As with CRV1, submit an empty string as the response.
Our base64-encode functiton can handle empty input to generate
an empty string as output.
Also make ensure the message box is shown in foreground,
and not dependent on the status window which may be hidden.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This adds support for crtext method of pending authentication,
used by Access Server 2.7 and newer.
When enabled on the server side and on the client side (IV_SSO=crtext),
server returns AUTH_PENDING with Info command like:
CR_TEXT:R,E:Enter Authenticator Code
Client prompts user for the response and sends base64-encoded response
to the server via management interface command:
cr-response SGFsbG8gV2VsdCE=
See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part)
for more information.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This adds support for web-based extra authentication, which may be
used by OpenVPN Cloud. When enabled and client sends IV_SSO=openurl,
server pushes Info command OPEN_URL:<url>. The client opens that URL and
user authenticates.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Use the image in the connecting state icon with background
color replaced by that of the menu for use as the checkmark.
MSDN docs on SetMenuItemBitmaps is unclear about the use of
color bitmaps for checkmarks, but this appears to display well.
(Tested on Windows 10 only).
The bitmap is recreated everytime the popup menus are made
although its sufficient to recreate it when system colours
change.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
The About text is truncated in Spanish version when
compiled with MSVC as LTEXT can't exceed 256 characters.
Removing the repeated phrase fixes this for now. If future
translations increase the length, please consider breaking
the paragraph into two.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Remove intermediate quotes in continued lines
- Remove macro substitutions in strings
- Split two long LTEXT (>256 characters) into two
All changes autogenerated using a sed script here
https://gist.github.com/selvanair/ae78c29869d7c1d15abcb909f04676c6
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Use an empty password to clear any existing password in the
private key file. If not empty, the requirement of minimum 8
characters is retained.
For PEM key file, an empty password will clear encryption on
the key. For pkcs12 files it will set an empty password.
As use of an empty password is the default first try in
OpenVPN.exe when reading pkcs12 file, this effectively leads
to the user not prompted for a private key password during
connection setup.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
By some reasons Release build ignores _INC_MATH and includes math.h,
which conflicts with our own log definition. Rename it to log_.
While on it, also rename other enum names for consistency.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
In this case, as per management-notes.txt, a CRV1 response with
an empty password should be submitted. Currently we ignore
such "challenges" causing the regular user-auth dialog to be shown
instead.
Fix by displaying the message received from the server. Depending
on user action (OK or CANCEL), a properly formatted reponse with an
empty password is returned or the connection is aborted.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
In private key passphrase and dynamic-challenge/pkcs11 PIN
dialogs:
- Disable the OK button by default
- Require non-empty user input before the OK button is enabled
Signed-off-by: Selva Nair <selva.nair@gmail.com>
We had earlier supported blank passwords or OTPs to be submitted. Change
this by enabling the OK button only if some minimal inputs are present.
- In static challenge dialog require username and either password or
challenge-reponse (OTP) fields to be non-empty
- In normal user-auth dialog require username and password to be non-empty
Signed-off-by: Selva Nair <selva.nair@gmail.com>
We currently use WM_COMMAND message which is delivered with the
ID of the menu item requiring a unique ID for every command
(connect, disconnect etc..) for each connection profile. Instead,
use WM_MENUCOMMAND so that the message delivers a handle to the
menu and the position index of the menu item.
Connection menu array is now dynamically allocated. Yet, there
is still a limitation on the number of configs as the config
index + mgmt_port_offset must be < 65536 to be usable as a port
number. The error message shown for "too many configs" is reworded.
(English language file only).
Note: The current way of selecting the management port based on the
index of the config file increases chances of port conflicts
when the number of configs is large. It could be useful to change
this logic but that is beyond the cope of this PR.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Describe recently added command line options:
- iservice_admin
- disable_popup_messages
- popup_mute_interval
- management_port_offset
Added the default English text to all langauage files.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Extend the string comparison of the two paths to include comparing their
file information structure. (See Remarks under the MSDN docs for
GetFileInformationByHandle)
If the strings are identical we treat them as identical without checking
further whether the paths are valid. This matches the current
behaviour. Otherwise, the two paths are treated as identical if both
exist, are accessible and point to the same object in the file system.
Trac: #1359, #1376
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Add an option in the advanced settings menu for
the management port offset. Allows any value in the
range 1 to 61000 which with upto ~4000 added as connection
id keeps it in range.
Default is the currently hard coded value of 25340.
As Windows has no concept of privileged ports and the ephemeral
range used varies from version to version, no attempt is made to
avoid conflicts with ports in use.
- Add an option to choose the config menu view from the
advanced settings with three options:
Auto: Automatically switch to the nested view when
number of configs exceed a limit (currently 25)
Flat: Force the flat view irrespective of the number of
configs
Nested: Force the nested view irrespective of the number
of configs
Issues: 370 and 387
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Change the way echo-msg window is update (thread safety).
When new echo-msg content is available for display, update the window
from the thread owning it by sending a message to it.
A blocking SendMessage (with a timeout) is used, as the window
needs access to the config's echo-msg buffer which is cleared
on return from this this call.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This adds context to the message in the form:
"From: config-name date/time text" displayed as right-aligned
and in italics.
Also remove the show argument to AddMessageBoxText() and move ShowWindow()
to the caller.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Left clickng on http or https url will open it on the default browser
Several other URL schemes are detected and formatted as clickable
links, but we only support opening of http/https links.
Note on spaces in URLs: We unescape all %xx occurrences in the echo
message text so that %20 will be converted to space in plain text.
This means embedded spaces in URLs will not work even if written
as %20. An option is to use %2520 which will get conveted to %20
after the unescaping.
A better option is to enclose the URL in <>. If the
text inside <> starts with a valid scheme (http, https etc.),
the entire text including spaces is parsed as the URL.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Echo msg history saved to registry on disconnect and loaded on
reconnect.
- Muting of repeated messages now work across GUI restarts.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Suppress messages with exactly same content as previously
displayed within popup_mute_interval (24h by default). This parameter
may be set on command line as "--popup_mute_interval n" where n is
in hours.
- Command line option '--disable_popup_messages' disables all echo
message popups (window and notification).
This patch only handles suppression of repeated messages during
reconnections.
TODO: Persist message history in the registry and use it to mute
repeated messages after disconnects and across restarts of the GUI.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Add a message box that support appending messages with
a title formatted at a larger font and a text
displayed in the default font.
- A global instance of the message box is used to
display messages from all profiles.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Process four new echo commands to construct messages to be
displayed to the user:
echo msg message-text
echo msg-n message-text
echo msg-window message-title
echo msg-notify message-title
Note: All rules of push and echo processing apply and determine
what is received as echo commands by the GUI. In addition,
'url-encoded' characters (% followed by two hex digits) are
decoded and displayed.
The message is constructed in the GUI by concatenating the text
specified in one or more "echo msg text" or "echo msg-n text"
commands. In case of "echo msg text" text is appended with a new
line. An empty text in this case will
just add a new line.
The message ends and gets displayed when one of the following
are receieved:
echo msg-window title
echo msg-notify title
where "title" becomes the title of the message window. In case of
msg-window, a modeless window shows the message, in the latter case
a notification balloon is shown.
Example: when pushed from the server:
push "echo msg I say let the world go to hell%2C"
push "echo msg I must have my cup of tea."
push "echo msg-window Notes from the underground"
will display a modeless window with title
"Notes from the underground" and a two line body
--
I say let the world go to hell,
I must have my cup of tea.
--
Note that the message itself is not quoted in the above examples
and so it relies on the server's option-parser combining
individual words into a space separated string. Number of words
on a line is limited by the maximum number of parameters allowed
in openvpn commands (16). This limitation may be avoided by quoting
the text that follows so that the option parser sees it as one
parameter.
The comma character is not allowed in pushed strings, so
it has to be sent encoded as %2C as shown above.
Such encoding of arbitrary bytes is suppored. For example,
newlines may be embedded as %0A, though discouraged. Instead
use multiple "echo msg" commands to separate lines by new line.
An example with embedded spaces and multiple lines concatenated
without a new line in between (note use of single quotes):
push "echo msg-n I swear to you gentlemen%2C that to be"
push "echo msg-n ' overly conscious is a sickness%2C ' "
push "echo msg-n a real%2C thorough sickness."
push "echo msg-notify Quote of the Day"
will show up as a notification that displays for an
OS-dependent interval as:
--
Quote of the Day
I swear to you gentlemen, that to be overly conscious
is a sickness, a real, thorough sickness.
--
where the location of the line break is automatically determined
by the notification API and is OS version-dependent.
Commands like "echo msg ..." in the config file are also
processed the same way. It gets displayed when the GUI connects
to the management interface and receives all pending echo.
Pushed message(s) get displayed when the client daemon
processes push-reply and passes on echo directives to the
GUI.
TODO: The actual window that displays the messages is
implemented in the next commit.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Currently we show a check mark on connected profiles with no
indication on profiles that may be in the connecting state.
Change this by adding a mark against connecting/reconnecting
profiles. The yellow connecting state icon is used to generate
this mark although a custom designed check mark may look better.
In case of nested configs, the parent menus are marked with a tick
mark and only the profile is marked with the connecting icon.
No change in behaviour for profiles that are connected or
disconnected.
Trac #1241
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Currently we pop up the status window on double click only
if one connection is active though there is no strong reason to
limit this behaviour. In fact, when multiple connections are
stuck in the connecting state, its very useful to have a quick
way to examine their progress instead of having to drill down
the menu. Especially so when nested menu is in use.
A random variation of up to 100 pixel is added to the initial
position of the status window to avoid all windows falling on
top of each other.
To prevent an explosion of new windows in the very unlikely event
of numerous active connections, restrict the maximum windows
shown to 10.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Selva Nair