Replace old wcstok signature with security-enhanced
version, which stores position information between calls in
"context" parameter instead of internal per-thread context.
This allows to get rid of _CRT_NON_CONFORMING_WCSTOK
define in CMakeLists.txt
Reported-by: Kai Schtrom
Signed-off-by: Lev Stipakov <lev@openvpn.net>
The user is prompted with a message showing the config
name that will be imported. The user can accept or cancel
the operation.
If the user was already prompted for over-write permission
because a config with the same name exists, no further dialog
is shown.
Import using the menu (Import File...) is not affected.
Rationale:
We want to set "Import" as the default verb for the context
menu of .ovpn files. This will allow import of configs by
double-click. Also when .ovpn file is downloaded using a browser,
setting the default bowser action to "open" will result in an import.
In such cases a silent import action could be surprising, and a
prompt showing what is being imported could provide a better UX.
On the flip-side, the prompt/dialog will also be shown when import
is done from the context menu of .ovpn by "right click and
choose import" or when "openvpn-gui.exe --import foo"
or "openvpn-gui.exe --command import foo" is executed. As import
is an action that does not result in an immediately visible result
(unlike, say, edit or print), a prompt requiring user action is of
some value even in these cases. At worst it's a minor annoyance.
See also: https://github.com/OpenVPN/openvpn-build/pull/227
and discussions there-in
Signed-off-by: Selva Nair <selva.nair@gmail.com>
If the http header "Content-Disposition:" is present take the
filename specified in there as the name of the imported profile,
falling back to scanning the file contents for metadata.
If both filename= and filename*= attributes are present, the
latter takes precedence provided the character set is utf-8.
(Extended attributes as defined in RFC 5987).
In case of import from AS, the behaviour is unchanaged.
Issue: #450.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
%S --> %hs in wide format strings, %ls otherwise
%s --> %ls in wide format strings, unchanged otherwise
%c --> %lc in wide format strings
Resource files together have about 970 lines affected and
were edited by looping through all with
sed -i 's/%S/%hs/g' $file
sed -i 's/%s/%ls/g' $file
All other files were manually changed (about 85 lines).
Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO
if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei).
This breaks non-standard spec such as %S. Anyway, we have been
gradually getting rid of those.
MSVC builds should not be affected.
v2: multiple occurrences in same line was missed in v1 (/g missing in
sed expression). Fixed.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- HTTP auth password appears to be cached and reused
unless replaced by a non-empty string. When user-supplied
password is empty, use some arbitrary string "x" as the
password.
- Make username required for generic URL as well.
- Also clear password buffers after use.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Download profile from AS or URL use blocking network calls
in the main thread. Set reasonable timeouts for connect
and receive.
TODO: This is not perfect as the download can still stall
in erratic links, and we have no way to abort. Ideally
we should either use Async calls and/or threads.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
For Import from URL, require that response
from server must have
content-type: application/x-openvpn-profile
This reduces chances of mistyped input causing
import of random html pages as connection profile.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
ParseUrl extended to parse generic URLs and parse
the path. DownloadProfile() function re-factored
for reuse with generic URL.
Also:
- INTERNET_FLAG_RELOAD added to the request
call to force reloading the data from server instead
of using possibly cached data.
- Input box for URL extended in length to about
50 characters wide.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Allow users to bypass HTTPS is not good, but may nevertheless be useful during development.
DEBUG macro is widely used in openvpn-gui code but was missing from CMakeLists.txt, so add it there.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
When 2FA is enabled, server (such as AS)
replies with HTTP 401 and issues a challenge.
Use existing facilities to parse CRV message
and prompt user for a response, then call REST
method again with encoded response as HTTP auth password.
See https://github.com/OpenVPN/openvpn3/blob/master/doc/webauth.md#challengeresponse-authentication
for more information.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Use WinInet to download profile into memory buffer.
If there are certain certificate errors (invalid CN,
wrong date, unknown CA, revocation check failed),
ask if user wants to continue.
Extract profile name from content, sanitize name and
save profile in temp directory. Then import profile
using existing facilities.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This is the first patch from series which implemets
importing profile from URL, currently implemented
by OpenVPN Access Server.
Move "Import from file" menu item under new "Import"
item. Add "Import from AS..." item under "Import", which
opens new profile import dialog.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Lev Stipakov