refactor: encrypt the sensitive data

2025-05-20 07:26:58 -04:00 · 2023-07-22 07:33:53 +08:00
parent bf96a88e21
commit 601f422863
40 changed files with 1274 additions and 275 deletions
--- a/gpcommon/src/client.rs
+++ b/gpcommon/src/client.rs
@@ -201,8 +201,14 @@ impl Client {
            })
    }

-    pub async fn connect(&self, server: String, cookie: String) -> Result<(), ServerApiError> {
-        self.send_command(Connect::new(server, cookie).into()).await
+    pub async fn connect(
+        &self,
+        server: String,
+        cookie: String,
+        user_agent: String,
+    ) -> Result<(), ServerApiError> {
+        self.send_command(Connect::new(server, cookie, user_agent).into())
+            .await
    }

    pub async fn disconnect(&self) -> Result<(), ServerApiError> {
--- a/gpcommon/src/cmd/connect.rs
+++ b/gpcommon/src/cmd/connect.rs
@@ -7,11 +7,16 @@ use serde::{Deserialize, Serialize};
 pub struct Connect {
    server: String,
    cookie: String,
+    user_agent: String,
 }

 impl Connect {
-    pub fn new(server: String, cookie: String) -> Self {
-        Self { server, cookie }
+    pub fn new(server: String, cookie: String, user_agent: String) -> Self {
+        Self {
+            server,
+            cookie,
+            user_agent,
+        }
    }
 }

@@ -25,7 +30,7 @@ impl Command for Connect {
            return Err(format!("VPN is already in state: {:?}", status).into());
        }

-        if let Err(err) = vpn.connect(&self.server, &self.cookie).await {
+        if let Err(err) = vpn.connect(&self.server, &self.cookie, &self.user_agent).await {
            return Err(err.to_string().into());
        }

--- a/gpcommon/src/vpn/ffi.rs
+++ b/gpcommon/src/vpn/ffi.rs
@@ -5,16 +5,17 @@ use tokio::sync::mpsc;
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
 pub(crate) struct Options {
-    pub server: *const ::std::os::raw::c_char,
-    pub cookie: *const ::std::os::raw::c_char,
-    pub script: *const ::std::os::raw::c_char,
+    pub server: *const std::os::raw::c_char,
+    pub cookie: *const std::os::raw::c_char,
+    pub script: *const std::os::raw::c_char,
+    pub user_agent: *const std::os::raw::c_char,
    pub user_data: *mut c_void,
 }

 #[link(name = "vpn")]
 extern "C" {
    #[link_name = "vpn_connect"]
-    pub(crate) fn connect(options: *const Options) -> ::std::os::raw::c_int;
+    pub(crate) fn connect(options: *const Options) -> std::os::raw::c_int;

    #[link_name = "vpn_disconnect"]
    pub(crate) fn disconnect();
@@ -32,7 +33,7 @@ extern "C" fn on_vpn_connected(value: i32, sender: *mut c_void) {
 // level: 0 = error, 1 = info, 2 = debug, 3 = trace
 // map the error level log in openconnect to the warning level
 #[no_mangle]
-extern "C" fn vpn_log(level: i32, message: *const ::std::os::raw::c_char) {
+extern "C" fn vpn_log(level: i32, message: *const std::os::raw::c_char) {
    let message = unsafe { std::ffi::CStr::from_ptr(message) };
    let message = message.to_str().unwrap_or("Invalid log message");
    // Strip the trailing newline
--- a/gpcommon/src/vpn/mod.rs
+++ b/gpcommon/src/vpn/mod.rs
@@ -56,6 +56,7 @@ pub(crate) struct VpnOptions {
    server: CString,
    cookie: CString,
    script: CString,
+    user_agent: CString,
 }

 impl VpnOptions {
@@ -64,6 +65,7 @@ impl VpnOptions {
            server: self.server.as_ptr(),
            cookie: self.cookie.as_ptr(),
            script: self.script.as_ptr(),
+            user_agent: self.user_agent.as_ptr(),
            user_data,
        }
    }
@@ -88,6 +90,7 @@ impl Vpn {
        &self,
        server: &str,
        cookie: &str,
+        user_agent: &str,
    ) -> Result<(), Box<dyn std::error::Error>> {
        let script = match find_default_vpnc_script() {
            Some(script) => {
@@ -104,6 +107,7 @@ impl Vpn {
            server: VpnOptions::to_cstr(server),
            cookie: VpnOptions::to_cstr(cookie),
            script: VpnOptions::to_cstr(script),
+            user_agent: VpnOptions::to_cstr(user_agent),
        });

        let vpn_options = self.vpn_options.clone();
--- a/gpcommon/src/vpn/vpn.c
+++ b/gpcommon/src/vpn/vpn.c
@@ -53,7 +53,7 @@ int vpn_connect(const vpn_options *options)
    g_user_data = options->user_data;
    g_vpnc_script = options->script;

-    vpninfo = openconnect_vpninfo_new("PAN GlobalProtect", validate_peer_cert, NULL, NULL, print_progress, NULL);
+    vpninfo = openconnect_vpninfo_new(options->user_agent, validate_peer_cert, NULL, NULL, print_progress, NULL);

    if (!vpninfo)
    {
--- a/gpcommon/src/vpn/vpn.h
+++ b/gpcommon/src/vpn/vpn.h
@@ -8,6 +8,7 @@ typedef struct vpn_options
    const char *server;
    const char *cookie;
    const char *script;
+    const char *user_agent;
    void *user_data;
 } vpn_options;