Import a config file from command line as
`openvpn-gui.exe --command import <file-path>`
The command is send to a running instance if any.
Otherwise the GUI extecutable is started and
the import processed.
`openvpn-gui --import <file-path>`
is interpreted as the same command.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Currently we construct the destination path and check whether
it exists. This could miss a connection profile with same
name in another directory.
If a config with same name is found we set it as the destination,
and ask the user for permission to overwrite. However, if the duplicate
is in the global_config_dir, the behaviour is not changed -- that is,
the config is imported with no further prompts.
Also fix the use of same buffer as destination and source in
swprintf(). It seems to work, but is not 'legal'.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Allow users to bypass HTTPS is not good, but may nevertheless be useful during development.
DEBUG macro is widely used in openvpn-gui code but was missing from CMakeLists.txt, so add it there.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
When 2FA is enabled, server (such as AS)
replies with HTTP 401 and issues a challenge.
Use existing facilities to parse CRV message
and prompt user for a response, then call REST
method again with encoded response as HTTP auth password.
See https://github.com/OpenVPN/openvpn3/blob/master/doc/webauth.md#challengeresponse-authentication
for more information.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Use WinInet to download profile into memory buffer.
If there are certain certificate errors (invalid CN,
wrong date, unknown CA, revocation check failed),
ask if user wants to continue.
Extract profile name from content, sanitize name and
save profile in temp directory. Then import profile
using existing facilities.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Factor out importing part (everything except file open dialog)
into separate function, which can be used when importing
profile from URL.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This is the first patch from series which implemets
importing profile from URL, currently implemented
by OpenVPN Access Server.
Move "Import from file" menu item under new "Import"
item. Add "Import from AS..." item under "Import", which
opens new profile import dialog.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Commit 131c75e5 ("Notify dialog windows when OpenVPN state changes") added callback
function, but forgot to specify __stdcall calling convention with CALLBACK keyword.
This is not an issue for x64 builds, but x86 requires __stdcall calling convention for callbacks,
otherwise compiler throws an error:
Error: D:\a\openvpn-gui\openvpn-gui\openvpn.c(292): error C2440: 'function': cannot convert from 'BOOL (__cdecl *)(HWND,LPARAM)' to 'WNDENUMPROC'
Reported-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Currently we show a messagebox with OK/CANCEL when response is
not required but that cannot handle state change messages.
Instead, show the "GenericPass" dialog with input disabled.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Use a custom message to pass state change notification from OpenVPN
to all top level windows in the thread. Currently only the pending auth
dialog responds to this message by closing when the state changes.
The state change could be due to timeout, errors or success via
out-of-band authentication which makes the dialog no longer valid.
The case of CR_TEXT messages that do not require a response is handled
in the next commit.
See also issue #440https://github.com/OpenVPN/openvpn-gui/issues/440
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Also add an edit box for setting the mute interval for
repeated echo messages. To be specified in hours
>=0. A zero value disables muting.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
As with CRV1, submit an empty string as the response.
Our base64-encode functiton can handle empty input to generate
an empty string as output.
Also make ensure the message box is shown in foreground,
and not dependent on the status window which may be hidden.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This adds support for crtext method of pending authentication,
used by Access Server 2.7 and newer.
When enabled on the server side and on the client side (IV_SSO=crtext),
server returns AUTH_PENDING with Info command like:
CR_TEXT:R,E:Enter Authenticator Code
Client prompts user for the response and sends base64-encoded response
to the server via management interface command:
cr-response SGFsbG8gV2VsdCE=
See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part)
for more information.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This adds support for web-based extra authentication, which may be
used by OpenVPN Cloud. When enabled and client sends IV_SSO=openurl,
server pushes Info command OPEN_URL:<url>. The client opens that URL and
user authenticates.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Use the image in the connecting state icon with background
color replaced by that of the menu for use as the checkmark.
MSDN docs on SetMenuItemBitmaps is unclear about the use of
color bitmaps for checkmarks, but this appears to display well.
(Tested on Windows 10 only).
The bitmap is recreated everytime the popup menus are made
although its sufficient to recreate it when system colours
change.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
The About text is truncated in Spanish version when
compiled with MSVC as LTEXT can't exceed 256 characters.
Removing the repeated phrase fixes this for now. If future
translations increase the length, please consider breaking
the paragraph into two.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Remove intermediate quotes in continued lines
- Remove macro substitutions in strings
- Split two long LTEXT (>256 characters) into two
All changes autogenerated using a sed script here
https://gist.github.com/selvanair/ae78c29869d7c1d15abcb909f04676c6
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Use an empty password to clear any existing password in the
private key file. If not empty, the requirement of minimum 8
characters is retained.
For PEM key file, an empty password will clear encryption on
the key. For pkcs12 files it will set an empty password.
As use of an empty password is the default first try in
OpenVPN.exe when reading pkcs12 file, this effectively leads
to the user not prompted for a private key password during
connection setup.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
By some reasons Release build ignores _INC_MATH and includes math.h,
which conflicts with our own log definition. Rename it to log_.
While on it, also rename other enum names for consistency.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
In this case, as per management-notes.txt, a CRV1 response with
an empty password should be submitted. Currently we ignore
such "challenges" causing the regular user-auth dialog to be shown
instead.
Fix by displaying the message received from the server. Depending
on user action (OK or CANCEL), a properly formatted reponse with an
empty password is returned or the connection is aborted.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
In private key passphrase and dynamic-challenge/pkcs11 PIN
dialogs:
- Disable the OK button by default
- Require non-empty user input before the OK button is enabled
Signed-off-by: Selva Nair <selva.nair@gmail.com>
We had earlier supported blank passwords or OTPs to be submitted. Change
this by enabling the OK button only if some minimal inputs are present.
- In static challenge dialog require username and either password or
challenge-reponse (OTP) fields to be non-empty
- In normal user-auth dialog require username and password to be non-empty
Signed-off-by: Selva Nair <selva.nair@gmail.com>
We currently use WM_COMMAND message which is delivered with the
ID of the menu item requiring a unique ID for every command
(connect, disconnect etc..) for each connection profile. Instead,
use WM_MENUCOMMAND so that the message delivers a handle to the
menu and the position index of the menu item.
Connection menu array is now dynamically allocated. Yet, there
is still a limitation on the number of configs as the config
index + mgmt_port_offset must be < 65536 to be usable as a port
number. The error message shown for "too many configs" is reworded.
(English language file only).
Note: The current way of selecting the management port based on the
index of the config file increases chances of port conflicts
when the number of configs is large. It could be useful to change
this logic but that is beyond the cope of this PR.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Describe recently added command line options:
- iservice_admin
- disable_popup_messages
- popup_mute_interval
- management_port_offset
Added the default English text to all langauage files.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Extend the string comparison of the two paths to include comparing their
file information structure. (See Remarks under the MSDN docs for
GetFileInformationByHandle)
If the strings are identical we treat them as identical without checking
further whether the paths are valid. This matches the current
behaviour. Otherwise, the two paths are treated as identical if both
exist, are accessible and point to the same object in the file system.
Trac: #1359, #1376
Signed-off-by: Selva Nair <selva.nair@gmail.com>