In this case, as per management-notes.txt, a CRV1 response with
an empty password should be submitted. Currently we ignore
such "challenges" causing the regular user-auth dialog to be shown
instead.
Fix by displaying the message received from the server. Depending
on user action (OK or CANCEL), a properly formatted reponse with an
empty password is returned or the connection is aborted.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
In private key passphrase and dynamic-challenge/pkcs11 PIN
dialogs:
- Disable the OK button by default
- Require non-empty user input before the OK button is enabled
Signed-off-by: Selva Nair <selva.nair@gmail.com>
We had earlier supported blank passwords or OTPs to be submitted. Change
this by enabling the OK button only if some minimal inputs are present.
- In static challenge dialog require username and either password or
challenge-reponse (OTP) fields to be non-empty
- In normal user-auth dialog require username and password to be non-empty
Signed-off-by: Selva Nair <selva.nair@gmail.com>
We currently use WM_COMMAND message which is delivered with the
ID of the menu item requiring a unique ID for every command
(connect, disconnect etc..) for each connection profile. Instead,
use WM_MENUCOMMAND so that the message delivers a handle to the
menu and the position index of the menu item.
Connection menu array is now dynamically allocated. Yet, there
is still a limitation on the number of configs as the config
index + mgmt_port_offset must be < 65536 to be usable as a port
number. The error message shown for "too many configs" is reworded.
(English language file only).
Note: The current way of selecting the management port based on the
index of the config file increases chances of port conflicts
when the number of configs is large. It could be useful to change
this logic but that is beyond the cope of this PR.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Describe recently added command line options:
- iservice_admin
- disable_popup_messages
- popup_mute_interval
- management_port_offset
Added the default English text to all langauage files.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Extend the string comparison of the two paths to include comparing their
file information structure. (See Remarks under the MSDN docs for
GetFileInformationByHandle)
If the strings are identical we treat them as identical without checking
further whether the paths are valid. This matches the current
behaviour. Otherwise, the two paths are treated as identical if both
exist, are accessible and point to the same object in the file system.
Trac: #1359, #1376
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Add an option in the advanced settings menu for
the management port offset. Allows any value in the
range 1 to 61000 which with upto ~4000 added as connection
id keeps it in range.
Default is the currently hard coded value of 25340.
As Windows has no concept of privileged ports and the ephemeral
range used varies from version to version, no attempt is made to
avoid conflicts with ports in use.
- Add an option to choose the config menu view from the
advanced settings with three options:
Auto: Automatically switch to the nested view when
number of configs exceed a limit (currently 25)
Flat: Force the flat view irrespective of the number of
configs
Nested: Force the nested view irrespective of the number
of configs
Issues: 370 and 387
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Change the way echo-msg window is update (thread safety).
When new echo-msg content is available for display, update the window
from the thread owning it by sending a message to it.
A blocking SendMessage (with a timeout) is used, as the window
needs access to the config's echo-msg buffer which is cleared
on return from this this call.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This adds context to the message in the form:
"From: config-name date/time text" displayed as right-aligned
and in italics.
Also remove the show argument to AddMessageBoxText() and move ShowWindow()
to the caller.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Left clickng on http or https url will open it on the default browser
Several other URL schemes are detected and formatted as clickable
links, but we only support opening of http/https links.
Note on spaces in URLs: We unescape all %xx occurrences in the echo
message text so that %20 will be converted to space in plain text.
This means embedded spaces in URLs will not work even if written
as %20. An option is to use %2520 which will get conveted to %20
after the unescaping.
A better option is to enclose the URL in <>. If the
text inside <> starts with a valid scheme (http, https etc.),
the entire text including spaces is parsed as the URL.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Echo msg history saved to registry on disconnect and loaded on
reconnect.
- Muting of repeated messages now work across GUI restarts.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Suppress messages with exactly same content as previously
displayed within popup_mute_interval (24h by default). This parameter
may be set on command line as "--popup_mute_interval n" where n is
in hours.
- Command line option '--disable_popup_messages' disables all echo
message popups (window and notification).
This patch only handles suppression of repeated messages during
reconnections.
TODO: Persist message history in the registry and use it to mute
repeated messages after disconnects and across restarts of the GUI.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Add a message box that support appending messages with
a title formatted at a larger font and a text
displayed in the default font.
- A global instance of the message box is used to
display messages from all profiles.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Process four new echo commands to construct messages to be
displayed to the user:
echo msg message-text
echo msg-n message-text
echo msg-window message-title
echo msg-notify message-title
Note: All rules of push and echo processing apply and determine
what is received as echo commands by the GUI. In addition,
'url-encoded' characters (% followed by two hex digits) are
decoded and displayed.
The message is constructed in the GUI by concatenating the text
specified in one or more "echo msg text" or "echo msg-n text"
commands. In case of "echo msg text" text is appended with a new
line. An empty text in this case will
just add a new line.
The message ends and gets displayed when one of the following
are receieved:
echo msg-window title
echo msg-notify title
where "title" becomes the title of the message window. In case of
msg-window, a modeless window shows the message, in the latter case
a notification balloon is shown.
Example: when pushed from the server:
push "echo msg I say let the world go to hell%2C"
push "echo msg I must have my cup of tea."
push "echo msg-window Notes from the underground"
will display a modeless window with title
"Notes from the underground" and a two line body
--
I say let the world go to hell,
I must have my cup of tea.
--
Note that the message itself is not quoted in the above examples
and so it relies on the server's option-parser combining
individual words into a space separated string. Number of words
on a line is limited by the maximum number of parameters allowed
in openvpn commands (16). This limitation may be avoided by quoting
the text that follows so that the option parser sees it as one
parameter.
The comma character is not allowed in pushed strings, so
it has to be sent encoded as %2C as shown above.
Such encoding of arbitrary bytes is suppored. For example,
newlines may be embedded as %0A, though discouraged. Instead
use multiple "echo msg" commands to separate lines by new line.
An example with embedded spaces and multiple lines concatenated
without a new line in between (note use of single quotes):
push "echo msg-n I swear to you gentlemen%2C that to be"
push "echo msg-n ' overly conscious is a sickness%2C ' "
push "echo msg-n a real%2C thorough sickness."
push "echo msg-notify Quote of the Day"
will show up as a notification that displays for an
OS-dependent interval as:
--
Quote of the Day
I swear to you gentlemen, that to be overly conscious
is a sickness, a real, thorough sickness.
--
where the location of the line break is automatically determined
by the notification API and is OS version-dependent.
Commands like "echo msg ..." in the config file are also
processed the same way. It gets displayed when the GUI connects
to the management interface and receives all pending echo.
Pushed message(s) get displayed when the client daemon
processes push-reply and passes on echo directives to the
GUI.
TODO: The actual window that displays the messages is
implemented in the next commit.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Currently we show a check mark on connected profiles with no
indication on profiles that may be in the connecting state.
Change this by adding a mark against connecting/reconnecting
profiles. The yellow connecting state icon is used to generate
this mark although a custom designed check mark may look better.
In case of nested configs, the parent menus are marked with a tick
mark and only the profile is marked with the connecting icon.
No change in behaviour for profiles that are connected or
disconnected.
Trac #1241
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Currently we pop up the status window on double click only
if one connection is active though there is no strong reason to
limit this behaviour. In fact, when multiple connections are
stuck in the connecting state, its very useful to have a quick
way to examine their progress instead of having to drill down
the menu. Especially so when nested menu is in use.
A random variation of up to 100 pixel is added to the initial
position of the status window to avoid all windows falling on
top of each other.
To prevent an explosion of new windows in the very unlikely event
of numerous active connections, restrict the maximum windows
shown to 10.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
We didn't use interactive service when gui was running
under admin because of some privilege escalation vulnerability in Vista.
Apparently this issue doesn't exist on Win7 and newer versions so
it is safe to use iservice on those systems.
Introduce "Always use interactive service" option,
which is "on" by default. This should enable users,
who by various reasons run gui as admin, use Wintun.
When gui is running as admin and interactive service
cannot be started or not installed, warn that wintun will not work.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Some users want to use more deeply nested folders than currently
supported. Increase the max depth to 20 which should be plenty for
all.
See also issue: # 364
Signed-off-by: Selva Nair <selva.nair@gmail.com>
The help message is truncated in some languages with
recent increases in textual information in the
usage string. Eg., see "openvpn-gui --help" with
Dutch selected as the language where the text
is about 2300 characters while the buffer is only 2048.
The window still fits on typical screen sizes, so
just increase the buffer size to 3000.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- All missing strings are copied from the English version
which is the default.
- Description of "--command cmd" is also copied from the
English version where missing.
- Some whitespace changes for consistent formatting of all files
No user-visible changes except for the --help output
which will now include a description of the "--command cmd"
option in English when a translation is not available.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Corrected initial pull request https://github.com/OpenVPN/openvpn-gui/pull/361 pull with correct Ukrainian grammar (I am a native speaker, and it's not just my thought on it, but a collaboration of other team members, the main contributor being Bohdan Kobilnyk)
Strings passed to the management interface should escape characters
such as " and \ that have special meaning for the parser.
But, static-challenge password and response are base64 encoded
before passing to the management interface and get literally
transported to the server in that form. Escape processing of
these strings could result in altering the password and/or response.
Reported by: macskas https://github.com/OpenVPN/openvpn-gui/issues/351
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Selva Nair