- Parse the management interface address and password
from the config file
- Hide the status Window by default for persistent
connections --- their startup is automated and may
distract the user otherwise. The user can use the
menu to review status when required.
- Seed srand() using threadId instead of time. Although we
use rand() only for cosmetics, the latter is almost
never unique among threads when multiple connections can
get started in a succession with this patch set.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Parse the config-auto folder used by automatic service
and mark these profiles as persistent.
- These connections are marked as auto_connect to try
attaching to them at start up with periodic retry in
case the daemon or service are restarted.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Persistent connections have openvpn.exe daemon started
external to the GUI (e.g., by the automatic service).
This patch adds support for attaching to the management
i/f of such daemons from the GUI and control the connection.
The GUI never stops or starts the openvpn.exe process in this
case. Instead, connect and disconnect buttons signal the
management interface of a running openvpn.exe process to start
the tunnel by attaching to mgmt i/f and sending hold-release if
needed or stop it and wait in management-hold state
(see DisconnectDaemon()).
When the GUI process exits, persistent connections are left in their
current state using DetachOpenVPN().
No connections are marked as persistent as yet. That is done
in a following commit.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Split starting the status thread and launch of the
daemon process (openvpn.exe) into separate functions.
This is useful for implementing control of persistent connections
where the daemon is launched externally: e.g., by the
automatic service.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Add support for selecting pkcs11-id from the GUI.
Requires --management-pkcs11-id in the config file.
This option is not added by the GUI.
A list of all available pkcs11 certificates are presented to the
user with buttons OK, Cancel, Retry. OK submits the selected
entry, Cancel closes the connection, Retry reconstructs the
list of certificates by querying the daemon again. The latter
can be used to retry after inserting a token.
If no certificates are found, a message suggesting to insert
a token and press 'Retry' is displayed.
The list shows the "Issued-to", "Issued-by" names
(usually the subject & issuer common names) and valid-until
date in current locale for each certificate.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Bind a socket and then close to identify
a free port and use it when starting openvpn.exe.
Try port = offset + config-index is first, matching
the current usage, and fallback to a dynamic port if
the former fails.
Trac: #1051
Signed-off-by: Selva Nair <selva.nair@gmail.com>
In some cases the service may take a while to startup openvpn.exe,
causing connection to the management interface to timeout. This could
leave behind the OpenVPN process if/when it eventually starts up.
(Trac 905, 1050).
As errors in starting up the OpenVPN daemon are independently
handled, its better to keep retrying the management interface connection
until aborted due to errors or by the user.
- On timeout, log a message on the status window and retry the
management interface connection
- Eliminate the timed-out state that is no longer used
- Call StopOpenVPN() before abort so that OpenVPN daemon
is not left running in case it starts up later.
- In the unlikely event that OpenManagement() fails, show an error
- User can abort by pressing disconnect
A "retrying.." message is logged on to the status window every
15 seconds.
See Trac: #905, #1050
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This adds optional support for using OpenVPN3 client
as an alternative to openvpn2.
Just replacing one client with another will not work:
- OpenVPN3 doesn't use interactive service, it uses
"agent" service with completely different protocol. OpenVPN GUI
needs to talk to agent using HTTP and JSON.
- OpenVPN3 management interface realtime notifications must be
explicitly turned on in order for GUI to work.
To enable using openvpn3:
- use any of *-ovpn3 presets (cmake build system)
- ./configure --enable-ovpn3 (mingw)
To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine"
radiobutton group in Settings -> Advanced dialog.
OnReady() implementation was slighly changed - "log all on"
replaced with "log on all" - according to management interface
documentation this is the right way to do it, and also OpenVPN3
only supports "on all" order.
Management interface - enabled OpenVPN3 client (omiclient.exe) and
agent (ovpnagent.exe) are now part of openvpn3 repo.
Co-authored-by: Christopher Ng <facboy@gmail.com>
Signed-off-by: Christopher Ng <facboy@gmail.com>
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Escape the username string before passing to management
interface. For other dialogs this is already done.
Move string-escape to a function and process the username
through it.
Also escape space, single quote in addition to double quote
and backslash.
Reported by: Jakob Curdes <jc@info-systems.de>
Signed-off-by: Selva Nair <selva.nair@gmail.com>
* Provide more space for challenge dialog text
We do use a re-sizeable dialog box for dynamic challenge-response
to cater for potentially long lines of challenge text. But the
space specified for the widget is enough for only a single short line
(~60 characters) of text.
Increase the horizontal and vertical space to allow for up to
two lines of ~120 characters per line.
The default size of the Window is not changed. But it is
automatically resized if the space required for the text
is longer than the window width minus some margin. The max
horizontal size of the window is capped at 640 nominal pixels
as longer text will be wrapped in to two lines.
Github issue #468
Signed-off-by: Selva Nair <selva.nair@gmail.com>
%S --> %hs in wide format strings, %ls otherwise
%s --> %ls in wide format strings, unchanged otherwise
%c --> %lc in wide format strings
Resource files together have about 970 lines affected and
were edited by looping through all with
sed -i 's/%S/%hs/g' $file
sed -i 's/%s/%ls/g' $file
All other files were manually changed (about 85 lines).
Recent versions of mingw-w64 implicitly turns on __USE_MINGW_ANSI_STDIO
if _GNU_SOURCE, _XOPEN_SOURCE etc are defined (which we do usei).
This breaks non-standard spec such as %S. Anyway, we have been
gradually getting rid of those.
MSVC builds should not be affected.
v2: multiple occurrences in same line was missed in v1 (/g missing in
sed expression). Fixed.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
When 2FA is enabled, server (such as AS)
replies with HTTP 401 and issues a challenge.
Use existing facilities to parse CRV message
and prompt user for a response, then call REST
method again with encoded response as HTTP auth password.
See https://github.com/OpenVPN/openvpn3/blob/master/doc/webauth.md#challengeresponse-authentication
for more information.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Commit 131c75e5 ("Notify dialog windows when OpenVPN state changes") added callback
function, but forgot to specify __stdcall calling convention with CALLBACK keyword.
This is not an issue for x64 builds, but x86 requires __stdcall calling convention for callbacks,
otherwise compiler throws an error:
Error: D:\a\openvpn-gui\openvpn-gui\openvpn.c(292): error C2440: 'function': cannot convert from 'BOOL (__cdecl *)(HWND,LPARAM)' to 'WNDENUMPROC'
Reported-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Currently we show a messagebox with OK/CANCEL when response is
not required but that cannot handle state change messages.
Instead, show the "GenericPass" dialog with input disabled.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Use a custom message to pass state change notification from OpenVPN
to all top level windows in the thread. Currently only the pending auth
dialog responds to this message by closing when the state changes.
The state change could be due to timeout, errors or success via
out-of-band authentication which makes the dialog no longer valid.
The case of CR_TEXT messages that do not require a response is handled
in the next commit.
See also issue #440https://github.com/OpenVPN/openvpn-gui/issues/440
Signed-off-by: Selva Nair <selva.nair@gmail.com>
As with CRV1, submit an empty string as the response.
Our base64-encode functiton can handle empty input to generate
an empty string as output.
Also make ensure the message box is shown in foreground,
and not dependent on the status window which may be hidden.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
This adds support for crtext method of pending authentication,
used by Access Server 2.7 and newer.
When enabled on the server side and on the client side (IV_SSO=crtext),
server returns AUTH_PENDING with Info command like:
CR_TEXT:R,E:Enter Authenticator Code
Client prompts user for the response and sends base64-encoded response
to the server via management interface command:
cr-response SGFsbG8gV2VsdCE=
See https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (crtext part)
for more information.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This adds support for web-based extra authentication, which may be
used by OpenVPN Cloud. When enabled and client sends IV_SSO=openurl,
server pushes Info command OPEN_URL:<url>. The client opens that URL and
user authenticates.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
In this case, as per management-notes.txt, a CRV1 response with
an empty password should be submitted. Currently we ignore
such "challenges" causing the regular user-auth dialog to be shown
instead.
Fix by displaying the message received from the server. Depending
on user action (OK or CANCEL), a properly formatted reponse with an
empty password is returned or the connection is aborted.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
In private key passphrase and dynamic-challenge/pkcs11 PIN
dialogs:
- Disable the OK button by default
- Require non-empty user input before the OK button is enabled
Signed-off-by: Selva Nair <selva.nair@gmail.com>
We had earlier supported blank passwords or OTPs to be submitted. Change
this by enabling the OK button only if some minimal inputs are present.
- In static challenge dialog require username and either password or
challenge-reponse (OTP) fields to be non-empty
- In normal user-auth dialog require username and password to be non-empty
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Process four new echo commands to construct messages to be
displayed to the user:
echo msg message-text
echo msg-n message-text
echo msg-window message-title
echo msg-notify message-title
Note: All rules of push and echo processing apply and determine
what is received as echo commands by the GUI. In addition,
'url-encoded' characters (% followed by two hex digits) are
decoded and displayed.
The message is constructed in the GUI by concatenating the text
specified in one or more "echo msg text" or "echo msg-n text"
commands. In case of "echo msg text" text is appended with a new
line. An empty text in this case will
just add a new line.
The message ends and gets displayed when one of the following
are receieved:
echo msg-window title
echo msg-notify title
where "title" becomes the title of the message window. In case of
msg-window, a modeless window shows the message, in the latter case
a notification balloon is shown.
Example: when pushed from the server:
push "echo msg I say let the world go to hell%2C"
push "echo msg I must have my cup of tea."
push "echo msg-window Notes from the underground"
will display a modeless window with title
"Notes from the underground" and a two line body
--
I say let the world go to hell,
I must have my cup of tea.
--
Note that the message itself is not quoted in the above examples
and so it relies on the server's option-parser combining
individual words into a space separated string. Number of words
on a line is limited by the maximum number of parameters allowed
in openvpn commands (16). This limitation may be avoided by quoting
the text that follows so that the option parser sees it as one
parameter.
The comma character is not allowed in pushed strings, so
it has to be sent encoded as %2C as shown above.
Such encoding of arbitrary bytes is suppored. For example,
newlines may be embedded as %0A, though discouraged. Instead
use multiple "echo msg" commands to separate lines by new line.
An example with embedded spaces and multiple lines concatenated
without a new line in between (note use of single quotes):
push "echo msg-n I swear to you gentlemen%2C that to be"
push "echo msg-n ' overly conscious is a sickness%2C ' "
push "echo msg-n a real%2C thorough sickness."
push "echo msg-notify Quote of the Day"
will show up as a notification that displays for an
OS-dependent interval as:
--
Quote of the Day
I swear to you gentlemen, that to be overly conscious
is a sickness, a real, thorough sickness.
--
where the location of the line break is automatically determined
by the notification API and is OS version-dependent.
Commands like "echo msg ..." in the config file are also
processed the same way. It gets displayed when the GUI connects
to the management interface and receives all pending echo.
Pushed message(s) get displayed when the client daemon
processes push-reply and passes on echo directives to the
GUI.
TODO: The actual window that displays the messages is
implemented in the next commit.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Currently we pop up the status window on double click only
if one connection is active though there is no strong reason to
limit this behaviour. In fact, when multiple connections are
stuck in the connecting state, its very useful to have a quick
way to examine their progress instead of having to drill down
the menu. Especially so when nested menu is in use.
A random variation of up to 100 pixel is added to the initial
position of the status window to avoid all windows falling on
top of each other.
To prevent an explosion of new windows in the very unlikely event
of numerous active connections, restrict the maximum windows
shown to 10.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
We didn't use interactive service when gui was running
under admin because of some privilege escalation vulnerability in Vista.
Apparently this issue doesn't exist on Win7 and newer versions so
it is safe to use iservice on those systems.
Introduce "Always use interactive service" option,
which is "on" by default. This should enable users,
who by various reasons run gui as admin, use Wintun.
When gui is running as admin and interactive service
cannot be started or not installed, warn that wintun will not work.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
The current code re-issues the next read request in the I/O
completion routine before the previous message is fully handled.
This could potentially lead to lost messages as the message buffer
is reused.
Fix by re-queuing the next read from OnService() after duplicating
the previous message.
The length check of the read message is omitted as it is implicitly
checked when scanning the message. Makes the logic simpler.
Reported by Lev Stipakov <lstipakov@gmail.com>
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Parent keeping the handle to write end of child's stdout will
cause ERROR_BROKEN_PIPE not signalled if/when the child exits.
Also add a wrapper for CloseHandle()
Fixes the GUI process hanging in read from child
if the latter unexpectedly dies due to some error.
Trac #1203
Signed-off-by: Selva Nair <selva.nair@gmail.com>
When using interactive service, route addition should use the
service. The user may not have privileges to set routes
otherwise. We already override any --route-method set in the
config file as openvpn.exe is started with --msg-channel as the
last option which sets route-method to ROUTE_METHOD_SERVICE.
This patch extends that to pushed --route-method
Also change _T("") to L"" in the edited lines to be explicit about
wide and narrow strings. We no longer support non-unicode builds.
No change when interactive service is not used.
Ref: issue #281
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Implement connection specific env variables. These are merged
with the process environment strings and passed to scripts.
- To set an env variable, use 'echo setenv name value' in the config
or push from the server. This will set "OPENVPN_name=value" in
the connections's env set. Note that "name" is mangled as
"OPENVPN_name" to avoid servers overwriting sensitive variables
such as PATH. Names are set in the order received and same name
overwrites any previously set value.
- Environment variable names are allowed to contain only alpha numeric
characters and underscore as in openvpn.exe. But, unlike openvpn.exe,
invalid names are ignored, not sanitized.
v2 changes (Dec 16, 2017):
- If value is missing, the directive is interpreted as a delete command
and the env var with matching name in the connection's env set is removed.
- Windows needs env block to be ordered:
While merging connection specific env vars with process env block, order
the entries 'alphabetically' (locale independent, case insensitive
unicode ordinal order). In case of duplicates, the value in connection
env set replaces the one in process env.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
After a failure the auth-pass dialog is shown with the password
field prefilled but highlighted. This allows the user to easily
overwrite the password or resubmit the old password if the
failure was temporary.
After a private key passphrase failure, the dialog is not
prefilled with saved password as this failure happens locally
and in such cases the password is very likely wrong.
If the user aborts the dialog by pressing cancel, the saved
password will get used during the next connection attempt.
Wrong username or password warning text is changed to: "Wrong
credentials".
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- As disable_save_passwords may be enforced system-wide by an Administrator,
"echo save-passwords" should not be allowed to over-ride it. This was
overlooked in commit d4090a8842.
Fix it by ignoring this echo directive if disable_save_passwords is in
effect. Also write a log message to the status window.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Show the assigned IP numbers, traffic stats (bytes in/out), and
the GUI and OpenVPN core versions on the status window.
Note: IDS_TXT_BYTECOUNT = "Bytes in: %s out %s" needs translation.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- New option --command <action> <params> to send commands to
a running instance of openvpn-gui.exe
Supported actions are
connect, disconnect, reconnect
each of which takes the name of the config (with or without the
extension .ovpn) as a parameter;
disconnect_all, exit
which take no parameter and
silent_connection
which takes an optional parameter = 0 or 1 (1 is the default)
Examples: with the gui running, start a new instance as
openvpn-gui.exe --command disconnect myvpn : ask running instance
to disconnect myvpn if connected
openvpn-gui.exe --command status myvpn : ask running instance
to show the status window for myvpn if available
openvpn-gui.exe --command disconnect_all : ask running instance
to disconnect all active connections
- The second instance exits after issuing a SendMessage to the
already running instance. If no action is specified, the running
instance is notified to show a balloon to alert the user
- These messages may also be sent from scripts as COPYDATA messages
with the wData element specifying the action to execute and lpData
a pointer to the parameter. The dwData param must be one of
WM_OVPN_xxx with xxx = START, STOP, RESTART, STOPALL, EXIT or
SILENT. See main.h for their values.
v2: Bug fixes based on test reports from larson0815
here: https://github.com/selvanair/openvpn-gui/issues/5
and cron410 here: https://github.com/OpenVPN/openvpn-gui/issues/104
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- This works the same way as restart button in the status window
but is more conveniently accessible from the tray menu.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- This case was missed by commit 5fb23f6ad9 that introduced
automatic username/password submission.
- Also avoid auto submit if the recalled password is an empty
string.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Effective only when username and password are saved.
- The user may interrupt auto submission and edit the username/password.
- If silent_connection is on the dialog is bypassed without any delay.
v2 changes:
- Display message in normal text color and show remaining time
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Flag password and username input if these contain an invalid character
(currently only embedded '\n' is disallowed). Shows a popup when OK
is pressed so that the user can correct the input and resubmit.
- Add an error message to the log when the management i/f returns
ERROR for incorrectly parsed commands. Otherwise such errors go
unnoticed.
Note: IDS_ERR_INVALID_USERNAME/PASSWORD need translations.
Reported and tested by: Florian Beier (H4ndl3 on github)
Fixes Trac: #958
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Change text color of log lines with flags = W, N, F
v2: replace strchr with memchr to avoid modifying line
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- "Wrong username or password" message shown in the auth userpass dialog after
an auth failure
- "Wrong password" message shown in the private key password dialog after a
password failure.
These message texts are colored red by default (TODO: make the color customizable)
Signed-off-by: Selva Nair <selva.nair@gmail.com>