When LogonUI unloads and reloads the PLAP dll, or when the provider
is released and re-created, memory allocated for config list and
groups leak.
- Fix by freeing config list and groups in DeleteUI
We do not call this before exiting WinMain in the GUI code,
as its hard to do it safely -- have to ensure all status
threads have terminated. Anyway, freeing is only cosmetic in this case.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- assert while on login screen is hard to get out of.
Only one of these occurrences is relevant for PLAP, but not using assert
at all looks a safer option.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Currently we use an array of connection pointers which needs
to be reallocated when space runs out. But, that happens from
the main thread while the status thread may be referring to those
pointers. Its very hard to fence against possible invalid memory
access. Instead, use a list so that connection pointer never
changes once created.
The connection list is no longer recreated from scratch even when
no connections are active. This means configs added while GUI is
running will always appear at the bottom of the root group listing
until the GUI is restarted.
TODO: This behaviour could be improved by scanning through the groups to
graft new configs at the right branch in the config-group tree.
v2: removed unused references to SetMenuStatusById()
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Since we started finding a free port dynamically, management_port_offset
is used only for making an initial hint. The limit applied to num_configs
base don this does not make sense any longer.
Also the current code does not work as expected as we allow changing of
management_port_offset from the settings menu.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Since version 11.30, we scan config-auto folder and show them
in the menu of available connection profiles. To reduce user-confusion,
always group these configs under a submenu ("Persistent Connections")
even when nested config menu view is not in use.
ActivateConfigGroups() is now always called as Persistent and
System profile groups can now go from empty to non-empty
on rescan.
When nested config menu view is enabled, "persistent", "system"
and "user" configs are always shown in separate groups.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Create the parent groups for persistent and system profiles
in advance so that these always appear at the top when nested
config menu view is active.
Also, while rescanning with active connections present, newly
found configs in global config and auto-config folders are added
to their own parent groups instead of to the root groups.
No user-visible changes unless nested config menu view is enabled.
In that case, "Persistent Connections" followed by "System Profiles"
will always appear first in the connections list.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
(i)
State is changed to detached before auto-starting
so that OnHold() will see state = resuming and keep the hold.
State is set to disconnected instead of detached on detach
so that manual starts will release the hold automatically.
End result: While connecting automatically, do not release if
management-hold is on. But while started manually, release
from hold so that connection can complete without further
user action.
In normal use of automatic service, one would not add management
hold into the config. However, if the user disconnects the connection
the GUI puts it on hold, and we do not want to auto-start it after a
lock-unlock or some other automatic action.
(ii)
Also, currently, for persistent connections, the status
window is not shown automatically which feels unnatural in
real use. Instead, popup the status window when connection
is manually initiated. Its not popped up when automatically
attached to or if silent_connection is on.
Only persistent connections are affected by the change.
fixup: config file list is not recreated from scratch when
enable_persistent == 2 (auto attach mode) to avoid losing info
such as auto_connect = false on detached connections.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Three options are provided to control scanning of persistent
(pre-satrted) connections in config-auto folder, and how they
are attached to.
Auto: Scan and list persistent connections and attach to their
management i/f automatically at startup, and periodically
retry on failure to attach.
Manual: Scan and list as above, but do not attach automatically.
User can attach to such connections by manually clicking
connect.
Never: Do not scan config-auto folder.
Default is "Auto"
Change of this setting in the settings menu will take full effect
only if none of the connections are in connecting/connected/detached
state so that the connection list can be updated. Otherwise
restart the GUI.
TODO: Copying the settings dialog changes to all languages
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Parse the config-auto folder used by automatic service
and mark these profiles as persistent.
- These connections are marked as auto_connect to try
attaching to them at start up with periodic retry in
case the daemon or service are restarted.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
%S --> %hs in wide format strings, %ls otherwise
%s --> %ls in wide format strings, unchanged otherwise
%c --> %lc in wide format strings
Resource files together have about 970 lines affected and
were edited by looping through all with
sed -i 's/%S/%hs/g' $file
sed -i 's/%s/%ls/g' $file
All other files were manually changed (about 85 lines).
Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO
if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei).
This breaks non-standard spec such as %S. Anyway, we have been
gradually getting rid of those.
MSVC builds should not be affected.
v2: multiple occurrences in same line was missed in v1 (/g missing in
sed expression). Fixed.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
We currently use WM_COMMAND message which is delivered with the
ID of the menu item requiring a unique ID for every command
(connect, disconnect etc..) for each connection profile. Instead,
use WM_MENUCOMMAND so that the message delivers a handle to the
menu and the position index of the menu item.
Connection menu array is now dynamically allocated. Yet, there
is still a limitation on the number of configs as the config
index + mgmt_port_offset must be < 65536 to be usable as a port
number. The error message shown for "too many configs" is reworded.
(English language file only).
Note: The current way of selecting the management port based on the
index of the config file increases chances of port conflicts
when the number of configs is large. It could be useful to change
this logic but that is beyond the cope of this PR.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Extend the string comparison of the two paths to include comparing their
file information structure. (See Remarks under the MSDN docs for
GetFileInformationByHandle)
If the strings are identical we treat them as identical without checking
further whether the paths are valid. This matches the current
behaviour. Otherwise, the two paths are treated as identical if both
exist, are accessible and point to the same object in the file system.
Trac: #1359, #1376
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Add an option in the advanced settings menu for
the management port offset. Allows any value in the
range 1 to 61000 which with upto ~4000 added as connection
id keeps it in range.
Default is the currently hard coded value of 25340.
As Windows has no concept of privileged ports and the ephemeral
range used varies from version to version, no attempt is made to
avoid conflicts with ports in use.
- Add an option to choose the config menu view from the
advanced settings with three options:
Auto: Automatically switch to the nested view when
number of configs exceed a limit (currently 25)
Flat: Force the flat view irrespective of the number of
configs
Nested: Force the nested view irrespective of the number
of configs
Issues: 370 and 387
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Suppress messages with exactly same content as previously
displayed within popup_mute_interval (24h by default). This parameter
may be set on command line as "--popup_mute_interval n" where n is
in hours.
- Command line option '--disable_popup_messages' disables all echo
message popups (window and notification).
This patch only handles suppression of repeated messages during
reconnections.
TODO: Persist message history in the registry and use it to mute
repeated messages after disconnects and across restarts of the GUI.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Some users want to use more deeply nested folders than currently
supported. Increase the max depth to 20 which should be plenty for
all.
See also issue: # 364
Signed-off-by: Selva Nair <selva.nair@gmail.com>
As config group is reallocated when full, do not store the pointer to the
parent group. Instead use the id of the group which is invariant across
reallocs. Similarly in connection array store the id of the group
instead of a pointer.
Also
- Do not call ActivateConfigGroups() -- when connections are active:
in this case we want preserve config data structures during rescan.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
fixup
The number of configs is now unlimited. But there is a limit
of 2^16 menu items which permits only about 2^12 configs to be
displayed in the menu. A warning is shown if the number of
configs exceeds this value.
For a responsive menu keep the number of configs under ~1000.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Single configs all by itself in a directory are shown as a
member of the parent directory. This allows keeping every
config in its own directory without causing an additional
level of nesting. Eg., import always put each config in
its own directory.
Improves the menu navigation.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Group all configs in a subdirectory with directory name
as the label.
- If any connection is active, newly found configs are
added to the root group to keep the logic simple.
- Directory hierarchy is scanned up to a depth of 4: i.e.,
config_dir and global_config_dir and its subdirectories
up to 3 levels down.
Only support for scanning configs and attaching group labels
is added here. Rendering the nested menu is the subject of
a later commit.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Treat '--connect foo.ovpn' and '--connect foo' as the same. This matches
with the behaviour of '--command connect foo'.
Note: the argument is first compared against config file names and then
against config names.
Based on comment by larson0815 here:
https://github.com/selvanair/openvpn-gui/issues/5
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- A new registry HKLM\Software\OpenVPN\disable_save_passwords
(32 bit DWORD value) may be set to a non-zero value to
disable password saving by users. Applies to both auth and
private key passwords. Usernames are always saved.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Warnings dsabled if silent_connection is true
- interactive service is not installed or not running
- duplicate configs found and ignored
v2: Update description of --silent_connection in README
and English resource file (translations not updated).
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Add a base64 decode function using Windows CyptoAPI
- Move multibyte to widechar conversions to a function
- Add config name to caption of password dialogs to help user
identify the request
- Add new dialog template for generic password/PIN requests
and use it to handle dynamic challenge
Note 1: if dynamic challenge response verification fails, an auth-failed
message is returned by the server causing the GUI to clear any saved
password even if the user-auth dialog itself succeeeded.
Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language
files may require translation.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Option ediitng dialogs are in two tabs: General and Advanced.
Proxy related options are left in the proxy tab. Options
config_dir, config_ext, log_dir, script timeouts and
service-only flag are in the Advanced tab. All other more commonly
used flags and options are in the General tab.
- As options are editable, save values in registry only when they differ
from the default values. This leaves the registry clean and makes changing
options and their defaults during updates easier.
- Entries for config_dir and log_dir must be absolute paths.
Environemental variables such as %PROFILEDIR% may be used
to construct these.
- Empty config_dir, config_ext and log_dir entries are silently
ignored (i.e., the current values are left unchanged).
- Store all numeric and boolean parameters in registry as DWORD instead of
strings.
- On startup, the default parameters are loaded, then the registry is read
and finally command-line parameters parsedi.
- Out of range script timeout values in registry truncated with a
warning instead of fatal error. This allows the user to access the
settings dialog and make corrections.
- Save proxy and language settings under the same
HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings.
- Save the current version of the GUI in regsitry so that updates
can be detected and any needed registry cleanup done.
- If no version info is present in the registry any values in OpenVPN-GUI
key in HKCU are deleted for a clean start as this is the first version
to save registry values in HKCU. Language and proxy data if present
under Nilings is migrated.
Note: new controls in the General tab and newly added Advanced tab dialog
are copied to all language files from the English version. These need to
be translated.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Replace allow_password by a runtime check that enables password
change menu only when the user has write-access to the key file.
- Read exe_path and priority from HKLM and do not duplicate in HKCU.
- Always allow the user to view the config: edit will succeed if user
has write access.
- Always include the proxy settings tab which is the default.
- Remove the unused power event handling and disconnect_on_suspend key.
- Remove password_attempts -- user can stop the password dilaog
by clicking cancel.
- Remove allow_service: implicitly enabled if service_only is used.
- Deprecate removed options in cmd-line parser
- Update README.rst
- Close config file before exit in GetKeyFileName
- Close thread and dialog handles in passphrase.c
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Username and, optionally, password as well as the private
key passphrase are saved in config-specific registry keys
- All saved data are kept encrypted using DPAPI
- The passphrase dialog is skipped if a valid saved private
key password is available. However, the user-auth dialog
is always presented, prefilled with the saved username
and password.
Note: A text string "Save password" is added to three dialogs
in all language resource files. Additional text with ids
IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the
STRINGTABLE only in the English language resource file.
All these need translations.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Set default config directory (config_dir) to %UserProfile%\OpenVPN\config
(saved and read back from HKCU\Software\OpenVPN-GUI\config_dir)
- Add a global_config_dir variable read from HKLM\Software\OpenVPN\config_dir
or set to OpenVPN-install-path\config
- Scan both directories and their sub directories for connection profiles.
In case of name conflicts config_dir gets priority over global_config_dir
- Eliminate multiple warnings of duplicate configs
Fixed on review (Thanks to leobasilio@gmail.com)
- Fix wrongly used o.config_dir in 2 locations
- Unrelated: Added missing CheckIServiceStatus to service.h
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Handle early errors (openvpn exits before management connection is up)
with a helpful error message that points the user to view log.
- Include only readable config files in the connection list
- Warn if no connection profiles found
TODO: handle startup errors from interactive service
[openvpn_config.c:194]: (style) The function 'ConfigFileOptionExist' is never used.
[localization.c:299]: (style) The function 'LocalizedDialogBox' is never used.
[main.c:549]: (style) The function 'PrintErrorDebug' is never used.
[main.c:583]: (style) The function 'init_security_attributes_allow_all' is never used.
[misc.c:180]: (style) The function 'wcseq' is never used.
Frank Lichtenheld