remove limit for user/pass length, closes #3498438

Generation of the "username" and "password" management commands now
happens centrally in the helper function ManagementCommandFromInput()
in misc.c
pull/1/head
Heiko Hund 13 years ago
parent f420d7dcbb
commit d8737bfba2

@ -79,6 +79,7 @@ openvpn_gui_SOURCES = \
registry.c registry.h \ registry.c registry.h \
scripts.c scripts.h \ scripts.c scripts.h \
manage.c manage.h \ manage.c manage.h \
misc.c misc.h \
openvpn_config.c \ openvpn_config.c \
openvpn_config.h \ openvpn_config.h \
chartable.h \ chartable.h \

@ -28,8 +28,9 @@
#include <malloc.h> #include <malloc.h>
#include "options.h" #include "options.h"
#include "main.h"
#include "manage.h" #include "manage.h"
#include "main.h"
#include "misc.h"
extern options_t o; extern options_t o;
@ -155,6 +156,9 @@ UnqueueCommand(connection_t *c)
if (!cmd) if (!cmd)
return FALSE; return FALSE;
/* Wipe command as it may contain passwords */
memset(cmd->command, 'x', cmd->size);
if (cmd->type == combined) if (cmd->type == combined)
{ {
cmd->type = regular; cmd->type = regular;

104
misc.c

@ -0,0 +1,104 @@
/*
* OpenVPN-GUI -- A Windows GUI for OpenVPN.
*
* Copyright (C) 2012 Heiko Hund <heikoh@users.sf.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <windows.h>
#include <stdlib.h>
#include <malloc.h>
#include "options.h"
#include "manage.h"
#include "misc.h"
/*
* Helper function to convert UCS-2 text from a dialog item to UTF-8.
* Caller must free *str if *len != 0.
*/
static BOOL
GetDlgItemTextUtf8(HWND hDlg, int id, LPSTR *str, int *len)
{
int ucs2_len, utf8_len;
BOOL retval = FALSE;
LPTSTR ucs2_str = NULL;
LPSTR utf8_str = NULL;
*str = "";
*len = 0;
ucs2_len = GetWindowTextLength(GetDlgItem(hDlg, id)) + 1;
if (ucs2_len == 0)
goto out;
ucs2_str = malloc(ucs2_len * sizeof(*ucs2_str));
if (ucs2_str == NULL)
goto out;
if (GetDlgItemText(hDlg, id, ucs2_str, ucs2_len) == 0)
goto out;
utf8_len = WideCharToMultiByte(CP_UTF8, 0, ucs2_str, -1, NULL, 0, NULL, NULL);
utf8_str = malloc(utf8_len);
if (utf8_str == NULL)
goto out;
WideCharToMultiByte(CP_UTF8, 0, ucs2_str, -1, utf8_str, utf8_len, NULL, NULL);
*str = utf8_str;
*len = utf8_len - 1;
retval = TRUE;
out:
free(ucs2_str);
return retval;
}
/*
* Generate a management command from user input and send it
*/
BOOL
ManagementCommandFromInput(connection_t *c, LPSTR fmt, HWND hDlg, int id)
{
BOOL retval = FALSE;
LPSTR input, cmd;
int input_len, cmd_len;
GetDlgItemTextUtf8(hDlg, id, &input, &input_len);
cmd_len = input_len + strlen(fmt);
cmd = malloc(cmd_len);
if (cmd)
{
snprintf(cmd, cmd_len, fmt, input);
retval = ManagementCommand(c, cmd, NULL, regular);
free(cmd);
}
/* Clear buffers with potentially secret content */
memset(input, 'x', input_len - 1);
SetDlgItemTextA(hDlg, id, input);
free(input);
return retval;
}

@ -0,0 +1,27 @@
/*
* OpenVPN-GUI -- A Windows GUI for OpenVPN.
*
* Copyright (C) 2012 Heiko Hund <heikoh@users.sf.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef MISC_H
#define MISC_H
BOOL ManagementCommandFromInput(connection_t *, LPSTR, HWND, int);
#endif

@ -42,6 +42,7 @@
#include "proxy.h" #include "proxy.h"
#include "passphrase.h" #include "passphrase.h"
#include "localization.h" #include "localization.h"
#include "misc.h"
#define WM_OVPN_STOP (WM_APP + 10) #define WM_OVPN_STOP (WM_APP + 10)
#define WM_OVPN_SUSPEND (WM_APP + 11) #define WM_OVPN_SUSPEND (WM_APP + 11)
@ -204,10 +205,6 @@ static INT_PTR CALLBACK
UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{ {
connection_t *c; connection_t *c;
TCHAR buf[50];
char cmd[70] = "username \"Auth\" \"";
UINT username_len;
int length;
switch (msg) switch (msg)
{ {
@ -222,25 +219,8 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
switch (LOWORD(wParam)) switch (LOWORD(wParam))
{ {
case IDOK: case IDOK:
username_len = GetDlgItemText(hwndDlg, ID_EDT_AUTH_USER, buf, _countof(buf)); ManagementCommandFromInput(c, "username \"Auth\" \"%s\"", hwndDlg, ID_EDT_AUTH_USER);
if (username_len == 0) ManagementCommandFromInput(c, "password \"Auth\" \"%s\"", hwndDlg, ID_EDT_AUTH_PASS);
return TRUE;
length = WideCharToMultiByte(CP_UTF8, 0, buf, -1, cmd + 17, sizeof(cmd) - 17, NULL, NULL);
memcpy(cmd + length + 16, "\"\0", 2);
ManagementCommand(c, cmd, NULL, regular);
memcpy(cmd, "password", 8);
GetDlgItemText(hwndDlg, ID_EDT_AUTH_PASS, buf, _countof(buf));
length = WideCharToMultiByte(CP_UTF8, 0, buf, -1, cmd + 17, sizeof(cmd) - 17, NULL, NULL);
memcpy(cmd + length + 16, "\"\0", 2);
ManagementCommand(c, cmd, NULL, regular);
/* Clear buffers */
memset(buf, 'x', sizeof(buf));
buf[_countof(buf) - 1] = _T('\0');
SetDlgItemText(hwndDlg, ID_EDT_AUTH_USER, buf);
SetDlgItemText(hwndDlg, ID_EDT_AUTH_PASS, buf);
EndDialog(hwndDlg, LOWORD(wParam)); EndDialog(hwndDlg, LOWORD(wParam));
return TRUE; return TRUE;
@ -271,9 +251,6 @@ static INT_PTR CALLBACK
PrivKeyPassDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) PrivKeyPassDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{ {
connection_t *c; connection_t *c;
TCHAR buf[50];
char cmd[80] = "password \"Private Key\" \"";
UINT length;
switch (msg) switch (msg)
{ {
@ -287,16 +264,7 @@ PrivKeyPassDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
switch (LOWORD(wParam)) switch (LOWORD(wParam))
{ {
case IDOK: case IDOK:
GetDlgItemText(hwndDlg, ID_EDT_PASSPHRASE, buf, _countof(buf)); ManagementCommandFromInput(c, "password \"Private Key\" \"%s\"", hwndDlg, ID_EDT_PASSPHRASE);
length = WideCharToMultiByte(CP_UTF8, 0, buf, -1, cmd + 24, sizeof(cmd) - 24, NULL, NULL);
memcpy(cmd + length + 23, "\"\0", 2);
ManagementCommand(c, cmd, NULL, regular);
/* Clear buffer */
memset(buf, 'x', sizeof(buf));
buf[_countof(buf) - 1] = _T('\0');
SetDlgItemText(hwndDlg, ID_EDT_PASSPHRASE, buf);
EndDialog(hwndDlg, LOWORD(wParam)); EndDialog(hwndDlg, LOWORD(wParam));
return TRUE; return TRUE;

@ -39,6 +39,7 @@
#include "localization.h" #include "localization.h"
#include "manage.h" #include "manage.h"
#include "openvpn.h" #include "openvpn.h"
#include "misc.h"
extern options_t o; extern options_t o;
@ -327,10 +328,6 @@ INT_PTR CALLBACK
ProxyAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) ProxyAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{ {
connection_t *c; connection_t *c;
TCHAR buf[50];
char cmd[70] = "username \"HTTP Proxy\" \"";
UINT username_len;
int length;
switch (msg) switch (msg)
{ {
@ -345,25 +342,8 @@ ProxyAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{ {
case IDOK: case IDOK:
c = (connection_t *) GetProp(hwndDlg, cfgProp); c = (connection_t *) GetProp(hwndDlg, cfgProp);
username_len = GetDlgItemText(hwndDlg, ID_EDT_PROXY_USER, buf, _countof(buf)); ManagementCommandFromInput(c, "username \"HTTP Proxy\" \"%s\"", hwndDlg, ID_EDT_PROXY_USER);
if (username_len == 0) ManagementCommandFromInput(c, "password \"HTTP Proxy\" \"%s\"", hwndDlg, ID_EDT_PROXY_PASS);
return TRUE;
length = WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, buf, -1, cmd + 23, sizeof(cmd) - 23, "_", NULL);
memcpy(cmd + length + 22, "\"\0", 2);
ManagementCommand(c, cmd, NULL, regular);
memcpy(cmd, "password", 8);
GetDlgItemText(hwndDlg, ID_EDT_PROXY_PASS, buf, _countof(buf));
length = WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, buf, -1, cmd + 23, sizeof(cmd) - 23, "_", NULL);
memcpy(cmd + length + 22, "\"\0", 2);
ManagementCommand(c, cmd, NULL, regular);
/* Clear buffers */
memset(buf, 'x', sizeof(buf));
buf[_countof(buf) - 1] = _T('\0');
SetDlgItemText(hwndDlg, ID_EDT_PROXY_USER, buf);
SetDlgItemText(hwndDlg, ID_EDT_PROXY_PASS, buf);
EndDialog(hwndDlg, LOWORD(wParam)); EndDialog(hwndDlg, LOWORD(wParam));
return TRUE; return TRUE;
} }

Loading…
Cancel
Save