_wfopen requires ccs=<encoding> to support writing of
non-ascii text. This was missed in the initial commit.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Download link was outdated.
- Link to docs on configuration pointed to the main page of OpenVPN Inc.
which is hardly helpful -- point to the configuration section of the
HOW TO instead.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Add a function to check flow direction of currently selected
UI language
- Add MB_RIGHT|MB_RTLREADING to message boxes when language is RTL
Note: though we use MessageBoxEx() for popups, and pass langId to it,
buttons like OK/Cancel are not automatically localized. It seems these
get localized based on the current locale, not the langID passed in.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
In bidirectional text, neutral characters like parentheses
and slashes can get interpreted as RTL when not surrounded by
strong LTR characters. This leads to wrong formatting like
"<Copyright <foo@example.com" instead of "Copyright <foo@example.com>"
Workaround by adding explicit right-to-left embedding marker (U+202a).
(Ref: https://www.unicode.org/reports/tr9/)
For trailing slash in URLs, they are just omitted when not really
required.
Some other minor edits:
- Do not translate "OpenVPN Technologies Inc."
- SOCKES --> SOCKS
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Remove description about run-as-admin that is out-dated.
Simply state that the GUI is supposed to be run as a limited user.
- Document persistent connections support in the GUI.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
In case of persistent connections, openvpn.exe is still running
after a disconnect, and another user can restart it without needing
credentials using cached passwords. Avoid this by sending
"forget-passwords" to the management interface before disconnect.
Only persistent connections are affected.
In openvpn.exe versions >= 2.5.8, this will also clear cached
auth_token, if present.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Also remove related variables from configure.ac
as those are unused since we updated resources to be
MSVC compliant.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
CheckServiceStatus() return value is never used - the status
is set to global options_t struct.
While on it, remove unneccessary "false" argument
and reformat the code.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
- ShellExecute with runas is used to elevate
- This Option is hidden if PLAP dll is not found in the
install_path bin folder
- Depends on the presence of openvpn-plap-install.reg
and openvpn-plap-uninstall.reg in the install-path bin
folder.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Connection profiles shown on the login screen using PLAP
requires automatic service that starts openvpn.exe
processes for these profiles.
This commit adds an attempt to start the service from
PLAP dll. The service is started only if any PLAP enabled
profiles are found.
As starting the service can spawn up OpenVPN.exe processes and
the GUI may attach to them, auto-connect in the GUI is
suspended during session lock to leave the connections free to
be controlled from PLAP screen.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
If '--management' option cannot be parsed in the config file of a
persistent profile (due to missing option, unreadable password etc.),
connecting it from the GUI menu fails.
In such cases show an error message instead of silently failing.
The message is shown only during manual connect attempts,
not during auto-connect or resume.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- instantiate OpenVPN PLAP provider which will enumerate configs
in config-auto directory.
- Attempt to connect each config found one after the other
The test program is deliberately written in C++ as that's how most
Windows programs (and likely, LogonUI.exe) may use the COM object.
Note that duplicate configs are ignored, so ensure that config
files in config-auto are not "shadowed" by identical named one's
in user's profile or in global config folder.
Additional notes:
The test program is not linked to the plap dll.
Instead it finds the module using CoGetClassObject,
so the plap dll must be registered in the system.
It also tests dynamically loading the dll from
C:\Program Files\OpenVPN\bin\libopenvpn_plap.dll
which should succeed even if the registration is not
proper.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This header has been recently added to mingw-w64 on our
request. Until its available in released versions,
wget it from mingw-w64's github repo.
Only affects autotools-based builds -- MSVC builds will pick the
native header.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Dialog windows of connections can popup at any time due to
restarts not in user's control. Avoid this by marking current
current profile being connected, and intercepting dialogs for
other profiles.
This is implemented by hooking into management callbacks such as
OnPassword, OnNeedOk etc.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- COM interfaces for ICredentialProvider and
IConnectableCredentialProviderCredential combined
with a trimmed down user-interface implemented as
libopenvpn_plap.dll
- Connections autostarted by OpenVPNService are enumerated
as possible PLAP connections. The user is expected to leave
these in management hold so that "connect" will popup any
required user dialogs.
To use:
- Register the dll as a PLAP provider (see included .reg files)
- The enumerated connections will show up as tiles in the PLAP
screen of the login desktop (secure desktop).
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Early state change from the main thread makes it synchronous and
thus easier to wait on the connection to complete when started
programmatically.
Made use of in Connect() in the PLAP implementation that follows.
Does not affect on the current mode of operation.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Proper parenting is required for PLAP and cannot
hurt in general. The parent window in GUI mode
is the main window. In PLAP it will be the handle
obtained from LogonUI.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
OpenVPN3 doesn't yet support "state"
management command without parameters.
While this has to be fixed on OpenVPN3
side, it doesn't mean that gui could simply crash.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Currently a fixed width is assigned for valid until
column and its not enough for the date in all locales
(e.g., date in Chinese traditional overflows).
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Comments (whole line or trailing segment) are assigned as
a single string to ce->comment. The comment character is
preserved.
- Also some bug fixes and error logging:
Initialize status variable before use
Do not parse escaped single quote (matches openvpn.exe)
Log parsing error
Remove leading "--" from first token
Signed-off-by: Selva Nair <selva.nair@gmail.com>
(i)
State is changed to detached before auto-starting
so that OnHold() will see state = resuming and keep the hold.
State is set to disconnected instead of detached on detach
so that manual starts will release the hold automatically.
End result: While connecting automatically, do not release if
management-hold is on. But while started manually, release
from hold so that connection can complete without further
user action.
In normal use of automatic service, one would not add management
hold into the config. However, if the user disconnects the connection
the GUI puts it on hold, and we do not want to auto-start it after a
lock-unlock or some other automatic action.
(ii)
Also, currently, for persistent connections, the status
window is not shown automatically which feels unnatural in
real use. Instead, popup the status window when connection
is manually initiated. Its not popped up when automatically
attached to or if silent_connection is on.
Only persistent connections are affected by the change.
fixup: config file list is not recreated from scratch when
enable_persistent == 2 (auto attach mode) to avoid losing info
such as auto_connect = false on detached connections.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
When retrying connect() on management socket, log a message.
Especially useful when waiting for a persistent daemon to
come up after an unexpected exit or service disconnect.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Selva Nair