github
/
openvpn-gui
mirror of https://github.com/OpenVPN/openvpn-gui
1
0
Fork 0
Code Issues Releases Wiki Activity

Make script security setting editable by user 

- Add a connection-specific dialog with
  - options to override in the config file
    (currently only script-security)
  - check boxes for saving credentials or clearing
    saved ones.
  - stubs for "save username" and change the config
    display name are added (not enabled).

Accessible via tray->config-name->Options popup menu

The clear-saved-passwords menu item is removed as that
functionality is moved to this dialog.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
pull/271/head
Selva Nair 2018-06-24 20:02:24 -04:00
parent b7c6e27178
commit e9cb844a98
7 changed files with 170 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
main.c
View File

@ -559,6 +559,9 @@ LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM
if ( (LOWORD(wParam) >= IDM_CLEARPASSMENU) && (LOWORD(wParam) < IDM_CLEARPASSMENU + MAX_CONFIGS) ) { if ( (LOWORD(wParam) >= IDM_CLEARPASSMENU) && (LOWORD(wParam) < IDM_CLEARPASSMENU + MAX_CONFIGS) ) {
ResetSavePasswords(&o.conn[LOWORD(wParam) - IDM_CLEARPASSMENU]); ResetSavePasswords(&o.conn[LOWORD(wParam) - IDM_CLEARPASSMENU]);
} }
if ( (LOWORD(wParam) >= IDM_CONFIGUREMENU) && (LOWORD(wParam) < IDM_CONFIGUREMENU + MAX_CONFIGS) ) {
ConfigOptions(&o.conn[LOWORD(wParam) - IDM_CONFIGUREMENU]);
}
#ifndef DISABLE_CHANGE_PASSWORD #ifndef DISABLE_CHANGE_PASSWORD
if ( (LOWORD(wParam) >= IDM_PASSPHRASEMENU) && (LOWORD(wParam) < IDM_PASSPHRASEMENU + MAX_CONFIGS) ) { if ( (LOWORD(wParam) >= IDM_PASSPHRASEMENU) && (LOWORD(wParam) < IDM_PASSPHRASEMENU + MAX_CONFIGS) ) {
ShowChangePassphraseDialog(&o.conn[LOWORD(wParam) - IDM_PASSPHRASEMENU]); ShowChangePassphraseDialog(&o.conn[LOWORD(wParam) - IDM_PASSPHRASEMENU]);

9
openvpn-gui-res.h
View File

@ -122,6 +122,14 @@
/* Connections dialog */ /* Connections dialog */
#define ID_DLG_CONNECTIONS 290 #define ID_DLG_CONNECTIONS 290
#define ID_TXT_PATH 291
#define ID_EDT_DISPLAY_NAME 292
#define ID_CHK_AUTH_USER 293
#define ID_CHK_AUTH_PASS 294
#define ID_CHK_KEY_PASS 295
#define ID_CMB_SCRIPT_SECURITY 296
#define IDS_SCRIPT_NO_OVERRIDE 297
#define IDS_ALLOW_SCRIPT_BUILT_IN 299
/* /*
* String Table Resources * String Table Resources
@ -154,6 +162,7 @@
#define IDS_MENU_IMPORT 1023 #define IDS_MENU_IMPORT 1023
#define IDS_MENU_CLEARPASS 1024 #define IDS_MENU_CLEARPASS 1024
#define IDS_MENU_RECONNECT 1025 #define IDS_MENU_RECONNECT 1025
#define IDS_MENU_CONFIGURE 1026
/* LogViewer Dialog */ /* LogViewer Dialog */
#define IDS_ERR_START_LOG_VIEWER 1101 #define IDS_ERR_START_LOG_VIEWER 1101

121
openvpn_config.c
View File

@ -3,7 +3,7 @@
* *
* Copyright (C) 2004 Mathias Sundman <mathias@nilings.se> * Copyright (C) 2004 Mathias Sundman <mathias@nilings.se>
* 2010 Heiko Hund <heikoh@users.sf.net> * 2010 Heiko Hund <heikoh@users.sf.net>
* 2016 Selva Nair <selva.nair@gmail.com> * 2016-2018 Selva Nair <selva.nair@gmail.com>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -26,6 +26,7 @@
#endif #endif
#include <windows.h> #include <windows.h>
#include <windowsx.h>
#include "main.h" #include "main.h"
#include "openvpn-gui-res.h" #include "openvpn-gui-res.h"
@ -35,6 +36,7 @@
#include "misc.h" #include "misc.h"
#include "passphrase.h" #include "passphrase.h"
#include "openvpn_config.h" #include "openvpn_config.h"
#include "script_security.h"
typedef enum typedef enum
{ {
@ -45,6 +47,8 @@ typedef enum
extern options_t o; extern options_t o;
static const wchar_t *cfgProp = L"config";
static match_t static match_t
match(const WIN32_FIND_DATA *find, const TCHAR *ext) match(const WIN32_FIND_DATA *find, const TCHAR *ext)
{ {
@ -411,3 +415,118 @@ RecallConfigFlags(const connection_t *c)
flags = 0; flags = 0;
return flags; return flags;
} }
/*
* DialogProc for connection specific options
*/
INT_PTR CALLBACK
ConfigOptionsDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{
wchar_t fname[MAX_PATH];
connection_t *c;
int ssec_flag;
HWND h;
struct {
int id;
int flag;
} ssec_data[] = {{IDS_ALLOW_SCRIPT_BUILT_IN, SSEC_BUILT_IN},
{IDS_SCRIPT_NO_OVERRIDE, SSEC_UNDEF}};
switch (msg)
{
case WM_INITDIALOG:
c = (connection_t *) lParam;
SetProp(hwndDlg, cfgProp, (HANDLE) c);
wcs_concat2(fname, _countof(fname), c->config_dir, c->config_file, L"\\");
SetDlgItemText(hwndDlg, ID_TXT_PATH, fname);
SetDlgItemText(hwndDlg, ID_EDT_DISPLAY_NAME, c->config_name);
if (c->flags & FLAG_SAVE_AUTH_PASS)
Button_SetCheck(GetDlgItem(hwndDlg, ID_CHK_AUTH_PASS), BST_CHECKED);
if (c->flags & FLAG_SAVE_KEY_PASS)
Button_SetCheck(GetDlgItem(hwndDlg, ID_CHK_KEY_PASS), BST_CHECKED);
/* disable/hide items not yet user-editable */
SendDlgItemMessage(hwndDlg, ID_EDT_DISPLAY_NAME, EM_SETREADONLY, 1, 0);
ShowWindow(GetDlgItem(hwndDlg, ID_CHK_AUTH_USER), SW_HIDE);
h = GetDlgItem(hwndDlg, ID_CMB_SCRIPT_SECURITY);
ssec_flag = get_script_security(c);
for (size_t i = 0; i < _countof(ssec_data); i++)
{
int index = ComboBox_AddString(h, LoadLocalizedString(ssec_data[i].id));
ComboBox_SetItemData(h, index, ssec_data[i].flag);
if (ssec_flag == ssec_data[i].flag)
ComboBox_SetCurSel(h, index);
}
SetFocus(h);
break;
case WM_COMMAND:
c = (connection_t *) GetProp(hwndDlg, cfgProp);
switch (LOWORD(wParam))
{
case IDOK:
if (Button_GetCheck(GetDlgItem(hwndDlg, ID_CHK_AUTH_PASS)) == BST_CHECKED)
{
if (!(c->flags & FLAG_SAVE_AUTH_PASS))
c->flags |= FLAG_SAVE_AUTH_PASS;
}
else if (c->flags & FLAG_SAVE_AUTH_PASS)
{
c->flags &= ~FLAG_SAVE_AUTH_PASS;
DeleteSavedAuthPass(c->config_name);
}
if (Button_GetCheck(GetDlgItem(hwndDlg, ID_CHK_KEY_PASS)) == BST_CHECKED)
{
if (!(c->flags & FLAG_SAVE_KEY_PASS))
c->flags |= FLAG_SAVE_KEY_PASS;
}
else if (c->flags & FLAG_SAVE_KEY_PASS)
{
c->flags &= ~FLAG_SAVE_KEY_PASS;
DeleteSavedKeyPass(c->config_name);
}
/* toggling user name save not yet implemented */
/* save flags in registry */
PersistConfigFlags(c);
/* set script security preference, if changed */
{
int sel = ComboBox_GetCurSel(GetDlgItem(hwndDlg, ID_CMB_SCRIPT_SECURITY));
int ssec_flag = sel != CB_ERR ? ssec_data[sel].flag : ssec_default();
if (ssec_flag != get_script_security(c))
set_script_security(c, ssec_flag);
}
EndDialog(hwndDlg, LOWORD(wParam));
return TRUE;
case IDCANCEL:
EndDialog(hwndDlg, LOWORD(wParam));
return TRUE;
}
break;
case WM_CLOSE:
EndDialog(hwndDlg, LOWORD(wParam));
return TRUE;
case WM_NCDESTROY:
RemoveProp(hwndDlg, cfgProp);
break;
}
return FALSE;
}
void
ConfigOptions(connection_t *c)
{
LocalizedDialogBoxParam(ID_DLG_CONNECTIONS, ConfigOptionsDialogFunc, (LPARAM) c);
}

3
openvpn_config.h
View File

@ -34,4 +34,7 @@ void PersistConfigFlags(const connection_t *c);
/* recall config preference flags from registry */ /* recall config preference flags from registry */
DWORD RecallConfigFlags(const connection_t *c); DWORD RecallConfigFlags(const connection_t *c);
/* Open a dialog to edit connection specific options */
void ConfigOptions(connection_t *c);
#endif #endif

30
res/openvpn-gui-res-en.rc
View File

@ -195,6 +195,31 @@ BEGIN
EDITTEXT ID_EDT_DISCONNECT_TIMEOUT, 103, 138, 20, 12, ES_AUTOHSCROLL|ES_NUMBER EDITTEXT ID_EDT_DISCONNECT_TIMEOUT, 103, 138, 20, 12, ES_AUTOHSCROLL|ES_NUMBER
END END
/* Connection specific options */
ID_DLG_CONNECTIONS DIALOGEX 6, 18, 252, 218
STYLE WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU | DS_CENTER
CAPTION "Connection profile configuration"
FONT 8, "Microsoft Sans Serif"
LANGUAGE LANG_ENGLISH, SUBLANG_DEFAULT
BEGIN
GROUPBOX "Configuration File", 201, 6, 12, 235, 45
CONTROL "Path:", ID_TXT_PATH, "Static", SS_LEFTNOWORDWRAP, 17, 25, 225, 10
LTEXT "&Display Name:", 202, 17, 40, 50, 10
EDITTEXT ID_EDT_DISPLAY_NAME, 67, 38, 100, 12, ES_AUTOHSCROLL
GROUPBOX "Credentials", 203, 6, 62, 235, 45
AUTOCHECKBOX "Save &password", ID_CHK_AUTH_PASS, 17, 75, 90, 10
AUTOCHECKBOX "Save &username", ID_CHK_AUTH_USER, 115, 90, 90, 10
AUTOCHECKBOX "Save private &key password", ID_CHK_KEY_PASS, 17, 90, 110, 10
GROUPBOX "Security", 204, 6, 112, 235, 45
LTEXT "Allow &script execution", 205, 17, 125, 100, 10
COMBOBOX ID_CMB_SCRIPT_SECURITY, 17, 138, 200, 60, CBS_DROPDOWNLIST | WS_TABSTOP
PUSHBUTTON "&OK", IDOK, 132, 195, 50, 14
PUSHBUTTON "&Cancel", IDCANCEL, 192, 195, 50, 14
END
/* About Dialog */ /* About Dialog */
ID_DLG_ABOUT DIALOG 6, 18, 249, 104 ID_DLG_ABOUT DIALOG 6, 18, 249, 104
STYLE WS_POPUP | WS_CAPTION | WS_SYSMENU | DS_CENTER STYLE WS_POPUP | WS_CAPTION | WS_SYSMENU | DS_CENTER
@ -261,6 +286,7 @@ BEGIN
IDS_MENU_SERVICEONLY_STOP "Disconnect" IDS_MENU_SERVICEONLY_STOP "Disconnect"
IDS_MENU_SERVICEONLY_RESTART "Reconnect" IDS_MENU_SERVICEONLY_RESTART "Reconnect"
IDS_MENU_ASK_STOP_SERVICE "Do you want to disconnect (Stop the OpenVPN Service)?" IDS_MENU_ASK_STOP_SERVICE "Do you want to disconnect (Stop the OpenVPN Service)?"
IDS_MENU_CONFIGURE "Options"
/* Logviewer - Resources */ /* Logviewer - Resources */
IDS_ERR_START_LOG_VIEWER "Error starting log-viewer: %s" IDS_ERR_START_LOG_VIEWER "Error starting log-viewer: %s"
@ -475,4 +501,8 @@ BEGIN
IDS_NFO_CLICK_HERE_TO_START "OpenVPN GUI is already running. Right click on the tray icon to start." IDS_NFO_CLICK_HERE_TO_START "OpenVPN GUI is already running. Right click on the tray icon to start."
IDS_NFO_BYTECOUNT "Bytes in: %s out: %s" IDS_NFO_BYTECOUNT "Bytes in: %s out: %s"
/* script security related */
IDS_ALLOW_SCRIPT_BUILT_IN "Built-in commands only (recommended)"
IDS_SCRIPT_NO_OVERRIDE "Use config file setting (potentially unsafe)"
END END

14
tray.c
View File

@ -95,7 +95,7 @@ CreatePopupMenus()
AppendMenu(hMenu, MF_STRING, IDM_VIEWLOGMENU, LoadLocalizedString(IDS_MENU_VIEWLOG)); AppendMenu(hMenu, MF_STRING, IDM_VIEWLOGMENU, LoadLocalizedString(IDS_MENU_VIEWLOG));
AppendMenu(hMenu, MF_STRING, IDM_EDITMENU, LoadLocalizedString(IDS_MENU_EDITCONFIG)); AppendMenu(hMenu, MF_STRING, IDM_EDITMENU, LoadLocalizedString(IDS_MENU_EDITCONFIG));
AppendMenu(hMenu, MF_STRING, IDM_CLEARPASSMENU, LoadLocalizedString(IDS_MENU_CLEARPASS)); AppendMenu(hMenu, MF_STRING, IDM_CONFIGUREMENU, LoadLocalizedString(IDS_MENU_CONFIGURE));
#ifndef DISABLE_CHANGE_PASSWORD #ifndef DISABLE_CHANGE_PASSWORD
if (o.conn[0].flags & FLAG_ALLOW_CHANGE_PASSPHRASE) if (o.conn[0].flags & FLAG_ALLOW_CHANGE_PASSPHRASE)
@ -178,7 +178,7 @@ CreatePopupMenus()
AppendMenu(hMenuConn[i], MF_STRING, IDM_VIEWLOGMENU + i, LoadLocalizedString(IDS_MENU_VIEWLOG)); AppendMenu(hMenuConn[i], MF_STRING, IDM_VIEWLOGMENU + i, LoadLocalizedString(IDS_MENU_VIEWLOG));
AppendMenu(hMenuConn[i], MF_STRING, IDM_EDITMENU + i, LoadLocalizedString(IDS_MENU_EDITCONFIG)); AppendMenu(hMenuConn[i], MF_STRING, IDM_EDITMENU + i, LoadLocalizedString(IDS_MENU_EDITCONFIG));
AppendMenu(hMenuConn[i], MF_STRING, IDM_CLEARPASSMENU + i, LoadLocalizedString(IDS_MENU_CLEARPASS)); AppendMenu(hMenuConn[i], MF_STRING, IDM_CONFIGUREMENU + i, LoadLocalizedString(IDS_MENU_CONFIGURE));
#ifndef DISABLE_CHANGE_PASSWORD #ifndef DISABLE_CHANGE_PASSWORD
if (o.conn[i].flags & FLAG_ALLOW_CHANGE_PASSPHRASE) if (o.conn[i].flags & FLAG_ALLOW_CHANGE_PASSPHRASE)
@ -441,10 +441,7 @@ SetMenuStatusById(int i, conn_state_t state)
EnableMenuItem(hMenu, IDM_RECONNECTMENU, MF_GRAYED); EnableMenuItem(hMenu, IDM_RECONNECTMENU, MF_GRAYED);
EnableMenuItem(hMenu, IDM_STATUSMENU, MF_ENABLED); EnableMenuItem(hMenu, IDM_STATUSMENU, MF_ENABLED);
} }
if (c->flags & (FLAG_SAVE_AUTH_PASS | FLAG_SAVE_KEY_PASS)) EnableMenuItem(hMenu, IDM_CONFIGUREMENU, MF_ENABLED);
EnableMenuItem(hMenu, IDM_CLEARPASSMENU, MF_ENABLED);
else
EnableMenuItem(hMenu, IDM_CLEARPASSMENU, MF_GRAYED);
} }
else else
{ {
@ -490,10 +487,7 @@ SetMenuStatusById(int i, conn_state_t state)
EnableMenuItem(hMenuConn[i], IDM_RECONNECTMENU + i, MF_GRAYED); EnableMenuItem(hMenuConn[i], IDM_RECONNECTMENU + i, MF_GRAYED);
EnableMenuItem(hMenuConn[i], IDM_STATUSMENU + i, MF_ENABLED); EnableMenuItem(hMenuConn[i], IDM_STATUSMENU + i, MF_ENABLED);
} }
if (c->flags & (FLAG_SAVE_AUTH_PASS | FLAG_SAVE_KEY_PASS)) EnableMenuItem(hMenuConn[i], IDM_CONFIGUREMENU + i, MF_ENABLED);
EnableMenuItem(hMenuConn[i], IDM_CLEARPASSMENU + i, MF_ENABLED);
else
EnableMenuItem(hMenuConn[i], IDM_CLEARPASSMENU + i, MF_GRAYED);
} }
} }

1
tray.h
View File

@ -41,6 +41,7 @@
#define IDM_PASSPHRASEMENU (MAX_CONFIGS + IDM_EDITMENU) #define IDM_PASSPHRASEMENU (MAX_CONFIGS + IDM_EDITMENU)
#define IDM_CLEARPASSMENU (MAX_CONFIGS + IDM_PASSPHRASEMENU) #define IDM_CLEARPASSMENU (MAX_CONFIGS + IDM_PASSPHRASEMENU)
#define IDM_RECONNECTMENU (MAX_CONFIGS + IDM_CLEARPASSMENU) #define IDM_RECONNECTMENU (MAX_CONFIGS + IDM_CLEARPASSMENU)
#define IDM_CONFIGUREMENU (MAX_CONFIGS + IDM_RECONNECTMENU)
void CreatePopupMenus(); void CreatePopupMenus();
void OnNotifyTray(LPARAM); void OnNotifyTray(LPARAM);