From 85729d719a69d80116a4118a5bdfef689fb63e90 Mon Sep 17 00:00:00 2001 From: Selva Nair Date: Sun, 9 Jun 2024 20:17:58 -0400 Subject: [PATCH] WIP: Add a global option to always prompt for OTP This adds a checkbox to the general settings menu to always prompt for OTP when prompting for pasword even if no static-challenge request is received from the core. The prompt text may be localized. The response and password are concatenated to a single string and send in plain to the management interface. This is suggested as an alternative to OpenVPN core supporting an extension to the static-challenge format. The latter is preferred over this approach. Signed-off-by: Selva Nair --- localization.c | 7 ++++++- openvpn-gui-res.h | 5 +++++ openvpn.c | 9 +++++++++ options.h | 1 + registry.c | 1 + res/openvpn-gui-res-en.rc | 4 +++- 6 files changed, 25 insertions(+), 2 deletions(-) diff --git a/localization.c b/localization.c index 1e93c724..6871a494 100644 --- a/localization.c +++ b/localization.c @@ -640,6 +640,10 @@ GeneralSettingsDlgProc(HWND hwndDlg, UINT msg, UNUSED WPARAM wParam, LPARAM lPar { Button_SetCheck(GetDlgItem(hwndDlg, ID_CHK_AUTO_RESTART), BST_CHECKED); } + if (o.auth_pass_concat_otp) + { + Button_SetCheck(GetDlgItem(hwndDlg, ID_CHK_CONCAT_OTP), BST_CHECKED); + } break; @@ -704,7 +708,8 @@ GeneralSettingsDlgProc(HWND hwndDlg, UINT msg, UNUSED WPARAM wParam, LPARAM lPar (Button_GetCheck(GetDlgItem(hwndDlg, ID_CHK_SHOW_SCRIPT_WIN)) == BST_CHECKED); o.enable_auto_restart = (Button_GetCheck(GetDlgItem(hwndDlg, ID_CHK_AUTO_RESTART)) == BST_CHECKED); - + o.auth_pass_concat_otp = + (Button_GetCheck(GetDlgItem(hwndDlg, ID_CHK_CONCAT_OTP)) == BST_CHECKED); SaveRegistryKeys(); diff --git a/openvpn-gui-res.h b/openvpn-gui-res.h index e32aab25..2282c599 100644 --- a/openvpn-gui-res.h +++ b/openvpn-gui-res.h @@ -166,6 +166,10 @@ #define ID_LVW_PKCS11 451 #define ID_TXT_PKCS11 452 +/* General settings contd.. */ + +#define ID_CHK_CONCAT_OTP 470 + /* * String Table Resources */ @@ -263,6 +267,7 @@ #define IDS_NFO_CONN_CANCELLED 1264 #define IDS_NFO_STATE_ROUTE_ERROR 1265 #define IDS_NFO_NOTIFY_ROUTE_ERROR 1266 +#define IDS_NFO_OTP_PROMPT 1267 /* Program Startup Related */ #define IDS_ERR_OPEN_DEBUG_FILE 1301 diff --git a/openvpn.c b/openvpn.c index 8ef9ce5e..542e4825 100644 --- a/openvpn.c +++ b/openvpn.c @@ -580,6 +580,10 @@ UserAuthDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) } } + else if (param->flags & FLAG_CR_TYPE_CONCAT) + { + SetDlgItemTextW(hwndDlg, ID_TXT_AUTH_CHALLENGE, LoadLocalizedString(IDS_NFO_OTP_PROMPT)); + } if (RecallUsername(param->c->config_name, username)) { SetDlgItemTextW(hwndDlg, ID_EDT_AUTH_USER, username); @@ -1426,6 +1430,11 @@ OnPassword(connection_t *c, char *msg) param->str = strdup(chstr + 5); LocalizedDialogBoxParamEx(ID_DLG_AUTH_CHALLENGE, c->hwndStatus, UserAuthDialogFunc, (LPARAM) param); } + else if (o.auth_pass_concat_otp) + { + param->flags |= FLAG_CR_ECHO | FLAG_CR_TYPE_CONCAT; + LocalizedDialogBoxParamEx(ID_DLG_AUTH_CHALLENGE, c->hwndStatus, UserAuthDialogFunc, (LPARAM) param); + } else { LocalizedDialogBoxParamEx(ID_DLG_AUTH, c->hwndStatus, UserAuthDialogFunc, (LPARAM) param); diff --git a/options.h b/options.h index 678396b4..30d69118 100644 --- a/options.h +++ b/options.h @@ -206,6 +206,7 @@ typedef struct { TCHAR priority_string[64]; TCHAR ovpn_admin_group[MAX_NAME]; DWORD disable_save_passwords; + DWORD auth_pass_concat_otp; /* HKCU registry values */ TCHAR config_dir[MAX_PATH]; TCHAR ext_string[16]; diff --git a/registry.c b/registry.c index 336268f3..cc133e4a 100644 --- a/registry.c +++ b/registry.c @@ -67,6 +67,7 @@ struct regkey_int { {L"management_port_offset", &o.mgmt_port_offset, 25340}, {L"enable_peristent_connections", &o.enable_persistent, 2}, {L"enable_auto_restart", &o.enable_auto_restart, 1}, + {L"auth_pass_concat_otp", &o.auth_pass_concat_otp, 0}, {L"ovpn_engine", &o.ovpn_engine, OPENVPN_ENGINE_OVPN2} }; diff --git a/res/openvpn-gui-res-en.rc b/res/openvpn-gui-res-en.rc index 515ab780..ab15d793 100644 --- a/res/openvpn-gui-res-en.rc +++ b/res/openvpn-gui-res-en.rc @@ -178,7 +178,7 @@ BEGIN GROUPBOX "Startup", 202, 6, 47, 235, 30 AUTOCHECKBOX "Launch on User &Logon", ID_CHK_STARTUP, 17, 59, 100, 12 - GROUPBOX "Preferences", ID_GROUPBOX3, 6, 82, 235, 165 + GROUPBOX "Preferences", ID_GROUPBOX3, 6, 82, 235, 180 AUTOCHECKBOX "A&ppend to log", ID_CHK_LOG_APPEND, 17, 95, 60, 10 AUTOCHECKBOX "Show script &window", ID_CHK_SHOW_SCRIPT_WIN, 17, 110, 200, 10 AUTOCHECKBOX "S&ilent connection", ID_CHK_SILENT, 17, 125, 200, 10 @@ -193,6 +193,7 @@ BEGIN AUTORADIOBUTTON "&Disable", ID_RB_BALLOON5, 181, 200, 40, 10 AUTOCHECKBOX "Enable Pre-Logon A&ccess Provider (requires admin access)", ID_CHK_PLAP_REG, 17, 215, 200, 10 AUTOCHECKBOX "Enable auto restart of active connections", ID_CHK_AUTO_RESTART, 17, 230, 200, 10 + AUTOCHECKBOX "Prompt for &OTP and combine with password", ID_CHK_CONCAT_OTP, 17, 245, 200, 10 END /* Advanced Dialog */ @@ -576,6 +577,7 @@ once as Administrator to update the registry." IDS_NFO_AUTO_CONNECT "Connecting automatically in %u seconds…" IDS_NFO_CLICK_HERE_TO_START "OpenVPN GUI is already running. Right click on the tray icon to start." IDS_NFO_BYTECOUNT "Bytes in: %ls out: %ls" + IDS_NFO_OTP_PROMPT "Input OTP or passcode" /* AS profile import */ IDS_ERR_URL_IMPORT_PROFILE "Error fetching profile from URL: [%d] %ls"