From 801bbf41db791ae908f6a09f5d43d4de1a17c889 Mon Sep 17 00:00:00 2001 From: Selva Nair Date: Thu, 22 Apr 2021 18:47:35 -0400 Subject: [PATCH] In User-Auth dialog require non-empty password or PIN We had earlier supported blank passwords or OTPs to be submitted. Change this by enabling the OK button only if some minimal inputs are present. - In static challenge dialog require username and either password or challenge-reponse (OTP) fields to be non-empty - In normal user-auth dialog require username and password to be non-empty Signed-off-by: Selva Nair --- openvpn.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/openvpn.c b/openvpn.c index 15fe7cb..7819902 100644 --- a/openvpn.c +++ b/openvpn.c @@ -519,18 +519,21 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) switch (LOWORD(wParam)) { case ID_EDT_AUTH_USER: + case ID_EDT_AUTH_PASS: + case ID_EDT_AUTH_CHALLENGE: if (HIWORD(wParam) == EN_UPDATE) { - int len = Edit_GetTextLength((HWND) lParam); - EnableWindow(GetDlgItem(hwndDlg, IDOK), (len ? TRUE : FALSE)); + /* enable OK button only if username and either password or response are filled */ + BOOL enableOK = GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_USER)) + && (GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS)) + || ((param->flags & FLAG_CR_TYPE_SCRV1) + && GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_CHALLENGE))) + ); + EnableWindow(GetDlgItem(hwndDlg, IDOK), enableOK); } AutoCloseCancel(hwndDlg); /* user interrupt */ break; - case ID_EDT_AUTH_PASS: - AutoCloseCancel(hwndDlg); /* user interrupt */ - break; - case ID_CHK_SAVE_PASS: param->c->flags ^= FLAG_SAVE_AUTH_PASS; if (param->c->flags & FLAG_SAVE_AUTH_PASS)