- Remove useless caching. Currently the build doesn't
need any dependencies.
- Remove useless sub-directory
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Int32x32To64 macro internally truncates the arguments to int32,
while time_t is 64-bit on most/all modern platforms.
Therefore, usage of this macro creates a Year 2038 bug.
* Position tooltip below the taskbar when it is at the top of the screen
Fixes github issue #710
Signed-off-by: Selva Nair <selva.nair@gmail.com>
* Update CHANGES.rst
Signed-off-by: Selva Nair <selva.nair@gmail.com>
---------
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Add a checkbox to the general settings menu
to always prompt for OTP when prompting for password
even if no static-challenge request is received from
the management interface.
The response is appeneded to the password using the
concatenation format and submitted to the management interface.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Parse the flag in SC:<flag>,TEXT directive for static-challenge,
and enable the option to concatenate password and response
if indicated in flag.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Static challenge response and password are optionally
concatenated and submitted instead of using the SCRV1
protocol. The code is activated in the next commit.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
If an attacker with SeImeprsonatePrivilege manages to create a
namedpipe server with a name matching that used by the "Interactive
Service", the GUI connecting to it could allow the attacker to
impersonate the GUI user.
Fix by validating the service pipe by comparing the pid of the pipe
server with that of the "Interactive Service".
Note: GetNamedPipeServerProcessId() returns the pid of the process
that created the first instance of the pipe. So, this patch only
guards against a rogue pipe instance created before the service
has started. This has to work in combination with a patch for the
service that disallows creation of additional pipe instances when
the service is running.
CVE: CVE-2024-4877
Reported by: Zeze with TeamT5 <zeze7w@gmail.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Use Shell_NotifyGetRect to find the icon location and place the
tip window a fixed distance above/below it.
It appears GUID_NULL used for above is not pulled in by shellapi.h.
Define locally when absent.
Also add TTF_RTLREADING for RTL languages. How to right justify
as well in this case is unclear.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Built-in tray notification icon has a tip text length limit of 128
characters which is often limited for showing the connected profile name,
connected since time and IP addresses. If the profile name is long the IP
numbers could get truncated.
Fix by using a custom tooltip window and display it when mouse hovers over
the icon. As the status bar need not be at the bottom of the screen (could be
at right, left or top as well), the location of the window is chosen based
on the mouse co-ordinates that trigger the hover event.
In case of errors while setting up the tooltip window, fall back to the current
behaviour.
If the message is too long to include time and IP, truncate the profile name
part of the message.
v2: Do not use wParam in NIN_POPUOPEN message as it does not seem to work
on Windows 11. Instead use GetCursorPos() for mouse location.
Fixes issue #666
Signed-off-by: Selva Nair <selva.nair@gmail.com>
The tray icon and its tip text get updated to the connecting state when starting
a new status window thread. This is not enough for persistent connections as these
can be restarted from the hold state which does not go through a new thread creation.
To see the bug, disconnect and reconnect a persistent connection and have it wait in the
connecting state. The tray icon colour does not change to yellow and the tray tip message
does not show the "Connecting to:" text.
Fix by ensuring that CheckAndSetTrayIcon() or SetTrayIcon() gets called whenever a state
change message is received.
Fixes issue #668
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Add ASAN build configuration, based on debug with ASAN
enabled. This might help finding crashes like in
https://github.com/OpenVPN/openvpn-gui/issues/548
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Since we use Visual Studio as generator, CMAKE_BUILD_TYPE doesn't make
sense, since configuration (release/debug) is specified on build step,
not configure step.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
There is no point in localizing "OpenVPN GUI"
tray icon tooltip. Remove it from resources and
replace with PACKAGE_NAME define.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Switches to vcpkg-caching instead of directory caching.
While here, don't explicitely export VCPKG_ROOT.
run-vcpkg already takes care of that.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
OpenVPN Renovate