release 1.3.3

* fix the clientos param

* fix the clientos param

.github/workflows/main.yml

@@ -0,0 +1,30 @@
+name: Build
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Install Qt
+        uses: jurplel/install-qt-action@v2
+        with:
+          version: 5.12.11
+          modules: 'qtwebengine qtwebsockets'
+      
+      # Checkout repository and submodules
+      - uses: actions/checkout@v2
+        with:
+          submodules: recursive
+
+      - name: Build
+        run: |
+          qmake CONFIG+=release
+          make

.github/workflows/pre-release.yml

@@ -0,0 +1,60 @@
+name: Pre Release
+
+on:
+  workflow_dispatch:
+
+jobs:
+  pre-release:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    env:
+      DEBFULLNAME: "Kevin Yue"
+      DEBEMAIL: "yuezk001@gmail.com"
+
+    steps:
+      # Checkout repository and submodules
+      - uses: actions/checkout@v2
+        with:
+          submodules: recursive
+          fetch-depth: 0
+
+      - name: Init variables
+        id: vars
+        run: |
+          TAG=$(git tag --sort=-v:refname --list "v[0-9]*" | head -n 1 | cut -c 2-)
+          echo ::set-output name=VERSION::"${TAG}+SNAPSHOT$(date -u +"%Y%m%d%H%M%S")"
+          echo ::set-output name=TAG::${TAG}
+      
+      - name: Update debian/changelog
+        run: |
+          sudo apt install devscripts
+          git log --format="%s" v${{ steps.vars.outputs.TAG }}.. | xargs -L1 dch -v ${{ steps.vars.outputs.VERSION }}-1ppa1
+      
+      - name: "Archive all"
+        run: |
+          python -m pip install --upgrade pip
+          pip install git-archive-all
+          git-archive-all \
+            --force-submodules \
+            --prefix=globalprotect-openconnect-${{ steps.vars.outputs.VERSION }}/ \
+            ./globalprotect-openconnect-${{ steps.vars.outputs.VERSION }}.full.tar.gz
+
+      - name: "Debian Packaging"
+        run: |
+          sudo apt update
+          sudo apt install qtbase5-dev libqt5websockets5-dev qtwebengine5-dev qttools5-dev debhelper
+          mkdir build-debian && cd build-debian
+          cp ../*.tar.gz globalprotect-openconnect_${{ steps.vars.outputs.VERSION }}.orig.tar.gz
+          tar xf *.tar.gz
+          cd globalprotect-openconnect-${{ steps.vars.outputs.VERSION }}
+          fakeroot dpkg-buildpackage -uc -us -sa
+
+      - uses: "marvinpinto/action-automatic-releases@latest"
+        with:
+          repo_token: "${{ secrets.GITHUB_TOKEN }}"
+          automatic_release_tag: "latest"
+          prerelease: true
+          title: "globalprotect-openconnect_${{ steps.vars.outputs.VERSION }}"
+          files: |
+            *.tar.gz
+            build-debian/*.deb

.github/workflows/publish.yml

@@ -0,0 +1,61 @@
+name: Publish
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Install Qt
+        uses: jurplel/install-qt-action@v2
+        with:
+          version: 5.12.11
+          modules: 'qtwebengine qtwebsockets'
+
+      # Checkout repository and submodules
+      - uses: actions/checkout@v2
+        with:
+          submodules: recursive
+
+      - name: Build
+        run: |
+          qmake CONFIG+=release
+          make
+
+  aur-publish:
+    needs:
+      - build
+  
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      
+      - name: Get latest version
+        id: get-version
+        run: |
+          echo ::set-output name=VERSION::$(git tag --sort=-v:refname --list "v[0-9]*" | head -n 1 | cut -c 2-)
+          
+      - name: Get the sha256sum
+        id: get-sha256sum
+        run: |
+          echo ::set-output name=SHA::$(curl -L https://github.com/yuezk/GlobalProtect-openconnect/archive/refs/tags/v${{ steps.get-version.outputs.VERSION }}.tar.gz | sha256sum | cut -f1 -d" ")
+      
+      - name: Generate PKGBUILD
+        run: |
+          sed "s/{PKG_VERSION}/${{ steps.get-version.outputs.VERSION }}/g;s/{SOURCE_SHA}/${{ steps.get-sha256sum.outputs.SHA }}/g" PKGBUILD.template > PKGBUILD
+      
+      - name: Publish AUR package
+        uses: KSXGitHub/github-actions-deploy-aur@v2.2.4
+        with:
+          pkgname: globalprotect-openconnect
+          pkgbuild: ./PKGBUILD
+          commit_username: ${{ secrets.AUR_USERNAME }}
+          commit_email: ${{ secrets.AUR_EMAIL }}
+          ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
+          commit_message: 'Release v${{ steps.get-version.outputs.VERSION }}'
+          force_push: true

.gitignore

@@ -2,6 +2,17 @@
 gpclient
 gpservice
 
+*.rpm
+*.gz
+.DS_Store
+build-debian
+
+# Auto generated DBus files
+*_adaptor.cpp
+*_adaptor.h
+
+gpservice_interface.*
+
 # C++ objects and libs
 *.slo
 *.lo

.gitmodules

@@ -1,3 +1,7 @@
 [submodule "singleapplication"]
 	path = singleapplication
 	url = https://github.com/itay-grudev/SingleApplication.git
+
+[submodule "plog"]
+	path = plog
+	url = https://github.com/SergiusTheBest/plog.git

GPClient/GPClient.pro

@@ -15,6 +15,8 @@ DEFINES += QAPPLICATION_CLASS=QApplication
 # deprecated API in order to know how to port your code away from it.
 DEFINES += QT_DEPRECATED_WARNINGS
 
+INCLUDEPATH += ../plog/include
+
 # You can also make your code fail to compile if it uses deprecated APIs.
 # In order to do so, uncomment the following line.
 # You can also select to disable deprecated APIs only up to a certain version of Qt.
@@ -23,19 +25,41 @@ SOURCES += \
     cdpcommand.cpp \
     cdpcommandmanager.cpp \
     enhancedwebview.cpp \
+    gatewayauthenticator.cpp \
+    gatewayauthenticatorparams.cpp \
+    gpgateway.cpp \
+    gphelper.cpp \
+    loginparams.cpp \
     main.cpp \
+    normalloginwindow.cpp \
+    portalauthenticator.cpp \
+    portalconfigresponse.cpp \
+    preloginresponse.cpp \
     samlloginwindow.cpp \
-    gpclient.cpp
+    gpclient.cpp \
+    settingsdialog.cpp
 
 HEADERS += \
     cdpcommand.h \
     cdpcommandmanager.h \
     enhancedwebview.h \
+    gatewayauthenticator.h \
+    gatewayauthenticatorparams.h \
+    gpgateway.h \
+    gphelper.h \
+    loginparams.h \
+    normalloginwindow.h \
+    portalauthenticator.h \
+    portalconfigresponse.h \
+    preloginresponse.h \
     samlloginwindow.h \
-    gpclient.h
+    gpclient.h \
+    settingsdialog.h
 
 FORMS += \
-    gpclient.ui
+    gpclient.ui \
+    normalloginwindow.ui \
+    settingsdialog.ui
 
 DBUS_INTERFACES += ../GPService/gpservice.xml
 

GPClient/cdpcommandmanager.cpp

@@ -1,5 +1,6 @@
 #include "cdpcommandmanager.h"
 #include <QVariantMap>
+#include <plog/Log.h>
 
 CDPCommandManager::CDPCommandManager(QObject *parent)
     : QObject(parent)
@@ -27,7 +28,7 @@ void CDPCommandManager::initialize(QString endpoint)
         reply, &QNetworkReply::finished,
         [reply, this]() {
             if (reply->error()) {
-                qDebug() << "CDP request error";
+                PLOGE << "CDP request error";
                 return;
             }
 
@@ -76,10 +77,10 @@ void CDPCommandManager::onTextMessageReceived(QString message)
 
 void CDPCommandManager::onSocketDisconnected()
 {
-    qDebug() << "WebSocket disconnected";
+    PLOGI << "WebSocket disconnected";
 }
 
 void CDPCommandManager::onSocketError(QAbstractSocket::SocketError error)
 {
-    qDebug() << "WebSocket error" << error;
+    PLOGE << "WebSocket error" << error;
 }

GPClient/com.yuezk.qt.gpclient.desktop

@@ -4,7 +4,8 @@ Type=Application
 Version=1.0.0
 Name=GlobalProtect VPN
 Comment=GlobalProtect VPN client, supports SAML auth mode
-Exec=/usr/local/bin/gpclient
+Exec=/usr/bin/gpclient
 Icon=com.yuezk.qt.GPClient
 Categories=Network;VPN;Utility;Qt;
 Keywords=GlobalProtect;Openconnect;SAML;connection;VPN;
+StartupWMClass=gpclient

GPClient/gatewayauthenticator.cpp

@@ -0,0 +1,181 @@
+#include "gatewayauthenticator.h"
+#include "gphelper.h"
+#include "loginparams.h"
+#include "preloginresponse.h"
+
+#include <QNetworkReply>
+#include <plog/Log.h>
+
+using namespace gpclient::helper;
+
+GatewayAuthenticator::GatewayAuthenticator(const QString& gateway, const GatewayAuthenticatorParams params)
+    : QObject()
+    , gateway(gateway)
+    , params(params)
+    , preloginUrl("https://" + gateway + "/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100")
+    , loginUrl("https://" + gateway + "/ssl-vpn/login.esp")
+{
+    if (!params.clientos().isEmpty()) {
+        preloginUrl = preloginUrl + "&clientos=" + params.clientos();
+    }
+}
+
+GatewayAuthenticator::~GatewayAuthenticator()
+{
+    delete normalLoginWindow;
+}
+
+void GatewayAuthenticator::authenticate()
+{
+    PLOGI << "Start gateway authentication...";
+
+    LoginParams loginParams { params.clientos() };
+    loginParams.setUser(params.username());
+    loginParams.setPassword(params.password());
+    loginParams.setUserAuthCookie(params.userAuthCookie());
+
+    login(loginParams);
+}
+
+void GatewayAuthenticator::login(const LoginParams &loginParams)
+{
+    PLOGI << "Trying to login the gateway at " << loginUrl << " with " << loginParams.toUtf8();
+
+    QNetworkReply *reply = createRequest(loginUrl, loginParams.toUtf8());
+    connect(reply, &QNetworkReply::finished, this, &GatewayAuthenticator::onLoginFinished);
+}
+
+void GatewayAuthenticator::onLoginFinished()
+{
+    QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
+    QByteArray response;
+
+    if (reply->error() || (response = reply->readAll()).contains("Authentication failure")) {
+        PLOGE << QString("Failed to login the gateway at %1, %2").arg(loginUrl).arg(reply->errorString());
+
+        if (normalLoginWindow) {
+            normalLoginWindow->setProcessing(false);
+            openMessageBox("Gateway login failed.", "Please check your credentials and try again.");
+        } else {
+            doAuth();
+        }
+        return;
+    }
+
+    if (normalLoginWindow) {
+        normalLoginWindow->close();
+    }
+
+    const QUrlQuery params = gpclient::helper::parseGatewayResponse(response);
+    emit success(params.toString());
+}
+
+void GatewayAuthenticator::doAuth()
+{
+    PLOGI << "Perform the gateway prelogin at " << preloginUrl;
+
+    QNetworkReply *reply = createRequest(preloginUrl);
+    connect(reply, &QNetworkReply::finished, this, &GatewayAuthenticator::onPreloginFinished);
+}
+
+void GatewayAuthenticator::onPreloginFinished()
+{
+    QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
+
+    if (reply->error()) {
+        PLOGE << QString("Failed to prelogin the gateway at %1, %2").arg(preloginUrl).arg(reply->errorString());
+
+        emit fail("Error occurred on the gateway prelogin interface.");
+        return;
+    }
+
+    PLOGI << "Gateway prelogin succeeded.";
+
+    PreloginResponse response = PreloginResponse::parse(reply->readAll());
+
+    if (response.hasSamlAuthFields()) {
+        samlAuth(response.samlMethod(), response.samlRequest(), reply->url().toString());
+    } else if (response.hasNormalAuthFields()) {
+        normalAuth(response.labelUsername(), response.labelPassword(), response.authMessage());
+    } else {
+        PLOGE << QString("Unknown prelogin response for %1, got %2").arg(preloginUrl).arg(QString::fromUtf8(response.rawResponse()));
+        emit fail("Unknown response for gateway prelogin interface.");
+    }
+
+    delete reply;
+}
+
+void GatewayAuthenticator::normalAuth(QString labelUsername, QString labelPassword, QString authMessage)
+{
+    PLOGI << QString("Trying to perform the normal login with %1 / %2 credentials").arg(labelUsername).arg(labelPassword);
+
+    normalLoginWindow = new NormalLoginWindow;
+    normalLoginWindow->setPortalAddress(gateway);
+    normalLoginWindow->setAuthMessage(authMessage);
+    normalLoginWindow->setUsernameLabel(labelUsername);
+    normalLoginWindow->setPasswordLabel(labelPassword);
+
+    // Do login
+    connect(normalLoginWindow, &NormalLoginWindow::performLogin, this, &GatewayAuthenticator::onPerformNormalLogin);
+    connect(normalLoginWindow, &NormalLoginWindow::rejected, this, &GatewayAuthenticator::onLoginWindowRejected);
+    connect(normalLoginWindow, &NormalLoginWindow::finished, this, &GatewayAuthenticator::onLoginWindowFinished);
+
+    normalLoginWindow->show();
+}
+
+void GatewayAuthenticator::onPerformNormalLogin(const QString &username, const QString &password)
+{
+    PLOGI << "Start to perform normal login...";
+
+    normalLoginWindow->setProcessing(true);
+    LoginParams loginParams { params.clientos() };
+    loginParams.setUser(username);
+    loginParams.setPassword(password);
+    
+    login(loginParams);
+}
+
+void GatewayAuthenticator::onLoginWindowRejected()
+{
+    emit fail();
+}
+
+void GatewayAuthenticator::onLoginWindowFinished()
+{
+    delete normalLoginWindow;
+    normalLoginWindow = nullptr;
+}
+
+void GatewayAuthenticator::samlAuth(QString samlMethod, QString samlRequest, QString preloginUrl)
+{
+    PLOGI << "Trying to perform SAML login with saml-method " << samlMethod;
+
+    SAMLLoginWindow *loginWindow = new SAMLLoginWindow;
+
+    connect(loginWindow, &SAMLLoginWindow::success, this, &GatewayAuthenticator::onSAMLLoginSuccess);
+    connect(loginWindow, &SAMLLoginWindow::fail, this, &GatewayAuthenticator::onSAMLLoginFail);
+    connect(loginWindow, &SAMLLoginWindow::rejected, this, &GatewayAuthenticator::onLoginWindowRejected);
+
+    loginWindow->login(samlMethod, samlRequest, preloginUrl);
+}
+
+void GatewayAuthenticator::onSAMLLoginSuccess(const QMap<QString, QString> &samlResult)
+{
+    if (samlResult.contains("preloginCookie")) {
+        PLOGI << "SAML login succeeded, got the prelogin-cookie " << samlResult.value("preloginCookie");
+    } else {
+        PLOGI << "SAML login succeeded, got the portal-userauthcookie " << samlResult.value("userAuthCookie");
+    }
+
+    LoginParams loginParams { params.clientos() };
+    loginParams.setUser(samlResult.value("username"));
+    loginParams.setPreloginCookie(samlResult.value("preloginCookie"));
+    loginParams.setUserAuthCookie(samlResult.value("userAuthCookie"));
+
+    login(loginParams);
+}
+
+void GatewayAuthenticator::onSAMLLoginFail(const QString msg)
+{
+    emit fail(msg);
+}

GPClient/gatewayauthenticator.h

@@ -0,0 +1,45 @@
+#ifndef GATEWAYAUTHENTICATOR_H
+#define GATEWAYAUTHENTICATOR_H
+
+#include "normalloginwindow.h"
+#include "loginparams.h"
+#include "gatewayauthenticatorparams.h"
+#include <QObject>
+
+class GatewayAuthenticator : public QObject
+{
+    Q_OBJECT
+public:
+    explicit GatewayAuthenticator(const QString& gateway, const GatewayAuthenticatorParams params);
+    ~GatewayAuthenticator();
+
+    void authenticate();
+
+signals:
+    void success(const QString& authCookie);
+    void fail(const QString& msg = "");
+
+private slots:
+    void onLoginFinished();
+    void onPreloginFinished();
+    void onPerformNormalLogin(const QString &username, const QString &password);
+    void onLoginWindowRejected();
+    void onLoginWindowFinished();
+    void onSAMLLoginSuccess(const QMap<QString, QString> &samlResult);
+    void onSAMLLoginFail(const QString msg);
+
+private:
+    QString gateway;
+    const GatewayAuthenticatorParams params;
+    QString preloginUrl;
+    QString loginUrl;
+
+    NormalLoginWindow *normalLoginWindow{ nullptr };
+
+    void login(const LoginParams& loginParams);
+    void doAuth();
+    void normalAuth(QString labelUsername, QString labelPassword, QString authMessage);
+    void samlAuth(QString samlMethod, QString samlRequest, QString preloginUrl = "");
+};
+
+#endif // GATEWAYAUTHENTICATOR_H

GPClient/gatewayauthenticatorparams.cpp

@@ -0,0 +1,57 @@
+#include "gatewayauthenticatorparams.h"
+
+GatewayAuthenticatorParams::GatewayAuthenticatorParams()
+{
+
+}
+
+GatewayAuthenticatorParams GatewayAuthenticatorParams::fromPortalConfigResponse(const PortalConfigResponse &portalConfig)
+{
+    GatewayAuthenticatorParams params;
+    params.setUsername(portalConfig.username());
+    params.setPassword(portalConfig.password());
+    params.setUserAuthCookie(portalConfig.userAuthCookie());
+
+    return params;
+}
+
+const QString &GatewayAuthenticatorParams::username() const
+{
+    return m_username;
+}
+
+void GatewayAuthenticatorParams::setUsername(const QString &newUsername)
+{
+    m_username = newUsername;
+}
+
+const QString &GatewayAuthenticatorParams::password() const
+{
+    return m_password;
+}
+
+void GatewayAuthenticatorParams::setPassword(const QString &newPassword)
+{
+    m_password = newPassword;
+}
+
+const QString &GatewayAuthenticatorParams::userAuthCookie() const
+{
+    return m_userAuthCookie;
+}
+
+void GatewayAuthenticatorParams::setUserAuthCookie(const QString &newUserAuthCookie)
+{
+    m_userAuthCookie = newUserAuthCookie;
+}
+
+const QString &GatewayAuthenticatorParams::clientos() const
+{
+    return m_clientos;
+}
+
+void GatewayAuthenticatorParams::setClientos(const QString &newClientos)
+{
+    m_clientos = newClientos;
+}
+

GPClient/gatewayauthenticatorparams.h

@@ -0,0 +1,33 @@
+#ifndef GATEWAYAUTHENTICATORPARAMS_H
+#define GATEWAYAUTHENTICATORPARAMS_H
+
+#include <QString>
+#include "portalconfigresponse.h"
+
+class GatewayAuthenticatorParams
+{
+public:
+    GatewayAuthenticatorParams();
+
+    static GatewayAuthenticatorParams fromPortalConfigResponse(const PortalConfigResponse &portalConfig);
+
+    const QString &username() const;
+    void setUsername(const QString &newUsername);
+
+    const QString &password() const;
+    void setPassword(const QString &newPassword);
+
+    const QString &userAuthCookie() const;
+    void setUserAuthCookie(const QString &newUserAuthCookie);
+
+    const QString &clientos() const;
+    void setClientos(const QString &newClientos);
+
+private:
+    QString m_username;
+    QString m_password;
+    QString m_userAuthCookie;
+    QString m_clientos;
+};
+
+#endif // GATEWAYAUTHENTICATORPARAMS_H

GPClient/gpclient.cpp

@@ -1,227 +1,490 @@
 #include "gpclient.h"
+#include "gphelper.h"
 #include "ui_gpclient.h"
-#include "samlloginwindow.h"
+#include "portalauthenticator.h"
+#include "gatewayauthenticator.h"
+#include "settingsdialog.h"
+#include "gatewayauthenticatorparams.h"
 
-#include <QDesktopWidget>
+#include <plog/Log.h>
-#include <QGraphicsScene>
+#include <QIcon>
-#include <QGraphicsView>
+
-#include <QGraphicsPixmapItem>
+using namespace gpclient::helper;
-#include <QImage>
-#include <QStyle>
-#include <QMessageBox>
 
 GPClient::GPClient(QWidget *parent)
     : QMainWindow(parent)
     , ui(new Ui::GPClient)
+    , settingsDialog(new SettingsDialog(this))
 {
     ui->setupUi(this);
+
+    setWindowTitle("GlobalProtect");
     setFixedSize(width(), height());
-    moveCenter();
+    gpclient::helper::moveCenter(this);
+
+    setupSettings();
 
     // Restore portal from the previous settings
-    settings = new QSettings("com.yuezk.qt", "GPClient");
+    ui->portalInput->setText(settings::get("portal", "").toString());
-    ui->portalInput->setText(settings->value("portal", "").toString());
-
-    QObject::connect(this, &GPClient::connectFailed, [this]() {
-        updateConnectionStatus("not_connected");
-    });
-
-    // QNetworkAccessManager setup
-    networkManager = new QNetworkAccessManager(this);
 
     // DBus service setup
     vpn = new com::yuezk::qt::GPService("com.yuezk.qt.GPService", "/", QDBusConnection::systemBus(), this);
-    QObject::connect(vpn, &com::yuezk::qt::GPService::connected, this, &GPClient::onVPNConnected);
+    connect(vpn, &com::yuezk::qt::GPService::connected, this, &GPClient::onVPNConnected);
-    QObject::connect(vpn, &com::yuezk::qt::GPService::disconnected, this, &GPClient::onVPNDisconnected);
+    connect(vpn, &com::yuezk::qt::GPService::disconnected, this, &GPClient::onVPNDisconnected);
-    QObject::connect(vpn, &com::yuezk::qt::GPService::logAvailable, this, &GPClient::onVPNLogAvailable);
+    connect(vpn, &com::yuezk::qt::GPService::error, this, &GPClient::onVPNError);
+    connect(vpn, &com::yuezk::qt::GPService::logAvailable, this, &GPClient::onVPNLogAvailable);
 
+    // Initiallize the context menu of system tray.
+    initSystemTrayIcon();
     initVpnStatus();
 }
 
 GPClient::~GPClient()
 {
     delete ui;
-    delete networkManager;
-    delete reply;
     delete vpn;
-    delete settings;
+    delete settingsDialog;
+    delete settingsButton;
+}
+
+void GPClient::setupSettings()
+{
+    settingsButton = new QPushButton(this);
+    settingsButton->setIcon(QIcon(":/images/settings_icon.png"));
+    settingsButton->setFixedSize(QSize(28, 28));
+
+    QRect rect = this->geometry();
+    settingsButton->setGeometry(
+                rect.width() - settingsButton->width() - 15,
+                15,
+                settingsButton->geometry().width(),
+                settingsButton->geometry().height()
+                );
+
+    connect(settingsButton, &QPushButton::clicked, this, &GPClient::onSettingsButtonClicked);
+    connect(settingsDialog, &QDialog::accepted, this, &GPClient::onSettingsAccepted);
+}
+
+void GPClient::onSettingsButtonClicked()
+{
+    settingsDialog->setExtraArgs(settings::get("extraArgs", "").toString());
+    settingsDialog->setClientos(settings::get("clientos", "Linux").toString());
+    settingsDialog->show();
+}
+
+void GPClient::onSettingsAccepted()
+{
+    settings::save("extraArgs", settingsDialog->extraArgs());
+    settings::save("clientos", settingsDialog->clientos());
 }
 
 void GPClient::on_connectButton_clicked()
 {
-    QString btnText = ui->connectButton->text();
+    doConnect();
-
-    if (btnText == "Connect") {
-        QString portal = ui->portalInput->text();
-        settings->setValue("portal", portal);
-        ui->statusLabel->setText("Authenticating...");
-        updateConnectionStatus("pending");
-        doAuth(portal);
-    } else if (btnText == "Cancel") {
-        ui->statusLabel->setText("Canceling...");
-        updateConnectionStatus("pending");
-
-        if (reply->isRunning()) {
-            reply->abort();
-        }
-        vpn->disconnect();
-    } else {
-        ui->statusLabel->setText("Disconnecting...");
-        updateConnectionStatus("pending");
-        vpn->disconnect();
-    }
 }
 
-void GPClient::preloginResultFinished()
+void GPClient::on_portalInput_returnPressed()
 {
-    if (reply->error()) {
+    doConnect();
-        qWarning() << "Prelogin request error";
-        emit connectFailed();
-        return;
-    }
-
-    QByteArray bytes = reply->readAll();
-    const QString tagMethod = "saml-auth-method";
-    const QString tagRequest = "saml-request";
-    QString samlMethod;
-    QString samlRequest;
-
-    QXmlStreamReader xml(bytes);
-    while (!xml.atEnd()) {
-        xml.readNext();
-        if (xml.tokenType() == xml.StartElement) {
-            if (xml.name() == tagMethod) {
-                samlMethod = xml.readElementText();
-            } else if (xml.name() == tagRequest) {
-                samlRequest = QByteArray::fromBase64(QByteArray::fromStdString(xml.readElementText().toStdString()));
-            }
-        }
-    }
-
-    if (samlMethod == nullptr || samlRequest == nullptr) {
-        qWarning("This does not appear to be a SAML prelogin response (<saml-auth-method> or <saml-request> tags missing)");
-        emit connectFailed();
-        return;
-    }
-
-    if (samlMethod == "POST") {
-        // TODO
-        emit connectFailed();
-        QMessageBox msgBox;
-        msgBox.setText("TODO: SAML method is POST");
-        msgBox.exec();
-    } else if (samlMethod == "REDIRECT") {
-        samlLogin(samlRequest);
-    }
 }
 
-void GPClient::onLoginSuccess(QJsonObject loginResult)
+void GPClient::on_portalInput_editingFinished()
 {
-    QString fullpath = "/ssl-vpn/login.esp";
+    populateGatewayMenu();
-    QString shortpath = "gateway";
-    QString user = loginResult.value("saml-username").toString();
-    QString cookieName;
-    QString cookieValue;
-    QString cookies[]{"prelogin-cookie", "portal-userauthcookie"};
-
-    for (int i = 0; i < cookies->length(); i++) {
-        cookieValue = loginResult.value(cookies[i]).toString();
-        if (cookieValue != nullptr) {
-            cookieName = cookies[i];
-            break;
-        }
-    }
-
-    QString host = QString("https://%1/%2:%3").arg(loginResult.value("server").toString(), shortpath, cookieName);
-    vpn->connect(host, user, cookieValue);
-    ui->statusLabel->setText("Connecting...");
-    updateConnectionStatus("pending");
 }
 
-void GPClient::updateConnectionStatus(QString status)
+void GPClient::initSystemTrayIcon()
 {
-    if (status == "not_connected") {
+    systemTrayIcon = new QSystemTrayIcon(this);
-        ui->statusLabel->setText("Not Connected");
+    contextMenu = new QMenu("GlobalProtect", this);
-        ui->statusImage->setStyleSheet("image: url(:/images/not_connected.png); padding: 15;");
-        ui->connectButton->setText("Connect");
-        ui->connectButton->setDisabled(false);
-    } else if (status == "pending") {
-        ui->statusImage->setStyleSheet("image: url(:/images/pending.png); padding: 15;");
-        ui->connectButton->setText("Cancel");
-        ui->connectButton->setDisabled(false);
-    } else if (status == "connected") {
-        ui->statusLabel->setText("Connected");
-        ui->statusImage->setStyleSheet("image: url(:/images/connected.png); padding: 15;");
-        ui->connectButton->setText("Disconnect");
-        ui->connectButton->setDisabled(false);
-    }
-}
 
-void GPClient::onVPNConnected()
+    gatewaySwitchMenu = new QMenu("Switch Gateway", this);
-{
+    gatewaySwitchMenu->setIcon(QIcon::fromTheme("network-workgroup"));
-    updateConnectionStatus("connected");
+    populateGatewayMenu();
-}
 
-void GPClient::onVPNDisconnected()
+    systemTrayIcon->setIcon(QIcon(":/images/not_connected.png"));
-{
+    systemTrayIcon->setToolTip("GlobalProtect");
-    updateConnectionStatus("not_connected");
+    systemTrayIcon->setContextMenu(contextMenu);
-}
 
-void GPClient::onVPNLogAvailable(QString log)
+    connect(systemTrayIcon, &QSystemTrayIcon::activated, this, &GPClient::onSystemTrayActivated);
-{
+    connect(gatewaySwitchMenu, &QMenu::triggered, this, &GPClient::onGatewayChanged);
-    qInfo() << log;
+
+    openAction = contextMenu->addAction(QIcon::fromTheme("window-new"), "Open", this, &GPClient::activate);
+    connectAction = contextMenu->addAction(QIcon::fromTheme("preferences-system-network"), "Connect", this, &GPClient::doConnect);
+    contextMenu->addMenu(gatewaySwitchMenu);
+    contextMenu->addSeparator();
+    clearAction = contextMenu->addAction(QIcon::fromTheme("edit-clear"), "Reset Settings", this, &GPClient::clearSettings);
+    quitAction = contextMenu->addAction(QIcon::fromTheme("application-exit"), "Quit", this, &GPClient::quit);
+
+    systemTrayIcon->show();
 }
 
 void GPClient::initVpnStatus() {
     int status = vpn->status();
+
     if (status == 1) {
         ui->statusLabel->setText("Connecting...");
-        updateConnectionStatus("pending");
+        updateConnectionStatus(VpnStatus::pending);
     } else if (status == 2) {
-        updateConnectionStatus("connected");
+        updateConnectionStatus(VpnStatus::connected);
     } else if (status == 3) {
         ui->statusLabel->setText("Disconnecting...");
-        updateConnectionStatus("pending");
+        updateConnectionStatus(VpnStatus::pending);
+    } else {
+        updateConnectionStatus(VpnStatus::disconnected);
     }
 }
 
-void GPClient::moveCenter()
+void GPClient::populateGatewayMenu()
 {
-    QDesktopWidget *desktop = QApplication::desktop();
+    PLOGI << "Populating the Switch Gateway menu...";
 
-    int screenWidth, width;
+    const QList<GPGateway> gateways = allGateways();
-    int screenHeight, height;
+    gatewaySwitchMenu->clear();
-    int x, y;
-    QSize windowSize;
 
-    screenWidth = desktop->width();
+    if (gateways.isEmpty()) {
-    screenHeight = desktop->height();
+        gatewaySwitchMenu->addAction("<None>")->setData(-1);
+        return;
+    }
 
-    windowSize = size();
+    const QString currentGatewayName = currentGateway().name();
-    width = windowSize.width();
+    for (int i = 0; i < gateways.length(); i++) {
-    height = windowSize.height();
+        const GPGateway g = gateways.at(i);
-
+        QString iconImage = ":/images/radio_unselected.png";
-    x = (screenWidth - width) / 2;
+        if (g.name() == currentGatewayName) {
-    y = (screenHeight - height) / 2;
+            iconImage = ":/images/radio_selected.png";
-    y -= 50;
+        }
-    move(x, y);
+        gatewaySwitchMenu->addAction(QIcon(iconImage), g.name())->setData(i);
+    }
 }
 
-void GPClient::doAuth(const QString portal)
+void GPClient::updateConnectionStatus(const GPClient::VpnStatus &status)
 {
-    const QString preloginUrl = "https://" + portal + "/ssl-vpn/prelogin.esp";
+    switch (status) {
-    reply = networkManager->post(QNetworkRequest(preloginUrl), (QByteArray) nullptr);
+        case VpnStatus::disconnected:
-    connect(reply, &QNetworkReply::finished, this, &GPClient::preloginResultFinished);
+            ui->statusLabel->setText("Not Connected");
+            ui->statusImage->setStyleSheet("image: url(:/images/not_connected.png); padding: 15;");
+            ui->connectButton->setText("Connect");
+            ui->connectButton->setDisabled(false);
+            ui->portalInput->setReadOnly(false);
+
+            systemTrayIcon->setIcon(QIcon{ ":/images/not_connected.png" });
+            connectAction->setEnabled(true);
+            connectAction->setText("Connect");
+            gatewaySwitchMenu->setEnabled(true);
+            clearAction->setEnabled(true);
+            break;
+        case VpnStatus::pending:
+            ui->statusImage->setStyleSheet("image: url(:/images/pending.png); padding: 15;");
+            ui->connectButton->setDisabled(true);
+            ui->portalInput->setReadOnly(true);
+
+            systemTrayIcon->setIcon(QIcon{ ":/images/pending.png" });
+            connectAction->setEnabled(false);
+            gatewaySwitchMenu->setEnabled(false);
+            clearAction->setEnabled(false);
+            break;
+        case VpnStatus::connected:
+            ui->statusLabel->setText("Connected");
+            ui->statusImage->setStyleSheet("image: url(:/images/connected.png); padding: 15;");
+            ui->connectButton->setText("Disconnect");
+            ui->connectButton->setDisabled(false);
+            ui->portalInput->setReadOnly(true);
+
+            systemTrayIcon->setIcon(QIcon{ ":/images/connected.png" });
+            connectAction->setEnabled(true);
+            connectAction->setText("Disconnect");
+            gatewaySwitchMenu->setEnabled(true);
+            clearAction->setEnabled(false);
+            break;
+        default:
+            break;
+    }
 }
 
-void GPClient::samlLogin(const QString loginUrl)
+void GPClient::onSystemTrayActivated(QSystemTrayIcon::ActivationReason reason)
 {
-    SAMLLoginWindow *loginWindow = new SAMLLoginWindow(this);
+    switch (reason) {
-
+        case QSystemTrayIcon::Trigger:
-    QObject::connect(loginWindow, &SAMLLoginWindow::success, this, &GPClient::onLoginSuccess);
+        case QSystemTrayIcon::DoubleClick:
-    QObject::connect(loginWindow, &SAMLLoginWindow::rejected, this, &GPClient::connectFailed);
+            this->activate();
-
+            break;
-    loginWindow->login(loginUrl);
+        default:
-    loginWindow->exec();
+            break;
-    delete loginWindow;
+    }
+}
+
+void GPClient::onGatewayChanged(QAction *action)
+{
+    const int index = action->data().toInt();
+
+    if (index == -1) {
+        return;
+    }
+
+    const GPGateway g = allGateways().at(index);
+
+    // If the selected gateway is the same as the current gateway
+    if (g.name() == currentGateway().name()) {
+        return;
+    }
+
+    setCurrentGateway(g);
+
+    if (connected()) {
+        ui->statusLabel->setText("Switching Gateway...");
+        ui->connectButton->setEnabled(false);
+
+        vpn->disconnect();
+        isSwitchingGateway = true;
+    }
+}
+
+void GPClient::doConnect()
+{
+    PLOGI << "Start connecting...";
+
+    const QString btnText = ui->connectButton->text();
+    const QString portal = this->portal();
+
+    // Display the main window if portal is empty
+    if (portal.isEmpty()) {
+        activate();
+        return;
+    }
+
+    if (btnText.endsWith("Connect")) {
+        settings::save("portal", portal);
+
+        // Login to the previously saved gateway
+        if (!currentGateway().name().isEmpty()) {
+            PLOGI << "Start gateway login using the previously saved gateway...";
+            isQuickConnect = true;
+            gatewayLogin();
+        } else {
+            // Perform the portal login
+            PLOGI << "Start portal login...";
+            portalLogin();
+        }
+    } else {
+        PLOGI << "Start disconnecting the VPN...";
+
+        ui->statusLabel->setText("Disconnecting...");
+        updateConnectionStatus(VpnStatus::pending);
+        vpn->disconnect();
+    }
+}
+
+// Login to the portal interface to get the portal config and preferred gateway
+void GPClient::portalLogin()
+{
+    PortalAuthenticator *portalAuth = new PortalAuthenticator(portal(), settings::get("clientos", "Linux").toString());
+
+    connect(portalAuth, &PortalAuthenticator::success, this, &GPClient::onPortalSuccess);
+    // Prelogin failed on the portal interface, try to treat the portal as a gateway interface
+    connect(portalAuth, &PortalAuthenticator::preloginFailed, this, &GPClient::onPortalPreloginFail);
+    connect(portalAuth, &PortalAuthenticator::portalConfigFailed, this, &GPClient::onPortalConfigFail);
+    // Portal login failed
+    connect(portalAuth, &PortalAuthenticator::fail, this, &GPClient::onPortalFail);
+
+    ui->statusLabel->setText("Authenticating...");
+    updateConnectionStatus(VpnStatus::pending);
+    portalAuth->authenticate();
+}
+
+void GPClient::onPortalSuccess(const PortalConfigResponse portalConfig, const QString region)
+{
+    PLOGI << "Portal authentication succeeded.";
+
+    // No gateway found in protal configuration
+    if (portalConfig.allGateways().size() == 0) {
+        PLOGI << "No gateway found in portal configuration, treat the portal address as a gateway.";
+        tryGatewayLogin();
+        return;
+    }
+
+    GPGateway gateway = filterPreferredGateway(portalConfig.allGateways(), region);
+    setAllGateways(portalConfig.allGateways());
+    setCurrentGateway(gateway);
+    this->portalConfig = portalConfig;
+
+    gatewayLogin();
+}
+
+void GPClient::onPortalPreloginFail(const QString msg)
+{
+    PLOGI << "Portal prelogin failed: " << msg;
+    tryGatewayLogin();
+}
+
+void GPClient::onPortalConfigFail(const QString msg)
+{
+    PLOGI << "Failed to get the portal configuration, " << msg << " Treat the portal address as gateway.";
+    tryGatewayLogin();
+}
+
+void GPClient::onPortalFail(const QString &msg)
+{
+    if (!msg.isEmpty()) {
+        openMessageBox("Portal authentication failed.", msg);
+    }
+
+    updateConnectionStatus(VpnStatus::disconnected);
+}
+
+void GPClient::tryGatewayLogin()
+{
+    PLOGI << "Try to preform login on the the gateway interface...";
+
+    // Treat the portal input as the gateway address
+    GPGateway g;
+    g.setName(portal());
+    g.setAddress(portal());
+
+    QList<GPGateway> gateways;
+    gateways.append(g);
+
+    setAllGateways(gateways);
+    setCurrentGateway(g);
+
+    gatewayLogin();
+}
+
+// Login to the gateway
+void GPClient::gatewayLogin()
+{
+    PLOGI << "Performing gateway login...";
+
+    GatewayAuthenticatorParams params = GatewayAuthenticatorParams::fromPortalConfigResponse(portalConfig);
+    params.setClientos(settings::get("clientos", "Linux").toString());
+
+    GatewayAuthenticator *gatewayAuth = new GatewayAuthenticator(currentGateway().address(), params);
+
+    connect(gatewayAuth, &GatewayAuthenticator::success, this, &GPClient::onGatewaySuccess);
+    connect(gatewayAuth, &GatewayAuthenticator::fail, this, &GPClient::onGatewayFail);
+
+    ui->statusLabel->setText("Authenticating...");
+    updateConnectionStatus(VpnStatus::pending);
+    gatewayAuth->authenticate();
+}
+
+void GPClient::onGatewaySuccess(const QString &authCookie)
+{
+    PLOGI << "Gateway login succeeded, got the cookie " << authCookie;
+
+    isQuickConnect = false;
+    vpn->connect(currentGateway().address(), portalConfig.username(), authCookie, settings::get("extraArgs", "").toString());
+    ui->statusLabel->setText("Connecting...");
+    updateConnectionStatus(VpnStatus::pending);
+}
+
+void GPClient::onGatewayFail(const QString &msg)
+{
+    // If the quick connect on gateway failed, perform the portal login
+    if (isQuickConnect && !msg.isEmpty()) {
+        isQuickConnect = false;
+        portalLogin();
+        return;
+    }
+
+    if (!msg.isEmpty()) {
+        openMessageBox("Gateway authentication failed.", msg);
+    }
+
+    updateConnectionStatus(VpnStatus::disconnected);
+}
+
+void GPClient::activate()
+{
+    activateWindow();
+    showNormal();
+}
+
+QString GPClient::portal() const
+{
+    const QString input = ui->portalInput->text().trimmed();
+
+    if (input.startsWith("http")) {
+        return QUrl(input).authority();
+    }
+    return input;
+}
+
+bool GPClient::connected() const
+{
+    const QString statusText = ui->statusLabel->text();
+    return statusText.contains("Connected") && !statusText.contains("Not");
+}
+
+QList<GPGateway> GPClient::allGateways() const
+{
+    const QString gatewaysJson = settings::get(portal() + "_gateways").toString();
+    return GPGateway::fromJson(gatewaysJson);
+}
+
+void GPClient::setAllGateways(QList<GPGateway> gateways)
+{
+    PLOGI << "Updating all the gateways...";
+
+    settings::save(portal() + "_gateways", GPGateway::serialize(gateways));
+    populateGatewayMenu();
+}
+
+GPGateway GPClient::currentGateway() const
+{
+    const QString selectedGateway = settings::get(portal() + "_selectedGateway").toString();
+
+    for (auto g : allGateways()) {
+        if (g.name() == selectedGateway) {
+            return g;
+        }
+    }
+    return GPGateway{};
+}
+
+void GPClient::setCurrentGateway(const GPGateway gateway)
+{
+    PLOGI << "Updating the current gateway to " << gateway.name();
+
+    settings::save(portal() + "_selectedGateway", gateway.name());
+    populateGatewayMenu();
+}
+
+void GPClient::clearSettings()
+{
+    settings::clear();
+    populateGatewayMenu();
+    ui->portalInput->clear();
+}
+
+void GPClient::quit()
+{
+    vpn->disconnect();
+    QApplication::quit();
+}
+
+void GPClient::onVPNConnected()
+{
+    updateConnectionStatus(VpnStatus::connected);
+}
+
+void GPClient::onVPNDisconnected()
+{
+    updateConnectionStatus(VpnStatus::disconnected);
+
+    if (isSwitchingGateway) {
+        gatewayLogin();
+        isSwitchingGateway = false;
+    }
+}
+
+void GPClient::onVPNError(QString errorMessage)
+{
+    updateConnectionStatus(VpnStatus::disconnected);
+    openMessageBox("Failed to connect", errorMessage);
+}
+
+void GPClient::onVPNLogAvailable(QString log)
+{
+    PLOGI << log;
 }

GPClient/gpclient.h

@@ -2,9 +2,13 @@
 #define GPCLIENT_H
 
 #include "gpservice_interface.h"
+#include "portalconfigresponse.h"
+#include "settingsdialog.h"
+
 #include <QMainWindow>
-#include <QNetworkAccessManager>
+#include <QSystemTrayIcon>
-#include <QNetworkReply>
+#include <QMenu>
+#include <QPushButton>
 
 QT_BEGIN_NAMESPACE
 namespace Ui { class GPClient; }
@@ -18,30 +22,81 @@ public:
     GPClient(QWidget *parent = nullptr);
     ~GPClient();
 
-signals:
+    void activate();
-    void connectFailed();
 
 private slots:
-    void on_connectButton_clicked();
+    void onSettingsButtonClicked();
-    void preloginResultFinished();
+    void onSettingsAccepted();
 
-    void onLoginSuccess(QJsonObject loginResult);
+    void on_connectButton_clicked();
+    void on_portalInput_returnPressed();
+    void on_portalInput_editingFinished();
+
+    void onSystemTrayActivated(QSystemTrayIcon::ActivationReason reason);
+    void onGatewayChanged(QAction *action);
+
+    void onPortalSuccess(const PortalConfigResponse portalConfig, const QString region);
+    void onPortalPreloginFail(const QString msg);
+    void onPortalConfigFail(const QString msg);
+    void onPortalFail(const QString &msg);
+
+    void onGatewaySuccess(const QString &authCookie);
+    void onGatewayFail(const QString &msg);
 
     void onVPNConnected();
     void onVPNDisconnected();
+    void onVPNError(QString errorMessage);
     void onVPNLogAvailable(QString log);
 
 private:
-    Ui::GPClient *ui;
+    enum class VpnStatus
-    QNetworkAccessManager *networkManager;
+    {
-    QNetworkReply *reply;
+        disconnected,
-    com::yuezk::qt::GPService *vpn;
+        pending,
-    QSettings *settings;
+        connected
+    };
 
+    Ui::GPClient *ui;
+    com::yuezk::qt::GPService *vpn;
+
+    QSystemTrayIcon *systemTrayIcon;
+    QMenu *contextMenu;
+    QAction *openAction;
+    QAction *connectAction;
+
+    QMenu *gatewaySwitchMenu;
+    QAction *clearAction;
+    QAction *quitAction;
+
+    SettingsDialog *settingsDialog;
+    QPushButton *settingsButton;
+
+    bool isQuickConnect { false };
+    bool isSwitchingGateway { false };
+    PortalConfigResponse portalConfig;
+
+    void setupSettings();
+
+    void initSystemTrayIcon();
     void initVpnStatus();
-    void moveCenter();
+    void populateGatewayMenu();
-    void updateConnectionStatus(QString status);
+    void updateConnectionStatus(const VpnStatus &status);
-    void doAuth(const QString portal);
+
-    void samlLogin(const QString loginUrl);
+    void doConnect();
+    void portalLogin();
+    void tryGatewayLogin();
+    void gatewayLogin();
+
+    QString portal() const;
+    bool connected() const;
+
+    QList<GPGateway> allGateways() const;
+    void setAllGateways(QList<GPGateway> gateways);
+
+    GPGateway currentGateway() const;
+    void setCurrentGateway(const GPGateway gateway);
+
+    void clearSettings();
+    void quit();
 };
 #endif // GPCLIENT_H

GPClient/gpclient.ui

@@ -7,11 +7,11 @@
     <x>0</x>
     <y>0</y>
     <width>260</width>
-    <height>338</height>
+    <height>362</height>
    </rect>
   </property>
   <property name="windowTitle">
-   <string>GP VPN Client</string>
+   <string>GlobalProtect OpenConnect</string>
   </property>
   <property name="windowIcon">
    <iconset resource="resources.qrc">
@@ -36,7 +36,7 @@
    <property name="layoutDirection">
     <enum>Qt::LeftToRight</enum>
    </property>
-   <layout class="QVBoxLayout" name="verticalLayout_3" stretch="1,0">
+   <layout class="QVBoxLayout" name="verticalLayout_3" stretch="1,0,0">
     <property name="leftMargin">
      <number>15</number>
     </property>
@@ -113,10 +113,26 @@
         <property name="text">
          <string>Connect</string>
         </property>
+        <property name="autoDefault">
+         <bool>true</bool>
+        </property>
+        <property name="default">
+         <bool>false</bool>
+        </property>
        </widget>
       </item>
      </layout>
     </item>
+    <item>
+     <widget class="QLabel" name="label">
+      <property name="text">
+       <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p align=&quot;center&quot;&gt;&lt;a href=&quot;https://bit.ly/3g5DHqy&quot;&gt;&lt;span style=&quot; text-decoration: underline; color:#4c6b8a;&quot;&gt;Report a bug&lt;/span&gt;&lt;/a&gt; / &lt;a href=&quot;https://bit.ly/3jQYfEi&quot;&gt;&lt;span style=&quot; text-decoration: underline; color:#4c6b8a;&quot;&gt;Buy me a coffee&lt;/span&gt;&lt;/a&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+      </property>
+      <property name="openExternalLinks">
+       <bool>true</bool>
+      </property>
+     </widget>
+    </item>
    </layout>
   </widget>
  </widget>

GPClient/gpgateway.cpp

@@ -0,0 +1,97 @@
+#include "gpgateway.h"
+
+#include <QJsonObject>
+#include <QJsonDocument>
+#include <QJsonArray>
+
+GPGateway::GPGateway()
+{
+}
+
+QString GPGateway::name() const
+{
+    return _name;
+}
+
+QString GPGateway::address() const
+{
+    return _address;
+}
+
+void GPGateway::setName(const QString &name)
+{
+    _name = name;
+}
+
+void GPGateway::setAddress(const QString &address)
+{
+    _address = address;
+}
+
+void GPGateway::setPriorityRules(const QMap<QString, int> &priorityRules)
+{
+    _priorityRules = priorityRules;
+}
+
+int GPGateway::priorityOf(QString ruleName) const
+{
+    if (_priorityRules.contains(ruleName)) {
+        return _priorityRules.value(ruleName);
+    }
+    return 0;
+}
+
+QJsonObject GPGateway::toJsonObject() const
+{
+    QJsonObject obj;
+    obj.insert("name", name());
+    obj.insert("address", address());
+
+    return obj;
+}
+
+QString GPGateway::toString() const
+{
+    QJsonDocument jsonDoc{ toJsonObject() };
+    return QString::fromUtf8(jsonDoc.toJson());
+}
+
+QString GPGateway::serialize(QList<GPGateway> &gateways)
+{
+    QJsonArray arr;
+
+    for (auto g : gateways) {
+        arr.append(g.toJsonObject());
+    }
+
+    QJsonDocument jsonDoc{ arr };
+    return QString::fromUtf8(jsonDoc.toJson());
+}
+
+QList<GPGateway> GPGateway::fromJson(const QString &jsonString)
+{
+    QList<GPGateway> gateways;
+
+    if (jsonString.isEmpty()) {
+        return gateways;
+    }
+
+    QJsonDocument jsonDoc = QJsonDocument::fromJson(jsonString.toUtf8());
+
+    for (auto item : jsonDoc.array()) {
+        GPGateway g = GPGateway::fromJsonObject(item.toObject());
+        gateways.append(g);
+    }
+
+    return gateways;
+}
+
+GPGateway GPGateway::fromJsonObject(const QJsonObject &jsonObj)
+{
+    GPGateway g;
+
+    g.setName(jsonObj.value("name").toString());
+    g.setAddress(jsonObj.value("address").toString());
+
+    return g;
+}

GPClient/gpgateway.h

@@ -0,0 +1,33 @@
+#ifndef GPGATEWAY_H
+#define GPGATEWAY_H
+
+#include <QString>
+#include <QMap>
+#include <QJsonObject>
+
+class GPGateway
+{
+public:
+    GPGateway();
+
+    QString name() const;
+    QString address() const;
+
+    void setName(const QString &name);
+    void setAddress(const QString &address);
+    void setPriorityRules(const QMap<QString, int> &priorityRules);
+    int priorityOf(QString ruleName) const;
+    QJsonObject toJsonObject() const;
+    QString toString() const;
+
+    static QString serialize(QList<GPGateway> &gateways);
+    static QList<GPGateway> fromJson(const QString &jsonString);
+    static GPGateway fromJsonObject(const QJsonObject &jsonObj);
+
+private:
+    QString _name;
+    QString _address;
+    QMap<QString, int> _priorityRules;
+};
+
+#endif // GPGATEWAY_H

GPClient/gphelper.cpp

@@ -0,0 +1,128 @@
+#include "gphelper.h"
+#include <QNetworkRequest>
+#include <QXmlStreamReader>
+#include <QMessageBox>
+#include <QDesktopWidget>
+#include <QApplication>
+#include <QWidget>
+#include <QSslConfiguration>
+#include <QSslSocket>
+#include <plog/Log.h>
+
+QNetworkAccessManager* gpclient::helper::networkManager = new QNetworkAccessManager;
+
+QNetworkReply* gpclient::helper::createRequest(QString url, QByteArray params)
+{
+    QNetworkRequest request(url);
+
+    // Skip the ssl verifying
+    QSslConfiguration conf = request.sslConfiguration();
+    conf.setPeerVerifyMode(QSslSocket::VerifyNone);
+    request.setSslConfiguration(conf);
+
+    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
+    request.setHeader(QNetworkRequest::UserAgentHeader, UA);
+
+    if (params == nullptr) {
+        return networkManager->post(request, QByteArray(nullptr));
+    }
+    return networkManager->post(request, params);
+}
+
+GPGateway gpclient::helper::filterPreferredGateway(QList<GPGateway> gateways, const QString ruleName)
+{
+    PLOGI << gateways.size() << " gateway(s) avaiable, filter the gateways with rule: " << ruleName;
+
+    GPGateway gateway = gateways.first();
+
+    for (GPGateway g : gateways) {
+        if (g.priorityOf(ruleName) > gateway.priorityOf(ruleName)) {
+            PLOGI << "Find a preferred gateway: " << g.name();
+            gateway = g;
+        }
+    }
+
+    return gateway;
+}
+
+QUrlQuery gpclient::helper::parseGatewayResponse(const QByteArray &xml)
+{
+    PLOGI << "Start parsing the gateway response...";
+    PLOGI << "The gateway response is: " << xml;
+
+    QXmlStreamReader xmlReader{xml};
+    QList<QString> args;
+
+    while (!xmlReader.atEnd()) {
+        xmlReader.readNextStartElement();
+        if (xmlReader.name() == "argument") {
+            args.append(QUrl::toPercentEncoding(xmlReader.readElementText()));
+        }
+    }
+
+    QUrlQuery params{};
+    params.addQueryItem("authcookie", args.at(1));
+    params.addQueryItem("portal", args.at(3));
+    params.addQueryItem("user", args.at(4));
+    params.addQueryItem("domain", args.at(7));
+    params.addQueryItem("preferred-ip", args.at(15));
+    params.addQueryItem("computer", QUrl::toPercentEncoding(QSysInfo::machineHostName()));
+
+    return params;
+}
+
+void gpclient::helper::openMessageBox(const QString &message, const QString& informativeText)
+{
+    QMessageBox msgBox;
+    msgBox.setWindowTitle("Notice");
+    msgBox.setText(message);
+    msgBox.setFixedWidth(500);
+    msgBox.setStyleSheet("QLabel{min-width: 250px}");
+    msgBox.setInformativeText(informativeText);
+    msgBox.exec();
+}
+
+void gpclient::helper::moveCenter(QWidget *widget)
+{
+    QDesktopWidget *desktop = QApplication::desktop();
+
+    int screenWidth, width;
+    int screenHeight, height;
+    int x, y;
+    QSize windowSize;
+
+    screenWidth = desktop->width();
+    screenHeight = desktop->height();
+
+    windowSize = widget->size();
+    width = windowSize.width();
+    height = windowSize.height();
+
+    x = (screenWidth - width) / 2;
+    y = (screenHeight - height) / 2;
+    y -= 50;
+    widget->move(x, y);
+}
+
+QSettings *gpclient::helper::settings::_settings = new QSettings("com.yuezk.qt", "GPClient");
+
+QVariant gpclient::helper::settings::get(const QString &key, const QVariant &defaultValue)
+{
+    return _settings->value(key, defaultValue);
+}
+
+void gpclient::helper::settings::save(const QString &key, const QVariant &value)
+{
+    _settings->setValue(key, value);
+}
+
+
+void gpclient::helper::settings::clear()
+{
+    QStringList keys = _settings->allKeys();
+    for (const auto &key : qAsConst(keys)) {
+        if (!reservedKeys.contains(key)) {
+            _settings->remove(key);
+        }
+    }
+}

GPClient/gphelper.h

@@ -0,0 +1,43 @@
+#ifndef GPHELPER_H
+#define GPHELPER_H
+
+#include "samlloginwindow.h"
+#include "gpgateway.h"
+
+#include <QObject>
+#include <QNetworkAccessManager>
+#include <QNetworkRequest>
+#include <QNetworkReply>
+#include <QUrlQuery>
+#include <QSettings>
+
+
+const QString UA = "PAN GlobalProtect";
+
+namespace gpclient {
+    namespace helper {
+        extern QNetworkAccessManager *networkManager;
+
+        QNetworkReply* createRequest(QString url, QByteArray params = nullptr);
+
+        GPGateway filterPreferredGateway(QList<GPGateway> gateways, const QString ruleName);
+
+        QUrlQuery parseGatewayResponse(const QByteArray& xml);
+
+        void openMessageBox(const QString& message, const QString& informativeText = "");
+
+        void moveCenter(QWidget *widget);
+
+        namespace settings {
+
+            extern QSettings *_settings;
+            static const QStringList reservedKeys {"extraArgs", "clientos"};
+
+            QVariant get(const QString &key, const QVariant &defaultValue = QVariant());
+            void save(const QString &key, const QVariant &value);
+            void clear();
+        }
+    }
+}
+
+#endif // GPHELPER_H

GPClient/gpservice_interface.cpp

@@ -1,25 +0,0 @@
-/*
- * This file was generated by qdbusxml2cpp version 0.8
- * Command line was: qdbusxml2cpp -i gpservice_interface.h -p :gpservice_interface.cpp ../GPService/gpservice.xml
- *
- * qdbusxml2cpp is Copyright (C) 2020 The Qt Company Ltd.
- *
- * This is an auto-generated file.
- * This file may have been hand-edited. Look for HAND-EDIT comments
- * before re-generating it.
- */
-
-#include "gpservice_interface.h"
-/*
- * Implementation of interface class ComYuezkQtGPServiceInterface
- */
-
-ComYuezkQtGPServiceInterface::ComYuezkQtGPServiceInterface(const QString &service, const QString &path, const QDBusConnection &connection, QObject *parent)
-    : QDBusAbstractInterface(service, path, staticInterfaceName(), connection, parent)
-{
-}
-
-ComYuezkQtGPServiceInterface::~ComYuezkQtGPServiceInterface()
-{
-}
-

GPClient/gpservice_interface.h

@@ -1,71 +0,0 @@
-/*
- * This file was generated by qdbusxml2cpp version 0.8
- * Command line was: qdbusxml2cpp -p gpservice_interface.h: ../GPService/gpservice.xml
- *
- * qdbusxml2cpp is Copyright (C) 2020 The Qt Company Ltd.
- *
- * This is an auto-generated file.
- * Do not edit! All changes made to it will be lost.
- */
-
-#ifndef GPSERVICE_INTERFACE_H
-#define GPSERVICE_INTERFACE_H
-
-#include <QtCore/QObject>
-#include <QtCore/QByteArray>
-#include <QtCore/QList>
-#include <QtCore/QMap>
-#include <QtCore/QString>
-#include <QtCore/QStringList>
-#include <QtCore/QVariant>
-#include <QtDBus/QtDBus>
-
-/*
- * Proxy class for interface com.yuezk.qt.GPService
- */
-class ComYuezkQtGPServiceInterface: public QDBusAbstractInterface
-{
-    Q_OBJECT
-public:
-    static inline const char *staticInterfaceName()
-    { return "com.yuezk.qt.GPService"; }
-
-public:
-    ComYuezkQtGPServiceInterface(const QString &service, const QString &path, const QDBusConnection &connection, QObject *parent = nullptr);
-
-    ~ComYuezkQtGPServiceInterface();
-
-public Q_SLOTS: // METHODS
-    inline QDBusPendingReply<> connect(const QString &server, const QString &username, const QString &passwd)
-    {
-        QList<QVariant> argumentList;
-        argumentList << QVariant::fromValue(server) << QVariant::fromValue(username) << QVariant::fromValue(passwd);
-        return asyncCallWithArgumentList(QStringLiteral("connect"), argumentList);
-    }
-
-    inline QDBusPendingReply<> disconnect()
-    {
-        QList<QVariant> argumentList;
-        return asyncCallWithArgumentList(QStringLiteral("disconnect"), argumentList);
-    }
-
-    inline QDBusPendingReply<int> status()
-    {
-        QList<QVariant> argumentList;
-        return asyncCallWithArgumentList(QStringLiteral("status"), argumentList);
-    }
-
-Q_SIGNALS: // SIGNALS
-    void connected();
-    void disconnected();
-    void logAvailable(const QString &log);
-};
-
-namespace com {
-  namespace yuezk {
-    namespace qt {
-      typedef ::ComYuezkQtGPServiceInterface GPService;
-    }
-  }
-}
-#endif

GPClient/loginparams.cpp

@@ -0,0 +1,75 @@
+#include "loginparams.h"
+
+#include <QUrlQuery>
+
+LoginParams::LoginParams(const QString clientos)
+{
+    params.addQueryItem("prot", QUrl::toPercentEncoding("https:"));
+    params.addQueryItem("server", "");
+    params.addQueryItem("inputSrc", "");
+    params.addQueryItem("jnlpReady", "jnlpReady");
+    params.addQueryItem("user", "");
+    params.addQueryItem("passwd", "");
+    params.addQueryItem("computer", QUrl::toPercentEncoding(QSysInfo::machineHostName()));
+    params.addQueryItem("ok", "Login");
+    params.addQueryItem("direct", "yes");
+    params.addQueryItem("clientVer", "4100");
+    params.addQueryItem("os-version", QUrl::toPercentEncoding(QSysInfo::prettyProductName()));
+
+    // add the clientos parameter if not empty
+    if (!clientos.isEmpty()) {
+        params.addQueryItem("clientos", clientos);
+    }
+
+    params.addQueryItem("portal-userauthcookie", "");
+    params.addQueryItem("portal-prelogonuserauthcookie", "");
+    params.addQueryItem("prelogin-cookie", "");
+    params.addQueryItem("ipv6-support", "yes");
+}
+
+LoginParams::~LoginParams()
+{
+}
+
+void LoginParams::setUser(const QString user)
+{
+    updateQueryItem("user", user);
+}
+
+void LoginParams::setServer(const QString server)
+{
+    updateQueryItem("server", server);
+}
+
+void LoginParams::setPassword(const QString password)
+{
+    updateQueryItem("passwd", password);
+}
+
+void LoginParams::setUserAuthCookie(const QString cookie)
+{
+    updateQueryItem("portal-userauthcookie", cookie);
+}
+
+void LoginParams::setPrelogonAuthCookie(const QString cookie)
+{
+    updateQueryItem("portal-prelogonuserauthcookie", cookie);
+}
+
+void LoginParams::setPreloginCookie(const QString cookie)
+{
+    updateQueryItem("prelogin-cookie", cookie);
+}
+
+QByteArray LoginParams::toUtf8() const
+{
+    return params.toString().toUtf8();
+}
+
+void LoginParams::updateQueryItem(const QString key, const QString value)
+{
+    if (params.hasQueryItem(key)) {
+        params.removeQueryItem(key);
+    }
+    params.addQueryItem(key, QUrl::toPercentEncoding(value));
+}

GPClient/loginparams.h

@@ -0,0 +1,27 @@
+#ifndef LOGINPARAMS_H
+#define LOGINPARAMS_H
+
+#include <QUrlQuery>
+
+class LoginParams
+{
+public:
+    LoginParams(const QString clientos);
+    ~LoginParams();
+
+    void setUser(const QString user);
+    void setServer(const QString server);
+    void setPassword(const QString password);
+    void setUserAuthCookie(const QString cookie);
+    void setPrelogonAuthCookie(const QString cookie);
+    void setPreloginCookie(const QString cookie);
+
+    QByteArray toUtf8() const;
+
+private:
+    QUrlQuery params;
+
+    void updateQueryItem(const QString key, const QString value);
+};
+
+#endif // LOGINPARAMS_H

GPClient/main.cpp

@@ -2,17 +2,38 @@
 #include "gpclient.h"
 #include "enhancedwebview.h"
 
+#include <QStandardPaths>
+#include <plog/Log.h>
+#include <plog/Appenders/ColorConsoleAppender.h>
+
+static const QString version = "v1.3.3";
+
 int main(int argc, char *argv[])
 {
+    const QDir path = QStandardPaths::writableLocation(QStandardPaths::GenericCacheLocation) + "/GlobalProtect-openconnect";
+    const QString logFile = path.path() + "/gpclient.log";
+    if (!path.exists()) {
+        path.mkpath(".");
+    }
+
+    static plog::ColorConsoleAppender<plog::TxtFormatter> consoleAppender;
+    plog::init(plog::debug, logFile.toUtf8()).addAppender(&consoleAppender);
+
+    PLOGI << "GlobalProtect started, version: " << version;
+
     QString port = QString::fromLocal8Bit(qgetenv(ENV_CDP_PORT));
+
     if (port == "") {
         qputenv(ENV_CDP_PORT, "12315");
     }
+
     SingleApplication app(argc, argv);
+    app.setQuitOnLastWindowClosed(false);
+
     GPClient w;
     w.show();
 
-    QObject::connect(&app, &SingleApplication::instanceStarted, &w, &GPClient::raise);
+    QObject::connect(&app, &SingleApplication::instanceStarted, &w, &GPClient::activate);
 
     return app.exec();
 }

GPClient/normalloginwindow.cpp

@@ -0,0 +1,64 @@
+#include "normalloginwindow.h"
+#include "ui_normalloginwindow.h"
+
+#include <QCloseEvent>
+
+NormalLoginWindow::NormalLoginWindow(QWidget *parent) :
+    QDialog(parent),
+    ui(new Ui::NormalLoginWindow)
+{
+    ui->setupUi(this);
+    setWindowTitle("GlobalProtect Login");
+    setFixedSize(width(), height());
+    setModal(true);
+}
+
+NormalLoginWindow::~NormalLoginWindow()
+{
+    delete ui;
+}
+
+void NormalLoginWindow::setAuthMessage(QString message)
+{
+    ui->authMessage->setText(message);
+}
+
+void NormalLoginWindow::setUsernameLabel(QString label)
+{
+    ui->username->setPlaceholderText(label);
+}
+
+void NormalLoginWindow::setPasswordLabel(QString label)
+{
+    ui->password->setPlaceholderText(label);
+}
+
+void NormalLoginWindow::setPortalAddress(QString portal)
+{
+    ui->portalAddress->setText(portal);
+}
+
+void NormalLoginWindow::setProcessing(bool isProcessing)
+{
+    ui->username->setReadOnly(isProcessing);
+    ui->password->setReadOnly(isProcessing);
+    ui->loginButton->setDisabled(isProcessing);
+}
+
+void NormalLoginWindow::on_loginButton_clicked()
+{
+    const QString username = ui->username->text().trimmed();
+    const QString password = ui->password->text().trimmed();
+
+    if (username.isEmpty() || password.isEmpty()) {
+        return;
+    }
+
+    emit performLogin(username, password);
+}
+
+void NormalLoginWindow::closeEvent(QCloseEvent *event)
+{
+    event->accept();
+    reject();
+}

GPClient/normalloginwindow.h

@@ -0,0 +1,37 @@
+#ifndef PORTALAUTHWINDOW_H
+#define PORTALAUTHWINDOW_H
+
+#include <QDialog>
+
+namespace Ui {
+class NormalLoginWindow;
+}
+
+class NormalLoginWindow : public QDialog
+{
+    Q_OBJECT
+
+public:
+    explicit NormalLoginWindow(QWidget *parent = nullptr);
+    ~NormalLoginWindow();
+
+    void setAuthMessage(QString);
+    void setUsernameLabel(QString);
+    void setPasswordLabel(QString);
+    void setPortalAddress(QString);
+
+    void setProcessing(bool isProcessing);
+
+private slots:
+    void on_loginButton_clicked();
+
+signals:
+    void performLogin(QString username, QString password);
+
+private:
+    Ui::NormalLoginWindow *ui;
+
+    void closeEvent(QCloseEvent *event);
+};
+
+#endif // PORTALAUTHWINDOW_H

GPClient/normalloginwindow.ui

@@ -0,0 +1,148 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ui version="4.0">
+ <class>NormalLoginWindow</class>
+ <widget class="QDialog" name="NormalLoginWindow">
+  <property name="geometry">
+   <rect>
+    <x>0</x>
+    <y>0</y>
+    <width>255</width>
+    <height>269</height>
+   </rect>
+  </property>
+  <property name="sizePolicy">
+   <sizepolicy hsizetype="Preferred" vsizetype="Minimum">
+    <horstretch>0</horstretch>
+    <verstretch>0</verstretch>
+   </sizepolicy>
+  </property>
+  <property name="cursor">
+   <cursorShape>ArrowCursor</cursorShape>
+  </property>
+  <property name="windowTitle">
+   <string>Login</string>
+  </property>
+  <property name="modal">
+   <bool>true</bool>
+  </property>
+  <layout class="QVBoxLayout" name="verticalLayout_5">
+   <item>
+    <layout class="QVBoxLayout" name="verticalLayout_4" stretch="1,0,0">
+     <item>
+      <layout class="QVBoxLayout" name="verticalLayout">
+       <item>
+        <widget class="QLabel" name="label">
+         <property name="font">
+          <font>
+           <pointsize>20</pointsize>
+          </font>
+         </property>
+         <property name="text">
+          <string>Login</string>
+         </property>
+         <property name="alignment">
+          <set>Qt::AlignCenter</set>
+         </property>
+        </widget>
+       </item>
+       <item>
+        <widget class="QLabel" name="authMessage">
+         <property name="enabled">
+          <bool>true</bool>
+         </property>
+         <property name="sizePolicy">
+          <sizepolicy hsizetype="Preferred" vsizetype="Preferred">
+           <horstretch>0</horstretch>
+           <verstretch>2</verstretch>
+          </sizepolicy>
+         </property>
+         <property name="text">
+          <string>Please enter the login credentials</string>
+         </property>
+         <property name="alignment">
+          <set>Qt::AlignCenter</set>
+         </property>
+        </widget>
+       </item>
+      </layout>
+     </item>
+     <item>
+      <layout class="QVBoxLayout" name="verticalLayout_2">
+       <property name="spacing">
+        <number>0</number>
+       </property>
+       <property name="leftMargin">
+        <number>6</number>
+       </property>
+       <item>
+        <widget class="QLabel" name="portalLabel">
+         <property name="sizePolicy">
+          <sizepolicy hsizetype="Preferred" vsizetype="Preferred">
+           <horstretch>0</horstretch>
+           <verstretch>0</verstretch>
+          </sizepolicy>
+         </property>
+         <property name="text">
+          <string>Portal:</string>
+         </property>
+         <property name="margin">
+          <number>0</number>
+         </property>
+        </widget>
+       </item>
+       <item>
+        <widget class="QLabel" name="portalAddress">
+         <property name="sizePolicy">
+          <sizepolicy hsizetype="Preferred" vsizetype="Preferred">
+           <horstretch>0</horstretch>
+           <verstretch>0</verstretch>
+          </sizepolicy>
+         </property>
+         <property name="text">
+          <string>vpn.example.com</string>
+         </property>
+        </widget>
+       </item>
+      </layout>
+     </item>
+     <item>
+      <layout class="QVBoxLayout" name="verticalLayout_3">
+       <item>
+        <widget class="QLineEdit" name="username">
+         <property name="placeholderText">
+          <string>Username</string>
+         </property>
+        </widget>
+       </item>
+       <item>
+        <widget class="QLineEdit" name="password">
+         <property name="text">
+          <string/>
+         </property>
+         <property name="echoMode">
+          <enum>QLineEdit::Password</enum>
+         </property>
+         <property name="placeholderText">
+          <string>Password</string>
+         </property>
+         <property name="clearButtonEnabled">
+          <bool>false</bool>
+         </property>
+        </widget>
+       </item>
+       <item>
+        <widget class="QPushButton" name="loginButton">
+         <property name="text">
+          <string>Login</string>
+         </property>
+        </widget>
+       </item>
+      </layout>
+     </item>
+    </layout>
+   </item>
+  </layout>
+ </widget>
+ <resources/>
+ <connections/>
+</ui>

GPClient/portalauthenticator.cpp

@@ -0,0 +1,210 @@
+#include "portalauthenticator.h"
+#include "gphelper.h"
+#include "normalloginwindow.h"
+#include "samlloginwindow.h"
+#include "loginparams.h"
+#include "preloginresponse.h"
+#include "portalconfigresponse.h"
+#include "gpgateway.h"
+
+#include <plog/Log.h>
+#include <QNetworkReply>
+
+using namespace gpclient::helper;
+
+PortalAuthenticator::PortalAuthenticator(const QString& portal, const QString& clientos) : QObject()
+  , portal(portal)
+  , clientos(clientos)
+  , preloginUrl("https://" + portal + "/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100")
+  , configUrl("https://" + portal + "/global-protect/getconfig.esp")
+{
+    if (!clientos.isEmpty()) {
+        preloginUrl = preloginUrl + "&clientos=" + clientos;
+    }
+}
+
+PortalAuthenticator::~PortalAuthenticator()
+{
+    delete normalLoginWindow;
+}
+
+void PortalAuthenticator::authenticate()
+{
+    PLOGI << "Preform portal prelogin at " << preloginUrl;
+
+    QNetworkReply *reply = createRequest(preloginUrl);
+    connect(reply, &QNetworkReply::finished, this, &PortalAuthenticator::onPreloginFinished);
+}
+
+void PortalAuthenticator::onPreloginFinished()
+{
+    QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
+
+    if (reply->error()) {
+        PLOGE << QString("Error occurred while accessing %1, %2").arg(preloginUrl).arg(reply->errorString());
+        emit preloginFailed("Error occurred on the portal prelogin interface.");
+        delete reply;
+        return;
+    }
+
+    PLOGI << "Portal prelogin succeeded.";
+
+    preloginResponse = PreloginResponse::parse(reply->readAll());
+
+    PLOGI << "Finished parsing the prelogin response. The region field is: " << preloginResponse.region();
+
+    if (preloginResponse.hasSamlAuthFields()) {
+        // Do SAML authentication
+        samlAuth();
+    } else if (preloginResponse.hasNormalAuthFields()) {
+        // Do normal username/password authentication
+        tryAutoLogin();
+    } else {
+        PLOGE << QString("Unknown prelogin response for %1 got %2").arg(preloginUrl).arg(QString::fromUtf8(preloginResponse.rawResponse()));
+        emit preloginFailed("Unknown response for portal prelogin interface.");
+    }
+
+    delete reply;
+}
+
+void PortalAuthenticator::tryAutoLogin()
+{
+    const QString username = settings::get("username").toString();
+    const QString password = settings::get("password").toString();
+
+    if (!username.isEmpty() && !password.isEmpty()) {
+        PLOGI << "Trying auto login using the saved credentials";
+        isAutoLogin = true;
+        fetchConfig(settings::get("username").toString(), settings::get("password").toString());
+    } else {
+        normalAuth();
+    }
+}
+
+void PortalAuthenticator::normalAuth()
+{
+    PLOGI << "Trying to launch the normal login window...";
+
+    normalLoginWindow = new NormalLoginWindow;
+    normalLoginWindow->setPortalAddress(portal);
+    normalLoginWindow->setAuthMessage(preloginResponse.authMessage());
+    normalLoginWindow->setUsernameLabel(preloginResponse.labelUsername());
+    normalLoginWindow->setPasswordLabel(preloginResponse.labelPassword());
+
+    // Do login
+    connect(normalLoginWindow, &NormalLoginWindow::performLogin, this, &PortalAuthenticator::onPerformNormalLogin);
+    connect(normalLoginWindow, &NormalLoginWindow::rejected, this, &PortalAuthenticator::onLoginWindowRejected);
+    connect(normalLoginWindow, &NormalLoginWindow::finished, this, &PortalAuthenticator::onLoginWindowFinished);
+
+    normalLoginWindow->show();
+}
+
+void PortalAuthenticator::onPerformNormalLogin(const QString &username, const QString &password)
+{
+    normalLoginWindow->setProcessing(true);
+    fetchConfig(username, password);
+}
+
+void PortalAuthenticator::onLoginWindowRejected()
+{
+    emitFail();
+}
+
+void PortalAuthenticator::onLoginWindowFinished()
+{
+    delete normalLoginWindow;
+    normalLoginWindow = nullptr;
+}
+
+void PortalAuthenticator::samlAuth()
+{
+    PLOGI << "Trying to perform SAML login with saml-method " << preloginResponse.samlMethod();
+
+    SAMLLoginWindow *loginWindow = new SAMLLoginWindow;
+
+    connect(loginWindow, &SAMLLoginWindow::success, this, &PortalAuthenticator::onSAMLLoginSuccess);
+    connect(loginWindow, &SAMLLoginWindow::fail, this, &PortalAuthenticator::onSAMLLoginFail);
+    connect(loginWindow, &SAMLLoginWindow::rejected, this, &PortalAuthenticator::onLoginWindowRejected);
+
+    loginWindow->login(preloginResponse.samlMethod(), preloginResponse.samlRequest(), preloginUrl);
+}
+
+void PortalAuthenticator::onSAMLLoginSuccess(const QMap<QString, QString> samlResult)
+{
+    if (samlResult.contains("preloginCookie")) {
+        PLOGI << "SAML login succeeded, got the prelogin-cookie " << samlResult.value("preloginCookie");
+    } else {
+        PLOGI << "SAML login succeeded, got the portal-userauthcookie " << samlResult.value("userAuthCookie");
+    }
+
+    fetchConfig(samlResult.value("username"), "", samlResult.value("preloginCookie"), samlResult.value("userAuthCookie"));
+}
+
+void PortalAuthenticator::onSAMLLoginFail(const QString msg)
+{
+    emitFail(msg);
+}
+
+void PortalAuthenticator::fetchConfig(QString username, QString password, QString preloginCookie, QString userAuthCookie)
+{
+    LoginParams loginParams { clientos };
+    loginParams.setServer(portal);
+    loginParams.setUser(username);
+    loginParams.setPassword(password);
+    loginParams.setPreloginCookie(preloginCookie);
+    loginParams.setUserAuthCookie(userAuthCookie);
+
+    // Save the username and password for future use.
+    this->username = username;
+    this->password = password;
+
+    PLOGI << "Fetching the portal config from " << configUrl << " for user: " << username;
+
+    QNetworkReply *reply = createRequest(configUrl, loginParams.toUtf8());
+    connect(reply, &QNetworkReply::finished, this, &PortalAuthenticator::onFetchConfigFinished);
+}
+
+void PortalAuthenticator::onFetchConfigFinished()
+{
+    QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
+
+    if (reply->error()) {
+        PLOGE << QString("Failed to fetch the portal config from %1, %2").arg(configUrl).arg(reply->errorString());
+
+        // Login failed, enable the fields of the normal login window
+        if (normalLoginWindow) {
+            normalLoginWindow->setProcessing(false);
+            openMessageBox("Portal login failed.", "Please check your credentials and try again.");
+        } else if (isAutoLogin) {
+            isAutoLogin = false;
+            normalAuth();
+        } else {
+            emit portalConfigFailed("Failed to fetch the portal config.");
+        }
+        return;
+    }
+
+    PLOGI << "Fetch the portal config succeeded.";
+    PortalConfigResponse response = PortalConfigResponse::parse(reply->readAll());
+
+    // Add the username & password to the response object
+    response.setUsername(username);
+    response.setPassword(password);
+
+    // Close the login window
+    if (normalLoginWindow) {
+        PLOGI << "Closing the NormalLoginWindow...";
+
+        // Save the credentials for reuse
+        settings::save("username", username);
+        settings::save("password", password);
+        normalLoginWindow->close();
+    }
+
+    emit success(response, preloginResponse.region());
+}
+
+void PortalAuthenticator::emitFail(const QString& msg)
+{
+    emit fail(msg);
+}

GPClient/portalauthenticator.h

@@ -0,0 +1,56 @@
+#ifndef PORTALAUTHENTICATOR_H
+#define PORTALAUTHENTICATOR_H
+
+#include "portalconfigresponse.h"
+#include "normalloginwindow.h"
+#include "samlloginwindow.h"
+#include "preloginresponse.h"
+
+#include <QObject>
+
+class PortalAuthenticator : public QObject
+{
+    Q_OBJECT
+public:
+    explicit PortalAuthenticator(const QString& portal, const QString& clientos);
+    ~PortalAuthenticator();
+
+    void authenticate();
+
+signals:
+    void success(const PortalConfigResponse response, const QString region);
+    void fail(const QString& msg);
+    void preloginFailed(const QString& msg);
+    void portalConfigFailed(const QString msg);
+
+private slots:
+    void onPreloginFinished();
+    void onPerformNormalLogin(const QString &username, const QString &password);
+    void onLoginWindowRejected();
+    void onLoginWindowFinished();
+    void onSAMLLoginSuccess(const QMap<QString, QString> samlResult);
+    void onSAMLLoginFail(const QString msg);
+    void onFetchConfigFinished();
+
+private:
+    QString portal;
+    QString clientos;
+    QString preloginUrl;
+    QString configUrl;
+    QString username;
+    QString password;
+
+    PreloginResponse preloginResponse;
+
+    bool isAutoLogin { false };
+
+    NormalLoginWindow *normalLoginWindow{ nullptr };
+
+    void tryAutoLogin();
+    void normalAuth();
+    void samlAuth();
+    void fetchConfig(QString username, QString password, QString preloginCookie = "", QString userAuthCookie = "");
+    void emitFail(const QString& msg = "");
+};
+
+#endif // PORTALAUTHENTICATOR_H

GPClient/portalconfigresponse.cpp

@@ -0,0 +1,178 @@
+#include "portalconfigresponse.h"
+
+#include <QXmlStreamReader>
+#include <plog/Log.h>
+
+QString PortalConfigResponse::xmlUserAuthCookie = "portal-userauthcookie";
+QString PortalConfigResponse::xmlPrelogonUserAuthCookie = "portal-prelogonuserauthcookie";
+QString PortalConfigResponse::xmlGateways = "gateways";
+
+PortalConfigResponse::PortalConfigResponse()
+{
+}
+
+PortalConfigResponse::~PortalConfigResponse()
+{
+}
+
+PortalConfigResponse PortalConfigResponse::parse(const QByteArray xml)
+{
+    PLOGI << "Start parsing the portal configuration...";
+
+    QXmlStreamReader xmlReader(xml);
+    PortalConfigResponse response;
+    response.setRawResponse(xml);
+
+    while (!xmlReader.atEnd()) {
+        xmlReader.readNextStartElement();
+
+        QString name = xmlReader.name().toString();
+
+        if (name == xmlUserAuthCookie) {
+            PLOGI << "Start reading " << name;
+            response.setUserAuthCookie(xmlReader.readElementText());
+        } else if (name == xmlPrelogonUserAuthCookie) {
+            PLOGI << "Start reading " << name;
+            response.setPrelogonUserAuthCookie(xmlReader.readElementText());
+        } else if (name == xmlGateways) {
+            response.setAllGateways(parseGateways(xmlReader));
+        }
+    }
+
+    PLOGI << "Finished parsing portal configuration.";
+
+    return response;
+}
+
+const QByteArray PortalConfigResponse::rawResponse() const
+{
+    return m_rawResponse;
+}
+
+const QString &PortalConfigResponse::username() const
+{
+    return m_username;
+}
+
+QString PortalConfigResponse::password() const
+{
+    return m_password;
+}
+
+QList<GPGateway> PortalConfigResponse::parseGateways(QXmlStreamReader &xmlReader)
+{
+    PLOGI << "Start parsing the gateways from portal configuration...";
+
+    QList<GPGateway> gateways;
+
+    while (xmlReader.name() != "external"){
+        xmlReader.readNext();
+    }
+
+    while (xmlReader.name() != "list"){
+        xmlReader.readNext();
+    }
+
+    while (xmlReader.name() != xmlGateways || !xmlReader.isEndElement()) {
+        xmlReader.readNext();
+        // Parse the gateways -> external -> list -> entry
+        if (xmlReader.name() == "entry" && xmlReader.isStartElement()) {
+            GPGateway g;
+            QString address = xmlReader.attributes().value("name").toString();
+            g.setAddress(address);
+            g.setPriorityRules(parsePriorityRules(xmlReader));
+            g.setName(parseGatewayName(xmlReader));
+            gateways.append(g);
+        }
+    }
+
+    PLOGI << "Finished parsing the gateways.";
+
+    return gateways;
+}
+
+QMap<QString, int> PortalConfigResponse::parsePriorityRules(QXmlStreamReader &xmlReader)
+{
+    PLOGI << "Start parsing the priority rules...";
+
+    QMap<QString, int> priorityRules;
+
+    while ((xmlReader.name() != "priority-rule" || !xmlReader.isEndElement()) && !xmlReader.hasError()) {
+        xmlReader.readNext();
+
+        if (xmlReader.name() == "entry" && xmlReader.isStartElement()) {
+            QString ruleName = xmlReader.attributes().value("name").toString();
+            // Read the priority tag
+            while (xmlReader.name() != "priority"){
+                xmlReader.readNext();
+            }
+            int ruleValue = xmlReader.readElementText().toUInt();
+            priorityRules.insert(ruleName, ruleValue);
+        }
+    }
+
+    PLOGI << "Finished parsing the priority rules.";
+
+    return priorityRules;
+}
+
+QString PortalConfigResponse::parseGatewayName(QXmlStreamReader &xmlReader)
+{
+    PLOGI << "Start parsing the gateway name...";
+
+    while (xmlReader.name() != "description" || !xmlReader.isEndElement()) {
+        xmlReader.readNext();
+        if (xmlReader.name() == "description" && xmlReader.tokenType() == xmlReader.StartElement) {
+            PLOGI << "Finished parsing the gateway name";
+            return xmlReader.readElementText();
+        }
+    }
+
+    PLOGE << "Error: <description> tag not found";
+    return "";
+}
+
+QString PortalConfigResponse::userAuthCookie() const
+{
+    return m_userAuthCookie;
+}
+
+QString PortalConfigResponse::prelogonUserAuthCookie() const
+{
+    return m_prelogonAuthCookie;
+}
+
+QList<GPGateway> PortalConfigResponse::allGateways() const
+{
+    return m_gateways;
+}
+
+void PortalConfigResponse::setAllGateways(QList<GPGateway> gateways)
+{
+    m_gateways = gateways;
+}
+
+void PortalConfigResponse::setRawResponse(const QByteArray response)
+{
+    m_rawResponse = response;
+}
+
+void PortalConfigResponse::setUsername(const QString username)
+{
+    m_username = username;
+}
+
+void PortalConfigResponse::setPassword(const QString password)
+{
+    m_password = password;
+}
+
+void PortalConfigResponse::setUserAuthCookie(const QString cookie)
+{
+    m_userAuthCookie = cookie;
+}
+
+void PortalConfigResponse::setPrelogonUserAuthCookie(const QString cookie)
+{
+    m_prelogonAuthCookie = cookie;
+}

GPClient/portalconfigresponse.h

@@ -0,0 +1,51 @@
+#ifndef PORTALCONFIGRESPONSE_H
+#define PORTALCONFIGRESPONSE_H
+
+#include "gpgateway.h"
+
+#include <QString>
+#include <QList>
+#include <QXmlStreamReader>
+
+class PortalConfigResponse
+{
+public:
+    PortalConfigResponse();
+    ~PortalConfigResponse();
+
+    static PortalConfigResponse parse(const QByteArray xml);
+
+    const QByteArray rawResponse() const;
+    const QString &username() const;
+    QString password() const;
+    QString userAuthCookie() const;
+    QString prelogonUserAuthCookie() const;
+    QList<GPGateway> allGateways() const;
+    void setAllGateways(QList<GPGateway> gateways);
+
+    void setUsername(const QString username);
+    void setPassword(const QString password);
+
+private:
+    static QString xmlUserAuthCookie;
+    static QString xmlPrelogonUserAuthCookie;
+    static QString xmlGateways;
+
+    QByteArray m_rawResponse;
+    QString m_username;
+    QString m_password;
+    QString m_userAuthCookie;
+    QString m_prelogonAuthCookie;
+
+    QList<GPGateway> m_gateways;
+
+    void setRawResponse(const QByteArray response);
+    void setUserAuthCookie(const QString cookie);
+    void setPrelogonUserAuthCookie(const QString cookie);
+
+    static QList<GPGateway> parseGateways(QXmlStreamReader &xmlReader);
+    static QMap<QString, int> parsePriorityRules(QXmlStreamReader &xmlReader);
+    static QString parseGatewayName(QXmlStreamReader &xmlReader);
+};
+
+#endif // PORTALCONFIGRESPONSE_H

GPClient/preloginresponse.cpp

@@ -0,0 +1,100 @@
+#include "preloginresponse.h"
+
+#include <QXmlStreamReader>
+#include <QMap>
+#include <plog/Log.h>
+
+QString PreloginResponse::xmlAuthMessage = "authentication-message";
+QString PreloginResponse::xmlLabelUsername = "username-label";
+QString PreloginResponse::xmlLabelPassword = "password-label";
+QString PreloginResponse::xmlSamlMethod = "saml-auth-method";
+QString PreloginResponse::xmlSamlRequest = "saml-request";
+QString PreloginResponse::xmlRegion = "region";
+
+PreloginResponse::PreloginResponse()
+{
+    add(xmlAuthMessage, "");
+    add(xmlLabelUsername, "");
+    add(xmlLabelPassword, "");
+    add(xmlSamlMethod, "");
+    add(xmlSamlRequest, "");
+    add(xmlRegion, "");
+}
+
+PreloginResponse PreloginResponse::parse(const QByteArray& xml)
+{
+    PLOGI << "Start parsing the prelogin response...";
+
+    QXmlStreamReader xmlReader(xml);
+    PreloginResponse response;
+    response.setRawResponse(xml);
+
+    while (!xmlReader.atEnd()) {
+        xmlReader.readNextStartElement();
+        QString name = xmlReader.name().toString();
+        if (response.has(name)) {
+            response.add(name, xmlReader.readElementText());
+        }
+    }
+    return response;
+}
+
+const QByteArray& PreloginResponse::rawResponse() const
+{
+    return _rawResponse;
+}
+
+QString PreloginResponse::authMessage() const
+{
+    return resultMap.value(xmlAuthMessage);
+}
+
+QString PreloginResponse::labelUsername() const
+{
+    return resultMap.value(xmlLabelUsername);
+}
+
+QString PreloginResponse::labelPassword() const
+{
+    return resultMap.value(xmlLabelPassword);
+}
+
+QString PreloginResponse::samlMethod() const
+{
+    return resultMap.value(xmlSamlMethod);
+}
+
+QString PreloginResponse::samlRequest() const
+{
+    return QByteArray::fromBase64(resultMap.value(xmlSamlRequest).toUtf8());
+}
+
+QString PreloginResponse::region() const
+{
+    return resultMap.value(xmlRegion);
+}
+
+bool PreloginResponse::hasSamlAuthFields() const
+{
+    return !samlMethod().isEmpty() && !samlRequest().isEmpty();
+}
+
+bool PreloginResponse::hasNormalAuthFields() const
+{
+    return !labelUsername().isEmpty() && !labelPassword().isEmpty();
+}
+
+void PreloginResponse::setRawResponse(const QByteArray response)
+{
+    _rawResponse = response;
+}
+
+bool PreloginResponse::has(const QString name) const
+{
+    return resultMap.contains(name);
+}
+
+void PreloginResponse::add(const QString name, const QString value)
+{
+    resultMap.insert(name, value);
+}

GPClient/preloginresponse.h

@@ -0,0 +1,41 @@
+#ifndef PRELOGINRESPONSE_H
+#define PRELOGINRESPONSE_H
+
+#include <QString>
+#include <QMap>
+
+class PreloginResponse
+{
+public:
+    PreloginResponse();
+
+    static PreloginResponse parse(const QByteArray& xml);
+
+    const QByteArray& rawResponse() const;
+    QString authMessage() const;
+    QString labelUsername() const;
+    QString labelPassword() const;
+    QString samlMethod() const;
+    QString samlRequest() const;
+    QString region() const;
+
+    bool hasSamlAuthFields() const;
+    bool hasNormalAuthFields() const;
+
+private:
+    static QString xmlAuthMessage;
+    static QString xmlLabelUsername;
+    static QString xmlLabelPassword;
+    static QString xmlSamlMethod;
+    static QString xmlSamlRequest;
+    static QString xmlRegion;
+
+    QMap<QString, QString> resultMap;
+    QByteArray _rawResponse;
+
+    void setRawResponse(const QByteArray response);
+    void add(const QString name, const QString value);
+    bool has(const QString name) const;
+};
+
+#endif // PRELOGINRESPONSE_H

GPClient/resources.qrc

@@ -4,5 +4,8 @@
         <file>connected.png</file>
         <file>pending.png</file>
         <file>not_connected.png</file>
+        <file>radio_unselected.png</file>
+        <file>radio_selected.png</file>
+        <file>settings_icon.png</file>
     </qresource>
 </RCC>

GPClient/samlloginwindow.cpp

@@ -1,19 +1,26 @@
 #include "samlloginwindow.h"
 
 #include <QVBoxLayout>
+#include <plog/Log.h>
+#include <QWebEngineProfile>
+#include <QWebEngineView>
 
 SAMLLoginWindow::SAMLLoginWindow(QWidget *parent)
     : QDialog(parent)
+    , webView(new EnhancedWebView(this))
 {
-    setWindowTitle("SAML Login");
+    setWindowTitle("GlobalProtect SAML Login");
-    resize(610, 406);
+    setModal(true);
+    resize(700, 550);
+
     QVBoxLayout *verticalLayout = new QVBoxLayout(this);
-    webView = new EnhancedWebView(this);
     webView->setUrl(QUrl("about:blank"));
+    // webView->page()->profile()->setPersistentCookiesPolicy(QWebEngineProfile::NoPersistentCookies);
     verticalLayout->addWidget(webView);
 
     webView->initialize();
-    QObject::connect(webView, &EnhancedWebView::responseReceived, this, &SAMLLoginWindow::onResponseReceived);
+    connect(webView, &EnhancedWebView::responseReceived, this, &SAMLLoginWindow::onResponseReceived);
+    connect(webView, &EnhancedWebView::loadFinished, this, &SAMLLoginWindow::onLoadFinished);
 }
 
 SAMLLoginWindow::~SAMLLoginWindow()
@@ -27,9 +34,16 @@ void SAMLLoginWindow::closeEvent(QCloseEvent *event)
     reject();
 }
 
-void SAMLLoginWindow::login(QString url)
+void SAMLLoginWindow::login(const QString samlMethod, const QString samlRequest, const QString preloingUrl)
 {
-    webView->load(QUrl(url));
+    if (samlMethod == "POST") {
+        webView->setHtml(samlRequest, preloingUrl);
+    } else if (samlMethod == "REDIRECT") {
+        webView->load(samlRequest);
+    } else {
+        PLOGE << "Unknown saml-auth-method expected POST or REDIRECT, got " << samlMethod;
+        emit fail("Unknown saml-auth-method, got " + samlMethod);
+    }
 }
 
 void SAMLLoginWindow::onResponseReceived(QJsonObject params)
@@ -43,17 +57,43 @@ void SAMLLoginWindow::onResponseReceived(QJsonObject params)
     QJsonObject response = params.value("response").toObject();
     QJsonObject headers = response.value("headers").toObject();
 
-    foreach (const QString& key, headers.keys()) {
+    const QString username = headers.value("saml-username").toString();
-        if (key.startsWith("saml-") || key == "prelogin-cookie" || key == "portal-userauthcookie") {
+    const QString preloginCookie = headers.value("prelogin-cookie").toString();
-            samlResult.insert(key, headers.value(key));
+    const QString userAuthCookie = headers.value("portal-userauthcookie").toString();
-        }
+
+    LOGI << "Response received from " << response.value("url").toString();
+
+    if (!username.isEmpty()) {
+        LOGI << "Got username from SAML response headers " << username;
+        samlResult.insert("username", username);
+    }
+
+    if (!preloginCookie.isEmpty()) {
+        LOGI << "Got prelogin-cookie from SAML response headers " << preloginCookie;
+        samlResult.insert("preloginCookie", preloginCookie);
+    }
+
+    if (!userAuthCookie.isEmpty()) {
+        LOGI << "Got portal-userauthcookie from SAML response headers " << userAuthCookie;
+        samlResult.insert("userAuthCookie", userAuthCookie);
     }
 
     // Check the SAML result
-    if (samlResult.contains("saml-username")
+    if (samlResult.contains("username")
-            && (samlResult.contains("prelogin-cookie") || samlResult.contains("portal-userauthcookie"))) {
+            && (samlResult.contains("preloginCookie") || samlResult.contains("userAuthCookie"))) {
-        samlResult.insert("server", QUrl(response.value("url").toString()).authority());
+        LOGI << "Got the SAML authentication information successfully. "
+             << "username: " << samlResult.value("username")
+             << ", preloginCookie: " << samlResult.value("preloginCookie")
+             << ", userAuthCookie: " << samlResult.value("userAuthCookie");
+
         emit success(samlResult);
         accept();
+    } else {
+        this->show();
     }
 }
+
+void SAMLLoginWindow::onLoadFinished()
+{
+     LOGI << "Load finished " << this->webView->page()->url().toString();
+}

GPClient/samlloginwindow.h

@@ -4,7 +4,7 @@
 #include "enhancedwebview.h"
 
 #include <QDialog>
-#include <QJsonObject>
+#include <QMap>
 #include <QCloseEvent>
 
 class SAMLLoginWindow : public QDialog
@@ -15,17 +15,19 @@ public:
     explicit SAMLLoginWindow(QWidget *parent = nullptr);
     ~SAMLLoginWindow();
 
-    void login(QString url);
+    void login(const QString samlMethod, const QString samlRequest, const QString preloingUrl);
 
 signals:
-    void success(QJsonObject samlResult);
+    void success(QMap<QString, QString> samlResult);
+    void fail(const QString msg);
 
 private slots:
     void onResponseReceived(QJsonObject params);
+    void onLoadFinished();
 
 private:
     EnhancedWebView *webView;
-    QJsonObject samlResult;
+    QMap<QString, QString> samlResult;
 
     void closeEvent(QCloseEvent *event);
 };

GPClient/settingsdialog.cpp

@@ -0,0 +1,34 @@
+#include "settingsdialog.h"
+#include "ui_settingsdialog.h"
+
+SettingsDialog::SettingsDialog(QWidget *parent) :
+    QDialog(parent),
+    ui(new Ui::SettingsDialog)
+{
+    ui->setupUi(this);
+}
+
+SettingsDialog::~SettingsDialog()
+{
+    delete ui;
+}
+
+void SettingsDialog::setExtraArgs(QString extraArgs)
+{
+    ui->extraArgsInput->setPlainText(extraArgs);
+}
+
+QString SettingsDialog::extraArgs()
+{
+    return ui->extraArgsInput->toPlainText().trimmed();
+}
+
+void SettingsDialog::setClientos(QString clientos)
+{
+    ui->clientosInput->setText(clientos);
+}
+
+QString SettingsDialog::clientos()
+{
+    return ui->clientosInput->text();
+}

GPClient/settingsdialog.h

@@ -0,0 +1,28 @@
+#ifndef SETTINGSDIALOG_H
+#define SETTINGSDIALOG_H
+
+#include <QDialog>
+
+namespace Ui {
+class SettingsDialog;
+}
+
+class SettingsDialog : public QDialog
+{
+    Q_OBJECT
+
+public:
+    explicit SettingsDialog(QWidget *parent = nullptr);
+    ~SettingsDialog();
+
+    void setExtraArgs(QString extraArgs);
+    QString extraArgs();
+
+    void setClientos(QString clientos);
+    QString clientos();
+
+private:
+    Ui::SettingsDialog *ui;
+};
+
+#endif // SETTINGSDIALOG_H

GPClient/settingsdialog.ui

@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ui version="4.0">
+ <class>SettingsDialog</class>
+ <widget class="QDialog" name="SettingsDialog">
+  <property name="geometry">
+   <rect>
+    <x>0</x>
+    <y>0</y>
+    <width>488</width>
+    <height>177</height>
+   </rect>
+  </property>
+  <property name="sizePolicy">
+   <sizepolicy hsizetype="Preferred" vsizetype="Preferred">
+    <horstretch>0</horstretch>
+    <verstretch>0</verstretch>
+   </sizepolicy>
+  </property>
+  <property name="windowTitle">
+   <string>Settings</string>
+  </property>
+  <property name="windowIcon">
+   <iconset resource="resources.qrc">
+    <normaloff>:/images/connected.png</normaloff>:/images/connected.png</iconset>
+  </property>
+  <layout class="QFormLayout" name="formLayout_3">
+   <item row="0" column="0">
+    <widget class="QLabel" name="label">
+     <property name="text">
+      <string>Custom Parameters:</string>
+     </property>
+    </widget>
+   </item>
+   <item row="0" column="1">
+    <widget class="QPlainTextEdit" name="extraArgsInput">
+     <property name="placeholderText">
+      <string extracomment="Tokens with spaces can be surrounded by double quotes">e.g. --name=value --script=&quot;vpn-slice xxx&quot;</string>
+     </property>
+    </widget>
+   </item>
+   <item row="1" column="0">
+    <widget class="QLabel" name="label_2">
+     <property name="text">
+      <string>Value of &quot;clientos&quot;:</string>
+     </property>
+    </widget>
+   </item>
+   <item row="1" column="1">
+    <widget class="QLineEdit" name="clientosInput">
+     <property name="placeholderText">
+      <string>e.g., Windows</string>
+     </property>
+    </widget>
+   </item>
+   <item row="2" column="1">
+    <widget class="QDialogButtonBox" name="buttonBox">
+     <property name="orientation">
+      <enum>Qt::Horizontal</enum>
+     </property>
+     <property name="standardButtons">
+      <set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
+     </property>
+    </widget>
+   </item>
+  </layout>
+ </widget>
+ <resources>
+  <include location="resources.qrc"/>
+ </resources>
+ <connections>
+  <connection>
+   <sender>buttonBox</sender>
+   <signal>accepted()</signal>
+   <receiver>SettingsDialog</receiver>
+   <slot>accept()</slot>
+   <hints>
+    <hint type="sourcelabel">
+     <x>248</x>
+     <y>254</y>
+    </hint>
+    <hint type="destinationlabel">
+     <x>157</x>
+     <y>274</y>
+    </hint>
+   </hints>
+  </connection>
+  <connection>
+   <sender>buttonBox</sender>
+   <signal>rejected()</signal>
+   <receiver>SettingsDialog</receiver>
+   <slot>reject()</slot>
+   <hints>
+    <hint type="sourcelabel">
+     <x>316</x>
+     <y>260</y>
+    </hint>
+    <hint type="destinationlabel">
+     <x>286</x>
+     <y>274</y>
+    </hint>
+   </hints>
+  </connection>
+ </connections>
+</ui>

GPService/dbus/com.yuezk.qt.GPService.service

@@ -1,5 +1,5 @@
 [D-BUS Service]
 Name=com.yuezk.qt.GPService
-Exec=/usr/local/bin/gpservice
+Exec=/usr/bin/gpservice
 User=root
 SystemdService=gpservice.service

GPService/gpservice.cpp

@@ -39,6 +39,47 @@ QString GPService::findBinary()
     return nullptr;
 }
 
+/* Port from https://github.com/qt/qtbase/blob/11d1dcc6e263c5059f34b44d531c9ccdf7c0b1d6/src/corelib/io/qprocess.cpp#L2115 */
+QStringList GPService::splitCommand(QStringView command)
+{
+    QStringList args;
+    QString tmp;
+    int quoteCount = 0;
+    bool inQuote = false;
+
+    // handle quoting. tokens can be surrounded by double quotes
+    // "hello world". three consecutive double quotes represent
+    // the quote character itself.
+    for (int i = 0; i < command.size(); ++i) {
+        if (command.at(i) == QLatin1Char('"')) {
+            ++quoteCount;
+            if (quoteCount == 3) {
+                // third consecutive quote
+                quoteCount = 0;
+                tmp += command.at(i);
+            }
+            continue;
+        }
+        if (quoteCount) {
+            if (quoteCount == 1)
+                inQuote = !inQuote;
+            quoteCount = 0;
+        }
+        if (!inQuote && command.at(i).isSpace()) {
+            if (!tmp.isEmpty()) {
+                args += tmp;
+                tmp.clear();
+            }
+        } else {
+            tmp += command.at(i);
+        }
+    }
+    if (!tmp.isEmpty())
+        args += tmp;
+
+    return args;
+}
+
 void GPService::quit()
 {
     if (openconnect->state() == QProcess::NotRunning) {
@@ -49,7 +90,7 @@ void GPService::quit()
     }
 }
 
-void GPService::connect(QString server, QString username, QString passwd)
+void GPService::connect(QString server, QString username, QString passwd, QString extraArgs)
 {
     if (vpnStatus != GPService::VpnNotConnected) {
         log("VPN status is: " + QVariant::fromValue(vpnStatus).toString());
@@ -58,21 +99,22 @@ void GPService::connect(QString server, QString username, QString passwd)
 
     QString bin = findBinary();
     if (bin == nullptr) {
-        log("Could not found openconnect binary, make sure openconnect is installed, exiting.");
+        log("Could not find openconnect binary, make sure openconnect is installed, exiting.");
+        emit error("The OpenConect CLI was not found, make sure it has been installed!");
         return;
     }
 
     QStringList args;
     args << QCoreApplication::arguments().mid(1)
      << "--protocol=gp"
+     << splitCommand(extraArgs)
      << "-u" << username
-     << "--passwd-on-stdin"
+     << "-C" << passwd
-     << "--timestamp"
      << server;
 
+    log("Start process with arugments: " + args.join(" "));
+
     openconnect->start(bin, args);
-    openconnect->write(passwd.toUtf8());
-    openconnect->closeWriteChannel();
 }
 
 void GPService::disconnect()
@@ -130,6 +172,5 @@ void GPService::onProcessFinished(int exitCode, QProcess::ExitStatus exitStatus)
 
 void GPService::log(QString msg)
 {
-    qInfo() << msg;
     emit logAvailable(msg);
 }

GPService/gpservice.h

@@ -31,10 +31,11 @@ public:
 signals:
     void connected();
     void disconnected();
+    void error(QString errorMessage);
     void logAvailable(QString log);
 
 public slots:
-    void connect(QString server, QString username, QString passwd);
+    void connect(QString server, QString username, QString passwd, QString extraArgs);
     void disconnect();
     int status();
     void quit();
@@ -53,6 +54,7 @@ private:
 
     void log(QString msg);
     static QString findBinary();
+    static QStringList splitCommand(QStringView command);
 };
 
 #endif // GLOBALPROTECTSERVICE_H

GPService/gpservice.xml

@@ -8,10 +8,14 @@
     <signal name="logAvailable">
       <arg name="log" type="s" />
     </signal>
+    <signal name="error">
+      <arg name="errorMessage" type="s" />
+    </signal>
     <method name="connect">
       <arg name="server" type="s" direction="in"/>
       <arg name="username" type="s" direction="in"/>
       <arg name="passwd" type="s" direction="in"/>
+      <arg name="extraArgs" type="s" direction="in"/>
     </method>
     <method name="disconnect">
     </method>

GPService/gpservice_adaptor.cpp

@@ -1,55 +0,0 @@
-/*
- * This file was generated by qdbusxml2cpp version 0.8
- * Command line was: qdbusxml2cpp -i gpservice_adaptor.h -a :gpservice_adaptor.cpp gpservice.xml
- *
- * qdbusxml2cpp is Copyright (C) 2020 The Qt Company Ltd.
- *
- * This is an auto-generated file.
- * Do not edit! All changes made to it will be lost.
- */
-
-#include "gpservice_adaptor.h"
-#include <QtCore/QMetaObject>
-#include <QtCore/QByteArray>
-#include <QtCore/QList>
-#include <QtCore/QMap>
-#include <QtCore/QString>
-#include <QtCore/QStringList>
-#include <QtCore/QVariant>
-
-/*
- * Implementation of adaptor class GPServiceAdaptor
- */
-
-GPServiceAdaptor::GPServiceAdaptor(QObject *parent)
-    : QDBusAbstractAdaptor(parent)
-{
-    // constructor
-    setAutoRelaySignals(true);
-}
-
-GPServiceAdaptor::~GPServiceAdaptor()
-{
-    // destructor
-}
-
-void GPServiceAdaptor::connect(const QString &server, const QString &username, const QString &passwd)
-{
-    // handle method call com.yuezk.qt.GPService.connect
-    QMetaObject::invokeMethod(parent(), "connect", Q_ARG(QString, server), Q_ARG(QString, username), Q_ARG(QString, passwd));
-}
-
-void GPServiceAdaptor::disconnect()
-{
-    // handle method call com.yuezk.qt.GPService.disconnect
-    QMetaObject::invokeMethod(parent(), "disconnect");
-}
-
-int GPServiceAdaptor::status()
-{
-    // handle method call com.yuezk.qt.GPService.status
-    int out0;
-    QMetaObject::invokeMethod(parent(), "status", Q_RETURN_ARG(int, out0));
-    return out0;
-}
-

GPService/gpservice_adaptor.h

@@ -1,66 +0,0 @@
-/*
- * This file was generated by qdbusxml2cpp version 0.8
- * Command line was: qdbusxml2cpp -a gpservice_adaptor.h: gpservice.xml
- *
- * qdbusxml2cpp is Copyright (C) 2020 The Qt Company Ltd.
- *
- * This is an auto-generated file.
- * This file may have been hand-edited. Look for HAND-EDIT comments
- * before re-generating it.
- */
-
-#ifndef GPSERVICE_ADAPTOR_H
-#define GPSERVICE_ADAPTOR_H
-
-#include <QtCore/QObject>
-#include <QtDBus/QtDBus>
-QT_BEGIN_NAMESPACE
-class QByteArray;
-template<class T> class QList;
-template<class Key, class Value> class QMap;
-class QString;
-class QStringList;
-class QVariant;
-QT_END_NAMESPACE
-
-/*
- * Adaptor class for interface com.yuezk.qt.GPService
- */
-class GPServiceAdaptor: public QDBusAbstractAdaptor
-{
-    Q_OBJECT
-    Q_CLASSINFO("D-Bus Interface", "com.yuezk.qt.GPService")
-    Q_CLASSINFO("D-Bus Introspection", ""
-"  <interface name=\"com.yuezk.qt.GPService\">\n"
-"    <signal name=\"connected\"/>\n"
-"    <signal name=\"disconnected\"/>\n"
-"    <signal name=\"logAvailable\">\n"
-"      <arg type=\"s\" name=\"log\"/>\n"
-"    </signal>\n"
-"    <method name=\"connect\">\n"
-"      <arg direction=\"in\" type=\"s\" name=\"server\"/>\n"
-"      <arg direction=\"in\" type=\"s\" name=\"username\"/>\n"
-"      <arg direction=\"in\" type=\"s\" name=\"passwd\"/>\n"
-"    </method>\n"
-"    <method name=\"disconnect\"/>\n"
-"    <method name=\"status\">\n"
-"      <arg direction=\"out\" type=\"i\"/>\n"
-"    </method>\n"
-"  </interface>\n"
-        "")
-public:
-    GPServiceAdaptor(QObject *parent);
-    virtual ~GPServiceAdaptor();
-
-public: // PROPERTIES
-public Q_SLOTS: // METHODS
-    void connect(const QString &server, const QString &username, const QString &passwd);
-    void disconnect();
-    int status();
-Q_SIGNALS: // SIGNALS
-    void connected();
-    void disconnected();
-    void logAvailable(const QString &log);
-};
-
-#endif

GPService/systemd/gpservice.service

@@ -2,9 +2,10 @@
 Description=GlobalProtect openconnect DBus service
 
 [Service]
+Environment="LANG=en_US.utf8"
 Type=dbus
 BusName=com.yuezk.qt.GPService
-ExecStart=/usr/local/bin/gpservice
+ExecStart=/usr/bin/gpservice
 
 [Install]
 WantedBy=multi-user.target

PKGBUILD.template

@@ -0,0 +1,39 @@
+# Maintainer: Keinv Yue <yuezk001@gmail.com>
+
+pkgname=globalprotect-openconnect
+_gitname=GlobalProtect-openconnect
+pkgver={PKG_VERSION}
+pkgrel=1
+pkgdesc="A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Qt5, supports SAML auth mode."
+arch=(x86_64 aarch64)
+url="https://github.com/yuezk/${_gitname}"
+license=('GPL3')
+depends=('openconnect>=8.0.0' qt5-base qt5-webengine qt5-websockets)
+makedepends=()
+source=(
+    "${_gitname}-${pkgver}.tar.gz::${url}/archive/v${pkgver}.tar.gz"
+    "https://github.com/itay-grudev/SingleApplication/archive/v3.0.19.tar.gz"
+    "https://github.com/SergiusTheBest/plog/archive/1.1.5.tar.gz"
+)
+
+sha256sums=(
+    '{SOURCE_SHA}'
+    '9405fd259288b2a862e91e5135bccee936f0438e1b32c13603277132309d15e0'
+    '6c80b4701183d2415bec927e1f5ca9b1761b3b5c65d3e09fb29c743e016d5609'
+);
+
+prepare() {
+    mv "$srcdir/SingleApplication-3.0.19" -T "$srcdir/${_gitname}-${pkgver}/singleapplication"
+    mv "$srcdir/plog-1.1.5" -T "$srcdir/${_gitname}-${pkgver}/plog"
+}
+
+build() {
+    cd "$srcdir/${_gitname}-${pkgver}"
+    qmake CONFIG+=release "${srcdir}/${_gitname}-${pkgver}/GlobalProtect-openconnect.pro"
+    make
+}
+
+package() {
+    cd "$srcdir/${_gitname}-${pkgver}"
+    make INSTALL_ROOT="$pkgdir/" install
+}

README.md

@@ -5,6 +5,39 @@ A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Q
   <img src="screenshot.png">
 </p>
 
+## Features
+
+- Similar user experience as the official client in macOS.
+- Supports both SAML and non-SAML authentication modes.
+- Supports automatically selecting the preferred gateway from the multiple gateways.
+- Supports switching gateway from the system tray menu manually.
+
+## Future plan
+
+- [ ] Improve the release process
+- [ ] Process bugs and feature requests
+- [ ] Support for bypassing the `gpclient` parameters
+- [ ] Support the CLI mode
+
+## Passing the Custom Parameters to `OpenConnect` CLI
+
+Custom parameters can be appended to the `OpenConnect` CLI with the following settings.
+
+> Tokens with spaces can be surrounded by double quotes; three consecutive double quotes represent the quote character itself.
+
+
+<p align="center">
+  <img src="https://user-images.githubusercontent.com/3297602/130319209-744be02b-d657-4f49-a76d-d2c81b5c46d5.png" />
+<p>
+  
+## Display the system tray icon on Gnome 40
+
+Install the [AppIndicator and KStatusNotifierItem Support](https://extensions.gnome.org/extension/615/appindicator-support/) extension and you will see the system try icon (Restart the system after the installation).
+
+<p align="center">
+  <img src="https://user-images.githubusercontent.com/3297602/130831022-b93492fd-46dd-4a8e-94a4-13b5747120b7.png" />
+<p>
+ 
 ## Prerequisites
 
 - Openconnect v8.x
@@ -12,22 +45,108 @@ A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Q
 
 ### Ubuntu
 1. Install openconnect v8.x
-    Update openconnect to 8.x, for ubuntu 18.04 you might need to [build the latest openconnect from source code](https://gist.github.com/yuezk/ab9a4b87a9fa0182bdb2df41fab5f613).
+
-2. Install the Qt dependencies
     ```sh
-    sudo apt install qt5-default libqt5websockets5-dev qtwebengine5-dev
+    sudo apt install openconnect
+    openconnect --version
     ```
+
+   For Ubuntu 18.04 you might need to [build the latest openconnect from source code](https://gist.github.com/yuezk/ab9a4b87a9fa0182bdb2df41fab5f613).
+   
+2. Install the Qt dependencies
+
+    For Ubuntu 20, this should work.
+    
+    ```sh
+    sudo apt install qtbase5-dev libqt5websockets5-dev qtwebengine5-dev qttools5-dev debhelper
+    ```
+    
+    For Ubuntu 21, you need to install the base pieces separately as QT5 is the default.
+    
+    ```sh
+    sudo apt install qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools libqt5websockets5-dev qtwebengine5-dev qttools5-dev debhelper
+    ```
+    
+### OpenSUSE
+Install the Qt dependencies
+
+```sh
+sudo zypper install libqt5-qtbase-devel libqt5-qtwebsockets-devel libqt5-qtwebengine-devel
+```
+
+### Fedora
+Install the Qt dependencies:
+
+```sh
+sudo dnf install qt5-qtbase-devel qt5-qtwebengine-devel qt5-qtwebsockets-devel
+```
+
 ## Install
 
+### Install from AUR (Arch/Manjaro)
+
+Install [globalprotect-openconnect](https://aur.archlinux.org/packages/globalprotect-openconnect/).
+
+### Build from source code
+
 ```sh
 git clone https://github.com/yuezk/GlobalProtect-openconnect.git
 cd GlobalProtect-openconnect
-git submodule init && git submodule update
+git submodule update --init
+
+# qmake or qmake-qt5
 qmake CONFIG+=release
 make
 sudo make install
 ```
 Open `GlobalProtect VPN` in the application dashboard.
 
+### Debian package
+
+Relatively manual process for now:
+
+* Clone the source tree
+
+  ```
+  git clone https://github.com/yuezk/GlobalProtect-openconnect.git
+  cd GlobalProtect-openconnect
+  ```
+
+* Install git-archive-all using the pip. Remember to adjust the version numbers etc.
+
+  ```
+  pip install git-archive-all
+  ```
+
+* Next create an upstream source tree using git archive.
+
+  ```
+  git-archive-all --force-submodules --prefix=globalprotect-openconnect-1.3.0/ ../globalprotect-openconnect_1.3.0.orig.tar.gz
+  ```
+
+* Finally extract the source tree, build the debian package, and install it.
+
+  ```
+  cd ..
+  tar -xzvf globalprotect-openconnect_1.3.0.orig.tar.gz
+  cd globalprotect-openconnect-1.3.0
+  fakeroot dpkg-buildpackage -uc -us -sa 2>&1 | tee ../build.log
+  sudo dpkg -i globalprotect-openconnect_1.3.0-1ppa1_amd64.deb
+  ```
+
+### NixOS
+  In `configuration.nix`:
+
+  ```
+  services.globalprotect = {
+    enable = true;
+    # if you need a Host Integrity Protection report
+    csdWrapper = "${pkgs.openconnect}/libexec/openconnect/hipreport.sh";
+  };
+  
+  environment.systemPackages = [ globalprotect-openconnect ];
+  ```
+  
+
 ## [License](./LICENSE)
 GPLv3

debian/README.Debian

@@ -0,0 +1,5 @@
+globalprotect-openconnect for Debian
+
+Added debian packaging 
+
+ -- Amit Joshi <>  Fri, 29 May 2020 21:52:59 -0400

debian/changelog

@@ -0,0 +1,47 @@
+globalprotect-openconnect (1.3.0-1ppa1) bionic; urgency=medium
+
+  * Bump version to 1.3.0
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Thu, 09 Jul 2020 10:13:46 +0800
+
+globalprotect-openconnect (1.2.7-1ppa1) bionic; urgency=medium
+
+  * Update dependencies
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Tue, 09 Jun 2020 22:13:46 +0800
+
+globalprotect-openconnect (1.2.6-1ppa1) bionic; urgency=medium
+
+  * Add qt5-default dependency
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Tue, 09 Jun 2020 22:05:57 +0800
+
+globalprotect-openconnect (1.2.5-1ppa1) bionic; urgency=medium
+
+  * Update version
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Mon, 08 Jun 2020 23:24:06 +0800
+
+globalprotect-openconnect (1.2.4-1ppa5) bionic; urgency=medium
+
+  * Update dependencies
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Mon, 08 Jun 2020 23:13:44 +0800
+
+globalprotect-openconnect (1.2.4-1ppa2) bionic; urgency=medium
+
+  * Update dependencies
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Mon, 08 Jun 2020 22:39:07 +0800
+
+globalprotect-openconnect (1.2.4-1ppa1) bionic; urgency=medium
+
+  * Initial release.
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Sun, 07 Jun 2020 19:00:25 +0800
+
+globalprotect-openconnect (1.2.4-1) UNRELEASED; urgency=low
+
+  * Initial release of debian package
+
+ -- Amit Joshi <>  Fri, 29 May 2020 21:52:59 -0400

debian/compat

@@ -0,0 +1 @@
+11

debian/control

@@ -0,0 +1,13 @@
+Source: globalprotect-openconnect
+Section: net
+Priority: optional
+Maintainer: Kevin Yue <k3vinyue@gmail.com>
+Build-Depends: debhelper (>=11~), qtbase5-dev, qttools5-dev (>=5.9), libqt5websockets5-dev (>=5.9), qtwebengine5-dev (>=5.9)
+Standards-Version: 4.1.4
+Homepage: https://github.com/yuezk/GlobalProtect-openconnect
+
+Package: globalprotect-openconnect
+Architecture: any
+Multi-Arch: foreign
+Depends: ${misc:Depends}, ${shlibs:Depends}, openconnect (>=8.0), libqt5websockets5 (>=5.9), libqt5webengine5 (>=5.9)
+Description: A GlobalProtect VPN client (GUI) based on OpenConnect.

debian/copyright

@@ -0,0 +1,982 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: globalprotect-openconnect
+Source: https://github.com/yuezk/GlobalProtect-openconnect
+#
+# Please double check copyright with the licensecheck(1) command.
+
+Files:     .gitignore
+           .gitmodules
+           GPClient/GPClient.pro
+           GPClient/Makefile
+           GPClient/cdpcommand.cpp
+           GPClient/cdpcommand.h
+           GPClient/cdpcommand.o
+           GPClient/cdpcommandmanager.cpp
+           GPClient/cdpcommandmanager.h
+           GPClient/cdpcommandmanager.o
+           GPClient/com.yuezk.qt.gpclient.desktop
+           GPClient/connected.png
+           GPClient/enhancedwebview.cpp
+           GPClient/enhancedwebview.h
+           GPClient/enhancedwebview.o
+           GPClient/gatewayauthenticator.cpp
+           GPClient/gatewayauthenticator.h
+           GPClient/gatewayauthenticator.o
+           GPClient/gpclient
+           GPClient/gpclient.cpp
+           GPClient/gpclient.h
+           GPClient/gpclient.o
+           GPClient/gpgateway.cpp
+           GPClient/gpgateway.h
+           GPClient/gpgateway.o
+           GPClient/gphelper.cpp
+           GPClient/gphelper.h
+           GPClient/gphelper.o
+           GPClient/gpservice_interface.cpp
+           GPClient/gpservice_interface.h
+           GPClient/gpservice_interface.o
+           GPClient/loginparams.cpp
+           GPClient/loginparams.h
+           GPClient/loginparams.o
+           GPClient/main.cpp
+           GPClient/main.o
+           GPClient/moc_cdpcommand.cpp
+           GPClient/moc_cdpcommand.o
+           GPClient/moc_cdpcommandmanager.cpp
+           GPClient/moc_cdpcommandmanager.o
+           GPClient/moc_enhancedwebview.cpp
+           GPClient/moc_enhancedwebview.o
+           GPClient/moc_gatewayauthenticator.cpp
+           GPClient/moc_gatewayauthenticator.o
+           GPClient/moc_gpclient.cpp
+           GPClient/moc_gpclient.o
+           GPClient/moc_gpservice_interface.cpp
+           GPClient/moc_gpservice_interface.o
+           GPClient/moc_normalloginwindow.cpp
+           GPClient/moc_normalloginwindow.o
+           GPClient/moc_portalauthenticator.cpp
+           GPClient/moc_portalauthenticator.o
+           GPClient/moc_predefs.h
+           GPClient/moc_samlloginwindow.cpp
+           GPClient/moc_samlloginwindow.o
+           GPClient/moc_singleapplication.cpp
+           GPClient/moc_singleapplication.o
+           GPClient/moc_singleapplication_p.cpp
+           GPClient/moc_singleapplication_p.o
+           GPClient/normalloginwindow.cpp
+           GPClient/normalloginwindow.h
+           GPClient/normalloginwindow.o
+           GPClient/not_connected.png
+           GPClient/pending.png
+           GPClient/portalauthenticator.cpp
+           GPClient/portalauthenticator.h
+           GPClient/portalauthenticator.o
+           GPClient/portalconfigresponse.cpp
+           GPClient/portalconfigresponse.h
+           GPClient/portalconfigresponse.o
+           GPClient/preloginresponse.cpp
+           GPClient/preloginresponse.h
+           GPClient/preloginresponse.o
+           GPClient/qrc_resources.cpp
+           GPClient/qrc_resources.o
+           GPClient/radio_selected.png
+           GPClient/radio_unselected.png
+           GPClient/samlloginwindow.cpp
+           GPClient/samlloginwindow.h
+           GPClient/samlloginwindow.o
+           GPClient/singleapplication.o
+           GPClient/singleapplication_p.o
+           GPClient/ui_gpclient.h
+           GPClient/ui_normalloginwindow.h
+           GPService/GPService.pro
+           GPService/Makefile
+           GPService/dbus/com.yuezk.qt.GPService.service
+           GPService/gpservice
+           GPService/gpservice.cpp
+           GPService/gpservice.h
+           GPService/gpservice.o
+           GPService/gpservice_adaptor.cpp
+           GPService/gpservice_adaptor.h
+           GPService/gpservice_adaptor.o
+           GPService/main.cpp
+           GPService/main.o
+           GPService/moc_gpservice.cpp
+           GPService/moc_gpservice.o
+           GPService/moc_gpservice_adaptor.cpp
+           GPService/moc_gpservice_adaptor.o
+           GPService/moc_predefs.h
+           GPService/moc_sigwatch.cpp
+           GPService/moc_singleapplication.cpp
+           GPService/moc_singleapplication.o
+           GPService/moc_singleapplication_p.cpp
+           GPService/moc_singleapplication_p.o
+           GPService/sigwatch.o
+           GPService/singleapplication.o
+           GPService/singleapplication_p.o
+           GPService/systemd/gpservice.service
+           GlobalProtect-openconnect.pro
+           Makefile
+           README.md
+           plog/.appveyor.yml
+           plog/.circleci/config.yml
+           plog/.cirrus.yml
+           plog/.editorconfig
+           plog/.git
+           plog/.gitignore
+           plog/.travis.yml
+           plog/CMakeLists.txt
+           plog/README.md
+           plog/include/plog/Appenders/AndroidAppender.h
+           plog/include/plog/Appenders/ColorConsoleAppender.h
+           plog/include/plog/Appenders/ConsoleAppender.h
+           plog/include/plog/Appenders/DebugOutputAppender.h
+           plog/include/plog/Appenders/EventLogAppender.h
+           plog/include/plog/Appenders/IAppender.h
+           plog/include/plog/Appenders/RollingFileAppender.h
+           plog/include/plog/Converters/NativeEOLConverter.h
+           plog/include/plog/Converters/UTF8Converter.h
+           plog/include/plog/Formatters/CsvFormatter.h
+           plog/include/plog/Formatters/FuncMessageFormatter.h
+           plog/include/plog/Formatters/MessageOnlyFormatter.h
+           plog/include/plog/Formatters/TxtFormatter.h
+           plog/include/plog/Init.h
+           plog/include/plog/Log.h
+           plog/include/plog/Logger.h
+           plog/include/plog/Record.h
+           plog/include/plog/Severity.h
+           plog/include/plog/Util.h
+           plog/include/plog/WinApi.h
+           plog/samples/Android/CMakeLists.txt
+           plog/samples/Android/jni/Application.mk
+           plog/samples/Android/jni/Sample.cpp
+           plog/samples/CMakeLists.txt
+           plog/samples/Chained/CMakeLists.txt
+           plog/samples/Chained/ChainedApp/Main.cpp
+           plog/samples/Chained/ChainedLib/Main.cpp
+           plog/samples/ColorConsole/CMakeLists.txt
+           plog/samples/ColorConsole/Main.cpp
+           plog/samples/CustomAppender/CMakeLists.txt
+           plog/samples/CustomAppender/Main.cpp
+           plog/samples/CustomConverter/CMakeLists.txt
+           plog/samples/CustomConverter/Main.cpp
+           plog/samples/CustomFormatter/CMakeLists.txt
+           plog/samples/CustomFormatter/Main.cpp
+           plog/samples/CustomType/CMakeLists.txt
+           plog/samples/CustomType/Main.cpp
+           plog/samples/DebugOutput/CMakeLists.txt
+           plog/samples/DebugOutput/Main.cpp
+           plog/samples/Demo/CMakeLists.txt
+           plog/samples/Demo/Customer.h
+           plog/samples/Demo/Main.cpp
+           plog/samples/Demo/MyClass.cpp
+           plog/samples/Demo/MyClass.h
+           plog/samples/EventLog/CMakeLists.txt
+           plog/samples/EventLog/Main.cpp
+           plog/samples/Facilities/CMakeLists.txt
+           plog/samples/Facilities/Main.cpp
+           plog/samples/Hello/CMakeLists.txt
+           plog/samples/Hello/Main.cpp
+           plog/samples/Library/CMakeLists.txt
+           plog/samples/Library/LibraryApp/Main.cpp
+           plog/samples/Library/LibraryLib/Lib.cpp
+           plog/samples/MultiAppender/CMakeLists.txt
+           plog/samples/MultiAppender/Main.cpp
+           plog/samples/MultiInstance/CMakeLists.txt
+           plog/samples/MultiInstance/Main.cpp
+           plog/samples/ObjectiveC/CMakeLists.txt
+           plog/samples/ObjectiveC/Main.mm
+           plog/samples/Performance/CMakeLists.txt
+           plog/samples/Performance/Main.cpp
+           plog/samples/SetFileName/CMakeLists.txt
+           plog/samples/SetFileName/Main.cpp
+           plog/samples/Shared/CMakeLists.txt
+           plog/samples/Shared/SharedApp/Main.cpp
+           plog/samples/Shared/SharedLib/Main.cpp
+           plog/samples/SkipNativeEOL/CMakeLists.txt
+           plog/samples/SkipNativeEOL/Main.cpp
+           plog/samples/UtcTime/CMakeLists.txt
+           plog/samples/UtcTime/Main.cpp
+           screenshot.png
+           singleapplication/.git
+           singleapplication/.github/FUNDING.yml
+           singleapplication/.github/workflows/build-cmake.yml
+           singleapplication/.gitignore
+           singleapplication/CHANGELOG.md
+           singleapplication/CMakeLists.txt
+           singleapplication/README.md
+           singleapplication/Windows.md
+           singleapplication/examples/basic/CMakeLists.txt
+           singleapplication/examples/basic/basic.pro
+           singleapplication/examples/basic/main.cpp
+           singleapplication/examples/calculator/CMakeLists.txt
+           singleapplication/examples/calculator/button.cpp
+           singleapplication/examples/calculator/button.h
+           singleapplication/examples/calculator/calculator.cpp
+           singleapplication/examples/calculator/calculator.h
+           singleapplication/examples/calculator/calculator.pro
+           singleapplication/examples/calculator/main.cpp
+           singleapplication/examples/sending_arguments/CMakeLists.txt
+           singleapplication/examples/sending_arguments/main.cpp
+           singleapplication/examples/sending_arguments/messagereceiver.cpp
+           singleapplication/examples/sending_arguments/messagereceiver.h
+           singleapplication/examples/sending_arguments/sending_arguments.pro
+           singleapplication/singleapplication.pri
+Copyright: __NO_COPYRIGHT_NOR_LICENSE__
+License:   __NO_COPYRIGHT_NOR_LICENSE__
+
+Files:     GPService/sigwatch.cpp
+           GPService/sigwatch.h
+           singleapplication/singleapplication.cpp
+           singleapplication/singleapplication.h
+Copyright: 2014 Simon Knopp
+           2015-2018 Itay Grudev
+License:   Expat
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+
+Files:     singleapplication/singleapplication_p.cpp
+           singleapplication/singleapplication_p.h
+Copyright: 2015-2018 Itay Grudev
+License:   Expat
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+ .
+ W A R N I N G !!!
+
+Files:     plog/samples/Android/jni/Android.mk
+Copyright: 2009 The Android Open Source Project
+License:   Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache License Version 2.0
+  can be found in `/usr/share/common-licenses/Apache-2.0'.
+
+#----------------------------------------------------------------------------
+# xml and html files (skipped):
+#         GPService/gpservice.xml
+#         GPService/dbus/com.yuezk.qt.GPService.conf
+#         GPClient/com.yuezk.qt.GPClient.svg
+#         GPClient/gpclient.ui
+#         GPClient/normalloginwindow.ui
+#         GPClient/resources.qrc
+
+#----------------------------------------------------------------------------
+# Files marked as NO_LICENSE_TEXT_FOUND may be covered by the following
+# license/copyright files.
+
+#----------------------------------------------------------------------------
+# License file: LICENSE
+                     GNU GENERAL PUBLIC LICENSE
+                        Version 3, 29 June 2007
+ .
+  Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+  Everyone is permitted to copy and distribute verbatim copies
+  of this license document, but changing it is not allowed.
+ .
+                             Preamble
+ .
+   The GNU General Public License is a free, copyleft license for
+ software and other kinds of works.
+ .
+   The licenses for most software and other practical works are designed
+ to take away your freedom to share and change the works.  By contrast,
+ the GNU General Public License is intended to guarantee your freedom to
+ share and change all versions of a program--to make sure it remains free
+ software for all its users.  We, the Free Software Foundation, use the
+ GNU General Public License for most of our software; it applies also to
+ any other work released this way by its authors.  You can apply it to
+ your programs, too.
+ .
+   When we speak of free software, we are referring to freedom, not
+ price.  Our General Public Licenses are designed to make sure that you
+ have the freedom to distribute copies of free software (and charge for
+ them if you wish), that you receive source code or can get it if you
+ want it, that you can change the software or use pieces of it in new
+ free programs, and that you know you can do these things.
+ .
+   To protect your rights, we need to prevent others from denying you
+ these rights or asking you to surrender the rights.  Therefore, you have
+ certain responsibilities if you distribute copies of the software, or if
+ you modify it: responsibilities to respect the freedom of others.
+ .
+   For example, if you distribute copies of such a program, whether
+ gratis or for a fee, you must pass on to the recipients the same
+ freedoms that you received.  You must make sure that they, too, receive
+ or can get the source code.  And you must show them these terms so they
+ know their rights.
+ .
+   Developers that use the GNU GPL protect your rights with two steps:
+ (1) assert copyright on the software, and (2) offer you this License
+ giving you legal permission to copy, distribute and/or modify it.
+ .
+   For the developers' and authors' protection, the GPL clearly explains
+ that there is no warranty for this free software.  For both users' and
+ authors' sake, the GPL requires that modified versions be marked as
+ changed, so that their problems will not be attributed erroneously to
+ authors of previous versions.
+ .
+   Some devices are designed to deny users access to install or run
+ modified versions of the software inside them, although the manufacturer
+ can do so.  This is fundamentally incompatible with the aim of
+ protecting users' freedom to change the software.  The systematic
+ pattern of such abuse occurs in the area of products for individuals to
+ use, which is precisely where it is most unacceptable.  Therefore, we
+ have designed this version of the GPL to prohibit the practice for those
+ products.  If such problems arise substantially in other domains, we
+ stand ready to extend this provision to those domains in future versions
+ of the GPL, as needed to protect the freedom of users.
+ .
+   Finally, every program is threatened constantly by software patents.
+ States should not allow patents to restrict development and use of
+ software on general-purpose computers, but in those that do, we wish to
+ avoid the special danger that patents applied to a free program could
+ make it effectively proprietary.  To prevent this, the GPL assures that
+ patents cannot be used to render the program non-free.
+ .
+   The precise terms and conditions for copying, distribution and
+ modification follow.
+ .
+                        TERMS AND CONDITIONS
+ .
+   0. Definitions.
+ .
+   "This License" refers to version 3 of the GNU General Public License.
+ .
+   "Copyright" also means copyright-like laws that apply to other kinds of
+ works, such as semiconductor masks.
+ .
+   "The Program" refers to any copyrightable work licensed under this
+ License.  Each licensee is addressed as "you".  "Licensees" and
+ "recipients" may be individuals or organizations.
+ .
+   To "modify" a work means to copy from or adapt all or part of the work
+ in a fashion requiring copyright permission, other than the making of an
+ exact copy.  The resulting work is called a "modified version" of the
+ earlier work or a work "based on" the earlier work.
+ .
+   A "covered work" means either the unmodified Program or a work based
+ on the Program.
+ .
+   To "propagate" a work means to do anything with it that, without
+ permission, would make you directly or secondarily liable for
+ infringement under applicable copyright law, except executing it on a
+ computer or modifying a private copy.  Propagation includes copying,
+ distribution (with or without modification), making available to the
+ public, and in some countries other activities as well.
+ .
+   To "convey" a work means any kind of propagation that enables other
+ parties to make or receive copies.  Mere interaction with a user through
+ a computer network, with no transfer of a copy, is not conveying.
+ .
+   An interactive user interface displays "Appropriate Legal Notices"
+ to the extent that it includes a convenient and prominently visible
+ feature that (1) displays an appropriate copyright notice, and (2)
+ tells the user that there is no warranty for the work (except to the
+ extent that warranties are provided), that licensees may convey the
+ work under this License, and how to view a copy of this License.  If
+ the interface presents a list of user commands or options, such as a
+ menu, a prominent item in the list meets this criterion.
+ .
+   1. Source Code.
+ .
+   The "source code" for a work means the preferred form of the work
+ for making modifications to it.  "Object code" means any non-source
+ form of a work.
+ .
+   A "Standard Interface" means an interface that either is an official
+ standard defined by a recognized standards body, or, in the case of
+ interfaces specified for a particular programming language, one that
+ is widely used among developers working in that language.
+ .
+   The "System Libraries" of an executable work include anything, other
+ than the work as a whole, that (a) is included in the normal form of
+ packaging a Major Component, but which is not part of that Major
+ Component, and (b) serves only to enable use of the work with that
+ Major Component, or to implement a Standard Interface for which an
+ implementation is available to the public in source code form.  A
+ "Major Component", in this context, means a major essential component
+ (kernel, window system, and so on) of the specific operating system
+ (if any) on which the executable work runs, or a compiler used to
+ produce the work, or an object code interpreter used to run it.
+ .
+   The "Corresponding Source" for a work in object code form means all
+ the source code needed to generate, install, and (for an executable
+ work) run the object code and to modify the work, including scripts to
+ control those activities.  However, it does not include the work's
+ System Libraries, or general-purpose tools or generally available free
+ programs which are used unmodified in performing those activities but
+ which are not part of the work.  For example, Corresponding Source
+ includes interface definition files associated with source files for
+ the work, and the source code for shared libraries and dynamically
+ linked subprograms that the work is specifically designed to require,
+ such as by intimate data communication or control flow between those
+ subprograms and other parts of the work.
+ .
+   The Corresponding Source need not include anything that users
+ can regenerate automatically from other parts of the Corresponding
+ Source.
+ .
+   The Corresponding Source for a work in source code form is that
+ same work.
+ .
+   2. Basic Permissions.
+ .
+   All rights granted under this License are granted for the term of
+ copyright on the Program, and are irrevocable provided the stated
+ conditions are met.  This License explicitly affirms your unlimited
+ permission to run the unmodified Program.  The output from running a
+ covered work is covered by this License only if the output, given its
+ content, constitutes a covered work.  This License acknowledges your
+ rights of fair use or other equivalent, as provided by copyright law.
+ .
+   You may make, run and propagate covered works that you do not
+ convey, without conditions so long as your license otherwise remains
+ in force.  You may convey covered works to others for the sole purpose
+ of having them make modifications exclusively for you, or provide you
+ with facilities for running those works, provided that you comply with
+ the terms of this License in conveying all material for which you do
+ not control copyright.  Those thus making or running the covered works
+ for you must do so exclusively on your behalf, under your direction
+ and control, on terms that prohibit them from making any copies of
+ your copyrighted material outside their relationship with you.
+ .
+   Conveying under any other circumstances is permitted solely under
+ the conditions stated below.  Sublicensing is not allowed; section 10
+ makes it unnecessary.
+ .
+   3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+ .
+   No covered work shall be deemed part of an effective technological
+ measure under any applicable law fulfilling obligations under article
+ 11 of the WIPO copyright treaty adopted on 20 December 1996, or
+ similar laws prohibiting or restricting circumvention of such
+ measures.
+ .
+   When you convey a covered work, you waive any legal power to forbid
+ circumvention of technological measures to the extent such circumvention
+ is effected by exercising rights under this License with respect to
+ the covered work, and you disclaim any intention to limit operation or
+ modification of the work as a means of enforcing, against the work's
+ users, your or third parties' legal rights to forbid circumvention of
+ technological measures.
+ .
+   4. Conveying Verbatim Copies.
+ .
+   You may convey verbatim copies of the Program's source code as you
+ receive it, in any medium, provided that you conspicuously and
+ appropriately publish on each copy an appropriate copyright notice;
+ keep intact all notices stating that this License and any
+ non-permissive terms added in accord with section 7 apply to the code;
+ keep intact all notices of the absence of any warranty; and give all
+ recipients a copy of this License along with the Program.
+ .
+   You may charge any price or no price for each copy that you convey,
+ and you may offer support or warranty protection for a fee.
+ .
+   5. Conveying Modified Source Versions.
+ .
+   You may convey a work based on the Program, or the modifications to
+ produce it from the Program, in the form of source code under the
+ terms of section 4, provided that you also meet all of these conditions:
+ .
+     a) The work must carry prominent notices stating that you modified
+     it, and giving a relevant date.
+ .
+     b) The work must carry prominent notices stating that it is
+     released under this License and any conditions added under section
+     7.  This requirement modifies the requirement in section 4 to
+     "keep intact all notices".
+ .
+     c) You must license the entire work, as a whole, under this
+     License to anyone who comes into possession of a copy.  This
+     License will therefore apply, along with any applicable section 7
+     additional terms, to the whole of the work, and all its parts,
+     regardless of how they are packaged.  This License gives no
+     permission to license the work in any other way, but it does not
+     invalidate such permission if you have separately received it.
+ .
+     d) If the work has interactive user interfaces, each must display
+     Appropriate Legal Notices; however, if the Program has interactive
+     interfaces that do not display Appropriate Legal Notices, your
+     work need not make them do so.
+ .
+   A compilation of a covered work with other separate and independent
+ works, which are not by their nature extensions of the covered work,
+ and which are not combined with it such as to form a larger program,
+ in or on a volume of a storage or distribution medium, is called an
+ "aggregate" if the compilation and its resulting copyright are not
+ used to limit the access or legal rights of the compilation's users
+ beyond what the individual works permit.  Inclusion of a covered work
+ in an aggregate does not cause this License to apply to the other
+ parts of the aggregate.
+ .
+   6. Conveying Non-Source Forms.
+ .
+   You may convey a covered work in object code form under the terms
+ of sections 4 and 5, provided that you also convey the
+ machine-readable Corresponding Source under the terms of this License,
+ in one of these ways:
+ .
+     a) Convey the object code in, or embodied in, a physical product
+     (including a physical distribution medium), accompanied by the
+     Corresponding Source fixed on a durable physical medium
+     customarily used for software interchange.
+ .
+     b) Convey the object code in, or embodied in, a physical product
+     (including a physical distribution medium), accompanied by a
+     written offer, valid for at least three years and valid for as
+     long as you offer spare parts or customer support for that product
+     model, to give anyone who possesses the object code either (1) a
+     copy of the Corresponding Source for all the software in the
+     product that is covered by this License, on a durable physical
+     medium customarily used for software interchange, for a price no
+     more than your reasonable cost of physically performing this
+     conveying of source, or (2) access to copy the
+     Corresponding Source from a network server at no charge.
+ .
+     c) Convey individual copies of the object code with a copy of the
+     written offer to provide the Corresponding Source.  This
+     alternative is allowed only occasionally and noncommercially, and
+     only if you received the object code with such an offer, in accord
+     with subsection 6b.
+ .
+     d) Convey the object code by offering access from a designated
+     place (gratis or for a charge), and offer equivalent access to the
+     Corresponding Source in the same way through the same place at no
+     further charge.  You need not require recipients to copy the
+     Corresponding Source along with the object code.  If the place to
+     copy the object code is a network server, the Corresponding Source
+     may be on a different server (operated by you or a third party)
+     that supports equivalent copying facilities, provided you maintain
+     clear directions next to the object code saying where to find the
+     Corresponding Source.  Regardless of what server hosts the
+     Corresponding Source, you remain obligated to ensure that it is
+     available for as long as needed to satisfy these requirements.
+ .
+     e) Convey the object code using peer-to-peer transmission, provided
+     you inform other peers where the object code and Corresponding
+     Source of the work are being offered to the general public at no
+     charge under subsection 6d.
+ .
+   A separable portion of the object code, whose source code is excluded
+ from the Corresponding Source as a System Library, need not be
+ included in conveying the object code work.
+ .
+   A "User Product" is either (1) a "consumer product", which means any
+ tangible personal property which is normally used for personal, family,
+ or household purposes, or (2) anything designed or sold for incorporation
+ into a dwelling.  In determining whether a product is a consumer product,
+ doubtful cases shall be resolved in favor of coverage.  For a particular
+ product received by a particular user, "normally used" refers to a
+ typical or common use of that class of product, regardless of the status
+ of the particular user or of the way in which the particular user
+ actually uses, or expects or is expected to use, the product.  A product
+ is a consumer product regardless of whether the product has substantial
+ commercial, industrial or non-consumer uses, unless such uses represent
+ the only significant mode of use of the product.
+ .
+   "Installation Information" for a User Product means any methods,
+ procedures, authorization keys, or other information required to install
+ and execute modified versions of a covered work in that User Product from
+ a modified version of its Corresponding Source.  The information must
+ suffice to ensure that the continued functioning of the modified object
+ code is in no case prevented or interfered with solely because
+ modification has been made.
+ .
+   If you convey an object code work under this section in, or with, or
+ specifically for use in, a User Product, and the conveying occurs as
+ part of a transaction in which the right of possession and use of the
+ User Product is transferred to the recipient in perpetuity or for a
+ fixed term (regardless of how the transaction is characterized), the
+ Corresponding Source conveyed under this section must be accompanied
+ by the Installation Information.  But this requirement does not apply
+ if neither you nor any third party retains the ability to install
+ modified object code on the User Product (for example, the work has
+ been installed in ROM).
+ .
+   The requirement to provide Installation Information does not include a
+ requirement to continue to provide support service, warranty, or updates
+ for a work that has been modified or installed by the recipient, or for
+ the User Product in which it has been modified or installed.  Access to a
+ network may be denied when the modification itself materially and
+ adversely affects the operation of the network or violates the rules and
+ protocols for communication across the network.
+ .
+   Corresponding Source conveyed, and Installation Information provided,
+ in accord with this section must be in a format that is publicly
+ documented (and with an implementation available to the public in
+ source code form), and must require no special password or key for
+ unpacking, reading or copying.
+ .
+   7. Additional Terms.
+ .
+   "Additional permissions" are terms that supplement the terms of this
+ License by making exceptions from one or more of its conditions.
+ Additional permissions that are applicable to the entire Program shall
+ be treated as though they were included in this License, to the extent
+ that they are valid under applicable law.  If additional permissions
+ apply only to part of the Program, that part may be used separately
+ under those permissions, but the entire Program remains governed by
+ this License without regard to the additional permissions.
+ .
+   When you convey a copy of a covered work, you may at your option
+ remove any additional permissions from that copy, or from any part of
+ it.  (Additional permissions may be written to require their own
+ removal in certain cases when you modify the work.)  You may place
+ additional permissions on material, added by you to a covered work,
+ for which you have or can give appropriate copyright permission.
+ .
+   Notwithstanding any other provision of this License, for material you
+ add to a covered work, you may (if authorized by the copyright holders of
+ that material) supplement the terms of this License with terms:
+ .
+     a) Disclaiming warranty or limiting liability differently from the
+     terms of sections 15 and 16 of this License; or
+ .
+     b) Requiring preservation of specified reasonable legal notices or
+     author attributions in that material or in the Appropriate Legal
+     Notices displayed by works containing it; or
+ .
+     c) Prohibiting misrepresentation of the origin of that material, or
+     requiring that modified versions of such material be marked in
+     reasonable ways as different from the original version; or
+ .
+     d) Limiting the use for publicity purposes of names of licensors or
+     authors of the material; or
+ .
+     e) Declining to grant rights under trademark law for use of some
+     trade names, trademarks, or service marks; or
+ .
+     f) Requiring indemnification of licensors and authors of that
+     material by anyone who conveys the material (or modified versions of
+     it) with contractual assumptions of liability to the recipient, for
+     any liability that these contractual assumptions directly impose on
+     those licensors and authors.
+ .
+   All other non-permissive additional terms are considered "further
+ restrictions" within the meaning of section 10.  If the Program as you
+ received it, or any part of it, contains a notice stating that it is
+ governed by this License along with a term that is a further
+ restriction, you may remove that term.  If a license document contains
+ a further restriction but permits relicensing or conveying under this
+ License, you may add to a covered work material governed by the terms
+ of that license document, provided that the further restriction does
+ not survive such relicensing or conveying.
+ .
+   If you add terms to a covered work in accord with this section, you
+ must place, in the relevant source files, a statement of the
+ additional terms that apply to those files, or a notice indicating
+ where to find the applicable terms.
+ .
+   Additional terms, permissive or non-permissive, may be stated in the
+ form of a separately written license, or stated as exceptions;
+ the above requirements apply either way.
+ .
+   8. Termination.
+ .
+   You may not propagate or modify a covered work except as expressly
+ provided under this License.  Any attempt otherwise to propagate or
+ modify it is void, and will automatically terminate your rights under
+ this License (including any patent licenses granted under the third
+ paragraph of section 11).
+ .
+   However, if you cease all violation of this License, then your
+ license from a particular copyright holder is reinstated (a)
+ provisionally, unless and until the copyright holder explicitly and
+ finally terminates your license, and (b) permanently, if the copyright
+ holder fails to notify you of the violation by some reasonable means
+ prior to 60 days after the cessation.
+ .
+   Moreover, your license from a particular copyright holder is
+ reinstated permanently if the copyright holder notifies you of the
+ violation by some reasonable means, this is the first time you have
+ received notice of violation of this License (for any work) from that
+ copyright holder, and you cure the violation prior to 30 days after
+ your receipt of the notice.
+ .
+   Termination of your rights under this section does not terminate the
+ licenses of parties who have received copies or rights from you under
+ this License.  If your rights have been terminated and not permanently
+ reinstated, you do not qualify to receive new licenses for the same
+ material under section 10.
+ .
+   9. Acceptance Not Required for Having Copies.
+ .
+   You are not required to accept this License in order to receive or
+ run a copy of the Program.  Ancillary propagation of a covered work
+ occurring solely as a consequence of using peer-to-peer transmission
+ to receive a copy likewise does not require acceptance.  However,
+ nothing other than this License grants you permission to propagate or
+ modify any covered work.  These actions infringe copyright if you do
+ not accept this License.  Therefore, by modifying or propagating a
+ covered work, you indicate your acceptance of this License to do so.
+ .
+   10. Automatic Licensing of Downstream Recipients.
+ .
+   Each time you convey a covered work, the recipient automatically
+ receives a license from the original licensors, to run, modify and
+ propagate that work, subject to this License.  You are not responsible
+ for enforcing compliance by third parties with this License.
+ .
+   An "entity transaction" is a transaction transferring control of an
+ organization, or substantially all assets of one, or subdividing an
+ organization, or merging organizations.  If propagation of a covered
+ work results from an entity transaction, each party to that
+ transaction who receives a copy of the work also receives whatever
+ licenses to the work the party's predecessor in interest had or could
+ give under the previous paragraph, plus a right to possession of the
+ Corresponding Source of the work from the predecessor in interest, if
+ the predecessor has it or can get it with reasonable efforts.
+ .
+   You may not impose any further restrictions on the exercise of the
+ rights granted or affirmed under this License.  For example, you may
+ not impose a license fee, royalty, or other charge for exercise of
+ rights granted under this License, and you may not initiate litigation
+ (including a cross-claim or counterclaim in a lawsuit) alleging that
+ any patent claim is infringed by making, using, selling, offering for
+ sale, or importing the Program or any portion of it.
+ .
+   11. Patents.
+ .
+   A "contributor" is a copyright holder who authorizes use under this
+ License of the Program or a work on which the Program is based.  The
+ work thus licensed is called the contributor's "contributor version".
+ .
+   A contributor's "essential patent claims" are all patent claims
+ owned or controlled by the contributor, whether already acquired or
+ hereafter acquired, that would be infringed by some manner, permitted
+ by this License, of making, using, or selling its contributor version,
+ but do not include claims that would be infringed only as a
+ consequence of further modification of the contributor version.  For
+ purposes of this definition, "control" includes the right to grant
+ patent sublicenses in a manner consistent with the requirements of
+ this License.
+ .
+   Each contributor grants you a non-exclusive, worldwide, royalty-free
+ patent license under the contributor's essential patent claims, to
+ make, use, sell, offer for sale, import and otherwise run, modify and
+ propagate the contents of its contributor version.
+ .
+   In the following three paragraphs, a "patent license" is any express
+ agreement or commitment, however denominated, not to enforce a patent
+ (such as an express permission to practice a patent or covenant not to
+ sue for patent infringement).  To "grant" such a patent license to a
+ party means to make such an agreement or commitment not to enforce a
+ patent against the party.
+ .
+   If you convey a covered work, knowingly relying on a patent license,
+ and the Corresponding Source of the work is not available for anyone
+ to copy, free of charge and under the terms of this License, through a
+ publicly available network server or other readily accessible means,
+ then you must either (1) cause the Corresponding Source to be so
+ available, or (2) arrange to deprive yourself of the benefit of the
+ patent license for this particular work, or (3) arrange, in a manner
+ consistent with the requirements of this License, to extend the patent
+ license to downstream recipients.  "Knowingly relying" means you have
+ actual knowledge that, but for the patent license, your conveying the
+ covered work in a country, or your recipient's use of the covered work
+ in a country, would infringe one or more identifiable patents in that
+ country that you have reason to believe are valid.
+ .
+   If, pursuant to or in connection with a single transaction or
+ arrangement, you convey, or propagate by procuring conveyance of, a
+ covered work, and grant a patent license to some of the parties
+ receiving the covered work authorizing them to use, propagate, modify
+ or convey a specific copy of the covered work, then the patent license
+ you grant is automatically extended to all recipients of the covered
+ work and works based on it.
+ .
+   A patent license is "discriminatory" if it does not include within
+ the scope of its coverage, prohibits the exercise of, or is
+ conditioned on the non-exercise of one or more of the rights that are
+ specifically granted under this License.  You may not convey a covered
+ work if you are a party to an arrangement with a third party that is
+ in the business of distributing software, under which you make payment
+ to the third party based on the extent of your activity of conveying
+ the work, and under which the third party grants, to any of the
+ parties who would receive the covered work from you, a discriminatory
+ patent license (a) in connection with copies of the covered work
+ conveyed by you (or copies made from those copies), or (b) primarily
+ for and in connection with specific products or compilations that
+ contain the covered work, unless you entered into that arrangement,
+ or that patent license was granted, prior to 28 March 2007.
+ .
+   Nothing in this License shall be construed as excluding or limiting
+ any implied license or other defenses to infringement that may
+ otherwise be available to you under applicable patent law.
+ .
+   12. No Surrender of Others' Freedom.
+ .
+   If conditions are imposed on you (whether by court order, agreement or
+ otherwise) that contradict the conditions of this License, they do not
+ excuse you from the conditions of this License.  If you cannot convey a
+ covered work so as to satisfy simultaneously your obligations under this
+ License and any other pertinent obligations, then as a consequence you may
+ not convey it at all.  For example, if you agree to terms that obligate you
+ to collect a royalty for further conveying from those to whom you convey
+ the Program, the only way you could satisfy both those terms and this
+ License would be to refrain entirely from conveying the Program.
+ .
+   13. Use with the GNU Affero General Public License.
+ .
+   Notwithstanding any other provision of this License, you have
+ permission to link or combine any covered work with a work licensed
+ under version 3 of the GNU Affero General Public License into a single
+ combined work, and to convey the resulting work.  The terms of this
+ License will continue to apply to the part which is the covered work,
+ but the special requirements of the GNU Affero General Public License,
+ section 13, concerning interaction through a network will apply to the
+ combination as such.
+ .
+   14. Revised Versions of this License.
+ .
+   The Free Software Foundation may publish revised and/or new versions of
+ the GNU General Public License from time to time.  Such new versions will
+ be similar in spirit to the present version, but may differ in detail to
+ address new problems or concerns.
+ .
+   Each version is given a distinguishing version number.  If the
+ Program specifies that a certain numbered version of the GNU General
+ Public License "or any later version" applies to it, you have the
+ option of following the terms and conditions either of that numbered
+ version or of any later version published by the Free Software
+ Foundation.  If the Program does not specify a version number of the
+ GNU General Public License, you may choose any version ever published
+ by the Free Software Foundation.
+ .
+   If the Program specifies that a proxy can decide which future
+ versions of the GNU General Public License can be used, that proxy's
+ public statement of acceptance of a version permanently authorizes you
+ to choose that version for the Program.
+ .
+   Later license versions may give you additional or different
+ permissions.  However, no additional obligations are imposed on any
+ author or copyright holder as a result of your choosing to follow a
+ later version.
+ .
+   15. Disclaimer of Warranty.
+ .
+   THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+ APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+ HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+ OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+ THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+ IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+ .
+   16. Limitation of Liability.
+ .
+   IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+ WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+ THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+ GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+ USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+ DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+ PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+ EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGES.
+ .
+   17. Interpretation of Sections 15 and 16.
+ .
+   If the disclaimer of warranty and limitation of liability provided
+ above cannot be given local legal effect according to their terms,
+ reviewing courts shall apply local law that most closely approximates
+ an absolute waiver of all civil liability in connection with the
+ Program, unless a warranty or assumption of liability accompanies a
+ copy of the Program in return for a fee.
+ .
+                      END OF TERMS AND CONDITIONS
+ .
+             How to Apply These Terms to Your New Programs
+ .
+   If you develop a new program, and you want it to be of the greatest
+ possible use to the public, the best way to achieve this is to make it
+ free software which everyone can redistribute and change under these terms.
+ .
+   To do so, attach the following notices to the program.  It is safest
+ to attach them to the start of each source file to most effectively
+ state the exclusion of warranty; and each file should have at least
+ the "copyright" line and a pointer to where the full notice is found.
+ .
+     <one line to give the program's name and a brief idea of what it does.>
+     Copyright (C) <year>  <name of author>
+ .
+     This program is free software: you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation, either version 3 of the License, or
+     (at your option) any later version.
+ .
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+ .
+     You should have received a copy of the GNU General Public License
+     along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ .
+ Also add information on how to contact you by electronic and paper mail.
+ .
+   If the program does terminal interaction, make it output a short
+ notice like this when it starts in an interactive mode:
+ .
+     <program>  Copyright (C) <year>  <name of author>
+     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+     This is free software, and you are welcome to redistribute it
+     under certain conditions; type `show c' for details.
+ .
+ The hypothetical commands `show w' and `show c' should show the appropriate
+ parts of the General Public License.  Of course, your program's commands
+ might be different; for a GUI interface, you would use an "about box".
+ .
+   You should also get your employer (if you work as a programmer) or school,
+ if any, to sign a "copyright disclaimer" for the program, if necessary.
+ For more information on this, and how to apply and follow the GNU GPL, see
+ <https://www.gnu.org/licenses/>.
+ .
+   The GNU General Public License does not permit incorporating your program
+ into proprietary programs.  If your program is a subroutine library, you
+ may consider it more useful to permit linking proprietary applications with
+ the library.  If this is what you want to do, use the GNU Lesser General
+ Public License instead of this License.  But first, please read
+ <https://www.gnu.org/licenses/why-not-lgpl.html>.

debian/patches/series

@@ -0,0 +1 @@
+# You must remove unused comment lines for the released package.

debian/rules

@@ -0,0 +1,15 @@
+#!/usr/bin/make -f
+# You must remove unused comment lines for the released package.
+export DH_VERBOSE = 1
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND  = -Wall -pedantic
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+%:
+	dh $@  
+
+override_dh_auto_install:
+	dh_auto_install -- prefix=/usr
+
+#override_dh_install:
+#	dh_install --list-missing -X.pyc -X.pyo

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

debian/source/local-options

@@ -0,0 +1,2 @@
+#abort-on-upstream-changes
+#unapply-patches

debian/watch

@@ -0,0 +1,3 @@
+version=4
+opts="mode=git" https://github.com/yuezk/GlobalProtect-openconnect.git \
+   refs/tags/v([\d\.]+) debian uupdate

packaging/rpm/README.md

@@ -0,0 +1,5 @@
+## Command
+
+```sh
+docker run --rm -it -v ${PWD}:/rpm --workdir=/rpm --entrypoint ./entrypoint.sh centos:8
+```

packaging/rpm/entrypoint.sh

@@ -0,0 +1,21 @@
+#!/bin/bash -e
+
+# Install the build tools
+dnf install -y epel-release
+rpm --import http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
+dnf install -y make rpm-build rpm-devel rpmlint rpmdevtools
+
+# Install the build dependencies
+dnf install -y qt5-qtbase-devel qt5-qtwebengine-devel qt5-qtwebsockets-devel
+
+# Prepare the RPM build environment
+rpmdev-setuptree
+cp *.spec $HOME/rpmbuild/SPECS/
+cp *.tar.gz $HOME/rpmbuild/SOURCES/
+
+# Build
+rpmbuild -ba $HOME/rpmbuild/SPECS/globalprotect-openconnect.spec
+
+# Copy the package to the current directory
+cp $HOME/rpmbuild/RPMS/x86_64/globalprotect-openconnect-*.rpm .
+cp $HOME/rpmbuild/SRPMS/globalprotect-openconnect-*.src.rpm .

packaging/rpm/globalprotect-openconnect.spec

@@ -0,0 +1,39 @@
+Name:           globalprotect-openconnect
+Version:        1.3.0+SNAPSHOT20210829120923
+Release:        1
+Summary:        A GlobalProtect VPN client
+
+License:        GPLv3
+URL:            https://github.com/yuezk/GlobalProtect-openconnect
+Source0:        %{url}/releases/download/latest/globalprotect-openconnect_%{version}.full.tar.gz
+
+BuildRequires:  qt5-qtbase-devel qt5-qtwebengine-devel qt5-qtwebsockets-devel
+Requires:       qt5-qtbase >= 5.12 qt5-qtwebengine >= 5.12 qt5-qtwebsockets >= 5.12 openconnect >= 8.0
+
+%global debug_package %{nil}
+
+%description
+A GlobalProtect VPN client (GUI) for Linux based on OpenConnect and built with Qt5, supports SAML auth mode.
+
+
+%prep
+%autosetup
+
+
+%build
+qmake-qt5 CONFIG+=release
+%make_build
+
+
+%install
+INSTALL_ROOT=${RPM_BUILD_ROOT} %make_install
+
+
+%files
+/etc/systemd/system/gpservice.service
+/usr/bin/gpclient
+/usr/bin/gpservice
+/usr/share/applications/com.yuezk.qt.gpclient.desktop
+/usr/share/dbus-1/system-services/com.yuezk.qt.GPService.service
+/usr/share/dbus-1/system.d/com.yuezk.qt.GPService.conf
+/usr/share/pixmaps/com.yuezk.qt.GPClient.svg