mirror of https://github.com/OpenVPN/openvpn-gui
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2790 lines
86 KiB
2790 lines
86 KiB
/* |
|
* OpenVPN-GUI -- A Windows GUI for OpenVPN. |
|
* |
|
* Copyright (C) 2004 Mathias Sundman <mathias@nilings.se> |
|
* 2010 Heiko Hund <heikoh@users.sf.net> |
|
* 2016 Selva Nair <selva.nair@gmail.com> |
|
* |
|
* This program is free software; you can redistribute it and/or modify |
|
* it under the terms of the GNU General Public License as published by |
|
* the Free Software Foundation; either version 2 of the License, or |
|
* (at your option) any later version. |
|
* |
|
* This program is distributed in the hope that it will be useful, |
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
* GNU General Public License for more details. |
|
* |
|
* You should have received a copy of the GNU General Public License |
|
* along with this program (see the file COPYING included with this |
|
* distribution); if not, write to the Free Software Foundation, Inc., |
|
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
*/ |
|
|
|
#ifdef HAVE_CONFIG_H |
|
#include <config.h> |
|
#endif |
|
|
|
#include <windows.h> |
|
#include <windowsx.h> |
|
#include <versionhelpers.h> |
|
#include <tchar.h> |
|
#include <stdlib.h> |
|
#include <stdio.h> |
|
#include <process.h> |
|
#include <richedit.h> |
|
#include <time.h> |
|
#include <commctrl.h> |
|
|
|
#ifndef WM_DPICHANGED |
|
#define WM_DPICHANGED 0x02E0 |
|
#endif |
|
|
|
#ifdef ENABLE_OVPN3 |
|
#include <json-c/json.h> |
|
#endif |
|
|
|
#include "tray.h" |
|
#include "main.h" |
|
#include "openvpn.h" |
|
#include "openvpn_config.h" |
|
#include "openvpn-gui-res.h" |
|
#include "options.h" |
|
#include "scripts.h" |
|
#include "viewlog.h" |
|
#include "proxy.h" |
|
#include "passphrase.h" |
|
#include "localization.h" |
|
#include "misc.h" |
|
#include "access.h" |
|
#include "save_pass.h" |
|
#include "env_set.h" |
|
#include "echo.h" |
|
#include "pkcs11.h" |
|
|
|
#define OPENVPN_SERVICE_PIPE_NAME_OVPN2 L"\\\\.\\pipe\\openvpn\\service" |
|
#define OPENVPN_SERVICE_PIPE_NAME_OVPN3 L"\\\\.\\pipe\\ovpnagent" |
|
|
|
extern options_t o; |
|
|
|
static BOOL TerminateOpenVPN(connection_t *c); |
|
static BOOL LaunchOpenVPN(connection_t *c); |
|
|
|
const TCHAR *cfgProp = _T("conn"); |
|
|
|
void |
|
free_auth_param (auth_param_t *param) |
|
{ |
|
if (!param) |
|
return; |
|
free (param->str); |
|
free (param->id); |
|
free (param->user); |
|
free (param->cr_response); |
|
free (param); |
|
} |
|
|
|
void |
|
AppendTextToCaption (HANDLE hwnd, const WCHAR *str) |
|
{ |
|
WCHAR old[256]; |
|
WCHAR new[256]; |
|
GetWindowTextW (hwnd, old, _countof(old)); |
|
_sntprintf_0 (new, L"%ls (%ls)", old, str); |
|
SetWindowText (hwnd, new); |
|
} |
|
|
|
/* |
|
* Show an error tooltip with msg attached to the specified |
|
* editbox handle. |
|
*/ |
|
static void |
|
show_error_tip(HWND editbox, const WCHAR *msg) |
|
{ |
|
EDITBALLOONTIP bt; |
|
bt.cbStruct = sizeof(EDITBALLOONTIP); |
|
bt.pszText = msg; |
|
bt.pszTitle = L"Invalid input"; |
|
bt.ttiIcon = TTI_ERROR_LARGE; |
|
|
|
SendMessage(editbox, EM_SHOWBALLOONTIP, 0, (LPARAM)&bt); |
|
} |
|
|
|
/* |
|
* Receive banner on connection to management interface |
|
* Format: <BANNER> |
|
*/ |
|
void |
|
OnReady(connection_t *c, UNUSED char *msg) |
|
{ |
|
ManagementCommand(c, "state on", NULL, regular); |
|
ManagementCommand(c, "log on all", OnLogLine, combined); |
|
ManagementCommand(c, "echo on all", OnEcho, combined); |
|
ManagementCommand(c, "bytecount 5", NULL, regular); |
|
|
|
/* ask for the current state, especially useful when the daemon was prestarted */ |
|
ManagementCommand(c, "state", OnStateChange, regular); |
|
|
|
if (c->flags & FLAG_DAEMON_PERSISTENT |
|
&& o.enable_persistent == 2) |
|
{ |
|
c->auto_connect = true; |
|
} |
|
} |
|
|
|
|
|
/* |
|
* Handle the request to release a hold from the OpenVPN management interface |
|
*/ |
|
void |
|
OnHold(connection_t *c, UNUSED char *msg) |
|
{ |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_RESTART), TRUE); |
|
if ((c->flags & FLAG_DAEMON_PERSISTENT) |
|
&& (c->state == disconnecting || c->state == resuming)) |
|
{ |
|
/* retain the hold state if we are here while disconnecting */ |
|
c->state = onhold; |
|
SetMenuStatus(c, onhold); |
|
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_ONHOLD)); |
|
SetStatusWinIcon(c->hwndStatus, ID_ICO_DISCONNECTED); |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), FALSE); |
|
CheckAndSetTrayIcon(); |
|
return; |
|
} |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), TRUE); |
|
ManagementCommand(c, "hold off", NULL, regular); |
|
ManagementCommand(c, "hold release", NULL, regular); |
|
} |
|
|
|
/* |
|
* Handle a log line from the OpenVPN management interface |
|
* Format <TIMESTAMP>,<FLAGS>,<MESSAGE> |
|
*/ |
|
void |
|
OnLogLine(connection_t *c, char *line) |
|
{ |
|
HWND logWnd = GetDlgItem(c->hwndStatus, ID_EDT_LOG); |
|
char *flags, *message; |
|
time_t timestamp; |
|
TCHAR *datetime; |
|
const SETTEXTEX ste = { |
|
.flags = ST_SELECTION, |
|
.codepage = CP_UTF8 |
|
}; |
|
|
|
flags = strchr(line, ',') + 1; |
|
if (flags - 1 == NULL) |
|
return; |
|
|
|
message = strchr(flags, ',') + 1; |
|
if (message - 1 == NULL) |
|
return; |
|
size_t flag_size = message - flags - 1; /* message is always > flags */ |
|
|
|
/* Remove lines from log window if it is getting full */ |
|
if (SendMessage(logWnd, EM_GETLINECOUNT, 0, 0) > MAX_LOG_LINES) |
|
{ |
|
int pos = SendMessage(logWnd, EM_LINEINDEX, DEL_LOG_LINES, 0); |
|
SendMessage(logWnd, EM_SETSEL, 0, pos); |
|
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) _T("")); |
|
} |
|
|
|
timestamp = strtol(line, NULL, 10); |
|
datetime = _tctime(×tamp); |
|
datetime[24] = _T(' '); |
|
|
|
/* deselect current selection, if any */ |
|
SendMessage(logWnd, EM_SETSEL, (WPARAM) -1, (LPARAM) -1); |
|
|
|
/* change text color if Warning or Error */ |
|
COLORREF text_clr = 0; |
|
|
|
if (memchr(flags, 'N', flag_size) || memchr(flags, 'F', flag_size)) |
|
text_clr = o.clr_error; |
|
else if (memchr(flags, 'W', flag_size)) |
|
text_clr = o.clr_warning; |
|
|
|
if (text_clr != 0) |
|
{ |
|
CHARFORMAT cfm = { .cbSize = sizeof(CHARFORMAT), |
|
.dwMask = CFM_COLOR|CFM_BOLD, |
|
.dwEffects = 0, |
|
.crTextColor = text_clr, |
|
}; |
|
SendMessage(logWnd, EM_SETCHARFORMAT, SCF_SELECTION, (LPARAM) &cfm); |
|
} |
|
|
|
/* Append line to log window */ |
|
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) datetime); |
|
SendMessage(logWnd, EM_SETTEXTEX, (WPARAM) &ste, (LPARAM) message); |
|
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) _T("\n")); |
|
} |
|
|
|
/* expect ipv4,remote,port,,,ipv6 */ |
|
static void |
|
parse_assigned_ip(connection_t *c, const char *msg) |
|
{ |
|
char *sep; |
|
CLEAR(c->ip); |
|
CLEAR(c->ipv6); |
|
|
|
/* extract local ipv4 address if available*/ |
|
sep = strchr(msg, ','); |
|
if (sep == NULL) |
|
return; |
|
|
|
/* Convert the IP address to Unicode */ |
|
if (sep - msg > 0 |
|
&& MultiByteToWideChar(CP_UTF8, 0, msg, sep-msg, c->ip, _countof(c->ip)-1) == 0) |
|
{ |
|
WriteStatusLog(c, L"GUI> ", L"Failed to extract the assigned ipv4 address (error = %d)", |
|
GetLastError()); |
|
c->ip[0] = L'\0'; |
|
} |
|
|
|
/* extract local ipv6 address if available */ |
|
|
|
/* skip 4 commas */ |
|
for (int i = 0; i < 4 && sep; i++) |
|
{ |
|
sep = strchr(sep + 1, ','); |
|
} |
|
if (!sep) |
|
return; |
|
|
|
sep++; /* start of ipv6 address */ |
|
/* Convert the IP address to Unicode */ |
|
if (MultiByteToWideChar(CP_UTF8, 0, sep, -1, c->ipv6, _countof(c->ipv6)-1) == 0) |
|
{ |
|
WriteStatusLog(c, L"GUI> ", L"Failed to extract the assigned ipv6 address (error = %d)", |
|
GetLastError()); |
|
c->ipv6[0] = L'\0'; |
|
} |
|
} |
|
|
|
/* |
|
* Send a custom message to Window hwnd when state changes |
|
* hwnd : handle of the window to which the message is sent |
|
* lParam : pointer to the state string (char *) received from |
|
* OpenVPN daemon (e., "CONNECTED") |
|
* The function signature matches callback for EnumThreadWindows. |
|
*/ |
|
BOOL CALLBACK |
|
NotifyStateChange(HWND hwnd, LPARAM lParam) |
|
{ |
|
SendMessage(hwnd, WM_OVPN_STATE, 0, lParam); |
|
return TRUE; |
|
} |
|
|
|
/* |
|
* Handle a state change notification from the OpenVPN management interface |
|
* Format <TIMESTAMP>,<STATE>,[<MESSAGE>],[<LOCAL_IP>][,<REMOTE_IP>] |
|
*/ |
|
void |
|
OnStateChange(connection_t *c, char *data) |
|
{ |
|
char *pos, *state, *message; |
|
|
|
if (data == NULL) |
|
return; |
|
|
|
pos = strchr(data, ','); |
|
if (pos == NULL) |
|
return; |
|
*pos = '\0'; |
|
|
|
state = pos + 1; |
|
pos = strchr(state, ','); |
|
if (pos == NULL) |
|
return; |
|
*pos = '\0'; |
|
|
|
message = pos + 1; |
|
pos = strchr(message, ','); |
|
if (pos == NULL) |
|
return; |
|
*pos = '\0'; |
|
|
|
/* notify the all windows in the thread of state change */ |
|
EnumThreadWindows(GetCurrentThreadId(), NotifyStateChange, (LPARAM) state); |
|
|
|
strncpy_s(c->daemon_state, _countof(c->daemon_state), state, _TRUNCATE); |
|
|
|
if (strcmp(state, "CONNECTED") == 0) |
|
{ |
|
parse_assigned_ip(c, pos + 1); |
|
} |
|
if (strcmp(state, "CONNECTED") == 0 && strcmp(message, "SUCCESS") == 0) |
|
{ |
|
/* concatenate ipv4 and ipv6 addresses into one string */ |
|
WCHAR ip_txt[256]; |
|
WCHAR ip[64]; |
|
wcs_concat2(ip, _countof(ip), c->ip, c->ipv6, L", "); |
|
LoadLocalizedStringBuf(ip_txt, _countof(ip_txt), IDS_NFO_ASSIGN_IP, ip); |
|
|
|
/* Run Connect Script */ |
|
if (!(c->flags & FLAG_DAEMON_PERSISTENT) |
|
&& (c->state == connecting || c->state == resuming)) |
|
{ |
|
RunConnectScript(c, false); |
|
} |
|
|
|
/* Show connection tray balloon */ |
|
if ((c->state == connecting && o.show_balloon != 0) |
|
|| (c->state == resuming && o.show_balloon != 0) |
|
|| (c->state == reconnecting && o.show_balloon == 2)) |
|
{ |
|
TCHAR msg[256]; |
|
LoadLocalizedStringBuf(msg, _countof(msg), IDS_NFO_NOW_CONNECTED, c->config_name); |
|
ShowTrayBalloon(msg, (ip[0] ? ip_txt : _T(""))); |
|
} |
|
|
|
/* Save time when we got connected. */ |
|
c->connected_since = atoi(data); |
|
c->failed_psw_attempts = 0; |
|
c->failed_auth_attempts = 0; |
|
c->state = connected; |
|
|
|
SetMenuStatus(c, connected); |
|
SetTrayIcon(connected); |
|
|
|
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_CONNECTED)); |
|
SetDlgItemTextW(c->hwndStatus, ID_TXT_IP, ip_txt); |
|
SetStatusWinIcon(c->hwndStatus, ID_ICO_CONNECTED); |
|
|
|
/* Hide Status Window */ |
|
ShowWindow(c->hwndStatus, SW_HIDE); |
|
} |
|
else if (strcmp(state, "RECONNECTING") == 0) |
|
{ |
|
if (!c->dynamic_cr) |
|
{ |
|
if (strcmp(message, "auth-failure") == 0) |
|
c->failed_auth_attempts++; |
|
else if (strcmp(message, "private-key-password-failure") == 0) |
|
c->failed_psw_attempts++; |
|
} |
|
|
|
echo_msg_clear(c, false); /* do not clear history */ |
|
// We change the state to reconnecting only if there was a prior successful connection. |
|
if (c->state == connected) |
|
{ |
|
c->state = reconnecting; |
|
|
|
// Update the tray icon |
|
CheckAndSetTrayIcon(); |
|
|
|
// And the texts in the status window |
|
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_RECONNECTING)); |
|
SetDlgItemTextW(c->hwndStatus, ID_TXT_IP, L""); |
|
SetStatusWinIcon(c->hwndStatus, ID_ICO_CONNECTING); |
|
} |
|
} |
|
} |
|
|
|
static void |
|
SimulateButtonPress(HWND hwnd, UINT btn) |
|
{ |
|
SendMessage(hwnd, WM_COMMAND, MAKEWPARAM(btn, BN_CLICKED), (LPARAM)GetDlgItem(hwnd, btn)); |
|
} |
|
|
|
/* A private struct to keep autoclose parameters */ |
|
typedef struct autoclose { |
|
UINT start; /* start time in msec */ |
|
UINT timeout; /* timeout in msec at which autoclose triggers */ |
|
UINT btn; /* button which is 'pressed' for autoclose */ |
|
UINT txtid; /* id of a text control to display an informaltional message */ |
|
UINT txtres; /* resource id of localized text to use for message: |
|
LoadLocalizedString(txtid, time_remaining_in_seconds) |
|
is used to generate the message */ |
|
COLORREF txtclr; /* color for message text */ |
|
} autoclose; |
|
|
|
/* Cancel scheduled auto close of a dialog */ |
|
static void |
|
AutoCloseCancel(HWND hwnd) |
|
{ |
|
autoclose *ac = (autoclose *)GetProp(hwnd, L"AutoClose"); |
|
if (!ac) |
|
return; |
|
|
|
if (ac->txtid) |
|
SetDlgItemText(hwnd, ac->txtid, L""); |
|
KillTimer(hwnd, 1); |
|
RemoveProp(hwnd, L"AutoClose"); |
|
free(ac); |
|
} |
|
|
|
/* Called when autoclose timer expires. */ |
|
static void CALLBACK |
|
AutoCloseHandler(HWND hwnd, UINT UNUSED msg, UINT_PTR id, DWORD now) |
|
{ |
|
autoclose *ac = (autoclose *)GetProp(hwnd, L"AutoClose"); |
|
if (!ac) |
|
return; |
|
|
|
UINT end = ac->start + ac->timeout; |
|
if (now >= end) |
|
{ |
|
SimulateButtonPress(hwnd, ac->btn); |
|
AutoCloseCancel(hwnd); |
|
} |
|
else |
|
{ |
|
SetDlgItemText(hwnd, ac->txtid, LoadLocalizedString(ac->txtres, (end - now)/1000)); |
|
SetTimer(hwnd, id, 500, AutoCloseHandler); |
|
} |
|
} |
|
|
|
/* Schedule an event to automatically activate specified btn after timeout seconds. |
|
* Used for automatically closing a dialog after some delay unless user interrupts. |
|
* Optionally a txtid and txtres resource may be specified to display a message. |
|
* %u in the message is replaced by time remaining before timeout will trigger. |
|
* Call AutoCloseCancel to cancel the scheduled event and clear the displayed |
|
* text. |
|
*/ |
|
static void |
|
AutoCloseSetup(HWND hwnd, UINT btn, UINT timeout, UINT txtid, UINT txtres) |
|
{ |
|
if (timeout == 0) |
|
SimulateButtonPress(hwnd, btn); |
|
else |
|
{ |
|
autoclose *ac = GetPropW(hwnd, L"AutoClose"); /* reuse if set */ |
|
if (!ac && (ac = malloc(sizeof(autoclose))) == NULL) |
|
return; |
|
|
|
*ac = (autoclose) {.start = GetTickCount(), .timeout = timeout*1000, .btn = btn, |
|
.txtid = txtid, .txtres = txtres, .txtclr = GetSysColor(COLOR_WINDOWTEXT)}; |
|
|
|
SetTimer(hwnd, 1, 500, AutoCloseHandler); /* using timer id = 1 */ |
|
if (txtid && txtres) |
|
SetDlgItemText(hwnd, txtid, LoadLocalizedString(txtres, timeout)); |
|
SetPropW(hwnd, L"AutoClose", (HANDLE) ac); |
|
} |
|
} |
|
|
|
/* |
|
* DialogProc for OpenVPN username/password/challenge auth dialog windows |
|
*/ |
|
INT_PTR CALLBACK |
|
UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) |
|
{ |
|
auth_param_t *param; |
|
WCHAR username[USER_PASS_LEN] = L""; |
|
WCHAR password[USER_PASS_LEN] = L""; |
|
|
|
switch (msg) |
|
{ |
|
case WM_INITDIALOG: |
|
/* Set connection for this dialog and show it */ |
|
param = (auth_param_t *) lParam; |
|
SetProp(hwndDlg, cfgProp, (HANDLE) param); |
|
SetStatusWinIcon(hwndDlg, ID_ICO_APP); |
|
|
|
if (param->str) |
|
{ |
|
LPWSTR wstr = Widen (param->str); |
|
HWND wnd_challenge = GetDlgItem(hwndDlg, ID_EDT_AUTH_CHALLENGE); |
|
|
|
if (!wstr) |
|
WriteStatusLog(param->c, L"GUI> ", L"Error converting challenge string to widechar", false); |
|
else |
|
SetDlgItemTextW(hwndDlg, ID_TXT_AUTH_CHALLENGE, wstr); |
|
|
|
free(wstr); |
|
|
|
/* Set/Remove style ES_PASSWORD by SetWindowLong(GWL_STYLE) does nothing, |
|
send EM_SETPASSWORDCHAR just works. */ |
|
if (param->flags & FLAG_CR_ECHO) |
|
SendMessage(wnd_challenge, EM_SETPASSWORDCHAR, 0, 0); |
|
|
|
} |
|
if (RecallUsername(param->c->config_name, username)) |
|
{ |
|
SetDlgItemTextW(hwndDlg, ID_EDT_AUTH_USER, username); |
|
SetFocus(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS)); |
|
} |
|
if (RecallAuthPass(param->c->config_name, password)) |
|
{ |
|
SetDlgItemTextW(hwndDlg, ID_EDT_AUTH_PASS, password); |
|
if (username[0] != L'\0' && !(param->flags & FLAG_CR_TYPE_SCRV1) |
|
&& password[0] != L'\0' && param->c->failed_auth_attempts == 0) |
|
{ |
|
/* user/pass available and no challenge response needed: skip dialog |
|
* if silent_connection is on, else auto submit after a few seconds. |
|
* User can interrupt. |
|
*/ |
|
SetFocus(GetDlgItem(hwndDlg, IDOK)); |
|
UINT timeout = o.silent_connection ? 0 : 6; /* in seconds */ |
|
AutoCloseSetup(hwndDlg, IDOK, timeout, ID_TXT_WARNING, IDS_NFO_AUTO_CONNECT); |
|
} |
|
/* if auth failed, highlight password so that user can type over */ |
|
else if (param->c->failed_auth_attempts) |
|
{ |
|
SendMessage(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS), EM_SETSEL, 0, MAKELONG(0,-1)); |
|
} |
|
else if (param->flags & FLAG_CR_TYPE_SCRV1) |
|
{ |
|
SetFocus(GetDlgItem(hwndDlg, ID_EDT_AUTH_CHALLENGE)); |
|
} |
|
SecureZeroMemory(password, sizeof(password)); |
|
} |
|
if (param->c->flags & FLAG_DISABLE_SAVE_PASS) |
|
ShowWindow(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), SW_HIDE); |
|
else if (param->c->flags & FLAG_SAVE_AUTH_PASS) |
|
Button_SetCheck(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_CHECKED); |
|
|
|
SetWindowText (hwndDlg, param->c->config_name); |
|
if (param->c->failed_auth_attempts > 0) |
|
SetDlgItemTextW(hwndDlg, ID_TXT_WARNING, LoadLocalizedString(IDS_NFO_AUTH_PASS_RETRY)); |
|
|
|
if (param->c->state == resuming) |
|
ForceForegroundWindow(hwndDlg); |
|
else |
|
SetForegroundWindow(hwndDlg); |
|
|
|
break; |
|
|
|
case WM_LBUTTONDOWN: |
|
case WM_RBUTTONDOWN: |
|
case WM_NCLBUTTONDOWN: |
|
case WM_NCRBUTTONDOWN: |
|
/* user interrupt */ |
|
AutoCloseCancel(hwndDlg); |
|
break; |
|
|
|
case WM_COMMAND: |
|
param = (auth_param_t *) GetProp(hwndDlg, cfgProp); |
|
switch (LOWORD(wParam)) |
|
{ |
|
case ID_EDT_AUTH_USER: |
|
case ID_EDT_AUTH_PASS: |
|
case ID_EDT_AUTH_CHALLENGE: |
|
if (HIWORD(wParam) == EN_UPDATE) |
|
{ |
|
/* enable OK button only if username and either password or response are filled */ |
|
BOOL enableOK = GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_USER)) |
|
&& (GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS)) |
|
|| ((param->flags & FLAG_CR_TYPE_SCRV1) |
|
&& GetWindowTextLength(GetDlgItem(hwndDlg, ID_EDT_AUTH_CHALLENGE))) |
|
); |
|
EnableWindow(GetDlgItem(hwndDlg, IDOK), enableOK); |
|
} |
|
AutoCloseCancel(hwndDlg); /* user interrupt */ |
|
break; |
|
|
|
case ID_CHK_SAVE_PASS: |
|
param->c->flags ^= FLAG_SAVE_AUTH_PASS; |
|
if (param->c->flags & FLAG_SAVE_AUTH_PASS) |
|
Button_SetCheck(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_CHECKED); |
|
else |
|
{ |
|
DeleteSavedAuthPass(param->c->config_name); |
|
Button_SetCheck(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_UNCHECKED); |
|
} |
|
AutoCloseCancel(hwndDlg); /* user interrupt */ |
|
break; |
|
|
|
case IDOK: |
|
if (GetDlgItemTextW(hwndDlg, ID_EDT_AUTH_USER, username, _countof(username))) |
|
{ |
|
if (!validate_input(username, L"\n")) |
|
{ |
|
show_error_tip(GetDlgItem(hwndDlg, ID_EDT_AUTH_USER), LoadLocalizedString(IDS_ERR_INVALID_USERNAME_INPUT)); |
|
return 0; |
|
} |
|
SaveUsername(param->c->config_name, username); |
|
} |
|
if (GetDlgItemTextW(hwndDlg, ID_EDT_AUTH_PASS, password, _countof(password))) |
|
{ |
|
if (!validate_input(password, L"\n")) |
|
{ |
|
show_error_tip(GetDlgItem(hwndDlg, ID_EDT_AUTH_PASS), LoadLocalizedString(IDS_ERR_INVALID_PASSWORD_INPUT)); |
|
SecureZeroMemory(password, sizeof(password)); |
|
return 0; |
|
} |
|
if ( param->c->flags & FLAG_SAVE_AUTH_PASS && wcslen(password) ) |
|
{ |
|
SaveAuthPass(param->c->config_name, password); |
|
} |
|
SecureZeroMemory(password, sizeof(password)); |
|
} |
|
ManagementCommandFromInput(param->c, "username \"Auth\" \"%s\"", hwndDlg, ID_EDT_AUTH_USER); |
|
if (param->flags & FLAG_CR_TYPE_SCRV1) |
|
ManagementCommandFromTwoInputsBase64(param->c, "password \"Auth\" \"SCRV1:%s:%s\"", hwndDlg, ID_EDT_AUTH_PASS, ID_EDT_AUTH_CHALLENGE); |
|
else |
|
ManagementCommandFromInput(param->c, "password \"Auth\" \"%s\"", hwndDlg, ID_EDT_AUTH_PASS); |
|
EndDialog(hwndDlg, LOWORD(wParam)); |
|
return TRUE; |
|
|
|
case IDCANCEL: |
|
EndDialog(hwndDlg, LOWORD(wParam)); |
|
StopOpenVPN(param->c); |
|
return TRUE; |
|
} |
|
break; |
|
|
|
case WM_CTLCOLORSTATIC: |
|
if (GetDlgCtrlID((HWND) lParam) == ID_TXT_WARNING) |
|
{ |
|
autoclose *ac = (autoclose *)GetProp(hwndDlg, L"AutoClose"); |
|
HBRUSH br = (HBRUSH) DefWindowProc(hwndDlg, msg, wParam, lParam); |
|
/* This text id is used for auth failure warning or autoclose message. Use appropriate color */ |
|
COLORREF clr = o.clr_warning; |
|
if (ac && ac->txtid == ID_TXT_WARNING) |
|
clr = ac->txtclr; |
|
SetTextColor((HDC) wParam, clr); |
|
return (INT_PTR) br; |
|
} |
|
break; |
|
|
|
case WM_CLOSE: |
|
EndDialog(hwndDlg, LOWORD(wParam)); |
|
param = (auth_param_t *) GetProp(hwndDlg, cfgProp); |
|
StopOpenVPN(param->c); |
|
return TRUE; |
|
|
|
case WM_NCDESTROY: |
|
param = (auth_param_t *) GetProp(hwndDlg, cfgProp); |
|
free_auth_param (param); |
|
AutoCloseCancel(hwndDlg); |
|
RemoveProp(hwndDlg, cfgProp); |
|
break; |
|
} |
|
|
|
return FALSE; |
|
} |
|
|
|
/* |
|
* DialogProc for challenge-response, token PIN etc. |
|
*/ |
|
INT_PTR CALLBACK |
|
GenericPassDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) |
|
{ |
|
auth_param_t *param; |
|
WCHAR password[USER_PASS_LEN]; |
|
|
|
switch (msg) |
|
{ |
|
case WM_INITDIALOG: |
|
param = (auth_param_t *) lParam; |
|
SetProp(hwndDlg, cfgProp, (HANDLE) param); |
|
|
|
WCHAR *wstr = Widen (param->str); |
|
if (!wstr) |
|
{ |
|
WriteStatusLog(param->c, L"GUI> ", L"Error converting challenge string to widechar", false); |
|
EndDialog(hwndDlg, LOWORD(wParam)); |
|
break; |
|
} |
|
if (param->flags & FLAG_CR_TYPE_CRV1 || param->flags & FLAG_CR_TYPE_CRTEXT) |
|
{ |
|
SetDlgItemTextW(hwndDlg, ID_TXT_DESCRIPTION, wstr); |
|
|
|
/* Set password echo on if needed */ |
|
if (param->flags & FLAG_CR_ECHO) |
|
SendMessage(GetDlgItem(hwndDlg, ID_EDT_RESPONSE), EM_SETPASSWORDCHAR, 0, 0); |
|
|
|
/* Rendered size of challenge text and window rectangle */ |
|
SIZE sz = {0}; |
|
RECT rect = {0}; |
|
HDC hdc = GetDC(GetDlgItem(hwndDlg, ID_TXT_DESCRIPTION)); |
|
GetWindowRect(hwndDlg, &rect); |
|
rect.right -= rect.left; |
|
rect.bottom -= rect.top; |
|
|
|
/* if space for text + some margin exceeds the window size, resize */ |
|
if (GetTextExtentPoint32W(hdc, wstr, wcslen(wstr), &sz) |
|
&& LPtoDP(hdc, (POINT *) &sz, 1) /* logical to device units */ |
|
&& sz.cx + DPI_SCALE(15) > rect.right) /* 15 nominal pixel margin space */ |
|
{ |
|
/* new horizontal dimension with a max of 640 nominal pixels */ |
|
rect.right = min(DPI_SCALE(640), sz.cx + DPI_SCALE(15)); |
|
SetWindowPos(hwndDlg, NULL, 0, 0, rect.right, rect.bottom, SWP_NOMOVE); |
|
PrintDebug(L"Window resized to = %d %d", rect.right, rect.bottom); |
|
} |
|
} |
|
else if (param->flags & FLAG_PASS_TOKEN) |
|
{ |
|
SetWindowText(hwndDlg, LoadLocalizedString(IDS_NFO_TOKEN_PASSWORD_CAPTION)); |
|
SetDlgItemText(hwndDlg, ID_TXT_DESCRIPTION, LoadLocalizedString(IDS_NFO_TOKEN_PASSWORD_REQUEST, param->id)); |
|
} |
|
else |
|
{ |
|
WriteStatusLog(param->c, L"GUI> ", L"Unknown password request", false); |
|
SetDlgItemText(hwndDlg, ID_TXT_DESCRIPTION, wstr); |
|
} |
|
free(wstr); |
|
|
|
AppendTextToCaption (hwndDlg, param->c->config_name); |
|
if (param->c->state == resuming) |
|
ForceForegroundWindow(hwndDlg); |
|
else |
|
SetForegroundWindow(hwndDlg); |
|
|
|
/* If response is not required hide the response field */ |
|
if ((param->flags & FLAG_CR_TYPE_CRV1 || param->flags & FLAG_CR_TYPE_CRTEXT) |
|
&& !(param->flags & FLAG_CR_RESPONSE)) |
|
{ |
|
ShowWindow(GetDlgItem(hwndDlg, ID_LTEXT_RESPONSE), SW_HIDE); |
|
ShowWindow(GetDlgItem(hwndDlg, ID_EDT_RESPONSE), SW_HIDE); |
|
} |
|
else |
|
{ |
|
/* disable OK button until response is filled-in */ |
|
EnableWindow(GetDlgItem(hwndDlg, IDOK), FALSE); |
|
} |
|
|
|
break; |
|
|
|
case WM_COMMAND: |
|
param = (auth_param_t *) GetProp(hwndDlg, cfgProp); |
|
const char *template; |
|
char *fmt; |
|
switch (LOWORD(wParam)) |
|
{ |
|
case ID_EDT_RESPONSE: |
|
if (HIWORD(wParam) == EN_UPDATE) |
|
{ |
|
/* enable OK if response is non-empty */ |
|
BOOL enableOK = GetWindowTextLength((HWND) lParam); |
|
EnableWindow(GetDlgItem(hwndDlg, IDOK), enableOK); |
|
} |
|
break; |
|
|
|
case IDOK: |
|
if (GetDlgItemTextW(hwndDlg, ID_EDT_RESPONSE, password, _countof(password)) |
|
&& !validate_input(password, L"\n")) |
|
{ |
|
show_error_tip(GetDlgItem(hwndDlg, ID_EDT_RESPONSE), LoadLocalizedString(IDS_ERR_INVALID_PASSWORD_INPUT)); |
|
SecureZeroMemory(password, sizeof(password)); |
|
return 0; |
|
} |
|
if (param->flags & FLAG_CR_TYPE_CRTEXT) |
|
{ |
|
ManagementCommandFromInputBase64(param->c, "cr-response \"%s\"", hwndDlg, ID_EDT_RESPONSE); |
|
EndDialog(hwndDlg, LOWORD(wParam)); |
|
return TRUE; |
|
} |
|
if (param->flags & FLAG_CR_TYPE_CRV1) |
|
{ |
|
/* send username */ |
|
template = "username \"Auth\" \"%s\""; |
|
char *username = escape_string(param->user); |
|
fmt = malloc(strlen(template) + strlen(username)); |
|
|
|
if (fmt && username) |
|
{ |
|
sprintf(fmt, template, username); |
|
ManagementCommand(param->c, fmt, NULL, regular); |
|
} |
|
else /* no memory? send an emty username and let it error out */ |
|
{ |
|
WriteStatusLog(param->c, L"GUI> ", |
|
L"Out of memory: sending a generic username for dynamic CR", false); |
|
ManagementCommand(param->c, "username \"Auth\" \"user\"", NULL, regular); |
|
} |
|
free(fmt); |
|
free(username); |
|
|
|
/* password template */ |
|
template = "password \"Auth\" \"CRV1::%s::%%s\""; |
|
} |
|
else /* generic password request of type param->id */ |
|
{ |
|
template = "password \"%s\" \"%%s\""; |
|
} |
|
|
|
fmt = malloc(strlen(template) + strlen(param->id)); |
|
if (fmt) |
|
{ |
|
sprintf(fmt, template, param->id); |
|
PrintDebug(L"Send passwd to mgmt with format: '%hs'", fmt); |
|
ManagementCommandFromInput(param->c, fmt, hwndDlg, ID_EDT_RESPONSE); |
|
free (fmt); |
|
} |
|
else /* no memory? send stop signal */ |
|
{ |
|
WriteStatusLog(param->c, L"GUI> ", |
|
L"Out of memory in password dialog: sending stop signal", false); |
|
StopOpenVPN (param->c); |
|
} |
|
|
|
EndDialog(hwndDlg, LOWORD(wParam)); |
|
return TRUE; |
|
|
|
case IDCANCEL: |
|
EndDialog(hwndDlg, LOWORD(wParam)); |
|
StopOpenVPN(param->c); |
|
return TRUE; |
|
} |
|
break; |
|
|
|
case WM_OVPN_STATE: /* state change message is received from OpenVPN daemon */ |
|
/* |
|
* AUTH_PENDING immediately transitions to GET_CONFIG until |
|
* auth succeeds or connection restarts/aborts. |
|
* Close the CR_TEXT dialog if state changes to anything |
|
* other than GET_CONFIG. The state is in lParam. |
|
*/ |
|
param = (auth_param_t *) GetProp(hwndDlg, cfgProp); |
|
if ((param->flags & FLAG_CR_TYPE_CRTEXT) |
|
&& strcmp((const char *) lParam, "GET_CONFIG")) |
|
{ |
|
EndDialog(hwndDlg, LOWORD(wParam)); |
|
} |
|
return TRUE; |
|
case WM_CLOSE: |
|
EndDialog(hwndDlg, LOWORD(wParam)); |
|
return TRUE; |
|
|
|
case WM_NCDESTROY: |
|
param = (auth_param_t *) GetProp(hwndDlg, cfgProp); |
|
free_auth_param (param); |
|
RemoveProp(hwndDlg, cfgProp); |
|
break; |
|
} |
|
|
|
return FALSE; |
|
} |
|
|
|
/* |
|
* DialogProc for OpenVPN private key password dialog windows |
|
*/ |
|
INT_PTR CALLBACK |
|
PrivKeyPassDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) |
|
{ |
|
connection_t *c; |
|
WCHAR passphrase[KEY_PASS_LEN]; |
|
|
|
switch (msg) |
|
{ |
|
case WM_INITDIALOG: |
|
/* Set connection for this dialog and show it */ |
|
c = (connection_t *) lParam; |
|
SetProp(hwndDlg, cfgProp, (HANDLE) c); |
|
AppendTextToCaption (hwndDlg, c->config_name); |
|
if (RecallKeyPass(c->config_name, passphrase) && wcslen(passphrase) |
|
&& c->failed_psw_attempts == 0) |
|
{ |
|
/* Use the saved password and skip the dialog */ |
|
SetDlgItemTextW(hwndDlg, ID_EDT_PASSPHRASE, passphrase); |
|
SecureZeroMemory(passphrase, sizeof(passphrase)); |
|
ManagementCommandFromInput(c, "password \"Private Key\" \"%s\"", hwndDlg, ID_EDT_PASSPHRASE); |
|
EndDialog(hwndDlg, IDOK); |
|
return TRUE; |
|
} |
|
if (c->flags & FLAG_DISABLE_SAVE_PASS) |
|
ShowWindow(GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), SW_HIDE); |
|
else if (c->flags & FLAG_SAVE_KEY_PASS) |
|
Button_SetCheck (GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_CHECKED); |
|
if (c->failed_psw_attempts > 0) |
|
SetDlgItemTextW(hwndDlg, ID_TXT_WARNING, LoadLocalizedString(IDS_NFO_KEY_PASS_RETRY)); |
|
if (c->state == resuming) |
|
ForceForegroundWindow(hwndDlg); |
|
else |
|
SetForegroundWindow(hwndDlg); |
|
|
|
/* disable OK button by default - not disabled in resources */ |
|
EnableWindow(GetDlgItem(hwndDlg, IDOK), FALSE); |
|
break; |
|
|
|
case WM_COMMAND: |
|
c = (connection_t *) GetProp(hwndDlg, cfgProp); |
|
switch (LOWORD(wParam)) |
|
{ |
|
case ID_CHK_SAVE_PASS: |
|
c->flags ^= FLAG_SAVE_KEY_PASS; |
|
if (c->flags & FLAG_SAVE_KEY_PASS) |
|
Button_SetCheck (GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_CHECKED); |
|
else |
|
{ |
|
Button_SetCheck (GetDlgItem (hwndDlg, ID_CHK_SAVE_PASS), BST_UNCHECKED); |
|
DeleteSavedKeyPass(c->config_name); |
|
} |
|
break; |
|
|
|
case ID_EDT_PASSPHRASE: |
|
if (HIWORD(wParam) == EN_UPDATE) |
|
{ |
|
/* enable OK if response is non-empty */ |
|
BOOL enableOK = GetWindowTextLength((HWND) lParam); |
|
EnableWindow(GetDlgItem(hwndDlg, IDOK), enableOK); |
|
} |
|
break; |
|
|
|
case IDOK: |
|
if (GetDlgItemTextW(hwndDlg, ID_EDT_PASSPHRASE, passphrase, _countof(passphrase))) |
|
{ |
|
if (!validate_input(passphrase, L"\n")) |
|
{ |
|
show_error_tip(GetDlgItem(hwndDlg, ID_EDT_PASSPHRASE), LoadLocalizedString(IDS_ERR_INVALID_PASSWORD_INPUT)); |
|
SecureZeroMemory(passphrase, sizeof(passphrase)); |
|
return 0; |
|
} |
|
if ((c->flags & FLAG_SAVE_KEY_PASS) && wcslen(passphrase) > 0) |
|
{ |
|
SaveKeyPass(c->config_name, passphrase); |
|
} |
|
SecureZeroMemory(passphrase, sizeof(passphrase)); |
|
} |
|
ManagementCommandFromInput(c, "password \"Private Key\" \"%s\"", hwndDlg, ID_EDT_PASSPHRASE); |
|
EndDialog(hwndDlg, LOWORD(wParam)); |
|
return TRUE; |
|
|
|
case IDCANCEL: |
|
EndDialog(hwndDlg, LOWORD(wParam)); |
|
StopOpenVPN (c); |
|
return TRUE; |
|
} |
|
break; |
|
|
|
case WM_CTLCOLORSTATIC: |
|
if (GetDlgCtrlID((HWND) lParam) == ID_TXT_WARNING) |
|
{ |
|
HBRUSH br = (HBRUSH) DefWindowProc(hwndDlg, msg, wParam, lParam); |
|
SetTextColor((HDC) wParam, o.clr_warning); |
|
return (INT_PTR) br; |
|
} |
|
break; |
|
|
|
case WM_CLOSE: |
|
EndDialog(hwndDlg, LOWORD(wParam)); |
|
return TRUE; |
|
|
|
case WM_NCDESTROY: |
|
RemoveProp(hwndDlg, cfgProp); |
|
break; |
|
} |
|
return FALSE; |
|
} |
|
|
|
static void |
|
free_dynamic_cr (connection_t *c) |
|
{ |
|
free (c->dynamic_cr); |
|
c->dynamic_cr = NULL; |
|
} |
|
|
|
/* |
|
* Parse dynamic challenge string received from the server. Returns |
|
* true on success. The caller must free param->str and param->id |
|
* even on error. |
|
*/ |
|
BOOL |
|
parse_dynamic_cr (const char *str, auth_param_t *param) |
|
{ |
|
BOOL ret = FALSE; |
|
char *token[4] = {0}; |
|
char *p = strdup (str); |
|
|
|
int i; |
|
char *p1; |
|
|
|
if (!param || !p) goto out; |
|
|
|
/* expected: str = "E,R:challenge_id:user_b64:challenge_str" */ |
|
const char *delim = ":"; |
|
for (i = 0, p1 = p; i < 4; ++i, p1 = NULL) |
|
{ |
|
if (i == 3) |
|
delim = "" ; /* take the entire trailing string as the challenge */ |
|
token[i] = strtok (p1, delim); /* strtok is thread-safe on Windows */ |
|
if (!token[i]) |
|
{ |
|
WriteStatusLog(param->c, L"GUI> ", L"Error parsing dynamic challenge string", false); |
|
goto out; |
|
} |
|
} |
|
|
|
if (Base64Decode(token[2], ¶m->user) < 0) |
|
{ |
|
WriteStatusLog(param->c, L"GUI> ", L"Error decoding the username in dynamic challenge string", false); |
|
goto out; |
|
} |
|
|
|
param->flags |= FLAG_CR_TYPE_CRV1; |
|
param->flags |= strchr(token[0], 'E') ? FLAG_CR_ECHO : 0; |
|
param->flags |= strchr(token[0], 'R') ? FLAG_CR_RESPONSE : 0; |
|
param->id = strdup(token[1]); |
|
param->str = strdup(token[3]); |
|
if (!param->id || !param->str) |
|
goto out; |
|
|
|
ret = TRUE; |
|
|
|
out: |
|
free (p); |
|
return ret; |
|
} |
|
|
|
/* |
|
* Parse crtext string received from the server. Returns |
|
* true on success. The caller must free param->str even on error. |
|
*/ |
|
static BOOL |
|
parse_crtext (const char* str, auth_param_t* param) |
|
{ |
|
BOOL ret = FALSE; |
|
char* token[2] = { 0 }; |
|
char* p = strdup(str); |
|
char* p1; |
|
|
|
if (!param || !p) goto out; |
|
|
|
/* expected: str = "E,R:challenge_str" */ |
|
token[0] = p; |
|
p1 = strchr(p, ':'); |
|
if (!p1) |
|
{ |
|
WriteStatusLog(param->c, L"GUI> ", L"Error parsing crtext challenge string", false); |
|
goto out; |
|
} |
|
|
|
*p1 = '\0'; |
|
token[1] = p1 + 1; |
|
|
|
param->flags |= FLAG_CR_TYPE_CRTEXT; |
|
param->flags |= strchr(token[0], 'E') ? FLAG_CR_ECHO : 0; |
|
param->flags |= strchr(token[0], 'R') ? FLAG_CR_RESPONSE : 0; |
|
param->str = strdup(token[1]); |
|
if (!param->str) |
|
goto out; |
|
|
|
ret = TRUE; |
|
|
|
out: |
|
free(p); |
|
return ret; |
|
} |
|
|
|
/* |
|
* Parse password or string request of the form "Need 'What' password/string MSG:message" |
|
* and assign param->id = What, param->str = message. Also set param->flags if the type |
|
* of the requested info is known. If message is empty param->id is copied to param->str. |
|
* Return true on succsess. The caller must free param even when the function fails. |
|
*/ |
|
static BOOL |
|
parse_input_request (const char *msg, auth_param_t *param) |
|
{ |
|
BOOL ret = FALSE; |
|
char *p = strdup (msg); |
|
char *sep[4] = {" ", "'", " ", ""}; /* separators to use to break up msg */ |
|
char *token[4]; |
|
|
|
char *p1 = p; |
|
for (int i = 0; i < 4; ++i, p1 = NULL) |
|
{ |
|
token[i] = strtok (p1, sep[i]); /* strtok is thread-safe on Windows */ |
|
if (!token[i] && i < 3) /* first three tokens required */ |
|
goto out; |
|
} |
|
if (token[3] && strncmp(token[3], "MSG:", 4) == 0) |
|
token[3] += 4; |
|
if (!token[3] || !*token[3]) /* use id as the description if none provided */ |
|
token[3] = token[1]; |
|
|
|
PrintDebug (L"Tokens: '%hs' '%hs' '%hs' '%hs'", token[0], token[1], |
|
token[2], token[3]); |
|
|
|
if (strcmp (token[0], "Need") != 0) |
|
goto out; |
|
|
|
if ((param->id = strdup(token[1])) == NULL) |
|
goto out; |
|
|
|
if (strcmp(token[2], "password") == 0) |
|
{ |
|
if (strcmp (param->id, "Private Key") == 0) |
|
param->flags |= FLAG_PASS_PKEY; |
|
else |
|
param->flags |= FLAG_PASS_TOKEN; |
|
} |
|
else if (strcmp(token[2], "string") == 0 |
|
&& strcmp (param->id, "pkcs11-id-request") == 0) |
|
{ |
|
param->flags |= FLAG_STRING_PKCS11; |
|
} |
|
|
|
param->str = strdup (token[3]); |
|
if (param->str == NULL) |
|
goto out; |
|
|
|
PrintDebug (L"parse_input_request: id = '%hs' str = '%hs' flags = %u", |
|
param->id, param->str, param->flags); |
|
ret = TRUE; |
|
|
|
out: |
|
free (p); |
|
if (!ret) |
|
PrintDebug (L"Error parsing password/string request msg: <%hs>", msg); |
|
return ret; |
|
} |
|
|
|
/* |
|
* Handle >ECHO: request from OpenVPN management interface |
|
* Expect msg = timestamp,message |
|
*/ |
|
void |
|
OnEcho(connection_t *c, char *msg) |
|
{ |
|
time_t timestamp = strtoul(msg, NULL, 10); /* openvpn prints these as %u */ |
|
|
|
PrintDebug(L"OnEcho with msg = %hs", msg); |
|
if (!(msg = strchr(msg, ','))) |
|
{ |
|
PrintDebug(L"OnEcho: msg format not recognized"); |
|
return; |
|
} |
|
msg++; |
|
if (strcmp(msg, "forget-passwords") == 0) |
|
{ |
|
DeleteSavedPasswords(c->config_name); |
|
} |
|
else if (strcmp(msg, "save-passwords") == 0) |
|
{ |
|
if (c->flags & FLAG_DISABLE_SAVE_PASS) |
|
WriteStatusLog(c, L"GUI> echo save-passwords: ", |
|
L"Ignored as disable_save_passwords is enabled.", false); |
|
else |
|
c->flags |= (FLAG_SAVE_KEY_PASS | FLAG_SAVE_AUTH_PASS); |
|
} |
|
else if (strbegins(msg, "setenv ")) |
|
{ |
|
process_setenv(c, timestamp, msg); |
|
} |
|
else if (strbegins(msg, "msg")) |
|
{ |
|
echo_msg_process(c, timestamp, msg); |
|
} |
|
else |
|
{ |
|
wchar_t errmsg[256]; |
|
_sntprintf_0(errmsg, L"WARNING: Unknown ECHO directive '%hs' ignored.", msg); |
|
WriteStatusLog(c, L"GUI> ", errmsg, false); |
|
} |
|
} |
|
|
|
/* |
|
* Handle >PASSWORD: request from OpenVPN management interface |
|
*/ |
|
void |
|
OnPassword(connection_t *c, char *msg) |
|
{ |
|
PrintDebug(L"OnPassword with msg = %hs", msg); |
|
if (strncmp(msg, "Verification Failed", 19) == 0) |
|
{ |
|
/* If the failure is due to dynamic challenge save the challenge string */ |
|
char *chstr = strstr(msg, "CRV1:"); |
|
|
|
free_dynamic_cr (c); |
|
if (chstr) |
|
{ |
|
chstr += 5; /* beginning of dynamic CR string */ |
|
|
|
/* Save the string for later processing during next Auth request */ |
|
c->dynamic_cr = strdup(chstr); |
|
if (c->dynamic_cr && (chstr = strstr (c->dynamic_cr, "']")) != NULL) |
|
*chstr = '\0'; |
|
|
|
PrintDebug(L"Got dynamic challenge: <%hs>", c->dynamic_cr); |
|
} |
|
|
|
return; |
|
} |
|
|
|
if (strstr(msg, "'Auth'")) |
|
{ |
|
char *chstr; |
|
auth_param_t *param = (auth_param_t *) calloc(1, sizeof(auth_param_t)); |
|
|
|
if (!param) |
|
{ |
|
WriteStatusLog (c, L"GUI> ", L"Error: Out of memory - ignoring user-auth request", false); |
|
return; |
|
} |
|
param->c = c; |
|
|
|
if (c->dynamic_cr) |
|
{ |
|
if (!parse_dynamic_cr (c->dynamic_cr, param)) |
|
{ |
|
WriteStatusLog (c, L"GUI> ", L"Error parsing dynamic challenge string", FALSE); |
|
free_dynamic_cr (c); |
|
free_auth_param (param); |
|
return; |
|
} |
|
LocalizedDialogBoxParam(ID_DLG_CHALLENGE_RESPONSE, GenericPassDialogFunc, (LPARAM) param); |
|
free_dynamic_cr (c); |
|
} |
|
else if ( (chstr = strstr(msg, "SC:")) && strlen (chstr) > 5) |
|
{ |
|
param->flags |= FLAG_CR_TYPE_SCRV1; |
|
param->flags |= (*(chstr + 3) != '0') ? FLAG_CR_ECHO : 0; |
|
param->str = strdup(chstr + 5); |
|
LocalizedDialogBoxParam(ID_DLG_AUTH_CHALLENGE, UserAuthDialogFunc, (LPARAM) param); |
|
} |
|
else |
|
{ |
|
LocalizedDialogBoxParam(ID_DLG_AUTH, UserAuthDialogFunc, (LPARAM) param); |
|
} |
|
} |
|
else if (strstr(msg, "'Private Key'")) |
|
{ |
|
LocalizedDialogBoxParam(ID_DLG_PASSPHRASE, PrivKeyPassDialogFunc, (LPARAM) c); |
|
} |
|
else if (strstr(msg, "'HTTP Proxy'")) |
|
{ |
|
QueryProxyAuth(c, http); |
|
} |
|
else if (strstr(msg, "'SOCKS Proxy'")) |
|
{ |
|
QueryProxyAuth(c, socks); |
|
} |
|
/* All other password requests such as PKCS11 pin */ |
|
else if (strncmp(msg, "Need '", 6) == 0) |
|
{ |
|
auth_param_t *param = (auth_param_t *) calloc(1, sizeof(auth_param_t)); |
|
|
|
if (!param) |
|
{ |
|
WriteStatusLog (c, L"GUI> ", L"Error: Out of memory - ignoring user-auth request", false); |
|
return; |
|
} |
|
param->c = c; |
|
if (!parse_input_request (msg, param)) |
|
{ |
|
free_auth_param(param); |
|
return; |
|
} |
|
LocalizedDialogBoxParam(ID_DLG_CHALLENGE_RESPONSE, GenericPassDialogFunc, (LPARAM) param); |
|
} |
|
} |
|
|
|
/* |
|
* Handle management connection timeout |
|
*/ |
|
void |
|
OnTimeout(connection_t *c, UNUSED char *msg) |
|
{ |
|
/* Connection to management timed out -- keep trying unless killed |
|
* by a startup error from service or from openvpn daemon process. |
|
* The user can terminate by pressing disconnect. |
|
*/ |
|
if (o.silent_connection == 0) |
|
{ |
|
SetForegroundWindow(c->hwndStatus); |
|
ShowWindow(c->hwndStatus, SW_SHOW); |
|
} |
|
WriteStatusLog (c, L"GUI> ", LoadLocalizedString(IDS_NFO_CONN_TIMEOUT, c->log_path), false); |
|
WriteStatusLog (c, L"GUI> ", L"Retrying. Press disconnect to abort", false); |
|
c->state = connecting; |
|
if (!OpenManagement(c)) |
|
{ |
|
MessageBoxEx(NULL, L"Failed to open management", _T(PACKAGE_NAME), |
|
MB_OK|MB_SETFOREGROUND|MB_ICONERROR, GetGUILanguage()); |
|
StopOpenVPN(c); |
|
} |
|
return; |
|
} |
|
|
|
/* |
|
* Handle exit of the OpenVPN process |
|
*/ |
|
void |
|
OnStop(connection_t *c, UNUSED char *msg) |
|
{ |
|
UINT txt_id, msg_id; |
|
SetMenuStatus(c, disconnected); |
|
|
|
switch (c->state) |
|
{ |
|
case connected: |
|
/* OpenVPN process ended unexpectedly */ |
|
c->failed_psw_attempts = 0; |
|
c->failed_auth_attempts = 0; |
|
c->state = disconnected; |
|
CheckAndSetTrayIcon(); |
|
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_DISCONNECTED)); |
|
SetStatusWinIcon(c->hwndStatus, ID_ICO_DISCONNECTED); |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), FALSE); |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_RESTART), FALSE); |
|
if (o.silent_connection == 0) |
|
{ |
|
SetForegroundWindow(c->hwndStatus); |
|
ShowWindow(c->hwndStatus, SW_SHOW); |
|
} |
|
MessageBox(c->hwndStatus, LoadLocalizedString(IDS_NFO_CONN_TERMINATED, c->config_file), |
|
_T(PACKAGE_NAME), MB_OK); |
|
SendMessage(c->hwndStatus, WM_CLOSE, 0, 0); |
|
break; |
|
|
|
case resuming: |
|
case connecting: |
|
case reconnecting: |
|
/* We have failed to (re)connect */ |
|
txt_id = c->state == reconnecting ? IDS_NFO_STATE_FAILED_RECONN : IDS_NFO_STATE_FAILED; |
|
msg_id = c->state == reconnecting ? IDS_NFO_RECONN_FAILED : IDS_NFO_CONN_FAILED; |
|
|
|
c->state = disconnecting; |
|
CheckAndSetTrayIcon(); |
|
c->state = disconnected; |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), FALSE); |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_RESTART), FALSE); |
|
SetStatusWinIcon(c->hwndStatus, ID_ICO_DISCONNECTED); |
|
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(txt_id)); |
|
if (o.silent_connection == 0) |
|
{ |
|
SetForegroundWindow(c->hwndStatus); |
|
ShowWindow(c->hwndStatus, SW_SHOW); |
|
} |
|
MessageBox(c->hwndStatus, LoadLocalizedString(msg_id, c->config_name), _T(PACKAGE_NAME), MB_OK); |
|
SendMessage(c->hwndStatus, WM_CLOSE, 0, 0); |
|
break; |
|
|
|
case disconnecting: |
|
/* Shutdown was initiated by us */ |
|
c->failed_psw_attempts = 0; |
|
c->failed_auth_attempts = 0; |
|
c->state = disconnected; |
|
if (c->flags & FLAG_DAEMON_PERSISTENT) |
|
{ |
|
/* user initiated disconnection -- stay detached and do not auto-reconnect */ |
|
c->auto_connect = false; |
|
} |
|
CheckAndSetTrayIcon(); |
|
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_DISCONNECTED)); |
|
SendMessage(c->hwndStatus, WM_CLOSE, 0, 0); |
|
break; |
|
|
|
case onhold: |
|
/* stop triggered while on hold -- possibly the daemon exited. Treat same as detaching */ |
|
case detaching: |
|
c->state = disconnected; |
|
CheckAndSetTrayIcon(); |
|
SendMessage(c->hwndStatus, WM_CLOSE, 0, 0); |
|
break; |
|
|
|
case suspending: |
|
c->state = suspended; |
|
CheckAndSetTrayIcon(); |
|
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_SUSPENDED)); |
|
break; |
|
|
|
default: |
|
break; |
|
} |
|
} |
|
|
|
/* Convert bytecount c to a human readable string. |
|
* Input c converted to a string of the form "nnn.. (xxx.y XiB)" |
|
* where X is K, M, G, T, P or E depending on the count. The result |
|
* is returned in buf up to max of len - 1 wide characters. |
|
* Return value: pointer to buf. |
|
*/ |
|
static wchar_t * |
|
format_bytecount(wchar_t *buf, size_t len, unsigned long long c) |
|
{ |
|
const char *suf[] = {"B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB", NULL}; |
|
const char **s = suf; |
|
double x = c; |
|
|
|
if (c <= 1024) |
|
{ |
|
swprintf(buf, len, L"%I64u B", c); |
|
buf[len-1] = L'\0'; |
|
return buf; |
|
} |
|
while (x > 1024 && *(s+1)) |
|
{ |
|
x /= 1024.0; |
|
s++; |
|
} |
|
swprintf(buf, len, L"%I64u (%.1f %hs)", c, x, *s); |
|
buf[len-1] = L'\0'; |
|
|
|
return buf; |
|
} |
|
|
|
/* |
|
* Handle bytecount report from OpenVPN |
|
* Expect bytes-in,bytes-out |
|
*/ |
|
void OnByteCount(connection_t *c, char *msg) |
|
{ |
|
if (!msg || sscanf(msg, "%I64u,%I64u", &c->bytes_in, &c->bytes_out) != 2) |
|
return; |
|
wchar_t in[32], out[32]; |
|
format_bytecount(in, _countof(in), c->bytes_in); |
|
format_bytecount(out, _countof(out), c->bytes_out); |
|
SetDlgItemTextW(c->hwndStatus, ID_TXT_BYTECOUNT, |
|
LoadLocalizedString(IDS_NFO_BYTECOUNT, in, out)); |
|
} |
|
|
|
/* |
|
* Handle INFOMSG from OpenVPN. At the moment it handles |
|
* OPEN_URL:<url> and CR_TEXT:<flags>:<challenge-str> messages |
|
* used by two-step authentication. |
|
*/ |
|
void OnInfoMsg(connection_t* c, char* msg) |
|
{ |
|
PrintDebug(L"OnInfoMsg with msg = %hs", msg); |
|
|
|
if (strbegins(msg, "OPEN_URL:")) |
|
{ |
|
wchar_t* url = Widen(msg + 9); |
|
if (!open_url(url)) |
|
{ |
|
WriteStatusLog(c, L"GUI> ", L"Error: failed to open url from info msg", false); |
|
} |
|
free(url); |
|
} |
|
else if (strbegins(msg, "CR_TEXT:")) |
|
{ |
|
auth_param_t* param = (auth_param_t*)calloc(1, sizeof(auth_param_t)); |
|
if (!param) |
|
{ |
|
WriteStatusLog(c, L"GUI> ", L"Error: Out of memory - ignoring CR_TEXT request", false); |
|
return; |
|
} |
|
param->c = c; |
|
|
|
if (!parse_crtext(msg + 8, param)) |
|
{ |
|
WriteStatusLog(c, L"GUI> ", L"Error parsing crtext string", FALSE); |
|
|
|
free_auth_param(param); |
|
return; |
|
} |
|
LocalizedDialogBoxParam(ID_DLG_CHALLENGE_RESPONSE, GenericPassDialogFunc, (LPARAM)param); |
|
} |
|
} |
|
|
|
/* |
|
* Break a long line into shorter segments |
|
*/ |
|
static WCHAR * |
|
WrapLine (WCHAR *line) |
|
{ |
|
int i = 0; |
|
WCHAR *next = NULL; |
|
int len = 80; |
|
|
|
for (i = 0; *line; i++, ++line) |
|
{ |
|
if ((*line == L'\r') || (*line == L'\n')) |
|
*line = L' '; |
|
if (next && i > len) break; |
|
if (iswspace(*line)) next = line; |
|
} |
|
if (!*line) next = NULL; |
|
if (next) |
|
{ |
|
*next = L'\0'; |
|
++next; |
|
} |
|
return next; |
|
} |
|
|
|
/* |
|
* Write a line to the status log window and optionally to the log file |
|
*/ |
|
void |
|
WriteStatusLog (connection_t *c, const WCHAR *prefix, const WCHAR *line, BOOL fileio) |
|
{ |
|
/* this can be called without connection (AS profile import), so do nothing in this case */ |
|
if (!c) return; |
|
|
|
HWND logWnd = GetDlgItem(c->hwndStatus, ID_EDT_LOG); |
|
FILE *log_fd; |
|
time_t now; |
|
WCHAR datetime[26]; |
|
|
|
time (&now); |
|
/* TODO: change this to use _wctime_s when mingw supports it */ |
|
wcsncpy (datetime, _wctime(&now), _countof(datetime)); |
|
datetime[24] = L' '; |
|
|
|
/* Remove lines from log window if it is getting full */ |
|
if (SendMessage(logWnd, EM_GETLINECOUNT, 0, 0) > MAX_LOG_LINES) |
|
{ |
|
int pos = SendMessage(logWnd, EM_LINEINDEX, DEL_LOG_LINES, 0); |
|
SendMessage(logWnd, EM_SETSEL, 0, pos); |
|
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) _T("")); |
|
} |
|
/* Append line to log window */ |
|
SendMessage(logWnd, EM_SETSEL, (WPARAM) -1, (LPARAM) -1); |
|
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) datetime); |
|
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) prefix); |
|
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) line); |
|
SendMessage(logWnd, EM_REPLACESEL, FALSE, (LPARAM) L"\n"); |
|
|
|
if (!fileio) return; |
|
|
|
log_fd = _tfopen (c->log_path, TEXT("at+,ccs=UTF-8")); |
|
if (log_fd) |
|
{ |
|
fwprintf (log_fd, L"%ls%ls%ls\n", datetime, prefix, line); |
|
fclose (log_fd); |
|
} |
|
} |
|
|
|
#define IO_TIMEOUT 5000 /* milliseconds */ |
|
|
|
static void |
|
CloseServiceIO (service_io_t *s) |
|
{ |
|
if (s->hEvent) |
|
CloseHandle(s->hEvent); |
|
s->hEvent = NULL; |
|
if (s->pipe && s->pipe != INVALID_HANDLE_VALUE) |
|
CloseHandle(s->pipe); |
|
s->pipe = NULL; |
|
} |
|
|
|
/* |
|
* Open the service pipe and initialize service I/O. |
|
* Failure is not fatal. |
|
*/ |
|
static BOOL |
|
InitServiceIO (service_io_t *s) |
|
{ |
|
DWORD dwMode = o.ovpn_engine == OPENVPN_ENGINE_OVPN3 ? PIPE_READMODE_BYTE : PIPE_READMODE_MESSAGE; |
|
|
|
CLEAR(*s); |
|
|
|
/* auto-reset event used for signalling i/o completion*/ |
|
s->hEvent = CreateEvent (NULL, FALSE, FALSE, NULL); |
|
if (!s->hEvent) |
|
{ |
|
return FALSE; |
|
} |
|
|
|
s->pipe = CreateFile (o.ovpn_engine == OPENVPN_ENGINE_OVPN3 ? |
|
OPENVPN_SERVICE_PIPE_NAME_OVPN3 : OPENVPN_SERVICE_PIPE_NAME_OVPN2, |
|
GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL); |
|
|
|
if ( !s->pipe || |
|
s->pipe == INVALID_HANDLE_VALUE || |
|
!SetNamedPipeHandleState(s->pipe, &dwMode, NULL, NULL) |
|
) |
|
{ |
|
CloseServiceIO (s); |
|
return FALSE; |
|
} |
|
|
|
return TRUE; |
|
} |
|
|
|
/* |
|
* Read-completion routine for interactive service pipe. Call with |
|
* err = 0, bytes = 0 to queue a new read request. |
|
*/ |
|
static void WINAPI |
|
HandleServiceIO (DWORD err, DWORD bytes, LPOVERLAPPED lpo) |
|
{ |
|
service_io_t *s = (service_io_t *) lpo; |
|
int len, capacity; |
|
|
|
len = _countof(s->readbuf); |
|
capacity = (len-1)*sizeof(*(s->readbuf)); |
|
|
|
if (bytes > 0) |
|
{ |
|
/* messages from the service are not nul terminated */ |
|
int nchars = bytes/sizeof(s->readbuf[0]); |
|
s->readbuf[nchars] = L'\0'; |
|
SetEvent (s->hEvent); |
|
return; |
|
} |
|
if (err) |
|
{ |
|
_snwprintf(s->readbuf, len, L"0x%08x\nInteractive Service disconnected\n", err); |
|
s->readbuf[len-1] = L'\0'; |
|
SetEvent (s->hEvent); |
|
return; |
|
} |
|
|
|
/* Otherwise queue next read request */ |
|
ReadFileEx (s->pipe, s->readbuf, capacity, lpo, HandleServiceIO); |
|
/* Any error in the above call will get checked in next round */ |
|
} |
|
|
|
/* |
|
* Write size bytes in buf to the pipe with a timeout. |
|
* Retun value: TRUE on success FLASE on error |
|
*/ |
|
static BOOL |
|
WritePipe (HANDLE pipe, LPVOID buf, DWORD size) |
|
{ |
|
OVERLAPPED o; |
|
BOOL retval = FALSE; |
|
|
|
CLEAR(o); |
|
o.hEvent = CreateEvent (NULL, TRUE, FALSE, NULL); |
|
|
|
if (!o.hEvent) |
|
{ |
|
return retval; |
|
} |
|
|
|
if (WriteFile (pipe, buf, size, NULL, &o) || |
|
GetLastError() == ERROR_IO_PENDING ) |
|
{ |
|
if (WaitForSingleObject(o.hEvent, IO_TIMEOUT) == WAIT_OBJECT_0) |
|
retval = TRUE; |
|
else |
|
CancelIo (pipe); |
|
// TODO report error -- timeout |
|
} |
|
|
|
CloseHandle(o.hEvent); |
|
return retval; |
|
} |
|
|
|
/* |
|
* Called when read from service pipe signals |
|
*/ |
|
static void |
|
OnService(connection_t *c, UNUSED char *msg) |
|
{ |
|
DWORD err = 0; |
|
DWORD pid = 0; |
|
WCHAR *p, *buf, *next; |
|
const WCHAR *prefix = L"IService> "; |
|
|
|
/* |
|
* Duplicate the read buffer and queue the next read request |
|
* by calling HandleServiceIO with err = 0, bytes = 0. |
|
*/ |
|
buf = wcsdup(c->iserv.readbuf); |
|
HandleServiceIO(0, 0, (LPOVERLAPPED) &c->iserv); |
|
|
|
if (buf == NULL) return; |
|
|
|
/* messages from the service are in the format "0x08x\n%s\n%s" */ |
|
if (swscanf (buf, L"0x%08x\n", &err) != 1) |
|
{ |
|
free (buf); |
|
return; |
|
} |
|
|
|
p = buf + 11; |
|
/* next line is the pid if followed by "\nProcess ID" */ |
|
if (!err && wcsstr(p, L"\nProcess ID") && swscanf (p, L"0x%08x", &pid) == 1 && pid != 0) |
|
{ |
|
PrintDebug (L"Process ID of openvpn started by IService: %d", pid); |
|
c->hProcess = OpenProcess (PROCESS_TERMINATE|PROCESS_QUERY_INFORMATION, FALSE, pid); |
|
if (!c->hProcess) |
|
PrintDebug (L"Failed to get process handle from pid of openvpn: error = %lu", |
|
GetLastError()); |
|
free (buf); |
|
return; |
|
} |
|
|
|
while (iswspace(*p)) ++p; |
|
|
|
while (p && *p) |
|
{ |
|
next = WrapLine (p); |
|
WriteStatusLog (c, prefix, p, false); |
|
p = next; |
|
} |
|
free (buf); |
|
|
|
/* Error from iservice before management interface is connected */ |
|
switch (err) |
|
{ |
|
case 0: |
|
break; |
|
case ERROR_STARTUP_DATA: |
|
WriteStatusLog (c, prefix, L"OpenVPN not started due to previous errors", true); |
|
OnStop (c, NULL); |
|
break; |
|
case ERROR_OPENVPN_STARTUP: |
|
WriteStatusLog (c, prefix, L"Check the log file for details", false); |
|
OnStop(c, NULL); |
|
break; |
|
default: |
|
/* Unknown failure: let management connection timeout */ |
|
break; |
|
} |
|
} |
|
|
|
/* |
|
* Called when the directly started openvpn process exits |
|
*/ |
|
static void |
|
OnProcess (connection_t *c, UNUSED char *msg) |
|
{ |
|
DWORD err; |
|
WCHAR tmp[256]; |
|
|
|
if (!GetExitCodeProcess(c->hProcess, &err) || err == STILL_ACTIVE) |
|
return; |
|
|
|
_snwprintf(tmp, _countof(tmp), L"OpenVPN terminated with exit code %lu. " |
|
L"See the log file for details", err); |
|
tmp[_countof(tmp)-1] = L'\0'; |
|
WriteStatusLog(c, L"OpenVPN GUI> ", tmp, false); |
|
|
|
OnStop (c, NULL); |
|
} |
|
|
|
/* |
|
* Called when NEED-OK is received |
|
*/ |
|
void |
|
OnNeedOk (connection_t *c, char *msg) |
|
{ |
|
char *resp = NULL; |
|
WCHAR *wstr = NULL; |
|
auth_param_t *param = (auth_param_t *) calloc(1, sizeof(auth_param_t)); |
|
|
|
if (!param) |
|
{ |
|
WriteStatusLog(c, L"GUI> ", L"Error: out of memory while processing NEED-OK. Sending stop signal", false); |
|
StopOpenVPN(c); |
|
return; |
|
} |
|
if (!parse_input_request(msg, param)) |
|
goto out; |
|
|
|
/* allocate space for response : "needok param->id cancel/ok" */ |
|
resp = malloc (strlen(param->id) + strlen("needok \' \' cancel")); |
|
wstr = Widen(param->str); |
|
|
|
if (!wstr || !resp) |
|
{ |
|
WriteStatusLog(c, L"GUI> ", L"Error: out of memory while processing NEED-OK. Sending stop signal", false); |
|
StopOpenVPN(c); |
|
goto out; |
|
} |
|
|
|
const char *fmt; |
|
if (MessageBoxW (NULL, wstr, L""PACKAGE_NAME, MB_OKCANCEL) == IDOK) |
|
{ |
|
fmt = "needok \'%s\' ok"; |
|
} |
|
else |
|
{ |
|
ManagementCommand (c, "auth-retry none", NULL, regular); |
|
fmt = "needok \'%s\' cancel"; |
|
} |
|
|
|
sprintf (resp, fmt, param->id); |
|
ManagementCommand (c, resp, NULL, regular); |
|
|
|
out: |
|
free_auth_param (param); |
|
free(wstr); |
|
free(resp); |
|
} |
|
|
|
/* |
|
* Called when NEED-STR is received |
|
*/ |
|
void |
|
OnNeedStr (connection_t *c, UNUSED char *msg) |
|
{ |
|
if (strstr(msg, "Need 'pkcs11-id-request'")) |
|
{ |
|
msg = strstr(msg, "MSG:"); |
|
OnPkcs11(c, msg ? msg + 4 : ""); |
|
return; |
|
} |
|
WriteStatusLog (c, L"GUI> ", L"Error: Received NEED-STR message -- not implemented", false); |
|
} |
|
|
|
/* Stop the connection -- this sets the daemon to exit if |
|
* started by us, else instructs the daemon to disconnect and |
|
* and wait. |
|
*/ |
|
static void |
|
DisconnectDaemon(connection_t *c) |
|
{ |
|
if (c->flags & FLAG_DAEMON_PERSISTENT) |
|
{ |
|
if (c->manage.connected > 1) /* connected and ready for input */ |
|
{ |
|
ManagementCommand(c, "forget-passwords", NULL, regular); |
|
ManagementCommand(c, "hold on", NULL, regular); |
|
ManagementCommand(c, "signal SIGHUP", NULL, regular); |
|
} |
|
else |
|
{ |
|
OnStop(c, NULL); |
|
} |
|
} |
|
else |
|
{ |
|
SetEvent(c->exit_event); |
|
SetTimer(c->hwndStatus, IDT_STOP_TIMER, 15000, NULL); |
|
} |
|
} |
|
|
|
/* |
|
* Close open handles |
|
*/ |
|
static void |
|
Cleanup (connection_t *c) |
|
{ |
|
CloseManagement (c); |
|
|
|
free_dynamic_cr (c); |
|
env_item_del_all(c->es); |
|
c->es = NULL; |
|
echo_msg_clear(c, true); /* clear history */ |
|
pkcs11_list_clear(&c->pkcs11_list); |
|
|
|
if (c->hProcess) |
|
CloseHandle (c->hProcess); |
|
c->hProcess = NULL; |
|
|
|
if (c->iserv.hEvent) |
|
CloseServiceIO (&c->iserv); |
|
|
|
if (c->exit_event) |
|
CloseHandle (c->exit_event); |
|
c->exit_event = NULL; |
|
c->daemon_state[0] = '\0'; |
|
} |
|
/* |
|
* Helper to position and scale widgets in status window using current dpi |
|
* Takes status window width and height in screen pixels as input |
|
*/ |
|
void |
|
RenderStatusWindow(HWND hwndDlg, UINT w, UINT h) |
|
{ |
|
MoveWindow(GetDlgItem(hwndDlg, ID_EDT_LOG), DPI_SCALE(20), DPI_SCALE(25), w - DPI_SCALE(40), h - DPI_SCALE(110), TRUE); |
|
MoveWindow(GetDlgItem(hwndDlg, ID_TXT_STATUS), DPI_SCALE(20), DPI_SCALE(5), w-DPI_SCALE(30), DPI_SCALE(15), TRUE); |
|
MoveWindow(GetDlgItem(hwndDlg, ID_TXT_IP), DPI_SCALE(20), h - DPI_SCALE(75), w-DPI_SCALE(30), DPI_SCALE(15), TRUE); |
|
MoveWindow(GetDlgItem(hwndDlg, ID_TXT_BYTECOUNT), DPI_SCALE(20), h - DPI_SCALE(55), w-DPI_SCALE(210), DPI_SCALE(15), TRUE); |
|
MoveWindow(GetDlgItem(hwndDlg, ID_TXT_VERSION), w-DPI_SCALE(180), h - DPI_SCALE(55), DPI_SCALE(170), DPI_SCALE(15), TRUE); |
|
MoveWindow(GetDlgItem(hwndDlg, ID_DISCONNECT), DPI_SCALE(20), h - DPI_SCALE(30), DPI_SCALE(110), DPI_SCALE(23), TRUE); |
|
MoveWindow(GetDlgItem(hwndDlg, ID_RESTART), DPI_SCALE(145), h - DPI_SCALE(30), DPI_SCALE(110), DPI_SCALE(23), TRUE); |
|
MoveWindow(GetDlgItem(hwndDlg, ID_DETACH), DPI_SCALE(270), h - DPI_SCALE(30), DPI_SCALE(110), DPI_SCALE(23), TRUE); |
|
MoveWindow(GetDlgItem(hwndDlg, ID_HIDE), w - DPI_SCALE(130), h - DPI_SCALE(30), DPI_SCALE(110), DPI_SCALE(23), TRUE); |
|
} |
|
|
|
/* |
|
* DialogProc for OpenVPN status dialog windows |
|
*/ |
|
INT_PTR CALLBACK |
|
StatusDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) |
|
{ |
|
connection_t *c; |
|
|
|
switch (msg) |
|
{ |
|
case WM_MANAGEMENT: |
|
/* Management interface related event */ |
|
OnManagement(wParam, lParam); |
|
return TRUE; |
|
|
|
case WM_INITDIALOG: |
|
c = (connection_t *) lParam; |
|
|
|
/* Set window icon "disconnected" */ |
|
SetStatusWinIcon(hwndDlg, ID_ICO_CONNECTING); |
|
|
|
/* Set connection for this dialog */ |
|
SetProp(hwndDlg, cfgProp, (HANDLE) c); |
|
|
|
/* Create log window */ |
|
HWND hLogWnd = CreateWindowEx(0, RICHEDIT_CLASS, NULL, |
|
WS_CHILD|WS_VISIBLE|WS_HSCROLL|WS_VSCROLL|ES_SUNKEN|ES_LEFT| |
|
ES_MULTILINE|ES_READONLY|ES_AUTOHSCROLL|ES_AUTOVSCROLL, |
|
20, 25, 350, 160, hwndDlg, (HMENU) ID_EDT_LOG, o.hInstance, NULL); |
|
if (!hLogWnd) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_CREATE_EDIT_LOGWINDOW); |
|
return FALSE; |
|
} |
|
|
|
/* Set font and fontsize of the log window */ |
|
CHARFORMAT cfm = { |
|
.cbSize = sizeof(CHARFORMAT), |
|
.dwMask = CFM_SIZE|CFM_FACE|CFM_BOLD, |
|
.szFaceName = _T("Microsoft Sans Serif"), |
|
.dwEffects = 0, |
|
.yHeight = 160 |
|
}; |
|
if (SendMessage(hLogWnd, EM_SETCHARFORMAT, SCF_DEFAULT, (LPARAM) &cfm) == 0) |
|
ShowLocalizedMsg(IDS_ERR_SET_SIZE); |
|
|
|
/* display version string as "OpenVPN GUI gui_version/core_version" */ |
|
wchar_t version[256]; |
|
_sntprintf_0(version, L"%hs %hs/%hs", PACKAGE_NAME, PACKAGE_VERSION_RESOURCE_STR, o.ovpn_version) |
|
SetDlgItemText(hwndDlg, ID_TXT_VERSION, version); |
|
|
|
/* Set size and position of controls */ |
|
RECT rect; |
|
GetWindowRect(hwndDlg, &rect); |
|
/* Move the window by upto 100 random pixels to avoid all |
|
* status windows fall on top of each other. |
|
*/ |
|
SetWindowPos(hwndDlg, HWND_TOP, rect.left + rand()%100, |
|
rect.top + rand()%100, 0, 0, SWP_NOSIZE); |
|
GetClientRect(hwndDlg, &rect); |
|
RenderStatusWindow(hwndDlg, rect.right, rect.bottom); |
|
if (c->flags & FLAG_DAEMON_PERSISTENT && o.enable_persistent > 0) |
|
{ |
|
EnableWindow(GetDlgItem(hwndDlg, ID_DETACH), TRUE); |
|
} |
|
else |
|
{ |
|
ShowWindow(GetDlgItem(hwndDlg, ID_DETACH), SW_HIDE); |
|
} |
|
/* Set focus on the LogWindow so it scrolls automatically */ |
|
SetFocus(hLogWnd); |
|
return FALSE; |
|
|
|
case WM_DPICHANGED: |
|
DpiSetScale(&o, HIWORD(wParam)); |
|
RECT dlgRect; |
|
GetClientRect(hwndDlg, &dlgRect); |
|
RenderStatusWindow(hwndDlg, dlgRect.right, dlgRect.bottom); |
|
return FALSE; |
|
|
|
case WM_SIZE: |
|
RenderStatusWindow(hwndDlg, LOWORD(lParam), HIWORD(lParam)); |
|
InvalidateRect(hwndDlg, NULL, TRUE); |
|
return TRUE; |
|
|
|
case WM_COMMAND: |
|
c = (connection_t *) GetProp(hwndDlg, cfgProp); |
|
switch (LOWORD(wParam)) |
|
{ |
|
case ID_DISCONNECT: |
|
SetFocus(GetDlgItem(c->hwndStatus, ID_EDT_LOG)); |
|
StopOpenVPN(c); |
|
return TRUE; |
|
|
|
case ID_HIDE: |
|
if (c->state != disconnected) |
|
ShowWindow(hwndDlg, SW_HIDE); |
|
else |
|
DestroyWindow(hwndDlg); |
|
return TRUE; |
|
|
|
case ID_RESTART: |
|
SetFocus(GetDlgItem(c->hwndStatus, ID_EDT_LOG)); |
|
RestartOpenVPN(c); |
|
return TRUE; |
|
|
|
case ID_DETACH: |
|
SetFocus(GetDlgItem(c->hwndStatus, ID_EDT_LOG)); |
|
DetachOpenVPN(c); |
|
return TRUE; |
|
} |
|
break; |
|
|
|
case WM_SHOWWINDOW: |
|
if (wParam == TRUE) |
|
{ |
|
c = (connection_t *) GetProp(hwndDlg, cfgProp); |
|
if (c->hwndStatus) |
|
SetFocus(GetDlgItem(c->hwndStatus, ID_EDT_LOG)); |
|
} |
|
return FALSE; |
|
|
|
case WM_CLOSE: |
|
c = (connection_t *) GetProp(hwndDlg, cfgProp); |
|
if (c->state != disconnected && c->state != detached) |
|
ShowWindow(hwndDlg, SW_HIDE); |
|
else |
|
DestroyWindow(hwndDlg); |
|
return TRUE; |
|
|
|
case WM_NCDESTROY: |
|
RemoveProp(hwndDlg, cfgProp); |
|
break; |
|
|
|
case WM_DESTROY: |
|
PostQuitMessage(0); |
|
break; |
|
|
|
case WM_OVPN_RELEASE: |
|
c = (connection_t *) GetProp(hwndDlg, cfgProp); |
|
c->state = reconnecting; |
|
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_RECONNECTING)); |
|
SetDlgItemTextW(c->hwndStatus, ID_TXT_IP, L""); |
|
SetStatusWinIcon(c->hwndStatus, ID_ICO_CONNECTING); |
|
OnHold(c, ""); |
|
break; |
|
|
|
case WM_OVPN_STOP: |
|
c = (connection_t *) GetProp(hwndDlg, cfgProp); |
|
/* external messages can trigger when we are not ready -- check the state */ |
|
if (!IsWindowEnabled(GetDlgItem(c->hwndStatus, ID_DISCONNECT)) |
|
|| c->state == onhold) |
|
{ |
|
break; |
|
} |
|
c->state = disconnecting; |
|
if (!(c->flags & FLAG_DAEMON_PERSISTENT)) |
|
{ |
|
RunDisconnectScript(c, false); |
|
} |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), FALSE); |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_RESTART), FALSE); |
|
SetMenuStatus(c, disconnecting); |
|
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_WAIT_TERM)); |
|
DisconnectDaemon(c); |
|
break; |
|
|
|
case WM_OVPN_DETACH: |
|
c = (connection_t *) GetProp(hwndDlg, cfgProp); |
|
/* just stop the thread keeping openvpn.exe running */ |
|
c->state = detaching; |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), FALSE); |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_RESTART), FALSE); |
|
OnStop(c, NULL); |
|
break; |
|
|
|
case WM_OVPN_SUSPEND: |
|
c = (connection_t *) GetProp(hwndDlg, cfgProp); |
|
c->state = suspending; |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_DISCONNECT), FALSE); |
|
EnableWindow(GetDlgItem(c->hwndStatus, ID_RESTART), FALSE); |
|
SetMenuStatus(c, disconnecting); |
|
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_WAIT_TERM)); |
|
SetEvent(c->exit_event); |
|
SetTimer(hwndDlg, IDT_STOP_TIMER, 15000, NULL); |
|
break; |
|
|
|
case WM_TIMER: |
|
PrintDebug(L"WM_TIMER message with wParam = %lu", wParam); |
|
c = (connection_t *) GetProp(hwndDlg, cfgProp); |
|
if (wParam == IDT_STOP_TIMER) |
|
{ |
|
/* openvpn failed to respond to stop signal -- terminate */ |
|
TerminateOpenVPN(c); |
|
KillTimer (hwndDlg, IDT_STOP_TIMER); |
|
} |
|
break; |
|
|
|
case WM_OVPN_RESTART: |
|
c = (connection_t *) GetProp(hwndDlg, cfgProp); |
|
/* external messages can trigger when we are not ready -- check the state */ |
|
if (IsWindowEnabled(GetDlgItem(c->hwndStatus, ID_RESTART))) |
|
{ |
|
c->state = reconnecting; |
|
ManagementCommand(c, "signal SIGHUP", NULL, regular); |
|
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_RECONNECTING)); |
|
SetDlgItemTextW(c->hwndStatus, ID_TXT_IP, L""); |
|
SetStatusWinIcon(c->hwndStatus, ID_ICO_CONNECTING); |
|
} |
|
if (!o.silent_connection) |
|
{ |
|
SetForegroundWindow(c->hwndStatus); |
|
ShowWindow(c->hwndStatus, SW_SHOW); |
|
} |
|
break; |
|
} |
|
return FALSE; |
|
} |
|
|
|
/* |
|
* ThreadProc for OpenVPN status dialog windows |
|
*/ |
|
static DWORD WINAPI |
|
ThreadOpenVPNStatus(void *p) |
|
{ |
|
connection_t *c = p; |
|
TCHAR conn_name[200]; |
|
MSG msg; |
|
HANDLE wait_event; |
|
|
|
CLEAR (msg); |
|
srand(c->threadId); |
|
|
|
/* Cut of extention from config filename. */ |
|
_tcsncpy(conn_name, c->config_file, _countof(conn_name)); |
|
conn_name[_tcslen(conn_name) - _tcslen(o.ext_string) - 1] = _T('\0'); |
|
|
|
/* Create and Show Status Dialog */ |
|
c->hwndStatus = CreateLocalizedDialogParam(ID_DLG_STATUS, StatusDialogFunc, (LPARAM) c); |
|
if (!c->hwndStatus) |
|
{ |
|
/* kill daemon process if we started it */ |
|
SetEvent(c->exit_event); |
|
Cleanup(c); |
|
c->state = disconnected; |
|
return 1; |
|
} |
|
|
|
CheckAndSetTrayIcon(); |
|
SetMenuStatus(c, connecting); |
|
SetDlgItemText(c->hwndStatus, ID_TXT_STATUS, LoadLocalizedString(IDS_NFO_STATE_CONNECTING)); |
|
SetWindowText(c->hwndStatus, LoadLocalizedString(IDS_NFO_CONNECTION_XXX, conn_name)); |
|
|
|
if (!OpenManagement(c)) |
|
{ |
|
MessageBoxEx(NULL, L"Failed to open management", _T(PACKAGE_NAME), |
|
MB_OK|MB_SETFOREGROUND|MB_ICONERROR, GetGUILanguage()); |
|
StopOpenVPN(c); |
|
} |
|
|
|
/* Start the async read loop for service and set it as the wait event */ |
|
if (c->iserv.hEvent) |
|
{ |
|
HandleServiceIO (0, 0, (LPOVERLAPPED) &c->iserv); |
|
wait_event = c->iserv.hEvent; |
|
} |
|
else |
|
{ |
|
wait_event = c->hProcess; |
|
} |
|
|
|
/* For persistent connections, popup the status win only if we're connecting manually */ |
|
BOOL show_status_win = (o.silent_connection == 0); |
|
if ((c->flags & FLAG_DAEMON_PERSISTENT) && c->state == resuming) |
|
{ |
|
show_status_win = false; |
|
} |
|
ShowWindow(c->hwndStatus, show_status_win ? SW_SHOW : SW_HIDE); |
|
|
|
/* Load echo msg histroy from registry */ |
|
echo_msg_load(c); |
|
|
|
/* Run the message loop for the status window */ |
|
while (WM_QUIT != msg.message) |
|
{ |
|
DWORD res; |
|
if (wait_event == NULL) /* for persistent connections there is no wait_event */ |
|
{ |
|
res = GetMessage(&msg, NULL, 0, 0); |
|
if (res == (DWORD) -1) /* log the error and continue */ |
|
{ |
|
MsgToEventLog(EVENTLOG_WARNING_TYPE, L"GetMessage for <%ls> returned error (status=%lu)", |
|
c->config_name, GetLastError()); |
|
continue; |
|
} |
|
else if (res == 0) /* WM_QUIT */ |
|
{ |
|
break; |
|
} |
|
} |
|
else if (!PeekMessage(&msg, NULL, 0, 0, PM_REMOVE)) |
|
{ |
|
if ((res = MsgWaitForMultipleObjectsEx (1, &wait_event, INFINITE, QS_ALLINPUT, |
|
MWMO_ALERTABLE)) == WAIT_OBJECT_0) |
|
{ |
|
if (wait_event == c->hProcess) |
|
OnProcess (c, NULL); |
|
else if (wait_event == c->iserv.hEvent) |
|
OnService (c, NULL); |
|
} |
|
continue; |
|
} |
|
|
|
if (IsDialogMessage(c->hwndStatus, &msg) == 0) |
|
{ |
|
TranslateMessage(&msg); |
|
DispatchMessage(&msg); |
|
} |
|
} |
|
|
|
/* release handles etc.*/ |
|
Cleanup (c); |
|
c->hwndStatus = NULL; |
|
return 0; |
|
} |
|
|
|
/* |
|
* Set priority based on the registry or cmd-line value |
|
*/ |
|
static BOOL |
|
SetProcessPriority(DWORD *priority) |
|
{ |
|
*priority = NORMAL_PRIORITY_CLASS; |
|
if (!_tcscmp(o.priority_string, _T("IDLE_PRIORITY_CLASS"))) |
|
*priority = IDLE_PRIORITY_CLASS; |
|
else if (!_tcscmp(o.priority_string, _T("BELOW_NORMAL_PRIORITY_CLASS"))) |
|
*priority = BELOW_NORMAL_PRIORITY_CLASS; |
|
else if (!_tcscmp(o.priority_string, _T("NORMAL_PRIORITY_CLASS"))) |
|
*priority = NORMAL_PRIORITY_CLASS; |
|
else if (!_tcscmp(o.priority_string, _T("ABOVE_NORMAL_PRIORITY_CLASS"))) |
|
*priority = ABOVE_NORMAL_PRIORITY_CLASS; |
|
else if (!_tcscmp(o.priority_string, _T("HIGH_PRIORITY_CLASS"))) |
|
*priority = HIGH_PRIORITY_CLASS; |
|
else |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_UNKNOWN_PRIORITY, o.priority_string); |
|
return FALSE; |
|
} |
|
return TRUE; |
|
} |
|
|
|
#ifdef ENABLE_OVPN3 |
|
inline static |
|
struct json_object* json_object_new_utf16_string(wchar_t *utf16) |
|
{ |
|
DWORD input_size = WideCharToMultiByte(CP_UTF8, 0, utf16, -1, NULL, 0, NULL, NULL); |
|
struct json_object* jobj = NULL; |
|
char *utf8 = malloc(input_size); |
|
if (!utf8) |
|
{ |
|
goto out; |
|
} |
|
|
|
WideCharToMultiByte(CP_UTF8, 0, utf16, -1, utf8, input_size, NULL, NULL); |
|
|
|
jobj = json_object_new_string(utf8); |
|
free(utf8); |
|
|
|
out: |
|
return jobj; |
|
} |
|
|
|
static char* PrepareStartJsonRequest(connection_t *c, wchar_t *exit_event_name) |
|
{ |
|
const char *request_header = "POST /start HTTP/1.1\r\nContent-Type: application/json\r\nContent-Length: %zd\r\n\r\n"; |
|
json_object *jobj = json_object_new_object(); |
|
|
|
json_object_object_add(jobj, "config_file", json_object_new_utf16_string(c->config_file)); |
|
json_object_object_add(jobj, "config_dir", json_object_new_utf16_string(c->config_dir)); |
|
json_object_object_add(jobj, "exit_event_name", json_object_new_utf16_string(exit_event_name)); |
|
json_object_object_add(jobj, "management_password", json_object_new_string(c->manage.password)); |
|
json_object_object_add(jobj, "management_host", json_object_new_string(inet_ntoa(c->manage.skaddr.sin_addr))); |
|
json_object_object_add(jobj, "management_port", json_object_new_int(ntohs(c->manage.skaddr.sin_port))); |
|
json_object_object_add(jobj, "log", json_object_new_utf16_string(c->log_path)); |
|
json_object_object_add(jobj, "log-append", json_object_new_int(o.log_append)); |
|
|
|
const char *body = json_object_to_json_string(jobj); |
|
|
|
int len = snprintf(NULL, 0, request_header, strlen(body)) + strlen(body) + 1; |
|
char* request = calloc(1, len); |
|
if (request == NULL) |
|
{ |
|
goto out; |
|
} |
|
sprintf_s(request, len, request_header, strlen(body)); |
|
strcat_s(request, len, body); |
|
|
|
out: |
|
json_object_put(jobj); |
|
return request; |
|
} |
|
#endif |
|
|
|
/* If state is on hold -- release */ |
|
void |
|
ReleaseOpenVPN(connection_t *c) |
|
{ |
|
if (c->state != onhold) |
|
{ |
|
return; |
|
} |
|
PostMessage(c->hwndStatus, WM_OVPN_RELEASE, 0, 0); |
|
} |
|
|
|
/* Start a thread to monitor a connection and launch openvpn.exe if required */ |
|
BOOL |
|
StartOpenVPN(connection_t *c) |
|
{ |
|
CLEAR(c->ip); |
|
|
|
if (c->hwndStatus) |
|
{ |
|
if (c->state == onhold) |
|
{ |
|
ReleaseOpenVPN(c); |
|
return true; |
|
} |
|
PrintDebug(L"Connection request when already started -- ignored"); |
|
/* the tread can hang around after disconnect if user has not dismissed any popups */ |
|
if (c->state == disconnected) |
|
WriteStatusLog(c, L"OpenVPN GUI> ", |
|
L"Complete any pending dialog before starting a new connection", false); |
|
if (!o.silent_connection) |
|
{ |
|
SetForegroundWindow(c->hwndStatus); |
|
ShowWindow(c->hwndStatus, SW_SHOW); |
|
} |
|
return FALSE; |
|
} |
|
else if (c->state != disconnected && c->state != detached) |
|
{ |
|
return FALSE; |
|
} |
|
|
|
PrintDebug(L"Starting openvpn on config %ls", c->config_name); |
|
|
|
/* Create thread to show the connection's status dialog */ |
|
HANDLE hThread = CreateThread(NULL, 0, ThreadOpenVPNStatus, c, CREATE_SUSPENDED, &c->threadId); |
|
if (hThread == NULL) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_CREATE_THREAD_STATUS); |
|
return false; |
|
} |
|
|
|
if (c->flags & FLAG_DAEMON_PERSISTENT) |
|
{ |
|
if (!ParseManagementAddress(c)) |
|
{ |
|
/* Show an error if manually connecting */ |
|
if (c->state == disconnected) |
|
ShowLocalizedMsgEx(MB_OK|MB_ICONERROR, o.hWnd, TEXT(PACKAGE_NAME), IDS_ERR_PARSE_MGMT_OPTION, |
|
c->config_dir, c->config_file); |
|
else |
|
c->state = disconnected; |
|
TerminateThread(hThread, 1); |
|
return false; |
|
} |
|
} |
|
/* Launch openvpn.exe using the service or directly */ |
|
else if (!LaunchOpenVPN(c)) |
|
{ |
|
TerminateThread(hThread, 1); |
|
return false; |
|
} |
|
|
|
c->state = (c->state == suspended || c->state == detached) ? resuming : connecting; |
|
|
|
/* Start the status dialog thread */ |
|
ResumeThread(hThread); |
|
|
|
if (hThread && hThread != INVALID_HANDLE_VALUE) |
|
CloseHandle(hThread); |
|
|
|
return true; |
|
} |
|
|
|
/* |
|
* Launch an OpenVPN process |
|
*/ |
|
static BOOL |
|
LaunchOpenVPN(connection_t *c) |
|
{ |
|
TCHAR cmdline[1024]; |
|
TCHAR *options = cmdline + 8; |
|
TCHAR exit_event_name[17]; |
|
HANDLE hStdInRead = NULL, hStdInWrite = NULL; |
|
HANDLE hNul = NULL; |
|
DWORD written; |
|
BOOL retval = FALSE; |
|
|
|
RunPreconnectScript(c); |
|
|
|
/* Create an event object to signal OpenVPN to exit */ |
|
_sntprintf_0(exit_event_name, _T("%x%08x"), GetCurrentProcessId(), c->threadId); |
|
c->exit_event = CreateEvent(NULL, TRUE, FALSE, exit_event_name); |
|
if (c->exit_event == NULL) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_CREATE_EVENT, exit_event_name); |
|
goto out; |
|
} |
|
|
|
/* Create a management interface password */ |
|
GetRandomPassword(c->manage.password, sizeof(c->manage.password) - 1); |
|
|
|
find_free_tcp_port(&c->manage.skaddr); |
|
|
|
/* Construct command line -- put log first */ |
|
_sntprintf_0(cmdline, _T("openvpn --log%ls \"%ls\" --config \"%ls\" " |
|
"--setenv IV_GUI_VER \"%hs\" --setenv IV_SSO openurl,crtext --service %ls 0 --auth-retry interact " |
|
"--management %hs %hd stdin --management-query-passwords %ls" |
|
"--management-hold"), |
|
(o.log_append ? _T("-append") : _T("")), c->log_path, |
|
c->config_file, PACKAGE_STRING, exit_event_name, |
|
inet_ntoa(c->manage.skaddr.sin_addr), ntohs(c->manage.skaddr.sin_port), |
|
(o.proxy_source != config ? _T("--management-query-proxy ") : _T(""))); |
|
|
|
BOOL use_iservice = (o.iservice_admin && IsWindows7OrGreater()) || !IsUserAdmin(); |
|
/* Try to open the service pipe */ |
|
if (use_iservice && InitServiceIO(&c->iserv)) |
|
{ |
|
BOOL res = FALSE; |
|
|
|
if (o.ovpn_engine == OPENVPN_ENGINE_OVPN3) |
|
{ |
|
#ifdef ENABLE_OVPN3 |
|
char *request = PrepareStartJsonRequest(c, exit_event_name); |
|
|
|
res = (request != NULL) && WritePipe(c->iserv.pipe, request, strlen(request)); |
|
free(request); |
|
#endif |
|
} |
|
else |
|
{ |
|
DWORD size = _tcslen(c->config_dir) + _tcslen(options) + sizeof(c->manage.password) + 3; |
|
TCHAR startup_info[1024]; |
|
|
|
if (!AuthorizeConfig(c)) |
|
{ |
|
CloseHandle(c->exit_event); |
|
CloseServiceIO(&c->iserv); |
|
goto out; |
|
} |
|
|
|
c->hProcess = NULL; |
|
c->manage.password[sizeof(c->manage.password) - 1] = '\n'; |
|
|
|
/* Ignore pushed route-method when service is in use */ |
|
const wchar_t* extra_options = L" --pull-filter ignore route-method"; |
|
size += wcslen(extra_options); |
|
|
|
_sntprintf_0(startup_info, L"%ls%lc%ls%ls%lc%.*hs", c->config_dir, L'\0', |
|
options, extra_options, L'\0', sizeof(c->manage.password), c->manage.password); |
|
c->manage.password[sizeof(c->manage.password) - 1] = '\0'; |
|
|
|
res = WritePipe(c->iserv.pipe, startup_info, size * sizeof(TCHAR)); |
|
} |
|
|
|
if (!res) |
|
{ |
|
ShowLocalizedMsg (IDS_ERR_WRITE_SERVICE_PIPE); |
|
CloseHandle(c->exit_event); |
|
CloseServiceIO(&c->iserv); |
|
goto out; |
|
} |
|
} |
|
#ifdef ENABLE_OVPN3 |
|
else if (o.ovpn_engine == OPENVPN_ENGINE_OVPN3) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_WRITE_SERVICE_PIPE); |
|
CloseHandle(c->exit_event); |
|
CloseServiceIO(&c->iserv); |
|
goto out; |
|
} |
|
#endif |
|
else |
|
{ |
|
/* Start OpenVPN directly */ |
|
DWORD priority; |
|
STARTUPINFO si; |
|
PROCESS_INFORMATION pi; |
|
SECURITY_DESCRIPTOR sd; |
|
|
|
/* Make I/O handles inheritable and accessible by all */ |
|
SECURITY_ATTRIBUTES sa = { |
|
.nLength = sizeof(sa), |
|
.lpSecurityDescriptor = &sd, |
|
.bInheritHandle = TRUE |
|
}; |
|
|
|
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_INIT_SEC_DESC); |
|
CloseHandle(c->exit_event); |
|
return FALSE; |
|
} |
|
if (!SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE)) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_SET_SEC_DESC_ACL); |
|
CloseHandle(c->exit_event); |
|
return FALSE; |
|
} |
|
|
|
/* Set process priority */ |
|
if (!SetProcessPriority(&priority)) |
|
{ |
|
CloseHandle(c->exit_event); |
|
return FALSE; |
|
} |
|
|
|
/* Get a handle of the NUL device */ |
|
hNul = CreateFile(_T("NUL"), GENERIC_WRITE, FILE_SHARE_WRITE, &sa, OPEN_EXISTING, 0, NULL); |
|
if (hNul == INVALID_HANDLE_VALUE) |
|
{ |
|
CloseHandle(c->exit_event); |
|
return FALSE; |
|
} |
|
|
|
/* Create the pipe for STDIN with only the read end inheritable */ |
|
if (!CreatePipe(&hStdInRead, &hStdInWrite, &sa, 0)) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_CREATE_PIPE_IN_READ); |
|
CloseHandle(c->exit_event); |
|
goto out; |
|
} |
|
if (!SetHandleInformation(hStdInWrite, HANDLE_FLAG_INHERIT, 0)) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_DUP_HANDLE_IN_WRITE); |
|
CloseHandle(c->exit_event); |
|
goto out; |
|
} |
|
|
|
/* Fill in STARTUPINFO struct */ |
|
GetStartupInfo(&si); |
|
si.cb = sizeof(si); |
|
si.dwFlags = STARTF_USESTDHANDLES; |
|
si.hStdInput = hStdInRead; |
|
si.hStdOutput = hNul; |
|
si.hStdError = hNul; |
|
|
|
/* Create an OpenVPN process for the connection */ |
|
if (!CreateProcess(o.exe_path, cmdline, NULL, NULL, TRUE, |
|
priority | CREATE_NO_WINDOW, NULL, c->config_dir, &si, &pi)) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_CREATE_PROCESS, o.exe_path, cmdline, c->config_dir); |
|
CloseHandle(c->exit_event); |
|
goto out; |
|
} |
|
|
|
CloseHandleEx(&hStdInRead); |
|
CloseHandleEx(&hNul); |
|
|
|
/* Pass management password to OpenVPN process */ |
|
c->manage.password[sizeof(c->manage.password) - 1] = '\n'; |
|
WriteFile(hStdInWrite, c->manage.password, sizeof(c->manage.password), &written, NULL); |
|
c->manage.password[sizeof(c->manage.password) - 1] = '\0'; |
|
|
|
c->hProcess = pi.hProcess; /* Will be closed in the event loop on exit */ |
|
CloseHandle(pi.hThread); |
|
} |
|
|
|
retval = TRUE; |
|
|
|
out: |
|
if (hStdInWrite && hStdInWrite != INVALID_HANDLE_VALUE) |
|
CloseHandle(hStdInWrite); |
|
if (hStdInRead && hStdInRead != INVALID_HANDLE_VALUE) |
|
CloseHandle(hStdInRead); |
|
if (hNul && hNul != INVALID_HANDLE_VALUE) |
|
CloseHandle(hNul); |
|
return retval; |
|
} |
|
|
|
|
|
/* Close the status thread without disconnecting the tunnel. |
|
* Meant to be used only on persistent connections which can |
|
* stay connected without the GUI tending to it. |
|
*/ |
|
void |
|
DetachOpenVPN(connection_t *c) |
|
{ |
|
/* currently supported only for persistent connections */ |
|
if (c->flags & FLAG_DAEMON_PERSISTENT) |
|
{ |
|
c->auto_connect = false; |
|
PostMessage(c->hwndStatus, WM_OVPN_DETACH, 0, 0); |
|
} |
|
} |
|
|
|
void |
|
StopOpenVPN(connection_t *c) |
|
{ |
|
PostMessage(c->hwndStatus, WM_OVPN_STOP, 0, 0); |
|
} |
|
|
|
/* force-kill as a last resort */ |
|
static BOOL |
|
TerminateOpenVPN (connection_t *c) |
|
{ |
|
DWORD exit_code = 0; |
|
BOOL retval = TRUE; |
|
|
|
if (!c->hProcess) |
|
return retval; |
|
if (!GetExitCodeProcess (c->hProcess, &exit_code)) |
|
{ |
|
PrintDebug (L"In TerminateOpenVPN: failed to get process status: error = %lu", GetLastError()); |
|
return FALSE; |
|
} |
|
if (exit_code == STILL_ACTIVE) |
|
{ |
|
retval = TerminateProcess (c->hProcess, 1); |
|
if (retval) |
|
PrintDebug (L"Openvpn Process for config '%ls' terminated", c->config_name); |
|
else |
|
PrintDebug (L"Failed to terminate openvpn Process for config '%ls'", c->config_name); |
|
} |
|
else |
|
PrintDebug(L"In TerminateOpenVPN: Process is not active"); |
|
|
|
return retval; |
|
} |
|
|
|
void |
|
SuspendOpenVPN(int config) |
|
{ |
|
PostMessage(o.conn[config].hwndStatus, WM_OVPN_SUSPEND, 0, 0); |
|
} |
|
|
|
void |
|
RestartOpenVPN(connection_t *c) |
|
{ |
|
if (c->state == onhold) |
|
{ |
|
ReleaseOpenVPN(c); |
|
} |
|
else if (c->hwndStatus) |
|
{ |
|
PostMessage(c->hwndStatus, WM_OVPN_RESTART, 0, 0); |
|
} |
|
else /* Not started: treat this as a request to connect */ |
|
{ |
|
StartOpenVPN(c); |
|
} |
|
} |
|
|
|
void |
|
SetStatusWinIcon(HWND hwndDlg, int iconId) |
|
{ |
|
HICON hIcon = LoadLocalizedSmallIcon(iconId); |
|
if (!hIcon) |
|
return; |
|
HICON hIconBig = LoadLocalizedIcon(ID_ICO_APP); |
|
if (!hIconBig) |
|
hIconBig = hIcon; |
|
SendMessage(hwndDlg, WM_SETICON, (WPARAM) ICON_SMALL, (LPARAM) hIcon); |
|
SendMessage(hwndDlg, WM_SETICON, (WPARAM) ICON_BIG, (LPARAM) hIconBig); |
|
} |
|
|
|
|
|
/* |
|
* Read one line from OpenVPN's stdout. |
|
*/ |
|
static BOOL |
|
ReadLineFromStdOut(HANDLE hStdOut, char *line, DWORD size) |
|
{ |
|
DWORD len, read; |
|
|
|
while (TRUE) |
|
{ |
|
if (!PeekNamedPipe(hStdOut, line, size, &read, NULL, NULL)) |
|
{ |
|
if (GetLastError() != ERROR_BROKEN_PIPE) |
|
ShowLocalizedMsg(IDS_ERR_READ_STDOUT_PIPE); |
|
return FALSE; |
|
} |
|
|
|
char *pos = memchr(line, '\r', read); |
|
if (pos) |
|
{ |
|
len = pos - line + 2; |
|
if (len > size) |
|
return FALSE; |
|
break; |
|
} |
|
|
|
/* Line doesn't fit into the buffer */ |
|
if (read == size) |
|
return FALSE; |
|
|
|
Sleep(100); |
|
} |
|
|
|
if (!ReadFile(hStdOut, line, len, &read, NULL) || read != len) |
|
{ |
|
if (GetLastError() != ERROR_BROKEN_PIPE) |
|
ShowLocalizedMsg(IDS_ERR_READ_STDOUT_PIPE); |
|
return FALSE; |
|
} |
|
|
|
line[read - 2] = '\0'; |
|
return TRUE; |
|
} |
|
|
|
|
|
BOOL |
|
CheckVersion() |
|
{ |
|
HANDLE hStdOutRead = NULL; |
|
HANDLE hStdOutWrite = NULL; |
|
BOOL retval = FALSE; |
|
STARTUPINFO si; |
|
PROCESS_INFORMATION pi; |
|
TCHAR cmdline[] = _T("openvpn --version"); |
|
char match_version[] = "OpenVPN 2."; |
|
TCHAR pwd[MAX_PATH]; |
|
char line[1024]; |
|
TCHAR *p; |
|
|
|
CLEAR(si); |
|
CLEAR(pi); |
|
|
|
/* Make handles inheritable and accessible by all */ |
|
SECURITY_DESCRIPTOR sd; |
|
SECURITY_ATTRIBUTES sa = { |
|
.nLength = sizeof(sa), |
|
.lpSecurityDescriptor = &sd, |
|
.bInheritHandle = TRUE |
|
}; |
|
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_INIT_SEC_DESC); |
|
return FALSE; |
|
} |
|
if (!SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE)) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_SET_SEC_DESC_ACL); |
|
return FALSE; |
|
} |
|
|
|
/* Create the pipe for STDOUT with inheritable write end */ |
|
if (!CreatePipe(&hStdOutRead, &hStdOutWrite, &sa, 0)) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_CREATE_PIPE_IN_READ); |
|
return FALSE; |
|
} |
|
if (!SetHandleInformation(hStdOutRead, HANDLE_FLAG_INHERIT, 0)) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_DUP_HANDLE_IN_WRITE); |
|
goto out; |
|
} |
|
|
|
/* Construct the process' working directory */ |
|
_tcsncpy(pwd, o.exe_path, _countof(pwd)); |
|
p = _tcsrchr(pwd, _T('\\')); |
|
if (p != NULL) |
|
*p = _T('\0'); |
|
|
|
/* Fill in STARTUPINFO struct */ |
|
si.cb = sizeof(si); |
|
si.dwFlags = STARTF_USESTDHANDLES; |
|
si.hStdInput = GetStdHandle(STD_INPUT_HANDLE); |
|
si.hStdOutput = hStdOutWrite; |
|
si.hStdError = hStdOutWrite; |
|
|
|
/* Start OpenVPN to check version */ |
|
bool success = CreateProcess(o.exe_path, cmdline, NULL, NULL, TRUE, |
|
CREATE_NO_WINDOW, NULL, pwd, &si, &pi); |
|
if (!success) |
|
{ |
|
ShowLocalizedMsg(IDS_ERR_CREATE_PROCESS, o.exe_path, cmdline, pwd); |
|
goto out; |
|
} |
|
|
|
CloseHandleEx(&hStdOutWrite); |
|
CloseHandleEx(&pi.hThread); |
|
CloseHandleEx(&pi.hProcess); |
|
|
|
if (ReadLineFromStdOut(hStdOutRead, line, sizeof(line))) |
|
{ |
|
#ifdef DEBUG |
|
PrintDebug(_T("VersionString: %hs"), line); |
|
#endif |
|
/* OpenVPN version 2.x */ |
|
char *p = strstr(line, match_version); |
|
if (p) |
|
{ |
|
retval = TRUE; |
|
p = strtok(p+8, " "); |
|
strncpy(o.ovpn_version, p, _countof(o.ovpn_version)-1); |
|
o.ovpn_version[_countof(o.ovpn_version)-1] = '\0'; |
|
} |
|
} |
|
|
|
out: |
|
CloseHandleEx(&hStdOutWrite); |
|
CloseHandleEx(&hStdOutRead); |
|
return retval; |
|
} |
|
|
|
/* Delete saved passwords and reset the checkboxes to default */ |
|
void |
|
ResetSavePasswords(connection_t *c) |
|
{ |
|
if (ShowLocalizedMsgEx(MB_OKCANCEL, NULL, TEXT(PACKAGE_NAME), IDS_NFO_DELETE_PASS, c->config_name) == IDCANCEL) |
|
return; |
|
DeleteSavedPasswords(c->config_name); |
|
c->flags &= ~(FLAG_SAVE_KEY_PASS | FLAG_SAVE_AUTH_PASS); |
|
SetMenuStatus(c, c->state); |
|
}
|
|
|