Feature request - Winbox new parameter

henly · August 24, 2011, 11:24am

Hello would it be possible to add new parameter to winbox.exe? Something like: winbox.exe [-f file]

In file would be information in format: “IP login password”. Or if you want same format as in addresses.wbx.

The idea is it would be possible to connect to Mikrotik directly from web.

Why I need it: We have about 800 running Mikrotiks in our network. That is too many to have all of them in winbox, searching takes long time. Furthermore technicians generally search it in our IS, because there are all information. Nowadays I can write out login and password and technicians have to type it to winbox, another option is to offer them *.bat file which they have to save and then run. With the -f parameter I could create a configuration file (for example *.wbx) and technicians could open it in winbox and so directly connect to the mikrotik and have nothing to type.

sergejs · August 24, 2011, 12:56pm

I’m not sure it the same feature, you are looking for.
But described sequence works fine for me (at least on Windows 7).

go to Winbox folder;
click create shortcut;
move shortcut to Destkop or anywhere you need;
right mouse click and edit target;
set to target C:\Users\S\Downloads\winbox.exe demo2.mt.lv demo “”
– demo2.mt.lv - address
– demo - login
– “” password (empty password in my case);
Click on shortcut it will automatically connect to demo router with predefined login/password.

normis · August 24, 2011, 12:59pm

this way you can create a folder, with all kinds of shortcuts, for all your routers.

henly · August 24, 2011, 1:36pm

I know it is possible, but it is even worse than import everything into winbox. What I need is to associate let’s say *.wbx file with winbox. AFAIK it is not possible now.

normis · August 25, 2011, 5:02am

I don’t understand what you mean by ‘associate a file’. you can already save passwords in Winbox, and move the password file to other PCs. This doesn’t solve your problem of searching for correct router in a list.

henly · August 25, 2011, 1:45pm

I mean associate wbx file with Winbox in Windows. The same way as associating mp3 file with audio player. If you find mp3 file on web you can click on it and it plays. I’d like the same function with wbx file. That’s why I need Winbox to accept new parameter. And that’s why I proposed format of this file.

Afterwards I could generate such files on our IS and technicians could connect to Mikrotiks without copying and pasting IP, login and password from web to Winbox.

Maybe this information will help: Every Mikrotik has another password and passwords are changed frequently. Some technicians are not allowed to connect to some Mikrotiks, or are allowed only a limited number of connections per day. All controls information system.

fewi · August 25, 2011, 1:48pm

Sorry to butt in, but that seems like a poor way to manage that. Any file would have to have hardcoded username/password information - if a technician opens that file with a text editor he now has credentials to log in as many times as he wants. It would seem like a proper AAA solution (RADIUS) would be a much better fit. That AAA can then make decisions based on any policy you tell it to, including what techs can log into, and how often they can do so.

henly · August 25, 2011, 3:01pm

I’m sorry I did not say it exactly. It is not about how many times the technician connects to a specific Mikrotik but about on how many different Mikrotiks is he allowed to connect. As I wrote technicians now receive a password and must rewrite it into Winbox. So it is definitely not problem that the technician would know the password.

Yes RADIUS is another option. A colleague tried it and rejected it due to some problems. The only thing I remember now is because of the above-mentioned number of connections to various Mikrotiks. And how to connect to Mikrotik if it cannot connect to the RADIUS server. I’m afraid I’ll have to try and see if it could be used.

Pity that WinBox is not open source. It would have been modified in an hour and we would not have it two days to solve.

fewi · August 25, 2011, 7:48pm

In my opinion RADIUS is definitely the way to go. It’s trivial to have an LDAP or SQL backend that is consulted on authentication and only lets certain accounts into certain routers - you just need to evaluate the username vs the NAS IP.

Need to protect against failure? Install two redundant RADIUS servers.

Sob · August 25, 2011, 11:26pm

If you’re into programming, compile the following, put the result to same directory as winbox.exe, associate anyextensionyoulike with it and it’s done.

wblaunch.c:

#define _WIN32_WINNT 0x0500
#define _UNICODE
#define UNICODE
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <shellapi.h>

#pragma comment(lib, "shell32.lib")
#pragma comment(lib, "user32.lib")

#define MAX_PARAMS 1024
#define MAX_BUFFER 256

int WINAPI wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PWSTR pCmdLine, int nCmdShow)
{
	LPWSTR *szArglist;
	int nArgs;
	STARTUPINFO si;
	PROCESS_INFORMATION pi;
	WCHAR config[MAX_PATH];
	WCHAR params[MAX_PARAMS];
	WCHAR buffer[MAX_BUFFER];
	WCHAR msg_title[] = L"WinBox Launcher";

	szArglist = CommandLineToArgvW(GetCommandLineW(), &nArgs);
	if(szArglist == NULL) {
		MessageBox(HWND_DESKTOP, L"CommandLineToArgvW failed.", msg_title, MB_ICONERROR);
		return 0;
	} else if(nArgs != 2) {
		MessageBox(HWND_DESKTOP, L"Usage: wblaunch.exe <config file>", msg_title, MB_ICONINFORMATION);
		return 0;
	}

	GetFullPathName(szArglist[1], MAX_PATH, config, NULL);
	LocalFree(szArglist);
	
	wcscpy(params, L"\"");
	GetPrivateProfileString(L"WinBox", L"Password", L"", buffer, MAX_BUFFER, config);
	wcscat(params, buffer);
	wcscat(params, L"\" ");
	GetPrivateProfileString(L"WinBox", L"Host", L"", buffer, MAX_BUFFER, config);
	wcscat(params, buffer);
	wcscat(params, L" ");
	GetPrivateProfileString(L"WinBox", L"User", L"", buffer, MAX_BUFFER, config);
	wcscat(params, buffer);

	if(wcscmp(params, L"\"\"  ") == 0) {
		MessageBox(HWND_DESKTOP, L"Error reading config file.", msg_title, MB_ICONERROR);
		return 0;
	}

	ZeroMemory(&si, sizeof(si));
	si.cb = sizeof(si);
	ZeroMemory(&pi, sizeof(pi));
	if(CreateProcess(L"winbox.exe", params, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi) == 0) {
		MessageBox(HWND_DESKTOP, L"Unable to launch winbox.exe.", msg_title, MB_ICONERROR);
	}

	return 0;
}

demo.anyextensionyoulike:

[WinBox]
Host=demo2.mt.lv
User=demo
Password=

henly · August 31, 2011, 7:20am

Sob thanks a lot. We modified the source code a little because of problems with Unicode in MinGW and it works perfectly. Thanks, karma up for you

#define _WIN32_WINNT 0x0500
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <shellapi.h>

#pragma comment(lib, "shell32.lib")
#pragma comment(lib, "user32.lib")

#define MAX_PARAMS 1024
#define MAX_BUFFER 256

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR _pCmdLine, int nCmdShow)
{
   LPWSTR *szArglist;
   int nArgs;
   STARTUPINFOW si;
   PROCESS_INFORMATION pi;
   WCHAR config[MAX_PATH];
   WCHAR params[MAX_PARAMS];
   WCHAR buffer[MAX_BUFFER];
   WCHAR msg_title[] = L"WinBox Launcher";

   szArglist = CommandLineToArgvW(GetCommandLineW(), &nArgs);
   if(szArglist == NULL) {
      MessageBoxW(HWND_DESKTOP, L"CommandLineToArgvW failed.", msg_title, MB_ICONERROR);
      return 0;
   } else if(nArgs != 2) {
      MessageBoxW(HWND_DESKTOP, L"Usage: winbox_run.exe <config file>", msg_title, MB_ICONINFORMATION);
      return 0;
   }

   GetFullPathNameW(szArglist[1], MAX_PATH, config, NULL);
   LocalFree(szArglist);
   
   wcscpy(params, L"winbox.exe ");
   GetPrivateProfileStringW(L"WinBox", L"Host", L"", buffer, MAX_BUFFER, config);
   wcscat(params, buffer);
   wcscat(params, L" ");
   GetPrivateProfileStringW(L"WinBox", L"User", L"", buffer, MAX_BUFFER, config);
   wcscat(params, buffer);
   wcscat(params, L" ");
   //wcscat(params, L"\"");
   GetPrivateProfileStringW(L"WinBox", L"Password", L"", buffer, MAX_BUFFER, config);
   wcscat(params, buffer);
   //wcscat(params, L"\"");

   if(wcscmp(params, L"\"\"  ") == 0) {
      MessageBoxW(HWND_DESKTOP, L"Error reading config file.", msg_title, MB_ICONERROR);
      return 0;
   }

   ZeroMemory(&si, sizeof(si));
   si.cb = sizeof(si);
   ZeroMemory(&pi, sizeof(pi));
   if(CreateProcessW(NULL, params, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi) == 0) {
      MessageBoxW(HWND_DESKTOP, L"Unable to launch winbox.exe.", msg_title, MB_ICONERROR);
   }

   return 0;
}

To associate *.wbx file from web it was necessary to add

application/WinBox wbx

to /etc/mime.types on the web server.

To run on Linux, I created a simple bash script:

#!/bin/bash
wine /path/to/winbox_run.exe $1

Fewi I will look at RADIUS later, I’m quite busy right now. Then i will tell.