saving by users. Applies to both auth and private key passwords. Usernames are always saved. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
void DisableSavePasswords(connection_t *);
Reformat source code with uncrustify Closes: #445 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
1 year ago
Mute echo message if repeated or disabled - Suppress messages with exactly same content as previously displayed within popup_mute_interval (24h by default). This parameter may be set on command line as "--popup_mute_interval n" where n is in hours. - Command line option '--disable_popup_messages' disables all echo message popups (window and notification). This patch only handles suppression of repeated messages during reconnections. TODO: Persist message history in the registry and use it to mute repeated messages after disconnects and across restarts of the GUI. Signed-off-by: Selva Nair <selva.nair@gmail.com>
7 years ago
void DisablePopupMessages(connection_t *);
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
void ExpandOptions(void);
Reformat source code with uncrustify Closes: #445 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
1 year ago
Make options saved in registry editable by user Option ediitng dialogs are in two tabs: General and Advanced. Proxy related options are left in the proxy tab. Options config_dir, config_ext, log_dir, script timeouts and service-only flag are in the Advanced tab. All other more commonly used flags and options are in the General tab. - As options are editable, save values in registry only when they differ from the default values. This leaves the registry clean and makes changing options and their defaults during updates easier. - Entries for config_dir and log_dir must be absolute paths. Environemental variables such as %PROFILEDIR% may be used to construct these. - Empty config_dir, config_ext and log_dir entries are silently ignored (i.e., the current values are left unchanged). - Store all numeric and boolean parameters in registry as DWORD instead of strings. - On startup, the default parameters are loaded, then the registry is read and finally command-line parameters parsedi. - Out of range script timeout values in registry truncated with a warning instead of fatal error. This allows the user to access the settings dialog and make corrections. - Save proxy and language settings under the same HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings. - Save the current version of the GUI in regsitry so that updates can be detected and any needed registry cleanup done. - If no version info is present in the registry any values in OpenVPN-GUI key in HKCU are deleted for a clean start as this is the first version to save registry values in HKCU. Language and proxy data if present under Nilings is migrated. Note: new controls in the General tab and newly added Advanced tab dialog are copied to all language files from the English version. These need to be translated. Signed-off-by: Selva Nair <selva.nair@gmail.com>
8 years ago
int CompareStringExpanded(const WCHAR *str1, const WCHAR *str2);
Reformat source code with uncrustify Closes: #445 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
1 year ago
#endif /* ifndef OPTIONS_H */