Strings passed to the management interface should escape characters
such as " and \ that have special meaning for the parser.
But, static-challenge password and response are base64 encoded
before passing to the management interface and get literally
transported to the server in that form. Escape processing of
these strings could result in altering the password and/or response.
Reported by: macskas https://github.com/OpenVPN/openvpn-gui/issues/351
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Prompt the user for permission if import may overwrite
an existing config.
- Also raise an error if the import file source matches the
global or local config directory. Reimporting a config on to
itself is not supported. This also avoids ERROR_SHARING_VIOLATION
in CopyFile() when source and destination are the same.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Also if install_path read from registry is an empty string, illegal
memory access may result. Fix by using the default value in this
case as well.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
The current code re-issues the next read request in the I/O
completion routine before the previous message is fully handled.
This could potentially lead to lost messages as the message buffer
is reused.
Fix by re-queuing the next read from OnService() after duplicating
the previous message.
The length check of the read message is omitted as it is implicitly
checked when scanning the message. Makes the logic simpler.
Reported by Lev Stipakov <lstipakov@gmail.com>
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Add an new command 'rescan' that may be sent to a running
instance of the GUI to force it rescan the config folders.
Use case: with an instance of the is GUI running, one can
manually copy a config file to the config folder and start
it using "openvpn-gui --command rescan" followed by
"openvpn-gui --command connect foo"
v2: The calls to rebuild config file list and recreate
menus is refactored into a function.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This adds msvc project files and tiny code changes,
required to build this project with msvc.
Microsoft resource compiler, unlike mingw's windres,
doesn't fully support macros and multi-line strings,
so I had to create a separate resource file for msvc.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
By default CryptBinaryToString used for base64 encoding
adds CRLF every 76 characters or so. As LF is used as
the message delimiter by the management interface, this breaks
handling of static challenge.
Fix by setting CRYPT_STRING_NOCRLF in the flags. With this
change, the trailing '\r\n' removal is no longer required.
Fixes Issue 317: https://github.com/OpenVPN/openvpn-gui/issues/317
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Parent keeping the handle to write end of child's stdout will
cause ERROR_BROKEN_PIPE not signalled if/when the child exits.
Also add a wrapper for CloseHandle()
Fixes the GUI process hanging in read from child
if the latter unexpectedly dies due to some error.
Trac #1203
Signed-off-by: Selva Nair <selva.nair@gmail.com>
When a resource is not found in user's preferred language, first
try the primary language with SUBLANG set to default before
falling back to English.
See: https://github.com/OpenVPN/openvpn-gui/issues/216
Signed-off-by: Selva Nair <selva.nair@gmail.com>
found by cppcheck
[env_set.c:332] -> [env_set.c:333]: (warning) Either the condition '!msg' is redundant or there is possible null pointer dereference: msg.
found by cppcheck
[main.c:457] -> [main.c:457]: (warning) Either the condition 'copy_data->dwData==(WM_APP+15)&&c->hwndStatus&&c' is redundant or there is possible null pointer dereference: c.
As config group is reallocated when full, do not store the pointer to the
parent group. Instead use the id of the group which is invariant across
reallocs. Similarly in connection array store the id of the group
instead of a pointer.
Also
- Do not call ActivateConfigGroups() -- when connections are active:
in this case we want preserve config data structures during rescan.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
fixup
The number of configs is now unlimited. But there is a limit
of 2^16 menu items which permits only about 2^12 configs to be
displayed in the menu. A warning is shown if the number of
configs exceeds this value.
For a responsive menu keep the number of configs under ~1000.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Add a new registry key (DWORD): config_menu_vew
possible values: 0 (auto), 1 (flat), 2 (nested).
Default value is 0 which renders nested menu if the number of
configs is > 50, else displays the current flat view. To force
the flat menu view set it to 1. A value of 2 forces the nested
view even if there are only a few configs.
A new command line option "--config_menu_view n" does the same.
Command line options take precedence over any value set in the
registry.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Shows all configs in a subdirectory grouped into a
submenu entry. This hopefully provided a better UX when
there are more than a few 10's of config files.
- Enabled only if number of configs is > 50 or if the
option config_menu_view is set to 2.
To force the current flat listing, set config_menu_view = 1.
TODO: Make config_menu_view user configurable.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Single configs all by itself in a directory are shown as a
member of the parent directory. This allows keeping every
config in its own directory without causing an additional
level of nesting. Eg., import always put each config in
its own directory.
Improves the menu navigation.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Group all configs in a subdirectory with directory name
as the label.
- If any connection is active, newly found configs are
added to the root group to keep the logic simple.
- Directory hierarchy is scanned up to a depth of 4: i.e.,
config_dir and global_config_dir and its subdirectories
up to 3 levels down.
Only support for scanning configs and attaching group labels
is added here. Rendering the nested menu is the subject of
a later commit.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
When using interactive service, route addition should use the
service. The user may not have privileges to set routes
otherwise. We already override any --route-method set in the
config file as openvpn.exe is started with --msg-channel as the
last option which sets route-method to ROUTE_METHOD_SERVICE.
This patch extends that to pushed --route-method
Also change _T("") to L"" in the edited lines to be explicit about
wide and narrow strings. We no longer support non-unicode builds.
No change when interactive service is not used.
Ref: issue #281
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- This checkbox is inactive and does nothing.
The service-only usage can be still activated using the command
line option --service_only or by editing the registry, but its
not a recommended use case for GUI version 11.0 and above.
See also issue: #264
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- In tray info do not skip the address when v4 ip is absent
- When combining two strings do not add the separator (comma)
if either is empty.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
When openvpn is run with --help option it pops up a help
message and exits when that window is closed. Such instances
cannot accept any commands and should not be treated as a
running instance.
Fix by
(i) When run with --help, promptly release the semaphore used
to restrict to a single running instance.
(ii) Wait for a short interval (200 msec) before timing out of
locking the semaphore. This helps avoid race conditions.
While at it also make sure the semaphore is released and closed
on exit.
Fixes issue: #237
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Implement connection specific env variables. These are merged
with the process environment strings and passed to scripts.
- To set an env variable, use 'echo setenv name value' in the config
or push from the server. This will set "OPENVPN_name=value" in
the connections's env set. Note that "name" is mangled as
"OPENVPN_name" to avoid servers overwriting sensitive variables
such as PATH. Names are set in the order received and same name
overwrites any previously set value.
- Environment variable names are allowed to contain only alpha numeric
characters and underscore as in openvpn.exe. But, unlike openvpn.exe,
invalid names are ignored, not sanitized.
v2 changes (Dec 16, 2017):
- If value is missing, the directive is interpreted as a delete command
and the env var with matching name in the connection's env set is removed.
- Windows needs env block to be ordered:
While merging connection specific env vars with process env block, order
the entries 'alphabetically' (locale independent, case insensitive
unicode ordinal order). In case of duplicates, the value in connection
env set replaces the one in process env.
Signed-off-by: Selva Nair <selva.nair@gmail.com>