Update changelog

Related: #338

.github/workflows/build.yaml

@@ -9,6 +9,9 @@ on:
     branches:
       - main
       - dev
+      - hotfix/*
+      - feature/*
+      - release/*
     tags:
       - latest
       - v*.*.*
@@ -42,6 +45,7 @@ jobs:
       with:
         token: ${{ secrets.GH_PAT }}
         repository: yuezk/GlobalProtect-openconnect
+        ref: ${{ github.ref }}
         path: source/gp
     - name: Create tarball
       run: |
@@ -95,12 +99,14 @@ jobs:
       with:
         token: ${{ secrets.GH_PAT }}
         repository: yuezk/GlobalProtect-openconnect
+        ref: ${{ github.ref }}
         path: gpgui-source/gp
-    - name: Checkout gpgui
+    - name: Checkout gpgui@${{ github.ref_name }}
       uses: actions/checkout@v3
       with:
         token: ${{ secrets.GH_PAT }}
         repository: yuezk/gpgui
+        ref: ${{ github.ref_name }}
         path: gpgui-source/gpgui
     - name: Tarball
       run: |

Cargo.lock

@@ -564,7 +564,7 @@ dependencies = [
 
 [[package]]
 name = "common"
-version = "2.1.0"
+version = "2.1.2"
 dependencies = [
  "is_executable",
 ]
@@ -1430,7 +1430,7 @@ dependencies = [
 
 [[package]]
 name = "gpapi"
-version = "2.1.0"
+version = "2.1.2"
 dependencies = [
  "anyhow",
  "base64 0.21.5",
@@ -1462,7 +1462,7 @@ dependencies = [
 
 [[package]]
 name = "gpauth"
-version = "2.1.0"
+version = "2.1.2"
 dependencies = [
  "anyhow",
  "clap",
@@ -1482,10 +1482,11 @@ dependencies = [
 
 [[package]]
 name = "gpclient"
-version = "2.1.0"
+version = "2.1.2"
 dependencies = [
  "anyhow",
  "clap",
+ "common",
  "compile-time",
  "directories",
  "env_logger",
@@ -1503,7 +1504,7 @@ dependencies = [
 
 [[package]]
 name = "gpgui-helper"
-version = "2.1.0"
+version = "2.1.2"
 dependencies = [
  "anyhow",
  "clap",
@@ -1521,7 +1522,7 @@ dependencies = [
 
 [[package]]
 name = "gpservice"
-version = "2.1.0"
+version = "2.1.2"
 dependencies = [
  "anyhow",
  "axum",
@@ -2526,7 +2527,7 @@ dependencies = [
 
 [[package]]
 name = "openconnect"
-version = "2.1.0"
+version = "2.1.2"
 dependencies = [
  "cc",
  "common",

Cargo.toml

@@ -5,7 +5,7 @@ members = ["crates/*", "apps/gpclient", "apps/gpservice", "apps/gpauth", "apps/g
 
 [workspace.package]
 rust-version = "1.70"
-version = "2.1.0"
+version = "2.1.2"
 authors = ["Kevin Yue <k3vinyue@gmail.com>"]
 homepage = "https://github.com/yuezk/GlobalProtect-openconnect"
 edition = "2021"

apps/gpauth/tauri.conf.json

@@ -22,8 +22,8 @@
         "all": true,
         "request": true,
         "scope": [
-          "http://**",
-          "https://**"
+          "http://*",
+          "https://*"
         ]
       }
     },

apps/gpclient/Cargo.toml

@@ -6,6 +6,7 @@ edition.workspace = true
 license.workspace = true
 
 [dependencies]
+common = { path = "../../crates/common" }
 gpapi = { path = "../../crates/gpapi", features = ["clap"] }
 openconnect = { path = "../../crates/openconnect" }
 anyhow.workspace = true

apps/gpclient/src/connect.rs

@@ -1,12 +1,14 @@
 use std::{fs, sync::Arc};
 
 use clap::Args;
+use common::vpn_utils::find_csd_wrapper;
 use gpapi::{
   clap::args::Os,
   credential::{Credential, PasswordCredential},
+  error::PortalError,
   gateway::gateway_login,
   gp_params::{ClientOs, GpParams},
-  portal::{prelogin, retrieve_config, PortalError, Prelogin},
+  portal::{prelogin, retrieve_config, Prelogin},
   process::{
     auth_launcher::SamlAuthLauncher,
     users::{get_non_root_user, get_user_by_name},
@@ -31,6 +33,12 @@ pub(crate) struct ConnectArgs {
   #[arg(long, short, help = "The VPNC script to use")]
   script: Option<String>,
 
+  #[arg(
+    long,
+    help = "Use the default CSD wrapper to generate the HIP report and send it to the server"
+  )]
+  hip: bool,
+
   #[arg(long, help = "Same as the '--csd-user' option in the openconnect command")]
   csd_user: Option<String>,
 
@@ -112,16 +120,19 @@ impl<'a> ConnectHandler<'a> {
     let selected_gateway = match &self.args.gateway {
       Some(gateway) => portal_config
         .find_gateway(gateway)
-        .ok_or_else(|| anyhow::anyhow!("Cannot find gateway {}", gateway))?,
+        .ok_or_else(|| anyhow::anyhow!("Cannot find gateway specified: {}", gateway))?,
       None => {
         portal_config.sort_gateways(prelogin.region());
         let gateways = portal_config.gateways();
 
         if gateways.len() > 1 {
-          Select::new("Which gateway do you want to connect to?", gateways)
+          let gateway = Select::new("Which gateway do you want to connect to?", gateways)
             .with_vim_mode(true)
-            .prompt()?
+            .prompt()?;
+          info!("Connecting to the selected gateway: {}", gateway);
+          gateway
         } else {
+          info!("Connecting to the only available gateway: {}", gateways[0]);
           gateways[0]
         }
       }
@@ -142,6 +153,8 @@ impl<'a> ConnectHandler<'a> {
   }
 
   async fn connect_gateway_with_prelogin(&self, gateway: &str) -> anyhow::Result<()> {
+    info!("Performing the gateway authentication...");
+
     let mut gp_params = self.build_gp_params();
     gp_params.set_is_gateway(true);
 
@@ -154,14 +167,21 @@ impl<'a> ConnectHandler<'a> {
   }
 
   async fn connect_gateway(&self, gateway: &str, cookie: &str) -> anyhow::Result<()> {
-    let csd_uid = get_csd_uid(&self.args.csd_user)?;
     let mtu = self.args.mtu.unwrap_or(0);
+    let csd_uid = get_csd_uid(&self.args.csd_user)?;
+    let csd_wrapper = if self.args.csd_wrapper.is_some() {
+      self.args.csd_wrapper.clone()
+    } else if self.args.hip {
+      find_csd_wrapper()
+    } else {
+      None
+    };
 
     let vpn = Vpn::builder(gateway, cookie)
       .script(self.args.script.clone())
       .user_agent(self.args.user_agent.clone())
       .csd_uid(csd_uid)
-      .csd_wrapper(self.args.csd_wrapper.clone())
+      .csd_wrapper(csd_wrapper)
       .mtu(mtu)
       .build()?;
 

changelog.md

@@ -1,5 +1,16 @@
 # Changelog
 
+## 2.1.2 - 2024-03-29
+
+- Treat portal as gateway when the gateway login is failed (fix #338)
+
+## 2.1.1 - 2024-03-25
+
+- Add the `--hip` option to enable HIP report
+- Fix not working in OpenSuse 15.5 (fix #336, #322)
+- Treat portal as gateway when the gateway login is failed (fix #338)
+- Improve the error message (fix #327)
+
 ## 2.1.0 - 2024-02-27
 
 - Update distribution channel for `gpgui` to complaint with the GPL-3 license.

crates/gpapi/src/error.rs

@@ -0,0 +1,11 @@
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum PortalError {
+  #[error("Portal prelogin error: {0}")]
+  PreloginError(String),
+  #[error("Portal config error: {0}")]
+  ConfigError(String),
+  #[error("Network error: {0}")]
+  NetworkError(String),
+}

crates/gpapi/src/gateway/login.rs

@@ -1,13 +1,14 @@
 use anyhow::bail;
-use log::info;
+use log::{info, warn};
 use reqwest::Client;
 use roxmltree::Document;
 use urlencoding::encode;
 
 use crate::{
   credential::Credential,
+  error::PortalError,
   gp_params::GpParams,
-  utils::{normalize_server, remove_url_scheme},
+  utils::{normalize_server, parse_gp_error, remove_url_scheme},
 };
 
 pub async fn gateway_login(gateway: &str, cred: &Credential, gp_params: &GpParams) -> anyhow::Result<String> {
@@ -28,11 +29,24 @@ pub async fn gateway_login(gateway: &str, cred: &Credential, gp_params: &GpParam
 
   info!("Gateway login, user_agent: {}", gp_params.user_agent());
 
-  let res = client.post(&login_url).form(&params).send().await?;
+  let res = client
+    .post(&login_url)
+    .form(&params)
+    .send()
+    .await
+    .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
+
   let status = res.status();
 
   if status.is_client_error() || status.is_server_error() {
-    bail!("Gateway login error: {}", status)
+    let (reason, res) = parse_gp_error(res).await;
+
+    warn!(
+      "Gateway login error: reason={}, status={}, response={}",
+      reason, status, res
+    );
+
+    bail!("Gateway login error, reason: {}", reason);
   }
 
   let res_xml = res.text().await?;

crates/gpapi/src/lib.rs

@@ -1,5 +1,6 @@
 pub mod auth;
 pub mod credential;
+pub mod error;
 pub mod gateway;
 pub mod gp_params;
 pub mod portal;

crates/gpapi/src/portal/config.rs

@@ -1,5 +1,5 @@
 use anyhow::bail;
-use log::info;
+use log::{info, warn};
 use reqwest::{Client, StatusCode};
 use roxmltree::Document;
 use serde::Serialize;
@@ -7,10 +7,10 @@ use specta::Type;
 
 use crate::{
   credential::{AuthCookieCredential, Credential},
+  error::PortalError,
   gateway::{parse_gateways, Gateway},
   gp_params::GpParams,
-  portal::PortalError,
-  utils::{normalize_server, remove_url_scheme, xml},
+  utils::{normalize_server, parse_gp_error, remove_url_scheme, xml},
 };
 
 #[derive(Debug, Serialize, Type)]
@@ -102,7 +102,12 @@ pub async fn retrieve_config(portal: &str, cred: &Credential, gp_params: &GpPara
 
   info!("Portal config, user_agent: {}", gp_params.user_agent());
 
-  let res = client.post(&url).form(&params).send().await?;
+  let res = client
+    .post(&url)
+    .form(&params)
+    .send()
+    .await
+    .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
   let status = res.status();
 
   if status == StatusCode::NOT_FOUND {
@@ -110,7 +115,14 @@ pub async fn retrieve_config(portal: &str, cred: &Credential, gp_params: &GpPara
   }
 
   if status.is_client_error() || status.is_server_error() {
-    bail!("Portal config error: {}", status)
+    let (reason, res) = parse_gp_error(res).await;
+
+    warn!(
+      "Portal config error: reason={}, status={}, response={}",
+      reason, status, res
+    );
+
+    bail!("Portal config error, reason: {}", reason);
   }
 
   let res_xml = res.text().await.map_err(|e| PortalError::ConfigError(e.to_string()))?;

crates/gpapi/src/portal/mod.rs

@@ -3,13 +3,3 @@ mod prelogin;
 
 pub use config::*;
 pub use prelogin::*;
-
-use thiserror::Error;
-
-#[derive(Error, Debug)]
-pub enum PortalError {
-  #[error("Portal prelogin error: {0}")]
-  PreloginError(String),
-  #[error("Portal config error: {0}")]
-  ConfigError(String),
-}

crates/gpapi/src/portal/prelogin.rs

@@ -1,14 +1,14 @@
 use anyhow::bail;
-use log::info;
+use log::{info, warn};
 use reqwest::{Client, StatusCode};
 use roxmltree::Document;
 use serde::Serialize;
 use specta::Type;
 
 use crate::{
+  error::PortalError,
   gp_params::GpParams,
-  portal::PortalError,
-  utils::{base64, normalize_server, xml},
+  utils::{base64, normalize_server, parse_gp_error, xml},
 };
 
 const REQUIRED_PARAMS: [&str; 8] = [
@@ -118,7 +118,12 @@ pub async fn prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prel
     .user_agent(user_agent)
     .build()?;
 
-  let res = client.post(&prelogin_url).form(&params).send().await?;
+  let res = client
+    .post(&prelogin_url)
+    .form(&params)
+    .send()
+    .await
+    .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
   let status = res.status();
 
   if status == StatusCode::NOT_FOUND {
@@ -126,6 +131,10 @@ pub async fn prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prel
   }
 
   if status.is_client_error() || status.is_server_error() {
+    let (reason, res) = parse_gp_error(res).await;
+
+    warn!("Prelogin error: reason={}, status={}, response={}", reason, status, res);
+
     bail!("Prelogin error: {}", status)
   }
 

crates/gpapi/src/utils/mod.rs

@@ -1,4 +1,4 @@
-use reqwest::Url;
+use reqwest::{Response, Url};
 
 pub(crate) mod xml;
 
@@ -41,3 +41,18 @@ pub fn normalize_server(server: &str) -> anyhow::Result<String> {
 pub fn remove_url_scheme(s: &str) -> String {
   s.replace("http://", "").replace("https://", "")
 }
+
+pub(crate) async fn parse_gp_error(res: Response) -> (String, String) {
+  let reason = res
+    .headers()
+    .get("x-private-pan-globalprotect")
+    .map_or_else(|| "<none>", |v| v.to_str().unwrap_or("<invalid header>"))
+    .to_string();
+
+  let res = res.text().await.map_or_else(
+    |_| "<failed to read response>".to_string(),
+    |v| if v.is_empty() { "<empty>".to_string() } else { v },
+  );
+
+  (reason, res)
+}