Warn users if Windows not updated for longer than two months

Closes: #128 Signed-off-by: Simon Rozman <[email protected]>
Amebis · Apr 27, 2023 · 9cc1a9b · 9cc1a9b
1 parent ae05477
commit 9cc1a9b
Show file tree

Hide file tree

Showing 29 changed files with 336 additions and 47 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -26,3 +26,6 @@
 [submodule "eduvpn-common"]
 	path = eduvpn-common
 	url = https://github.com/Amebis/eduvpn-common.git
+[submodule "lxn-win"]
+	path = lxn-win
+	url = https://github.com/Amebis/lxn-win.git
diff --git a/CHANGES.md b/CHANGES.md
@@ -4,10 +4,12 @@
 
 - eduvpn-common integration
 - Self-update migrated to Go
+- Warn users if Windows not updated for longer than two months
 - OpenVPN updated to 2.5.9-20230427
     - openvpn 2.5.9 ea4ce681d9008f277706f4d90f2648ae043cbb2e
 - libsodium updated to 1.0.18-20230427
     - libsodium 1.0.18 adef28f318564a757da6c848f2b6a38fad2cd1fa
+- Fixes: #128
 
 
 ## [3.4](https://github.com/Amebis/eduVPN/compare/3.3.8...3.4) (2023-04-25)

diff --git a/eduVPN/SelfUpdate.cs → eduVPN/CGo.cs b/eduVPN/SelfUpdate.cs → eduVPN/CGo.cs
@@ -18,7 +18,7 @@
 
 namespace eduVPN
 {
-    public class SelfUpdate
+    public class CGo
     {
         #region Data types
 
@@ -121,15 +121,7 @@ class CGoContext : IDisposable
         {
             #region Fields
 
-            /// <summary>
-            /// Thread shutdown token
-            /// </summary>
-            CancellationTokenSource Abort;
-
-            /// <summary>
-            /// Thread to monitor cancellation
-            /// </summary>
-            Thread Thread;
+            readonly CancellationTokenRegistration CancellationTokenRegistration;
 
             #endregion
 
@@ -147,14 +139,7 @@ class CGoContext : IDisposable
             public CGoContext(CancellationToken ct = default)
             {
                 Handle = make_context();
-                Abort = new CancellationTokenSource();
-                var a = CancellationTokenSource.CreateLinkedTokenSource(Abort.Token, ct);
-                Thread = new Thread(() =>
-                {
-                    if (a.Token.WaitHandle.WaitOne() && ct.IsCancellationRequested)
-                        cancel_context(Handle);
-                });
-                Thread.Start();
+                CancellationTokenRegistration = ct.Register(() => cancel_context(Handle));
             }
 
             #endregion
@@ -194,8 +179,7 @@ protected virtual void Dispose(bool disposing)
                 {
                     if (disposing)
                     {
-                        Abort.Cancel();
-                        Thread.Join();
+                        CancellationTokenRegistration.Dispose();
                         free_context(Handle);
                     }
                     disposedValue = true;
@@ -220,7 +204,7 @@ public void Dispose()
         /// <summary>
         /// Available self-update description
         /// </summary>
-        public class Package : JSON.ILoadableItem
+        public class SelfUpdatePackage : JSON.ILoadableItem
         {
             #region Fields
 
@@ -259,7 +243,7 @@ public class Package : JSON.ILoadableItem
 
             #region Constructors
 
-            public Package(Uri baseUri)
+            public SelfUpdatePackage(Uri baseUri)
             {
                 BaseUri = baseUri;
             }
@@ -292,16 +276,26 @@ public void Load(object obj)
 
         #endregion
 
+        #region Fields
+
+        /// <summary>
+        /// Used to convert Unix timestamps into <see cref="DateTimeOffset"/>
+        /// </summary>
+        [DebuggerBrowsable(DebuggerBrowsableState.Never)]
+        static readonly DateTimeOffset Epoch = new DateTimeOffset(1970, 1, 1, 0, 0, 0, new TimeSpan(0, 0, 0));
+
+        #endregion
+
         #region Methods
 
         [DllImport("eduvpn_windows.dll", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair check_selfupdate(
+        static extern CGoPtrPtr check_selfupdate(
             [MarshalAs(UnmanagedType.LPUTF8Str)] string url,
             [MarshalAs(UnmanagedType.LPUTF8Str)] string allowedSigners,
             [MarshalAs(UnmanagedType.LPUTF8Str)] string productId,
             IntPtr ctx);
 
-        public static Package Check(ResourceRef discovery, string productId, CancellationToken ct = default)
+        public static SelfUpdatePackage CheckSelfUpdate(ResourceRef discovery, string productId, CancellationToken ct = default)
         {
             using (var ctx = new CGoContext(ct))
             {
@@ -321,7 +315,7 @@ public static Package Check(ResourceRef discovery, string productId, Cancellatio
                 {
                     if (r.r1 != IntPtr.Zero)
                         throw new Exception((string)m.MarshalNativeToManaged(r.r1));
-                    var p = new Package(discovery.Uri);
+                    var p = new SelfUpdatePackage(discovery.Uri);
                     p.Load(eduJSON.Parser.Parse((string)m.MarshalNativeToManaged(r.r0), ct));
                     return p;
                 }
@@ -356,7 +350,7 @@ static extern string download_and_install_selfupdate(
             IntPtr ctx,
             SetProgress setProgress);
 
-        public static void DownloadAndInstall(
+        public static void DownloadAndInstallSelfUpdate(
             IEnumerable<Uri> uris,
             byte[] hash,
             string installerArguments,
@@ -377,6 +371,28 @@ public static void DownloadAndInstall(
             }
         }
 
+        [DllImport("eduvpn_windows.dll", CallingConvention = CallingConvention.Cdecl)]
+        static extern CGoInt64Ptr get_last_update_timestamp(IntPtr ctx);
+
+        public static DateTimeOffset GetLastUpdateTimestamp(CancellationToken ct = default)
+        {
+            using (var ctx = new CGoContext(ct))
+            {
+                var m = CGoToManagedStringMarshaller.GetInstance(null);
+                var r = get_last_update_timestamp(ctx.Handle);
+                try
+                {
+                    if (r.r1 != IntPtr.Zero)
+                        throw new Exception((string)m.MarshalNativeToManaged(r.r1));
+                    return Epoch.AddSeconds(r.r0);
+                }
+                finally
+                {
+                    m.CleanUpNativeData(r.r1);
+                }
+            }
+        }
+
         #endregion
     }
 }
diff --git a/eduVPN/CGoInt64Ptr.cs b/eduVPN/CGoInt64Ptr.cs
@@ -0,0 +1,22 @@
+/*
+    eduVPN - VPN for education and research
+
+    Copyright: 2017-2023 The Commons Conservancy
+    SPDX-License-Identifier: GPL-3.0+
+*/
+
+using System;
+using System.Runtime.InteropServices;
+
+namespace eduVPN
+{
+    /// <summary>
+    /// A blittable struct to allow (C.int64_t, *C.char) CGo function return types
+    /// </summary>
+    [StructLayout(LayoutKind.Sequential)]
+    struct CGoInt64Ptr
+    {
+        public long r0;
+        public IntPtr r1;
+    }
+}
diff --git a/eduVPN/CGoPtrPair.cs → eduVPN/CGoPtrPtr.cs b/eduVPN/CGoPtrPair.cs → eduVPN/CGoPtrPtr.cs
@@ -14,7 +14,7 @@ namespace eduVPN
     /// A blittable struct to allow (*C.char, *C.char) CGo function return types
     /// </summary>
     [StructLayout(LayoutKind.Sequential)]
-    struct CGoPtrPair
+    struct CGoPtrPtr
     {
         public IntPtr r0;
         public IntPtr r1;

diff --git a/eduVPN/Engine.cs b/eduVPN/Engine.cs
@@ -358,7 +358,7 @@ public static void Deregister()
         }
 
         [DllImport("eduvpn_common.dll", EntryPoint = "ExpiryTimes", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair _ExpiryTimes();
+        static extern CGoPtrPtr _ExpiryTimes();
 
         /// <summary>
         /// Returns the different Unix timestamps regarding expiry.
@@ -497,7 +497,7 @@ public static void RemoveOwnServer(Uri url)
         }
 
         [DllImport("eduvpn_common.dll", EntryPoint = "CurrentServer", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair _CurrentServer();
+        static extern CGoPtrPtr _CurrentServer();
 
         public static string CurrentServer()
         {
@@ -516,7 +516,7 @@ public static string CurrentServer()
         }
 
         [DllImport("eduvpn_common.dll", EntryPoint = "ServerList", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair _ServerList();
+        static extern CGoPtrPtr _ServerList();
 
         public static string ServerList()
         {
@@ -535,7 +535,7 @@ public static string ServerList()
         }
 
         [DllImport("eduvpn_common.dll", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair GetConfig(
+        static extern CGoPtrPtr GetConfig(
             /*[MarshalAs(UnmanagedType.I4)]*/ ServerType type,
             [MarshalAs(UnmanagedType.LPUTF8Str)] string id,
             int pTCP,
@@ -649,7 +649,7 @@ public static void SetSecureInternetLocation(string countryCode)
         }
 
         [DllImport("eduvpn_common.dll", EntryPoint = "DiscoServers", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair _DiscoServers();
+        static extern CGoPtrPtr _DiscoServers();
 
         /// <summary>
         /// Gets the servers list from the discovery server.
@@ -675,7 +675,7 @@ public static string DiscoServers()
         }
 
         [DllImport("eduvpn_common.dll", EntryPoint = "DiscoOrganizations", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair _DiscoOrganizations();
+        static extern CGoPtrPtr _DiscoOrganizations();
 
         /// <summary>
         /// Gets the organizations list from the discovery server.
@@ -750,7 +750,7 @@ public static void SetSupportWireGuard(bool support)
         }
 
         [DllImport("eduvpn_common.dll", EntryPoint = "SecureLocationList", CallingConvention = CallingConvention.Cdecl)]
-        static extern CGoPtrPair _SecureLocationList();
+        static extern CGoPtrPtr _SecureLocationList();
 
         /// <summary>
         /// Returns all the available locations

diff --git a/eduVPN/Resources/Strings.Designer.cs b/eduVPN/Resources/Strings.Designer.cs
diff --git a/eduVPN/Resources/Strings.ar.resx b/eduVPN/Resources/Strings.ar.resx
@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>
diff --git a/eduVPN/Resources/Strings.de.resx b/eduVPN/Resources/Strings.de.resx
@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>
diff --git a/eduVPN/Resources/Strings.es-ES.resx b/eduVPN/Resources/Strings.es-ES.resx
@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>
diff --git a/eduVPN/Resources/Strings.es.resx b/eduVPN/Resources/Strings.es.resx
@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>
diff --git a/eduVPN/Resources/Strings.fr.resx b/eduVPN/Resources/Strings.fr.resx
@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>
diff --git a/eduVPN/Resources/Strings.nb.resx b/eduVPN/Resources/Strings.nb.resx
@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>
diff --git a/eduVPN/Resources/Strings.nl.resx b/eduVPN/Resources/Strings.nl.resx
@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>
diff --git a/eduVPN/Resources/Strings.pt-PT.resx b/eduVPN/Resources/Strings.pt-PT.resx
@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>
diff --git a/eduVPN/Resources/Strings.resx b/eduVPN/Resources/Strings.resx
@@ -221,4 +221,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>
diff --git a/eduVPN/Resources/Strings.sl.resx b/eduVPN/Resources/Strings.sl.resx
@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Vaš računalnik že uporablja tunel VPN za privzeti promet. Dodatna povezava VPN verjetno ne bo delovala.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>
diff --git a/eduVPN/Resources/Strings.tr.resx b/eduVPN/Resources/Strings.tr.resx
@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>
diff --git a/eduVPN/Resources/Strings.uk.resx b/eduVPN/Resources/Strings.uk.resx
@@ -243,4 +243,8 @@
   <data name="WarningDefaultGatewayIsVPN" xml:space="preserve">
     <value>Your computer is using a VPN tunnel to handle the default traffic already. Another VPN connection will likely not work.</value>
   </data>
+  <data name="WarningWindowsUpdatesStalled" xml:space="preserve">
+    <value>Your computer did not install any Windows Updates for a while. Please check the update status and/or upgrade your computer to a newer and supported release of Windows.
+Your organization might opt to prevent connections from insecure computers in the future.</value>
+  </data>
 </root>