Warn users if Windows not updated for longer than two months

Closes: #128
Signed-off-by: Simon Rozman <[email protected]>

.gitmodules

@@ -26,3 +26,6 @@
 [submodule "eduvpn-common"]
 	path = eduvpn-common
 	url = https://github.com/Amebis/eduvpn-common.git
+[submodule "lxn-win"]
+	path = lxn-win
+	url = https://github.com/Amebis/lxn-win.git

CHANGES.md

@@ -2,6 +2,9 @@
 
 ## [Unreleased](https://github.com/Amebis/eduVPN/compare/3.3.8...HEAD)
 
+- Warn users if Windows not updated for longer than two months
+- Fixes: #128
+
 
 ## [3.3.8](https://github.com/Amebis/eduVPN/compare/3.3.7...3.3.8) (2023-04-12)
 

eduVPN/SelfUpdate.cs → eduVPN/CGo.cs

@@ -18,7 +18,7 @@
 
 namespace eduVPN
 {
-    public class SelfUpdate
+    public class CGo
     {
         #region Data types
 
@@ -220,7 +220,7 @@ public void Dispose()
         /// <summary>
         /// Available self-update description
         /// </summary>
-        public class Package : JSON.ILoadableItem
+        public class SelfUpdatePackage : JSON.ILoadableItem
         {
             #region Fields
 
@@ -259,7 +259,7 @@ public class Package : JSON.ILoadableItem
 
             #region Constructors
 
-            public Package(Uri baseUri)
+            public SelfUpdatePackage(Uri baseUri)
             {
                 BaseUri = baseUri;
             }
@@ -292,16 +292,26 @@ public void Load(object obj)
 
         #endregion
 
+        #region Fields
+
+        /// <summary>
+        /// Used to convert Unix timestamps into <see cref="DateTimeOffset"/>
+        /// </summary>
+        [DebuggerBrowsable(DebuggerBrowsableState.Never)]
+        static readonly DateTimeOffset Epoch = new DateTimeOffset(1970, 1, 1, 0, 0, 0, new TimeSpan(0, 0, 0));
+
+        #endregion
+
         #region Methods
 
         [DllImport("eduvpn_windows.dll", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair check_selfupdate(
+        static extern CGoPtrPtr check_selfupdate(
             [MarshalAs(UnmanagedType.LPUTF8Str)] string url,
             [MarshalAs(UnmanagedType.LPUTF8Str)] string allowedSigners,
             [MarshalAs(UnmanagedType.LPUTF8Str)] string productId,
             IntPtr ctx);
 
-        public static Package Check(ResourceRef discovery, string productId, CancellationToken ct = default)
+        public static SelfUpdatePackage CheckSelfUpdate(ResourceRef discovery, string productId, CancellationToken ct = default)
         {
             using (var ctx = new CGoContext(ct))
             {
@@ -321,7 +331,7 @@ public static Package Check(ResourceRef discovery, string productId, Cancellatio
                 {
                     if (r.r1 != IntPtr.Zero)
                         throw new Exception((string)m.MarshalNativeToManaged(r.r1));
-                    var p = new Package(discovery.Uri);
+                    var p = new SelfUpdatePackage(discovery.Uri);
                     p.Load(eduJSON.Parser.Parse((string)m.MarshalNativeToManaged(r.r0), ct));
                     return p;
                 }
@@ -356,7 +366,7 @@ static extern string download_and_install_selfupdate(
             IntPtr ctx,
             SetProgress setProgress);
 
-        public static void DownloadAndInstall(
+        public static void DownloadAndInstallSelfUpdate(
             IEnumerable<Uri> uris,
             byte[] hash,
             string installerArguments,
@@ -377,6 +387,28 @@ public static void DownloadAndInstall(
             }
         }
 
+        [DllImport("eduvpn_windows.dll", CallingConvention = CallingConvention.Cdecl)]
+        static extern CGoInt64Ptr get_last_update_timestamp(IntPtr ctx);
+
+        public static DateTimeOffset GetLastUpdateTimestamp(CancellationToken ct = default)
+        {
+            using (var ctx = new CGoContext(ct))
+            {
+                var m = CGoToManagedStringMarshaller.GetInstance(null);
+                var r = get_last_update_timestamp(ctx.Handle);
+                try
+                {
+                    if (r.r1 != IntPtr.Zero)
+                        throw new Exception((string)m.MarshalNativeToManaged(r.r1));
+                    return Epoch.AddSeconds(r.r0);
+                }
+                finally
+                {
+                    m.CleanUpNativeData(r.r1);
+                }
+            }
+        }
+
         #endregion
     }
 }

eduVPN/CGoInt64Ptr.cs

@@ -0,0 +1,22 @@
+/*
+    eduVPN - VPN for education and research
+
+    Copyright: 2017-2023 The Commons Conservancy
+    SPDX-License-Identifier: GPL-3.0+
+*/
+
+using System;
+using System.Runtime.InteropServices;
+
+namespace eduVPN
+{
+    /// <summary>
+    /// A blittable struct to allow (C.int64_t, *C.char) CGo function return types
+    /// </summary>
+    [StructLayout(LayoutKind.Sequential)]
+    struct CGoInt64Ptr
+    {
+        public long r0;
+        public IntPtr r1;
+    }
+}

eduVPN/CGoPtrPair.cs → eduVPN/CGoPtrPtr.cs

@@ -14,7 +14,7 @@ namespace eduVPN
     /// A blittable struct to allow (*C.char, *C.char) CGo function return types
     /// </summary>
     [StructLayout(LayoutKind.Sequential)]
-    struct CGoPtrPair
+    struct CGoPtrPtr
     {
         public IntPtr r0;
         public IntPtr r1;

eduVPN/Engine.cs

@@ -358,7 +358,7 @@ public static void Deregister()
         }
 
         [DllImport("eduvpn_common.dll", EntryPoint = "ExpiryTimes", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair _ExpiryTimes();
+        static extern CGoPtrPtr _ExpiryTimes();
 
         /// <summary>
         /// Returns the different Unix timestamps regarding expiry.
@@ -497,7 +497,7 @@ public static void RemoveOwnServer(Uri url)
         }
 
         [DllImport("eduvpn_common.dll", EntryPoint = "CurrentServer", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair _CurrentServer();
+        static extern CGoPtrPtr _CurrentServer();
 
         public static string CurrentServer()
         {
@@ -516,7 +516,7 @@ public static string CurrentServer()
         }
 
         [DllImport("eduvpn_common.dll", EntryPoint = "ServerList", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair _ServerList();
+        static extern CGoPtrPtr _ServerList();
 
         public static string ServerList()
         {
@@ -535,7 +535,7 @@ public static string ServerList()
         }
 
         [DllImport("eduvpn_common.dll", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair GetConfig(
+        static extern CGoPtrPtr GetConfig(
             /*[MarshalAs(UnmanagedType.I4)]*/ ServerType type,
             [MarshalAs(UnmanagedType.LPUTF8Str)] string id,
             int pTCP,
@@ -649,7 +649,7 @@ public static void SetSecureInternetLocation(string countryCode)
         }
 
         [DllImport("eduvpn_common.dll", EntryPoint = "DiscoServers", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair _DiscoServers();
+        static extern CGoPtrPtr _DiscoServers();
 
         /// <summary>
         /// Gets the servers list from the discovery server.
@@ -675,7 +675,7 @@ public static string DiscoServers()
         }
 
         [DllImport("eduvpn_common.dll", EntryPoint = "DiscoOrganizations", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair _DiscoOrganizations();
+        static extern CGoPtrPtr _DiscoOrganizations();
 
         /// <summary>
         /// Gets the organizations list from the discovery server.
@@ -750,7 +750,7 @@ public static void SetSupportWireGuard(bool support)
         }
 
         [DllImport("eduvpn_common.dll", EntryPoint = "SecureLocationList", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair _SecureLocationList();
+        static extern CGoPtrPtr _SecureLocationList();
 
         /// <summary>
         /// Returns all the available locations

eduVPN/Resources/Strings.ar.resx

@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>

eduVPN/Resources/Strings.de.resx

@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>

eduVPN/Resources/Strings.es-ES.resx

@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>

eduVPN/Resources/Strings.es.resx

@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>

eduVPN/Resources/Strings.fr.resx

@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>

eduVPN/Resources/Strings.nb.resx

@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>

eduVPN/Resources/Strings.nl.resx

@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>

eduVPN/Resources/Strings.pt-PT.resx

@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>

eduVPN/Resources/Strings.resx

@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>

eduVPN/Resources/Strings.sl.resx

@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Vaš računalnik že uporablja tunel VPN za privzeti promet. Dodatna povezava VPN verjetno ne bo delovala.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>

eduVPN/Resources/Strings.tr.resx

@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>

eduVPN/Resources/Strings.uk.resx

@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>

eduVPN/ViewModels/Pages/SelfUpdateProgressPage.cs

@@ -103,8 +103,8 @@ public override void OnActivate()
             selfUpdate.DoWork += (object sender, DoWorkEventArgs e) =>
             {
                 selfUpdate.ReportProgress(0);
-                SelfUpdate.DownloadAndInstall(DownloadUris, Hash, Arguments, ct,
-                    new SelfUpdate.SetProgress((float value) => selfUpdate.ReportProgress((int)Math.Floor(value * 100))));
+                CGo.DownloadAndInstallSelfUpdate(DownloadUris, Hash, Arguments, ct,
+                    new CGo.SetProgress((float value) => selfUpdate.ReportProgress((int)Math.Floor(value * 100))));
             };
 
             // Self-update progress.

eduVPN/ViewModels/Pages/SelfUpdatePromptPage.cs

@@ -142,7 +142,7 @@ public void DiscoverVersions()
             Wizard.TryInvoke((Action)(() => Wizard.TaskCount++));
             try
             {
-                var package = SelfUpdate.Check(
+                var package = CGo.CheckSelfUpdate(
                     Properties.SettingsEx.Default.SelfUpdateDiscovery,
                     Properties.Settings.Default.SelfUpdateBundleId,
                     Window.Abort.Token);

eduVPN/ViewModels/Windows/ConnectWizard.cs

@@ -353,6 +353,15 @@ public ConnectWizard()
                 },
                 24 * 60 * 60 * 1000)); // Repeat every 24 hours
 
+            actions.Add(new KeyValuePair<Action, int>(
+                () =>
+                {
+                    var ts = CGo.GetLastUpdateTimestamp(Abort.Token);
+                    if (DateTimeOffset.UtcNow - ts > TimeSpan.FromDays(60))
+                        throw new Exception(Resources.Strings.WarningWindowsUpdatesStalled);
+                },
+                24 * 60 * 60 * 1000)); // Repeat every 24 hours
+
             // TODO: Migrate eduVPN settings to eduvpn-common.
             // TODO: Support preconfigured Institute Access and Secure Internet to eduvpn-common.
             //var str = Engine.ServerList();