mirror of https://github.com/OpenVPN/openvpn-gui
810 lines
20 KiB
C
810 lines
20 KiB
C
/*
|
|
* OpenVPN-GUI -- A Windows GUI for OpenVPN.
|
|
*
|
|
* Copyright (C) 2004 Mathias Sundman <mathias@nilings.se>
|
|
* 2010 Heiko Hund <heikoh@users.sf.net>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program (see the file COPYING included with this
|
|
* distribution); if not, write to the Free Software Foundation, Inc.,
|
|
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#ifndef DISABLE_CHANGE_PASSWORD
|
|
#include <openssl/pem.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/pkcs12.h>
|
|
|
|
#if defined(_MSC_VER) && !defined(_M_ARM64)
|
|
#include <openssl/applink.c>
|
|
#endif
|
|
|
|
#endif
|
|
|
|
#include <windows.h>
|
|
#include <wincrypt.h>
|
|
|
|
#include "main.h"
|
|
#include "options.h"
|
|
#include "passphrase.h"
|
|
#include "openvpn.h"
|
|
#include "openvpn-gui-res.h"
|
|
#include "chartable.h"
|
|
#include "localization.h"
|
|
#include "misc.h"
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
#include <openssl/provider.h>
|
|
static OSSL_PROVIDER *legacy = NULL;
|
|
#endif
|
|
|
|
extern options_t o;
|
|
|
|
/*
|
|
* Create a random password from the printable ASCII range
|
|
*/
|
|
BOOL
|
|
GetRandomPassword(char *buf, size_t len)
|
|
{
|
|
HCRYPTPROV cp;
|
|
BOOL retval = FALSE;
|
|
unsigned i;
|
|
|
|
if (!CryptAcquireContext(&cp, NULL, NULL, PROV_DSS, CRYPT_VERIFYCONTEXT))
|
|
return FALSE;
|
|
|
|
if (!CryptGenRandom(cp, len, (PBYTE) buf))
|
|
goto out;
|
|
|
|
/* Make sure all values are between 0x21 '!' and 0x7e '~' */
|
|
for (i = 0; i < len; ++i)
|
|
buf[i] = (buf[i] & 0x5d) + 0x21;
|
|
|
|
retval = TRUE;
|
|
out:
|
|
CryptReleaseContext(cp, 0);
|
|
return retval;
|
|
}
|
|
|
|
|
|
#ifndef DISABLE_CHANGE_PASSWORD
|
|
|
|
const int KEYFILE_FORMAT_PKCS12 = 1;
|
|
const int KEYFILE_FORMAT_PEM = 2;
|
|
const int MIN_PASSWORD_LEN = 8;
|
|
|
|
/* Load legacy provider if not fips and not already
|
|
* loaded and return true if explicitly loaded.
|
|
*/
|
|
bool
|
|
load_legacy(void)
|
|
{
|
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
if (EVP_default_properties_is_fips_enabled(NULL)
|
|
|| OSSL_PROVIDER_available(NULL, "legacy"))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
legacy = OSSL_PROVIDER_load(NULL, "legacy");
|
|
if (!legacy)
|
|
{
|
|
MsgToEventLog(EVENTLOG_ERROR_TYPE, L"failed to load legacy provider ");
|
|
}
|
|
return (legacy != NULL);
|
|
#else
|
|
return false;
|
|
#endif /* OPENSSL 3.0+ */
|
|
}
|
|
|
|
void
|
|
unload_legacy(void)
|
|
{
|
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
if (legacy)
|
|
{
|
|
OSSL_PROVIDER_unload(legacy);
|
|
}
|
|
#endif /* OPENSSL 3.0+ */
|
|
}
|
|
|
|
/*
|
|
* Return TRUE if new passwords match
|
|
*/
|
|
static int
|
|
ConfirmNewPassword(HWND hwndDlg)
|
|
{
|
|
TCHAR newpsw[50];
|
|
TCHAR newpsw2[50];
|
|
|
|
GetDlgItemText(hwndDlg, ID_EDT_PASS_NEW, newpsw, _countof(newpsw) - 1);
|
|
GetDlgItemText(hwndDlg, ID_EDT_PASS_NEW2, newpsw2, _countof(newpsw2) - 1);
|
|
|
|
if (_tcsncmp(newpsw, newpsw2, _countof(newpsw)) == 0)
|
|
return true;
|
|
else
|
|
return false;
|
|
}
|
|
|
|
|
|
/*
|
|
* Return lengh of the new password
|
|
*/
|
|
static int
|
|
NewPasswordLengh(HWND hwndDlg)
|
|
{
|
|
TCHAR newpsw[50];
|
|
|
|
GetDlgItemText(hwndDlg, ID_EDT_PASS_NEW, newpsw, _countof(newpsw) - 1);
|
|
|
|
return (_tcslen(newpsw));
|
|
}
|
|
|
|
|
|
static int
|
|
ConvertUnicode2Ascii(WCHAR str_unicode[], char str_ascii[], unsigned int str_ascii_size)
|
|
{
|
|
unsigned int i;
|
|
unsigned int j;
|
|
int illegal_chars = false;
|
|
for (i=0; (i < wcslen(str_unicode)) && (i < (str_ascii_size - 1)); i++)
|
|
{
|
|
for (j=0; j <= 256; j++)
|
|
{
|
|
if (j == 256)
|
|
{
|
|
illegal_chars = true;
|
|
j = 0x2e;
|
|
break;
|
|
}
|
|
if (str_unicode[i] == unicode_to_ascii[j]) break;
|
|
}
|
|
str_ascii[i] = (char) j;
|
|
}
|
|
str_ascii[i] = '\0';
|
|
|
|
if (illegal_chars)
|
|
return(false);
|
|
else
|
|
return(true);
|
|
}
|
|
|
|
|
|
/*
|
|
* ChangePasswordPEM() returns:
|
|
* -1 Wrong password
|
|
* 0 Changing password failed for unknown reason
|
|
* 1 Password changed successfully
|
|
*/
|
|
static int
|
|
ChangePasswordPEM(HWND hwndDlg)
|
|
{
|
|
TCHAR keyfile[MAX_PATH];
|
|
char oldpsw[50];
|
|
char newpsw[50];
|
|
WCHAR oldpsw_unicode[50];
|
|
WCHAR newpsw_unicode[50];
|
|
FILE *fp;
|
|
|
|
EVP_PKEY *privkey;
|
|
|
|
/* Get filename, old_psw and new_psw from Dialog */
|
|
GetDlgItemText(hwndDlg, ID_TXT_KEYFILE, keyfile, _countof(keyfile) - 1);
|
|
GetDlgItemTextW(hwndDlg, ID_EDT_PASS_CUR, oldpsw_unicode, sizeof(oldpsw_unicode)/2 - 1);
|
|
GetDlgItemTextW(hwndDlg, ID_EDT_PASS_NEW, newpsw_unicode, sizeof(newpsw_unicode)/2 - 1);
|
|
|
|
/* Convert Unicode to ASCII (CP850) */
|
|
ConvertUnicode2Ascii(oldpsw_unicode, oldpsw, sizeof(oldpsw));
|
|
if (!ConvertUnicode2Ascii(newpsw_unicode, newpsw, sizeof(newpsw)))
|
|
{
|
|
ShowLocalizedMsg(IDS_ERR_INVALID_CHARS_IN_PSW);
|
|
return(-1);
|
|
}
|
|
|
|
privkey = EVP_PKEY_new();
|
|
|
|
/* Open old keyfile for reading */
|
|
if (! (fp = _tfopen (keyfile, _T("r"))))
|
|
{
|
|
/* can't open key file */
|
|
ShowLocalizedMsg(IDS_ERR_OPEN_PRIVATE_KEY_FILE, keyfile);
|
|
return(0);
|
|
}
|
|
|
|
/* Import old key */
|
|
for (int trial = 0; trial < 2; trial++)
|
|
{
|
|
if ((privkey = PEM_read_PrivateKey (fp, NULL, NULL, oldpsw)))
|
|
{
|
|
break; /* key imported */
|
|
}
|
|
/* try again with legacy provider loaded */
|
|
else if (trial == 0 && load_legacy())
|
|
{
|
|
PrintDebug(L"Private key decrypt failed. Try again with legacy provider");
|
|
rewind(fp);
|
|
continue;
|
|
}
|
|
if (ERR_get_error() == EVP_R_UNSUPPORTED_ALGORITHM)
|
|
{
|
|
MsgToEventLog(EVENTLOG_ERROR_TYPE, L"OpenSSL error: unsupported algorithm");
|
|
}
|
|
unload_legacy();
|
|
|
|
/* wrong password? */
|
|
ShowLocalizedMsg(IDS_ERR_OLD_PWD_INCORRECT);
|
|
fclose(fp);
|
|
return(-1);
|
|
}
|
|
unload_legacy();
|
|
fclose(fp);
|
|
|
|
/* Open keyfile for writing */
|
|
if (! (fp = _tfopen (keyfile, _T("w"))))
|
|
{
|
|
/* can't open file rw */
|
|
ShowLocalizedMsg(IDS_ERR_OPEN_WRITE_KEY, keyfile);
|
|
EVP_PKEY_free(privkey);
|
|
return(0);
|
|
}
|
|
|
|
/* Write new key to file */
|
|
if (strlen(newpsw) == 0)
|
|
{
|
|
/* No passphrase */
|
|
if ( !(PEM_write_PrivateKey(fp, privkey, \
|
|
NULL, NULL, /* Use NO encryption */
|
|
0, 0, NULL)))
|
|
{
|
|
/* error writing new key */
|
|
ShowLocalizedMsg(IDS_ERR_WRITE_NEW_KEY, keyfile);
|
|
EVP_PKEY_free(privkey);
|
|
fclose(fp);
|
|
return(0);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/* Use passphrase */
|
|
if ( !(PEM_write_PKCS8PrivateKey(fp, privkey,
|
|
EVP_aes_256_cbc(),
|
|
newpsw, (int) strlen(newpsw), 0, NULL)))
|
|
{
|
|
/* can't write new key */
|
|
ShowLocalizedMsg(IDS_ERR_WRITE_NEW_KEY, keyfile);
|
|
EVP_PKEY_free(privkey);
|
|
fclose(fp);
|
|
return(0);
|
|
}
|
|
}
|
|
|
|
EVP_PKEY_free(privkey);
|
|
fclose(fp);
|
|
|
|
/* signal success to user */
|
|
ShowLocalizedMsg(IDS_NFO_PWD_CHANGED);
|
|
return(1);
|
|
}
|
|
|
|
|
|
/*
|
|
* ChangePasswordPKCS12() returns:
|
|
* -1 Wrong password
|
|
* 0 Changing password failed for unknown reason
|
|
* 1 Password changed successfully
|
|
*/
|
|
static int
|
|
ChangePasswordPKCS12(HWND hwndDlg)
|
|
{
|
|
TCHAR keyfile[MAX_PATH];
|
|
char oldpsw[50];
|
|
char newpsw[50];
|
|
WCHAR oldpsw_unicode[50];
|
|
WCHAR newpsw_unicode[50];
|
|
FILE *fp;
|
|
|
|
EVP_PKEY *privkey;
|
|
X509 *cert;
|
|
STACK_OF(X509) *ca = NULL;
|
|
PKCS12 *p12;
|
|
char *alias;
|
|
|
|
/* Get filename, old_psw and new_psw from Dialog */
|
|
GetDlgItemText(hwndDlg, ID_TXT_KEYFILE, keyfile, _countof(keyfile) - 1);
|
|
GetDlgItemTextW(hwndDlg, ID_EDT_PASS_CUR, oldpsw_unicode, sizeof(oldpsw_unicode)/2 - 1);
|
|
GetDlgItemTextW(hwndDlg, ID_EDT_PASS_NEW, newpsw_unicode, sizeof(newpsw_unicode)/2 - 1);
|
|
|
|
/* Convert Unicode to ASCII (CP850) */
|
|
ConvertUnicode2Ascii(oldpsw_unicode, oldpsw, sizeof(oldpsw));
|
|
if (!ConvertUnicode2Ascii(newpsw_unicode, newpsw, sizeof(newpsw)))
|
|
{
|
|
ShowLocalizedMsg(IDS_ERR_INVALID_CHARS_IN_PSW);
|
|
return(-1);
|
|
}
|
|
|
|
/* Load the PKCS #12 file */
|
|
if (!(fp = _tfopen(keyfile, _T("rb"))))
|
|
{
|
|
/* error opening file */
|
|
ShowLocalizedMsg(IDS_ERR_OPEN_PRIVATE_KEY_FILE, keyfile);
|
|
return(0);
|
|
}
|
|
p12 = d2i_PKCS12_fp(fp, NULL);
|
|
fclose (fp);
|
|
if (!p12)
|
|
{
|
|
/* error reading PKCS #12 */
|
|
ShowLocalizedMsg(IDS_ERR_READ_PKCS12, keyfile);
|
|
return(0);
|
|
}
|
|
|
|
/* Parse the PKCS #12 file */
|
|
for (int trial = 0; trial < 2; trial++)
|
|
{
|
|
if (PKCS12_parse(p12, oldpsw, &privkey, &cert, &ca))
|
|
{
|
|
break;
|
|
}
|
|
/* try again with legacy provider loaded */
|
|
else if (trial == 0 && load_legacy())
|
|
{
|
|
continue;
|
|
}
|
|
if (ERR_get_error() == EVP_R_UNSUPPORTED_ALGORITHM)
|
|
{
|
|
MsgToEventLog(EVENTLOG_ERROR_TYPE, L"OpenSSL error: unsupported algorithm");
|
|
}
|
|
unload_legacy();
|
|
|
|
/* old password incorrect ? */
|
|
ShowLocalizedMsg(IDS_ERR_OLD_PWD_INCORRECT);
|
|
PKCS12_free(p12);
|
|
return(-1);
|
|
}
|
|
unload_legacy();
|
|
|
|
/* Free old PKCS12 object */
|
|
PKCS12_free(p12);
|
|
|
|
/* Get FriendlyName of old cert */
|
|
alias = (char*) X509_alias_get0(cert, NULL);
|
|
|
|
/* Create new PKCS12 object */
|
|
p12 = PKCS12_create(newpsw, alias, privkey, cert, ca, 0,0,0,0,0);
|
|
if (!p12)
|
|
{
|
|
/* create failed */
|
|
ShowLocalizedMsg(IDS_ERR_CREATE_PKCS12);
|
|
return(0);
|
|
}
|
|
|
|
/* Free old key, cert and ca */
|
|
EVP_PKEY_free(privkey);
|
|
X509_free(cert);
|
|
sk_X509_pop_free(ca, X509_free);
|
|
|
|
/* Open keyfile for writing */
|
|
if (!(fp = _tfopen(keyfile, _T("wb"))))
|
|
{
|
|
ShowLocalizedMsg(IDS_ERR_OPEN_WRITE_KEY, keyfile);
|
|
PKCS12_free(p12);
|
|
return(0);
|
|
}
|
|
|
|
/* Write new key to file */
|
|
i2d_PKCS12_fp(fp, p12);
|
|
|
|
PKCS12_free(p12);
|
|
fclose(fp);
|
|
/* signal success to user */
|
|
ShowLocalizedMsg(IDS_NFO_PWD_CHANGED);
|
|
|
|
return(1);
|
|
}
|
|
|
|
|
|
INT_PTR CALLBACK
|
|
ChangePassphraseDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, UNUSED LPARAM lParam)
|
|
{
|
|
HICON hIcon;
|
|
TCHAR keyfile[MAX_PATH];
|
|
int keyfile_format;
|
|
BOOL Translated;
|
|
|
|
switch (msg) {
|
|
|
|
case WM_INITDIALOG:
|
|
hIcon = LoadLocalizedIcon(ID_ICO_APP);
|
|
if (hIcon) {
|
|
SendMessage(hwndDlg, WM_SETICON, (WPARAM) (ICON_SMALL), (LPARAM) (hIcon));
|
|
SendMessage(hwndDlg, WM_SETICON, (WPARAM) (ICON_BIG), (LPARAM) (hIcon));
|
|
}
|
|
return FALSE;
|
|
|
|
case WM_COMMAND:
|
|
switch (LOWORD(wParam)) {
|
|
|
|
case IDOK:
|
|
|
|
/* Check if the type new passwords match. */
|
|
if (!ConfirmNewPassword (hwndDlg))
|
|
{
|
|
/* passwords don't match */
|
|
ShowLocalizedMsg(IDS_ERR_PWD_DONT_MATCH);
|
|
break;
|
|
}
|
|
|
|
/* Confirm if the new password is empty. */
|
|
if (NewPasswordLengh(hwndDlg) == 0)
|
|
{
|
|
if (ShowLocalizedMsgEx(MB_YESNO, NULL, _T(PACKAGE_NAME), IDS_NFO_EMPTY_PWD) == IDNO)
|
|
break;
|
|
}
|
|
/* Else check minimum length of password */
|
|
else if (NewPasswordLengh(hwndDlg) < MIN_PASSWORD_LEN)
|
|
{
|
|
ShowLocalizedMsg(IDS_ERR_PWD_TO_SHORT, MIN_PASSWORD_LEN);
|
|
break;
|
|
}
|
|
|
|
GetDlgItemText(hwndDlg, ID_TXT_KEYFILE, keyfile, _countof(keyfile) - 1);
|
|
keyfile_format=GetDlgItemInt(hwndDlg, ID_TXT_KEYFORMAT, &Translated, FALSE);
|
|
if (keyfile_format == KEYFILE_FORMAT_PEM)
|
|
{
|
|
/* Change password of a PEM file */
|
|
if (ChangePasswordPEM(hwndDlg) == -1) /* Wrong password */
|
|
break;
|
|
}
|
|
else if (keyfile_format == KEYFILE_FORMAT_PKCS12)
|
|
{
|
|
/* Change password of a .P12 file */
|
|
if (ChangePasswordPKCS12(hwndDlg) == -1) /* Wrong password */
|
|
break;
|
|
}
|
|
else
|
|
{
|
|
/* Unknown key format */
|
|
ShowLocalizedMsg(IDS_ERR_UNKNOWN_KEYFILE_FORMAT);
|
|
}
|
|
|
|
DestroyWindow(hwndDlg);
|
|
break;
|
|
|
|
case IDCANCEL:
|
|
DestroyWindow(hwndDlg);
|
|
break;
|
|
}
|
|
break;
|
|
|
|
|
|
case WM_DESTROY:
|
|
PostQuitMessage(0);
|
|
break;
|
|
|
|
|
|
case WM_CLOSE:
|
|
DestroyWindow(hwndDlg);
|
|
return FALSE;
|
|
|
|
}
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
static int
|
|
LineBeginsWith(char *line, const char *keyword, const unsigned int len)
|
|
{
|
|
if (strncmp(line, keyword, len) == 0)
|
|
{
|
|
if ((line[len] == '\t') || (line[len] == ' '))
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
|
|
static int
|
|
ParseKeyFilenameLine(connection_t *c, TCHAR *keyfilename, size_t keyfilenamesize, char *line)
|
|
{
|
|
const int STATE_INITIAL = 0;
|
|
const int STATE_READING_QUOTED_PARM = 1;
|
|
const int STATE_READING_UNQUOTED_PARM = 2;
|
|
int i=0;
|
|
unsigned int j=0;
|
|
int state = STATE_INITIAL;
|
|
int backslash=0;
|
|
TCHAR temp_filename[MAX_PATH];
|
|
|
|
while(line[i] != '\0')
|
|
{
|
|
if (state == STATE_INITIAL)
|
|
{
|
|
if (line[i] == '\"')
|
|
{
|
|
state=STATE_READING_QUOTED_PARM;
|
|
}
|
|
else if ((line[i] == 0x0A) || (line[i] == 0x0D))
|
|
break;
|
|
else if ((line[i] == ';') || (line[i] == '#'))
|
|
break;
|
|
else if ((line[i] != ' ') && (line[i] != '\t'))
|
|
{
|
|
if (line[i] == '\\')
|
|
{
|
|
if(!backslash)
|
|
{
|
|
keyfilename[j++]=line[i];
|
|
state=STATE_READING_UNQUOTED_PARM;
|
|
backslash=1;
|
|
}
|
|
else
|
|
{
|
|
backslash=0;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (backslash) backslash=0;
|
|
keyfilename[j++]=line[i];
|
|
state=STATE_READING_UNQUOTED_PARM;
|
|
}
|
|
}
|
|
}
|
|
|
|
else if (state == STATE_READING_QUOTED_PARM)
|
|
{
|
|
if (line[i] == '\"')
|
|
break;
|
|
if ((line[i] == 0x0A) || (line[i] == 0x0D))
|
|
break;
|
|
if (line[i] == '\\')
|
|
{
|
|
if (!backslash)
|
|
{
|
|
keyfilename[j++]=line[i];
|
|
backslash=1;
|
|
}
|
|
else
|
|
{
|
|
backslash=0;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (backslash) backslash=0;
|
|
keyfilename[j++]=line[i];
|
|
}
|
|
}
|
|
|
|
else if (state == STATE_READING_UNQUOTED_PARM)
|
|
{
|
|
if (line[i] == '\"')
|
|
break;
|
|
if ((line[i] == 0x0A) || (line[i] == 0x0D))
|
|
break;
|
|
if ((line[i] == ';') || (line[i] == '#'))
|
|
break;
|
|
if (line[i] == ' ')
|
|
break;
|
|
if (line[i] == '\t')
|
|
break;
|
|
if (line[i] == '\\')
|
|
{
|
|
if (!backslash)
|
|
{
|
|
keyfilename[j++]=line[i];
|
|
backslash=1;
|
|
}
|
|
else
|
|
{
|
|
backslash=0;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (backslash) backslash=0;
|
|
keyfilename[j++]=line[i];
|
|
}
|
|
}
|
|
|
|
if (j >= (keyfilenamesize - 1))
|
|
{
|
|
/* key filename to long */
|
|
ShowLocalizedMsg(IDS_ERR_KEY_FILENAME_TO_LONG);
|
|
return(0);
|
|
}
|
|
i++;
|
|
}
|
|
keyfilename[j]='\0';
|
|
|
|
/* Prepend filename with configdir path if needed */
|
|
if ((keyfilename[0] != '\\') && (keyfilename[0] != '/') && (keyfilename[1] != ':'))
|
|
{
|
|
_tcsncpy(temp_filename, c->config_dir, _countof(temp_filename));
|
|
if (temp_filename[_tcslen(temp_filename) - 1] != '\\')
|
|
_tcscat(temp_filename, _T("\\"));
|
|
_tcsncat(temp_filename, keyfilename,
|
|
_countof(temp_filename) - _tcslen(temp_filename) - 1);
|
|
_tcsncpy(keyfilename, temp_filename, keyfilenamesize - 1);
|
|
}
|
|
|
|
return(1);
|
|
}
|
|
|
|
static int
|
|
GetKeyFilename(connection_t *c, TCHAR *keyfilename, size_t keyfilenamesize, int *keyfile_format, bool silent)
|
|
{
|
|
FILE *fp = NULL;
|
|
char line[256];
|
|
int found_key=0;
|
|
int found_pkcs12=0;
|
|
TCHAR configfile_path[MAX_PATH];
|
|
int ret = 0;
|
|
|
|
_tcsncpy(configfile_path, c->config_dir, _countof(configfile_path));
|
|
if (!(configfile_path[_tcslen(configfile_path)-1] == '\\'))
|
|
_tcscat(configfile_path, _T("\\"));
|
|
_tcsncat(configfile_path, c->config_file,
|
|
_countof(configfile_path) - _tcslen(configfile_path) - 1);
|
|
|
|
if (!(fp=_tfopen(configfile_path, _T("r"))))
|
|
{
|
|
/* can't open config file */
|
|
if (!silent)
|
|
ShowLocalizedMsg(IDS_ERR_OPEN_CONFIG, configfile_path);
|
|
goto out;
|
|
}
|
|
|
|
while (fgets(line, sizeof (line), fp))
|
|
{
|
|
if (LineBeginsWith(line, "key", 3))
|
|
{
|
|
if (found_key)
|
|
{
|
|
/* only one key option */
|
|
if (!silent)
|
|
ShowLocalizedMsg(IDS_ERR_ONLY_ONE_KEY_OPTION);
|
|
goto out;
|
|
}
|
|
if (found_pkcs12)
|
|
{
|
|
/* key XOR pkcs12 */
|
|
if (!silent)
|
|
ShowLocalizedMsg(IDS_ERR_ONLY_KEY_OR_PKCS12);
|
|
goto out;
|
|
}
|
|
found_key=1;
|
|
*keyfile_format = KEYFILE_FORMAT_PEM;
|
|
if (!ParseKeyFilenameLine(c, keyfilename, keyfilenamesize, &line[4]))
|
|
goto out;
|
|
}
|
|
if (LineBeginsWith(line, "pkcs12", 6))
|
|
{
|
|
if (found_pkcs12)
|
|
{
|
|
/* only one pkcs12 option */
|
|
if (!silent)
|
|
ShowLocalizedMsg(IDS_ERR_ONLY_ONE_PKCS12_OPTION);
|
|
goto out;
|
|
}
|
|
if (found_key)
|
|
{
|
|
/* only key XOR pkcs12 */
|
|
if (!silent)
|
|
ShowLocalizedMsg(IDS_ERR_ONLY_KEY_OR_PKCS12);
|
|
goto out;
|
|
}
|
|
found_pkcs12=1;
|
|
*keyfile_format = KEYFILE_FORMAT_PKCS12;
|
|
if (!ParseKeyFilenameLine(c, keyfilename, keyfilenamesize, &line[7]))
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
if ((!found_key) && (!found_pkcs12))
|
|
{
|
|
/* must have key or pkcs12 option */
|
|
if (!silent)
|
|
ShowLocalizedMsg(IDS_ERR_HAVE_KEY_OR_PKCS12);
|
|
goto out;
|
|
}
|
|
ret = 1;
|
|
out:
|
|
if (fp)
|
|
fclose(fp);
|
|
return ret;
|
|
}
|
|
|
|
|
|
static DWORD WINAPI
|
|
ChangePassphraseThread(LPVOID data)
|
|
{
|
|
HWND hwndChangePSW;
|
|
MSG messages;
|
|
TCHAR conn_name[100];
|
|
TCHAR keyfilename[MAX_PATH];
|
|
int keyfile_format=0;
|
|
connection_t *c = data;
|
|
|
|
/* Cut of extention from config filename. */
|
|
_tcsncpy(conn_name, c->config_file, _countof(conn_name));
|
|
conn_name[_tcslen(conn_name) - (_tcslen(o.ext_string)+1)]=0;
|
|
|
|
/* Get Key filename from config file */
|
|
if (!GetKeyFilename(c, keyfilename, _countof(keyfilename), &keyfile_format, false))
|
|
{
|
|
ExitThread(1);
|
|
}
|
|
|
|
/* Show ChangePassphrase Dialog */
|
|
hwndChangePSW = CreateLocalizedDialog(ID_DLG_CHGPASS, ChangePassphraseDialogFunc);
|
|
if (!hwndChangePSW)
|
|
ExitThread(1);
|
|
SetDlgItemText(hwndChangePSW, ID_TXT_KEYFILE, keyfilename);
|
|
SetDlgItemInt(hwndChangePSW, ID_TXT_KEYFORMAT, (UINT) keyfile_format, FALSE);
|
|
|
|
SetWindowText(hwndChangePSW, LoadLocalizedString(IDS_NFO_CHANGE_PWD, conn_name));
|
|
|
|
ShowWindow(hwndChangePSW, SW_SHOW);
|
|
|
|
|
|
/* Run the message loop. It will run until GetMessage() returns 0 */
|
|
while (GetMessage (&messages, NULL, 0, 0))
|
|
{
|
|
if(!IsDialogMessage(hwndChangePSW, &messages))
|
|
{
|
|
TranslateMessage(&messages);
|
|
DispatchMessage(&messages);
|
|
}
|
|
}
|
|
|
|
CloseHandle (hwndChangePSW);
|
|
ExitThread(0);
|
|
}
|
|
|
|
|
|
void
|
|
ShowChangePassphraseDialog(connection_t *c)
|
|
{
|
|
HANDLE hThread;
|
|
DWORD IDThread;
|
|
|
|
/* Start a new thread to have our own message-loop for this dialog */
|
|
hThread = CreateThread(NULL, 0, ChangePassphraseThread, c, 0, &IDThread);
|
|
if (hThread == NULL)
|
|
{
|
|
/* error creating thread */
|
|
ShowLocalizedMsg(IDS_ERR_CREATE_PASS_THREAD);
|
|
return;
|
|
}
|
|
CloseHandle (hThread);
|
|
}
|
|
|
|
bool
|
|
CheckKeyFileWriteAccess (connection_t *c)
|
|
{
|
|
TCHAR keyfile[MAX_PATH];
|
|
int format = 0;
|
|
if (!GetKeyFilename (c, keyfile, _countof(keyfile), &format, true))
|
|
return FALSE;
|
|
else
|
|
return CheckFileAccess (keyfile, GENERIC_WRITE);
|
|
}
|
|
|
|
#endif
|