mirror of https://github.com/OpenVPN/openvpn-gui
Save username only if/when saving auth password
- Currently username is always saved. This changes that to save username only when auth password is saved. - Usernames saved by previous versions are automatically migrated if password is also saved, else cleared, to enforce the new behaviour. - Username and password are saved as encrypted by DPAPI. Note: Setups in which saving of password is not enabled, any previously saved username will be forgotten. However, the migration or clearing of username is attempted only when a connection is started. So previously saved usernames may stay in the store if a config is unused. Signed-off-by: Selva Nair <selva.nair@gmail.com>pull/218/head
Selva Nair
parent
e7fd11812f
commit
c34345704a
|
|
@ -511,6 +511,7 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
|
|||
else
|
||||
{
|
||||
DeleteSavedAuthPass(param->c->config_name);
|
||||
DeleteSavedUsername(param->c->config_name);
|
||||
Button_SetCheck(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_UNCHECKED);
|
||||
}
|
||||
AutoCloseCancel(hwndDlg); /* user interrupt */
|
||||
|
|
@ -524,7 +525,6 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
|
|||
show_error_tip(GetDlgItem(hwndDlg, ID_EDT_AUTH_USER), LoadLocalizedString(IDS_ERR_INVALID_USERNAME_INPUT));
|
||||
return 0;
|
||||
}
|
||||
SaveUsername(param->c->config_name, username);
|
||||
}
|
||||
if (GetDlgItemTextW(hwndDlg, ID_EDT_AUTH_PASS, password, _countof(password)))
|
||||
{
|
||||
|
|
@ -536,6 +536,7 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
|
|||
}
|
||||
if ( param->c->flags & FLAG_SAVE_AUTH_PASS && wcslen(password) )
|
||||
{
|
||||
SaveUsername(param->c->config_name, username);
|
||||
SaveAuthPass(param->c->config_name, password);
|
||||
}
|
||||
SecureZeroMemory(password, sizeof(password));
|
||||
|
|
|
|||
41
save_pass.c
41
save_pass.c
|
|
@ -200,9 +200,7 @@ RecallAuthPass(const WCHAR *config_name, WCHAR *password)
|
|||
int
|
||||
SaveUsername(const WCHAR *config_name, const WCHAR *username)
|
||||
{
|
||||
DWORD len = (wcslen(username) + 1) * sizeof(*username);
|
||||
SetConfigRegistryValueBinary(config_name, AUTH_USER_DATA,(BYTE *) username, len);
|
||||
return 1;
|
||||
return save_encrypted(config_name, username, AUTH_USER_DATA);
|
||||
}
|
||||
/*
|
||||
* The buffer username should be have space for up to USER_PASS_LEN
|
||||
|
|
@ -212,13 +210,29 @@ int
|
|||
RecallUsername(const WCHAR *config_name, WCHAR *username)
|
||||
{
|
||||
DWORD capacity = USER_PASS_LEN * sizeof(WCHAR);
|
||||
DWORD len;
|
||||
|
||||
len = GetConfigRegistryValue(config_name, AUTH_USER_DATA, (BYTE *) username, capacity);
|
||||
if (len == 0)
|
||||
return 0;
|
||||
username[USER_PASS_LEN-1] = L'\0';
|
||||
return 1;
|
||||
int retval;
|
||||
retval = recall_encrypted(config_name, username, USER_PASS_LEN, AUTH_USER_DATA);
|
||||
/* older versions saved username unencrypted -- try to read as plain text and migrate */
|
||||
if (!retval)
|
||||
{
|
||||
DWORD len = GetConfigRegistryValue(config_name, AUTH_USER_DATA, (BYTE *) username, capacity);
|
||||
username[USER_PASS_LEN-1] = L'\0';
|
||||
if (len > 0)
|
||||
{
|
||||
retval = 1;
|
||||
/* re-save as encrypted or delete depending on password is saved or not */
|
||||
if (IsAuthPassSaved(config_name))
|
||||
{
|
||||
SaveUsername(config_name, username); /* overwrites previous plain text value */
|
||||
}
|
||||
else
|
||||
{
|
||||
DeleteSavedUsername(config_name);
|
||||
SecureZeroMemory(username, capacity);
|
||||
}
|
||||
}
|
||||
}
|
||||
return retval;
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -233,6 +247,12 @@ DeleteSavedAuthPass(const WCHAR *config_name)
|
|||
DeleteConfigRegistryValue(config_name, AUTH_PASS_DATA);
|
||||
}
|
||||
|
||||
void
|
||||
DeleteSavedUsername(const WCHAR *config_name)
|
||||
{
|
||||
DeleteConfigRegistryValue(config_name, AUTH_USER_DATA);
|
||||
}
|
||||
|
||||
/* delete saved config-specific auth password and private key passphrase */
|
||||
void
|
||||
DeleteSavedPasswords(const WCHAR *config_name)
|
||||
|
|
@ -240,6 +260,7 @@ DeleteSavedPasswords(const WCHAR *config_name)
|
|||
DeleteConfigRegistryValue(config_name, KEY_PASS_DATA);
|
||||
DeleteConfigRegistryValue(config_name, AUTH_PASS_DATA);
|
||||
DeleteConfigRegistryValue(config_name, ENTROPY_DATA);
|
||||
DeleteConfigRegistryValue(config_name, AUTH_USER_DATA);
|
||||
}
|
||||
|
||||
/* check if auth password is saved */
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ int RecallKeyPass(const WCHAR *config_name, WCHAR *password);
|
|||
int RecallAuthPass(const WCHAR *config_name, WCHAR *password);
|
||||
int RecallUsername(const WCHAR *config_name, WCHAR *username);
|
||||
|
||||
void DeleteSavedUsername(const WCHAR *config_name);
|
||||
void DeleteSavedAuthPass(const WCHAR *config_name);
|
||||
void DeleteSavedKeyPass(const WCHAR *config_name);
|
||||
void DeleteSavedPasswords(const WCHAR *config_name);
|
||||
|
|
|
|||
Loading…
Reference in New Issue