PostThreadMessage used to trigger exit event gets lost while
in modal dialog loops such as auth dialog. Replace it by PostMessage
and handle it in the status window callback.
Fixes openvpn processes left behind if exit is pressed while
user-auth dialog is active.
Changes after feedback:
- Use PostMessage correctly in SuspendOpenVPN() (error pointed
out by leobasilio@gmail.com).
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Asynchronously read Input on the service pipe which are mostly
errors reported by the service. Display the errors on the status log
window and to the log file if its not opened by openvpn.
If/when openvpn fails to start or exits with error, close
the connection without waiting for management socket timeout.
v2:
- rebase to master
- fix a bug in setting manage.connected state
- ensure management socket is closed and resources freed before thread exit
Signed-off-by: Selva Nair <selva.nair@gmail.com>
When a connection is attempted using a config in a location
that would fail, offer an option to add the user to the "OpenVPN
Administrators" group. This is done using shell-execute which will
show a UAC prompt for elevation. If it fails (due to user chooses
NO or the UAC dialog fails) the connection is not started.
v2 Changes
- Rebase to master
- Automaticlaly add the admin group if it doesn't exist
- Allow unicode strings in debug output
- Use domain\username to identify user
- Fix the PrintDebug macro
Minor changes based on user feedback
- Bring the window back to foreground after UAC prompt completion
- Show a message if another connection is tried during authorization
- Do not add user to ovpn_admin_group if it is same as the built-in admin group
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Handle early errors (openvpn exits before management connection is up)
with a helpful error message that points the user to view log.
- Include only readable config files in the connection list
- Warn if no connection profiles found
TODO: handle startup errors from interactive service
This is needed to avoid early messages going to stdout leaving no
trace of errors when openvpn exits before management interface is up.
It also ensures that any --log directives in the config do not override
the log file location.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Connecting to a named pipe server while running with admin rights is not
secure in some windows versions. As the interactive service is not required
to set routes while running as admin, this looks like a safe compromise.
Fix based on feedback from Heiko Hund
- Move IsUserAdmin() check before opening the service pipe
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Proxy settings are fetched from the users Internet Options
for the active connection. If WPAD or a PAC script is configured
they are preferred and used for automatic proxy detection.
Proxy bypass configuration is completely ignored.