From d4090a8842990ba992d843c49eaec1760ac03b0e Mon Sep 17 00:00:00 2001
From: Selva Nair <selva.nair@gmail.com>
Date: Sun, 26 Feb 2017 21:00:03 -0500
Subject: [PATCH] Parse ECHO directives from openvpn

Support the following echo commands

- "echo forget-passwords": delete passwords internally saved by the GUI
  but do not disable the password save feature. Useful when pushed
  from the server so that it gets processed after authentication. Also see
  management-notes.txt in openvpn docs.

- "echo save-passwords": enables private-key and auth-user-pass passwords
  to be saved. Will be effective at startup only if present in the config
  file. If pushed from the server, will get used for subsequent
  password prompts. Essentially this has the effect of presenting the password
  dialogs to the user with save-password checkbox selected. The user may still
  uncheck it during the dialog.

Note: echo commands are processed as and when they are received and in the order
received.

TODO: support for "echo setenv name var", "echo disable-save-passwords" etc..

Signed-off-by: Selva Nair <selva.nair@gmail.com>
---
 main.c    |  1 +
 manage.c  |  5 +++++
 openvpn.c | 33 +++++++++++++++++++++++++++++++++
 openvpn.h |  1 +
 4 files changed, 40 insertions(+)

diff --git a/main.c b/main.c
index 6f206e6..043438b 100644
--- a/main.c
+++ b/main.c
@@ -121,6 +121,7 @@ int WINAPI _tWinMain (HINSTANCE hThisInstance,
       { stop,     OnStop },
       { needok,   OnNeedOk },
       { needstr,  OnNeedStr },
+      { echo,     OnEcho },
       { 0,        NULL }
   };
   InitManagement(handler);
diff --git a/manage.c b/manage.c
index 583e747..2891c78 100644
--- a/manage.c
+++ b/manage.c
@@ -322,6 +322,11 @@ OnManagement(SOCKET sk, LPARAM lParam)
                     if (rtmsg_handler[needstr])
                         rtmsg_handler[needstr](c, pos + 9);
                 }
+                else if (strncmp(pos, "ECHO:", 5) == 0)
+                {
+                    if (rtmsg_handler[echo])
+                        rtmsg_handler[echo](c, pos + 5);
+                }
             }
             else if (c->manage.cmd_queue)
             {
diff --git a/openvpn.c b/openvpn.c
index 6671434..056f9bf 100644
--- a/openvpn.c
+++ b/openvpn.c
@@ -108,6 +108,7 @@ OnReady(connection_t *c, UNUSED char *msg)
 {
     ManagementCommand(c, "state on", NULL, regular);
     ManagementCommand(c, "log all on", OnLogLine, combined);
+    ManagementCommand(c, "echo all on", OnEcho, combined);
 }
 
 
@@ -689,6 +690,38 @@ out:
     return ret;
 }
 
+/*
+ * Handle >ECHO: request from OpenVPN management interface
+ * Expect msg = timestamp,message
+ */
+void
+OnEcho(connection_t *c, char *msg)
+{
+    WCHAR errmsg[256];
+
+    PrintDebug(L"OnEcho with msg = %S", msg);
+    if (!(msg = strchr(msg, ',')))
+    {
+        PrintDebug(L"OnEcho: msg format not recognized");
+        return;
+    }
+    msg++;
+
+    if (strcmp(msg, "forget-passwords") == 0)
+    {
+        DeleteSavedPasswords(c->config_name);
+    }
+    else if (strcmp(msg, "save-passwords") == 0)
+    {
+        c->flags |= (FLAG_SAVE_KEY_PASS | FLAG_SAVE_AUTH_PASS);
+    }
+    else
+    {
+        _sntprintf_0(errmsg, L"WARNING: Unknown ECHO directive '%S' ignored.", msg);
+        WriteStatusLog(c, L"GUI> ", errmsg, false);
+    }
+}
+
 /*
  * Handle >PASSWORD: request from OpenVPN management interface
  */
diff --git a/openvpn.h b/openvpn.h
index 53697e1..68a7992 100644
--- a/openvpn.h
+++ b/openvpn.h
@@ -37,6 +37,7 @@ void OnPassword(connection_t *, char *);
 void OnStop(connection_t *, char *);
 void OnNeedOk(connection_t *, char *);
 void OnNeedStr(connection_t *, char *);
+void OnEcho(connection_t *, char *);
 
 void DisablePasswordSave(connection_t *);