- Username and, optionally, password as well as the private
key passphrase are saved in config-specific registry keys
- All saved data are kept encrypted using DPAPI
- The passphrase dialog is skipped if a valid saved private
key password is available. However, the user-auth dialog
is always presented, prefilled with the saved username
and password.
Note: A text string "Save password" is added to three dialogs
in all language resource files. Additional text with ids
IDS_MENU_CLEARPASS and IDS_NFO_DELETE_PASS are added to the
STRINGTABLE only in the English language resource file.
All these need translations.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
When a connection is attempted using a config in a location
that would fail, offer an option to add the user to the "OpenVPN
Administrators" group. This is done using shell-execute which will
show a UAC prompt for elevation. If it fails (due to user chooses
NO or the UAC dialog fails) the connection is not started.
v2 Changes
- Rebase to master
- Automaticlaly add the admin group if it doesn't exist
- Allow unicode strings in debug output
- Use domain\username to identify user
- Fix the PrintDebug macro
Minor changes based on user feedback
- Bring the window back to foreground after UAC prompt completion
- Show a message if another connection is tried during authorization
- Do not add user to ovpn_admin_group if it is same as the built-in admin group
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Set default config directory (config_dir) to %UserProfile%\OpenVPN\config
(saved and read back from HKCU\Software\OpenVPN-GUI\config_dir)
- Add a global_config_dir variable read from HKLM\Software\OpenVPN\config_dir
or set to OpenVPN-install-path\config
- Scan both directories and their sub directories for connection profiles.
In case of name conflicts config_dir gets priority over global_config_dir
- Eliminate multiple warnings of duplicate configs
Fixed on review (Thanks to leobasilio@gmail.com)
- Fix wrongly used o.config_dir in 2 locations
- Unrelated: Added missing CheckIServiceStatus to service.h
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This reverts commit 2af8636896.
Requiring "highestAvalable" privilege is no longer required,
nor advisable, as the same functionality is provided using
the interactive service with the GUI running with limited rights.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Handle early errors (openvpn exits before management connection is up)
with a helpful error message that points the user to view log.
- Include only readable config files in the connection list
- Warn if no connection profiles found
TODO: handle startup errors from interactive service
Change the default log file location to OpenVPN/log in user's profile directory
to support running without admin privileges using the interactive service.
The registry keys are moved to HKCU from HKLM to allow for user-specific
settings as well as to avoid the need for running the GUI as admin at the
first instance.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Request the highest privilege of the invoking user. When started by a
user with admin rights, a UAC prompt may pop up requesting consent.
The current behaviour is preserved for users with limited privileges.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
The first line of the page is too long for the current width, so it
spills onto the second line, shifting the rest of the text downwards.
As a result, the line with the URL is shifted out of the label's bounds
and is no longer visible.
Ilya Shipitsin