Commit Graph

125 Commits (577d982b51670f7f68d6dad9d0bf08f8a01879ba)

Author SHA1 Message Date
Selva Nair 31896ce33b Add restart button to connection menus
- This works the same way as restart button in the status window
  but is more conveniently accessible from the tray menu.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2018-01-20 11:41:19 -05:00
Selva Nair 185b571d6e Do not auto submit username/password after an auth failure
- This case was missed by commit 5fb23f6ad9 that introduced
  automatic username/password submission.
- Also avoid auto submit if the recalled password is an empty
  string.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2018-01-03 21:38:40 -05:00
Selva Nair 5fb23f6ad9 Auto submit saved auth-user-pass credentials after a brief delay
- Effective only when username and password are saved.
- The user may interrupt auto submission and edit the username/password.
- If silent_connection is on the dialog is bypassed without any delay.

v2 changes:
- Display message in normal text color and show remaining time

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-12-26 13:41:55 -05:00
Selva Nair 301a5e5644 Check for invalid characters in user inputs
- Flag password and username input if these contain an invalid character
  (currently only embedded '\n' is disallowed). Shows a popup when OK
  is pressed so that the user can correct the input and resubmit.

- Add an error message to the log when the management i/f returns
  ERROR for incorrectly parsed commands. Otherwise such errors go
  unnoticed.

Note: IDS_ERR_INVALID_USERNAME/PASSWORD need translations.

Reported and tested by: Florian Beier (H4ndl3 on github)
Fixes Trac: #958

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-11-20 09:53:31 -05:00
Selva Nair 8eb06fa697 Correct parsing of the process ID returned by interatcive service
Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-11-20 09:53:31 -05:00
Selva Nair 23ac3c00bb Highlight warning and error messages in status window
- Change text color of log lines with flags = W, N, F

v2: replace strchr with memchr to avoid modifying line

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-09-23 12:19:55 -04:00
Selva Nair 1bd5a6faa9 Add a warning message when authentication is retried due to wrong credentials
- "Wrong username or password" message shown in the auth userpass dialog after
  an auth failure
- "Wrong password" message shown in the private key password dialog after a
  password failure.

These message texts are colored red by default (TODO: make the color customizable)

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-06-27 16:01:18 -04:00
Selva Nair c37467ebe4 Distinguish between auth and key password failures
Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-06-27 16:01:18 -04:00
Frank Fesevur d17fcaae1b Set focus to password field when username is filled
When the username is filled automatically, set the focus to
the password field. This way you can enter the password
immedediately without having the press TAB (or even worst
users using the mouse to click on the password field).
2017-06-15 09:18:32 +02:00
Selva Nair d7b0fcbe5b Merge pull request #137 from selvanair/echo
Parse ECHO directives from openvpn

Acked-by: Gert Doering <gert@greenie.muc.de>
2017-03-16 10:22:05 -04:00
Selva Nair 25be842a96 Merge pull request #117 from selvanair/nay-to-savepass
Add a system-wide option to disable the password save feature
2017-03-08 21:37:31 -05:00
Selva Nair 778cc3d225 Add a system-wide option to disable the password save feature
- A new registry HKLM\Software\OpenVPN\disable_save_passwords
  (32 bit DWORD value) may be set to a non-zero value to
  disable password saving by users. Applies to both auth and
  private key passwords. Usernames are always saved.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-03-07 11:49:03 -05:00
Selva Nair d4090a8842 Parse ECHO directives from openvpn
Support the following echo commands

- "echo forget-passwords": delete passwords internally saved by the GUI
  but do not disable the password save feature. Useful when pushed
  from the server so that it gets processed after authentication. Also see
  management-notes.txt in openvpn docs.

- "echo save-passwords": enables private-key and auth-user-pass passwords
  to be saved. Will be effective at startup only if present in the config
  file. If pushed from the server, will get used for subsequent
  password prompts. Essentially this has the effect of presenting the password
  dialogs to the user with save-password checkbox selected. The user may still
  uncheck it during the dialog.

Note: echo commands are processed as and when they are received and in the order
received.

TODO: support for "echo setenv name var", "echo disable-save-passwords" etc..

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-02-27 13:47:59 -05:00
Selva Nair d662991d13 Close service pipe in case of startup error
Without this the service will continue to wait for input from GUI
and log pipe read errors to the event log.
Also fix a typo in the error messgae shown.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-01-14 22:27:05 -05:00
Selva Nair 91b3eef40a Mark status as connected only if openvpn reports CONNECTED,SUCCESS
Avoid reporting a connection that completed with errors (state change
message = CONNECTED,ERROR) as successful.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2017-01-02 14:23:01 -05:00
Selva Nair 2f2ddbf3a8 Load icons at sizes given by DPI-dependent system metric
- Check system metric for large and small icon sizes and
  try to load the correct size instaed of scaling from one size.

Scaling will still happen if the required size is not available
in the icon resource. As we add more icon sizes they will
get automatically used as needed.

LoadImage scales up from next smallest size available. Revisit this
when LoadIconWithScaleDown (Vista+) becomes available in mingw.

Resolves Trac: #772 (icon scaling issue)

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-12-08 16:01:58 -05:00
Samuli Seppänen 8020ee1071 Merge pull request #91 from selvanair/pkcs11-pin-v3
pkcs11 pin prompt
2016-11-30 22:18:34 +02:00
Selva Nair 5fe0d5225e Make the program DPI aware
- Set dpi-awareness to true in the manifest (i.e., "system-dpi aware")
- Check system dpi and scale and/or position widgets and windows
  that depend on the system dpi (only components within the status
  window are affected).

Note: Declaring dpi awareness eliminates automatic rescaling of
windows that causes blurred text on high dpi monitors.
Windows 8.1 and later allow per monitor dpi setting which is
not handled here.
2016-11-19 21:57:39 -05:00
Selva Nair be417bb38f Support pkcs11 token insertion request and pin input
Note: IDS_NFO_TOKEN_PASSWORD_CAPTION and IDS_NFO_TOKEN_PASSWORD_REQUEST
strings need translation.

TODO: support for selecting pkcs11-id from the GUI

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-11-15 19:29:23 -05:00
Selva Nair 1a5ce44a99 Handle dynamic challenge/response
- Add a base64 decode function using Windows CyptoAPI
- Move multibyte to widechar conversions to a function
- Add config name to caption of password dialogs to help user
  identify the request
- Add new dialog template for generic password/PIN requests
  and use it to handle dynamic challenge

Note 1: if dynamic challenge response verification fails, an auth-failed
message is returned by the server causing the GUI to clear any saved
password even if the user-auth dialog itself succeeeded.

Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language
files may require translation.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-11-15 19:14:32 -05:00
Selva Nair 1ec6c6cd12 Add missing WINAPI in the definition of HandleServiceIO
WINAPI is __stdcall in 32 bit windows (ignored in 64 bit) causing
this bug to show up in the 32 bit version only.

Also fix out-of-bounds write of ovpn_version[] in openvpn.c

Resolves Trac #758

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-11-15 12:43:11 -05:00
Selva Nair 81ece9690e Check for interactive service only if OpenVPN version is >= 2.4
This makes it less confusing to run GUI v11 with OpenVPN 2.3.x

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-11-01 23:06:39 -04:00
Selva Nair ad58766f52 Do not start a connection when a previous thread has not fully exited
When openvpn exits due to error, the GUI pops up a modal dialog and
waits on user to click OK before cleaning up resources and closing
the status window. During this phase if the user clicks "connect"
from the tray menu, a new thread is started overwriiting several
handles in the connection struct.

Fix: Refuse to start a connection when previous status thread is
still active. Instead, bring the exisiting status window to fore-ground.
Also make the modal dialog a child of the status window for better
visibility.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-10-08 16:25:56 -04:00
Selva Nair fcd0efa479 Terminate any openvpn processes that fail to stop
Sometimes gracefully stopping openvpn fails leaving the
process running in background. This causes restarting of
connections to fail until those processes are manually killed.

- Read process ID from interactive service to get process
  handle when openvpn is started by the service.
- Add a last resort method to forcefully terminate openvpn
  process that fails to exit aftier sending stop signal. Terminate
  is triggered after a 3 second timeout following Stop.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-10-08 16:25:38 -04:00
Selva Nair 9892d5813f NUL terminate messages received from interactive service
Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-10-08 16:23:47 -04:00
Selva Nair 5a47986ccb Make options saved in registry editable by user
Option ediitng dialogs are in two tabs: General and Advanced.
Proxy related options are left in the proxy tab. Options
config_dir, config_ext, log_dir, script timeouts and
service-only flag are in the Advanced tab. All other more commonly
used flags and options are in the General tab.

- As options are editable, save values in registry only when they differ
  from the default values. This leaves the registry clean and makes changing
  options and their defaults during updates easier.

- Entries for config_dir and log_dir must be absolute paths.
  Environemental variables such as %PROFILEDIR% may be used
  to construct these.

- Empty config_dir, config_ext and log_dir entries are silently
  ignored (i.e., the current values are left unchanged).

- Store all numeric and boolean parameters in registry as DWORD instead of
  strings.

- On startup, the default parameters are loaded, then the registry is read
  and finally command-line parameters parsedi.

- Out of range script timeout values in registry truncated with a
  warning instead of fatal error. This allows the user to access the
  settings dialog and make corrections.

- Save proxy and language settings under the same
  HKCU\Software\OpenVPN-GUI key as other options instead of under Nilings.

- Save the current version of the GUI in regsitry so that updates
  can be detected and any needed registry cleanup done.

- If no version info is present in the registry any values in OpenVPN-GUI
  key in HKCU are deleted for a clean start as this is the first version
  to save registry values in HKCU. Language and proxy data if present
  under Nilings is migrated.

Note: new controls in the General tab and newly added Advanced tab dialog
are copied to all language files from the English version. These need to
be translated.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-08-06 11:46:15 -04:00
Selva Nair 1c748e382d Simplify some parameters and registry keys
- Replace allow_password by a runtime check that enables password
  change menu only when the user has write-access to the key file.
- Read exe_path and priority from HKLM and do not duplicate in HKCU.
- Always allow the user to view the config: edit will succeed if user
  has write access.
- Always include the proxy settings tab which is the default.
- Remove the unused power event handling and disconnect_on_suspend key.
- Remove password_attempts -- user can stop the password dilaog
  by clicking cancel.
- Remove allow_service: implicitly enabled if service_only is used.
- Deprecate removed options in cmd-line parser
- Update README.rst
- Close config file before exit in GetKeyFileName
- Close thread and dialog handles in passphrase.c

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-08-06 11:46:15 -04:00
Selva Nair 7247432cea Merge pull request #52 from selvanair/save-pass
Save username and optionally passwords
2016-07-15 00:37:14 -04:00
Selva Nair 5880fdcd02 Save username and optionally passwords
- Username and, optionally, password as well as the private
  key passphrase are saved in config-specific registry keys
- All saved data are kept encrypted using DPAPI
- The passphrase dialog is skipped if a valid saved private
  key password is available. However, the user-auth dialog
  is always presented, prefilled with the saved username
  and password.

Note: A text string "Save password" is added to three dialogs
in all language resource files. Additional text with ids
IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the
STRINGTABLE only in the English language resource file.
All these need translations.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-05-29 19:35:30 -04:00
Selva Nair 9fb33d0bee Fix exit handling while in modal loops
PostThreadMessage used to trigger exit event gets lost while
in modal dialog loops such as auth dialog. Replace it by PostMessage
and handle it in the status window callback.

Fixes openvpn processes left behind if exit is pressed while
user-auth dialog is active.

Changes after feedback:
- Use PostMessage correctly in SuspendOpenVPN() (error pointed
  out by leobasilio@gmail.com).

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-05-23 01:20:02 -04:00
Selva Nair 854d76ae31 Read errors from the service pipe and handle fatal ones
Asynchronously read Input on the service pipe which are mostly
errors reported by the service. Display the errors on the status log
window and to the log file if its not opened by openvpn.
If/when openvpn fails to start or exits with error, close
the connection without waiting for management socket timeout.

v2:
- rebase to master
- fix a bug in setting manage.connected state
- ensure management socket is closed and resources freed before thread exit

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-05-08 18:07:31 -04:00
Samuli Seppänen 72818bbf8e Merge pull request #33 from selvanair/bugfix
Some small bug fixes
2016-04-12 17:07:12 +03:00
Selva Nair 4c8d5eaff0 Fix wrongly used o.conn[config] in place of current config c
Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-03-25 17:46:42 -04:00
Selva Nair 43d0ef3a5a Handle interactive service policy restrictions
When a connection is attempted using a config in a location
that would fail, offer an option to add the user to the "OpenVPN
Administrators" group. This is done using shell-execute which will
show a UAC prompt for elevation. If it fails (due to user chooses
NO or the UAC dialog fails) the connection is not started.

v2 Changes
 - Rebase to master
 - Automaticlaly add the admin group if it doesn't exist
 - Allow unicode strings in debug output
 - Use domain\username to identify user
 - Fix the PrintDebug macro

Minor changes based on user feedback
 - Bring the window back to foreground after UAC prompt completion
 - Show a message if another connection is tried during authorization
 - Do not add user to ovpn_admin_group if it is same as the built-in admin group

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-03-13 20:23:20 -04:00
Soar Qin fe5a1c9b71 Adding static-challenge support 2016-02-27 13:51:13 +08:00
Samuli Seppänen 49746f2995 Merge pull request #16 from selvanair/error-messages
Better error reporting when connection fails to come up
2016-02-22 10:13:01 +02:00
Samuli Seppänen f415fe8c83 Merge pull request #15 from selvanair/make-log-first-option
Put --log first in the command line
2016-02-22 10:06:37 +02:00
Selva Nair 352e44f03d Better error reporting when connection fails to come up
- Handle early errors (openvpn exits before management connection is up)
    with a helpful error message that points the user to view log.
- Include only readable config files in the connection list
- Warn if no connection profiles found

TODO: handle startup errors from interactive service
2016-02-16 15:57:37 -05:00
Selva Nair cdec68ef91 Put --log first in the command line
This is needed to avoid early messages going to stdout leaving no
trace of errors when openvpn exits before management interface is up.
It also ensures that any --log directives in the config do not override
the log file location.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-02-15 11:58:45 -05:00
Selva Nair 791aea49e6 Do not use interactive service if running as admin
Connecting to a named pipe server while running with admin rights is not
secure in some windows versions. As the interactive service is not required
to set routes while running as admin, this looks like a safe compromise.

Fix based on feedback from Heiko Hund
- Move IsUserAdmin() check before opening the service pipe

Signed-off-by: Selva Nair <selva.nair@gmail.com>
2016-02-15 11:07:29 -05:00
Heiko Hund a449f63bcd fix IV_GUI_VERSION string 2014-11-16 16:16:31 +01:00
Heiko Hund 92329e6e90 pass IV_GUI_VER to the openvpn server 2014-04-08 20:14:49 +02:00
Heiko Hund c338ca0761 don't define callback functions as static 2014-04-08 20:06:37 +02:00
Heiko Hund 47cff87477 make auth popups show when returning from suspend 2013-04-25 17:53:16 +02:00
Heiko Hund c874ba68b4 add Russian localization by Roman Azarenko 2012-11-05 16:24:47 +01:00
Heiko Hund 66fe4edb01 remove --tls-exit, it requires openvpn in TLS mode 2012-10-16 16:55:40 +02:00
Heiko Hund beead0e1a4 enforce entry of a username when querying auth 2012-07-20 12:53:14 +02:00
Heiko Hund 3c81b7a4f2 support SOCKS 5 proxy auth notifications from mgmt 2012-07-20 11:55:10 +02:00
Heiko Hund e84834a08a supply system proxy settings to management itf
Proxy settings are fetched from the users Internet Options
for the active connection. If WPAD or a PAC script is configured
they are preferred and used for automatic proxy detection.
Proxy bypass configuration is completely ignored.
2012-07-19 16:03:50 +02:00
Heiko Hund ae36105686 don't show status window on openvpn exit if silent 2012-05-09 11:13:19 +02:00
Heiko Hund b9edb7e62a keep trying to connect to mgmt itf for 15 seconds 2012-05-08 16:50:26 +02:00
Heiko Hund 69392ef426 use correct tray icon during reconnect 2012-04-03 13:55:25 +02:00
Heiko Hund d8737bfba2 remove limit for user/pass length, closes #3498438
Generation of the "username" and "password" management commands now
happens centrally in the helper function ManagementCommandFromInput()
in misc.c
2012-03-30 18:20:09 +02:00
Heiko Hund f420d7dcbb use CRT's _countof instead of proprietary _tsizeof 2012-03-29 17:40:34 +02:00
Alon Bar-Lev c9eb68c77f use automake in build
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Edited to not use libtool and implicit automake rule to build resource object
2012-03-28 10:59:44 +00:00
Alon Bar-Lev 6eef880c8f debug: fix debug under unicode
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

edit: use _tsizeof for array element count
2012-03-28 10:44:54 +00:00
Heiko Hund 18376e2f2e tag unused variables to stop compiler warnings 2012-03-28 10:44:51 +00:00
Heiko Hund 3670a4bd2a support starting OpenVPN via interactive service 2012-01-31 09:40:08 +00:00
Heiko Hund e755155332 make log window display unicode properly 2011-11-09 16:15:41 +01:00
Heiko Hund 54d74f5861 always compile a unicode binary 2011-08-29 13:56:32 +00:00
Heiko Hund a1c152d3af send credentials to openvpn in UTF-8 encoding 2011-08-29 13:30:50 +00:00
Heiko Hund 697ffc57f9 fix prototype of dlgproc functions 2011-07-26 09:05:16 +02:00
Heiko Hund 3653d41931 fix write out of array bounds 2011-07-21 17:59:08 +02:00
Heiko Hund 9d918954d5 ask for HTTP proxy credentials on demand
* use "auto" parameter for --http-proxy option
 * pass proxy credentialsls via management interface
 * also closes #3223163
2011-03-24 17:54:53 +01:00
Heiko Hund 4bcebba60f use managment interface 2010-09-10 11:39:39 +02:00
Heiko Hund 7c4bea3f7e remove support for openvpn version < 2.0 2010-06-29 16:12:17 +02:00
Heiko Hund a6e6d88115 refactor option handling code 2010-04-09 06:18:58 +02:00
Heiko Hund 61cb987f4d make it work when compiled as unicode 2010-03-21 10:07:14 +01:00
Heiko Hund 6939cb8792 replace GUI_* with PACKAGE_* macros 2010-03-11 22:58:45 +01:00
Heiko Hund 09a9867d8a use new inline function instead of old macro 2009-02-09 17:58:53 +00:00
Heiko Hund b8f520be05 config number for status dialog is now stored as property 2009-02-05 14:22:57 +00:00
Heiko Hund 5783d7da94 cleaned up resource IDs 2009-02-04 15:54:37 +00:00
Heiko Hund d646c7fc8c fixed compiler warnings 2009-01-19 12:28:26 +00:00
Heiko Hund 3d4aaeb5a4 switched to use of localization functions 2009-01-18 20:59:52 +00:00
Heiko Hund fd9e4ae6db import of openvpn-gui-1.0.3.zip
git-svn-id: https://openvpn-gui.svn.sourceforge.net/svnroot/openvpn-gui/trunk@2 43a1345a-9c20-4331-951f-9845fc178312
2008-12-18 11:08:35 +00:00