github
/
openvpn-gui
mirror of https://github.com/OpenVPN/openvpn-gui
1
0
Fork 0
Code Issues Releases Wiki Activity

Save username only if/when saving auth password 

- Currently username is always saved. This changes that to save
  username only when auth password is saved.
- Usernames saved by previous versions are automatically migrated
  if password is also saved, else cleared, to enforce the new behaviour.
- Username and password are saved as encrypted by DPAPI.

Note: Setups in which saving of password is not enabled, any previously
saved username will be forgotten. However, the migration or clearing of
username is attempted only when a connection is started. So previously
saved usernames may stay in the store if a config is unused.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
pull/218/head
Selva Nair 2017-12-24 16:28:09 -05:00
parent e7fd11812f
commit c34345704a
3 changed files with 34 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openvpn.c
View File

@ -511,6 +511,7 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
else else
{ {
DeleteSavedAuthPass(param->c->config_name); DeleteSavedAuthPass(param->c->config_name);
DeleteSavedUsername(param->c->config_name);
Button_SetCheck(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_UNCHECKED); Button_SetCheck(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_UNCHECKED);
} }
AutoCloseCancel(hwndDlg); /* user interrupt */ AutoCloseCancel(hwndDlg); /* user interrupt */
@ -524,7 +525,6 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
show_error_tip(GetDlgItem(hwndDlg, ID_EDT_AUTH_USER), LoadLocalizedString(IDS_ERR_INVALID_USERNAME_INPUT)); show_error_tip(GetDlgItem(hwndDlg, ID_EDT_AUTH_USER), LoadLocalizedString(IDS_ERR_INVALID_USERNAME_INPUT));
return 0; return 0;
} }
SaveUsername(param->c->config_name, username);
} }
if (GetDlgItemTextW(hwndDlg, ID_EDT_AUTH_PASS, password, _countof(password))) if (GetDlgItemTextW(hwndDlg, ID_EDT_AUTH_PASS, password, _countof(password)))
{ {
@ -536,6 +536,7 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
} }
if ( param->c->flags & FLAG_SAVE_AUTH_PASS && wcslen(password) ) if ( param->c->flags & FLAG_SAVE_AUTH_PASS && wcslen(password) )
{ {
SaveUsername(param->c->config_name, username);
SaveAuthPass(param->c->config_name, password); SaveAuthPass(param->c->config_name, password);
} }
SecureZeroMemory(password, sizeof(password)); SecureZeroMemory(password, sizeof(password));

39
save_pass.c
View File

@ -200,9 +200,7 @@ RecallAuthPass(const WCHAR *config_name, WCHAR *password)
int int
SaveUsername(const WCHAR *config_name, const WCHAR *username) SaveUsername(const WCHAR *config_name, const WCHAR *username)
{ {
DWORD len = (wcslen(username) + 1) * sizeof(*username); return save_encrypted(config_name, username, AUTH_USER_DATA);
SetConfigRegistryValueBinary(config_name, AUTH_USER_DATA,(BYTE *) username, len);
return 1;
} }
/* /*
* The buffer username should be have space for up to USER_PASS_LEN * The buffer username should be have space for up to USER_PASS_LEN
@ -212,13 +210,29 @@ int
RecallUsername(const WCHAR *config_name, WCHAR *username) RecallUsername(const WCHAR *config_name, WCHAR *username)
{ {
DWORD capacity = USER_PASS_LEN * sizeof(WCHAR); DWORD capacity = USER_PASS_LEN * sizeof(WCHAR);
DWORD len; int retval;
retval = recall_encrypted(config_name, username, USER_PASS_LEN, AUTH_USER_DATA);
len = GetConfigRegistryValue(config_name, AUTH_USER_DATA, (BYTE *) username, capacity); /* older versions saved username unencrypted -- try to read as plain text and migrate */
if (len == 0) if (!retval)
return 0; {
DWORD len = GetConfigRegistryValue(config_name, AUTH_USER_DATA, (BYTE *) username, capacity);
username[USER_PASS_LEN-1] = L'\0'; username[USER_PASS_LEN-1] = L'\0';
return 1; if (len > 0)
{
retval = 1;
/* re-save as encrypted or delete depending on password is saved or not */
if (IsAuthPassSaved(config_name))
{
SaveUsername(config_name, username); /* overwrites previous plain text value */
}
else
{
DeleteSavedUsername(config_name);
SecureZeroMemory(username, capacity);
}
}
}
return retval;
} }
void void
@ -233,6 +247,12 @@ DeleteSavedAuthPass(const WCHAR *config_name)
DeleteConfigRegistryValue(config_name, AUTH_PASS_DATA); DeleteConfigRegistryValue(config_name, AUTH_PASS_DATA);
} }
void
DeleteSavedUsername(const WCHAR *config_name)
{
DeleteConfigRegistryValue(config_name, AUTH_USER_DATA);
}
/* delete saved config-specific auth password and private key passphrase */ /* delete saved config-specific auth password and private key passphrase */
void void
DeleteSavedPasswords(const WCHAR *config_name) DeleteSavedPasswords(const WCHAR *config_name)
@ -240,6 +260,7 @@ DeleteSavedPasswords(const WCHAR *config_name)
DeleteConfigRegistryValue(config_name, KEY_PASS_DATA); DeleteConfigRegistryValue(config_name, KEY_PASS_DATA);
DeleteConfigRegistryValue(config_name, AUTH_PASS_DATA); DeleteConfigRegistryValue(config_name, AUTH_PASS_DATA);
DeleteConfigRegistryValue(config_name, ENTROPY_DATA); DeleteConfigRegistryValue(config_name, ENTROPY_DATA);
DeleteConfigRegistryValue(config_name, AUTH_USER_DATA);
} }
/* check if auth password is saved */ /* check if auth password is saved */

1
save_pass.h
View File

@ -14,6 +14,7 @@ int RecallKeyPass(const WCHAR *config_name, WCHAR *password);
int RecallAuthPass(const WCHAR *config_name, WCHAR *password); int RecallAuthPass(const WCHAR *config_name, WCHAR *password);
int RecallUsername(const WCHAR *config_name, WCHAR *username); int RecallUsername(const WCHAR *config_name, WCHAR *username);
void DeleteSavedUsername(const WCHAR *config_name);
void DeleteSavedAuthPass(const WCHAR *config_name); void DeleteSavedAuthPass(const WCHAR *config_name);
void DeleteSavedKeyPass(const WCHAR *config_name); void DeleteSavedKeyPass(const WCHAR *config_name);
void DeleteSavedPasswords(const WCHAR *config_name); void DeleteSavedPasswords(const WCHAR *config_name);