Release 1.4.7

This reverts commit 4940830885.

.editorconfig

@@ -0,0 +1,13 @@
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = false
+trim_trailing_whitespace=true
+indent_style = space
+indent_size = 4
+
+[*.sh]
+indent_style = tab

.github/workflows/build.yml

@@ -18,8 +18,8 @@ jobs:
   build:
     strategy:
       matrix:
-        os: [ubuntu-18.04, ubuntu-20.04]
-    
+        os: [ubuntu-18.04, ubuntu-20.04, ubuntu-22.04]
+
     runs-on: ${{ matrix.os }}
 
     steps:
@@ -42,16 +42,20 @@ jobs:
         with:
           submodules: recursive
           fetch-depth: 0
-      
+
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
           pip install git-archive-all
-      
+
       - name: Archive all
         run: |
           ./scripts/snapshot-archive-all.sh
 
+      - name: Verify debian package
+        run: |
+          ./scripts/verify-debian-package.sh
+
       - uses: actions/upload-artifact@v2
         with:
           name: snapshot-source-code
@@ -68,62 +72,19 @@ jobs:
           name: snapshot-source-code
           path: artifacts
 
-      - name: Import GPG key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v4
+      - name: Extract source code
+        run: |
+          cd $GITHUB_WORKSPACE/artifacts
+          mkdir deb-build && cp *.tar.gz deb-build && cd deb-build
+          tar xf *.tar.gz
+
+      - name: Publish PPA
+        uses: yuezk/publish-ppa-package@develop
         with:
+          repository: 'ppa:yuezk/globalprotect-openconnect-snapshot'
           gpg_private_key: ${{ secrets.PPA_GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
-      
-      - name: Install dependencies
-        run: |
-          sudo apt update
-          sudo apt install debmake debhelper cmake \
-            libqt5websockets5-dev qtbase5-dev qtwebengine5-dev
-
-      - name: Build deb package for 18.04
-        run: |
-          cd $GITHUB_WORKSPACE/artifacts
-          mkdir build-18.04
-          cp *.tar.gz build-18.04 && cd build-18.04
-          tar xf *.tar.gz
-          cd globalprotect-openconnect-*/
-
-          PPA_GPG_PASSPHRASE=${{ secrets.PPA_GPG_PASSPHRASE }} \
-          PPA_GPG_KEYID=${{ steps.import_gpg.outputs.keyid }} ./scripts/ppa-publish.sh 18.04
-
-      - name: Build deb package for 20.04
-        run: | 
-          cd $GITHUB_WORKSPACE/artifacts
-          mkdir build-20.04
-          cp *.tar.gz build-20.04 && cd build-20.04
-          tar xf *.tar.gz
-          cd globalprotect-openconnect-*/
-
-          PPA_GPG_PASSPHRASE=${{ secrets.PPA_GPG_PASSPHRASE }} \
-          PPA_GPG_KEYID=${{ steps.import_gpg.outputs.keyid }} ./scripts/ppa-publish.sh 20.04
-
-      - name: Build deb package for 21.04
-        run: | 
-          cd $GITHUB_WORKSPACE/artifacts
-          mkdir build-21.04
-          cp *.tar.gz build-21.04 && cd build-21.04
-          tar xf *.tar.gz
-          cd globalprotect-openconnect-*/
-
-          PPA_GPG_PASSPHRASE=${{ secrets.PPA_GPG_PASSPHRASE }} \
-          PPA_GPG_KEYID=${{ steps.import_gpg.outputs.keyid }} ./scripts/ppa-publish.sh 21.04
-
-      - name: Build deb package for 21.10
-        run: | 
-          cd $GITHUB_WORKSPACE/artifacts
-          mkdir build-21.10
-          cp *.tar.gz build-21.10 && cd build-21.10
-          tar xf *.tar.gz
-          cd globalprotect-openconnect-*/
-
-          PPA_GPG_PASSPHRASE=${{ secrets.PPA_GPG_PASSPHRASE }} \
-          PPA_GPG_KEYID=${{ steps.import_gpg.outputs.keyid }} ./scripts/ppa-publish.sh 21.10
+          gpg_passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
+          pkgdir: '${{ github.workspace }}/artifacts/deb-build/globalprotect-openconnect*/'
 
   snapshot-aur:
     if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/develop' }}
@@ -137,13 +98,11 @@ jobs:
           path: artifacts
 
       - name: Publish AUR package
-        env:
-          VERSION: $(cat ./artifacts/VERSION)
         uses: yuezk/github-actions-deploy-aur@update-pkgver
         with:
           pkgname: globalprotect-openconnect-git
           pkgbuild: ./artifacts/aur/PKGBUILD
-          assets: ./artifacts/aur/*.tar.gz
+          assets: ./artifacts/aur/gp.install
           update_pkgver: true
           commit_username: ${{ secrets.AUR_USERNAME }}
           commit_email: ${{ secrets.AUR_EMAIL }}
@@ -170,7 +129,8 @@ jobs:
           files: ./artifacts/obs/*
 
   snapshot-snap:
-    if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/develop' }}
+    # if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/develop' }}
+    if: ${{ false }}
     needs: snapshot-archive-all
     runs-on: ubuntu-latest
 
@@ -179,14 +139,14 @@ jobs:
         with:
           name: snapshot-source-code
           path: artifacts
-      
+
       - name: Extract source code
         run: |
           mkdir snap-source
           tar xvf ./artifacts/globalprotect-openconnect-*tar.gz \
             --directory snap-source \
             --strip 1
-          
+
       - uses: snapcore/action-build@v1
         id: build
         with:
@@ -208,16 +168,20 @@ jobs:
         with:
           submodules: recursive
           fetch-depth: 0
-      
+
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
           pip install git-archive-all
-      
+
       - name: Archive all
         run: |
           ./scripts/release-archive-all.sh
 
+      - name: Verify debian package
+        run: |
+          ./scripts/verify-debian-package.sh
+
       - uses: actions/upload-artifact@v2
         with:
           name: release-source-code
@@ -234,63 +198,20 @@ jobs:
           name: release-source-code
           path: artifacts
 
-      - name: Import GPG key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v4
+      - name: Extract source code
+        run: |
+          cd $GITHUB_WORKSPACE/artifacts
+          mkdir deb-build && cp *.tar.gz deb-build && cd deb-build
+          tar xf *.tar.gz
+
+      - name: Publish PPA
+        uses: yuezk/publish-ppa-package@develop
         with:
+          repository: 'ppa:yuezk/globalprotect-openconnect'
           gpg_private_key: ${{ secrets.PPA_GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
-      
-      - name: Install dependencies
-        run: |
-          sudo apt update
-          sudo apt install debmake debhelper cmake \
-            libqt5websockets5-dev qtbase5-dev qtwebengine5-dev
+          gpg_passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
+          pkgdir: '${{ github.workspace }}/artifacts/deb-build/globalprotect-openconnect*/'
 
-      - name: Build deb package for 18.04
-        run: |
-          cd $GITHUB_WORKSPACE/artifacts
-          mkdir build-18.04
-          cp *.tar.gz build-18.04 && cd build-18.04
-          tar xf *.tar.gz
-          cd globalprotect-openconnect-*/
-
-          PPA_GPG_PASSPHRASE=${{ secrets.PPA_GPG_PASSPHRASE }} \
-          PPA_GPG_KEYID=${{ steps.import_gpg.outputs.keyid }} ./scripts/ppa-publish.sh 18.04 --stable
-
-      - name: Build deb package for 20.04
-        run: | 
-          cd $GITHUB_WORKSPACE/artifacts
-          mkdir build-20.04
-          cp *.tar.gz build-20.04 && cd build-20.04
-          tar xf *.tar.gz
-          cd globalprotect-openconnect-*/
-
-          PPA_GPG_PASSPHRASE=${{ secrets.PPA_GPG_PASSPHRASE }} \
-          PPA_GPG_KEYID=${{ steps.import_gpg.outputs.keyid }} ./scripts/ppa-publish.sh 20.04 --stable
-
-      - name: Build deb package for 21.04
-        run: | 
-          cd $GITHUB_WORKSPACE/artifacts
-          mkdir build-21.04
-          cp *.tar.gz build-21.04 && cd build-21.04
-          tar xf *.tar.gz
-          cd globalprotect-openconnect-*/
-
-          PPA_GPG_PASSPHRASE=${{ secrets.PPA_GPG_PASSPHRASE }} \
-          PPA_GPG_KEYID=${{ steps.import_gpg.outputs.keyid }} ./scripts/ppa-publish.sh 21.04 --stable
-
-      - name: Build deb package for 21.10
-        run: | 
-          cd $GITHUB_WORKSPACE/artifacts
-          mkdir build-21.10
-          cp *.tar.gz build-21.10 && cd build-21.10
-          tar xf *.tar.gz
-          cd globalprotect-openconnect-*/
-
-          PPA_GPG_PASSPHRASE=${{ secrets.PPA_GPG_PASSPHRASE }} \
-          PPA_GPG_KEYID=${{ steps.import_gpg.outputs.keyid }} ./scripts/ppa-publish.sh 21.10 --stable
-  
   release-aur:
     if: startsWith(github.ref, 'refs/tags/v')
     needs: release-archive-all
@@ -303,19 +224,17 @@ jobs:
           path: artifacts
 
       - name: Publish AUR package
-        env:
-          VERSION: $(cat ./artifacts/VERSION)
         uses: yuezk/github-actions-deploy-aur@update-pkgver
         with:
-          pkgname: globalprotect-openconnect
+          pkgname: globalprotect-openconnect-git
           pkgbuild: ./artifacts/aur/PKGBUILD
-          assets: ./artifacts/aur/*.tar.gz
+          assets: ./artifacts/aur/gp.install
           update_pkgver: true
           commit_username: ${{ secrets.AUR_USERNAME }}
           commit_email: ${{ secrets.AUR_EMAIL }}
           ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
           commit_message: 'Release ${{ github.ref }}'
-  
+
   release-obs:
     if: startsWith(github.ref, 'refs/tags/v')
     needs: release-archive-all
@@ -334,7 +253,7 @@ jobs:
           username: yuezk
           password: ${{ secrets.OBS_PASSWORD }}
           files: ./artifacts/obs/*
-  
+
   release-github:
     if: startsWith(github.ref, 'refs/tags/v')
     needs:
@@ -351,4 +270,4 @@ jobs:
       - uses: softprops/action-gh-release@v1
         with:
           files: |
-            ./artifacts/*.tar.gz
+            ./artifacts/*.tar.gz

.github/workflows/pre-release.yml

@@ -1,58 +0,0 @@
-name: Pre Release
-
-on:
-  workflow_dispatch:
-
-jobs:
-  pre-release:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
-    env:
-      DEBFULLNAME: "Kevin Yue"
-      DEBEMAIL: "yuezk001@gmail.com"
-
-    steps:
-      # Checkout repository and submodules
-      - uses: actions/checkout@v2
-        with:
-          submodules: recursive
-          fetch-depth: 0
-
-      - name: Init variables
-        id: vars
-        run: |
-          TAG=$(git tag --sort=-v:refname --list "v[0-9]*" | head -n 1 | cut -c 2-)
-          echo ::set-output name=VERSION::"${TAG}+SNAPSHOT$(date -u +"%Y%m%d%H%M%S")"
-          echo ::set-output name=TAG::${TAG}
-      
-      - name: Update debian/changelog
-        run: |
-          sudo apt install devscripts
-          git log --format="%s" v${{ steps.vars.outputs.TAG }}.. | xargs -L1 dch -v ${{ steps.vars.outputs.VERSION }}-1ppa1
-      
-      - name: "Archive all"
-        run: |
-          python -m pip install --upgrade pip
-          pip install git-archive-all
-          git-archive-all \
-            --force-submodules \
-            --prefix=globalprotect-openconnect-${{ steps.vars.outputs.VERSION }}/ \
-            ./globalprotect-openconnect-${{ steps.vars.outputs.VERSION }}.full.tar.gz
-      - name: "Debian Packaging"
-        run: |
-          sudo apt update
-          sudo apt install qtbase5-dev libqt5websockets5-dev qtwebengine5-dev qttools5-dev debhelper
-          mkdir build-debian && cd build-debian
-          cp ../*.tar.gz globalprotect-openconnect_${{ steps.vars.outputs.VERSION }}.orig.tar.gz
-          tar xf *.tar.gz
-          cd globalprotect-openconnect-${{ steps.vars.outputs.VERSION }}
-          fakeroot dpkg-buildpackage -uc -us -sa
-      - uses: "marvinpinto/action-automatic-releases@latest"
-        with:
-          repo_token: "${{ secrets.GITHUB_TOKEN }}"
-          automatic_release_tag: "latest"
-          prerelease: true
-          title: "globalprotect-openconnect_${{ steps.vars.outputs.VERSION }}"
-          files: |
-            *.tar.gz
-            build-debian/*.deb

.github/workflows/publish.yml

@@ -1,61 +0,0 @@
-name: Publish
-
-on:
-  workflow_dispatch:
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    
-    steps:
-      - name: Install Qt
-        uses: jurplel/install-qt-action@v2
-        with:
-          version: 5.12.11
-          modules: 'qtwebengine qtwebsockets'
-
-      # Checkout repository and submodules
-      - uses: actions/checkout@v2
-        with:
-          submodules: recursive
-
-      - name: Build
-        run: |
-          qmake CONFIG+=release
-          make
-
-  aur-publish:
-    needs:
-      - build
-  
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      
-      - name: Get latest version
-        id: get-version
-        run: |
-          echo ::set-output name=VERSION::$(git tag --sort=-v:refname --list "v[0-9]*" | head -n 1 | cut -c 2-)
-          
-      - name: Get the sha256sum
-        id: get-sha256sum
-        run: |
-          echo ::set-output name=SHA::$(curl -L https://github.com/yuezk/GlobalProtect-openconnect/archive/refs/tags/v${{ steps.get-version.outputs.VERSION }}.tar.gz | sha256sum | cut -f1 -d" ")
-      
-      - name: Generate PKGBUILD
-        run: |
-          sed "s/{PKG_VERSION}/${{ steps.get-version.outputs.VERSION }}/g;s/{SOURCE_SHA}/${{ steps.get-sha256sum.outputs.SHA }}/g" PKGBUILD.template > PKGBUILD
-      
-      - name: Publish AUR package
-        uses: KSXGitHub/github-actions-deploy-aur@v2.2.4
-        with:
-          pkgname: globalprotect-openconnect
-          pkgbuild: ./PKGBUILD
-          commit_username: ${{ secrets.AUR_USERNAME }}
-          commit_email: ${{ secrets.AUR_EMAIL }}
-          ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
-          commit_message: 'Release v${{ steps.get-version.outputs.VERSION }}'
-          force_push: true

.gitignore

@@ -8,6 +8,7 @@ build
 artifacts
 
 .cmake
+.idea
 
 # Auto generated DBus files
 *_adaptor.cpp
@@ -62,7 +63,7 @@ target_wrapper.*
 # QtCreator CMake
 CMakeLists.txt.user*
 
-# QtCreator 4.8< compilation database 
+# QtCreator 4.8< compilation database
 compile_commands.json
 
 # QtCreator local machine specific files for imported projects

.vscode/settings.json

@@ -23,4 +23,4 @@
         "qsslsocket": "cpp",
         "qapplication": "cpp"
     }
-}
+}

3rdparty/inih/CMakeLists.txt

@@ -0,0 +1,11 @@
+cmake_minimum_required(VERSION 3.10.0)
+
+project(inih)
+
+add_library(inih STATIC
+    ini.h
+    ini.c
+    cpp/INIReader.h
+    cpp/INIReader.cpp
+)
+target_include_directories(inih PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/cpp")

3rdparty/inih/LICENSE.txt

@@ -0,0 +1,27 @@
+
+The "inih" library is distributed under the New BSD license:
+
+Copyright (c) 2009, Ben Hoyt
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of Ben Hoyt nor the names of its contributors
+      may be used to endorse or promote products derived from this software
+      without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY BEN HOYT ''AS IS'' AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL BEN HOYT BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

3rdparty/inih/cpp/INIReader.cpp

@@ -0,0 +1,116 @@
+// Read an INI file into easy-to-access name/value pairs.
+
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Copyright (C) 2009-2020, Ben Hoyt
+
+// inih and INIReader are released under the New BSD license (see LICENSE.txt).
+// Go to the project home page for more info:
+//
+// https://github.com/benhoyt/inih
+
+#include <algorithm>
+#include <cctype>
+#include <cstdlib>
+#include "../ini.h"
+#include "INIReader.h"
+
+using std::string;
+
+INIReader::INIReader(const string& filename)
+{
+    _error = ini_parse(filename.c_str(), ValueHandler, this);
+}
+
+INIReader::INIReader(const char *buffer, size_t buffer_size)
+{
+  string content(buffer, buffer_size);
+  _error = ini_parse_string(content.c_str(), ValueHandler, this);
+}
+
+int INIReader::ParseError() const
+{
+    return _error;
+}
+
+string INIReader::Get(const string& section, const string& name, const string& default_value) const
+{
+    string key = MakeKey(section, name);
+    // Use _values.find() here instead of _values.at() to support pre C++11 compilers
+    return _values.count(key) ? _values.find(key)->second : default_value;
+}
+
+string INIReader::GetString(const string& section, const string& name, const string& default_value) const
+{
+    const string str = Get(section, name, "");
+    return str.empty() ? default_value : str;
+}
+
+long INIReader::GetInteger(const string& section, const string& name, long default_value) const
+{
+    string valstr = Get(section, name, "");
+    const char* value = valstr.c_str();
+    char* end;
+    // This parses "1234" (decimal) and also "0x4D2" (hex)
+    long n = strtol(value, &end, 0);
+    return end > value ? n : default_value;
+}
+
+double INIReader::GetReal(const string& section, const string& name, double default_value) const
+{
+    string valstr = Get(section, name, "");
+    const char* value = valstr.c_str();
+    char* end;
+    double n = strtod(value, &end);
+    return end > value ? n : default_value;
+}
+
+bool INIReader::GetBoolean(const string& section, const string& name, bool default_value) const
+{
+    string valstr = Get(section, name, "");
+    // Convert to lower case to make string comparisons case-insensitive
+    std::transform(valstr.begin(), valstr.end(), valstr.begin(), ::tolower);
+    if (valstr == "true" || valstr == "yes" || valstr == "on" || valstr == "1")
+        return true;
+    else if (valstr == "false" || valstr == "no" || valstr == "off" || valstr == "0")
+        return false;
+    else
+        return default_value;
+}
+
+bool INIReader::HasSection(const string& section) const
+{
+    const string key = MakeKey(section, "");
+    std::map<string, string>::const_iterator pos = _values.lower_bound(key);
+    if (pos == _values.end())
+        return false;
+    // Does the key at the lower_bound pos start with "section"?
+    return pos->first.compare(0, key.length(), key) == 0;
+}
+
+bool INIReader::HasValue(const string& section, const string& name) const
+{
+    string key = MakeKey(section, name);
+    return _values.count(key);
+}
+
+string INIReader::MakeKey(const string& section, const string& name)
+{
+    string key = section + "=" + name;
+    // Convert to lower case to make section/name lookups case-insensitive
+    std::transform(key.begin(), key.end(), key.begin(), ::tolower);
+    return key;
+}
+
+int INIReader::ValueHandler(void* user, const char* section, const char* name,
+                            const char* value)
+{
+    if (!name)  // Happens when INI_CALL_HANDLER_ON_NEW_SECTION enabled
+        return 1;
+    INIReader* reader = static_cast<INIReader*>(user);
+    string key = MakeKey(section, name);
+    if (reader->_values[key].size() > 0)
+        reader->_values[key] += "\n";
+    reader->_values[key] += value ? value : "";
+    return 1;
+}

3rdparty/inih/cpp/INIReader.h

@@ -0,0 +1,94 @@
+// Read an INI file into easy-to-access name/value pairs.
+
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Copyright (C) 2009-2020, Ben Hoyt
+
+// inih and INIReader are released under the New BSD license (see LICENSE.txt).
+// Go to the project home page for more info:
+//
+// https://github.com/benhoyt/inih
+
+#ifndef INIREADER_H
+#define INIREADER_H
+
+#include <map>
+#include <string>
+
+// Visibility symbols, required for Windows DLLs
+#ifndef INI_API
+#if defined _WIN32 || defined __CYGWIN__
+#	ifdef INI_SHARED_LIB
+#		ifdef INI_SHARED_LIB_BUILDING
+#			define INI_API __declspec(dllexport)
+#		else
+#			define INI_API __declspec(dllimport)
+#		endif
+#	else
+#		define INI_API
+#	endif
+#else
+#	if defined(__GNUC__) && __GNUC__ >= 4
+#		define INI_API __attribute__ ((visibility ("default")))
+#	else
+#		define INI_API
+#	endif
+#endif
+#endif
+
+// Read an INI file into easy-to-access name/value pairs. (Note that I've gone
+// for simplicity here rather than speed, but it should be pretty decent.)
+class INIReader
+{
+public:
+    // Construct INIReader and parse given filename. See ini.h for more info
+    // about the parsing.
+    INI_API explicit INIReader(const std::string& filename);
+
+    // Construct INIReader and parse given buffer. See ini.h for more info
+    // about the parsing.
+    INI_API explicit INIReader(const char *buffer, size_t buffer_size);
+
+    // Return the result of ini_parse(), i.e., 0 on success, line number of
+    // first error on parse error, or -1 on file open error.
+    INI_API int ParseError() const;
+
+    // Get a string value from INI file, returning default_value if not found.
+    INI_API std::string Get(const std::string& section, const std::string& name,
+                    const std::string& default_value) const;
+
+    // Get a string value from INI file, returning default_value if not found,
+    // empty, or contains only whitespace.
+    INI_API std::string GetString(const std::string& section, const std::string& name,
+                    const std::string& default_value) const;
+
+    // Get an integer (long) value from INI file, returning default_value if
+    // not found or not a valid integer (decimal "1234", "-1234", or hex "0x4d2").
+    INI_API long GetInteger(const std::string& section, const std::string& name, long default_value) const;
+
+    // Get a real (floating point double) value from INI file, returning
+    // default_value if not found or not a valid floating point value
+    // according to strtod().
+    INI_API double GetReal(const std::string& section, const std::string& name, double default_value) const;
+
+    // Get a boolean value from INI file, returning default_value if not found or if
+    // not a valid true/false value. Valid true values are "true", "yes", "on", "1",
+    // and valid false values are "false", "no", "off", "0" (not case sensitive).
+    INI_API bool GetBoolean(const std::string& section, const std::string& name, bool default_value) const;
+
+    // Return true if the given section exists (section must contain at least
+    // one name=value pair).
+    INI_API bool HasSection(const std::string& section) const;
+
+    // Return true if a value exists with the given section and field names.
+    INI_API bool HasValue(const std::string& section, const std::string& name) const;
+
+private:
+    int _error;
+    std::map<std::string, std::string> _values;
+    static std::string MakeKey(const std::string& section, const std::string& name);
+    static int ValueHandler(void* user, const char* section, const char* name,
+                            const char* value);
+};
+
+#endif  // INIREADER_H

3rdparty/inih/ini.c

@@ -0,0 +1,298 @@
+/* inih -- simple .INI file parser
+
+SPDX-License-Identifier: BSD-3-Clause
+
+Copyright (C) 2009-2020, Ben Hoyt
+
+inih is released under the New BSD license (see LICENSE.txt). Go to the project
+home page for more info:
+
+https://github.com/benhoyt/inih
+
+*/
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_WARNINGS)
+#define _CRT_SECURE_NO_WARNINGS
+#endif
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+
+#include "ini.h"
+
+#if !INI_USE_STACK
+#if INI_CUSTOM_ALLOCATOR
+#include <stddef.h>
+void* ini_malloc(size_t size);
+void ini_free(void* ptr);
+void* ini_realloc(void* ptr, size_t size);
+#else
+#include <stdlib.h>
+#define ini_malloc malloc
+#define ini_free free
+#define ini_realloc realloc
+#endif
+#endif
+
+#define MAX_SECTION 50
+#define MAX_NAME 50
+
+/* Used by ini_parse_string() to keep track of string parsing state. */
+typedef struct {
+    const char* ptr;
+    size_t num_left;
+} ini_parse_string_ctx;
+
+/* Strip whitespace chars off end of given string, in place. Return s. */
+static char* rstrip(char* s)
+{
+    char* p = s + strlen(s);
+    while (p > s && isspace((unsigned char)(*--p)))
+        *p = '\0';
+    return s;
+}
+
+/* Return pointer to first non-whitespace char in given string. */
+static char* lskip(const char* s)
+{
+    while (*s && isspace((unsigned char)(*s)))
+        s++;
+    return (char*)s;
+}
+
+/* Return pointer to first char (of chars) or inline comment in given string,
+   or pointer to NUL at end of string if neither found. Inline comment must
+   be prefixed by a whitespace character to register as a comment. */
+static char* find_chars_or_comment(const char* s, const char* chars)
+{
+#if INI_ALLOW_INLINE_COMMENTS
+    int was_space = 0;
+    while (*s && (!chars || !strchr(chars, *s)) &&
+           !(was_space && strchr(INI_INLINE_COMMENT_PREFIXES, *s))) {
+        was_space = isspace((unsigned char)(*s));
+        s++;
+    }
+#else
+    while (*s && (!chars || !strchr(chars, *s))) {
+        s++;
+    }
+#endif
+    return (char*)s;
+}
+
+/* Similar to strncpy, but ensures dest (size bytes) is
+   NUL-terminated, and doesn't pad with NULs. */
+static char* strncpy0(char* dest, const char* src, size_t size)
+{
+    /* Could use strncpy internally, but it causes gcc warnings (see issue #91) */
+    size_t i;
+    for (i = 0; i < size - 1 && src[i]; i++)
+        dest[i] = src[i];
+    dest[i] = '\0';
+    return dest;
+}
+
+/* See documentation in header file. */
+int ini_parse_stream(ini_reader reader, void* stream, ini_handler handler,
+                     void* user)
+{
+    /* Uses a fair bit of stack (use heap instead if you need to) */
+#if INI_USE_STACK
+    char line[INI_MAX_LINE];
+    int max_line = INI_MAX_LINE;
+#else
+    char* line;
+    size_t max_line = INI_INITIAL_ALLOC;
+#endif
+#if INI_ALLOW_REALLOC && !INI_USE_STACK
+    char* new_line;
+    size_t offset;
+#endif
+    char section[MAX_SECTION] = "";
+    char prev_name[MAX_NAME] = "";
+
+    char* start;
+    char* end;
+    char* name;
+    char* value;
+    int lineno = 0;
+    int error = 0;
+
+#if !INI_USE_STACK
+    line = (char*)ini_malloc(INI_INITIAL_ALLOC);
+    if (!line) {
+        return -2;
+    }
+#endif
+
+#if INI_HANDLER_LINENO
+#define HANDLER(u, s, n, v) handler(u, s, n, v, lineno)
+#else
+#define HANDLER(u, s, n, v) handler(u, s, n, v)
+#endif
+
+    /* Scan through stream line by line */
+    while (reader(line, (int)max_line, stream) != NULL) {
+#if INI_ALLOW_REALLOC && !INI_USE_STACK
+        offset = strlen(line);
+        while (offset == max_line - 1 && line[offset - 1] != '\n') {
+            max_line *= 2;
+            if (max_line > INI_MAX_LINE)
+                max_line = INI_MAX_LINE;
+            new_line = ini_realloc(line, max_line);
+            if (!new_line) {
+                ini_free(line);
+                return -2;
+            }
+            line = new_line;
+            if (reader(line + offset, (int)(max_line - offset), stream) == NULL)
+                break;
+            if (max_line >= INI_MAX_LINE)
+                break;
+            offset += strlen(line + offset);
+        }
+#endif
+
+        lineno++;
+
+        start = line;
+#if INI_ALLOW_BOM
+        if (lineno == 1 && (unsigned char)start[0] == 0xEF &&
+                           (unsigned char)start[1] == 0xBB &&
+                           (unsigned char)start[2] == 0xBF) {
+            start += 3;
+        }
+#endif
+        start = lskip(rstrip(start));
+
+        if (strchr(INI_START_COMMENT_PREFIXES, *start)) {
+            /* Start-of-line comment */
+        }
+#if INI_ALLOW_MULTILINE
+        else if (*prev_name && *start && start > line) {
+            /* Non-blank line with leading whitespace, treat as continuation
+               of previous name's value (as per Python configparser). */
+            if (!HANDLER(user, section, prev_name, start) && !error)
+                error = lineno;
+        }
+#endif
+        else if (*start == '[') {
+            /* A "[section]" line */
+            end = find_chars_or_comment(start + 1, "]");
+            if (*end == ']') {
+                *end = '\0';
+                strncpy0(section, start + 1, sizeof(section));
+                *prev_name = '\0';
+#if INI_CALL_HANDLER_ON_NEW_SECTION
+                if (!HANDLER(user, section, NULL, NULL) && !error)
+                    error = lineno;
+#endif
+            }
+            else if (!error) {
+                /* No ']' found on section line */
+                error = lineno;
+            }
+        }
+        else if (*start) {
+            /* Not a comment, must be a name[=:]value pair */
+            end = find_chars_or_comment(start, "=:");
+            if (*end == '=' || *end == ':') {
+                *end = '\0';
+                name = rstrip(start);
+                value = end + 1;
+#if INI_ALLOW_INLINE_COMMENTS
+                end = find_chars_or_comment(value, NULL);
+                if (*end)
+                    *end = '\0';
+#endif
+                value = lskip(value);
+                rstrip(value);
+
+                /* Valid name[=:]value pair found, call handler */
+                strncpy0(prev_name, name, sizeof(prev_name));
+                if (!HANDLER(user, section, name, value) && !error)
+                    error = lineno;
+            }
+            else if (!error) {
+                /* No '=' or ':' found on name[=:]value line */
+#if INI_ALLOW_NO_VALUE
+                *end = '\0';
+                name = rstrip(start);
+                if (!HANDLER(user, section, name, NULL) && !error)
+                    error = lineno;
+#else
+                error = lineno;
+#endif
+            }
+        }
+
+#if INI_STOP_ON_FIRST_ERROR
+        if (error)
+            break;
+#endif
+    }
+
+#if !INI_USE_STACK
+    ini_free(line);
+#endif
+
+    return error;
+}
+
+/* See documentation in header file. */
+int ini_parse_file(FILE* file, ini_handler handler, void* user)
+{
+    return ini_parse_stream((ini_reader)fgets, file, handler, user);
+}
+
+/* See documentation in header file. */
+int ini_parse(const char* filename, ini_handler handler, void* user)
+{
+    FILE* file;
+    int error;
+
+    file = fopen(filename, "r");
+    if (!file)
+        return -1;
+    error = ini_parse_file(file, handler, user);
+    fclose(file);
+    return error;
+}
+
+/* An ini_reader function to read the next line from a string buffer. This
+   is the fgets() equivalent used by ini_parse_string(). */
+static char* ini_reader_string(char* str, int num, void* stream) {
+    ini_parse_string_ctx* ctx = (ini_parse_string_ctx*)stream;
+    const char* ctx_ptr = ctx->ptr;
+    size_t ctx_num_left = ctx->num_left;
+    char* strp = str;
+    char c;
+
+    if (ctx_num_left == 0 || num < 2)
+        return NULL;
+
+    while (num > 1 && ctx_num_left != 0) {
+        c = *ctx_ptr++;
+        ctx_num_left--;
+        *strp++ = c;
+        if (c == '\n')
+            break;
+        num--;
+    }
+
+    *strp = '\0';
+    ctx->ptr = ctx_ptr;
+    ctx->num_left = ctx_num_left;
+    return str;
+}
+
+/* See documentation in header file. */
+int ini_parse_string(const char* string, ini_handler handler, void* user) {
+    ini_parse_string_ctx ctx;
+
+    ctx.ptr = string;
+    ctx.num_left = strlen(string);
+    return ini_parse_stream((ini_reader)ini_reader_string, &ctx, handler,
+                            user);
+}

3rdparty/inih/ini.h

@@ -0,0 +1,178 @@
+/* inih -- simple .INI file parser
+
+SPDX-License-Identifier: BSD-3-Clause
+
+Copyright (C) 2009-2020, Ben Hoyt
+
+inih is released under the New BSD license (see LICENSE.txt). Go to the project
+home page for more info:
+
+https://github.com/benhoyt/inih
+
+*/
+
+#ifndef INI_H
+#define INI_H
+
+/* Make this header file easier to include in C++ code */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdio.h>
+
+/* Nonzero if ini_handler callback should accept lineno parameter. */
+#ifndef INI_HANDLER_LINENO
+#define INI_HANDLER_LINENO 0
+#endif
+
+/* Visibility symbols, required for Windows DLLs */
+#ifndef INI_API
+#if defined _WIN32 || defined __CYGWIN__
+#	ifdef INI_SHARED_LIB
+#		ifdef INI_SHARED_LIB_BUILDING
+#			define INI_API __declspec(dllexport)
+#		else
+#			define INI_API __declspec(dllimport)
+#		endif
+#	else
+#		define INI_API
+#	endif
+#else
+#	if defined(__GNUC__) && __GNUC__ >= 4
+#		define INI_API __attribute__ ((visibility ("default")))
+#	else
+#		define INI_API
+#	endif
+#endif
+#endif
+
+/* Typedef for prototype of handler function. */
+#if INI_HANDLER_LINENO
+typedef int (*ini_handler)(void* user, const char* section,
+                           const char* name, const char* value,
+                           int lineno);
+#else
+typedef int (*ini_handler)(void* user, const char* section,
+                           const char* name, const char* value);
+#endif
+
+/* Typedef for prototype of fgets-style reader function. */
+typedef char* (*ini_reader)(char* str, int num, void* stream);
+
+/* Parse given INI-style file. May have [section]s, name=value pairs
+   (whitespace stripped), and comments starting with ';' (semicolon). Section
+   is "" if name=value pair parsed before any section heading. name:value
+   pairs are also supported as a concession to Python's configparser.
+
+   For each name=value pair parsed, call handler function with given user
+   pointer as well as section, name, and value (data only valid for duration
+   of handler call). Handler should return nonzero on success, zero on error.
+
+   Returns 0 on success, line number of first error on parse error (doesn't
+   stop on first error), -1 on file open error, or -2 on memory allocation
+   error (only when INI_USE_STACK is zero).
+*/
+INI_API int ini_parse(const char* filename, ini_handler handler, void* user);
+
+/* Same as ini_parse(), but takes a FILE* instead of filename. This doesn't
+   close the file when it's finished -- the caller must do that. */
+INI_API int ini_parse_file(FILE* file, ini_handler handler, void* user);
+
+/* Same as ini_parse(), but takes an ini_reader function pointer instead of
+   filename. Used for implementing custom or string-based I/O (see also
+   ini_parse_string). */
+INI_API int ini_parse_stream(ini_reader reader, void* stream, ini_handler handler,
+                     void* user);
+
+/* Same as ini_parse(), but takes a zero-terminated string with the INI data
+instead of a file. Useful for parsing INI data from a network socket or
+already in memory. */
+INI_API int ini_parse_string(const char* string, ini_handler handler, void* user);
+
+/* Nonzero to allow multi-line value parsing, in the style of Python's
+   configparser. If allowed, ini_parse() will call the handler with the same
+   name for each subsequent line parsed. */
+#ifndef INI_ALLOW_MULTILINE
+#define INI_ALLOW_MULTILINE 1
+#endif
+
+/* Nonzero to allow a UTF-8 BOM sequence (0xEF 0xBB 0xBF) at the start of
+   the file. See https://github.com/benhoyt/inih/issues/21 */
+#ifndef INI_ALLOW_BOM
+#define INI_ALLOW_BOM 1
+#endif
+
+/* Chars that begin a start-of-line comment. Per Python configparser, allow
+   both ; and # comments at the start of a line by default. */
+#ifndef INI_START_COMMENT_PREFIXES
+#define INI_START_COMMENT_PREFIXES ";#"
+#endif
+
+/* Nonzero to allow inline comments (with valid inline comment characters
+   specified by INI_INLINE_COMMENT_PREFIXES). Set to 0 to turn off and match
+   Python 3.2+ configparser behaviour. */
+#ifndef INI_ALLOW_INLINE_COMMENTS
+#define INI_ALLOW_INLINE_COMMENTS 1
+#endif
+#ifndef INI_INLINE_COMMENT_PREFIXES
+#define INI_INLINE_COMMENT_PREFIXES ";"
+#endif
+
+/* Nonzero to use stack for line buffer, zero to use heap (malloc/free). */
+#ifndef INI_USE_STACK
+#define INI_USE_STACK 1
+#endif
+
+/* Maximum line length for any line in INI file (stack or heap). Note that
+   this must be 3 more than the longest line (due to '\r', '\n', and '\0'). */
+#ifndef INI_MAX_LINE
+#define INI_MAX_LINE 200
+#endif
+
+/* Nonzero to allow heap line buffer to grow via realloc(), zero for a
+   fixed-size buffer of INI_MAX_LINE bytes. Only applies if INI_USE_STACK is
+   zero. */
+#ifndef INI_ALLOW_REALLOC
+#define INI_ALLOW_REALLOC 0
+#endif
+
+/* Initial size in bytes for heap line buffer. Only applies if INI_USE_STACK
+   is zero. */
+#ifndef INI_INITIAL_ALLOC
+#define INI_INITIAL_ALLOC 200
+#endif
+
+/* Stop parsing on first error (default is to keep parsing). */
+#ifndef INI_STOP_ON_FIRST_ERROR
+#define INI_STOP_ON_FIRST_ERROR 0
+#endif
+
+/* Nonzero to call the handler at the start of each new section (with
+   name and value NULL). Default is to only call the handler on
+   each name=value pair. */
+#ifndef INI_CALL_HANDLER_ON_NEW_SECTION
+#define INI_CALL_HANDLER_ON_NEW_SECTION 0
+#endif
+
+/* Nonzero to allow a name without a value (no '=' or ':' on the line) and
+   call the handler with value NULL in this case. Default is to treat
+   no-value lines as an error. */
+#ifndef INI_ALLOW_NO_VALUE
+#define INI_ALLOW_NO_VALUE 0
+#endif
+
+/* Nonzero to use custom ini_malloc, ini_free, and ini_realloc memory
+   allocation functions (INI_USE_STACK must also be 0). These functions must
+   have the same signatures as malloc/free/realloc and behave in a similar
+   way. ini_realloc is only needed if INI_ALLOW_REALLOC is set. */
+#ifndef INI_CUSTOM_ALLOCATOR
+#define INI_CUSTOM_ALLOCATOR 0
+#endif
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* INI_H */

CMakeLists.txt

@@ -1,5 +1,6 @@
 cmake_minimum_required(VERSION 3.10.0)
 
+set(CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/cmake;${CMAKE_MODULE_PATH}")
 set(CMAKE_CXX_STANDARD 11)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
 
@@ -7,9 +8,8 @@ set(CMAKE_AUTOMOC ON)
 set(CMAKE_AUTORCC ON)
 set(CMAKE_AUTOUIC ON)
 
-file(STRINGS "VERSION" ver)
-file(STRINGS "VERSION_SUFFIX" VERSION_SUFFIX)
-project(GlobalProtect-openconnect VERSION ${ver} LANGUAGES CXX)
+file(STRINGS "VERSION" version)
+project(GlobalProtect-openconnect LANGUAGES CXX)
 
 # Set the CMAKE_INSTALL_PREFIX to /usr if not specified
 if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
@@ -31,6 +31,7 @@ find_package(Qt5 REQUIRED COMPONENTS
 )
 
 add_subdirectory(3rdparty/qt-unix-signals)
+add_subdirectory(3rdparty/inih)
 add_subdirectory(GPService)
 add_subdirectory(GPClient)
 add_dependencies(gpclient gpservice)

GPClient/CMakeLists.txt

@@ -33,6 +33,11 @@ add_executable(gpclient
     gpclient.ui
     normalloginwindow.ui
     settingsdialog.ui
+    challengedialog.h
+    challengedialog.cpp
+    challengedialog.ui
+    vpn_dbus.cpp
+    vpn_json.cpp
     resources.qrc
     ${gpclient_GENERATED_SOURCES}
 )
@@ -52,7 +57,7 @@ add_3rdparty(
 add_3rdparty(
     plog
     GIT_REPOSITORY https://github.com/SergiusTheBest/plog.git
-    GIT_TAG 1.1.5
+    GIT_TAG master
     CMAKE_ARGS
         -DPLOG_BUILD_SAMPLES=OFF
         -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}
@@ -87,7 +92,7 @@ target_link_libraries(gpclient
     QtSignals
 )
 
-if (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 8.0)
+if (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 8.0 AND CMAKE_BUILD_TYPE STREQUAL Release)
     target_compile_options(gpclient PUBLIC "-ffile-prefix-map=${CMAKE_SOURCE_DIR}=.")
 endif()
 

GPClient/challengedialog.cpp

@@ -0,0 +1,38 @@
+#include <QtWidgets/QDialogButtonBox>
+#include <QtWidgets/QPushButton>
+
+#include "challengedialog.h"
+#include "ui_challengedialog.h"
+
+ChallengeDialog::ChallengeDialog(QWidget *parent) :
+    QDialog(parent),
+    ui(new Ui::ChallengeDialog)
+{
+    ui->setupUi(this);
+    ui->buttonBox->button(QDialogButtonBox::Ok)->setDisabled(true);
+}
+
+ChallengeDialog::~ChallengeDialog()
+{
+    delete ui;
+}
+
+void ChallengeDialog::setMessage(const QString &message)
+{
+    ui->challengeMessage->setText(message);
+}
+
+const QString ChallengeDialog::getChallenge()
+{
+    return ui->challengeInput->text();
+}
+
+void ChallengeDialog::on_challengeInput_textChanged(const QString &value)
+{
+    QPushButton *okBtn = ui->buttonBox->button(QDialogButtonBox::Ok);
+    if (value.isEmpty()) {
+        okBtn->setDisabled(true);
+    } else {
+        okBtn->setEnabled(true);
+    }
+}

GPClient/challengedialog.h

@@ -0,0 +1,28 @@
+#ifndef CHALLENGEDIALOG_H
+#define CHALLENGEDIALOG_H
+
+#include <QDialog>
+
+namespace Ui {
+class ChallengeDialog;
+}
+
+class ChallengeDialog : public QDialog
+{
+    Q_OBJECT
+
+public:
+    explicit ChallengeDialog(QWidget *parent = nullptr);
+    ~ChallengeDialog();
+
+    void setMessage(const QString &message);
+    const QString getChallenge();
+
+private slots:
+    void on_challengeInput_textChanged(const QString &arg1);
+
+private:
+    Ui::ChallengeDialog *ui;
+};
+
+#endif // CHALLENGEDIALOG_H

GPClient/challengedialog.ui

@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ui version="4.0">
+ <class>ChallengeDialog</class>
+ <widget class="QDialog" name="ChallengeDialog">
+  <property name="geometry">
+   <rect>
+    <x>0</x>
+    <y>0</y>
+    <width>405</width>
+    <height>200</height>
+   </rect>
+  </property>
+  <property name="windowTitle">
+   <string>GlobalProtect Challenge</string>
+  </property>
+  <property name="modal">
+   <bool>true</bool>
+  </property>
+  <layout class="QVBoxLayout" name="verticalLayout">
+   <item>
+    <layout class="QVBoxLayout" name="verticalLayout_2" stretch="1,1">
+     <item>
+      <widget class="QLabel" name="label">
+       <property name="font">
+        <font>
+         <pointsize>14</pointsize>
+         <weight>50</weight>
+         <bold>false</bold>
+        </font>
+       </property>
+       <property name="text">
+        <string>Sign In</string>
+       </property>
+      </widget>
+     </item>
+     <item>
+      <widget class="QLabel" name="challengeMessage">
+       <property name="text">
+        <string>Duo two-factor login for [redacted]  Enter a passcode or select one of the following options:   1. Duo Push to XXX-XXX-[redacted]  2. SMS passcodes to XXX-XXX-[redacted]  Passcode or option (1-2): </string>
+       </property>
+       <property name="alignment">
+        <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set>
+       </property>
+       <property name="wordWrap">
+        <bool>true</bool>
+       </property>
+      </widget>
+     </item>
+    </layout>
+   </item>
+   <item>
+    <widget class="QLineEdit" name="challengeInput">
+     <property name="echoMode">
+      <enum>QLineEdit::Password</enum>
+     </property>
+    </widget>
+   </item>
+   <item>
+    <widget class="QDialogButtonBox" name="buttonBox">
+     <property name="layoutDirection">
+      <enum>Qt::LeftToRight</enum>
+     </property>
+     <property name="orientation">
+      <enum>Qt::Horizontal</enum>
+     </property>
+     <property name="standardButtons">
+      <set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
+     </property>
+     <property name="centerButtons">
+      <bool>false</bool>
+     </property>
+    </widget>
+   </item>
+  </layout>
+ </widget>
+ <resources/>
+ <connections>
+  <connection>
+   <sender>buttonBox</sender>
+   <signal>accepted()</signal>
+   <receiver>ChallengeDialog</receiver>
+   <slot>accept()</slot>
+   <hints>
+    <hint type="sourcelabel">
+     <x>248</x>
+     <y>254</y>
+    </hint>
+    <hint type="destinationlabel">
+     <x>157</x>
+     <y>274</y>
+    </hint>
+   </hints>
+  </connection>
+  <connection>
+   <sender>buttonBox</sender>
+   <signal>rejected()</signal>
+   <receiver>ChallengeDialog</receiver>
+   <slot>reject()</slot>
+   <hints>
+    <hint type="sourcelabel">
+     <x>316</x>
+     <y>260</y>
+    </hint>
+    <hint type="destinationlabel">
+     <x>286</x>
+     <y>274</y>
+    </hint>
+   </hints>
+  </connection>
+ </connections>
+</ui>

GPClient/com.yuezk.qt.gpclient.desktop.in

@@ -6,7 +6,7 @@ Name=GlobalProtect VPN
 Comment=A GlobalProtect VPN client (GUI) for Linux based on OpenConnect and built with Qt5, supports SAML auth mode.
 GenericName=GlobalProtect VPN client, supports SAML auth mode
 Categories=Network;Dialup;
-Exec=@CMAKE_INSTALL_PREFIX@/bin/gpclient
+Exec=env QT_AUTO_SCREEN_SCALE_FACTOR=1 @CMAKE_INSTALL_PREFIX@/bin/gpclient
 Icon=com.yuezk.qt.gpclient
 Keywords=GlobalProtect;Openconnect;SAML;connection;VPN;
 StartupWMClass=gpclient

GPClient/gatewayauthenticator.cpp

@@ -1,14 +1,17 @@
 #include <QtNetwork/QNetworkReply>
+#include <QtCore/QRegularExpression>
+#include <QtCore/QRegularExpressionMatch>
 #include <plog/Log.h>
 
 #include "gatewayauthenticator.h"
 #include "gphelper.h"
 #include "loginparams.h"
 #include "preloginresponse.h"
+#include "challengedialog.h"
 
 using namespace gpclient::helper;
 
-GatewayAuthenticator::GatewayAuthenticator(const QString& gateway, const GatewayAuthenticatorParams params)
+GatewayAuthenticator::GatewayAuthenticator(const QString& gateway, GatewayAuthenticatorParams params)
     : QObject()
     , gateway(gateway)
     , params(params)
@@ -33,6 +36,7 @@ void GatewayAuthenticator::authenticate()
     loginParams.setUser(params.username());
     loginParams.setPassword(params.password());
     loginParams.setUserAuthCookie(params.userAuthCookie());
+    loginParams.setInputStr(params.inputStr());
 
     login(loginParams);
 }
@@ -48,10 +52,10 @@ void GatewayAuthenticator::login(const LoginParams &loginParams)
 void GatewayAuthenticator::onLoginFinished()
 {
     QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
-    QByteArray response;
+    QByteArray response = reply->readAll();
 
-    if (reply->error() || (response = reply->readAll()).contains("Authentication failure")) {
-        PLOGE << QString("Failed to login the gateway at %1, %2").arg(loginUrl).arg(reply->errorString());
+    if (reply->error() || response.contains("Authentication failure")) {
+        PLOGE << QString("Failed to login the gateway at %1, %2").arg(loginUrl, reply->errorString());
 
         if (normalLoginWindow) {
             normalLoginWindow->setProcessing(false);
@@ -62,6 +66,13 @@ void GatewayAuthenticator::onLoginFinished()
         return;
     }
 
+    // 2FA
+    if (response.contains("Challenge")) {
+        PLOGI << "The server need input the challenge...";
+        showChallenge(response);
+        return;
+    }
+
     if (normalLoginWindow) {
         normalLoginWindow->close();
     }
@@ -83,7 +94,7 @@ void GatewayAuthenticator::onPreloginFinished()
     QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
 
     if (reply->error()) {
-        PLOGE << QString("Failed to prelogin the gateway at %1, %2").arg(preloginUrl).arg(reply->errorString());
+        PLOGE << QString("Failed to prelogin the gateway at %1, %2").arg(preloginUrl, reply->errorString());
 
         emit fail("Error occurred on the gateway prelogin interface.");
         return;
@@ -98,7 +109,7 @@ void GatewayAuthenticator::onPreloginFinished()
     } else if (response.hasNormalAuthFields()) {
         normalAuth(response.labelUsername(), response.labelPassword(), response.authMessage());
     } else {
-        PLOGE << QString("Unknown prelogin response for %1, got %2").arg(preloginUrl).arg(QString::fromUtf8(response.rawResponse()));
+        PLOGE << QString("Unknown prelogin response for %1, got %2").arg(preloginUrl, QString::fromUtf8(response.rawResponse()));
         emit fail("Unknown response for gateway prelogin interface.");
     }
 
@@ -107,7 +118,7 @@ void GatewayAuthenticator::onPreloginFinished()
 
 void GatewayAuthenticator::normalAuth(QString labelUsername, QString labelPassword, QString authMessage)
 {
-    PLOGI << QString("Trying to perform the normal login with %1 / %2 credentials").arg(labelUsername).arg(labelPassword);
+    PLOGI << QString("Trying to perform the normal login with %1 / %2 credentials").arg(labelUsername, labelPassword);
 
     normalLoginWindow = new NormalLoginWindow;
     normalLoginWindow->setPortalAddress(gateway);
@@ -128,11 +139,10 @@ void GatewayAuthenticator::onPerformNormalLogin(const QString &username, const Q
     PLOGI << "Start to perform normal login...";
 
     normalLoginWindow->setProcessing(true);
-    LoginParams loginParams { params.clientos() };
-    loginParams.setUser(username);
-    loginParams.setPassword(password);
+    params.setUsername(username);
+    params.setPassword(password);
     
-    login(loginParams);
+    authenticate();
 }
 
 void GatewayAuthenticator::onLoginWindowRejected()
@@ -152,9 +162,18 @@ void GatewayAuthenticator::samlAuth(QString samlMethod, QString samlRequest, QSt
 
     SAMLLoginWindow *loginWindow = new SAMLLoginWindow;
 
-    connect(loginWindow, &SAMLLoginWindow::success, this, &GatewayAuthenticator::onSAMLLoginSuccess);
-    connect(loginWindow, &SAMLLoginWindow::fail, this, &GatewayAuthenticator::onSAMLLoginFail);
-    connect(loginWindow, &SAMLLoginWindow::rejected, this, &GatewayAuthenticator::onLoginWindowRejected);
+    connect(loginWindow, &SAMLLoginWindow::success, [this, loginWindow](const QMap<QString, QString> &samlResult) {
+        this->onSAMLLoginSuccess(samlResult);
+        loginWindow->deleteLater();
+    });
+    connect(loginWindow, &SAMLLoginWindow::fail, [this, loginWindow](const QString &error) {
+        this->onSAMLLoginFail(error);
+        loginWindow->deleteLater();
+    });
+    connect(loginWindow, &SAMLLoginWindow::rejected, [this, loginWindow]() {
+        this->onLoginWindowRejected();
+        loginWindow->deleteLater();
+    });
 
     loginWindow->login(samlMethod, samlRequest, preloginUrl);
 }
@@ -179,3 +198,38 @@ void GatewayAuthenticator::onSAMLLoginFail(const QString msg)
 {
     emit fail(msg);
 }
+
+void GatewayAuthenticator::showChallenge(const QString &responseText)
+{
+    QRegularExpression re("\"(.*?)\";");
+    QRegularExpressionMatchIterator i = re.globalMatch(responseText);
+
+    i.next(); // Skip the status value
+    QString message = i.next().captured(1);
+    QString inputStr = i.next().captured(1);
+    // update the inputSrc field
+    params.setInputStr(inputStr);
+
+    challengeDialog = new ChallengeDialog;
+    challengeDialog->setMessage(message);
+
+    connect(challengeDialog, &ChallengeDialog::accepted, this, [this] {
+        params.setPassword(challengeDialog->getChallenge());
+        PLOGI << "Challenge submitted, try to re-authenticate...";
+        authenticate();
+    });
+
+    connect(challengeDialog, &ChallengeDialog::rejected, this, [this] {
+        if (normalLoginWindow) {
+            normalLoginWindow->close();
+        }
+        emit fail();
+    });
+
+    connect(challengeDialog, &ChallengeDialog::finished, this, [this] {
+        delete challengeDialog;
+        challengeDialog = nullptr;
+    });
+
+    challengeDialog->show();
+}

GPClient/gatewayauthenticator.h

@@ -4,6 +4,7 @@
 #include <QtCore/QObject>
 
 #include "normalloginwindow.h"
+#include "challengedialog.h"
 #include "loginparams.h"
 #include "gatewayauthenticatorparams.h"
 
@@ -11,7 +12,7 @@ class GatewayAuthenticator : public QObject
 {
     Q_OBJECT
 public:
-    explicit GatewayAuthenticator(const QString& gateway, const GatewayAuthenticatorParams params);
+    explicit GatewayAuthenticator(const QString& gateway, GatewayAuthenticatorParams params);
     ~GatewayAuthenticator();
 
     void authenticate();
@@ -31,16 +32,18 @@ private slots:
 
 private:
     QString gateway;
-    const GatewayAuthenticatorParams params;
+    GatewayAuthenticatorParams params;
     QString preloginUrl;
     QString loginUrl;
 
     NormalLoginWindow *normalLoginWindow{ nullptr };
+    ChallengeDialog *challengeDialog{ nullptr };
 
     void login(const LoginParams& loginParams);
     void doAuth();
     void normalAuth(QString labelUsername, QString labelPassword, QString authMessage);
     void samlAuth(QString samlMethod, QString samlRequest, QString preloginUrl = "");
+    void showChallenge(const QString &responseText);
 };
 
 #endif // GATEWAYAUTHENTICATOR_H

GPClient/gatewayauthenticatorparams.cpp

@@ -55,3 +55,13 @@ void GatewayAuthenticatorParams::setClientos(const QString &newClientos)
     m_clientos = newClientos;
 }
 
+const QString &GatewayAuthenticatorParams::inputStr() const
+{
+    return m_inputStr;
+}
+
+void GatewayAuthenticatorParams::setInputStr(const QString &inputStr)
+{
+    m_inputStr = inputStr;
+}
+

GPClient/gatewayauthenticatorparams.h

@@ -24,11 +24,15 @@ public:
     const QString &clientos() const;
     void setClientos(const QString &newClientos);
 
+    const QString &inputStr() const;
+    void setInputStr(const QString &inputStr);
+
 private:
     QString m_username;
     QString m_password;
     QString m_userAuthCookie;
     QString m_clientos;
+    QString m_inputStr;
 };
 
 #endif // GATEWAYAUTHENTICATORPARAMS_H

GPClient/gpclient.cpp

@@ -11,9 +11,10 @@
 
 using namespace gpclient::helper;
 
-GPClient::GPClient(QWidget *parent)
+GPClient::GPClient(QWidget *parent, IVpn *vpn)
     : QMainWindow(parent)
     , ui(new Ui::GPClient)
+    , vpn(vpn)
     , settingsDialog(new SettingsDialog(this))
 {
     ui->setupUi(this);
@@ -25,16 +26,16 @@ GPClient::GPClient(QWidget *parent)
     setupSettings();
 
     // Restore portal from the previous settings
-    ui->portalInput->setText(settings::get("portal", "").toString());
+    this->portal(settings::get("portal", "").toString());
 
     // DBus service setup
-    vpn = new com::yuezk::qt::GPService("com.yuezk.qt.GPService", "/", QDBusConnection::systemBus(), this);
-    connect(vpn, &com::yuezk::qt::GPService::connected, this, &GPClient::onVPNConnected);
-    connect(vpn, &com::yuezk::qt::GPService::disconnected, this, &GPClient::onVPNDisconnected);
-    connect(vpn, &com::yuezk::qt::GPService::error, this, &GPClient::onVPNError);
-    connect(vpn, &com::yuezk::qt::GPService::logAvailable, this, &GPClient::onVPNLogAvailable);
+    QObject *ov = dynamic_cast<QObject*>(vpn);
+    connect(ov, SIGNAL(connected()), this, SLOT(onVPNConnected()));
+    connect(ov, SIGNAL(disconnected()), this, SLOT(onVPNDisconnected()));
+    connect(ov, SIGNAL(error(QString)), this, SLOT(onVPNError(QString)));
+    connect(ov, SIGNAL(logAvailable(QString)), this, SLOT(onVPNLogAvailable(QString)));
 
-    // Initiallize the context menu of system tray.
+    // Initialize the context menu of system tray.
     initSystemTrayIcon();
     initVpnStatus();
 }
@@ -67,14 +68,12 @@ void GPClient::setupSettings()
 
 void GPClient::onSettingsButtonClicked()
 {
-    settingsDialog->setExtraArgs(settings::get("extraArgs", "").toString());
     settingsDialog->setClientos(settings::get("clientos", "Linux").toString());
     settingsDialog->show();
 }
 
 void GPClient::onSettingsAccepted()
 {
-    settings::save("extraArgs", settingsDialog->extraArgs());
     settings::save("clientos", settingsDialog->clientos());
 }
 
@@ -154,7 +153,7 @@ void GPClient::populateGatewayMenu()
         if (g.name() == currentGatewayName) {
             iconImage = ":/images/radio_selected.png";
         }
-        gatewaySwitchMenu->addAction(QIcon(iconImage), g.name())->setData(i);
+        gatewaySwitchMenu->addAction(QIcon(iconImage), QString("%1 (%2)").arg(g.name(), g.address()))->setData(i);
     }
 }
 
@@ -280,12 +279,24 @@ void GPClient::portalLogin()
 {
     PortalAuthenticator *portalAuth = new PortalAuthenticator(portal(), settings::get("clientos", "Linux").toString());
 
-    connect(portalAuth, &PortalAuthenticator::success, this, &GPClient::onPortalSuccess);
+    connect(portalAuth, &PortalAuthenticator::success, [this, portalAuth](const PortalConfigResponse response, const QString region) {
+        this->onPortalSuccess(response, region);
+        portalAuth->deleteLater();
+    });
     // Prelogin failed on the portal interface, try to treat the portal as a gateway interface
-    connect(portalAuth, &PortalAuthenticator::preloginFailed, this, &GPClient::onPortalPreloginFail);
-    connect(portalAuth, &PortalAuthenticator::portalConfigFailed, this, &GPClient::onPortalConfigFail);
+    connect(portalAuth, &PortalAuthenticator::preloginFailed, [this, portalAuth](const QString msg) {
+        this->onPortalPreloginFail(msg);
+        portalAuth->deleteLater();
+    });
+    connect(portalAuth, &PortalAuthenticator::portalConfigFailed, [this, portalAuth](const QString msg) {
+        this->onPortalConfigFail(msg);
+        portalAuth->deleteLater();
+    });
     // Portal login failed
-    connect(portalAuth, &PortalAuthenticator::fail, this, &GPClient::onPortalFail);
+    connect(portalAuth, &PortalAuthenticator::fail, [this, portalAuth](const QString &msg) {
+        this->onPortalFail(msg);
+        portalAuth->deleteLater();
+    });
 
     ui->statusLabel->setText("Authenticating...");
     updateConnectionStatus(VpnStatus::pending);
@@ -296,7 +307,7 @@ void GPClient::onPortalSuccess(const PortalConfigResponse portalConfig, const QS
 {
     PLOGI << "Portal authentication succeeded.";
 
-    // No gateway found in protal configuration
+    // No gateway found in portal configuration
     if (portalConfig.allGateways().size() == 0) {
         PLOGI << "No gateway found in portal configuration, treat the portal address as a gateway.";
         tryGatewayLogin();
@@ -360,8 +371,14 @@ void GPClient::gatewayLogin()
 
     GatewayAuthenticator *gatewayAuth = new GatewayAuthenticator(currentGateway().address(), params);
 
-    connect(gatewayAuth, &GatewayAuthenticator::success, this, &GPClient::onGatewaySuccess);
-    connect(gatewayAuth, &GatewayAuthenticator::fail, this, &GPClient::onGatewayFail);
+    connect(gatewayAuth, &GatewayAuthenticator::success, [this, gatewayAuth](const QString &authToken) {
+        this->onGatewaySuccess(authToken);
+        gatewayAuth->deleteLater();
+    });
+    connect(gatewayAuth, &GatewayAuthenticator::fail, [this, gatewayAuth](const QString &msg) {
+        this->onGatewayFail(msg);
+        gatewayAuth->deleteLater();
+    });
 
     ui->statusLabel->setText("Authenticating...");
     updateConnectionStatus(VpnStatus::pending);
@@ -373,7 +390,11 @@ void GPClient::onGatewaySuccess(const QString &authCookie)
     PLOGI << "Gateway login succeeded, got the cookie " << authCookie;
 
     isQuickConnect = false;
-    vpn->connect(currentGateway().address(), portalConfig.username(), authCookie, settings::get("extraArgs", "").toString());
+    QList<QString> gatewayAddresses;
+    for (GPGateway &gw : allGateways()) {
+      gatewayAddresses.push_back(gw.address());
+    }
+    vpn->connect(currentGateway().address(), gatewayAddresses, portalConfig.username(), authCookie);
     ui->statusLabel->setText("Connecting...");
     updateConnectionStatus(VpnStatus::pending);
 }
@@ -410,6 +431,11 @@ QString GPClient::portal() const
     return input;
 }
 
+void GPClient::portal(QString p)
+{
+    ui->portalInput->setText(p);
+}
+
 bool GPClient::connected() const
 {
     const QString statusText = ui->statusLabel->text();

GPClient/gpclient.h

@@ -6,9 +6,10 @@
 #include <QtWidgets/QMenu>
 #include <QtWidgets/QPushButton>
 
-#include "gpserviceinterface.h"
 #include "portalconfigresponse.h"
 #include "settingsdialog.h"
+#include "vpn.h"
+#include "gatewayauthenticator.h"
 
 QT_BEGIN_NAMESPACE
 namespace Ui { class GPClient; }
@@ -19,12 +20,20 @@ class GPClient : public QMainWindow
     Q_OBJECT
 
 public:
-    GPClient(QWidget *parent = nullptr);
+    GPClient(QWidget *parent, IVpn *vpn);
     ~GPClient();
 
     void activate();
     void quit();
 
+    QString portal() const;
+    void portal(QString);
+
+    GPGateway currentGateway() const;
+    void setCurrentGateway(const GPGateway gateway);
+
+    void doConnect();
+
 private slots:
     void onSettingsButtonClicked();
     void onSettingsAccepted();
@@ -58,7 +67,7 @@ private:
     };
 
     Ui::GPClient *ui;
-    com::yuezk::qt::GPService *vpn;
+    IVpn *vpn;
 
     QSystemTrayIcon *systemTrayIcon;
     QMenu *contextMenu;
@@ -72,6 +81,8 @@ private:
     SettingsDialog *settingsDialog;
     QPushButton *settingsButton;
 
+    GatewayAuthenticator *gatewayAuthenticator;
+
     bool isQuickConnect { false };
     bool isSwitchingGateway { false };
     PortalConfigResponse portalConfig;
@@ -83,20 +94,15 @@ private:
     void populateGatewayMenu();
     void updateConnectionStatus(const VpnStatus &status);
 
-    void doConnect();
     void portalLogin();
     void tryGatewayLogin();
     void gatewayLogin();
 
-    QString portal() const;
     bool connected() const;
 
     QList<GPGateway> allGateways() const;
     void setAllGateways(QList<GPGateway> gateways);
 
-    GPGateway currentGateway() const;
-    void setCurrentGateway(const GPGateway gateway);
-
     void clearSettings();
 };
 #endif // GPCLIENT_H

GPClient/gphelper.cpp

@@ -19,6 +19,7 @@ QNetworkReply* gpclient::helper::createRequest(QString url, QByteArray params)
     // Skip the ssl verifying
     QSslConfiguration conf = request.sslConfiguration();
     conf.setPeerVerifyMode(QSslSocket::VerifyNone);
+    conf.setSslOption(QSsl::SslOptionDisableLegacyRenegotiation, false);
     request.setSslConfiguration(conf);
 
     request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
@@ -32,7 +33,7 @@ QNetworkReply* gpclient::helper::createRequest(QString url, QByteArray params)
 
 GPGateway gpclient::helper::filterPreferredGateway(QList<GPGateway> gateways, const QString ruleName)
 {
-    PLOGI << gateways.size() << " gateway(s) avaiable, filter the gateways with rule: " << ruleName;
+    PLOGI << gateways.size() << " gateway(s) available, filter the gateways with rule: " << ruleName;
 
     GPGateway gateway = gateways.first();
 

GPClient/loginparams.cpp

@@ -6,7 +6,7 @@ LoginParams::LoginParams(const QString clientos)
 {
     params.addQueryItem("prot", QUrl::toPercentEncoding("https:"));
     params.addQueryItem("server", "");
-    params.addQueryItem("inputSrc", "");
+    params.addQueryItem("inputStr", "");
     params.addQueryItem("jnlpReady", "jnlpReady");
     params.addQueryItem("user", "");
     params.addQueryItem("passwd", "");
@@ -61,6 +61,11 @@ void LoginParams::setPreloginCookie(const QString cookie)
     updateQueryItem("prelogin-cookie", cookie);
 }
 
+void LoginParams::setInputStr(const QString inputStr)
+{
+    updateQueryItem("inputStr", inputStr);
+}
+
 QByteArray LoginParams::toUtf8() const
 {
     return params.toString().toUtf8();

GPClient/loginparams.h

@@ -15,6 +15,7 @@ public:
     void setUserAuthCookie(const QString cookie);
     void setPrelogonAuthCookie(const QString cookie);
     void setPreloginCookie(const QString cookie);
+    void setInputStr(const QString inputStr);
 
     QByteArray toUtf8() const;
 

GPClient/main.cpp

@@ -1,40 +1,71 @@
 #include <QtCore/QObject>
 #include <QtCore/QString>
-#include <QtCore/QDir>
 #include <QtCore/QStandardPaths>
 #include <plog/Log.h>
+#include <plog/Init.h>
 #include <plog/Appenders/ColorConsoleAppender.h>
+#include <plog/Formatters/TxtFormatter.h>
 
 #include "singleapplication.h"
 #include "gpclient.h"
+#include "vpn_dbus.h"
+#include "vpn_json.h"
 #include "enhancedwebview.h"
 #include "sigwatch.h"
 #include "version.h"
 
+#define QT_AUTO_SCREEN_SCALE_FACTOR "QT_AUTO_SCREEN_SCALE_FACTOR"
+
 int main(int argc, char *argv[])
 {
-    const QDir path = QStandardPaths::writableLocation(QStandardPaths::GenericCacheLocation) + "/GlobalProtect-openconnect";
-    const QString logFile = path.path() + "/gpclient.log";
-    if (!path.exists()) {
-        path.mkpath(".");
-    }
-
-    static plog::ColorConsoleAppender<plog::TxtFormatter> consoleAppender;
-    plog::init(plog::debug, logFile.toUtf8()).addAppender(&consoleAppender);
+    plog::ColorConsoleAppender<plog::TxtFormatter> consoleAppender(plog::streamStdErr);
+    plog::init(plog::debug, &consoleAppender);
 
     PLOGI << "GlobalProtect started, version: " << VERSION;
 
-    QString port = QString::fromLocal8Bit(qgetenv(ENV_CDP_PORT));
+    auto port = QString::fromLocal8Bit(qgetenv(ENV_CDP_PORT));
+    auto hidpiSupport = QString::fromLocal8Bit(qgetenv(QT_AUTO_SCREEN_SCALE_FACTOR));
 
-    if (port == "") {
+    if (port.isEmpty()) {
         qputenv(ENV_CDP_PORT, "12315");
     }
 
+    if (hidpiSupport.isEmpty()) {
+        qputenv(QT_AUTO_SCREEN_SCALE_FACTOR, "1");
+    }
+
     SingleApplication app(argc, argv);
     app.setQuitOnLastWindowClosed(false);
 
-    GPClient w;
-    w.show();
+    QCommandLineParser parser;
+    parser.addHelpOption();
+    parser.addVersionOption();
+    parser.addPositionalArgument("server", "The URL of the VPN server. Optional.");
+    parser.addPositionalArgument("gateway", "The URL of the specific VPN gateway. Optional.");
+    parser.addOptions({
+      {"json", "Write the result of the handshake with the GlobalConnect server to stdout as JSON and terminate. Useful for scripting."},
+      {"now", "Do not show the dialog with the connect button; connect immediately instead."},
+      {"start-minimized", "Launch the client minimized."},
+    });
+    parser.process(app);
+
+    const auto positional = parser.positionalArguments();
+
+    auto *vpn = parser.isSet("json") // yes it leaks, but this is cleared on exit anyway
+      ? static_cast<IVpn*>(new VpnJson(nullptr)) // Print to stdout and exit
+      : static_cast<IVpn*>(new VpnDbus(nullptr)); // Contact GPService daemon via dbus
+    GPClient w(nullptr, vpn);
+    parser.isSet("start-minimized") ? w.showMinimized() : w.show();
+
+    if (positional.size() > 0) {
+      w.portal(positional.at(0));
+    }
+    if (positional.size() > 1) {
+      GPGateway gw;
+      gw.setName(positional.at(1));
+      gw.setAddress(positional.at(1));
+      w.setCurrentGateway(gw);
+    }
 
     QObject::connect(&app, &SingleApplication::instanceStarted, &w, &GPClient::activate);
 
@@ -45,5 +76,12 @@ int main(int argc, char *argv[])
     sigwatch.watchForSignal(SIGHUP);
     QObject::connect(&sigwatch, &UnixSignalWatcher::unixSignal, &w, &GPClient::quit);
 
+    if (parser.isSet("now")) {
+      w.doConnect();
+    }
+    if (parser.isSet("json")) {
+      QObject::connect(static_cast<VpnJson*>(vpn), &VpnJson::connected, &w, &GPClient::quit);
+    }
+
     return app.exec();
 }

GPClient/portalauthenticator.cpp

@@ -41,7 +41,7 @@ void PortalAuthenticator::onPreloginFinished()
     QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
 
     if (reply->error()) {
-        PLOGE << QString("Error occurred while accessing %1, %2").arg(preloginUrl).arg(reply->errorString());
+        PLOGE << QString("Error occurred while accessing %1, %2").arg(preloginUrl, reply->errorString());
         emit preloginFailed("Error occurred on the portal prelogin interface.");
         delete reply;
         return;
@@ -122,9 +122,18 @@ void PortalAuthenticator::samlAuth()
 
     SAMLLoginWindow *loginWindow = new SAMLLoginWindow;
 
-    connect(loginWindow, &SAMLLoginWindow::success, this, &PortalAuthenticator::onSAMLLoginSuccess);
-    connect(loginWindow, &SAMLLoginWindow::fail, this, &PortalAuthenticator::onSAMLLoginFail);
-    connect(loginWindow, &SAMLLoginWindow::rejected, this, &PortalAuthenticator::onLoginWindowRejected);
+    connect(loginWindow, &SAMLLoginWindow::success, [this, loginWindow](const QMap<QString, QString> samlResult) {
+        onSAMLLoginSuccess(samlResult);
+        loginWindow->deleteLater();
+    });
+    connect(loginWindow, &SAMLLoginWindow::fail, [this, loginWindow](const QString msg) {
+        onSAMLLoginFail(msg);
+        loginWindow->deleteLater();
+    });
+    connect(loginWindow, &SAMLLoginWindow::rejected, [this, loginWindow]() {
+        onLoginWindowRejected();
+        loginWindow->deleteLater();
+    });
 
     loginWindow->login(preloginResponse.samlMethod(), preloginResponse.samlRequest(), preloginUrl);
 }
@@ -195,9 +204,6 @@ void PortalAuthenticator::onFetchConfigFinished()
     if (normalLoginWindow) {
         PLOGI << "Closing the NormalLoginWindow...";
 
-        // Save the credentials for reuse
-        settings::save("username", username);
-        settings::save("password", password);
         normalLoginWindow->close();
     }
 

GPClient/portalconfigresponse.cpp

@@ -78,10 +78,7 @@ QList<GPGateway> PortalConfigResponse::parseGateways(QXmlStreamReader &xmlReader
         // Parse the gateways -> external -> list -> entry
         if (xmlReader.name() == "entry" && xmlReader.isStartElement()) {
             GPGateway g;
-            QString address = xmlReader.attributes().value("name").toString();
-            g.setAddress(address);
-            g.setPriorityRules(parsePriorityRules(xmlReader));
-            g.setName(parseGatewayName(xmlReader));
+            parseGateway(xmlReader, g);
             gateways.append(g);
         }
     }
@@ -91,45 +88,49 @@ QList<GPGateway> PortalConfigResponse::parseGateways(QXmlStreamReader &xmlReader
     return gateways;
 }
 
-QMap<QString, int> PortalConfigResponse::parsePriorityRules(QXmlStreamReader &xmlReader)
-{
-    PLOGI << "Start parsing the priority rules...";
+void PortalConfigResponse::parseGateway(QXmlStreamReader &reader, GPGateway &gateway) {
+    PLOGI << "Start parsing gateway...";
 
-    QMap<QString, int> priorityRules;
-
-    while ((xmlReader.name() != "priority-rule" || !xmlReader.isEndElement()) && !xmlReader.hasError()) {
-        xmlReader.readNext();
-
-        if (xmlReader.name() == "entry" && xmlReader.isStartElement()) {
-            QString ruleName = xmlReader.attributes().value("name").toString();
-            // Read the priority tag
-            while (xmlReader.name() != "priority"){
-                xmlReader.readNext();
-            }
-            int ruleValue = xmlReader.readElementText().toUInt();
-            priorityRules.insert(ruleName, ruleValue);
+    auto finished = false;
+    while (!finished) {
+        if (reader.name() == "entry" && reader.isStartElement()) {
+            auto address = reader.attributes().value("name").toString();
+            gateway.setAddress(address);
+        } else if (reader.name() == "description" && reader.isStartElement()) { // gateway name
+            gateway.setName(reader.readElementText());
+        } else if (reader.name() == "priority-rule" && reader.isStartElement()) { // priority rules
+            parsePriorityRule(reader, gateway);
         }
+
+        auto result = reader.readNext();
+        finished = result == QXmlStreamReader::Invalid || (reader.name() == "entry" && reader.isEndElement());
     }
-
-    PLOGI << "Finished parsing the priority rules.";
-
-    return priorityRules;
 }
 
-QString PortalConfigResponse::parseGatewayName(QXmlStreamReader &xmlReader)
-{
-    PLOGI << "Start parsing the gateway name...";
+void PortalConfigResponse::parsePriorityRule(QXmlStreamReader &reader, GPGateway &gateway) {
+    PLOGI << "Start parsing priority rule...";
 
-    while (xmlReader.name() != "description" || !xmlReader.isEndElement()) {
-        xmlReader.readNext();
-        if (xmlReader.name() == "description" && xmlReader.tokenType() == xmlReader.StartElement) {
-            PLOGI << "Finished parsing the gateway name";
-            return xmlReader.readElementText();
+    QMap<QString, int> priorityRules;
+    auto finished = false;
+
+    while (!finished) {
+        // Parse the priority-rule -> entry
+        if (reader.name() == "entry" && reader.isStartElement()) {
+            auto ruleName = reader.attributes().value("name").toString();
+            // move to the priority value
+            while (reader.readNextStartElement()) {
+                if (reader.name() == "priority") {
+                    auto priority = reader.readElementText().toInt();
+                    priorityRules.insert(ruleName, priority);
+                    break;
+                }
+            }
         }
+        auto result = reader.readNext();
+        finished = result == QXmlStreamReader::Invalid || (reader.name() == "priority-rule" && reader.isEndElement());
     }
 
-    PLOGE << "Error: <description> tag not found";
-    return "";
+    gateway.setPriorityRules(priorityRules);
 }
 
 QString PortalConfigResponse::userAuthCookie() const
@@ -137,11 +138,6 @@ QString PortalConfigResponse::userAuthCookie() const
     return m_userAuthCookie;
 }
 
-QString PortalConfigResponse::prelogonUserAuthCookie() const
-{
-    return m_prelogonAuthCookie;
-}
-
 QList<GPGateway> PortalConfigResponse::allGateways() const
 {
     return m_gateways;
@@ -176,3 +172,4 @@ void PortalConfigResponse::setPrelogonUserAuthCookie(const QString cookie)
 {
     m_prelogonAuthCookie = cookie;
 }
+

GPClient/portalconfigresponse.h

@@ -19,7 +19,6 @@ public:
     const QString &username() const;
     QString password() const;
     QString userAuthCookie() const;
-    QString prelogonUserAuthCookie() const;
     QList<GPGateway> allGateways() const;
     void setAllGateways(QList<GPGateway> gateways);
 
@@ -44,8 +43,9 @@ private:
     void setPrelogonUserAuthCookie(const QString cookie);
 
     static QList<GPGateway> parseGateways(QXmlStreamReader &xmlReader);
-    static QMap<QString, int> parsePriorityRules(QXmlStreamReader &xmlReader);
-    static QString parseGatewayName(QXmlStreamReader &xmlReader);
+    static void parseGateway(QXmlStreamReader &reader, GPGateway &gateway);
+    static void parsePriorityRule(QXmlStreamReader &reader, GPGateway &gateway);
+
 };
 
 #endif // PORTALCONFIGRESPONSE_H

GPClient/samlloginwindow.cpp

@@ -15,6 +15,7 @@ SAMLLoginWindow::SAMLLoginWindow(QWidget *parent)
 
     QVBoxLayout *verticalLayout = new QVBoxLayout(this);
     webView->setUrl(QUrl("about:blank"));
+    webView->setAttribute(Qt::WA_DeleteOnClose);
     // webView->page()->profile()->setPersistentCookiesPolicy(QWebEngineProfile::NoPersistentCookies);
     verticalLayout->addWidget(webView);
 
@@ -57,12 +58,17 @@ void SAMLLoginWindow::onResponseReceived(QJsonObject params)
     QJsonObject response = params.value("response").toObject();
     QJsonObject headers = response.value("headers").toObject();
 
+    LOGI << "Trying to receive from " << response.value("url").toString();
+
     const QString username = headers.value("saml-username").toString();
     const QString preloginCookie = headers.value("prelogin-cookie").toString();
     const QString userAuthCookie = headers.value("portal-userauthcookie").toString();
 
-    LOGI << "Response received from " << response.value("url").toString();
+    this->checkSamlResult(username, preloginCookie, userAuthCookie);
+}
 
+void SAMLLoginWindow::checkSamlResult(QString username, QString preloginCookie, QString userAuthCookie)
+{
     if (!username.isEmpty()) {
         LOGI << "Got username from SAML response headers " << username;
         samlResult.insert("username", username);
@@ -89,11 +95,38 @@ void SAMLLoginWindow::onResponseReceived(QJsonObject params)
         emit success(samlResult);
         accept();
     } else {
-        this->show();
+        show();
     }
 }
 
 void SAMLLoginWindow::onLoadFinished()
 {
-     LOGI << "Load finished " << this->webView->page()->url().toString();
+     LOGI << "Load finished " << webView->page()->url().toString();
+     webView->page()->toHtml([this] (const QString &html) { this->handleHtml(html); });
+}
+
+void SAMLLoginWindow::handleHtml(const QString &html)
+{
+    // try to check the html body and extract from there
+    const QRegularExpression regex("<saml-auth-status>(.*)</saml-auth-status>");
+    const QRegularExpressionMatch match = regex.match(html);
+    const QString samlAuthStatusOnBody = match.captured(1);
+
+    if (samlAuthStatusOnBody == "1") {
+        const QRegularExpression preloginCookieRegex("<prelogin-cookie>(.*)</prelogin-cookie>");
+        const QRegularExpressionMatch preloginCookieMatch = preloginCookieRegex.match(html);
+        const QString preloginCookie = preloginCookieMatch.captured(1);
+
+        const QRegularExpression usernameRegex("<saml-username>(.*)</saml-username>");
+        const QRegularExpressionMatch usernameMatch = usernameRegex.match(html);
+        const QString username = usernameMatch.captured(1);
+
+        const QRegularExpression userAuthCookieRegex("<portal-userauthcookie>(.*)</portal-userauthcookie>");
+        const QRegularExpressionMatch userAuthCookieMatch = userAuthCookieRegex.match(html);
+        const QString userAuthCookie = userAuthCookieMatch.captured(1);
+
+        checkSamlResult(username, preloginCookie, userAuthCookie);
+    } else {
+        show();
+    }
 }

GPClient/samlloginwindow.h

@@ -24,12 +24,14 @@ signals:
 private slots:
     void onResponseReceived(QJsonObject params);
     void onLoadFinished();
+    void checkSamlResult(QString username, QString preloginCookie, QString userAuthCookie);
 
 private:
     EnhancedWebView *webView;
     QMap<QString, QString> samlResult;
 
     void closeEvent(QCloseEvent *event);
+    void handleHtml(const QString &html);
 };
 
 #endif // SAMLLOGINWINDOW_H

GPClient/settingsdialog.ui

@@ -33,8 +33,11 @@
    </item>
    <item row="0" column="1">
     <widget class="QPlainTextEdit" name="extraArgsInput">
+     <property name="readOnly">
+      <bool>true</bool>
+     </property>
      <property name="placeholderText">
-      <string extracomment="Tokens with spaces can be surrounded by double quotes">e.g. --name=value --script=&quot;vpn-slice xxx&quot;</string>
+      <string>The configuration has been moved to &quot;/etc/gpservice/gp.conf&quot;</string>
      </property>
     </widget>
    </item>

GPClient/vpn.h

@@ -0,0 +1,24 @@
+#ifndef VPN_H
+#define VPN_H
+#include <QtCore/QObject>
+#include <QtCore/QString>
+
+class IVpn
+{
+public:
+    virtual ~IVpn() = default;
+
+    virtual void connect(const QString &preferredServer, const QList<QString> &servers, const QString &username, const QString &passwd) = 0;
+    virtual void disconnect() = 0;
+    virtual int status() = 0;
+
+// signals: // SIGNALS
+//     virtual void connected();
+//     virtual void disconnected();
+//     virtual void error(const QString &errorMessage);
+//     virtual void logAvailable(const QString &log);
+};
+
+Q_DECLARE_INTERFACE(IVpn, "IVpn") // define this out of namespace scope
+
+#endif

GPClient/vpn_dbus.cpp

@@ -0,0 +1,13 @@
+#include "vpn_dbus.h"
+
+void VpnDbus::connect(const QString &preferredServer, const QList<QString> &servers, const QString &username, const QString &passwd) {
+    inner->connect(preferredServer, username, passwd);
+}
+
+void VpnDbus::disconnect() {
+    inner->disconnect();
+}
+
+int VpnDbus::status() {
+    return inner->status();
+}

GPClient/vpn_dbus.h

@@ -0,0 +1,33 @@
+#ifndef VPN_DBUS_H
+#define VPN_DBUS_H
+#include "vpn.h"
+#include "gpserviceinterface.h"
+
+class VpnDbus : public QObject, public IVpn
+{
+  Q_OBJECT
+  Q_INTERFACES(IVpn)
+
+private:
+  com::yuezk::qt::GPService *inner;
+
+public:
+  VpnDbus(QObject *parent) : QObject(parent) {
+    inner = new com::yuezk::qt::GPService("com.yuezk.qt.GPService", "/", QDBusConnection::systemBus(), this);
+    QObject::connect(inner, &com::yuezk::qt::GPService::connected, this, &VpnDbus::connected);
+    QObject::connect(inner, &com::yuezk::qt::GPService::disconnected, this, &VpnDbus::disconnected);
+    QObject::connect(inner, &com::yuezk::qt::GPService::error, this, &VpnDbus::error);
+    QObject::connect(inner, &com::yuezk::qt::GPService::logAvailable, this, &VpnDbus::logAvailable);
+  }
+
+  void connect(const QString &preferredServer, const QList<QString> &servers, const QString &username, const QString &passwd);
+  void disconnect();
+  int status();
+
+signals: // SIGNALS
+  void connected();
+  void disconnected();
+  void error(QString errorMessage);
+  void logAvailable(QString log);
+};
+#endif

GPClient/vpn_json.cpp

@@ -0,0 +1,24 @@
+#include "vpn_json.h"
+#include <QTextStream> 
+#include <QJsonDocument>
+#include <QJsonObject>
+#include <QJsonArray>
+
+void VpnJson::connect(const QString &preferredServer, const QList<QString> &servers, const QString &username, const QString &passwd) {
+    QJsonArray sl;
+    for (const QString &srv : servers) {
+      sl.push_back(QJsonValue(srv));
+    }
+    QJsonObject j;
+    j["server"] = preferredServer;
+    j["availableServers"] = sl;
+    j["cookie"] = passwd;
+    QTextStream(stdout) << QJsonDocument(j).toJson(QJsonDocument::Compact) << "\n";
+    emit connected();
+}
+
+void VpnJson::disconnect() { /* nop */ }
+
+int VpnJson::status() {
+    return 4; // disconnected
+}

GPClient/vpn_json.h

@@ -0,0 +1,23 @@
+#ifndef VPN_JSON_H
+#define VPN_JSON_H
+#include "vpn.h"
+
+class VpnJson : public QObject, public IVpn
+{
+  Q_OBJECT
+  Q_INTERFACES(IVpn)
+
+public:
+  VpnJson(QObject *parent) : QObject(parent) {}
+
+  void connect(const QString &preferredServer, const QList<QString> &servers, const QString &username, const QString &passwd);
+  void disconnect();
+  int status();
+
+signals: // SIGNALS
+  void connected();
+  void disconnected();
+  void error(const QString &errorMessage);
+  void logAvailable(const QString &log);
+};
+#endif

GPService/CMakeLists.txt

@@ -4,6 +4,12 @@ project(GPService)
 
 set(gpservice_GENERATED_SOURCES)
 
+execute_process(COMMAND logname OUTPUT_VARIABLE CMAKE_LOGNAME)
+string(STRIP "${CMAKE_LOGNAME}" CMAKE_LOGNAME)
+
+message(STATUS "CMAKE_LOGNAME: ${CMAKE_LOGNAME}")
+
+configure_file(dbus/com.yuezk.qt.GPService.conf.in dbus/com.yuezk.qt.GPService.conf)
 configure_file(dbus/com.yuezk.qt.GPService.service.in dbus/com.yuezk.qt.GPService.service)
 configure_file(systemd/gpservice.service.in systemd/gpservice.service)
 
@@ -22,6 +28,7 @@ qt5_add_dbus_adaptor(
 )
 
 add_executable(gpservice
+    gpservice.h
     gpservice.cpp
     main.cpp
     ${gpservice_GENERATED_SOURCES}
@@ -58,13 +65,15 @@ target_link_libraries(gpservice
     Qt5::Network
     Qt5::DBus
     QtSignals
+    inih
 )
 
 target_compile_definitions(gpservice PUBLIC QAPPLICATION_CLASS=QCoreApplication)
 
 install(TARGETS gpservice DESTINATION bin)
-install(FILES "dbus/com.yuezk.qt.GPService.conf" DESTINATION share/dbus-1/system.d )
+install(FILES "${CMAKE_CURRENT_BINARY_DIR}/dbus/com.yuezk.qt.GPService.conf" DESTINATION share/dbus-1/system.d )
 install(FILES "${CMAKE_CURRENT_BINARY_DIR}/dbus/com.yuezk.qt.GPService.service" DESTINATION share/dbus-1/system-services)
+install(FILES "gp.conf" DESTINATION /etc/gpservice)
 
 if("$ENV{DEBIAN_PACKAGE}")
     # Install the systemd unit files to /lib/systemd/system for debian package

GPService/gp.conf

@@ -0,0 +1,17 @@
+# Configuration file for GlobalProtect-openconnect
+#
+# Description:
+#
+# Each section is a VPN gateway address, and [*] is a special section that defines the default configuration.
+# See https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration for more details.
+#
+# Example:
+#
+# [*]
+# openconnect-args=<value>
+#
+# [vpn1.company.com]
+# openconnect-args=--script=/path/to/vpnc-script
+
+[*]
+openconnect-args=

GPService/gpservice.cpp

@@ -5,6 +5,7 @@
 #include <QtCore/QRegularExpressionMatch>
 #include <QtDBus/QtDBus>
 
+#include "INIReader.h"
 #include "gpservice.h"
 #include "gpserviceadaptor.h"
 
@@ -41,8 +42,22 @@ QString GPService::findBinary()
     return nullptr;
 }
 
+QString GPService::extraOpenconnectArgs(const QString &gateway)
+{
+    INIReader reader("/etc/gpservice/gp.conf");
+
+    if (reader.ParseError() < 0) {
+        return "";
+    }
+
+    std::string defaultArgs = reader.Get("*", "openconnect-args", "");
+    std::string extraArgs = reader.Get(gateway.toStdString(), "openconnect-args", defaultArgs);
+
+    return QString::fromStdString(extraArgs);
+}
+
 /* Port from https://github.com/qt/qtbase/blob/11d1dcc6e263c5059f34b44d531c9ccdf7c0b1d6/src/corelib/io/qprocess.cpp#L2115 */
-QStringList GPService::splitCommand(QString command)
+QStringList GPService::splitCommand(const QString &command)
 {
     QStringList args;
     QString tmp;
@@ -92,7 +107,7 @@ void GPService::quit()
     }
 }
 
-void GPService::connect(QString server, QString username, QString passwd, QString extraArgs)
+void GPService::connect(QString server, QString username, QString passwd)
 {
     if (vpnStatus != GPService::VpnNotConnected) {
         log("VPN status is: " + QVariant::fromValue(vpnStatus).toString());
@@ -110,6 +125,9 @@ void GPService::connect(QString server, QString username, QString passwd, QStrin
         return;
     }
 
+    const QString extraArgs = extraOpenconnectArgs(server);
+    log(QString("Got extra OpenConnect args for server: %1, %2").arg(server, extraArgs.isEmpty() ? "<empty>" : extraArgs));
+
     QStringList args;
     args << QCoreApplication::arguments().mid(1)
          << "--protocol=gp"
@@ -118,7 +136,7 @@ void GPService::connect(QString server, QString username, QString passwd, QStrin
          << "--cookie-on-stdin"
          << server;
 
-    log("Start process with arugments: " + args.join(" "));
+    log("Start process with arugments: " + args.join(", "));
 
     openconnect->start(bin, args);
     openconnect->write((passwd + "\n").toUtf8());
@@ -181,7 +199,7 @@ void GPService::onProcessStdout()
     QString output = openconnect->readAllStandardOutput();
 
     log(output);
-    if (output.indexOf("Connected as") >= 0) {
+    if (output.indexOf("Connected as") >= 0 || output.indexOf("Configured as") >= 0) {
         vpnStatus = GPService::VpnConnected;
         emit connected();
     }

GPService/gpservice.h

@@ -37,7 +37,7 @@ signals:
     void logAvailable(QString log);
 
 public slots:
-    void connect(QString server, QString username, QString passwd, QString extraArgs);
+    void connect(QString server, QString username, QString passwd);
     void disconnect();
     int status();
 
@@ -56,7 +56,8 @@ private:
     void log(QString msg);
     bool isValidVersion(QString &bin);
     static QString findBinary();
-    static QStringList splitCommand(QString command);
+    static QString extraOpenconnectArgs(const QString &gateway);
+    static QStringList splitCommand(const QString &command);
 };
 
 #endif // GLOBALPROTECTSERVICE_H

README.md

@@ -5,8 +5,10 @@ A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Q
   <img src="https://user-images.githubusercontent.com/3297602/133869036-5c02b0d9-c2d9-4f87-8c81-e44f68cfd6ac.png">
 </p>
 
-<a href="https://ko-fi.com/M4M75PYKZ" target="_blank"><img src="https://ko-fi.com/img/githubbutton_sm.svg" alt="ko-fi" style="height: 35px !important;width: auto !important;"></a>
-<a href="https://www.buymeacoffee.com/yuezk" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 35px !important;width: auto !important;" ></a>
+<a href="https://paypal.me/zongkun" target="_blank"><img src="https://cdn.jsdelivr.net/gh/everdrone/coolbadge@5ea5937cabca5ecbfc45d6b30592bd81f219bc8d/badges/Paypal/Coffee/Blue/Small.png" alt="Buy me a coffee via Paypal" style="height: 32px; width: 268px;" ></a>
+<a href="https://ko-fi.com/M4M75PYKZ" target="_blank"><img src="https://ko-fi.com/img/githubbutton_sm.svg" alt="Support me on Ko-fi" style="height: 32px; width: 238px;"></a>
+<a href="https://www.buymeacoffee.com/yuezk" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 32px; width: 114px;" ></a>
+
 
 ## Features
 
@@ -15,38 +17,78 @@ A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Q
 - Supports automatically selecting the preferred gateway from the multiple gateways.
 - Supports switching gateway from the system tray menu manually.
 
-## Future plan
 
-- [ ] Improve the release process
-- [ ] Process bugs and feature requests
-- [ ] Support for bypassing the `gpclient` parameters
-- [ ] Support the CLI mode
+## Install
 
-## Passing the Custom Parameters to `OpenConnect` CLI
+|OS|Stable version | Development version|
+|---|--------------|--------------------|
+|Linux Mint, Ubuntu 18.04 or later|[ppa:yuezk/globalprotect-openconnect](https://launchpad.net/~yuezk/+archive/ubuntu/globalprotect-openconnect)|[ppa:yuezk/globalprotect-openconnect-snapshot](https://launchpad.net/~yuezk/+archive/ubuntu/globalprotect-openconnect-snapshot)|
+|Arch, Manjaro|[globalprotect-openconnect](https://archlinux.org/packages/community/x86_64/globalprotect-openconnect/)|[AUR: globalprotect-openconnect-git](https://aur.archlinux.org/packages/globalprotect-openconnect-git/)|
+|Fedora|[copr: yuezk/globalprotect-openconnect](https://copr.fedorainfracloud.org/coprs/yuezk/globalprotect-openconnect/)|[copr: yuezk/globalprotect-openconnect](https://copr.fedorainfracloud.org/coprs/yuezk/globalprotect-openconnect/)|
+|openSUSE, CentOS 8|[OBS: globalprotect-openconnect](https://build.opensuse.org/package/show/home:yuezk/globalprotect-openconnect)|[OBS: globalprotect-openconnect-snapshot](https://build.opensuse.org/package/show/home:yuezk/globalprotect-openconnect-snapshot)|
 
-Custom parameters can be appended to the `OpenConnect` CLI with the following settings.
+Add the repository in the above table and install it with your favorite package manager tool.
 
-> Tokens with spaces can be surrounded by double quotes; three consecutive double quotes represent the quote character itself.
+[![Arch package](https://repology.org/badge/version-for-repo/arch/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+[![AUR package](https://repology.org/badge/version-for-repo/aur/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+[![Manjaro Stable package](https://repology.org/badge/version-for-repo/manjaro_stable/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+[![Manjaro Testing package](https://repology.org/badge/version-for-repo/manjaro_testing/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+[![Manjaro Unstable package](https://repology.org/badge/version-for-repo/manjaro_unstable/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+[![nixpkgs unstable package](https://repology.org/badge/version-for-repo/nix_unstable/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+[![Parabola package](https://repology.org/badge/version-for-repo/parabola/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+
+### Linux Mint, Ubuntu 18.04 or later
+
+```sh
+sudo add-apt-repository ppa:yuezk/globalprotect-openconnect
+sudo apt-get update
+sudo apt-get install globalprotect-openconnect
+```
+
+> For Linux Mint, you might need to import the GPG key with: `sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7937C393082992E5D6E4A60453FC26B43838D761` if you encountered an error `gpg: keyserver receive failed: General error`.
+
+### Arch Linux / Manjaro
+
+```sh
+sudo pacman -S globalprotect-openconnect
+```
+
+### AUR snapshot version
+
+```sh
+yay -S globalprotect-openconnect-git
+```
+
+### Fedora
+
+```sh
+sudo dnf copr enable yuezk/globalprotect-openconnect
+sudo dnf install globalprotect-openconnect
+```
+
+### openSUSE
+
+- openSUSE Tumbleweed
+  ```sh
+  sudo zypper ar https://download.opensuse.org/repositories/home:/yuezk/openSUSE_Tumbleweed/home:yuezk.repo
+  sudo zypper ref
+  sudo zypper install globalprotect-openconnect
+  ```
+
+- openSUSE Leap
+
+  ```sh
+  sudo zypper ar https://download.opensuse.org/repositories/home:/yuezk/openSUSE_Leap_15.2/home:yuezk.repo
+  sudo zypper ref
+  sudo zypper install globalprotect-openconnect
+  ```
+### CentOS 8
+
+1. Add the repository: `https://download.opensuse.org/repositories/home:/yuezk/CentOS_8/home:yuezk.repo`
+1. Install `globalprotect-openconnect`
 
 
-<p align="center">
-  <img src="https://user-images.githubusercontent.com/3297602/130319209-744be02b-d657-4f49-a76d-d2c81b5c46d5.png" />
-<p>
-  
-## Display the system tray icon on Gnome 40
-
-Install the [AppIndicator and KStatusNotifierItem Support](https://extensions.gnome.org/extension/615/appindicator-support/) extension and you will see the system try icon (Restart the system after the installation).
-
-<p align="center">
-  <img src="https://user-images.githubusercontent.com/3297602/130831022-b93492fd-46dd-4a8e-94a4-13b5747120b7.png" />
-<p>
- 
-## Prerequisites
-
-- Openconnect v8.x
-- Qt5, qt5-webengine, qt5-websockets
-
-## Build & Install
+## Build & Install from source code
 
 Clone this repo with:
 
@@ -55,21 +97,17 @@ git clone https://github.com/yuezk/GlobalProtect-openconnect.git
 cd GlobalProtect-openconnect
 ```
 
-### Arch/Manjaro
-
-Install from the [globalprotect-openconnect](https://aur.archlinux.org/packages/globalprotect-openconnect/) AUR.
-
 ### Ubuntu/Mint
 
 > **⚠️ REQUIRED for Ubuntu 18.04 ⚠️**
-> 
+>
 > Add this [dwmw2/openconnect](https://launchpad.net/~dwmw2/+archive/ubuntu/openconnect) PPA first to install the latest openconnect.
-> 
+>
 > ```sh
 > sudo add-apt-repository ppa:dwmw2/openconnect
-> sudo apt update
+> sudo apt-get update
 > ```
-  
+
 Build and install with:
 
 ```sh
@@ -107,38 +145,6 @@ Install the Qt5 dependencies and OpenConnect:
 ./scripts/install.sh
 ```
 
-### Debian package
-
-Relatively manual process for now:
-
-* Clone the source tree
-
-  ```
-  git clone https://github.com/yuezk/GlobalProtect-openconnect.git
-  cd GlobalProtect-openconnect
-  ```
-
-* Install git-archive-all using the pip. Remember to adjust the version numbers etc.
-
-  ```
-  pip install git-archive-all
-  ```
-
-* Next create an upstream source tree using git archive.
-
-  ```
-  git-archive-all --force-submodules --prefix=globalprotect-openconnect-1.3.0/ ../globalprotect-openconnect_1.3.0.orig.tar.gz
-  ```
-
-* Finally extract the source tree, build the debian package, and install it.
-
-  ```
-  cd ..
-  tar -xzvf globalprotect-openconnect_1.3.0.orig.tar.gz
-  cd globalprotect-openconnect-1.3.0
-  fakeroot dpkg-buildpackage -uc -us -sa 2>&1 | tee ../build.log
-  sudo dpkg -i globalprotect-openconnect_1.3.0-1ppa1_amd64.deb
-  ```
 
 ### NixOS
   In `configuration.nix`:
@@ -149,13 +155,30 @@ Relatively manual process for now:
     # if you need a Host Integrity Protection report
     csdWrapper = "${pkgs.openconnect}/libexec/openconnect/hipreport.sh";
   };
-  
+
   environment.systemPackages = [ globalprotect-openconnect ];
   ```
 
+## Run
+
+Once the software is installed, you can run `gpclient` to start the UI.
+
+## Passing the Custom Parameters to `OpenConnect` CLI
+
+See [Configuration](https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration)
+
+## Display the system tray icon on Gnome 40
+
+Install the [AppIndicator and KStatusNotifierItem Support](https://extensions.gnome.org/extension/615/appindicator-support/) extension and you will see the system try icon (Restart the system after the installation).
+
+<p align="center">
+  <img src="https://user-images.githubusercontent.com/3297602/130831022-b93492fd-46dd-4a8e-94a4-13b5747120b7.png" />
+<p>
+
+
 ## Troubleshooting
 
-The application logs can be found at: `~/.cache/GlobalProtect-openconnect/gpclient.log`
+Run `gpclient` in the Terminal and collect the logs.
 
 ## [License](./LICENSE)
 GPLv3

VERSION

@@ -1 +1 @@
-1.3.4
+1.4.7

cmake/FindNetworkManager.cmake

@@ -0,0 +1,59 @@
+# - Try to find NetworkManager
+# Once done this will define
+#
+#  NETWORKMANAGER_FOUND - system has NetworkManager
+#  NETWORKMANAGER_INCLUDE_DIRS - the NetworkManager include directories
+#  NETWORKMANAGER_LIBRARIES - the libraries needed to use NetworkManager
+#  NETWORKMANAGER_CFLAGS - Compiler switches required for using NetworkManager
+#  NETWORKMANAGER_VERSION - version number of NetworkManager
+
+# Copyright (c) 2006, Alexander Neundorf, <neundorf@kde.org>
+# Copyright (c) 2007, Will Stephenson, <wstephenson@kde.org>
+# Copyright (c) 2015-2018, Jan Grulich, <jgrulich@redhat.com>
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. Neither the name of the University nor the names of its contributors
+#    may be used to endorse or promote products derived from this software
+#    without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+IF (NETWORKMANAGER_INCLUDE_DIRS)
+    # in cache already
+    SET(NetworkManager_FIND_QUIETLY TRUE)
+ENDIF (NETWORKMANAGER_INCLUDE_DIRS)
+
+IF (NOT WIN32)
+    find_package(PkgConfig)
+    PKG_SEARCH_MODULE(NETWORKMANAGER libnm)
+    IF (NETWORKMANAGER_FOUND)
+        IF (NetworkManager_FIND_VERSION AND ("${NETWORKMANAGER_VERSION}" VERSION_LESS "${NetworkManager_FIND_VERSION}"))
+            MESSAGE(FATAL_ERROR "NetworkManager ${NETWORKMANAGER_VERSION} is too old, need at least ${NetworkManager_FIND_VERSION}")
+        ELSE ()
+            IF (NOT NetworkManager_FIND_QUIETLY)
+                MESSAGE(STATUS "Found NetworkManager: ${NETWORKMANAGER_LIBRARY_DIRS}")
+            ENDIF ()
+        ENDIF ()
+    ELSE ()
+        MESSAGE(FATAL_ERROR "Could NOT find NetworkManager, check FindPkgConfig output above!")
+    ENDIF ()
+ENDIF (NOT WIN32)
+
+MARK_AS_ADVANCED(NETWORKMANAGER_INCLUDE_DIRS)

debian/changelog

@@ -1,3 +1,92 @@
+globalprotect-openconnect (1.4.7-1) unstable; urgency=medium
+
+  * Updated VERSION, Bumped 1.4.6 –> 1.4.7
+  * fix: release resources when properly
+  * fix: add support for parsing tokens from HTML
+  * handle html comment for saml result with okta 2fa (#156)
+  * chore: use auto to declare variable
+  * chore: simplify readme
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Tue, 07 Jun 2022 21:46:04 +0800
+
+globalprotect-openconnect (1.4.6-1) unstable; urgency=medium
+
+  * Updated VERSION, Bumped 1.4.5 –> 1.4.6
+  * feat: display address in gateway menu item
+  * fix: fix bug of parsing the portal respponse
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Wed, 01 Jun 2022 23:55:50 +0800
+
+globalprotect-openconnect (1.4.5-1) unstable; urgency=medium
+
+  * Updated VERSION, Bumped 1.4.4 –> 1.4.5
+  * chore: refine vscode settings
+  * fix: rollback dbus configuration
+  * feat: add option to start minimized
+  * packaging: fix postinst for debian
+  * packaging: add postinst for debian
+  * test: test debian packaging
+  * ci: fix the foder path
+  * chore: apt -> apt-get
+  * ci: verify debian package
+  * Revert "Revert "fix: improve the dbus security""
+  * fix: improve the portal config parsing
+  * Revert "fix: improve the dbus security"
+  * fix: improve the dbus security
+  * fix: free resources in slots
+  * chore: refine cmake files
+  * fix: support high DPI screen
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Sun, 29 May 2022 21:15:40 +0800
+
+globalprotect-openconnect (1.4.4-1) unstable; urgency=medium
+
+  * Updated VERSION, Bumped 1.4.3 –> 1.4.4
+  * fix: support the HighDPI displays
+  * [misc] update the build script
+  * [ci] Enable build job for master branch
+  * [ci] Add ubuntu 22.04
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Sat, 14 May 2022 19:21:14 +0800
+
+globalprotect-openconnect (1.4.3-1) unstable; urgency=medium
+
+  * Updated VERSION, Bumped 1.4.2 –> 1.4.3
+  * refine AUR packaging
+  * Prepare release 1.4.3 (#149)
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Mon, 09 May 2022 22:20:54 +0800
+
+globalprotect-openconnect (1.4.2-1) unstable; urgency=medium
+
+  * Updated VERSION, Bumped 1.4.1 –> 1.4.2
+  * Clear SSL_OP_LEGACY_SERVER_CONNECT (#146)
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Fri, 06 May 2022 22:18:19 +0800
+
+globalprotect-openconnect (1.4.1-1) unstable; urgency=medium
+
+  * Updated VERSION, Bumped 1.4.0 –> 1.4.1
+  * print the gpservice logs
+  * update AUR packaging
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Thu, 03 Mar 2022 21:58:59 +0800
+
+globalprotect-openconnect (1.4.0-1) unstable; urgency=medium
+
+  * Updated VERSION, Bumped 1.3.4 –> 1.4.0
+  * Fix gpservice after openconnect v8.20 (#124)
+  * Add 2FA support (#112)
+  * Add a scripting mode to GPClient (#110)
+  * Stop saving credentials (#111)
+  * update CI
+  * add editorconfig
+  * Update README.md
+  * Add a run entry (#108)
+  * update the installation instruction of Arch Linux
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Wed, 02 Mar 2022 21:34:19 +0800
+
 globalprotect-openconnect (1.3.4-1) unstable; urgency=medium
 
   * Updated VERSION, Bumped 1.3.3 –> 1.3.4

debian/source/format

@@ -1 +1 @@
-3.0 (quilt)
+3.0 (native)

packaging/aur/PKGBUILD

@@ -1,26 +1,33 @@
 # Maintainer: Keinv Yue <yuezk001@gmail.com>
 
-pkgname=globalprotect-openconnect
-pkgver=0
+_pkgver="1.4.7"
+_commit="5a485197b7c7b17f064d89bfe98ec1733d60e221"
+pkgname=globalprotect-openconnect-git
+pkgver=${_pkgver}
 pkgrel=1
-pkgdesc="A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Qt5, supports SAML auth mode."
+pkgdesc="A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Qt5, supports SAML auth mode. (development version)"
 arch=(x86_64 aarch64)
 url="https://github.com/yuezk/GlobalProtect-openconnect"
 license=('GPL3')
+backup=(
+    etc/gpservice/gp.conf
+)
+install=gp.install
 depends=('openconnect>=8.0.0' qt5-base qt5-webengine qt5-websockets)
-makedepends=(cmake)
-provides=('gpclient' 'gpservice')
+makedepends=(git cmake)
+conflicts=('globalprotect-openconnect')
+provides=('globalprotect-openconnect' 'gpclient' 'gpservice')
 
-source=("${pkgname}.tar.gz")
+source=(git+https://github.com/yuezk/GlobalProtect-openconnect#commit=${_commit})
 sha256sums=('SKIP')
 
-pkgver() {
-    cd $srcdir/$pkgname-*/
-    cat VERSION VERSION_SUFFIX
+prepare() {
+    cd GlobalProtect-openconnect
+    echo "${_pkgver}" > VERSION
 }
 
 build() {
-    cd $srcdir/$pkgname-*/
+    cd GlobalProtect-openconnect
     cmake -B build \
         -DCMAKE_BUILD_TYPE=Release \
         -DCMAKE_CXX_FLAGS_RELEASE=-s
@@ -28,6 +35,6 @@ build() {
 }
 
 package() {
-    cd $srcdir/$pkgname-*/
+    cd GlobalProtect-openconnect
     make DESTDIR="$pkgdir/" install -C build
 }

packaging/aur/PKGBUILD.in

@@ -1,28 +1,33 @@
 # Maintainer: Keinv Yue <yuezk001@gmail.com>
 
+_pkgver="{VERSION}"
+_commit="{COMMIT}"
 pkgname=globalprotect-openconnect-git
-_pkgname=globalprotect-openconnect
-pkgver=0
+pkgver=${_pkgver}
 pkgrel=1
 pkgdesc="A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Qt5, supports SAML auth mode. (development version)"
 arch=(x86_64 aarch64)
 url="https://github.com/yuezk/GlobalProtect-openconnect"
 license=('GPL3')
+backup=(
+    etc/gpservice/gp.conf
+)
+install=gp.install
 depends=('openconnect>=8.0.0' qt5-base qt5-webengine qt5-websockets)
-makedepends=(cmake)
+makedepends=(git cmake)
 conflicts=('globalprotect-openconnect')
-provides=('gpclient' 'gpservice')
+provides=('globalprotect-openconnect' 'gpclient' 'gpservice')
 
-source=("${_pkgname}.tar.gz")
+source=(git+https://github.com/yuezk/GlobalProtect-openconnect#commit=${_commit})
 sha256sums=('SKIP')
 
-pkgver() {
-    cd $srcdir/$_pkgname-*/
-    cat VERSION VERSION_SUFFIX
+prepare() {
+    cd GlobalProtect-openconnect
+    echo "${_pkgver}" > VERSION
 }
 
 build() {
-    cd $srcdir/${_pkgname}-*/
+    cd GlobalProtect-openconnect
     cmake -B build \
         -DCMAKE_BUILD_TYPE=Release \
         -DCMAKE_CXX_FLAGS_RELEASE=-s
@@ -30,6 +35,6 @@ build() {
 }
 
 package() {
-    cd $srcdir/${_pkgname}-*/
+    cd GlobalProtect-openconnect
     make DESTDIR="$pkgdir/" install -C build
 }

packaging/aur/gp.install

@@ -0,0 +1,8 @@
+post_install() {
+    systemctl enable gpservice.service
+    systemctl restart gpservice.service
+}
+
+post_upgrade() {
+    post_install
+}

packaging/obs/globalprotect-openconnect.changes

@@ -1,3 +1,92 @@
+-------------------------------------------------------------------
+Tue Jun  7 13:46:04 UTC 2022 - k3vinyue@gmail.com - 1.4.7
+
+- Update to 1.4.7
+  * Updated VERSION, Bumped 1.4.6 –> 1.4.7
+  * fix: release resources when properly
+  * fix: add support for parsing tokens from HTML
+  * handle html comment for saml result with okta 2fa (#156)
+  * chore: use auto to declare variable
+  * chore: simplify readme
+
+-------------------------------------------------------------------
+Wed Jun  1 15:55:50 UTC 2022 - k3vinyue@gmail.com - 1.4.6
+
+- Update to 1.4.6
+  * Updated VERSION, Bumped 1.4.5 –> 1.4.6
+  * feat: display address in gateway menu item
+  * fix: fix bug of parsing the portal respponse
+
+-------------------------------------------------------------------
+Sun May 29 13:15:40 UTC 2022 - k3vinyue@gmail.com - 1.4.5
+
+- Update to 1.4.5
+  * Updated VERSION, Bumped 1.4.4 –> 1.4.5
+  * chore: refine vscode settings
+  * fix: rollback dbus configuration
+  * feat: add option to start minimized
+  * packaging: fix postinst for debian
+  * packaging: add postinst for debian
+  * test: test debian packaging
+  * ci: fix the foder path
+  * chore: apt -> apt-get
+  * ci: verify debian package
+  * Revert "Revert "fix: improve the dbus security""
+  * fix: improve the portal config parsing
+  * Revert "fix: improve the dbus security"
+  * fix: improve the dbus security
+  * fix: free resources in slots
+  * chore: refine cmake files
+  * fix: support high DPI screen
+
+-------------------------------------------------------------------
+Sat May 14 11:21:14 UTC 2022 - k3vinyue@gmail.com - 1.4.4
+
+- Update to 1.4.4
+  * Updated VERSION, Bumped 1.4.3 –> 1.4.4
+  * fix: support the HighDPI displays
+  * [misc] update the build script
+  * [ci] Enable build job for master branch
+  * [ci] Add ubuntu 22.04
+
+-------------------------------------------------------------------
+Mon May  9 14:20:54 UTC 2022 - k3vinyue@gmail.com - 1.4.3
+
+- Update to 1.4.3
+  * Updated VERSION, Bumped 1.4.2 –> 1.4.3
+  * refine AUR packaging
+  * Prepare release 1.4.3 (#149)
+
+-------------------------------------------------------------------
+Fri May  6 14:18:19 UTC 2022 - k3vinyue@gmail.com - 1.4.2
+
+- Update to 1.4.2
+  * Updated VERSION, Bumped 1.4.1 –> 1.4.2
+  * Clear SSL_OP_LEGACY_SERVER_CONNECT (#146)
+
+-------------------------------------------------------------------
+Thu Mar  3 13:58:59 UTC 2022 - k3vinyue@gmail.com - 1.4.1
+
+- Update to 1.4.1
+  * Updated VERSION, Bumped 1.4.0 –> 1.4.1
+  * print the gpservice logs
+  * update AUR packaging
+
+-------------------------------------------------------------------
+Wed Mar  2 13:34:19 UTC 2022 - k3vinyue@gmail.com - 1.4.0
+
+- Update to 1.4.0
+  * Updated VERSION, Bumped 1.3.4 –> 1.4.0
+  * Fix gpservice after openconnect v8.20 (#124)
+  * Add 2FA support (#112)
+  * Add a scripting mode to GPClient (#110)
+  * Stop saving credentials (#111)
+  * update CI
+  * add editorconfig
+  * Update README.md
+  * Add a run entry (#108)
+  * update the installation instruction of Arch Linux
+
 -------------------------------------------------------------------
 Sun Oct 24 04:13:24 UTC 2021 - k3vinyue@gmail.com - 1.3.4
 

packaging/obs/globalprotect-openconnect.spec

@@ -1,5 +1,5 @@
 Name:           globalprotect-openconnect
-Version:        1.3.4
+Version:        1.4.7
 Release:        1
 Summary:        A GlobalProtect VPN client powered by OpenConnect
 Group:          Productivity/Networking/PPP
@@ -54,7 +54,7 @@ A GlobalProtect VPN client (GUI) for Linux based on OpenConnect and built with Q
 %if 0%{?suse_version}
     %service_del_postun gpservice.service
 %else
-    %systemd_postun gpservice.service
+    %systemd_postun_with_restart gpservice.service
 %endif
 
 
@@ -73,7 +73,7 @@ A GlobalProtect VPN client (GUI) for Linux based on OpenConnect and built with Q
 %install
 
 %if 0%{?fedora_version} && 0%{?fedora_version} <= 32
-    %make_install 
+    %make_install
 %else
     %cmake_install
 %endif
@@ -88,7 +88,9 @@ A GlobalProtect VPN client (GUI) for Linux based on OpenConnect and built with Q
 %{_datadir}/dbus-1/system.d/com.yuezk.qt.GPService.conf
 %{_datadir}/icons/hicolor/scalable/apps/com.yuezk.qt.gpclient.svg
 %{_datadir}/metainfo/com.yuezk.qt.gpclient.metainfo.xml
+%config %{_sysconfdir}/gpservice/gp.conf
 
+%dir %{_sysconfdir}/gpservice
 %dir %{_datadir}/icons/hicolor
 %dir %{_datadir}/icons/hicolor/scalable
 %dir %{_datadir}/icons/hicolor/scalable/apps

scripts/_archive-all.sh

@@ -1,6 +1,6 @@
 #!/bin/bash -e
 
-VERSION=$(cat VERSION VERSION_SUFFIX)
+VERSION="$(cat VERSION)"
 
 rm -rf ./artifacts && mkdir -p ./artifacts/{obs,aur,flatpak}
 
@@ -18,8 +18,8 @@ cp -r ./packaging/obs ./artifacts
 cp ./artifacts/*.tar.gz ./artifacts/obs/globalprotect-openconnect.tar.gz
 
 # Prepare the AUR package
-cp ./packaging/aur/PKGBUILD ./artifacts/aur
-cp ./artifacts/*.tar.gz ./artifacts/aur/globalprotect-openconnect.tar.gz
+cp ./packaging/aur/PKGBUILD ./artifacts/aur/PKGBUILD
+cp ./packaging/aur/gp.install ./artifacts/aur/gp.install
 
 # Prepare the flatpak package
 cp ./packaging/flatpak/com.yuezk.qt.gpclient.yml ./artifacts/flatpak

scripts/bump-version.sh

@@ -304,7 +304,7 @@ do-versionfile() {
   [ -f VERSION ] && ACTION_MSG="Updated" || ACTION_MSG="Created"
 
   GIT_MSG+="${ACTION_MSG} VERSION, "
-  echo $V_USR_INPUT > VERSION # Create file
+  echo $V_USR_INPUT | tr -d "\n" > VERSION # Create file
   echo -e "\n${I_OK} ${S_NOTICE}${ACTION_MSG} [${S_NORM}VERSION${S_NOTICE}] file"
 
   # Stage file for commit

scripts/install-ubuntu.sh

@@ -1,11 +1,11 @@
 #!/bin/bash -e
 
-sudo apt update
-sudo apt install -y \
+sudo apt-get update
+sudo apt-get install -y \
     build-essential \
     qtbase5-dev \
     libqt5websockets5-dev \
     qtwebengine5-dev \
     openconnect
 
-./scripts/install.sh
+./scripts/install.sh

scripts/ppa-publish.sh

@@ -1,53 +0,0 @@
-#!/bin/bash -e
-
-VERSION="$(cat VERSION VERSION_SUFFIX)"
-OLD_REVISION="1"
-
-PPA_REPO="ppa:yuezk/globalprotect-openconnect-snapshot"
-
-while [[ $# -gt 0 ]]; do
-    key="$1"
-
-    case $key in
-        --stable)
-            PPA_REPO="ppa:yuezk/globalprotect-openconnect"
-            shift
-            ;;
-        "18.04")
-            DISTRIBUTION="18.04"
-            DISTRIBUTION_NAME="bionic"
-            shift
-            ;;
-        "20.04")
-            DISTRIBUTION="20.04"
-            DISTRIBUTION_NAME="focal"
-            shift
-            ;;
-        "21.04")
-            DISTRIBUTION="21.04"
-            DISTRIBUTION_NAME="hirsute"
-            shift
-            ;;
-        "21.10")
-            DISTRIBUTION="21.10"
-            DISTRIBUTION_NAME="impish"
-            shift
-            ;;
-        *)
-            echo "Unkown options $key"
-            exit 1
-            ;;
-    esac
-done
-
-[ -z $DISTRIBUTION ] && echo "The distribuation is required" && exit 1;
-
-NEW_REVISION="ppa1~ubuntu${DISTRIBUTION}"
-
-sed -i"" "1s/${VERSION}-${OLD_REVISION}/${VERSION}-${NEW_REVISION}/;1s/unstable/${DISTRIBUTION_NAME}/" debian/changelog
-debmake
-debuild -S -sa \
-    -k"${PPA_GPG_KEYID}" \
-    -p"gpg --batch --passphrase ${PPA_GPG_PASSPHRASE} --pinentry-mode loopback"
-
-dput $PPA_REPO ../globalprotect-openconnect_${VERSION}-${NEW_REVISION}_source.changes

scripts/prepare-packaging.sh

@@ -2,14 +2,13 @@
 
 OLD_VERSION=$(git tag --sort=-v:refname --list "v[0-9]*" | head -n 1 | cut -c 2-)
 NEW_VERSION="$(cat VERSION)"
-FULL_VERSION="$(cat VERSION VERSION_SUFFIX)"
 HISTORY_ENTRIES=$(git log --format="  * %s" v${OLD_VERSION}.. | cat -n | sort -uk2 | sort -n | cut -f2-)
 
 function update_debian_changelog() {
 	local OLD_CHANGELOG=$(cat debian/changelog)
 
 	cat > debian/changelog <<-EOF
-	globalprotect-openconnect (${FULL_VERSION}-1) unstable; urgency=medium
+	globalprotect-openconnect (${NEW_VERSION}-1) unstable; urgency=medium
 
 	${HISTORY_ENTRIES}
 
@@ -24,17 +23,24 @@ function update_rpm_changelog() {
 
 	cat > packaging/obs/globalprotect-openconnect.changes <<-EOF
 	-------------------------------------------------------------------
-	$(LC_ALL=en.US date -u "+%a %b %e %T %Z %Y") - k3vinyue@gmail.com - ${FULL_VERSION}
+	$(LC_ALL=en.US date -u "+%a %b %e %T %Z %Y") - k3vinyue@gmail.com - ${NEW_VERSION}
 
-	- Update to ${FULL_VERSION}
+	- Update to ${NEW_VERSION}
 	${HISTORY_ENTRIES}
 
 	${OLD_CHANGELOG}
 	EOF
 }
 
+function generate_pkgbuild() {
+	local commit_id="$(git rev-parse HEAD)"
+	local version="$(cat VERSION)"
+	sed -e "s/{COMMIT}/${commit_id}/" -e "s/{VERSION}/${version}/" packaging/aur/PKGBUILD.in > packaging/aur/PKGBUILD
+}
+
 # Update rpm version
-sed -i"" -re "s/(Version:\s+).+/\1${FULL_VERSION}/" packaging/obs/globalprotect-openconnect.spec
+sed -i"" -re "s/(Version:\s+).+/\1${NEW_VERSION}/" packaging/obs/globalprotect-openconnect.spec
 
 update_rpm_changelog
 update_debian_changelog
+generate_pkgbuild

scripts/release.sh

@@ -2,9 +2,6 @@
 
 VERSION=$(cat VERSION)
 
-# Clear the VERSION_SUFFIX
-cat /dev/null > VERSION_SUFFIX
-
 # Update packaging, e.g., version, changelog, etc.
 ./scripts/prepare-packaging.sh
 

scripts/snapshot-archive-all.sh

@@ -12,6 +12,3 @@ mv ./artifacts/obs/globalprotect-openconnect-rpmlintrc ./artifacts/obs/globalpro
 sed -i"" -re "s/(Name:\s+).+/\1globalprotect-openconnect-snapshot/" \
     -re "s/(Conflicts:\s+).+/\1globalprotect-openconnect/" \
     ./artifacts/obs/globalprotect-openconnect-snapshot.spec
-
-# Update the AUR package
-cp ./packaging/aur/PKGBUILD-git ./artifacts/aur/PKGBUILD

scripts/snapshot-version.sh

@@ -1,3 +1,4 @@
 #!/bin/bash -e
 
-git describe --tags --match "v$(cat VERSION)" | sed -r -e 's/v([^-]+)-/+snapshot/' -e 's/-/./' > VERSION_SUFFIX
+VERSION="v$(cat VERSION)"
+git describe --tags --match "${VERSION}" | sed -re 's/^v([^-]+)-([^-]+)-(.+)/\1+\2snapshot.\3/' > VERSION

scripts/verify-debian-package.sh

@@ -0,0 +1,17 @@
+#!/bin/bash -e
+
+sudo apt-get update
+sudo apt-get install -y \
+	build-essential \
+	qtbase5-dev \
+	libqt5websockets5-dev \
+	qtwebengine5-dev \
+	cmake \
+	debhelper
+
+mkdir -p build
+
+cp ./artifacts/*.tar.gz build/ && cd build
+tar -xzf *.tar.gz && cd globalprotect-openconnect-*/
+
+dpkg-buildpackage -us -uc

snap/snapcraft.yaml

@@ -66,7 +66,7 @@ parts:
     override-pull: |
       snapcraftctl pull
 
-      VERSION=$(cat VERSION VERSION_SUFFIX)
+      VERSION=$(cat VERSION)
       GRADE="stable"
 
       if echo "$VERSION" | grep -q "snapshot"

version.h.in

@@ -1 +1 @@
-#define VERSION "@GlobalProtect-openconnect_VERSION@@VERSION_SUFFIX@"
+#define VERSION "@version@"