Parent keeping the handle to write end of child's stdout will
cause ERROR_BROKEN_PIPE not signalled if/when the child exits.
Also add a wrapper for CloseHandle()
Fixes the GUI process hanging in read from child
if the latter unexpectedly dies due to some error.
Trac #1203
Signed-off-by: Selva Nair <selva.nair@gmail.com>
When openvpn is run with --help option it pops up a help
message and exits when that window is closed. Such instances
cannot accept any commands and should not be treated as a
running instance.
Fix by
(i) When run with --help, promptly release the semaphore used
to restrict to a single running instance.
(ii) Wait for a short interval (200 msec) before timing out of
locking the semaphore. This helps avoid race conditions.
While at it also make sure the semaphore is released and closed
on exit.
Fixes issue: #237
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Implement connection specific env variables. These are merged
with the process environment strings and passed to scripts.
- To set an env variable, use 'echo setenv name value' in the config
or push from the server. This will set "OPENVPN_name=value" in
the connections's env set. Note that "name" is mangled as
"OPENVPN_name" to avoid servers overwriting sensitive variables
such as PATH. Names are set in the order received and same name
overwrites any previously set value.
- Environment variable names are allowed to contain only alpha numeric
characters and underscore as in openvpn.exe. But, unlike openvpn.exe,
invalid names are ignored, not sanitized.
v2 changes (Dec 16, 2017):
- If value is missing, the directive is interpreted as a delete command
and the env var with matching name in the connection's env set is removed.
- Windows needs env block to be ordered:
While merging connection specific env vars with process env block, order
the entries 'alphabetically' (locale independent, case insensitive
unicode ordinal order). In case of duplicates, the value in connection
env set replaces the one in process env.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- New option --command <action> <params> to send commands to
a running instance of openvpn-gui.exe
Supported actions are
connect, disconnect, reconnect
each of which takes the name of the config (with or without the
extension .ovpn) as a parameter;
disconnect_all, exit
which take no parameter and
silent_connection
which takes an optional parameter = 0 or 1 (1 is the default)
Examples: with the gui running, start a new instance as
openvpn-gui.exe --command disconnect myvpn : ask running instance
to disconnect myvpn if connected
openvpn-gui.exe --command status myvpn : ask running instance
to show the status window for myvpn if available
openvpn-gui.exe --command disconnect_all : ask running instance
to disconnect all active connections
- The second instance exits after issuing a SendMessage to the
already running instance. If no action is specified, the running
instance is notified to show a balloon to alert the user
- These messages may also be sent from scripts as COPYDATA messages
with the wData element specifying the action to execute and lpData
a pointer to the parameter. The dwData param must be one of
WM_OVPN_xxx with xxx = START, STOP, RESTART, STOPALL, EXIT or
SILENT. See main.h for their values.
v2: Bug fixes based on test reports from larson0815
here: https://github.com/selvanair/openvpn-gui/issues/5
and cron410 here: https://github.com/OpenVPN/openvpn-gui/issues/104
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Flag password and username input if these contain an invalid character
(currently only embedded '\n' is disallowed). Shows a popup when OK
is pressed so that the user can correct the input and resubmit.
- Add an error message to the log when the management i/f returns
ERROR for incorrectly parsed commands. Otherwise such errors go
unnoticed.
Note: IDS_ERR_INVALID_USERNAME/PASSWORD need translations.
Reported and tested by: Florian Beier (H4ndl3 on github)
Fixes Trac: #958
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Add a base64 decode function using Windows CyptoAPI
- Move multibyte to widechar conversions to a function
- Add config name to caption of password dialogs to help user
identify the request
- Add new dialog template for generic password/PIN requests
and use it to handle dynamic challenge
Note 1: if dynamic challenge response verification fails, an auth-failed
message is returned by the server causing the GUI to clear any saved
password even if the user-auth dialog itself succeeeded.
Note 2: Dialog template ID_DLG_CHALLENGE_RESPONSE added to language
files may require translation.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Replace allow_password by a runtime check that enables password
change menu only when the user has write-access to the key file.
- Read exe_path and priority from HKLM and do not duplicate in HKCU.
- Always allow the user to view the config: edit will succeed if user
has write access.
- Always include the proxy settings tab which is the default.
- Remove the unused power event handling and disconnect_on_suspend key.
- Remove password_attempts -- user can stop the password dilaog
by clicking cancel.
- Remove allow_service: implicitly enabled if service_only is used.
- Deprecate removed options in cmd-line parser
- Update README.rst
- Close config file before exit in GetKeyFileName
- Close thread and dialog handles in passphrase.c
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Connecting to a named pipe server while running with admin rights is not
secure in some windows versions. As the interactive service is not required
to set routes while running as admin, this looks like a safe compromise.
Fix based on feedback from Heiko Hund
- Move IsUserAdmin() check before opening the service pipe
Signed-off-by: Selva Nair <selva.nair@gmail.com>
[openvpn_config.c:194]: (style) The function 'ConfigFileOptionExist' is never used.
[localization.c:299]: (style) The function 'LocalizedDialogBox' is never used.
[main.c:549]: (style) The function 'PrintErrorDebug' is never used.
[main.c:583]: (style) The function 'init_security_attributes_allow_all' is never used.
[misc.c:180]: (style) The function 'wcseq' is never used.
Proxy settings are fetched from the users Internet Options
for the active connection. If WPAD or a PAC script is configured
they are preferred and used for automatic proxy detection.
Proxy bypass configuration is completely ignored.
Selva Nair