github
/
openvpn-gui
mirror of https://github.com/OpenVPN/openvpn-gui
1
0
Fork 0
Code Issues Releases Wiki Activity

Simplify some parameters and registry keys 

- Replace allow_password by a runtime check that enables password
  change menu only when the user has write-access to the key file.
- Read exe_path and priority from HKLM and do not duplicate in HKCU.
- Always allow the user to view the config: edit will succeed if user
  has write access.
- Always include the proxy settings tab which is the default.
- Remove the unused power event handling and disconnect_on_suspend key.
- Remove password_attempts -- user can stop the password dilaog
  by clicking cancel.
- Remove allow_service: implicitly enabled if service_only is used.
- Deprecate removed options in cmd-line parser
- Update README.rst
- Close config file before exit in GetKeyFileName
- Close thread and dialog handles in passphrase.c

Signed-off-by: Selva Nair <selva.nair@gmail.com>
pull/62/head
Selva Nair 2016-07-06 13:38:27 -04:00
parent 449944cef0
commit 1c748e382d
13 changed files with 161 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
README.rst
View File

@ -59,8 +59,9 @@ There are three ways to do this:
Using OpenVPN GUI Using OpenVPN GUI
################# #################
When OpenVPN GUI is started your OpenVPN config folder When OpenVPN GUI is started your OpenVPN config folders
(*C:\\Program Files\\OpenVPN\\config*) will be scanned for .ovpn files and the (*C:\\Users\\username\\OpenVPN\\config* and
*C:\\Program Files\\OpenVPN\\config*) will be scanned for .ovpn files and the
OpenVPN GUI icon will appear in the system tray. Each OpenVPN configuration OpenVPN GUI icon will appear in the system tray. Each OpenVPN configuration
file shows up as a separate menu item in the OpenVPN GUI tray, allowing you to file shows up as a separate menu item in the OpenVPN GUI tray, allowing you to
selectively connect to and disconnect to your VPNs. The config dir will be selectively connect to and disconnect to your VPNs. The config dir will be
@ -124,15 +125,41 @@ Disconnect If a file named "xxx_down.bat" exist in the config folder
Registry Values affecting the OpenVPN GUI operation Registry Values affecting the OpenVPN GUI operation
*************************************************** ***************************************************
All OpenVPN GUI registry values are located below the Parameters taken from the global registry values in
*HKEY_LOCAL_MACHINE\\SOFTWARE\\OpenVPN-GUI\\* key *HKEY_LOCAL_MACHINE\\SOFTWARE\\OpenVPN\\* key
The follow keys are used to control the OpenVPN GUI
config_dir config_dir
the system-wide configuration file directory, defaults to The global configuration file directory. Defaults to
*C:\\Program Files\\OpenVPN\\config*; the user-specific configuration file *C:\\Program Files\\OpenVPN\\config*
directory is hardcoded to *C:\\Users\\username\\OpenVPN\\config**.
exe_path
path to openvpn.exe, defaults to *C:\\Program Files\\OpenVPN\\bin\\openvpn.exe*
priority
the windows priority class for each instantiated OpenVPN process,
can be one of:
* IDLE_PRIORITY_CLASS
* BELOW_NORMAL_PRIORITY_CLASS
* NORMAL_PRIORITY_CLASS (default)
* ABOVE_NORMAL_PRIORITY_CLASS
* HIGH_PRIORITY_CLASS
ovpn_admin_group
The windows group whose membership allows the user to start any configuration file
in their profile (not just those installed by the administrator in the global
config directory). Default: "OpenVPN Administrators".
All other OpenVPN GUI registry values are located below the
*HKEY_CURRENT_USER\\SOFTWARE\\OpenVPN-GUI\\* key
The following keys are used to control the OpenVPN GUI
config_dir
The user-specific configuration file directory: defaults to
*C:\\Users\\username\\OpenVPN\\config*.
The GUI parses this directory for configuration files before
parsing the global config_dir.
config_ext config_ext
file extension on configuration files, defaults to *ovpn* file extension on configuration files, defaults to *ovpn*
@ -149,38 +176,13 @@ preconnectscript_timeout
Time in seconds to wait for the preconnect script to finish. Must be a Time in seconds to wait for the preconnect script to finish. Must be a
value between 1-99. value between 1-99.
exe_path
path to openvpn.exe, defaults to *C:\\Program Files\\OpenVPN\\bin\\openvpn.exe*
log_dir log_dir
log file directory, defaults to *C:\\Program Files\\OpenVPN\\log* log file directory, defaults to *C:\\Users\\username\\OpenVPN\\log*
log_append log_append
if set to "0", the log file will be truncated every time you start a if set to "0", the log file will be truncated every time you start a
connection. If set to "1", the log will be appended to the log file. connection. If set to "1", the log will be appended to the log file.
priority
the windows priority class for each instantiated OpenVPN process,
can be one of:
* IDLE_PRIORITY_CLASS
* BELOW_NORMAL_PRIORITY_CLASS
* NORMAL_PRIORITY_CLASS (default)
* ABOVE_NORMAL_PRIORITY_CLASS
* HIGH_PRIORITY_CLASS
allow_edit
If set to "1", the Edit config menu will be showed.
allow_password
If set to "1", the Change Password menu will be showed.
allow_proxy
If set to "1", the Proxy Settings menu will be showed.
allow_service
If set to "1", the Service control menu will be showed.
silent_connection silent_connection
If set to "1", the status window with the OpenVPN log output will If set to "1", the status window with the OpenVPN log output will
not be showed while connecting. not be showed while connecting.
@ -197,18 +199,7 @@ show_balloon
2: Show balloon even after re-connects 2: Show balloon even after re-connects
log_viewer All of these registry options are also available as cmd-line options.
The program used to view your log files, defaults to
*C:\\Windows\\System32\\notepad.exe*
editor
The program used to edit your config files, defaults to
*C:\\Windows\\System32\\notepad.exe*
passphrase_attempts
Number of attempts to enter the passphrase to allow.
All these registry options is also available as cmd-line options.
Use "openvpn-gui --help" for more info about cmd-line options. Use "openvpn-gui --help" for more info about cmd-line options.
Building OpenVPN GUI from source Building OpenVPN GUI from source

30
main.c
View File

@ -307,7 +307,6 @@ ResumeConnections()
LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam) LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{ {
static UINT s_uTaskbarRestart; static UINT s_uTaskbarRestart;
int i;
switch (message) { switch (message) {
case WM_CREATE: case WM_CREATE:
@ -328,7 +327,7 @@ LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM
CreatePopupMenus(); /* Create popup menus */ CreatePopupMenus(); /* Create popup menus */
ShowTrayIcon(); ShowTrayIcon();
if (o.allow_service[0]=='1' || o.service_only[0]=='1') if (o.service_only[0]=='1')
CheckServiceStatus(); // Check if service is running or not CheckServiceStatus(); // Check if service is running or not
if (!AutoStartConnections()) { if (!AutoStartConnections()) {
SendMessage(hwnd, WM_CLOSE, 0, 0); SendMessage(hwnd, WM_CLOSE, 0, 0);
@ -414,31 +413,6 @@ LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM
} }
break; break;
case WM_POWERBROADCAST:
switch (wParam) {
case PBT_APMSUSPEND:
if (o.disconnect_on_suspend[0] == '1')
{
/* Suspend running connections */
for (i=0; i<o.num_configs; i++)
{
if (o.conn[i].state == connected)
SuspendOpenVPN(i);
}
/* Wait for all connections to suspend */
for (i=0; i<10; i++, Sleep(500))
if (CountConnState(suspending) == 0) break;
}
return FALSE;
case PBT_APMRESUMESUSPEND:
case PBT_APMRESUMECRITICAL:
if (CountConnState(suspended) != 0 && !o.session_locked)
ResumeConnections();
return FALSE;
}
default: /* for messages that we don't deal with */ default: /* for messages that we don't deal with */
if (message == s_uTaskbarRestart) if (message == s_uTaskbarRestart)
{ {
@ -474,7 +448,7 @@ ShowSettingsDialog()
int page_number = 0; int page_number = 0;
/* Proxy tab */ /* Proxy tab */
if (o.allow_proxy[0] == '1' && o.service_only[0] == '0') { if (o.service_only[0] == '0') {
psp[page_number].dwSize = sizeof(PROPSHEETPAGE); psp[page_number].dwSize = sizeof(PROPSHEETPAGE);
psp[page_number].dwFlags = PSP_DLGINDIRECT; psp[page_number].dwFlags = PSP_DLGINDIRECT;
psp[page_number].hInstance = o.hInstance; psp[page_number].hInstance = o.hInstance;

18
misc.c
View File

@ -366,3 +366,21 @@ InitSemaphore (void)
} }
return semaphore; return semaphore;
} }
/* Check access rights on an existing file */
BOOL
CheckFileAccess (const TCHAR *path, int access)
{
HANDLE h;
bool ret = FALSE;
h = CreateFile (path, access, FILE_SHARE_READ, NULL, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, NULL);
if ( h != INVALID_HANDLE_VALUE )
{
ret = TRUE;
CloseHandle (h);
}
return ret;
}

1
misc.h
View File

@ -34,5 +34,6 @@ BOOL ForceForegroundWindow(HWND);
BOOL IsUserAdmin(VOID); BOOL IsUserAdmin(VOID);
HANDLE InitSemaphore (void); HANDLE InitSemaphore (void);
BOOL CheckFileAccess (const TCHAR *path, int access);
#endif #endif

2
openvpn.c
View File

@ -199,8 +199,6 @@ OnStateChange(connection_t *c, char *data)
|| strcmp(message, "private-key-password-failure") == 0) || strcmp(message, "private-key-password-failure") == 0)
c->failed_psw_attempts++; c->failed_psw_attempts++;
if (c->failed_psw_attempts >= o.psw_attempts - 1)
ManagementCommand(c, "auth-retry none", NULL, regular);
if (strcmp(message, "auth-failure") == 0 && (c->flags & FLAG_SAVE_AUTH_PASS)) if (strcmp(message, "auth-failure") == 0 && (c->flags & FLAG_SAVE_AUTH_PASS))
SaveAuthPass(c->config_name, L""); SaveAuthPass(c->config_name, L"");
else if (strcmp(message, "private-key-password-failure") == 0 && (c->flags & FLAG_SAVE_KEY_PASS)) else if (strcmp(message, "private-key-password-failure") == 0 && (c->flags & FLAG_SAVE_KEY_PASS))

17
openvpn_config.c
View File

@ -31,6 +31,8 @@
#include "options.h" #include "options.h"
#include "localization.h" #include "localization.h"
#include "save_pass.h" #include "save_pass.h"
#include "misc.h"
#include "passphrase.h"
typedef enum typedef enum
{ {
@ -65,21 +67,11 @@ match(const WIN32_FIND_DATA *find, const TCHAR *ext)
static bool static bool
CheckReadAccess (const TCHAR *dir, const TCHAR *file) CheckReadAccess (const TCHAR *dir, const TCHAR *file)
{ {
HANDLE h;
bool ret = FALSE;
TCHAR path[MAX_PATH]; TCHAR path[MAX_PATH];
_sntprintf_0 (path, _T("%s\\%s"), dir, file); _sntprintf_0 (path, _T("%s\\%s"), dir, file);
h = CreateFile (path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, return CheckFileAccess (path, GENERIC_READ);
FILE_ATTRIBUTE_NORMAL, NULL);
if ( h != INVALID_HANDLE_VALUE )
{
ret = TRUE;
CloseHandle (h);
}
return ret;
} }
static int static int
@ -112,6 +104,9 @@ AddConfigFileToList(int config, const TCHAR *filename, const TCHAR *config_dir)
c->manage.skaddr.sin_addr.s_addr = inet_addr("127.0.0.1"); c->manage.skaddr.sin_addr.s_addr = inet_addr("127.0.0.1");
c->manage.skaddr.sin_port = htons(25340 + config); c->manage.skaddr.sin_port = htons(25340 + config);
if (CheckKeyFileWriteAccess (c))
c->flags |= ALLOW_CHANGE_PASSPHRASE;
/* Check if connection should be autostarted */ /* Check if connection should be autostarted */
for (i = 0; i < MAX_CONFIGS && o.auto_connect[i]; ++i) for (i = 0; i < MAX_CONFIGS && o.auto_connect[i]; ++i)
{ {

10
options.c
View File

@ -105,22 +105,22 @@ add_option(options_t *options, int i, TCHAR **p)
else if (streq(p[0], _T("allow_edit")) && p[1]) else if (streq(p[0], _T("allow_edit")) && p[1])
{ {
++i; ++i;
_tcsncpy(options->allow_edit, p[1], _countof(options->allow_edit) - 1); PrintDebug (L"Deprecated option: '%s' ignored.", p[0]);
} }
else if (streq(p[0], _T("allow_service")) && p[1]) else if (streq(p[0], _T("allow_service")) && p[1])
{ {
++i; ++i;
_tcsncpy(options->allow_service, p[1], _countof(options->allow_service) - 1); PrintDebug (L"Deprecated option: '%s' ignored.", p[0]);
} }
else if (streq(p[0], _T("allow_password")) && p[1]) else if (streq(p[0], _T("allow_password")) && p[1])
{ {
++i; ++i;
_tcsncpy(options->allow_password, p[1], _countof(options->allow_password) - 1); PrintDebug (L"Deprecated option: '%s' ignored.", p[0]);
} }
else if (streq(p[0], _T("allow_proxy")) && p[1]) else if (streq(p[0], _T("allow_proxy")) && p[1])
{ {
++i; ++i;
_tcsncpy(options->allow_proxy, p[1], _countof(options->allow_proxy) - 1); PrintDebug (L"Deprecated option: '%s' ignored.", p[0]);
} }
else if (streq(p[0], _T("show_balloon")) && p[1]) else if (streq(p[0], _T("show_balloon")) && p[1])
{ {
@ -145,7 +145,7 @@ add_option(options_t *options, int i, TCHAR **p)
else if (streq(p[0], _T("passphrase_attempts")) && p[1]) else if (streq(p[0], _T("passphrase_attempts")) && p[1])
{ {
++i; ++i;
_tcsncpy(options->psw_attempts_string, p[1], _countof(options->psw_attempts_string) - 1); PrintDebug (L"Deprecated option: '%s' ignored.", p[0]);
} }
else if (streq(p[0], _T("connectscript_timeout")) && p[1]) else if (streq(p[0], _T("connectscript_timeout")) && p[1])
{ {

17
options.h
View File

@ -84,6 +84,7 @@ typedef struct {
#define FLAG_SAVE_KEY_PASS 1<<4 #define FLAG_SAVE_KEY_PASS 1<<4
#define FLAG_SAVE_AUTH_PASS 1<<5 #define FLAG_SAVE_AUTH_PASS 1<<5
#define ALLOW_CHANGE_PASSPHRASE (1<<1)
/* Connections parameters */ /* Connections parameters */
struct connection { struct connection {
@ -128,7 +129,6 @@ typedef struct {
int num_configs; /* Number of configs */ int num_configs; /* Number of configs */
service_state_t service_state; /* State of the OpenVPN Service */ service_state_t service_state; /* State of the OpenVPN Service */
int psw_attempts; /* Number of psw attemps to allow */
int connectscript_timeout; /* Connect Script execution timeout (sec) */ int connectscript_timeout; /* Connect Script execution timeout (sec) */
int disconnectscript_timeout; /* Disconnect Script execution timeout (sec) */ int disconnectscript_timeout; /* Disconnect Script execution timeout (sec) */
int preconnectscript_timeout; /* Preconnect Script execution timeout (sec) */ int preconnectscript_timeout; /* Preconnect Script execution timeout (sec) */
@ -141,30 +141,25 @@ typedef struct {
TCHAR proxy_socks_address[100]; /* SOCKS Proxy Address */ TCHAR proxy_socks_address[100]; /* SOCKS Proxy Address */
TCHAR proxy_socks_port[6]; /* SOCKS Proxy Address */ TCHAR proxy_socks_port[6]; /* SOCKS Proxy Address */
/* Registry values */ /* HKLM Registry values */
TCHAR exe_path[MAX_PATH]; TCHAR exe_path[MAX_PATH];
TCHAR config_dir[MAX_PATH];
TCHAR global_config_dir[MAX_PATH]; TCHAR global_config_dir[MAX_PATH];
TCHAR priority_string[64];
TCHAR ovpn_admin_group[MAX_NAME];
/* HKCU registry values */
TCHAR config_dir[MAX_PATH];
TCHAR ext_string[16]; TCHAR ext_string[16];
TCHAR log_dir[MAX_PATH]; TCHAR log_dir[MAX_PATH];
TCHAR priority_string[64];
TCHAR append_string[2]; TCHAR append_string[2];
TCHAR log_viewer[MAX_PATH]; TCHAR log_viewer[MAX_PATH];
TCHAR editor[MAX_PATH]; TCHAR editor[MAX_PATH];
TCHAR allow_edit[2];
TCHAR allow_service[2];
TCHAR allow_password[2];
TCHAR allow_proxy[2];
TCHAR silent_connection[2]; TCHAR silent_connection[2];
TCHAR service_only[2]; TCHAR service_only[2];
TCHAR show_balloon[2]; TCHAR show_balloon[2];
TCHAR show_script_window[2]; TCHAR show_script_window[2];
TCHAR psw_attempts_string[2];
TCHAR disconnect_on_suspend[2];
TCHAR connectscript_timeout_string[4]; TCHAR connectscript_timeout_string[4];
TCHAR disconnectscript_timeout_string[4]; TCHAR disconnectscript_timeout_string[4];
TCHAR preconnectscript_timeout_string[4]; TCHAR preconnectscript_timeout_string[4];
TCHAR ovpn_admin_group[MAX_NAME];
#ifdef DEBUG #ifdef DEBUG
FILE *debug_fp; FILE *debug_fp;

51
passphrase.c
View File

@ -40,6 +40,7 @@
#include "openvpn-gui-res.h" #include "openvpn-gui-res.h"
#include "chartable.h" #include "chartable.h"
#include "localization.h" #include "localization.h"
#include "misc.h"
extern options_t o; extern options_t o;
@ -567,15 +568,15 @@ ParseKeyFilenameLine(connection_t *c, TCHAR *keyfilename, size_t keyfilenamesize
return(1); return(1);
} }
static int static int
GetKeyFilename(connection_t *c, TCHAR *keyfilename, size_t keyfilenamesize, int *keyfile_format) GetKeyFilename(connection_t *c, TCHAR *keyfilename, size_t keyfilenamesize, int *keyfile_format, bool silent)
{ {
FILE *fp; FILE *fp = NULL;
char line[256]; char line[256];
int found_key=0; int found_key=0;
int found_pkcs12=0; int found_pkcs12=0;
TCHAR configfile_path[MAX_PATH]; TCHAR configfile_path[MAX_PATH];
int ret = 0;
_tcsncpy(configfile_path, c->config_dir, _countof(configfile_path)); _tcsncpy(configfile_path, c->config_dir, _countof(configfile_path));
if (!(configfile_path[_tcslen(configfile_path)-1] == '\\')) if (!(configfile_path[_tcslen(configfile_path)-1] == '\\'))
@ -586,8 +587,9 @@ GetKeyFilename(connection_t *c, TCHAR *keyfilename, size_t keyfilenamesize, int
if (!(fp=_tfopen(configfile_path, _T("r")))) if (!(fp=_tfopen(configfile_path, _T("r"))))
{ {
/* can't open config file */ /* can't open config file */
if (!silent)
ShowLocalizedMsg(IDS_ERR_OPEN_CONFIG, configfile_path); ShowLocalizedMsg(IDS_ERR_OPEN_CONFIG, configfile_path);
return(0); goto out;
} }
while (fgets(line, sizeof (line), fp)) while (fgets(line, sizeof (line), fp))
@ -597,49 +599,57 @@ GetKeyFilename(connection_t *c, TCHAR *keyfilename, size_t keyfilenamesize, int
if (found_key) if (found_key)
{ {
/* only one key option */ /* only one key option */
if (!silent)
ShowLocalizedMsg(IDS_ERR_ONLY_ONE_KEY_OPTION); ShowLocalizedMsg(IDS_ERR_ONLY_ONE_KEY_OPTION);
return(0); goto out;
} }
if (found_pkcs12) if (found_pkcs12)
{ {
/* key XOR pkcs12 */ /* key XOR pkcs12 */
if (!silent)
ShowLocalizedMsg(IDS_ERR_ONLY_KEY_OR_PKCS12); ShowLocalizedMsg(IDS_ERR_ONLY_KEY_OR_PKCS12);
return(0); goto out;
} }
found_key=1; found_key=1;
*keyfile_format = KEYFILE_FORMAT_PEM; *keyfile_format = KEYFILE_FORMAT_PEM;
if (!ParseKeyFilenameLine(c, keyfilename, keyfilenamesize, &line[4])) if (!ParseKeyFilenameLine(c, keyfilename, keyfilenamesize, &line[4]))
return(0); goto out;
} }
if (LineBeginsWith(line, "pkcs12", 6)) if (LineBeginsWith(line, "pkcs12", 6))
{ {
if (found_pkcs12) if (found_pkcs12)
{ {
/* only one pkcs12 option */ /* only one pkcs12 option */
if (!silent)
ShowLocalizedMsg(IDS_ERR_ONLY_ONE_PKCS12_OPTION); ShowLocalizedMsg(IDS_ERR_ONLY_ONE_PKCS12_OPTION);
return(0); goto out;
} }
if (found_key) if (found_key)
{ {
/* only key XOR pkcs12 */ /* only key XOR pkcs12 */
if (!silent)
ShowLocalizedMsg(IDS_ERR_ONLY_KEY_OR_PKCS12); ShowLocalizedMsg(IDS_ERR_ONLY_KEY_OR_PKCS12);
return(0); goto out;
} }
found_pkcs12=1; found_pkcs12=1;
*keyfile_format = KEYFILE_FORMAT_PKCS12; *keyfile_format = KEYFILE_FORMAT_PKCS12;
if (!ParseKeyFilenameLine(c, keyfilename, keyfilenamesize, &line[7])) if (!ParseKeyFilenameLine(c, keyfilename, keyfilenamesize, &line[7]))
return(0); goto out;
} }
} }
if ((!found_key) && (!found_pkcs12)) if ((!found_key) && (!found_pkcs12))
{ {
/* must have key or pkcs12 option */ /* must have key or pkcs12 option */
if (!silent)
ShowLocalizedMsg(IDS_ERR_HAVE_KEY_OR_PKCS12); ShowLocalizedMsg(IDS_ERR_HAVE_KEY_OR_PKCS12);
return(0); goto out;
} }
ret = 1;
return(1); out:
if (fp)
fclose(fp);
return ret;
} }
@ -658,7 +668,7 @@ ChangePassphraseThread(LPVOID data)
conn_name[_tcslen(conn_name) - (_tcslen(o.ext_string)+1)]=0; conn_name[_tcslen(conn_name) - (_tcslen(o.ext_string)+1)]=0;
/* Get Key filename from config file */ /* Get Key filename from config file */
if (!GetKeyFilename(c, keyfilename, _countof(keyfilename), &keyfile_format)) if (!GetKeyFilename(c, keyfilename, _countof(keyfilename), &keyfile_format, false))
{ {
ExitThread(1); ExitThread(1);
} }
@ -685,6 +695,7 @@ ChangePassphraseThread(LPVOID data)
} }
} }
CloseHandle (hwndChangePSW);
ExitThread(0); ExitThread(0);
} }
@ -703,8 +714,18 @@ ShowChangePassphraseDialog(connection_t *c)
ShowLocalizedMsg(IDS_ERR_CREATE_PASS_THREAD); ShowLocalizedMsg(IDS_ERR_CREATE_PASS_THREAD);
return; return;
} }
CloseHandle (hThread);
} }
bool
CheckKeyFileWriteAccess (connection_t *c)
{
TCHAR keyfile[MAX_PATH];
int format = 0;
if (!GetKeyFilename (c, keyfile, _countof(keyfile), &format, true))
return FALSE;
else
return CheckFileAccess (keyfile, GENERIC_WRITE);
}
#endif #endif

1
passphrase.h
View File

@ -30,5 +30,6 @@ BOOL GetRandomPassword(char *, size_t);
#ifndef DISABLE_CHANGE_PASSWORD #ifndef DISABLE_CHANGE_PASSWORD
void ShowChangePassphraseDialog(connection_t *); void ShowChangePassphraseDialog(connection_t *);
#endif #endif
BOOL CheckKeyFileWriteAccess (connection_t *);
#endif #endif

69
registry.c
View File

@ -36,6 +36,20 @@
extern options_t o; extern options_t o;
static void
ExpandString (WCHAR *str, int max_len)
{
WCHAR expanded_string[MAX_PATH];
int len = ExpandEnvironmentStringsW(str, expanded_string, _countof(expanded_string));
if (len > max_len || len > (int) _countof(expanded_string))
{
PrintDebug (L"Failed to expanded env vars in '%s'. String too long", str);
return;
}
wcsncpy(str, expanded_string, max_len);
}
int int
GetRegistryKeys() GetRegistryKeys()
{ {
@ -80,32 +94,40 @@ GetRegistryKeys()
/* use default = openvpnpath\config */ /* use default = openvpnpath\config */
_sntprintf_0(o.global_config_dir, _T("%sconfig"), openvpn_path); _sntprintf_0(o.global_config_dir, _T("%sconfig"), openvpn_path);
} }
if (!GetRegistryValue(regkey, _T("ovpn_admin_group"), o.ovpn_admin_group, _countof(o.ovpn_admin_group))) if (!GetRegistryValue(regkey, _T("ovpn_admin_group"), o.ovpn_admin_group, _countof(o.ovpn_admin_group)))
{ {
_tcsncpy(o.ovpn_admin_group, OVPN_ADMIN_GROUP, _countof(o.ovpn_admin_group)); _tcsncpy(o.ovpn_admin_group, OVPN_ADMIN_GROUP, _countof(o.ovpn_admin_group)-1);
}
if (o.exe_path[0] != L'\0') /* set by cmd-line */
ExpandString (o.exe_path, _countof(o.exe_path));
else if (!GetRegistryValue(regkey, _T("exe_path"), o.exe_path, _countof(o.exe_path)))
{
_sntprintf_0(o.exe_path, _T("%sbin\\openvpn.exe"), openvpn_path);
}
if (o.priority_string[0] != L'\0') /* set by cmd-line */
ExpandString (o.priority_string, _countof(o.priority_string));
if (!GetRegistryValue(regkey, _T("priority"), o.priority_string, _countof(o.priority_string)))
{
_tcsncpy(o.priority_string, _T("NORMAL_PRIORITY_CLASS"), _countof(o.priority_string)-1);
} }
RegCloseKey(regkey); RegCloseKey(regkey);
/* config_dir in user's profile by default */ /* user-sepcific config_dir in user's profile by default */
_sntprintf_0(temp_path, _T("%s\\OpenVPN\\config"), profile_dir); _sntprintf_0(temp_path, _T("%s\\OpenVPN\\config"), profile_dir);
if (!GetRegKey(_T("config_dir"), o.config_dir, if (!GetRegKey(_T("config_dir"), o.config_dir,
temp_path, _countof(o.config_dir))) return(false); temp_path, _countof(o.config_dir))) return(false);
if (!GetRegKey(_T("config_ext"), o.ext_string, _T("ovpn"), _countof(o.ext_string))) return(false); if (!GetRegKey(_T("config_ext"), o.ext_string, _T("ovpn"), _countof(o.ext_string))) return(false);
_sntprintf_0(temp_path, _T("%sbin\\openvpn.exe"), openvpn_path);
if (!GetRegKey(_T("exe_path"), o.exe_path,
temp_path, _countof(o.exe_path))) return(false);
_sntprintf_0(temp_path, _T("%s\\OpenVPN\\log"), profile_dir); _sntprintf_0(temp_path, _T("%s\\OpenVPN\\log"), profile_dir);
if (!GetRegKey(_T("log_dir"), o.log_dir, if (!GetRegKey(_T("log_dir"), o.log_dir,
temp_path, _countof(o.log_dir))) return(false); temp_path, _countof(o.log_dir))) return(false);
if (!GetRegKey(_T("log_append"), o.append_string, _T("0"), _countof(o.append_string))) return(false); if (!GetRegKey(_T("log_append"), o.append_string, _T("0"), _countof(o.append_string))) return(false);
if (!GetRegKey(_T("priority"), o.priority_string,
_T("NORMAL_PRIORITY_CLASS"), _countof(o.priority_string))) return(false);
_sntprintf_0(temp_path, _T("%s\\system32\\notepad.exe"), windows_dir); _sntprintf_0(temp_path, _T("%s\\system32\\notepad.exe"), windows_dir);
if (!GetRegKey(_T("log_viewer"), o.log_viewer, if (!GetRegKey(_T("log_viewer"), o.log_viewer,
temp_path, _countof(o.log_viewer))) return(false); temp_path, _countof(o.log_viewer))) return(false);
@ -114,14 +136,6 @@ GetRegistryKeys()
if (!GetRegKey(_T("editor"), o.editor, if (!GetRegKey(_T("editor"), o.editor,
temp_path, _countof(o.editor))) return(false); temp_path, _countof(o.editor))) return(false);
if (!GetRegKey(_T("allow_edit"), o.allow_edit, _T("1"), _countof(o.allow_edit))) return(false);
if (!GetRegKey(_T("allow_service"), o.allow_service, _T("0"), _countof(o.allow_service))) return(false);
if (!GetRegKey(_T("allow_password"), o.allow_password, _T("1"), _countof(o.allow_password))) return(false);
if (!GetRegKey(_T("allow_proxy"), o.allow_proxy, _T("1"), _countof(o.allow_proxy))) return(false);
if (!GetRegKey(_T("service_only"), o.service_only, _T("0"), _countof(o.service_only))) return(false); if (!GetRegKey(_T("service_only"), o.service_only, _T("0"), _countof(o.service_only))) return(false);
if (!GetRegKey(_T("show_balloon"), o.show_balloon, _T("1"), _countof(o.show_balloon))) return(false); if (!GetRegKey(_T("show_balloon"), o.show_balloon, _T("1"), _countof(o.show_balloon))) return(false);
@ -130,19 +144,6 @@ GetRegistryKeys()
if (!GetRegKey(_T("show_script_window"), o.show_script_window, _T("1"), _countof(o.show_script_window))) return(false); if (!GetRegKey(_T("show_script_window"), o.show_script_window, _T("1"), _countof(o.show_script_window))) return(false);
if (!GetRegKey(_T("disconnect_on_suspend"), o.disconnect_on_suspend, _T("0"),
_countof(o.disconnect_on_suspend))) return(false);
if (!GetRegKey(_T("passphrase_attempts"), o.psw_attempts_string, _T("3"),
_countof(o.psw_attempts_string))) return(false);
o.psw_attempts = _ttoi(o.psw_attempts_string);
if ((o.psw_attempts < 1) || (o.psw_attempts > 9))
{
/* 0 <= passphrase_attempts <= 9 */
ShowLocalizedMsg(IDS_ERR_PASSPHRASE_ATTEMPTS);
return(false);
}
if (!GetRegKey(_T("connectscript_timeout"), o.connectscript_timeout_string, _T("15"), if (!GetRegKey(_T("connectscript_timeout"), o.connectscript_timeout_string, _T("15"),
_countof(o.connectscript_timeout_string))) return(false); _countof(o.connectscript_timeout_string))) return(false);
o.connectscript_timeout = _ttoi(o.connectscript_timeout_string); o.connectscript_timeout = _ttoi(o.connectscript_timeout_string);
@ -184,16 +185,13 @@ int GetRegKey(const TCHAR name[], TCHAR *data, const TCHAR default_data[], DWORD
HKEY openvpn_key; HKEY openvpn_key;
HKEY openvpn_key_write; HKEY openvpn_key_write;
DWORD dwDispos; DWORD dwDispos;
TCHAR expanded_string[MAX_PATH];
DWORD size = len * sizeof(*data); DWORD size = len * sizeof(*data);
DWORD max_len = len - 1; DWORD max_len = len - 1;
/* If option is already set via cmd-line, return */ /* If option is already set via cmd-line, return */
if (data[0] != 0) if (data[0] != 0)
{ {
// Expand environment variables inside the string. ExpandString (data, len);
ExpandEnvironmentStrings(data, expanded_string, _countof(expanded_string));
_tcsncpy(data, expanded_string, max_len);
return(true); return(true);
} }
@ -256,8 +254,7 @@ int GetRegKey(const TCHAR name[], TCHAR *data, const TCHAR default_data[], DWORD
RegCloseKey(openvpn_key); RegCloseKey(openvpn_key);
// Expand environment variables inside the string. // Expand environment variables inside the string.
ExpandEnvironmentStrings(data, expanded_string, _countof(expanded_string)); ExpandString (data, len);
_tcsncpy(data, expanded_string, max_len);
return(true); return(true);
} }

4
res/openvpn-gui-res-en.rc
View File

@ -86,7 +86,7 @@ END
/* Change Passphrase Dialog */ /* Change Passphrase Dialog */
ID_DLG_CHGPASS DIALOG 6, 18, 193, 82 ID_DLG_CHGPASS DIALOG 6, 18, 193, 82
STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU | DS_CENTER STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU | DS_CENTER
CAPTION "OpenVPN - Change Passphrase" CAPTION "OpenVPN - Change Private Key Passphrase"
FONT 8, "Microsoft Sans Serif" FONT 8, "Microsoft Sans Serif"
LANGUAGE LANG_ENGLISH, SUBLANG_DEFAULT LANGUAGE LANG_ENGLISH, SUBLANG_DEFAULT
BEGIN BEGIN
@ -313,7 +313,7 @@ BEGIN
/* passphrase - Resources */ /* passphrase - Resources */
IDS_ERR_CREATE_PASS_THREAD "CreateThread to show ChangePassphrase dialog failed." IDS_ERR_CREATE_PASS_THREAD "CreateThread to show ChangePassphrase dialog failed."
IDS_NFO_CHANGE_PWD "Change Password (%s)" IDS_NFO_CHANGE_PWD "Change Private Key Password (%s)"
IDS_ERR_PWD_DONT_MATCH "The passwords you typed do not match. Try again." IDS_ERR_PWD_DONT_MATCH "The passwords you typed do not match. Try again."
IDS_ERR_PWD_TO_SHORT "Your new password must be at least %d characters long." IDS_ERR_PWD_TO_SHORT "Your new password must be at least %d characters long."
IDS_NFO_EMPTY_PWD "Are you sure you want to set an EMPTY password?" IDS_NFO_EMPTY_PWD "Are you sure you want to set an EMPTY password?"

28
tray.c
View File

@ -75,23 +75,16 @@ CreatePopupMenus()
AppendMenu(hMenu, MF_STRING, IDM_VIEWLOGMENU, LoadLocalizedString(IDS_MENU_VIEWLOG)); AppendMenu(hMenu, MF_STRING, IDM_VIEWLOGMENU, LoadLocalizedString(IDS_MENU_VIEWLOG));
if (o.allow_edit[0] == '1')
AppendMenu(hMenu, MF_STRING, IDM_EDITMENU, LoadLocalizedString(IDS_MENU_EDITCONFIG)); AppendMenu(hMenu, MF_STRING, IDM_EDITMENU, LoadLocalizedString(IDS_MENU_EDITCONFIG));
AppendMenu(hMenu, MF_STRING, IDM_CLEARPASSMENU, LoadLocalizedString(IDS_MENU_CLEARPASS)); AppendMenu(hMenu, MF_STRING, IDM_CLEARPASSMENU, LoadLocalizedString(IDS_MENU_CLEARPASS));
#ifndef DISABLE_CHANGE_PASSWORD #ifndef DISABLE_CHANGE_PASSWORD
if (o.allow_password[0] == '1') if (o.conn[0].flags & ALLOW_CHANGE_PASSPHRASE)
AppendMenu(hMenu, MF_STRING, IDM_PASSPHRASEMENU, LoadLocalizedString(IDS_MENU_PASSPHRASE)); AppendMenu(hMenu, MF_STRING, IDM_PASSPHRASEMENU, LoadLocalizedString(IDS_MENU_PASSPHRASE));
#endif #endif
AppendMenu(hMenu, MF_SEPARATOR, 0, 0); AppendMenu(hMenu, MF_SEPARATOR, 0, 0);
if (o.allow_service[0] == '1' && o.service_only[0] == '0')
{
AppendMenu(hMenu, MF_POPUP, (UINT_PTR) hMenuService, LoadLocalizedString(IDS_MENU_SERVICE));
AppendMenu(hMenu, MF_SEPARATOR, 0, 0);
}
AppendMenu(hMenu, MF_STRING, IDM_IMPORT, LoadLocalizedString(IDS_MENU_IMPORT)); AppendMenu(hMenu, MF_STRING, IDM_IMPORT, LoadLocalizedString(IDS_MENU_IMPORT));
AppendMenu(hMenu, MF_STRING ,IDM_SETTINGS, LoadLocalizedString(IDS_MENU_SETTINGS)); AppendMenu(hMenu, MF_STRING ,IDM_SETTINGS, LoadLocalizedString(IDS_MENU_SETTINGS));
AppendMenu(hMenu, MF_STRING ,IDM_CLOSE, LoadLocalizedString(IDS_MENU_CLOSE)); AppendMenu(hMenu, MF_STRING ,IDM_CLOSE, LoadLocalizedString(IDS_MENU_CLOSE));
@ -107,11 +100,7 @@ CreatePopupMenus()
if (o.num_configs > 0) if (o.num_configs > 0)
AppendMenu(hMenu, MF_SEPARATOR, 0, 0); AppendMenu(hMenu, MF_SEPARATOR, 0, 0);
if (o.service_only[0] == '0' && o.allow_service[0] == '1') { if (o.service_only[0] == '1') {
AppendMenu(hMenu, MF_POPUP, (UINT_PTR) hMenuService, LoadLocalizedString(IDS_MENU_SERVICE));
AppendMenu(hMenu, MF_SEPARATOR, 0, 0);
}
else if (o.service_only[0] == '1') {
AppendMenu(hMenu, MF_STRING, IDM_SERVICE_START, LoadLocalizedString(IDS_MENU_SERVICEONLY_START)); AppendMenu(hMenu, MF_STRING, IDM_SERVICE_START, LoadLocalizedString(IDS_MENU_SERVICEONLY_START));
AppendMenu(hMenu, MF_STRING, IDM_SERVICE_STOP, LoadLocalizedString(IDS_MENU_SERVICEONLY_STOP)); AppendMenu(hMenu, MF_STRING, IDM_SERVICE_STOP, LoadLocalizedString(IDS_MENU_SERVICEONLY_STOP));
AppendMenu(hMenu, MF_STRING, IDM_SERVICE_RESTART, LoadLocalizedString(IDS_MENU_SERVICEONLY_RESTART)); AppendMenu(hMenu, MF_STRING, IDM_SERVICE_RESTART, LoadLocalizedString(IDS_MENU_SERVICEONLY_RESTART));
@ -134,12 +123,11 @@ CreatePopupMenus()
AppendMenu(hMenuConn[i], MF_STRING, IDM_VIEWLOGMENU + i, LoadLocalizedString(IDS_MENU_VIEWLOG)); AppendMenu(hMenuConn[i], MF_STRING, IDM_VIEWLOGMENU + i, LoadLocalizedString(IDS_MENU_VIEWLOG));
if (o.allow_edit[0] == '1')
AppendMenu(hMenuConn[i], MF_STRING, IDM_EDITMENU + i, LoadLocalizedString(IDS_MENU_EDITCONFIG)); AppendMenu(hMenuConn[i], MF_STRING, IDM_EDITMENU + i, LoadLocalizedString(IDS_MENU_EDITCONFIG));
AppendMenu(hMenuConn[i], MF_STRING, IDM_CLEARPASSMENU + i, LoadLocalizedString(IDS_MENU_CLEARPASS)); AppendMenu(hMenuConn[i], MF_STRING, IDM_CLEARPASSMENU + i, LoadLocalizedString(IDS_MENU_CLEARPASS));
#ifndef DISABLE_CHANGE_PASSWORD #ifndef DISABLE_CHANGE_PASSWORD
if (o.allow_password[0] == '1') if (o.conn[i].flags & ALLOW_CHANGE_PASSPHRASE)
AppendMenu(hMenuConn[i], MF_STRING, IDM_PASSPHRASEMENU + i, LoadLocalizedString(IDS_MENU_PASSPHRASE)); AppendMenu(hMenuConn[i], MF_STRING, IDM_PASSPHRASEMENU + i, LoadLocalizedString(IDS_MENU_PASSPHRASE));
#endif #endif
@ -147,14 +135,6 @@ CreatePopupMenus()
} }
} }
/* Create service menu */
if (o.allow_service[0] == '1' && o.service_only[0] == '0')
{
AppendMenu(hMenuService, MF_STRING, IDM_SERVICE_START, LoadLocalizedString(IDS_MENU_SERVICE_START));
AppendMenu(hMenuService, MF_STRING, IDM_SERVICE_STOP, LoadLocalizedString(IDS_MENU_SERVICE_STOP));
AppendMenu(hMenuService, MF_STRING, IDM_SERVICE_RESTART, LoadLocalizedString(IDS_MENU_SERVICE_RESTART));
}
SetServiceMenuStatus(); SetServiceMenuStatus();
} }
@ -431,7 +411,7 @@ SetServiceMenuStatus()
{ {
HMENU hMenuHandle; HMENU hMenuHandle;
if (o.allow_service[0] == '0' && o.service_only[0] == '0') if (o.service_only[0] == '0')
return; return;
if (o.service_only[0] == '1') if (o.service_only[0] == '1')