-Close token handle in GetProcessTokenGroups()
-Close open service handles after use
-Close registry keys after use
Acked-by: Gert Doering <gert@greenie.muc.de>
- Open registry key HKCU was not closed in some code paths
- Also fix incorrect return value checks in GetRegistryKeys() and
SetRegistryVersion()
Signed-off-by: Selva Nair <selva.nair@gmail.com>
* added very important "-g" switch to cygwin setup command, which means "update cygwin itself", without it package manipulation is not predictable
* moved everything to appveyor.yml
* renamed appveyor.yml to .appveyor.yml
- A new registry HKLM\Software\OpenVPN\disable_save_passwords
(32 bit DWORD value) may be set to a non-zero value to
disable password saving by users. Applies to both auth and
private key passwords. Usernames are always saved.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Support the following echo commands
- "echo forget-passwords": delete passwords internally saved by the GUI
but do not disable the password save feature. Useful when pushed
from the server so that it gets processed after authentication. Also see
management-notes.txt in openvpn docs.
- "echo save-passwords": enables private-key and auth-user-pass passwords
to be saved. Will be effective at startup only if present in the config
file. If pushed from the server, will get used for subsequent
password prompts. Essentially this has the effect of presenting the password
dialogs to the user with save-password checkbox selected. The user may still
uncheck it during the dialog.
Note: echo commands are processed as and when they are received and in the order
received.
TODO: support for "echo setenv name var", "echo disable-save-passwords" etc..
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Current approach of querying the group membership of DOMAIN\username
fails for domain users if no DC is reachable. Instead authorize the
user if
(i) admin groups are found in the process token
(ii) or the SID of the user is a member of the admin groups
The second check is needed to support adding the user to the
ovpn_admin_group when GUI is running, as such changes in group
membership will not be reflected in the token.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
The openvpn-gui-res-cs.rc file was not included in release tarballs, which made
tarball-based builds fail.
URL: https://github.com/OpenVPN/openvpn-gui/issues/131
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Also define WINVER used by some header files.
The change will help warn against use of API calls not in vista.
The original setting of this macro to _NTDDI_WINXP was wrong and
permitted use of any API not just those supported by WinXP. Build
is unaffected as we currently do not have any function calls not
present in Vista.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Increase the buffer size used to load the usage string to 2048
chars (defined by USAGE_BUF_SIZE in main.h)
- Make GetGUILanguage() visible outside localization.c
Trac: #833
Signed-off-by: Selva Nair <selva.nair@gmail.com>