Release 2.4.2

Related: #437

.devcontainer/Dockerfile

@@ -0,0 +1,79 @@
+FROM ubuntu:22.04
+
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+ENV RUSTUP_HOME=/usr/local/rustup \
+    CARGO_HOME=/usr/local/cargo \
+    PATH=/usr/local/cargo/bin:$PATH \
+    RUST_VERSION=1.80.0
+
+# Install common dependencies
+RUN set -eux; \
+  apt-get update; \
+  apt-get install -y --no-install-recommends \
+    sudo \
+    ca-certificates \
+    curl \
+    gnupg \
+    git \
+    less \
+    software-properties-common
+
+# Create a non-root user
+RUN set -eux; \
+  groupadd --gid $USER_GID $USERNAME; \
+  useradd --uid $USER_UID --gid $USER_GID -m $USERNAME; \
+  echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME; \
+  chmod 0440 /etc/sudoers.d/$USERNAME
+
+# Install Rust
+RUN set -eux; \
+  curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain $RUST_VERSION; \
+  chown -R $USERNAME:$USERNAME $RUSTUP_HOME $CARGO_HOME; \
+  rustup --version; \
+  cargo --version; \
+  rustc --version
+
+# Install Node.js
+RUN set -eux; \
+  curl -fsSL https://deb.nodesource.com/setup_20.x | bash -; \
+  apt-get install -y nodejs; \
+  corepack enable; \
+  # Install diff-so-fancy
+  npm install -g diff-so-fancy
+
+# Install openconnect
+RUN set -eux; \
+  add-apt-repository ppa:yuezk/globalprotect-openconnect; \
+  apt-get update; \
+  apt-get install -y openconnect libopenconnect-dev
+
+# Tauri dependencies
+RUN set -eux; \
+  apt-get install -y \
+    libwebkit2gtk-4.1-dev \
+    build-essential \
+    curl \
+    wget \
+    file \
+    libxdo-dev \
+    libssl-dev \
+    libayatana-appindicator3-dev \
+    librsvg2-dev
+
+USER $USERNAME
+
+# Install Oh My Zsh
+RUN sh -c "$(wget -O- https://github.com/deluan/zsh-in-docker/releases/download/v1.1.5/zsh-in-docker.sh)" -- \
+    -t https://github.com/denysdovhan/spaceship-prompt \
+    -a 'SPACESHIP_PROMPT_ADD_NEWLINE="false"' \
+    -a 'SPACESHIP_PROMPT_SEPARATE_LINE="false"' \
+    -p git \
+    -p https://github.com/zsh-users/zsh-autosuggestions \
+    -p https://github.com/zsh-users/zsh-completions; \
+    # Change the default shell
+    sudo chsh -s /bin/zsh $USERNAME; \
+    # Change the XTERM to xterm-256color
+    sed -i 's/TERM=xterm/TERM=xterm-256color/g' $HOME/.zshrc;

.devcontainer/devcontainer.json

@@ -0,0 +1,10 @@
+{
+  "build": {
+    "dockerfile": "Dockerfile"
+  },
+  "runArgs": [
+    "--privileged",
+    "--cap-add=NET_ADMIN",
+    "--device=/dev/net/tun"
+  ]
+}

.editorconfig

@@ -1,16 +1,12 @@
-# top-most EditorConfig file
 root = true
 
-# Unix-style newlines with a newline ending every file
 [*]
-end_of_line = lf
-insert_final_newline = false
-trim_trailing_whitespace=true
+charset = utf-8
 indent_style = space
-indent_size = 4
+indent_size = 2
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
 
-[{VERSION,VERSION_SUFFIX}]
-insert_final_newline = false
-
-[*.sh]
+[{Makefile,Makefile.in}]
 indent_style = tab

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,30 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Logs**
+- For the GUI version, you can find the logs at `~/.local/share/gpclient/gpclient.log`
+- For the CLI version, copy the output of the `gpclient` command.
+
+**Environment:**
+ - OS: [e.g. Ubuntu 22.04]
+ - Desktop Environment: [e.g. GNOME or KDE]
+ - Output of `ps aux | grep 'gnome-keyring\|kwalletd5' | grep -v grep`: [Required for secure store error]
+ - Is remote SSH? [Yes/No]
+
+**Additional context**
+Add any other context about the problem here.

.github/workflows/build.yaml

@@ -0,0 +1,196 @@
+name: Build
+on:
+  push:
+    paths-ignore:
+      - LICENSE
+      - "*.md"
+      - .vscode
+      - .devcontainer
+    branches:
+      - main
+      - dev
+      - hotfix/*
+      - feature/*
+      - release/*
+    tags:
+      - v*.*.*
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  # Include arm64 if ref is a tag
+  setup-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Set up matrix
+        id: set-matrix
+        run: |
+          # Set the matrix to include arm64 if the ref is a tag or is the dev branch
+          if [[ "${{ github.ref }}" == "refs/tags/"* || "${{ github.ref }}" == "refs/heads/dev" ]]; then
+            echo 'matrix=[{"runner": "ubuntu-latest", "arch": "amd64"}, {"runner": "arm64", "arch": "arm64"}]' >> $GITHUB_OUTPUT
+          else
+            echo 'matrix=[{"runner": "ubuntu-latest", "arch": "amd64"}]' >> $GITHUB_OUTPUT
+          fi
+
+  tarball:
+    runs-on: ubuntu-latest
+    needs: [setup-matrix]
+    steps:
+    - uses: pnpm/action-setup@v4
+      with:
+        version: 9
+    - name: Prepare workspace
+      run: rm -rf source && mkdir source
+    - name: Checkout GlobalProtect-openconnect
+      uses: actions/checkout@v4
+      with:
+        token: ${{ secrets.GH_PAT }}
+        repository: yuezk/GlobalProtect-openconnect
+        ref: ${{ github.ref }}
+        path: source/gp
+    - name: Create tarball
+      run: |
+        cd source/gp
+        # Generate the SNAPSHOT file for non-tagged commits
+        if [[ "${{ github.ref }}" != "refs/tags/"* ]]; then
+          touch SNAPSHOT
+        fi
+        make tarball
+    - name: Upload tarball
+      uses: actions/upload-artifact@v4
+      with:
+        name: artifact-source
+        if-no-files-found: error
+        path: |
+          source/gp/.build/tarball/*.tar.gz
+
+  build-gp:
+    needs:
+    - setup-matrix
+    - tarball
+    strategy:
+      matrix:
+        # Only build gp on amd64, as the arm64 package will be built in release.yaml
+        os: [{runner: ubuntu-latest, arch: amd64}]
+        package: [deb, rpm, pkg, binary]
+    runs-on: ${{ matrix.os.runner }}
+    name: build-gp (${{ matrix.package }}, ${{ matrix.os.arch }})
+    steps:
+    - name: Prepare workspace
+      run: |
+        rm -rf build-gp-${{ matrix.package }}
+        mkdir -p build-gp-${{ matrix.package }}
+    - name: Download tarball
+      uses: actions/download-artifact@v4
+      with:
+        name: artifact-source
+        path: build-gp-${{ matrix.package }}
+    - name: Docker Login
+      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
+    - name: Build ${{ matrix.package }} package in Docker
+      run: |
+        docker run --pull=always --rm \
+          -v $(pwd)/build-gp-${{ matrix.package }}:/${{ matrix.package }} \
+          yuezk/gpdev:${{ matrix.package }}-builder-tauri2
+    - name: Install ${{ matrix.package }} package in Docker
+      run: |
+        docker run --pull=always --rm \
+          -e GPGUI_INSTALLED=0 \
+          -v $(pwd)/build-gp-${{ matrix.package }}:/${{ matrix.package }} \
+          yuezk/gpdev:${{ matrix.package }}-builder-tauri2 \
+          bash install.sh
+    - name: Upload ${{ matrix.package }} package
+      uses: actions/upload-artifact@v4
+      with:
+        name: artifact-gp-${{ matrix.package }}-${{ matrix.os.arch }}
+        if-no-files-found: error
+        path: |
+          build-gp-${{ matrix.package }}/artifacts/*
+
+  build-gpgui:
+    needs:
+    - setup-matrix
+    strategy:
+      matrix:
+        os: ${{fromJson(needs.setup-matrix.outputs.matrix)}}
+    runs-on: ${{ matrix.os.runner }}
+    name: build-gpgui (${{ matrix.os.arch }})
+    steps:
+    - uses: pnpm/action-setup@v4
+      with:
+        version: 9
+    - name: Prepare workspace
+      run: rm -rf gpgui-source && mkdir gpgui-source
+    - name: Checkout GlobalProtect-openconnect
+      uses: actions/checkout@v4
+      with:
+        token: ${{ secrets.GH_PAT }}
+        repository: yuezk/GlobalProtect-openconnect
+        ref: ${{ github.ref }}
+        path: gpgui-source/gp
+    - name: Checkout gpgui@${{ github.ref_name }}
+      uses: actions/checkout@v4
+      with:
+        token: ${{ secrets.GH_PAT }}
+        repository: yuezk/gpgui
+        ref: ${{ github.ref_name }}
+        path: gpgui-source/gpgui
+    - name: Tarball
+      run: |
+        cd gpgui-source
+        tar -czf gpgui.tar.gz gpgui gp
+    - name: Docker Login
+      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
+    - name: Build gpgui in Docker
+      run: |
+        docker run --pull=always --rm -v $(pwd)/gpgui-source:/gpgui yuezk/gpdev:gpgui-builder-tauri2
+    - name: Install gpgui in Docker
+      run: |
+        cd gpgui-source
+        tar -xJf *.bin.tar.xz
+        docker run --pull=always --rm -v $(pwd):/gpgui yuezk/gpdev:gpgui-builder-tauri2 \
+          bash -c "cd /gpgui/gpgui_*/ && ./gpgui --version"
+    - name: Upload gpgui
+      uses: actions/upload-artifact@v4
+      with:
+        name: artifact-gpgui-${{ matrix.os.arch }}
+        if-no-files-found: error
+        path: |
+          gpgui-source/*.bin.tar.xz
+          gpgui-source/*.bin.tar.xz.sha256
+
+  gh-release:
+    if: ${{ github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/') }}
+    runs-on: ubuntu-latest
+    needs:
+      - tarball
+      - build-gp
+      - build-gpgui
+
+    steps:
+    - name: Prepare workspace
+      run: rm -rf gh-release && mkdir gh-release
+
+    - name: Checkout GlobalProtect-openconnect
+      uses: actions/checkout@v4
+      with:
+        token: ${{ secrets.GH_PAT }}
+        repository: yuezk/GlobalProtect-openconnect
+        ref: ${{ github.ref }}
+        path: gh-release/gp
+
+    - name: Download all artifacts
+      uses: actions/download-artifact@v4
+      with:
+        path: gh-release/gp/.build/artifacts
+
+    - name: Create GH release
+      env:
+        GH_TOKEN: ${{ secrets.GH_PAT }}
+        RELEASE_TAG: ${{ github.ref == 'refs/heads/dev' && 'snapshot' || github.ref_name }}
+      run: |
+        cd gh-release/gp/scripts && ./gh-release.sh "$RELEASE_TAG"

.github/workflows/build.yml

@@ -1,267 +0,0 @@
-name: Build
-
-on:
-  push:
-    branches:
-      - develop
-    tags:
-      - "v*.*.*"
-    paths-ignore:
-      - LICENSE
-      - "*.md"
-      - .vscode
-  workflow_dispatch:
-
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
-jobs:
-  build:
-    strategy:
-      matrix:
-        os: [ubuntu-18.04, ubuntu-20.04]
-    
-    runs-on: ${{ matrix.os }}
-
-    steps:
-      # Checkout repository and submodules
-      - uses: actions/checkout@v2
-        with:
-          submodules: recursive
-
-      - name: Build
-        run: |
-          ./scripts/install-ubuntu.sh
-
-  snapshot-archive-all:
-    if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/develop' }}
-    needs: build
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: recursive
-          fetch-depth: 0
-      
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install git-archive-all
-      
-      - name: Archive all
-        run: |
-          ./scripts/snapshot-archive-all.sh
-
-      - uses: actions/upload-artifact@v2
-        with:
-          name: snapshot-source-code
-          path: ./artifacts/*
-
-  snapshot-ppa:
-    if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/develop' }}
-    needs: snapshot-archive-all
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/download-artifact@v2
-        with:
-          name: snapshot-source-code
-          path: artifacts
-      
-      - name: Extract source code
-        run: |
-          cd $GITHUB_WORKSPACE/artifacts
-          mkdir deb-build && cp *.tar.gz deb-build && cd deb-build
-          tar xf *.tar.gz
-
-      - name: Publish PPA
-        uses: yuezk/publish-ppa-package@develop
-        with:
-          repository: 'ppa:yuezk/globalprotect-openconnect-snapshot'
-          gpg_private_key: ${{ secrets.PPA_GPG_PRIVATE_KEY }}
-          gpg_passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
-          pkgdir: '${{ github.workspace }}/artifacts/deb-build/globalprotect-openconnect*/'
-      
-  snapshot-aur:
-    if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/develop' }}
-    needs: snapshot-archive-all
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/download-artifact@v2
-        with:
-          name: snapshot-source-code
-          path: artifacts
-
-      - name: Publish AUR package
-        env:
-          VERSION: $(cat ./artifacts/VERSION)
-        uses: yuezk/github-actions-deploy-aur@update-pkgver
-        with:
-          pkgname: globalprotect-openconnect-git
-          pkgbuild: ./artifacts/aur/PKGBUILD
-          assets: ./artifacts/aur/*.tar.gz
-          update_pkgver: true
-          commit_username: ${{ secrets.AUR_USERNAME }}
-          commit_email: ${{ secrets.AUR_EMAIL }}
-          ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
-          commit_message: 'Snapshot release: git#${{ github.sha }}'
-
-  snapshot-obs:
-    if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/develop' }}
-    needs: snapshot-archive-all
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/download-artifact@v2
-        with:
-          name: snapshot-source-code
-          path: artifacts
-
-      - uses: yuezk/publish-obs-package@main
-        with:
-          project: home:yuezk
-          package: globalprotect-openconnect-snapshot
-          username: yuezk
-          password: ${{ secrets.OBS_PASSWORD }}
-          files: ./artifacts/obs/*
-
-  snapshot-snap:
-    if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/develop' }}
-    needs: snapshot-archive-all
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/download-artifact@v2
-        with:
-          name: snapshot-source-code
-          path: artifacts
-      
-      - name: Extract source code
-        run: |
-          mkdir snap-source
-          tar xvf ./artifacts/globalprotect-openconnect-*tar.gz \
-            --directory snap-source \
-            --strip 1
-          
-      - uses: snapcore/action-build@v1
-        id: build
-        with:
-          path: ./snap-source
-
-      - uses: snapcore/action-publish@v1
-        with:
-          store_login: ${{ secrets.SNAPSTORE_LOGIN }}
-          snap: ${{ steps.build.outputs.snap }}
-          release: edge
-
-  release-archive-all:
-    if: startsWith(github.ref, 'refs/tags/v')
-    needs: build
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: recursive
-          fetch-depth: 0
-      
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install git-archive-all
-      
-      - name: Archive all
-        run: |
-          ./scripts/release-archive-all.sh
-
-      - uses: actions/upload-artifact@v2
-        with:
-          name: release-source-code
-          path: ./artifacts/*
-
-  release-ppa:
-    if: startsWith(github.ref, 'refs/tags/v')
-    needs: release-archive-all
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/download-artifact@v2
-        with:
-          name: release-source-code
-          path: artifacts
-
-      - name: Extract source code
-        run: |
-          cd $GITHUB_WORKSPACE/artifacts
-          mkdir deb-build && cp *.tar.gz deb-build && cd deb-build
-          tar xf *.tar.gz
-
-      - name: Publish PPA
-        uses: yuezk/publish-ppa-package@develop
-        with:
-          repository: 'ppa:yuezk/globalprotect-openconnect'
-          gpg_private_key: ${{ secrets.PPA_GPG_PRIVATE_KEY }}
-          gpg_passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
-          pkgdir: '${{ github.workspace }}/artifacts/deb-build/globalprotect-openconnect*/'
-  
-  release-aur:
-    if: startsWith(github.ref, 'refs/tags/v')
-    needs: release-archive-all
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/download-artifact@v2
-        with:
-          name: release-source-code
-          path: artifacts
-
-      - name: Publish AUR package
-        env:
-          VERSION: $(cat ./artifacts/VERSION)
-        uses: yuezk/github-actions-deploy-aur@update-pkgver
-        with:
-          pkgname: globalprotect-openconnect-git
-          pkgbuild: ./artifacts/aur/PKGBUILD
-          assets: ./artifacts/aur/*.tar.gz
-          update_pkgver: true
-          commit_username: ${{ secrets.AUR_USERNAME }}
-          commit_email: ${{ secrets.AUR_EMAIL }}
-          ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
-          commit_message: 'Release ${{ github.ref }}'
-  
-  release-obs:
-    if: startsWith(github.ref, 'refs/tags/v')
-    needs: release-archive-all
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/download-artifact@v2
-        with:
-          name: release-source-code
-          path: artifacts
-
-      - uses: yuezk/publish-obs-package@main
-        with:
-          project: home:yuezk
-          package: globalprotect-openconnect
-          username: yuezk
-          password: ${{ secrets.OBS_PASSWORD }}
-          files: ./artifacts/obs/*
-  
-  release-github:
-    if: startsWith(github.ref, 'refs/tags/v')
-    needs:
-      - release-ppa
-      - release-aur
-      - release-obs
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/download-artifact@v2
-        with:
-          name: release-source-code
-          path: artifacts
-      - uses: softprops/action-gh-release@v1
-        with:
-          files: |
-            ./artifacts/*.tar.gz

.github/workflows/pr.yml

@@ -1,31 +0,0 @@
-name: PR Build
-
-on:
-  pull_request:
-    branches:
-      - master
-      - develop
-    paths-ignore:
-      - LICENSE
-      - "*.md"
-      - .vscode
-  workflow_dispatch:
-
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
-jobs:
-  build:
-    strategy:
-      matrix:
-        os: [ubuntu-18.04, ubuntu-20.04]
-    
-    runs-on: ${{ matrix.os }}
-
-    steps:
-      # Checkout repository and submodules
-      - uses: actions/checkout@v2
-        with:
-          submodules: recursive
-
-      - name: Build
-        run: |
-          ./scripts/install-ubuntu.sh

.github/workflows/publish.yaml

@@ -0,0 +1,99 @@
+name: Publish Packages
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag to publish'
+        required: true
+      revision:
+        description: 'Package revision'
+        required: true
+        default: "1"
+      ppa:
+        description: 'Publish to PPA'
+        type: boolean
+        required: true
+        default: true
+      obs:
+        description: 'Publish to OBS'
+        type: boolean
+        required: true
+        default: true
+      aur:
+        description: 'Publish to AUR'
+        type: boolean
+        required: true
+        default: true
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check tag exists
+      uses: mukunku/tag-exists-action@v1.6.0
+      id: check-tag
+      with:
+        tag: ${{ inputs.tag }}
+    - name: Exit if tag does not exist
+      run: |
+        if [[ "${{ steps.check-tag.outputs.exists }}" == "false" ]]; then
+          echo "Tag ${{ inputs.tag }} does not exist"
+          exit 1
+        fi
+
+  publish-ppa:
+    needs: check
+    if: ${{ inputs.ppa }}
+    runs-on: ubuntu-latest
+    steps:
+    - uses: pnpm/action-setup@v4
+      with:
+        version: 9
+    - name: Prepare workspace
+      run: rm -rf publish-ppa && mkdir publish-ppa
+    - name: Download ${{ inputs.tag }} source code
+      uses: robinraju/release-downloader@v1.9
+      with:
+        token: ${{ secrets.GH_PAT }}
+        tag: ${{ inputs.tag }}
+        fileName: globalprotect-openconnect-*.tar.gz
+        tarBall: false
+        zipBall: false
+        out-file-path: publish-ppa
+    - name: Make the offline tarball
+      run: |
+        cd publish-ppa
+        tar -xf globalprotect-openconnect-*.tar.gz
+        cd globalprotect-openconnect-*/
+
+        make tarball OFFLINE=1
+
+        # Prepare the debian directory with custom files
+        mkdir -p .build/debian
+
+        cp -v packaging/deb/control.in .build/debian/control
+        cp -v packaging/deb/rules.in .build/debian/rules
+        cp -v packaging/deb/compat .build/debian/compat
+        cp -v packaging/deb/postrm .build/debian/postrm
+
+        sed -i "s/@RUST@/cargo-1.80/g" .build/debian/control
+
+        sed -i "s/@OFFLINE@/1/g" .build/debian/rules
+        sed -i "s/@BUILD_GUI@/1/g" .build/debian/rules
+        sed -i "s/@RUST_VERSION@/1.80/g" .build/debian/rules
+
+    - name: Publish to PPA
+      uses: yuezk/publish-ppa-package@gp
+      with:
+        repository: "yuezk/globalprotect-openconnect"
+        gpg_private_key: ${{ secrets.PPA_GPG_PRIVATE_KEY }}
+        gpg_passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
+        tarball: publish-ppa/globalprotect-openconnect-*/.build/tarball/*.tar.gz
+        debian_dir: publish-ppa/globalprotect-openconnect-*/.build/debian
+        deb_email: "k3vinyue@gmail.com"
+        deb_fullname: "Kevin Yue"
+        extra_ppa: "yuezk/globalprotect-openconnect liushuyu-011/rust-updates-1.80"
+        # Ubuntu 18.04 and 20.04 are excluded because tauri2 no longer supports them
+        excluded_series: "bionic focal"
+        revision: ${{ inputs.revision }}

.github/workflows/release.yaml

@@ -0,0 +1,153 @@
+name: GH Release Packages
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag to release'
+        required: true
+      arch:
+        type: choice
+        description: 'Architecture to build'
+        required: true
+        default: all
+        options:
+          - all
+          - x86_64
+          - arm64
+      release-deb:
+        type: boolean
+        description: 'Build DEB package'
+        required: true
+        default: true
+      release-rpm:
+        type: boolean
+        description: 'Build RPM package'
+        required: true
+        default: true
+      release-pkg:
+        type: boolean
+        description: 'Build PKG package'
+        required: true
+        default: true
+      release-binary:
+        type: boolean
+        description: 'Build binary package'
+        required: true
+        default: true
+      gh-release:
+        type: boolean
+        description: 'Update GitHub release'
+        required: true
+        default: true
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check tag exists
+      uses: mukunku/tag-exists-action@v1.6.0
+      id: check-tag
+      with:
+        tag: ${{ inputs.tag }}
+    - name: Exit if tag does not exist
+      run: |
+        if [[ "${{ steps.check-tag.outputs.exists }}" == "false" ]]; then
+          echo "Tag ${{ inputs.tag }} does not exist"
+          exit 1
+        fi
+
+  setup-matrix:
+    needs:
+    - check
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.result }}
+    steps:
+    - name: Set up matrix
+      id: set-matrix
+      uses: actions/github-script@v7
+      with:
+        result-encoding: string
+        script: |
+          const inputs = ${{ toJson(inputs) }}
+          const { arch } = inputs
+          const osMap = {
+            "all": ["ubuntu-latest", "arm64"],
+            "x86_64": ["ubuntu-latest"],
+            "arm64": ["arm64"]
+          }
+
+          const package = Object.entries(inputs)
+            .filter(([key, value]) => key.startsWith('release-') && value)
+            .map(([key, value]) => key.replace('release-', ''))
+
+          return JSON.stringify({
+            os: osMap[arch],
+            package,
+          })
+
+  build:
+    needs:
+    - setup-matrix
+    strategy:
+      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Prepare workspace
+      run: rm -rf build-${{ matrix.package }} && mkdir -p build-${{ matrix.package }}
+    - name: Download ${{ inputs.tag }} source code
+      uses: robinraju/release-downloader@v1.9
+      with:
+        token: ${{ secrets.GH_PAT }}
+        tag: ${{ inputs.tag }}
+        fileName: globalprotect-openconnect-*.tar.gz
+        tarBall: false
+        zipBall: false
+        out-file-path: build-${{ matrix.package }}
+    - name: Docker Login
+      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
+    - name: Build ${{ matrix.package }} package in Docker
+      run: |
+        docker run --pull=always --rm \
+          -v $(pwd)/build-${{ matrix.package }}:/${{ matrix.package }} \
+          -e INCLUDE_GUI=1 \
+          yuezk/gpdev:${{ matrix.package }}-builder-tauri2
+
+    - name: Install ${{ matrix.package }} package in Docker
+      run: |
+        docker run --pull=always --rm \
+          -v $(pwd)/build-${{ matrix.package }}:/${{ matrix.package }} \
+          yuezk/gpdev:${{ matrix.package }}-builder-tauri2 \
+          bash install.sh
+
+    - name: Upload ${{ matrix.package }} package
+      uses: actions/upload-artifact@v4
+      with:
+        name: artifact-${{ matrix.os }}-${{ matrix.package }}
+        if-no-files-found: error
+        path: |
+          build-${{ matrix.package }}/artifacts/*
+
+  gh-release:
+    needs:
+    - build
+    runs-on: ubuntu-latest
+    if: ${{ inputs.gh-release }}
+    steps:
+    - name: Prepare workspace
+      run: rm -rf gh-release && mkdir gh-release
+    - name: Download artifact
+      uses: actions/download-artifact@v4
+      with:
+        path: gh-release
+    - name: Update release
+      uses: softprops/action-gh-release@v1
+      with:
+        token: ${{ secrets.GH_PAT }}
+        prerelease: ${{ contains(github.ref, 'snapshot') }}
+        fail_on_unmatched_files: true
+        tag_name: ${{ inputs.tag }}
+        files: |
+          gh-release/artifact-*/*
+

.gitignore

@@ -1,69 +1,13 @@
-# Binaries
-*.rpm
-*.gz
-*.snap
-.DS_Store
-build-debian
-build
-artifacts
+.idea
+/target
+.pnpm-store
+.env
+.vendor
+*.tar.xz
 
-.cmake
+.cargo
+.build
+SNAPSHOT
 
-# Auto generated DBus files
-*_adaptor.cpp
-*_adaptor.h
-
-gpservice_interface.*
-
-# C++ objects and libs
-*.slo
-*.lo
-*.o
-*.a
-*.la
-*.lai
-*.so
-*.so.*
-*.dll
-*.dylib
-
-# Qt-es
-object_script.*.Release
-object_script.*.Debug
-*_plugin_import.cpp
-/.qmake.cache
-/.qmake.stash
-*.pro.user
-*.pro.user.*
-*.qbs.user
-*.qbs.user.*
-*.moc
-moc_*.cpp
-moc_*.h
-qrc_*.cpp
-ui_*.h
-*.qmlc
-*.jsc
-Makefile*
-*build-*
-*.qm
-*.prl
-
-# Qt unit tests
-target_wrapper.*
-
-# QtCreator
-*.autosave
-
-# QtCreator Qml
-*.qmlproject.user
-*.qmlproject.user.*
-
-# QtCreator CMake
-CMakeLists.txt.user*
-
-# QtCreator 4.8< compilation database 
-compile_commands.json
-
-# QtCreator local machine specific files for imported projects
-*creator.user*
+# Tauri generated files
+gen

.gitmodules

@@ -1,7 +0,0 @@
-[submodule "singleapplication"]
-	path = 3rdparty/SingleApplication
-	url = https://github.com/itay-grudev/SingleApplication.git
-
-[submodule "plog"]
-	path = 3rdparty/plog
-	url = https://github.com/SergiusTheBest/plog.git

.vscode/c_cpp_properties.json

@@ -0,0 +1,14 @@
+{
+  "configurations": [
+    {
+      "name": "Mac",
+      "includePath": ["/opt/homebrew/include"],
+      "macFrameworkPath": ["/System/Library/Frameworks", "/Library/Frameworks"],
+      "intelliSenseMode": "macos-clang-x64",
+      "compilerPath": "/usr/bin/clang",
+      "cStandard": "c17",
+      "cppStandard": "c++17"
+    }
+  ],
+  "version": 4
+}

.vscode/extensions.json

@@ -0,0 +1,9 @@
+{
+    "recommendations": [
+        "rust-lang.rust-analyzer",
+        "tamasfe.even-better-toml",
+        "eamodio.gitlens",
+        "EditorConfig.EditorConfig",
+        "streetsidesoftware.code-spell-checker",
+    ]
+}

.vscode/settings.json

@@ -1,26 +1,74 @@
 {
-    "files.watcherExclude": {
-        "**/artifacts/**": true,
-    },
+    "cSpell.words": [
+        "authcookie",
+        "badssl",
+        "bincode",
+        "chacha",
+        "clientos",
+        "cstring",
+        "datetime",
+        "disconnectable",
+        "distro",
+        "dotenv",
+        "dotenvy",
+        "dtls",
+        "getconfig",
+        "globalprotect",
+        "globalprotectcallback",
+        "gpapi",
+        "gpauth",
+        "gpcallback",
+        "gpclient",
+        "gpcommon",
+        "gpgui",
+        "gpservice",
+        "hidpi",
+        "Ivars",
+        "jnlp",
+        "LOGNAME",
+        "NSHTTPURL",
+        "NSURL",
+        "objc",
+        "oneshot",
+        "openconnect",
+        "pkcs",
+        "pkexec",
+        "pkey",
+        "Prelogin",
+        "prelogon",
+        "prelogonuserauthcookie",
+        "repr",
+        "reqwest",
+        "roxmltree",
+        "rspc",
+        "servercert",
+        "specta",
+        "sslkey",
+        "sysinfo",
+        "tanstack",
+        "tauri",
+        "tempfile",
+        "thiserror",
+        "tungstenite",
+        "unistd",
+        "unlisten",
+        "urlencoding",
+        "userauthcookie",
+        "utsbuf",
+        "uzers",
+        "Vite",
+        "vpnc",
+        "vpninfo",
+        "webbrowser",
+        "wmctrl",
+        "XAUTHORITY",
+        "yuezk"
+    ],
+    "rust-analyzer.cargo.features": "all",
     "files.associations": {
-        "qregularexpression": "cpp",
-        "qfileinfo": "cpp",
-        "qregularexpressionmatch": "cpp",
-        "qdatetime": "cpp",
-        "qprocess": "cpp",
-        "qobject": "cpp",
-        "qstandardpaths": "cpp",
-        "qmainwindow": "cpp",
-        "qsystemtrayicon": "cpp",
-        "qpushbutton": "cpp",
-        "qmenu": "cpp",
-        "qjsondocument": "cpp",
-        "qnetworkaccessmanager": "cpp",
-        "qwebengineview": "cpp",
-        "qprocessenvironment": "cpp",
-        "qnetworkreply": "cpp",
-        "qicon": "cpp",
-        "qsslsocket": "cpp",
-        "qapplication": "cpp"
-    }
+        "unistd.h": "c",
+        "utsname.h": "c",
+        "vpn.h": "c",
+        "openconnect.h": "c"
+    },
 }

3rdparty/qt-unix-signals/CMakeLists.txt

@@ -1,14 +0,0 @@
-cmake_minimum_required(VERSION 3.1.0)
-
-project(QtSignals LANGUAGES CXX)
-
-set(CMAKE_CXX_STANDARD 11)
-set(CMAKE_CXX_STANDARD_REQUIRED ON)
-# Instruct CMake to run moc automatically when needed.
-set(CMAKE_AUTOMOC ON)
-
-find_package(Qt5 REQUIRED COMPONENTS Core)
-
-add_library(QtSignals STATIC sigwatch.cpp)
-target_include_directories(QtSignals INTERFACE ${CMAKE_CURRENT_SOURCE_DIR})
-target_link_libraries(QtSignals Qt5::Core)

3rdparty/qt-unix-signals/sigwatch.cpp

@@ -1,176 +0,0 @@
-/*
- * Unix signal watcher for Qt.
- *
- * Copyright (C) 2014 Simon Knopp
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-#include <sys/socket.h>
-#include <unistd.h>
-#include <errno.h>
-#include <QMap>
-#include <QSocketNotifier>
-#include <QDebug>
-#include "sigwatch.h"
-
-
-/*!
- * \brief The UnixSignalWatcherPrivate class implements the back-end signal
- * handling for the UnixSignalWatcher.
- *
- * \see http://qt-project.org/doc/qt-5.0/qtdoc/unix-signals.html
- */
-class UnixSignalWatcherPrivate : public QObject
-{
-    UnixSignalWatcher * const q_ptr;
-    Q_DECLARE_PUBLIC(UnixSignalWatcher)
-
-public:
-    UnixSignalWatcherPrivate(UnixSignalWatcher *q);
-    ~UnixSignalWatcherPrivate();
-
-    void watchForSignal(int signal);
-    static void signalHandler(int signal);
-
-    void _q_onNotify(int sockfd);
-
-private:
-    static int sockpair[2];
-    QSocketNotifier *notifier;
-    QList<int> watchedSignals;
-};
-
-
-int UnixSignalWatcherPrivate::sockpair[2];
-
-UnixSignalWatcherPrivate::UnixSignalWatcherPrivate(UnixSignalWatcher *q) :
-    q_ptr(q)
-{
-    // Create socket pair
-    if (::socketpair(AF_UNIX, SOCK_STREAM, 0, sockpair)) {
-        qDebug() << "UnixSignalWatcher: socketpair: " << ::strerror(errno);
-        return;
-    }
-
-    // Create a notifier for the read end of the pair
-    notifier = new QSocketNotifier(sockpair[1], QSocketNotifier::Read);
-    QObject::connect(notifier, SIGNAL(activated(int)), q, SLOT(_q_onNotify(int)));
-    notifier->setEnabled(true);
-}
-
-UnixSignalWatcherPrivate::~UnixSignalWatcherPrivate()
-{
-    delete notifier;
-}
-
-/*!
- * Registers a handler for the given Unix \a signal. The handler will write to
- * a socket pair, the other end of which is connected to a QSocketNotifier.
- * This provides a way to break out of the asynchronous context from which the
- * signal handler is called and back into the Qt event loop.
- */
-void UnixSignalWatcherPrivate::watchForSignal(int signal)
-{
-    if (watchedSignals.contains(signal)) {
-        qDebug() << "Already watching for signal" << signal;
-        return;
-    }
-
-    // Register a sigaction which will write to the socket pair
-    struct sigaction sigact;
-    sigact.sa_handler = UnixSignalWatcherPrivate::signalHandler;
-    sigact.sa_flags = 0;
-    ::sigemptyset(&sigact.sa_mask);
-    sigact.sa_flags |= SA_RESTART;
-    if (::sigaction(signal, &sigact, NULL)) {
-        qDebug() << "UnixSignalWatcher: sigaction: " << ::strerror(errno);
-        return;
-    }
-
-    watchedSignals.append(signal);
-}
-
-/*!
- * Called when a Unix \a signal is received. Write to the socket to wake up the
- * QSocketNotifier.
- */
-void UnixSignalWatcherPrivate::signalHandler(int signal)
-{
-    ssize_t nBytes = ::write(sockpair[0], &signal, sizeof(signal));
-    Q_UNUSED(nBytes);
-}
-
-/*!
- * Called when the signal handler has written to the socket pair. Emits the Unix
- * signal as a Qt signal.
- */
-void UnixSignalWatcherPrivate::_q_onNotify(int sockfd)
-{
-    Q_Q(UnixSignalWatcher);
-
-    int signal;
-    ssize_t nBytes = ::read(sockfd, &signal, sizeof(signal));
-    Q_UNUSED(nBytes);
-    qDebug() << "Caught signal:" << ::strsignal(signal);
-    emit q->unixSignal(signal);
-}
-
-
-/*!
- * Create a new UnixSignalWatcher as a child of the given \a parent.
- */
-UnixSignalWatcher::UnixSignalWatcher(QObject *parent) :
-    QObject(parent),
-    d_ptr(new UnixSignalWatcherPrivate(this))
-{
-}
-
-/*!
- * Destroy this UnixSignalWatcher.
- */
-UnixSignalWatcher::~UnixSignalWatcher()
-{
-    delete d_ptr;
-}
-
-/*!
- * Register a signal handler for the given \a signal.
- *
- * After calling this method you can \c connect() to the unixSignal() Qt signal
- * to be notified when the Unix signal is received.
- */
-void UnixSignalWatcher::watchForSignal(int signal)
-{
-    Q_D(UnixSignalWatcher);
-    d->watchForSignal(signal);
-}
-
-/*!
- * \fn void UnixSignalWatcher::unixSignal(int signal)
- * Emitted when the given Unix \a signal is received.
- *
- * watchForSignal() must be called for each Unix signal that you want to receive
- * via the unixSignal() Qt signal. If a watcher is watching multiple signals,
- * unixSignal() will be emitted whenever *any* of the watched Unix signals are
- * received, and the \a signal argument can be inspected to find out which one
- * was actually received.
- */
-
-#include "moc_sigwatch.cpp"

3rdparty/qt-unix-signals/sigwatch.h

@@ -1,59 +0,0 @@
-/*
- * Unix signal watcher for Qt.
- *
- * Copyright (C) 2014 Simon Knopp
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-#ifndef SIGWATCH_H
-#define SIGWATCH_H
-
-#include <QObject>
-#include <signal.h>
-
-class UnixSignalWatcherPrivate;
-
-
-/*!
- * \brief The UnixSignalWatcher class converts Unix signals to Qt signals.
- *
- * To watch for a given signal, e.g. \c SIGINT, call \c watchForSignal(SIGINT)
- * and \c connect() your handler to unixSignal().
- */
-
-class UnixSignalWatcher : public QObject
-{
-    Q_OBJECT
-public:
-    explicit UnixSignalWatcher(QObject *parent = 0);
-    ~UnixSignalWatcher();
-
-    void watchForSignal(int signal);
-
-signals:
-    void unixSignal(int signal);
-
-private:
-    UnixSignalWatcherPrivate * const d_ptr;
-    Q_DECLARE_PRIVATE(UnixSignalWatcher)
-    Q_PRIVATE_SLOT(d_func(), void _q_onNotify(int))
-};
-
-#endif // SIGWATCH_H

CMakeLists.txt

@@ -1,36 +0,0 @@
-cmake_minimum_required(VERSION 3.10.0)
-
-set(CMAKE_CXX_STANDARD 11)
-set(CMAKE_CXX_STANDARD_REQUIRED ON)
-
-set(CMAKE_AUTOMOC ON)
-set(CMAKE_AUTORCC ON)
-set(CMAKE_AUTOUIC ON)
-
-file(STRINGS "VERSION" ver)
-file(STRINGS "VERSION_SUFFIX" VERSION_SUFFIX)
-project(GlobalProtect-openconnect VERSION ${ver} LANGUAGES CXX)
-
-# Set the CMAKE_INSTALL_PREFIX to /usr if not specified
-if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
-    set(CMAKE_INSTALL_PREFIX "/usr" CACHE PATH "The default install prefix" FORCE)
-endif()
-
-message(STATUS "CMAKE_INSTALL_PREFIX was set to: ${CMAKE_INSTALL_PREFIX}")
-
-configure_file(version.h.in version.h)
-
-find_package(Qt5 REQUIRED COMPONENTS
-    Core
-    Widgets
-    Network
-    WebSockets
-    WebEngine
-    WebEngineWidgets
-    DBus
-)
-
-add_subdirectory(3rdparty/qt-unix-signals)
-add_subdirectory(GPService)
-add_subdirectory(GPClient)
-add_dependencies(gpclient gpservice)

Cargo.toml

@@ -0,0 +1,66 @@
+[workspace]
+resolver = "2"
+
+members = [
+  "crates/*",
+  "apps/gpclient",
+  "apps/gpservice",
+  "apps/gpauth",
+  "apps/gpgui-helper/src-tauri",
+]
+
+[workspace.package]
+rust-version = "1.80"
+version = "2.4.2"
+authors = ["Kevin Yue <k3vinyue@gmail.com>"]
+homepage = "https://github.com/yuezk/GlobalProtect-openconnect"
+edition = "2021"
+license = "GPL-3.0"
+
+[workspace.dependencies]
+anyhow = "1.0"
+base64 = "0.22"
+clap = { version = "4", features = ["derive"] }
+clap-verbosity-flag = "3"
+ctrlc = "3.4"
+directories = "5.0"
+dns-lookup = "2.0.4"
+env_logger = "0.11"
+is_executable = "1.0"
+log = "0.4"
+regex = "1"
+reqwest = { version = "0.12", features = ["native-tls", "json"] }
+openssl = "0.10"
+pem = "3"
+roxmltree = "0.20"
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+sysinfo = "0.33"
+tempfile = "3.8"
+tokio = { version = "1" }
+tokio-util = "0.7"
+url = "2.4"
+urlencoding = "2.1.3"
+axum = "0.8"
+futures = "0.3"
+futures-util = "0.3"
+uzers = "0.12"
+whoami = "1"
+thiserror = "2"
+redact-engine = "0.1"
+compile-time = "0.2"
+serde_urlencoded = "0.7"
+md5 = "0.7"
+sha256 = "1"
+which = "7"
+
+# Tauri dependencies
+tauri = { version = "2" }
+specta = "=2.0.0-rc.20"
+
+[profile.release]
+opt-level = 'z'   # Optimize for size
+lto = true        # Enable link-time optimization
+codegen-units = 1 # Reduce number of codegen units to increase optimizations
+panic = 'abort'   # Abort on panic
+strip = true      # Strip symbols from binary*

GPClient/CMakeLists.txt

@@ -1,104 +0,0 @@
-include("${CMAKE_SOURCE_DIR}/cmake/Add3rdParty.cmake")
-
-project(GPClient)
-
-set(gpclient_GENERATED_SOURCES)
-
-configure_file(com.yuezk.qt.gpclient.desktop.in com.yuezk.qt.gpclient.desktop)
-configure_file(com.yuezk.qt.gpclient.metainfo.xml.in com.yuezk.qt.gpclient.metainfo.xml)
-
-qt5_add_dbus_interface(
-    gpclient_GENERATED_SOURCES
-    ${CMAKE_BINARY_DIR}/com.yuezk.qt.GPService.xml
-    gpserviceinterface
-)
-
-add_executable(gpclient
-    cdpcommand.cpp
-    cdpcommandmanager.cpp
-    enhancedwebview.cpp
-    gatewayauthenticator.cpp
-    gatewayauthenticatorparams.cpp
-    gpgateway.cpp
-    gphelper.cpp
-    loginparams.cpp
-    main.cpp
-    normalloginwindow.cpp
-    portalauthenticator.cpp
-    portalconfigresponse.cpp
-    preloginresponse.cpp
-    samlloginwindow.cpp
-    gpclient.cpp
-    settingsdialog.cpp
-    gpclient.ui
-    normalloginwindow.ui
-    settingsdialog.ui
-    challengedialog.h
-    challengedialog.cpp
-    challengedialog.ui
-    vpn_dbus.cpp
-    vpn_json.cpp
-    resources.qrc
-    ${gpclient_GENERATED_SOURCES}
-)
-
-add_3rdparty(
-    SingleApplication
-    GIT_REPOSITORY https://github.com/itay-grudev/SingleApplication.git
-    GIT_TAG v3.3.0
-    CMAKE_ARGS
-        -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}
-        -DCMAKE_CXX_FLAGS_RELEASE=${CMAKE_CXX_FLAGS_RELEASE}
-        -DCMAKE_FIND_ROOT_PATH=${CMAKE_FIND_ROOT_PATH}
-        -DCMAKE_PREFIX_PATH=$ENV{CMAKE_PREFIX_PATH}
-        -DQAPPLICATION_CLASS=QApplication
-)
-
-add_3rdparty(
-    plog
-    GIT_REPOSITORY https://github.com/SergiusTheBest/plog.git
-    GIT_TAG master
-    CMAKE_ARGS
-        -DPLOG_BUILD_SAMPLES=OFF
-        -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}
-        -DCMAKE_CXX_FLAGS_RELEASE=${CMAKE_CXX_FLAGS_RELEASE}
-)
-
-ExternalProject_Get_Property(SingleApplication-${PROJECT_NAME} SOURCE_DIR BINARY_DIR)
-set(SingleApplication_INCLUDE_DIR ${SOURCE_DIR})
-set(SingleApplication_LIBRARY ${BINARY_DIR}/libSingleApplication.a)
-
-ExternalProject_Get_Property(plog-${PROJECT_NAME} SOURCE_DIR)
-set(plog_INCLUDE_DIR "${SOURCE_DIR}/include")
-
-add_dependencies(gpclient SingleApplication-${PROJECT_NAME} plog-${PROJECT_NAME})
-
-target_include_directories(gpclient PRIVATE
-    ${CMAKE_BINARY_DIR}
-    ${CMAKE_CURRENT_SOURCE_DIR}
-    ${CMAKE_CURRENT_BINARY_DIR}
-    ${SingleApplication_INCLUDE_DIR}
-    ${plog_INCLUDE_DIR}
-)
-
-target_link_libraries(gpclient
-    ${SingleApplication_LIBRARY}
-    Qt5::Widgets
-    Qt5::Network
-    Qt5::WebSockets
-    Qt5::WebEngine
-    Qt5::WebEngineWidgets
-    Qt5::DBus
-    QtSignals
-)
-
-if (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 8.0)
-    target_compile_options(gpclient PUBLIC "-ffile-prefix-map=${CMAKE_SOURCE_DIR}=.")
-endif()
-
-target_compile_definitions(gpclient PUBLIC QAPPLICATION_CLASS=QApplication)
-
-install(TARGETS gpclient DESTINATION bin)
-install(FILES "${CMAKE_CURRENT_BINARY_DIR}/com.yuezk.qt.gpclient.metainfo.xml" DESTINATION share/metainfo)
-install(FILES "${CMAKE_CURRENT_BINARY_DIR}/com.yuezk.qt.gpclient.desktop" DESTINATION share/applications)
-install(FILES "com.yuezk.qt.gpclient.svg" DESTINATION share/icons/hicolor/scalable/apps)

GPClient/cdpcommand.cpp

@@ -1,30 +0,0 @@
-#include <QtCore/QVariantMap>
-#include <QtCore/QJsonDocument>
-#include <QtCore/QJsonObject>
-
-#include "cdpcommand.h"
-
-CDPCommand::CDPCommand(QObject *parent) : QObject(parent)
-{
-}
-
-CDPCommand::CDPCommand(int id, QString cmd, QVariantMap& params) :
-    QObject(nullptr),
-    id(id),
-    cmd(cmd),
-    params(&params)
-{
-}
-
-QByteArray CDPCommand::toJson()
-{
-    QVariantMap payloadMap;
-    payloadMap["id"] = id;
-    payloadMap["method"] = cmd;
-    payloadMap["params"] = *params;
-
-    QJsonObject payloadJsonObject = QJsonObject::fromVariantMap(payloadMap);
-    QJsonDocument payloadJson(payloadJsonObject);
-
-    return payloadJson.toJson();
-}

GPClient/cdpcommand.h

@@ -1,24 +0,0 @@
-#ifndef CDPCOMMAND_H
-#define CDPCOMMAND_H
-
-#include <QtCore/QObject>
-
-class CDPCommand : public QObject
-{
-    Q_OBJECT
-public:
-    explicit CDPCommand(QObject *parent = nullptr);
-    CDPCommand(int id, QString cmd, QVariantMap& params);
-
-    QByteArray toJson();
-
-signals:
-    void finished();
-
-private:
-    int id;
-    QString cmd;
-    QVariantMap *params;
-};
-
-#endif // CDPCOMMAND_H

GPClient/cdpcommandmanager.cpp

@@ -1,87 +0,0 @@
-#include <QtCore/QVariantMap>
-#include <plog/Log.h>
-
-#include "cdpcommandmanager.h"
-
-CDPCommandManager::CDPCommandManager(QObject *parent)
-    : QObject(parent)
-    , networkManager(new QNetworkAccessManager)
-    , socket(new QWebSocket)
-{
-    // WebSocket setup
-    QObject::connect(socket, &QWebSocket::connected, this, &CDPCommandManager::ready);
-    QObject::connect(socket, &QWebSocket::textMessageReceived, this, &CDPCommandManager::onTextMessageReceived);
-    QObject::connect(socket, &QWebSocket::disconnected, this, &CDPCommandManager::onSocketDisconnected);
-    QObject::connect(socket, QOverload<QAbstractSocket::SocketError>::of(&QWebSocket::error), this, &CDPCommandManager::onSocketError);
-}
-
-CDPCommandManager::~CDPCommandManager()
-{
-    delete networkManager;
-    delete socket;
-}
-
-void CDPCommandManager::initialize(QString endpoint)
-{
-    QNetworkReply *reply = networkManager->get(QNetworkRequest(endpoint));
-
-    QObject::connect(
-        reply, &QNetworkReply::finished,
-        [reply, this]() {
-            if (reply->error()) {
-                PLOGE << "CDP request error";
-                return;
-            }
-
-            QJsonDocument doc = QJsonDocument::fromJson(reply->readAll());
-            QJsonArray pages = doc.array();
-            QJsonObject page = pages.first().toObject();
-            QString wsUrl = page.value("webSocketDebuggerUrl").toString();
-
-            socket->open(wsUrl);
-        }
-    );
-}
-
-CDPCommand *CDPCommandManager::sendCommand(QString cmd)
-{
-    QVariantMap emptyParams;
-    return sendCommend(cmd, emptyParams);
-}
-
-CDPCommand *CDPCommandManager::sendCommend(QString cmd, QVariantMap &params)
-{
-    int id = ++commandId;
-    CDPCommand *command = new CDPCommand(id, cmd, params);
-    socket->sendTextMessage(command->toJson());
-    commandPool.insert(id, command);
-
-    return command;
-}
-
-void CDPCommandManager::onTextMessageReceived(QString message)
-{
-    QJsonDocument responseDoc = QJsonDocument::fromJson(message.toUtf8());
-    QJsonObject response = responseDoc.object();
-
-    // Response for method
-    if (response.contains("id")) {
-        int id = response.value("id").toInt();
-        if (commandPool.contains(id)) {
-            CDPCommand *command = commandPool.take(id);
-            command->finished();
-        }
-    } else { // Response for event
-        emit eventReceived(response.value("method").toString(), response.value("params").toObject());
-    }
-}
-
-void CDPCommandManager::onSocketDisconnected()
-{
-    PLOGI << "WebSocket disconnected";
-}
-
-void CDPCommandManager::onSocketError(QAbstractSocket::SocketError error)
-{
-    PLOGE << "WebSocket error" << error;
-}

GPClient/cdpcommandmanager.h

@@ -1,40 +0,0 @@
-#ifndef CDPCOMMANDMANAGER_H
-#define CDPCOMMANDMANAGER_H
-
-#include <QtCore/QObject>
-#include <QtCore/QHash>
-#include <QtWebSockets/QtWebSockets>
-#include <QtNetwork/QNetworkAccessManager>
-
-#include "cdpcommand.h"
-
-class CDPCommandManager : public QObject
-{
-    Q_OBJECT
-public:
-    explicit CDPCommandManager(QObject *parent = nullptr);
-    ~CDPCommandManager();
-
-    void initialize(QString endpoint);
-
-    CDPCommand *sendCommand(QString cmd);
-    CDPCommand *sendCommend(QString cmd, QVariantMap& params);
-
-signals:
-    void ready();
-    void eventReceived(QString eventName, QJsonObject params);
-
-private:
-    QNetworkAccessManager *networkManager;
-    QWebSocket *socket;
-
-    int commandId = 0;
-    QHash<int, CDPCommand*> commandPool;
-
-private slots:
-    void onTextMessageReceived(QString message);
-    void onSocketDisconnected();
-    void onSocketError(QAbstractSocket::SocketError error);
-};
-
-#endif // CDPCOMMANDMANAGER_H

GPClient/challengedialog.cpp

@@ -1,38 +0,0 @@
-#include <QtWidgets/QDialogButtonBox>
-#include <QtWidgets/QPushButton>
-
-#include "challengedialog.h"
-#include "ui_challengedialog.h"
-
-ChallengeDialog::ChallengeDialog(QWidget *parent) :
-    QDialog(parent),
-    ui(new Ui::ChallengeDialog)
-{
-    ui->setupUi(this);
-    ui->buttonBox->button(QDialogButtonBox::Ok)->setDisabled(true);
-}
-
-ChallengeDialog::~ChallengeDialog()
-{
-    delete ui;
-}
-
-void ChallengeDialog::setMessage(const QString &message)
-{
-    ui->challengeMessage->setText(message);
-}
-
-const QString ChallengeDialog::getChallenge()
-{
-    return ui->challengeInput->text();
-}
-
-void ChallengeDialog::on_challengeInput_textChanged(const QString &value)
-{
-    QPushButton *okBtn = ui->buttonBox->button(QDialogButtonBox::Ok);
-    if (value.isEmpty()) {
-        okBtn->setDisabled(true);
-    } else {
-        okBtn->setEnabled(true);
-    }
-}

GPClient/challengedialog.h

@@ -1,28 +0,0 @@
-#ifndef CHALLENGEDIALOG_H
-#define CHALLENGEDIALOG_H
-
-#include <QDialog>
-
-namespace Ui {
-class ChallengeDialog;
-}
-
-class ChallengeDialog : public QDialog
-{
-    Q_OBJECT
-
-public:
-    explicit ChallengeDialog(QWidget *parent = nullptr);
-    ~ChallengeDialog();
-
-    void setMessage(const QString &message);
-    const QString getChallenge();
-
-private slots:
-    void on_challengeInput_textChanged(const QString &arg1);
-
-private:
-    Ui::ChallengeDialog *ui;
-};
-
-#endif // CHALLENGEDIALOG_H

GPClient/challengedialog.ui

@@ -1,111 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<ui version="4.0">
- <class>ChallengeDialog</class>
- <widget class="QDialog" name="ChallengeDialog">
-  <property name="geometry">
-   <rect>
-    <x>0</x>
-    <y>0</y>
-    <width>405</width>
-    <height>200</height>
-   </rect>
-  </property>
-  <property name="windowTitle">
-   <string>GlobalProtect Challenge</string>
-  </property>
-  <property name="modal">
-   <bool>true</bool>
-  </property>
-  <layout class="QVBoxLayout" name="verticalLayout">
-   <item>
-    <layout class="QVBoxLayout" name="verticalLayout_2" stretch="1,1">
-     <item>
-      <widget class="QLabel" name="label">
-       <property name="font">
-        <font>
-         <pointsize>14</pointsize>
-         <weight>50</weight>
-         <bold>false</bold>
-        </font>
-       </property>
-       <property name="text">
-        <string>Sign In</string>
-       </property>
-      </widget>
-     </item>
-     <item>
-      <widget class="QLabel" name="challengeMessage">
-       <property name="text">
-        <string>Duo two-factor login for [redacted]  Enter a passcode or select one of the following options:   1. Duo Push to XXX-XXX-[redacted]  2. SMS passcodes to XXX-XXX-[redacted]  Passcode or option (1-2): </string>
-       </property>
-       <property name="alignment">
-        <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set>
-       </property>
-       <property name="wordWrap">
-        <bool>true</bool>
-       </property>
-      </widget>
-     </item>
-    </layout>
-   </item>
-   <item>
-    <widget class="QLineEdit" name="challengeInput">
-     <property name="echoMode">
-      <enum>QLineEdit::Password</enum>
-     </property>
-    </widget>
-   </item>
-   <item>
-    <widget class="QDialogButtonBox" name="buttonBox">
-     <property name="layoutDirection">
-      <enum>Qt::LeftToRight</enum>
-     </property>
-     <property name="orientation">
-      <enum>Qt::Horizontal</enum>
-     </property>
-     <property name="standardButtons">
-      <set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
-     </property>
-     <property name="centerButtons">
-      <bool>false</bool>
-     </property>
-    </widget>
-   </item>
-  </layout>
- </widget>
- <resources/>
- <connections>
-  <connection>
-   <sender>buttonBox</sender>
-   <signal>accepted()</signal>
-   <receiver>ChallengeDialog</receiver>
-   <slot>accept()</slot>
-   <hints>
-    <hint type="sourcelabel">
-     <x>248</x>
-     <y>254</y>
-    </hint>
-    <hint type="destinationlabel">
-     <x>157</x>
-     <y>274</y>
-    </hint>
-   </hints>
-  </connection>
-  <connection>
-   <sender>buttonBox</sender>
-   <signal>rejected()</signal>
-   <receiver>ChallengeDialog</receiver>
-   <slot>reject()</slot>
-   <hints>
-    <hint type="sourcelabel">
-     <x>316</x>
-     <y>260</y>
-    </hint>
-    <hint type="destinationlabel">
-     <x>286</x>
-     <y>274</y>
-    </hint>
-   </hints>
-  </connection>
- </connections>
-</ui>

GPClient/com.yuezk.qt.gpclient.desktop.in

@@ -1,12 +0,0 @@
-[Desktop Entry]
-
-Type=Application
-Version=1.0
-Name=GlobalProtect VPN
-Comment=A GlobalProtect VPN client (GUI) for Linux based on OpenConnect and built with Qt5, supports SAML auth mode.
-GenericName=GlobalProtect VPN client, supports SAML auth mode
-Categories=Network;Dialup;
-Exec=@CMAKE_INSTALL_PREFIX@/bin/gpclient
-Icon=com.yuezk.qt.gpclient
-Keywords=GlobalProtect;Openconnect;SAML;connection;VPN;
-StartupWMClass=gpclient

GPClient/com.yuezk.qt.gpclient.metainfo.xml.in

@@ -1,43 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<component type="desktop-application">
-    <id>com.yuezk.qt.gpclient</id>
-
-    <name>globalprotect-openconnect</name>
-    <summary>A GlobalProtect VPN client powered by OpenConnect</summary>
-
-    <metadata_license>CC0-1.0</metadata_license>
-    <project_license>AGPL-3.0-or-later</project_license>
-
-    <description>
-        <p>A GlobalProtect VPN client (GUI) for Linux based on OpenConnect and built with Qt5, supports the SAML auth mode.</p>
-    </description>
-
-    <categories>
-        <category>Network</category>
-    </categories>
-
-    <update_contact>k3vinyue_AT_gmail.com</update_contact>
-    <developer_name>Kevin Yue</developer_name>
-
-    <url type="homepage">https://github.com/yuezk/GlobalProtect-openconnect</url>
-    <url type="bugtracker">https://github.com/yuezk/GlobalProtect-openconnect/issues</url>
-    <url type="help">https://github.com/yuezk/GlobalProtect-openconnect/issues</url>
-
-    <keywords>
-        <keyword>globalprotect</keyword>
-        <keyword>openconnect</keyword>
-        <keyword>vpn</keyword>
-        <keyword>saml</keyword>
-    </keywords>
-
-    <launchable type="desktop-id">com.yuezk.qt.gpclient.desktop</launchable>
-    <screenshots>
-        <screenshot type="default">
-            <image>https://user-images.githubusercontent.com/3297602/133869036-5c02b0d9-c2d9-4f87-8c81-e44f68cfd6ac.png</image>
-        </screenshot>
-    </screenshots>
-    <provides>
-        <binary>@CMAKE_INSTALL_PREFIX@/bin/gpclient</binary>
-        <dbus type="system">com.yuezk.qt.GPService</dbus>
-    </provides>
-</component>

GPClient/enhancedwebview.cpp

@@ -1,36 +0,0 @@
-#include <QtCore/QProcessEnvironment>
-#include <QtWebEngineWidgets/QWebEngineView>
-
-#include "enhancedwebview.h"
-#include "cdpcommandmanager.h"
-
-EnhancedWebView::EnhancedWebView(QWidget *parent)
-    : QWebEngineView(parent)
-    , cdp(new CDPCommandManager)
-{
-    QObject::connect(cdp, &CDPCommandManager::ready, this, &EnhancedWebView::onCDPReady);
-    QObject::connect(cdp, &CDPCommandManager::eventReceived, this, &EnhancedWebView::onEventReceived);
-}
-
-EnhancedWebView::~EnhancedWebView()
-{
-    delete cdp;
-}
-
-void EnhancedWebView::initialize()
-{
-    QString port = QProcessEnvironment::systemEnvironment().value(ENV_CDP_PORT);
-    cdp->initialize("http://127.0.0.1:" + port + "/json");
-}
-
-void EnhancedWebView::onCDPReady()
-{
-    cdp->sendCommand("Network.enable");
-}
-
-void EnhancedWebView::onEventReceived(QString eventName, QJsonObject params)
-{
-    if (eventName == "Network.responseReceived") {
-        emit responseReceived(params);
-    }
-}

GPClient/enhancedwebview.h

@@ -1,30 +0,0 @@
-#ifndef ENHANCEDWEBVIEW_H
-#define ENHANCEDWEBVIEW_H
-
-#include <QtWebEngineWidgets/QWebEngineView>
-
-#include "cdpcommandmanager.h"
-
-#define ENV_CDP_PORT "QTWEBENGINE_REMOTE_DEBUGGING"
-
-class EnhancedWebView : public QWebEngineView
-{
-    Q_OBJECT
-public:
-    explicit EnhancedWebView(QWidget *parent = nullptr);
-    ~EnhancedWebView();
-
-    void initialize();
-
-signals:
-    void responseReceived(QJsonObject params);
-
-private slots:
-    void onCDPReady();
-    void onEventReceived(QString eventName, QJsonObject params);
-
-private:
-    CDPCommandManager *cdp;
-};
-
-#endif // ENHANCEDWEBVIEW_H

GPClient/gatewayauthenticator.cpp

@@ -1,226 +0,0 @@
-#include <QtNetwork/QNetworkReply>
-#include <QtCore/QRegularExpression>
-#include <QtCore/QRegularExpressionMatch>
-#include <plog/Log.h>
-
-#include "gatewayauthenticator.h"
-#include "gphelper.h"
-#include "loginparams.h"
-#include "preloginresponse.h"
-#include "challengedialog.h"
-
-using namespace gpclient::helper;
-
-GatewayAuthenticator::GatewayAuthenticator(const QString& gateway, GatewayAuthenticatorParams params)
-    : QObject()
-    , gateway(gateway)
-    , params(params)
-    , preloginUrl("https://" + gateway + "/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100")
-    , loginUrl("https://" + gateway + "/ssl-vpn/login.esp")
-{
-    if (!params.clientos().isEmpty()) {
-        preloginUrl = preloginUrl + "&clientos=" + params.clientos();
-    }
-}
-
-GatewayAuthenticator::~GatewayAuthenticator()
-{
-    delete normalLoginWindow;
-}
-
-void GatewayAuthenticator::authenticate()
-{
-    PLOGI << "Start gateway authentication...";
-
-    LoginParams loginParams { params.clientos() };
-    loginParams.setUser(params.username());
-    loginParams.setPassword(params.password());
-    loginParams.setUserAuthCookie(params.userAuthCookie());
-    loginParams.setInputStr(params.inputStr());
-
-    login(loginParams);
-}
-
-void GatewayAuthenticator::login(const LoginParams &loginParams)
-{
-    PLOGI << "Trying to login the gateway at " << loginUrl << " with " << loginParams.toUtf8();
-
-    QNetworkReply *reply = createRequest(loginUrl, loginParams.toUtf8());
-    connect(reply, &QNetworkReply::finished, this, &GatewayAuthenticator::onLoginFinished);
-}
-
-void GatewayAuthenticator::onLoginFinished()
-{
-    QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
-    QByteArray response = reply->readAll();
-
-    if (reply->error() || response.contains("Authentication failure")) {
-        PLOGE << QString("Failed to login the gateway at %1, %2").arg(loginUrl, reply->errorString());
-
-        if (normalLoginWindow) {
-            normalLoginWindow->setProcessing(false);
-            openMessageBox("Gateway login failed.", "Please check your credentials and try again.");
-        } else {
-            doAuth();
-        }
-        return;
-    }
-
-    // 2FA
-    if (response.contains("Challenge")) {
-        PLOGI << "The server need input the challenge...";
-        showChallenge(response);
-        return;
-    }
-
-    if (normalLoginWindow) {
-        normalLoginWindow->close();
-    }
-
-    const QUrlQuery params = gpclient::helper::parseGatewayResponse(response);
-    emit success(params.toString());
-}
-
-void GatewayAuthenticator::doAuth()
-{
-    PLOGI << "Perform the gateway prelogin at " << preloginUrl;
-
-    QNetworkReply *reply = createRequest(preloginUrl);
-    connect(reply, &QNetworkReply::finished, this, &GatewayAuthenticator::onPreloginFinished);
-}
-
-void GatewayAuthenticator::onPreloginFinished()
-{
-    QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
-
-    if (reply->error()) {
-        PLOGE << QString("Failed to prelogin the gateway at %1, %2").arg(preloginUrl, reply->errorString());
-
-        emit fail("Error occurred on the gateway prelogin interface.");
-        return;
-    }
-
-    PLOGI << "Gateway prelogin succeeded.";
-
-    PreloginResponse response = PreloginResponse::parse(reply->readAll());
-
-    if (response.hasSamlAuthFields()) {
-        samlAuth(response.samlMethod(), response.samlRequest(), reply->url().toString());
-    } else if (response.hasNormalAuthFields()) {
-        normalAuth(response.labelUsername(), response.labelPassword(), response.authMessage());
-    } else {
-        PLOGE << QString("Unknown prelogin response for %1, got %2").arg(preloginUrl, QString::fromUtf8(response.rawResponse()));
-        emit fail("Unknown response for gateway prelogin interface.");
-    }
-
-    delete reply;
-}
-
-void GatewayAuthenticator::normalAuth(QString labelUsername, QString labelPassword, QString authMessage)
-{
-    PLOGI << QString("Trying to perform the normal login with %1 / %2 credentials").arg(labelUsername, labelPassword);
-
-    normalLoginWindow = new NormalLoginWindow;
-    normalLoginWindow->setPortalAddress(gateway);
-    normalLoginWindow->setAuthMessage(authMessage);
-    normalLoginWindow->setUsernameLabel(labelUsername);
-    normalLoginWindow->setPasswordLabel(labelPassword);
-
-    // Do login
-    connect(normalLoginWindow, &NormalLoginWindow::performLogin, this, &GatewayAuthenticator::onPerformNormalLogin);
-    connect(normalLoginWindow, &NormalLoginWindow::rejected, this, &GatewayAuthenticator::onLoginWindowRejected);
-    connect(normalLoginWindow, &NormalLoginWindow::finished, this, &GatewayAuthenticator::onLoginWindowFinished);
-
-    normalLoginWindow->show();
-}
-
-void GatewayAuthenticator::onPerformNormalLogin(const QString &username, const QString &password)
-{
-    PLOGI << "Start to perform normal login...";
-
-    normalLoginWindow->setProcessing(true);
-    params.setUsername(username);
-    params.setPassword(password);
-    
-    authenticate();
-}
-
-void GatewayAuthenticator::onLoginWindowRejected()
-{
-    emit fail();
-}
-
-void GatewayAuthenticator::onLoginWindowFinished()
-{
-    delete normalLoginWindow;
-    normalLoginWindow = nullptr;
-}
-
-void GatewayAuthenticator::samlAuth(QString samlMethod, QString samlRequest, QString preloginUrl)
-{
-    PLOGI << "Trying to perform SAML login with saml-method " << samlMethod;
-
-    SAMLLoginWindow *loginWindow = new SAMLLoginWindow;
-
-    connect(loginWindow, &SAMLLoginWindow::success, this, &GatewayAuthenticator::onSAMLLoginSuccess);
-    connect(loginWindow, &SAMLLoginWindow::fail, this, &GatewayAuthenticator::onSAMLLoginFail);
-    connect(loginWindow, &SAMLLoginWindow::rejected, this, &GatewayAuthenticator::onLoginWindowRejected);
-
-    loginWindow->login(samlMethod, samlRequest, preloginUrl);
-}
-
-void GatewayAuthenticator::onSAMLLoginSuccess(const QMap<QString, QString> &samlResult)
-{
-    if (samlResult.contains("preloginCookie")) {
-        PLOGI << "SAML login succeeded, got the prelogin-cookie " << samlResult.value("preloginCookie");
-    } else {
-        PLOGI << "SAML login succeeded, got the portal-userauthcookie " << samlResult.value("userAuthCookie");
-    }
-
-    LoginParams loginParams { params.clientos() };
-    loginParams.setUser(samlResult.value("username"));
-    loginParams.setPreloginCookie(samlResult.value("preloginCookie"));
-    loginParams.setUserAuthCookie(samlResult.value("userAuthCookie"));
-
-    login(loginParams);
-}
-
-void GatewayAuthenticator::onSAMLLoginFail(const QString msg)
-{
-    emit fail(msg);
-}
-
-void GatewayAuthenticator::showChallenge(const QString &responseText)
-{
-    QRegularExpression re("\"(.*?)\";");
-    QRegularExpressionMatchIterator i = re.globalMatch(responseText);
-
-    i.next(); // Skip the status value
-    QString message = i.next().captured(1);
-    QString inputStr = i.next().captured(1);
-    // update the inputSrc field
-    params.setInputStr(inputStr);
-
-    challengeDialog = new ChallengeDialog;
-    challengeDialog->setMessage(message);
-
-    connect(challengeDialog, &ChallengeDialog::accepted, this, [this] {
-        params.setPassword(challengeDialog->getChallenge());
-        PLOGI << "Challenge submitted, try to re-authenticate...";
-        authenticate();
-    });
-
-    connect(challengeDialog, &ChallengeDialog::rejected, this, [this] {
-        if (normalLoginWindow) {
-            normalLoginWindow->close();
-        }
-        emit fail();
-    });
-
-    connect(challengeDialog, &ChallengeDialog::finished, this, [this] {
-        delete challengeDialog;
-        challengeDialog = nullptr;
-    });
-
-    challengeDialog->show();
-}

GPClient/gatewayauthenticator.h

@@ -1,49 +0,0 @@
-#ifndef GATEWAYAUTHENTICATOR_H
-#define GATEWAYAUTHENTICATOR_H
-
-#include <QtCore/QObject>
-
-#include "normalloginwindow.h"
-#include "challengedialog.h"
-#include "loginparams.h"
-#include "gatewayauthenticatorparams.h"
-
-class GatewayAuthenticator : public QObject
-{
-    Q_OBJECT
-public:
-    explicit GatewayAuthenticator(const QString& gateway, GatewayAuthenticatorParams params);
-    ~GatewayAuthenticator();
-
-    void authenticate();
-
-signals:
-    void success(const QString& authCookie);
-    void fail(const QString& msg = "");
-
-private slots:
-    void onLoginFinished();
-    void onPreloginFinished();
-    void onPerformNormalLogin(const QString &username, const QString &password);
-    void onLoginWindowRejected();
-    void onLoginWindowFinished();
-    void onSAMLLoginSuccess(const QMap<QString, QString> &samlResult);
-    void onSAMLLoginFail(const QString msg);
-
-private:
-    QString gateway;
-    GatewayAuthenticatorParams params;
-    QString preloginUrl;
-    QString loginUrl;
-
-    NormalLoginWindow *normalLoginWindow{ nullptr };
-    ChallengeDialog *challengeDialog{ nullptr };
-
-    void login(const LoginParams& loginParams);
-    void doAuth();
-    void normalAuth(QString labelUsername, QString labelPassword, QString authMessage);
-    void samlAuth(QString samlMethod, QString samlRequest, QString preloginUrl = "");
-    void showChallenge(const QString &responseText);
-};
-
-#endif // GATEWAYAUTHENTICATOR_H

GPClient/gatewayauthenticatorparams.cpp

@@ -1,67 +0,0 @@
-#include "gatewayauthenticatorparams.h"
-
-GatewayAuthenticatorParams::GatewayAuthenticatorParams()
-{
-
-}
-
-GatewayAuthenticatorParams GatewayAuthenticatorParams::fromPortalConfigResponse(const PortalConfigResponse &portalConfig)
-{
-    GatewayAuthenticatorParams params;
-    params.setUsername(portalConfig.username());
-    params.setPassword(portalConfig.password());
-    params.setUserAuthCookie(portalConfig.userAuthCookie());
-
-    return params;
-}
-
-const QString &GatewayAuthenticatorParams::username() const
-{
-    return m_username;
-}
-
-void GatewayAuthenticatorParams::setUsername(const QString &newUsername)
-{
-    m_username = newUsername;
-}
-
-const QString &GatewayAuthenticatorParams::password() const
-{
-    return m_password;
-}
-
-void GatewayAuthenticatorParams::setPassword(const QString &newPassword)
-{
-    m_password = newPassword;
-}
-
-const QString &GatewayAuthenticatorParams::userAuthCookie() const
-{
-    return m_userAuthCookie;
-}
-
-void GatewayAuthenticatorParams::setUserAuthCookie(const QString &newUserAuthCookie)
-{
-    m_userAuthCookie = newUserAuthCookie;
-}
-
-const QString &GatewayAuthenticatorParams::clientos() const
-{
-    return m_clientos;
-}
-
-void GatewayAuthenticatorParams::setClientos(const QString &newClientos)
-{
-    m_clientos = newClientos;
-}
-
-const QString &GatewayAuthenticatorParams::inputStr() const
-{
-    return m_inputStr;
-}
-
-void GatewayAuthenticatorParams::setInputStr(const QString &inputStr)
-{
-    m_inputStr = inputStr;
-}
-

GPClient/gatewayauthenticatorparams.h

@@ -1,38 +0,0 @@
-#ifndef GATEWAYAUTHENTICATORPARAMS_H
-#define GATEWAYAUTHENTICATORPARAMS_H
-
-#include <QtCore/QString>
-
-#include "portalconfigresponse.h"
-
-class GatewayAuthenticatorParams
-{
-public:
-    GatewayAuthenticatorParams();
-
-    static GatewayAuthenticatorParams fromPortalConfigResponse(const PortalConfigResponse &portalConfig);
-
-    const QString &username() const;
-    void setUsername(const QString &newUsername);
-
-    const QString &password() const;
-    void setPassword(const QString &newPassword);
-
-    const QString &userAuthCookie() const;
-    void setUserAuthCookie(const QString &newUserAuthCookie);
-
-    const QString &clientos() const;
-    void setClientos(const QString &newClientos);
-
-    const QString &inputStr() const;
-    void setInputStr(const QString &inputStr);
-
-private:
-    QString m_username;
-    QString m_password;
-    QString m_userAuthCookie;
-    QString m_clientos;
-    QString m_inputStr;
-};
-
-#endif // GATEWAYAUTHENTICATORPARAMS_H

GPClient/gpclient.cpp

@@ -1,500 +0,0 @@
-#include <QtGui/QIcon>
-#include <plog/Log.h>
-
-#include "gpclient.h"
-#include "gphelper.h"
-#include "ui_gpclient.h"
-#include "portalauthenticator.h"
-#include "gatewayauthenticator.h"
-#include "settingsdialog.h"
-#include "gatewayauthenticatorparams.h"
-
-using namespace gpclient::helper;
-
-GPClient::GPClient(QWidget *parent, IVpn *vpn)
-    : QMainWindow(parent)
-    , ui(new Ui::GPClient)
-    , vpn(vpn)
-    , settingsDialog(new SettingsDialog(this))
-{
-    ui->setupUi(this);
-
-    setWindowTitle("GlobalProtect");
-    setFixedSize(width(), height());
-    gpclient::helper::moveCenter(this);
-
-    setupSettings();
-
-    // Restore portal from the previous settings
-    this->portal(settings::get("portal", "").toString());
-
-    // DBus service setup
-    QObject *ov = dynamic_cast<QObject*>(vpn);
-    connect(ov, SIGNAL(connected()), this, SLOT(onVPNConnected()));
-    connect(ov, SIGNAL(disconnected()), this, SLOT(onVPNDisconnected()));
-    connect(ov, SIGNAL(error(QString)), this, SLOT(onVPNError(QString)));
-    connect(ov, SIGNAL(logAvailable(QString)), this, SLOT(onVPNLogAvailable(QString)));
-
-    // Initiallize the context menu of system tray.
-    initSystemTrayIcon();
-    initVpnStatus();
-}
-
-GPClient::~GPClient()
-{
-    delete ui;
-    delete vpn;
-    delete settingsDialog;
-    delete settingsButton;
-}
-
-void GPClient::setupSettings()
-{
-    settingsButton = new QPushButton(this);
-    settingsButton->setIcon(QIcon(":/images/settings_icon.png"));
-    settingsButton->setFixedSize(QSize(28, 28));
-
-    QRect rect = this->geometry();
-    settingsButton->setGeometry(
-                rect.width() - settingsButton->width() - 15,
-                15,
-                settingsButton->geometry().width(),
-                settingsButton->geometry().height()
-                );
-
-    connect(settingsButton, &QPushButton::clicked, this, &GPClient::onSettingsButtonClicked);
-    connect(settingsDialog, &QDialog::accepted, this, &GPClient::onSettingsAccepted);
-}
-
-void GPClient::onSettingsButtonClicked()
-{
-    settingsDialog->setExtraArgs(settings::get("extraArgs", "").toString());
-    settingsDialog->setClientos(settings::get("clientos", "Linux").toString());
-    settingsDialog->show();
-}
-
-void GPClient::onSettingsAccepted()
-{
-    settings::save("extraArgs", settingsDialog->extraArgs());
-    settings::save("clientos", settingsDialog->clientos());
-}
-
-void GPClient::on_connectButton_clicked()
-{
-    doConnect();
-}
-
-void GPClient::on_portalInput_returnPressed()
-{
-    doConnect();
-}
-
-void GPClient::on_portalInput_editingFinished()
-{
-    populateGatewayMenu();
-}
-
-void GPClient::initSystemTrayIcon()
-{
-    systemTrayIcon = new QSystemTrayIcon(this);
-    contextMenu = new QMenu("GlobalProtect", this);
-
-    gatewaySwitchMenu = new QMenu("Switch Gateway", this);
-    gatewaySwitchMenu->setIcon(QIcon::fromTheme("network-workgroup"));
-    populateGatewayMenu();
-
-    systemTrayIcon->setIcon(QIcon(":/images/not_connected.png"));
-    systemTrayIcon->setToolTip("GlobalProtect");
-    systemTrayIcon->setContextMenu(contextMenu);
-
-    connect(systemTrayIcon, &QSystemTrayIcon::activated, this, &GPClient::onSystemTrayActivated);
-    connect(gatewaySwitchMenu, &QMenu::triggered, this, &GPClient::onGatewayChanged);
-
-    openAction = contextMenu->addAction(QIcon::fromTheme("window-new"), "Open", this, &GPClient::activate);
-    connectAction = contextMenu->addAction(QIcon::fromTheme("preferences-system-network"), "Connect", this, &GPClient::doConnect);
-    contextMenu->addMenu(gatewaySwitchMenu);
-    contextMenu->addSeparator();
-    clearAction = contextMenu->addAction(QIcon::fromTheme("edit-clear"), "Reset Settings", this, &GPClient::clearSettings);
-    quitAction = contextMenu->addAction(QIcon::fromTheme("application-exit"), "Quit", this, &GPClient::quit);
-
-    systemTrayIcon->show();
-}
-
-void GPClient::initVpnStatus() {
-    int status = vpn->status();
-
-    if (status == 1) {
-        ui->statusLabel->setText("Connecting...");
-        updateConnectionStatus(VpnStatus::pending);
-    } else if (status == 2) {
-        updateConnectionStatus(VpnStatus::connected);
-    } else if (status == 3) {
-        ui->statusLabel->setText("Disconnecting...");
-        updateConnectionStatus(VpnStatus::pending);
-    } else {
-        updateConnectionStatus(VpnStatus::disconnected);
-    }
-}
-
-void GPClient::populateGatewayMenu()
-{
-    PLOGI << "Populating the Switch Gateway menu...";
-
-    const QList<GPGateway> gateways = allGateways();
-    gatewaySwitchMenu->clear();
-
-    if (gateways.isEmpty()) {
-        gatewaySwitchMenu->addAction("<None>")->setData(-1);
-        return;
-    }
-
-    const QString currentGatewayName = currentGateway().name();
-    for (int i = 0; i < gateways.length(); i++) {
-        const GPGateway g = gateways.at(i);
-        QString iconImage = ":/images/radio_unselected.png";
-        if (g.name() == currentGatewayName) {
-            iconImage = ":/images/radio_selected.png";
-        }
-        gatewaySwitchMenu->addAction(QIcon(iconImage), g.name())->setData(i);
-    }
-}
-
-void GPClient::updateConnectionStatus(const GPClient::VpnStatus &status)
-{
-    switch (status) {
-        case VpnStatus::disconnected:
-            ui->statusLabel->setText("Not Connected");
-            ui->statusImage->setStyleSheet("image: url(:/images/not_connected.png); padding: 15;");
-            ui->connectButton->setText("Connect");
-            ui->connectButton->setDisabled(false);
-            ui->portalInput->setReadOnly(false);
-
-            systemTrayIcon->setIcon(QIcon{ ":/images/not_connected.png" });
-            connectAction->setEnabled(true);
-            connectAction->setText("Connect");
-            gatewaySwitchMenu->setEnabled(true);
-            clearAction->setEnabled(true);
-            break;
-        case VpnStatus::pending:
-            ui->statusImage->setStyleSheet("image: url(:/images/pending.png); padding: 15;");
-            ui->connectButton->setDisabled(true);
-            ui->portalInput->setReadOnly(true);
-
-            systemTrayIcon->setIcon(QIcon{ ":/images/pending.png" });
-            connectAction->setEnabled(false);
-            gatewaySwitchMenu->setEnabled(false);
-            clearAction->setEnabled(false);
-            break;
-        case VpnStatus::connected:
-            ui->statusLabel->setText("Connected");
-            ui->statusImage->setStyleSheet("image: url(:/images/connected.png); padding: 15;");
-            ui->connectButton->setText("Disconnect");
-            ui->connectButton->setDisabled(false);
-            ui->portalInput->setReadOnly(true);
-
-            systemTrayIcon->setIcon(QIcon{ ":/images/connected.png" });
-            connectAction->setEnabled(true);
-            connectAction->setText("Disconnect");
-            gatewaySwitchMenu->setEnabled(true);
-            clearAction->setEnabled(false);
-            break;
-        default:
-            break;
-    }
-}
-
-void GPClient::onSystemTrayActivated(QSystemTrayIcon::ActivationReason reason)
-{
-    switch (reason) {
-        case QSystemTrayIcon::Trigger:
-        case QSystemTrayIcon::DoubleClick:
-            this->activate();
-            break;
-        default:
-            break;
-    }
-}
-
-void GPClient::onGatewayChanged(QAction *action)
-{
-    const int index = action->data().toInt();
-
-    if (index == -1) {
-        return;
-    }
-
-    const GPGateway g = allGateways().at(index);
-
-    // If the selected gateway is the same as the current gateway
-    if (g.name() == currentGateway().name()) {
-        return;
-    }
-
-    setCurrentGateway(g);
-
-    if (connected()) {
-        ui->statusLabel->setText("Switching Gateway...");
-        ui->connectButton->setEnabled(false);
-
-        vpn->disconnect();
-        isSwitchingGateway = true;
-    }
-}
-
-void GPClient::doConnect()
-{
-    PLOGI << "Start connecting...";
-
-    const QString btnText = ui->connectButton->text();
-    const QString portal = this->portal();
-
-    // Display the main window if portal is empty
-    if (portal.isEmpty()) {
-        activate();
-        return;
-    }
-
-    if (btnText.endsWith("Connect")) {
-        settings::save("portal", portal);
-
-        // Login to the previously saved gateway
-        if (!currentGateway().name().isEmpty()) {
-            PLOGI << "Start gateway login using the previously saved gateway...";
-            isQuickConnect = true;
-            gatewayLogin();
-        } else {
-            // Perform the portal login
-            PLOGI << "Start portal login...";
-            portalLogin();
-        }
-    } else {
-        PLOGI << "Start disconnecting the VPN...";
-
-        ui->statusLabel->setText("Disconnecting...");
-        updateConnectionStatus(VpnStatus::pending);
-        vpn->disconnect();
-    }
-}
-
-// Login to the portal interface to get the portal config and preferred gateway
-void GPClient::portalLogin()
-{
-    PortalAuthenticator *portalAuth = new PortalAuthenticator(portal(), settings::get("clientos", "Linux").toString());
-
-    connect(portalAuth, &PortalAuthenticator::success, this, &GPClient::onPortalSuccess);
-    // Prelogin failed on the portal interface, try to treat the portal as a gateway interface
-    connect(portalAuth, &PortalAuthenticator::preloginFailed, this, &GPClient::onPortalPreloginFail);
-    connect(portalAuth, &PortalAuthenticator::portalConfigFailed, this, &GPClient::onPortalConfigFail);
-    // Portal login failed
-    connect(portalAuth, &PortalAuthenticator::fail, this, &GPClient::onPortalFail);
-
-    ui->statusLabel->setText("Authenticating...");
-    updateConnectionStatus(VpnStatus::pending);
-    portalAuth->authenticate();
-}
-
-void GPClient::onPortalSuccess(const PortalConfigResponse portalConfig, const QString region)
-{
-    PLOGI << "Portal authentication succeeded.";
-
-    // No gateway found in protal configuration
-    if (portalConfig.allGateways().size() == 0) {
-        PLOGI << "No gateway found in portal configuration, treat the portal address as a gateway.";
-        tryGatewayLogin();
-        return;
-    }
-
-    GPGateway gateway = filterPreferredGateway(portalConfig.allGateways(), region);
-    setAllGateways(portalConfig.allGateways());
-    setCurrentGateway(gateway);
-    this->portalConfig = portalConfig;
-
-    gatewayLogin();
-}
-
-void GPClient::onPortalPreloginFail(const QString msg)
-{
-    PLOGI << "Portal prelogin failed: " << msg;
-    tryGatewayLogin();
-}
-
-void GPClient::onPortalConfigFail(const QString msg)
-{
-    PLOGI << "Failed to get the portal configuration, " << msg << " Treat the portal address as gateway.";
-    tryGatewayLogin();
-}
-
-void GPClient::onPortalFail(const QString &msg)
-{
-    if (!msg.isEmpty()) {
-        openMessageBox("Portal authentication failed.", msg);
-    }
-
-    updateConnectionStatus(VpnStatus::disconnected);
-}
-
-void GPClient::tryGatewayLogin()
-{
-    PLOGI << "Try to preform login on the the gateway interface...";
-
-    // Treat the portal input as the gateway address
-    GPGateway g;
-    g.setName(portal());
-    g.setAddress(portal());
-
-    QList<GPGateway> gateways;
-    gateways.append(g);
-
-    setAllGateways(gateways);
-    setCurrentGateway(g);
-
-    gatewayLogin();
-}
-
-// Login to the gateway
-void GPClient::gatewayLogin()
-{
-    PLOGI << "Performing gateway login...";
-
-    GatewayAuthenticatorParams params = GatewayAuthenticatorParams::fromPortalConfigResponse(portalConfig);
-    params.setClientos(settings::get("clientos", "Linux").toString());
-
-    GatewayAuthenticator *gatewayAuth = new GatewayAuthenticator(currentGateway().address(), params);
-
-    connect(gatewayAuth, &GatewayAuthenticator::success, this, &GPClient::onGatewaySuccess);
-    connect(gatewayAuth, &GatewayAuthenticator::fail, this, &GPClient::onGatewayFail);
-
-    ui->statusLabel->setText("Authenticating...");
-    updateConnectionStatus(VpnStatus::pending);
-    gatewayAuth->authenticate();
-}
-
-void GPClient::onGatewaySuccess(const QString &authCookie)
-{
-    PLOGI << "Gateway login succeeded, got the cookie " << authCookie;
-
-    isQuickConnect = false;
-    QList<QString> gatewayAddresses;
-    for (GPGateway &gw : allGateways()) {
-      gatewayAddresses.push_back(gw.address());
-    }
-    vpn->connect(currentGateway().address(), gatewayAddresses, portalConfig.username(), authCookie, settings::get("extraArgs", "").toString());
-    ui->statusLabel->setText("Connecting...");
-    updateConnectionStatus(VpnStatus::pending);
-}
-
-void GPClient::onGatewayFail(const QString &msg)
-{
-    // If the quick connect on gateway failed, perform the portal login
-    if (isQuickConnect && !msg.isEmpty()) {
-        isQuickConnect = false;
-        portalLogin();
-        return;
-    }
-
-    if (!msg.isEmpty()) {
-        openMessageBox("Gateway authentication failed.", msg);
-    }
-
-    updateConnectionStatus(VpnStatus::disconnected);
-}
-
-void GPClient::activate()
-{
-    activateWindow();
-    showNormal();
-}
-
-QString GPClient::portal() const
-{
-    const QString input = ui->portalInput->text().trimmed();
-
-    if (input.startsWith("http")) {
-        return QUrl(input).authority();
-    }
-    return input;
-}
-
-void GPClient::portal(QString p)
-{
-    ui->portalInput->setText(p);
-}
-
-bool GPClient::connected() const
-{
-    const QString statusText = ui->statusLabel->text();
-    return statusText.contains("Connected") && !statusText.contains("Not");
-}
-
-QList<GPGateway> GPClient::allGateways() const
-{
-    const QString gatewaysJson = settings::get(portal() + "_gateways").toString();
-    return GPGateway::fromJson(gatewaysJson);
-}
-
-void GPClient::setAllGateways(QList<GPGateway> gateways)
-{
-    PLOGI << "Updating all the gateways...";
-
-    settings::save(portal() + "_gateways", GPGateway::serialize(gateways));
-    populateGatewayMenu();
-}
-
-GPGateway GPClient::currentGateway() const
-{
-    const QString selectedGateway = settings::get(portal() + "_selectedGateway").toString();
-
-    for (auto g : allGateways()) {
-        if (g.name() == selectedGateway) {
-            return g;
-        }
-    }
-    return GPGateway{};
-}
-
-void GPClient::setCurrentGateway(const GPGateway gateway)
-{
-    PLOGI << "Updating the current gateway to " << gateway.name();
-
-    settings::save(portal() + "_selectedGateway", gateway.name());
-    populateGatewayMenu();
-}
-
-void GPClient::clearSettings()
-{
-    settings::clear();
-    populateGatewayMenu();
-    ui->portalInput->clear();
-}
-
-void GPClient::quit()
-{
-    vpn->disconnect();
-    QApplication::quit();
-}
-
-void GPClient::onVPNConnected()
-{
-    updateConnectionStatus(VpnStatus::connected);
-}
-
-void GPClient::onVPNDisconnected()
-{
-    updateConnectionStatus(VpnStatus::disconnected);
-
-    if (isSwitchingGateway) {
-        gatewayLogin();
-        isSwitchingGateway = false;
-    }
-}
-
-void GPClient::onVPNError(QString errorMessage)
-{
-    updateConnectionStatus(VpnStatus::disconnected);
-    openMessageBox("Failed to connect", errorMessage);
-}
-
-void GPClient::onVPNLogAvailable(QString log)
-{
-    PLOGI << log;
-}

GPClient/gpclient.h

@@ -1,105 +0,0 @@
-#ifndef GPCLIENT_H
-#define GPCLIENT_H
-
-#include <QtWidgets/QMainWindow>
-#include <QtWidgets/QSystemTrayIcon>
-#include <QtWidgets/QMenu>
-#include <QtWidgets/QPushButton>
-
-#include "portalconfigresponse.h"
-#include "settingsdialog.h"
-#include "vpn.h"
-
-QT_BEGIN_NAMESPACE
-namespace Ui { class GPClient; }
-QT_END_NAMESPACE
-
-class GPClient : public QMainWindow
-{
-    Q_OBJECT
-
-public:
-    GPClient(QWidget *parent, IVpn *vpn);
-    ~GPClient();
-
-    void activate();
-    void quit();
-
-    QString portal() const;
-    void portal(QString);
-
-    GPGateway currentGateway() const;
-    void setCurrentGateway(const GPGateway gateway);
-
-    void doConnect();
-
-private slots:
-    void onSettingsButtonClicked();
-    void onSettingsAccepted();
-
-    void on_connectButton_clicked();
-    void on_portalInput_returnPressed();
-    void on_portalInput_editingFinished();
-
-    void onSystemTrayActivated(QSystemTrayIcon::ActivationReason reason);
-    void onGatewayChanged(QAction *action);
-
-    void onPortalSuccess(const PortalConfigResponse portalConfig, const QString region);
-    void onPortalPreloginFail(const QString msg);
-    void onPortalConfigFail(const QString msg);
-    void onPortalFail(const QString &msg);
-
-    void onGatewaySuccess(const QString &authCookie);
-    void onGatewayFail(const QString &msg);
-
-    void onVPNConnected();
-    void onVPNDisconnected();
-    void onVPNError(QString errorMessage);
-    void onVPNLogAvailable(QString log);
-
-private:
-    enum class VpnStatus
-    {
-        disconnected,
-        pending,
-        connected
-    };
-
-    Ui::GPClient *ui;
-    IVpn *vpn;
-
-    QSystemTrayIcon *systemTrayIcon;
-    QMenu *contextMenu;
-    QAction *openAction;
-    QAction *connectAction;
-
-    QMenu *gatewaySwitchMenu;
-    QAction *clearAction;
-    QAction *quitAction;
-
-    SettingsDialog *settingsDialog;
-    QPushButton *settingsButton;
-
-    bool isQuickConnect { false };
-    bool isSwitchingGateway { false };
-    PortalConfigResponse portalConfig;
-
-    void setupSettings();
-
-    void initSystemTrayIcon();
-    void initVpnStatus();
-    void populateGatewayMenu();
-    void updateConnectionStatus(const VpnStatus &status);
-
-    void portalLogin();
-    void tryGatewayLogin();
-    void gatewayLogin();
-
-    bool connected() const;
-
-    QList<GPGateway> allGateways() const;
-    void setAllGateways(QList<GPGateway> gateways);
-
-    void clearSettings();
-};
-#endif // GPCLIENT_H

GPClient/gpclient.ui

@@ -1,143 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<ui version="4.0">
- <class>GPClient</class>
- <widget class="QMainWindow" name="GPClient">
-  <property name="geometry">
-   <rect>
-    <x>0</x>
-    <y>0</y>
-    <width>260</width>
-    <height>362</height>
-   </rect>
-  </property>
-  <property name="windowTitle">
-   <string>GlobalProtect OpenConnect</string>
-  </property>
-  <property name="windowIcon">
-   <iconset resource="resources.qrc">
-    <normaloff>:/images/logo.svg</normaloff>:/images/logo.svg</iconset>
-  </property>
-  <property name="styleSheet">
-   <string notr="true"/>
-  </property>
-  <property name="iconSize">
-   <size>
-    <width>22</width>
-    <height>22</height>
-   </size>
-  </property>
-  <widget class="QWidget" name="centralwidget">
-   <property name="sizePolicy">
-    <sizepolicy hsizetype="Preferred" vsizetype="Preferred">
-     <horstretch>0</horstretch>
-     <verstretch>0</verstretch>
-    </sizepolicy>
-   </property>
-   <property name="layoutDirection">
-    <enum>Qt::LeftToRight</enum>
-   </property>
-   <layout class="QVBoxLayout" name="verticalLayout_3" stretch="1,0,0">
-    <property name="leftMargin">
-     <number>15</number>
-    </property>
-    <property name="topMargin">
-     <number>15</number>
-    </property>
-    <property name="rightMargin">
-     <number>15</number>
-    </property>
-    <property name="bottomMargin">
-     <number>15</number>
-    </property>
-    <item>
-     <layout class="QVBoxLayout" name="verticalLayout" stretch="1,0">
-      <property name="bottomMargin">
-       <number>15</number>
-      </property>
-      <item>
-       <widget class="QLabel" name="statusImage">
-        <property name="styleSheet">
-         <string notr="true">#statusImage {
-	image: url(:/images/not_connected.png);
-	padding: 15
-}</string>
-        </property>
-        <property name="text">
-         <string/>
-        </property>
-       </widget>
-      </item>
-      <item>
-       <widget class="QLabel" name="statusLabel">
-        <property name="font">
-         <font>
-          <pointsize>14</pointsize>
-          <weight>50</weight>
-          <bold>false</bold>
-          <underline>false</underline>
-         </font>
-        </property>
-        <property name="text">
-         <string>Not Connected</string>
-        </property>
-        <property name="alignment">
-         <set>Qt::AlignCenter</set>
-        </property>
-       </widget>
-      </item>
-     </layout>
-    </item>
-    <item>
-     <layout class="QVBoxLayout" name="verticalLayout_2">
-      <property name="bottomMargin">
-       <number>0</number>
-      </property>
-      <item>
-       <widget class="QLineEdit" name="portalInput">
-        <property name="text">
-         <string/>
-        </property>
-        <property name="placeholderText">
-         <string>Please enter your portal address</string>
-        </property>
-       </widget>
-      </item>
-      <item>
-       <widget class="QPushButton" name="connectButton">
-        <property name="sizePolicy">
-         <sizepolicy hsizetype="Expanding" vsizetype="Fixed">
-          <horstretch>0</horstretch>
-          <verstretch>0</verstretch>
-         </sizepolicy>
-        </property>
-        <property name="text">
-         <string>Connect</string>
-        </property>
-        <property name="autoDefault">
-         <bool>true</bool>
-        </property>
-        <property name="default">
-         <bool>false</bool>
-        </property>
-       </widget>
-      </item>
-     </layout>
-    </item>
-    <item>
-     <widget class="QLabel" name="label">
-      <property name="text">
-       <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p align=&quot;center&quot;&gt;&lt;a href=&quot;https://bit.ly/3g5DHqy&quot;&gt;&lt;span style=&quot; text-decoration: underline; color:#4c6b8a;&quot;&gt;Report a bug&lt;/span&gt;&lt;/a&gt; / &lt;a href=&quot;https://bit.ly/3jQYfEi&quot;&gt;&lt;span style=&quot; text-decoration: underline; color:#4c6b8a;&quot;&gt;Buy me a coffee&lt;/span&gt;&lt;/a&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
-      </property>
-      <property name="openExternalLinks">
-       <bool>true</bool>
-      </property>
-     </widget>
-    </item>
-   </layout>
-  </widget>
- </widget>
- <resources>
-  <include location="resources.qrc"/>
- </resources>
- <connections/>
-</ui>

GPClient/gpgateway.cpp

@@ -1,97 +0,0 @@
-#include <QtCore/QJsonObject>
-#include <QtCore/QJsonDocument>
-#include <QtCore/QJsonArray>
-
-#include "gpgateway.h"
-
-GPGateway::GPGateway()
-{
-}
-
-QString GPGateway::name() const
-{
-    return _name;
-}
-
-QString GPGateway::address() const
-{
-    return _address;
-}
-
-void GPGateway::setName(const QString &name)
-{
-    _name = name;
-}
-
-void GPGateway::setAddress(const QString &address)
-{
-    _address = address;
-}
-
-void GPGateway::setPriorityRules(const QMap<QString, int> &priorityRules)
-{
-    _priorityRules = priorityRules;
-}
-
-int GPGateway::priorityOf(QString ruleName) const
-{
-    if (_priorityRules.contains(ruleName)) {
-        return _priorityRules.value(ruleName);
-    }
-    return 0;
-}
-
-QJsonObject GPGateway::toJsonObject() const
-{
-    QJsonObject obj;
-    obj.insert("name", name());
-    obj.insert("address", address());
-
-    return obj;
-}
-
-QString GPGateway::toString() const
-{
-    QJsonDocument jsonDoc{ toJsonObject() };
-    return QString::fromUtf8(jsonDoc.toJson());
-}
-
-QString GPGateway::serialize(QList<GPGateway> &gateways)
-{
-    QJsonArray arr;
-
-    for (auto g : gateways) {
-        arr.append(g.toJsonObject());
-    }
-
-    QJsonDocument jsonDoc{ arr };
-    return QString::fromUtf8(jsonDoc.toJson());
-}
-
-QList<GPGateway> GPGateway::fromJson(const QString &jsonString)
-{
-    QList<GPGateway> gateways;
-
-    if (jsonString.isEmpty()) {
-        return gateways;
-    }
-
-    QJsonDocument jsonDoc = QJsonDocument::fromJson(jsonString.toUtf8());
-
-    for (auto item : jsonDoc.array()) {
-        GPGateway g = GPGateway::fromJsonObject(item.toObject());
-        gateways.append(g);
-    }
-
-    return gateways;
-}
-
-GPGateway GPGateway::fromJsonObject(const QJsonObject &jsonObj)
-{
-    GPGateway g;
-
-    g.setName(jsonObj.value("name").toString());
-    g.setAddress(jsonObj.value("address").toString());
-
-    return g;
-}

GPClient/gpgateway.h

@@ -1,33 +0,0 @@
-#ifndef GPGATEWAY_H
-#define GPGATEWAY_H
-
-#include <QtCore/QString>
-#include <QtCore/QMap>
-#include <QtCore/QJsonObject>
-
-class GPGateway
-{
-public:
-    GPGateway();
-
-    QString name() const;
-    QString address() const;
-
-    void setName(const QString &name);
-    void setAddress(const QString &address);
-    void setPriorityRules(const QMap<QString, int> &priorityRules);
-    int priorityOf(QString ruleName) const;
-    QJsonObject toJsonObject() const;
-    QString toString() const;
-
-    static QString serialize(QList<GPGateway> &gateways);
-    static QList<GPGateway> fromJson(const QString &jsonString);
-    static GPGateway fromJsonObject(const QJsonObject &jsonObj);
-
-private:
-    QString _name;
-    QString _address;
-    QMap<QString, int> _priorityRules;
-};
-
-#endif // GPGATEWAY_H

GPClient/gphelper.cpp

@@ -1,130 +0,0 @@
-#include <QtCore/QXmlStreamReader>
-#include <QtWidgets/QMessageBox>
-#include <QtWidgets/QDesktopWidget>
-#include <QtWidgets/QApplication>
-#include <QtWidgets/QWidget>
-#include <QtNetwork/QNetworkRequest>
-#include <QtNetwork/QSslConfiguration>
-#include <QtNetwork/QSslSocket>
-#include <plog/Log.h>
-
-#include "gphelper.h"
-
-QNetworkAccessManager* gpclient::helper::networkManager = new QNetworkAccessManager;
-
-QNetworkReply* gpclient::helper::createRequest(QString url, QByteArray params)
-{
-    QNetworkRequest request(url);
-
-    // Skip the ssl verifying
-    QSslConfiguration conf = request.sslConfiguration();
-    conf.setPeerVerifyMode(QSslSocket::VerifyNone);
-    conf.setSslOption(QSsl::SslOptionDisableLegacyRenegotiation, false);
-    request.setSslConfiguration(conf);
-
-    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
-    request.setHeader(QNetworkRequest::UserAgentHeader, UA);
-
-    if (params == nullptr) {
-        return networkManager->post(request, QByteArray(nullptr));
-    }
-    return networkManager->post(request, params);
-}
-
-GPGateway gpclient::helper::filterPreferredGateway(QList<GPGateway> gateways, const QString ruleName)
-{
-    PLOGI << gateways.size() << " gateway(s) avaiable, filter the gateways with rule: " << ruleName;
-
-    GPGateway gateway = gateways.first();
-
-    for (GPGateway g : gateways) {
-        if (g.priorityOf(ruleName) > gateway.priorityOf(ruleName)) {
-            PLOGI << "Find a preferred gateway: " << g.name();
-            gateway = g;
-        }
-    }
-
-    return gateway;
-}
-
-QUrlQuery gpclient::helper::parseGatewayResponse(const QByteArray &xml)
-{
-    PLOGI << "Start parsing the gateway response...";
-    PLOGI << "The gateway response is: " << xml;
-
-    QXmlStreamReader xmlReader{xml};
-    QList<QString> args;
-
-    while (!xmlReader.atEnd()) {
-        xmlReader.readNextStartElement();
-        if (xmlReader.name() == "argument") {
-            args.append(QUrl::toPercentEncoding(xmlReader.readElementText()));
-        }
-    }
-
-    QUrlQuery params{};
-    params.addQueryItem("authcookie", args.at(1));
-    params.addQueryItem("portal", args.at(3));
-    params.addQueryItem("user", args.at(4));
-    params.addQueryItem("domain", args.at(7));
-    params.addQueryItem("preferred-ip", args.at(15));
-    params.addQueryItem("computer", QUrl::toPercentEncoding(QSysInfo::machineHostName()));
-
-    return params;
-}
-
-void gpclient::helper::openMessageBox(const QString &message, const QString& informativeText)
-{
-    QMessageBox msgBox;
-    msgBox.setWindowTitle("Notice");
-    msgBox.setText(message);
-    msgBox.setFixedWidth(500);
-    msgBox.setStyleSheet("QLabel{min-width: 250px}");
-    msgBox.setInformativeText(informativeText);
-    msgBox.exec();
-}
-
-void gpclient::helper::moveCenter(QWidget *widget)
-{
-    QDesktopWidget *desktop = QApplication::desktop();
-
-    int screenWidth, width;
-    int screenHeight, height;
-    int x, y;
-    QSize windowSize;
-
-    screenWidth = desktop->width();
-    screenHeight = desktop->height();
-
-    windowSize = widget->size();
-    width = windowSize.width();
-    height = windowSize.height();
-
-    x = (screenWidth - width) / 2;
-    y = (screenHeight - height) / 2;
-    y -= 50;
-    widget->move(x, y);
-}
-
-QSettings *gpclient::helper::settings::_settings = new QSettings("com.yuezk.qt", "GPClient");
-
-QVariant gpclient::helper::settings::get(const QString &key, const QVariant &defaultValue)
-{
-    return _settings->value(key, defaultValue);
-}
-
-void gpclient::helper::settings::save(const QString &key, const QVariant &value)
-{
-    _settings->setValue(key, value);
-}
-
-
-void gpclient::helper::settings::clear()
-{
-    QStringList keys = _settings->allKeys();
-    for (const auto &key : qAsConst(keys)) {
-        if (!reservedKeys.contains(key)) {
-            _settings->remove(key);
-        }
-    }
-}

GPClient/gphelper.h

@@ -1,43 +0,0 @@
-#ifndef GPHELPER_H
-#define GPHELPER_H
-
-#include <QtCore/QObject>
-#include <QtCore/QUrlQuery>
-#include <QtCore/QSettings>
-#include <QtNetwork/QNetworkAccessManager>
-#include <QtNetwork/QNetworkRequest>
-#include <QtNetwork/QNetworkReply>
-
-#include "samlloginwindow.h"
-#include "gpgateway.h"
-
-
-const QString UA = "PAN GlobalProtect";
-
-namespace gpclient {
-    namespace helper {
-        extern QNetworkAccessManager *networkManager;
-
-        QNetworkReply* createRequest(QString url, QByteArray params = nullptr);
-
-        GPGateway filterPreferredGateway(QList<GPGateway> gateways, const QString ruleName);
-
-        QUrlQuery parseGatewayResponse(const QByteArray& xml);
-
-        void openMessageBox(const QString& message, const QString& informativeText = "");
-
-        void moveCenter(QWidget *widget);
-
-        namespace settings {
-
-            extern QSettings *_settings;
-            static const QStringList reservedKeys {"extraArgs", "clientos"};
-
-            QVariant get(const QString &key, const QVariant &defaultValue = QVariant());
-            void save(const QString &key, const QVariant &value);
-            void clear();
-        }
-    }
-}
-
-#endif // GPHELPER_H

GPClient/loginparams.cpp

@@ -1,80 +0,0 @@
-#include <QtCore/QUrlQuery>
-
-#include "loginparams.h"
-
-LoginParams::LoginParams(const QString clientos)
-{
-    params.addQueryItem("prot", QUrl::toPercentEncoding("https:"));
-    params.addQueryItem("server", "");
-    params.addQueryItem("inputStr", "");
-    params.addQueryItem("jnlpReady", "jnlpReady");
-    params.addQueryItem("user", "");
-    params.addQueryItem("passwd", "");
-    params.addQueryItem("computer", QUrl::toPercentEncoding(QSysInfo::machineHostName()));
-    params.addQueryItem("ok", "Login");
-    params.addQueryItem("direct", "yes");
-    params.addQueryItem("clientVer", "4100");
-    params.addQueryItem("os-version", QUrl::toPercentEncoding(QSysInfo::prettyProductName()));
-
-    // add the clientos parameter if not empty
-    if (!clientos.isEmpty()) {
-        params.addQueryItem("clientos", clientos);
-    }
-
-    params.addQueryItem("portal-userauthcookie", "");
-    params.addQueryItem("portal-prelogonuserauthcookie", "");
-    params.addQueryItem("prelogin-cookie", "");
-    params.addQueryItem("ipv6-support", "yes");
-}
-
-LoginParams::~LoginParams()
-{
-}
-
-void LoginParams::setUser(const QString user)
-{
-    updateQueryItem("user", user);
-}
-
-void LoginParams::setServer(const QString server)
-{
-    updateQueryItem("server", server);
-}
-
-void LoginParams::setPassword(const QString password)
-{
-    updateQueryItem("passwd", password);
-}
-
-void LoginParams::setUserAuthCookie(const QString cookie)
-{
-    updateQueryItem("portal-userauthcookie", cookie);
-}
-
-void LoginParams::setPrelogonAuthCookie(const QString cookie)
-{
-    updateQueryItem("portal-prelogonuserauthcookie", cookie);
-}
-
-void LoginParams::setPreloginCookie(const QString cookie)
-{
-    updateQueryItem("prelogin-cookie", cookie);
-}
-
-void LoginParams::setInputStr(const QString inputStr)
-{
-    updateQueryItem("inputStr", inputStr);
-}
-
-QByteArray LoginParams::toUtf8() const
-{
-    return params.toString().toUtf8();
-}
-
-void LoginParams::updateQueryItem(const QString key, const QString value)
-{
-    if (params.hasQueryItem(key)) {
-        params.removeQueryItem(key);
-    }
-    params.addQueryItem(key, QUrl::toPercentEncoding(value));
-}

GPClient/loginparams.h

@@ -1,28 +0,0 @@
-#ifndef LOGINPARAMS_H
-#define LOGINPARAMS_H
-
-#include <QtCore/QUrlQuery>
-
-class LoginParams
-{
-public:
-    LoginParams(const QString clientos);
-    ~LoginParams();
-
-    void setUser(const QString user);
-    void setServer(const QString server);
-    void setPassword(const QString password);
-    void setUserAuthCookie(const QString cookie);
-    void setPrelogonAuthCookie(const QString cookie);
-    void setPreloginCookie(const QString cookie);
-    void setInputStr(const QString inputStr);
-
-    QByteArray toUtf8() const;
-
-private:
-    QUrlQuery params;
-
-    void updateQueryItem(const QString key, const QString value);
-};
-
-#endif // LOGINPARAMS_H

GPClient/main.cpp

@@ -1,80 +0,0 @@
-#include <QtCore/QObject>
-#include <QtCore/QString>
-#include <QtCore/QDir>
-#include <QtCore/QStandardPaths>
-#include <plog/Log.h>
-#include <plog/Init.h>
-#include <plog/Appenders/ColorConsoleAppender.h>
-#include <plog/Formatters/TxtFormatter.h>
-
-#include "singleapplication.h"
-#include "gpclient.h"
-#include "vpn_dbus.h"
-#include "vpn_json.h"
-#include "enhancedwebview.h"
-#include "sigwatch.h"
-#include "version.h"
-
-int main(int argc, char *argv[])
-{
-    plog::ColorConsoleAppender<plog::TxtFormatter> consoleAppender(plog::streamStdErr);
-    plog::init(plog::debug, &consoleAppender);
-
-    PLOGI << "GlobalProtect started, version: " << VERSION;
-
-    QString port = QString::fromLocal8Bit(qgetenv(ENV_CDP_PORT));
-
-    if (port == "") {
-        qputenv(ENV_CDP_PORT, "12315");
-    }
-
-    SingleApplication app(argc, argv);
-    app.setQuitOnLastWindowClosed(false);
-
-    QCommandLineParser parser;
-    parser.addHelpOption();
-    parser.addVersionOption();
-    parser.addPositionalArgument("server", "The URL of the VPN server. Optional.");
-    parser.addPositionalArgument("gateway", "The URL of the specific VPN gateway. Optional.");
-    parser.addOptions({
-      {"json", "Write the result of the handshake with the GlobalConnect server to stdout as JSON and terminate. Useful for scripting."},
-      {"now", "Do not show the dialog with the connect button; connect immediately instead."},
-    });
-    parser.process(app);
-
-    const QStringList positional = parser.positionalArguments();
-
-    IVpn *vpn = parser.isSet("json") // yes it leaks, but this is cleared on exit anyway
-      ? static_cast<IVpn*>(new VpnJson(nullptr)) // Print to stdout and exit
-      : static_cast<IVpn*>(new VpnDbus(nullptr)); // Contact GPService daemon via dbus
-    GPClient w(nullptr, vpn);
-    w.show();
-
-    if (positional.size() > 0) {
-      w.portal(positional.at(0));
-    }
-    if (positional.size() > 1) {
-      GPGateway gw;
-      gw.setName(positional.at(1));
-      gw.setAddress(positional.at(1));
-      w.setCurrentGateway(gw);
-    }
-
-    QObject::connect(&app, &SingleApplication::instanceStarted, &w, &GPClient::activate);
-
-    UnixSignalWatcher sigwatch;
-    sigwatch.watchForSignal(SIGINT);
-    sigwatch.watchForSignal(SIGTERM);
-    sigwatch.watchForSignal(SIGQUIT);
-    sigwatch.watchForSignal(SIGHUP);
-    QObject::connect(&sigwatch, &UnixSignalWatcher::unixSignal, &w, &GPClient::quit);
-
-    if (parser.isSet("now")) {
-      w.doConnect();
-    }
-    if (parser.isSet("json")) {
-      QObject::connect(static_cast<VpnJson*>(vpn), &VpnJson::connected, &w, &GPClient::quit);
-    }
-
-    return app.exec();
-}

GPClient/normalloginwindow.cpp

@@ -1,64 +0,0 @@
-#include <QtGui/QCloseEvent>
-
-#include "normalloginwindow.h"
-#include "ui_normalloginwindow.h"
-
-NormalLoginWindow::NormalLoginWindow(QWidget *parent) :
-    QDialog(parent),
-    ui(new Ui::NormalLoginWindow)
-{
-    ui->setupUi(this);
-    setWindowTitle("GlobalProtect Login");
-    setFixedSize(width(), height());
-    setModal(true);
-}
-
-NormalLoginWindow::~NormalLoginWindow()
-{
-    delete ui;
-}
-
-void NormalLoginWindow::setAuthMessage(QString message)
-{
-    ui->authMessage->setText(message);
-}
-
-void NormalLoginWindow::setUsernameLabel(QString label)
-{
-    ui->username->setPlaceholderText(label);
-}
-
-void NormalLoginWindow::setPasswordLabel(QString label)
-{
-    ui->password->setPlaceholderText(label);
-}
-
-void NormalLoginWindow::setPortalAddress(QString portal)
-{
-    ui->portalAddress->setText(portal);
-}
-
-void NormalLoginWindow::setProcessing(bool isProcessing)
-{
-    ui->username->setReadOnly(isProcessing);
-    ui->password->setReadOnly(isProcessing);
-    ui->loginButton->setDisabled(isProcessing);
-}
-
-void NormalLoginWindow::on_loginButton_clicked()
-{
-    const QString username = ui->username->text().trimmed();
-    const QString password = ui->password->text().trimmed();
-
-    if (username.isEmpty() || password.isEmpty()) {
-        return;
-    }
-
-    emit performLogin(username, password);
-}
-
-void NormalLoginWindow::closeEvent(QCloseEvent *event)
-{
-    event->accept();
-    reject();
-}

GPClient/normalloginwindow.h

@@ -1,37 +0,0 @@
-#ifndef PORTALAUTHWINDOW_H
-#define PORTALAUTHWINDOW_H
-
-#include <QtWidgets/QDialog>
-
-namespace Ui {
-class NormalLoginWindow;
-}
-
-class NormalLoginWindow : public QDialog
-{
-    Q_OBJECT
-
-public:
-    explicit NormalLoginWindow(QWidget *parent = nullptr);
-    ~NormalLoginWindow();
-
-    void setAuthMessage(QString);
-    void setUsernameLabel(QString);
-    void setPasswordLabel(QString);
-    void setPortalAddress(QString);
-
-    void setProcessing(bool isProcessing);
-
-private slots:
-    void on_loginButton_clicked();
-
-signals:
-    void performLogin(QString username, QString password);
-
-private:
-    Ui::NormalLoginWindow *ui;
-
-    void closeEvent(QCloseEvent *event);
-};
-
-#endif // PORTALAUTHWINDOW_H

GPClient/normalloginwindow.ui

@@ -1,148 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<ui version="4.0">
- <class>NormalLoginWindow</class>
- <widget class="QDialog" name="NormalLoginWindow">
-  <property name="geometry">
-   <rect>
-    <x>0</x>
-    <y>0</y>
-    <width>255</width>
-    <height>269</height>
-   </rect>
-  </property>
-  <property name="sizePolicy">
-   <sizepolicy hsizetype="Preferred" vsizetype="Minimum">
-    <horstretch>0</horstretch>
-    <verstretch>0</verstretch>
-   </sizepolicy>
-  </property>
-  <property name="cursor">
-   <cursorShape>ArrowCursor</cursorShape>
-  </property>
-  <property name="windowTitle">
-   <string>Login</string>
-  </property>
-  <property name="modal">
-   <bool>true</bool>
-  </property>
-  <layout class="QVBoxLayout" name="verticalLayout_5">
-   <item>
-    <layout class="QVBoxLayout" name="verticalLayout_4" stretch="1,0,0">
-     <item>
-      <layout class="QVBoxLayout" name="verticalLayout">
-       <item>
-        <widget class="QLabel" name="label">
-         <property name="font">
-          <font>
-           <pointsize>20</pointsize>
-          </font>
-         </property>
-         <property name="text">
-          <string>Login</string>
-         </property>
-         <property name="alignment">
-          <set>Qt::AlignCenter</set>
-         </property>
-        </widget>
-       </item>
-       <item>
-        <widget class="QLabel" name="authMessage">
-         <property name="enabled">
-          <bool>true</bool>
-         </property>
-         <property name="sizePolicy">
-          <sizepolicy hsizetype="Preferred" vsizetype="Preferred">
-           <horstretch>0</horstretch>
-           <verstretch>2</verstretch>
-          </sizepolicy>
-         </property>
-         <property name="text">
-          <string>Please enter the login credentials</string>
-         </property>
-         <property name="alignment">
-          <set>Qt::AlignCenter</set>
-         </property>
-        </widget>
-       </item>
-      </layout>
-     </item>
-     <item>
-      <layout class="QVBoxLayout" name="verticalLayout_2">
-       <property name="spacing">
-        <number>0</number>
-       </property>
-       <property name="leftMargin">
-        <number>6</number>
-       </property>
-       <item>
-        <widget class="QLabel" name="portalLabel">
-         <property name="sizePolicy">
-          <sizepolicy hsizetype="Preferred" vsizetype="Preferred">
-           <horstretch>0</horstretch>
-           <verstretch>0</verstretch>
-          </sizepolicy>
-         </property>
-         <property name="text">
-          <string>Portal:</string>
-         </property>
-         <property name="margin">
-          <number>0</number>
-         </property>
-        </widget>
-       </item>
-       <item>
-        <widget class="QLabel" name="portalAddress">
-         <property name="sizePolicy">
-          <sizepolicy hsizetype="Preferred" vsizetype="Preferred">
-           <horstretch>0</horstretch>
-           <verstretch>0</verstretch>
-          </sizepolicy>
-         </property>
-         <property name="text">
-          <string>vpn.example.com</string>
-         </property>
-        </widget>
-       </item>
-      </layout>
-     </item>
-     <item>
-      <layout class="QVBoxLayout" name="verticalLayout_3">
-       <item>
-        <widget class="QLineEdit" name="username">
-         <property name="placeholderText">
-          <string>Username</string>
-         </property>
-        </widget>
-       </item>
-       <item>
-        <widget class="QLineEdit" name="password">
-         <property name="text">
-          <string/>
-         </property>
-         <property name="echoMode">
-          <enum>QLineEdit::Password</enum>
-         </property>
-         <property name="placeholderText">
-          <string>Password</string>
-         </property>
-         <property name="clearButtonEnabled">
-          <bool>false</bool>
-         </property>
-        </widget>
-       </item>
-       <item>
-        <widget class="QPushButton" name="loginButton">
-         <property name="text">
-          <string>Login</string>
-         </property>
-        </widget>
-       </item>
-      </layout>
-     </item>
-    </layout>
-   </item>
-  </layout>
- </widget>
- <resources/>
- <connections/>
-</ui>

GPClient/portalauthenticator.cpp

@@ -1,207 +0,0 @@
-#include <QtNetwork/QNetworkReply>
-#include <plog/Log.h>
-
-#include "portalauthenticator.h"
-#include "gphelper.h"
-#include "normalloginwindow.h"
-#include "samlloginwindow.h"
-#include "loginparams.h"
-#include "preloginresponse.h"
-#include "portalconfigresponse.h"
-#include "gpgateway.h"
-
-using namespace gpclient::helper;
-
-PortalAuthenticator::PortalAuthenticator(const QString& portal, const QString& clientos) : QObject()
-  , portal(portal)
-  , clientos(clientos)
-  , preloginUrl("https://" + portal + "/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100")
-  , configUrl("https://" + portal + "/global-protect/getconfig.esp")
-{
-    if (!clientos.isEmpty()) {
-        preloginUrl = preloginUrl + "&clientos=" + clientos;
-    }
-}
-
-PortalAuthenticator::~PortalAuthenticator()
-{
-    delete normalLoginWindow;
-}
-
-void PortalAuthenticator::authenticate()
-{
-    PLOGI << "Preform portal prelogin at " << preloginUrl;
-
-    QNetworkReply *reply = createRequest(preloginUrl);
-    connect(reply, &QNetworkReply::finished, this, &PortalAuthenticator::onPreloginFinished);
-}
-
-void PortalAuthenticator::onPreloginFinished()
-{
-    QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
-
-    if (reply->error()) {
-        PLOGE << QString("Error occurred while accessing %1, %2").arg(preloginUrl, reply->errorString());
-        emit preloginFailed("Error occurred on the portal prelogin interface.");
-        delete reply;
-        return;
-    }
-
-    PLOGI << "Portal prelogin succeeded.";
-
-    preloginResponse = PreloginResponse::parse(reply->readAll());
-
-    PLOGI << "Finished parsing the prelogin response. The region field is: " << preloginResponse.region();
-
-    if (preloginResponse.hasSamlAuthFields()) {
-        // Do SAML authentication
-        samlAuth();
-    } else if (preloginResponse.hasNormalAuthFields()) {
-        // Do normal username/password authentication
-        tryAutoLogin();
-    } else {
-        PLOGE << QString("Unknown prelogin response for %1 got %2").arg(preloginUrl).arg(QString::fromUtf8(preloginResponse.rawResponse()));
-        emit preloginFailed("Unknown response for portal prelogin interface.");
-    }
-
-    delete reply;
-}
-
-void PortalAuthenticator::tryAutoLogin()
-{
-    const QString username = settings::get("username").toString();
-    const QString password = settings::get("password").toString();
-
-    if (!username.isEmpty() && !password.isEmpty()) {
-        PLOGI << "Trying auto login using the saved credentials";
-        isAutoLogin = true;
-        fetchConfig(settings::get("username").toString(), settings::get("password").toString());
-    } else {
-        normalAuth();
-    }
-}
-
-void PortalAuthenticator::normalAuth()
-{
-    PLOGI << "Trying to launch the normal login window...";
-
-    normalLoginWindow = new NormalLoginWindow;
-    normalLoginWindow->setPortalAddress(portal);
-    normalLoginWindow->setAuthMessage(preloginResponse.authMessage());
-    normalLoginWindow->setUsernameLabel(preloginResponse.labelUsername());
-    normalLoginWindow->setPasswordLabel(preloginResponse.labelPassword());
-
-    // Do login
-    connect(normalLoginWindow, &NormalLoginWindow::performLogin, this, &PortalAuthenticator::onPerformNormalLogin);
-    connect(normalLoginWindow, &NormalLoginWindow::rejected, this, &PortalAuthenticator::onLoginWindowRejected);
-    connect(normalLoginWindow, &NormalLoginWindow::finished, this, &PortalAuthenticator::onLoginWindowFinished);
-
-    normalLoginWindow->show();
-}
-
-void PortalAuthenticator::onPerformNormalLogin(const QString &username, const QString &password)
-{
-    normalLoginWindow->setProcessing(true);
-    fetchConfig(username, password);
-}
-
-void PortalAuthenticator::onLoginWindowRejected()
-{
-    emitFail();
-}
-
-void PortalAuthenticator::onLoginWindowFinished()
-{
-    delete normalLoginWindow;
-    normalLoginWindow = nullptr;
-}
-
-void PortalAuthenticator::samlAuth()
-{
-    PLOGI << "Trying to perform SAML login with saml-method " << preloginResponse.samlMethod();
-
-    SAMLLoginWindow *loginWindow = new SAMLLoginWindow;
-
-    connect(loginWindow, &SAMLLoginWindow::success, this, &PortalAuthenticator::onSAMLLoginSuccess);
-    connect(loginWindow, &SAMLLoginWindow::fail, this, &PortalAuthenticator::onSAMLLoginFail);
-    connect(loginWindow, &SAMLLoginWindow::rejected, this, &PortalAuthenticator::onLoginWindowRejected);
-
-    loginWindow->login(preloginResponse.samlMethod(), preloginResponse.samlRequest(), preloginUrl);
-}
-
-void PortalAuthenticator::onSAMLLoginSuccess(const QMap<QString, QString> samlResult)
-{
-    if (samlResult.contains("preloginCookie")) {
-        PLOGI << "SAML login succeeded, got the prelogin-cookie " << samlResult.value("preloginCookie");
-    } else {
-        PLOGI << "SAML login succeeded, got the portal-userauthcookie " << samlResult.value("userAuthCookie");
-    }
-
-    fetchConfig(samlResult.value("username"), "", samlResult.value("preloginCookie"), samlResult.value("userAuthCookie"));
-}
-
-void PortalAuthenticator::onSAMLLoginFail(const QString msg)
-{
-    emitFail(msg);
-}
-
-void PortalAuthenticator::fetchConfig(QString username, QString password, QString preloginCookie, QString userAuthCookie)
-{
-    LoginParams loginParams { clientos };
-    loginParams.setServer(portal);
-    loginParams.setUser(username);
-    loginParams.setPassword(password);
-    loginParams.setPreloginCookie(preloginCookie);
-    loginParams.setUserAuthCookie(userAuthCookie);
-
-    // Save the username and password for future use.
-    this->username = username;
-    this->password = password;
-
-    PLOGI << "Fetching the portal config from " << configUrl << " for user: " << username;
-
-    QNetworkReply *reply = createRequest(configUrl, loginParams.toUtf8());
-    connect(reply, &QNetworkReply::finished, this, &PortalAuthenticator::onFetchConfigFinished);
-}
-
-void PortalAuthenticator::onFetchConfigFinished()
-{
-    QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
-
-    if (reply->error()) {
-        PLOGE << QString("Failed to fetch the portal config from %1, %2").arg(configUrl).arg(reply->errorString());
-
-        // Login failed, enable the fields of the normal login window
-        if (normalLoginWindow) {
-            normalLoginWindow->setProcessing(false);
-            openMessageBox("Portal login failed.", "Please check your credentials and try again.");
-        } else if (isAutoLogin) {
-            isAutoLogin = false;
-            normalAuth();
-        } else {
-            emit portalConfigFailed("Failed to fetch the portal config.");
-        }
-        return;
-    }
-
-    PLOGI << "Fetch the portal config succeeded.";
-    PortalConfigResponse response = PortalConfigResponse::parse(reply->readAll());
-
-    // Add the username & password to the response object
-    response.setUsername(username);
-    response.setPassword(password);
-
-    // Close the login window
-    if (normalLoginWindow) {
-        PLOGI << "Closing the NormalLoginWindow...";
-
-        normalLoginWindow->close();
-    }
-
-    emit success(response, preloginResponse.region());
-}
-
-void PortalAuthenticator::emitFail(const QString& msg)
-{
-    emit fail(msg);
-}

GPClient/portalauthenticator.h

@@ -1,57 +0,0 @@
-#ifndef PORTALAUTHENTICATOR_H
-#define PORTALAUTHENTICATOR_H
-
-#include <QtCore/QObject>
-
-#include "portalconfigresponse.h"
-#include "normalloginwindow.h"
-#include "samlloginwindow.h"
-#include "preloginresponse.h"
-
-
-class PortalAuthenticator : public QObject
-{
-    Q_OBJECT
-public:
-    explicit PortalAuthenticator(const QString& portal, const QString& clientos);
-    ~PortalAuthenticator();
-
-    void authenticate();
-
-signals:
-    void success(const PortalConfigResponse response, const QString region);
-    void fail(const QString& msg);
-    void preloginFailed(const QString& msg);
-    void portalConfigFailed(const QString msg);
-
-private slots:
-    void onPreloginFinished();
-    void onPerformNormalLogin(const QString &username, const QString &password);
-    void onLoginWindowRejected();
-    void onLoginWindowFinished();
-    void onSAMLLoginSuccess(const QMap<QString, QString> samlResult);
-    void onSAMLLoginFail(const QString msg);
-    void onFetchConfigFinished();
-
-private:
-    QString portal;
-    QString clientos;
-    QString preloginUrl;
-    QString configUrl;
-    QString username;
-    QString password;
-
-    PreloginResponse preloginResponse;
-
-    bool isAutoLogin { false };
-
-    NormalLoginWindow *normalLoginWindow{ nullptr };
-
-    void tryAutoLogin();
-    void normalAuth();
-    void samlAuth();
-    void fetchConfig(QString username, QString password, QString preloginCookie = "", QString userAuthCookie = "");
-    void emitFail(const QString& msg = "");
-};
-
-#endif // PORTALAUTHENTICATOR_H

GPClient/portalconfigresponse.cpp

@@ -1,178 +0,0 @@
-#include <QtCore/QXmlStreamReader>
-#include <plog/Log.h>
-
-#include "portalconfigresponse.h"
-
-QString PortalConfigResponse::xmlUserAuthCookie = "portal-userauthcookie";
-QString PortalConfigResponse::xmlPrelogonUserAuthCookie = "portal-prelogonuserauthcookie";
-QString PortalConfigResponse::xmlGateways = "gateways";
-
-PortalConfigResponse::PortalConfigResponse()
-{
-}
-
-PortalConfigResponse::~PortalConfigResponse()
-{
-}
-
-PortalConfigResponse PortalConfigResponse::parse(const QByteArray xml)
-{
-    PLOGI << "Start parsing the portal configuration...";
-
-    QXmlStreamReader xmlReader(xml);
-    PortalConfigResponse response;
-    response.setRawResponse(xml);
-
-    while (!xmlReader.atEnd()) {
-        xmlReader.readNextStartElement();
-
-        QString name = xmlReader.name().toString();
-
-        if (name == xmlUserAuthCookie) {
-            PLOGI << "Start reading " << name;
-            response.setUserAuthCookie(xmlReader.readElementText());
-        } else if (name == xmlPrelogonUserAuthCookie) {
-            PLOGI << "Start reading " << name;
-            response.setPrelogonUserAuthCookie(xmlReader.readElementText());
-        } else if (name == xmlGateways) {
-            response.setAllGateways(parseGateways(xmlReader));
-        }
-    }
-
-    PLOGI << "Finished parsing portal configuration.";
-
-    return response;
-}
-
-const QByteArray PortalConfigResponse::rawResponse() const
-{
-    return m_rawResponse;
-}
-
-const QString &PortalConfigResponse::username() const
-{
-    return m_username;
-}
-
-QString PortalConfigResponse::password() const
-{
-    return m_password;
-}
-
-QList<GPGateway> PortalConfigResponse::parseGateways(QXmlStreamReader &xmlReader)
-{
-    PLOGI << "Start parsing the gateways from portal configuration...";
-
-    QList<GPGateway> gateways;
-
-    while (xmlReader.name() != "external"){
-        xmlReader.readNext();
-    }
-
-    while (xmlReader.name() != "list"){
-        xmlReader.readNext();
-    }
-
-    while (xmlReader.name() != xmlGateways || !xmlReader.isEndElement()) {
-        xmlReader.readNext();
-        // Parse the gateways -> external -> list -> entry
-        if (xmlReader.name() == "entry" && xmlReader.isStartElement()) {
-            GPGateway g;
-            QString address = xmlReader.attributes().value("name").toString();
-            g.setAddress(address);
-            g.setPriorityRules(parsePriorityRules(xmlReader));
-            g.setName(parseGatewayName(xmlReader));
-            gateways.append(g);
-        }
-    }
-
-    PLOGI << "Finished parsing the gateways.";
-
-    return gateways;
-}
-
-QMap<QString, int> PortalConfigResponse::parsePriorityRules(QXmlStreamReader &xmlReader)
-{
-    PLOGI << "Start parsing the priority rules...";
-
-    QMap<QString, int> priorityRules;
-
-    while ((xmlReader.name() != "priority-rule" || !xmlReader.isEndElement()) && !xmlReader.hasError()) {
-        xmlReader.readNext();
-
-        if (xmlReader.name() == "entry" && xmlReader.isStartElement()) {
-            QString ruleName = xmlReader.attributes().value("name").toString();
-            // Read the priority tag
-            while (xmlReader.name() != "priority"){
-                xmlReader.readNext();
-            }
-            int ruleValue = xmlReader.readElementText().toUInt();
-            priorityRules.insert(ruleName, ruleValue);
-        }
-    }
-
-    PLOGI << "Finished parsing the priority rules.";
-
-    return priorityRules;
-}
-
-QString PortalConfigResponse::parseGatewayName(QXmlStreamReader &xmlReader)
-{
-    PLOGI << "Start parsing the gateway name...";
-
-    while (xmlReader.name() != "description" || !xmlReader.isEndElement()) {
-        xmlReader.readNext();
-        if (xmlReader.name() == "description" && xmlReader.tokenType() == xmlReader.StartElement) {
-            PLOGI << "Finished parsing the gateway name";
-            return xmlReader.readElementText();
-        }
-    }
-
-    PLOGE << "Error: <description> tag not found";
-    return "";
-}
-
-QString PortalConfigResponse::userAuthCookie() const
-{
-    return m_userAuthCookie;
-}
-
-QString PortalConfigResponse::prelogonUserAuthCookie() const
-{
-    return m_prelogonAuthCookie;
-}
-
-QList<GPGateway> PortalConfigResponse::allGateways() const
-{
-    return m_gateways;
-}
-
-void PortalConfigResponse::setAllGateways(QList<GPGateway> gateways)
-{
-    m_gateways = gateways;
-}
-
-void PortalConfigResponse::setRawResponse(const QByteArray response)
-{
-    m_rawResponse = response;
-}
-
-void PortalConfigResponse::setUsername(const QString username)
-{
-    m_username = username;
-}
-
-void PortalConfigResponse::setPassword(const QString password)
-{
-    m_password = password;
-}
-
-void PortalConfigResponse::setUserAuthCookie(const QString cookie)
-{
-    m_userAuthCookie = cookie;
-}
-
-void PortalConfigResponse::setPrelogonUserAuthCookie(const QString cookie)
-{
-    m_prelogonAuthCookie = cookie;
-}

GPClient/portalconfigresponse.h

@@ -1,51 +0,0 @@
-#ifndef PORTALCONFIGRESPONSE_H
-#define PORTALCONFIGRESPONSE_H
-
-#include <QtCore/QString>
-#include <QtCore/QList>
-#include <QtCore/QXmlStreamReader>
-
-#include "gpgateway.h"
-
-class PortalConfigResponse
-{
-public:
-    PortalConfigResponse();
-    ~PortalConfigResponse();
-
-    static PortalConfigResponse parse(const QByteArray xml);
-
-    const QByteArray rawResponse() const;
-    const QString &username() const;
-    QString password() const;
-    QString userAuthCookie() const;
-    QString prelogonUserAuthCookie() const;
-    QList<GPGateway> allGateways() const;
-    void setAllGateways(QList<GPGateway> gateways);
-
-    void setUsername(const QString username);
-    void setPassword(const QString password);
-
-private:
-    static QString xmlUserAuthCookie;
-    static QString xmlPrelogonUserAuthCookie;
-    static QString xmlGateways;
-
-    QByteArray m_rawResponse;
-    QString m_username;
-    QString m_password;
-    QString m_userAuthCookie;
-    QString m_prelogonAuthCookie;
-
-    QList<GPGateway> m_gateways;
-
-    void setRawResponse(const QByteArray response);
-    void setUserAuthCookie(const QString cookie);
-    void setPrelogonUserAuthCookie(const QString cookie);
-
-    static QList<GPGateway> parseGateways(QXmlStreamReader &xmlReader);
-    static QMap<QString, int> parsePriorityRules(QXmlStreamReader &xmlReader);
-    static QString parseGatewayName(QXmlStreamReader &xmlReader);
-};
-
-#endif // PORTALCONFIGRESPONSE_H

GPClient/preloginresponse.cpp

@@ -1,100 +0,0 @@
-#include <QtCore/QXmlStreamReader>
-#include <QtCore/QMap>
-#include <plog/Log.h>
-
-#include "preloginresponse.h"
-
-QString PreloginResponse::xmlAuthMessage = "authentication-message";
-QString PreloginResponse::xmlLabelUsername = "username-label";
-QString PreloginResponse::xmlLabelPassword = "password-label";
-QString PreloginResponse::xmlSamlMethod = "saml-auth-method";
-QString PreloginResponse::xmlSamlRequest = "saml-request";
-QString PreloginResponse::xmlRegion = "region";
-
-PreloginResponse::PreloginResponse()
-{
-    add(xmlAuthMessage, "");
-    add(xmlLabelUsername, "");
-    add(xmlLabelPassword, "");
-    add(xmlSamlMethod, "");
-    add(xmlSamlRequest, "");
-    add(xmlRegion, "");
-}
-
-PreloginResponse PreloginResponse::parse(const QByteArray& xml)
-{
-    PLOGI << "Start parsing the prelogin response...";
-
-    QXmlStreamReader xmlReader(xml);
-    PreloginResponse response;
-    response.setRawResponse(xml);
-
-    while (!xmlReader.atEnd()) {
-        xmlReader.readNextStartElement();
-        QString name = xmlReader.name().toString();
-        if (response.has(name)) {
-            response.add(name, xmlReader.readElementText());
-        }
-    }
-    return response;
-}
-
-const QByteArray& PreloginResponse::rawResponse() const
-{
-    return _rawResponse;
-}
-
-QString PreloginResponse::authMessage() const
-{
-    return resultMap.value(xmlAuthMessage);
-}
-
-QString PreloginResponse::labelUsername() const
-{
-    return resultMap.value(xmlLabelUsername);
-}
-
-QString PreloginResponse::labelPassword() const
-{
-    return resultMap.value(xmlLabelPassword);
-}
-
-QString PreloginResponse::samlMethod() const
-{
-    return resultMap.value(xmlSamlMethod);
-}
-
-QString PreloginResponse::samlRequest() const
-{
-    return QByteArray::fromBase64(resultMap.value(xmlSamlRequest).toUtf8());
-}
-
-QString PreloginResponse::region() const
-{
-    return resultMap.value(xmlRegion);
-}
-
-bool PreloginResponse::hasSamlAuthFields() const
-{
-    return !samlMethod().isEmpty() && !samlRequest().isEmpty();
-}
-
-bool PreloginResponse::hasNormalAuthFields() const
-{
-    return !labelUsername().isEmpty() && !labelPassword().isEmpty();
-}
-
-void PreloginResponse::setRawResponse(const QByteArray response)
-{
-    _rawResponse = response;
-}
-
-bool PreloginResponse::has(const QString name) const
-{
-    return resultMap.contains(name);
-}
-
-void PreloginResponse::add(const QString name, const QString value)
-{
-    resultMap.insert(name, value);
-}

GPClient/preloginresponse.h

@@ -1,41 +0,0 @@
-#ifndef PRELOGINRESPONSE_H
-#define PRELOGINRESPONSE_H
-
-#include <QtCore/QString>
-#include <QtCore/QMap>
-
-class PreloginResponse
-{
-public:
-    PreloginResponse();
-
-    static PreloginResponse parse(const QByteArray& xml);
-
-    const QByteArray& rawResponse() const;
-    QString authMessage() const;
-    QString labelUsername() const;
-    QString labelPassword() const;
-    QString samlMethod() const;
-    QString samlRequest() const;
-    QString region() const;
-
-    bool hasSamlAuthFields() const;
-    bool hasNormalAuthFields() const;
-
-private:
-    static QString xmlAuthMessage;
-    static QString xmlLabelUsername;
-    static QString xmlLabelPassword;
-    static QString xmlSamlMethod;
-    static QString xmlSamlRequest;
-    static QString xmlRegion;
-
-    QMap<QString, QString> resultMap;
-    QByteArray _rawResponse;
-
-    void setRawResponse(const QByteArray response);
-    void add(const QString name, const QString value);
-    bool has(const QString name) const;
-};
-
-#endif // PRELOGINRESPONSE_H

GPClient/resources.qrc

@@ -1,11 +0,0 @@
-<RCC>
-    <qresource prefix="/images">
-        <file alias="logo.svg">com.yuezk.qt.gpclient.svg</file>
-        <file>connected.png</file>
-        <file>pending.png</file>
-        <file>not_connected.png</file>
-        <file>radio_unselected.png</file>
-        <file>radio_selected.png</file>
-        <file>settings_icon.png</file>
-    </qresource>
-</RCC>

GPClient/samlloginwindow.cpp

@@ -1,99 +0,0 @@
-#include <QtWidgets/QVBoxLayout>
-#include <QtWebEngineWidgets/QWebEngineProfile>
-#include <QtWebEngineWidgets/QWebEngineView>
-#include <plog/Log.h>
-
-#include "samlloginwindow.h"
-
-SAMLLoginWindow::SAMLLoginWindow(QWidget *parent)
-    : QDialog(parent)
-    , webView(new EnhancedWebView(this))
-{
-    setWindowTitle("GlobalProtect Login");
-    setModal(true);
-    resize(700, 550);
-
-    QVBoxLayout *verticalLayout = new QVBoxLayout(this);
-    webView->setUrl(QUrl("about:blank"));
-    // webView->page()->profile()->setPersistentCookiesPolicy(QWebEngineProfile::NoPersistentCookies);
-    verticalLayout->addWidget(webView);
-
-    webView->initialize();
-    connect(webView, &EnhancedWebView::responseReceived, this, &SAMLLoginWindow::onResponseReceived);
-    connect(webView, &EnhancedWebView::loadFinished, this, &SAMLLoginWindow::onLoadFinished);
-}
-
-SAMLLoginWindow::~SAMLLoginWindow()
-{
-    delete webView;
-}
-
-void SAMLLoginWindow::closeEvent(QCloseEvent *event)
-{
-    event->accept();
-    reject();
-}
-
-void SAMLLoginWindow::login(const QString samlMethod, const QString samlRequest, const QString preloingUrl)
-{
-    if (samlMethod == "POST") {
-        webView->setHtml(samlRequest, preloingUrl);
-    } else if (samlMethod == "REDIRECT") {
-        webView->load(samlRequest);
-    } else {
-        PLOGE << "Unknown saml-auth-method expected POST or REDIRECT, got " << samlMethod;
-        emit fail("Unknown saml-auth-method, got " + samlMethod);
-    }
-}
-
-void SAMLLoginWindow::onResponseReceived(QJsonObject params)
-{
-    QString type = params.value("type").toString();
-    // Skip non-document response
-    if (type != "Document") {
-        return;
-    }
-
-    QJsonObject response = params.value("response").toObject();
-    QJsonObject headers = response.value("headers").toObject();
-
-    const QString username = headers.value("saml-username").toString();
-    const QString preloginCookie = headers.value("prelogin-cookie").toString();
-    const QString userAuthCookie = headers.value("portal-userauthcookie").toString();
-
-    LOGI << "Response received from " << response.value("url").toString();
-
-    if (!username.isEmpty()) {
-        LOGI << "Got username from SAML response headers " << username;
-        samlResult.insert("username", username);
-    }
-
-    if (!preloginCookie.isEmpty()) {
-        LOGI << "Got prelogin-cookie from SAML response headers " << preloginCookie;
-        samlResult.insert("preloginCookie", preloginCookie);
-    }
-
-    if (!userAuthCookie.isEmpty()) {
-        LOGI << "Got portal-userauthcookie from SAML response headers " << userAuthCookie;
-        samlResult.insert("userAuthCookie", userAuthCookie);
-    }
-
-    // Check the SAML result
-    if (samlResult.contains("username")
-            && (samlResult.contains("preloginCookie") || samlResult.contains("userAuthCookie"))) {
-        LOGI << "Got the SAML authentication information successfully. "
-             << "username: " << samlResult.value("username")
-             << ", preloginCookie: " << samlResult.value("preloginCookie")
-             << ", userAuthCookie: " << samlResult.value("userAuthCookie");
-
-        emit success(samlResult);
-        accept();
-    } else {
-        this->show();
-    }
-}
-
-void SAMLLoginWindow::onLoadFinished()
-{
-     LOGI << "Load finished " << this->webView->page()->url().toString();
-}

GPClient/samlloginwindow.h

@@ -1,35 +0,0 @@
-#ifndef SAMLLOGINWINDOW_H
-#define SAMLLOGINWINDOW_H
-
-#include <QtCore/QMap>
-#include <QtGui/QCloseEvent>
-#include <QtWidgets/QDialog>
-
-#include "enhancedwebview.h"
-
-class SAMLLoginWindow : public QDialog
-{
-    Q_OBJECT
-
-public:
-    explicit SAMLLoginWindow(QWidget *parent = nullptr);
-    ~SAMLLoginWindow();
-
-    void login(const QString samlMethod, const QString samlRequest, const QString preloingUrl);
-
-signals:
-    void success(QMap<QString, QString> samlResult);
-    void fail(const QString msg);
-
-private slots:
-    void onResponseReceived(QJsonObject params);
-    void onLoadFinished();
-
-private:
-    EnhancedWebView *webView;
-    QMap<QString, QString> samlResult;
-
-    void closeEvent(QCloseEvent *event);
-};
-
-#endif // SAMLLOGINWINDOW_H

GPClient/settingsdialog.cpp

@@ -1,34 +0,0 @@
-#include "settingsdialog.h"
-#include "ui_settingsdialog.h"
-
-SettingsDialog::SettingsDialog(QWidget *parent) :
-    QDialog(parent),
-    ui(new Ui::SettingsDialog)
-{
-    ui->setupUi(this);
-}
-
-SettingsDialog::~SettingsDialog()
-{
-    delete ui;
-}
-
-void SettingsDialog::setExtraArgs(QString extraArgs)
-{
-    ui->extraArgsInput->setPlainText(extraArgs);
-}
-
-QString SettingsDialog::extraArgs()
-{
-    return ui->extraArgsInput->toPlainText().trimmed();
-}
-
-void SettingsDialog::setClientos(QString clientos)
-{
-    ui->clientosInput->setText(clientos);
-}
-
-QString SettingsDialog::clientos()
-{
-    return ui->clientosInput->text();
-}

GPClient/settingsdialog.h

@@ -1,28 +0,0 @@
-#ifndef SETTINGSDIALOG_H
-#define SETTINGSDIALOG_H
-
-#include <QtWidgets/QDialog>
-
-namespace Ui {
-class SettingsDialog;
-}
-
-class SettingsDialog : public QDialog
-{
-    Q_OBJECT
-
-public:
-    explicit SettingsDialog(QWidget *parent = nullptr);
-    ~SettingsDialog();
-
-    void setExtraArgs(QString extraArgs);
-    QString extraArgs();
-
-    void setClientos(QString clientos);
-    QString clientos();
-
-private:
-    Ui::SettingsDialog *ui;
-};
-
-#endif // SETTINGSDIALOG_H

GPClient/settingsdialog.ui

@@ -1,104 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<ui version="4.0">
- <class>SettingsDialog</class>
- <widget class="QDialog" name="SettingsDialog">
-  <property name="geometry">
-   <rect>
-    <x>0</x>
-    <y>0</y>
-    <width>488</width>
-    <height>177</height>
-   </rect>
-  </property>
-  <property name="sizePolicy">
-   <sizepolicy hsizetype="Preferred" vsizetype="Preferred">
-    <horstretch>0</horstretch>
-    <verstretch>0</verstretch>
-   </sizepolicy>
-  </property>
-  <property name="windowTitle">
-   <string>Settings</string>
-  </property>
-  <property name="windowIcon">
-   <iconset resource="resources.qrc">
-    <normaloff>:/images/connected.png</normaloff>:/images/connected.png</iconset>
-  </property>
-  <layout class="QFormLayout" name="formLayout_3">
-   <item row="0" column="0">
-    <widget class="QLabel" name="label">
-     <property name="text">
-      <string>Custom Parameters:</string>
-     </property>
-    </widget>
-   </item>
-   <item row="0" column="1">
-    <widget class="QPlainTextEdit" name="extraArgsInput">
-     <property name="placeholderText">
-      <string extracomment="Tokens with spaces can be surrounded by double quotes">e.g. --name=value --script=&quot;vpn-slice xxx&quot;</string>
-     </property>
-    </widget>
-   </item>
-   <item row="1" column="0">
-    <widget class="QLabel" name="label_2">
-     <property name="text">
-      <string>Value of &quot;clientos&quot;:</string>
-     </property>
-    </widget>
-   </item>
-   <item row="1" column="1">
-    <widget class="QLineEdit" name="clientosInput">
-     <property name="placeholderText">
-      <string>e.g., Windows</string>
-     </property>
-    </widget>
-   </item>
-   <item row="2" column="1">
-    <widget class="QDialogButtonBox" name="buttonBox">
-     <property name="orientation">
-      <enum>Qt::Horizontal</enum>
-     </property>
-     <property name="standardButtons">
-      <set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
-     </property>
-    </widget>
-   </item>
-  </layout>
- </widget>
- <resources>
-  <include location="resources.qrc"/>
- </resources>
- <connections>
-  <connection>
-   <sender>buttonBox</sender>
-   <signal>accepted()</signal>
-   <receiver>SettingsDialog</receiver>
-   <slot>accept()</slot>
-   <hints>
-    <hint type="sourcelabel">
-     <x>248</x>
-     <y>254</y>
-    </hint>
-    <hint type="destinationlabel">
-     <x>157</x>
-     <y>274</y>
-    </hint>
-   </hints>
-  </connection>
-  <connection>
-   <sender>buttonBox</sender>
-   <signal>rejected()</signal>
-   <receiver>SettingsDialog</receiver>
-   <slot>reject()</slot>
-   <hints>
-    <hint type="sourcelabel">
-     <x>316</x>
-     <y>260</y>
-    </hint>
-    <hint type="destinationlabel">
-     <x>286</x>
-     <y>274</y>
-    </hint>
-   </hints>
-  </connection>
- </connections>
-</ui>

GPClient/vpn.h

@@ -1,24 +0,0 @@
-#ifndef VPN_H
-#define VPN_H
-#include <QtCore/QObject>
-#include <QtCore/QString>
-
-class IVpn
-{
-public:
-    virtual ~IVpn() = default;
-
-    virtual void connect(const QString &preferredServer, const QList<QString> &servers, const QString &username, const QString &passwd, const QString &extraArgs) = 0;
-    virtual void disconnect() = 0;
-    virtual int status() = 0;
-
-// signals: // SIGNALS
-//     virtual void connected();
-//     virtual void disconnected();
-//     virtual void error(const QString &errorMessage);
-//     virtual void logAvailable(const QString &log);
-};
-
-Q_DECLARE_INTERFACE(IVpn, "IVpn") // define this out of namespace scope
-
-#endif

GPClient/vpn_dbus.cpp

@@ -1,13 +0,0 @@
-#include "vpn_dbus.h"
-
-void VpnDbus::connect(const QString &preferredServer, const QList<QString> &servers, const QString &username, const QString &passwd, const QString &extraArgs) {
-    inner->connect(preferredServer, username, passwd, extraArgs);
-}
-
-void VpnDbus::disconnect() {
-    inner->disconnect();
-}
-
-int VpnDbus::status() {
-    return inner->status();
-}

GPClient/vpn_dbus.h

@@ -1,33 +0,0 @@
-#ifndef VPN_DBUS_H
-#define VPN_DBUS_H
-#include "vpn.h"
-#include "gpserviceinterface.h"
-
-class VpnDbus : public QObject, public IVpn
-{
-  Q_OBJECT
-  Q_INTERFACES(IVpn)
-
-private:
-  com::yuezk::qt::GPService *inner;
-
-public:
-  VpnDbus(QObject *parent) : QObject(parent) {
-    inner = new com::yuezk::qt::GPService("com.yuezk.qt.GPService", "/", QDBusConnection::systemBus(), this);
-    QObject::connect(inner, &com::yuezk::qt::GPService::connected, this, &VpnDbus::connected);
-    QObject::connect(inner, &com::yuezk::qt::GPService::disconnected, this, &VpnDbus::disconnected);
-    QObject::connect(inner, &com::yuezk::qt::GPService::error, this, &VpnDbus::error);
-    QObject::connect(inner, &com::yuezk::qt::GPService::logAvailable, this, &VpnDbus::logAvailable);
-  }
-
-  void connect(const QString &preferredServer, const QList<QString> &servers, const QString &username, const QString &passwd, const QString &extraArgs);
-  void disconnect();
-  int status();
-
-signals: // SIGNALS
-  void connected();
-  void disconnected();
-  void error(QString errorMessage);
-  void logAvailable(QString log);
-};
-#endif

GPClient/vpn_json.cpp

@@ -1,24 +0,0 @@
-#include "vpn_json.h"
-#include <QTextStream> 
-#include <QJsonDocument>
-#include <QJsonObject>
-#include <QJsonArray>
-
-void VpnJson::connect(const QString &preferredServer, const QList<QString> &servers, const QString &username, const QString &passwd, const QString &extraArgs) {
-    QJsonArray sl;
-    for (const QString &srv : servers) {
-      sl.push_back(QJsonValue(srv));
-    }
-    QJsonObject j;
-    j["server"] = preferredServer;
-    j["availableServers"] = sl;
-    j["cookie"] = passwd;
-    QTextStream(stdout) << QJsonDocument(j).toJson(QJsonDocument::Compact) << "\n";
-    emit connected();
-}
-
-void VpnJson::disconnect() { /* nop */ }
-
-int VpnJson::status() {
-    return 4; // disconnected
-}

GPClient/vpn_json.h

@@ -1,23 +0,0 @@
-#ifndef VPN_JSON_H
-#define VPN_JSON_H
-#include "vpn.h"
-
-class VpnJson : public QObject, public IVpn
-{
-  Q_OBJECT
-  Q_INTERFACES(IVpn)
-
-public:
-  VpnJson(QObject *parent) : QObject(parent) {}
-
-  void connect(const QString &preferredServer, const QList<QString> &servers, const QString &username, const QString &passwd, const QString &extraArgs);
-  void disconnect();
-  int status();
-
-signals: // SIGNALS
-  void connected();
-  void disconnected();
-  void error(const QString &errorMessage);
-  void logAvailable(const QString &log);
-};
-#endif

GPService/CMakeLists.txt

@@ -1,74 +0,0 @@
-include("${CMAKE_SOURCE_DIR}/cmake/Add3rdParty.cmake")
-
-project(GPService)
-
-set(gpservice_GENERATED_SOURCES)
-
-configure_file(dbus/com.yuezk.qt.GPService.service.in dbus/com.yuezk.qt.GPService.service)
-configure_file(systemd/gpservice.service.in systemd/gpservice.service)
-
-# generate the dbus xml definition
-qt5_generate_dbus_interface(
-    gpservice.h
-    ${CMAKE_BINARY_DIR}/com.yuezk.qt.GPService.xml
-)
-
-# generate dbus adaptor
-qt5_add_dbus_adaptor(
-    gpservice_GENERATED_SOURCES
-    ${CMAKE_BINARY_DIR}/com.yuezk.qt.GPService.xml
-    gpservice.h
-    GPService
-)
-
-add_executable(gpservice
-    gpservice.cpp
-    main.cpp
-    ${gpservice_GENERATED_SOURCES}
-)
-
-add_3rdparty(
-    SingleApplication
-    GIT_REPOSITORY https://github.com/itay-grudev/SingleApplication.git
-    GIT_TAG v3.3.0
-    CMAKE_ARGS
-        -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}
-        -DCMAKE_CXX_FLAGS_RELEASE=${CMAKE_CXX_FLAGS_RELEASE}
-        -DCMAKE_FIND_ROOT_PATH=${CMAKE_FIND_ROOT_PATH}
-        -DCMAKE_PREFIX_PATH=$ENV{CMAKE_PREFIX_PATH}
-        -DQAPPLICATION_CLASS=QCoreApplication
-)
-
-ExternalProject_Get_Property(SingleApplication-${PROJECT_NAME} SOURCE_DIR BINARY_DIR)
-
-set(SingleApplication_INCLUDE_DIR ${SOURCE_DIR})
-set(SingleApplication_LIBRARY ${BINARY_DIR}/libSingleApplication.a)
-
-add_dependencies(gpservice SingleApplication-${PROJECT_NAME})
-
-target_include_directories(gpservice PRIVATE
-    ${CMAKE_CURRENT_SOURCE_DIR}
-    ${CMAKE_CURRENT_BINARY_DIR}
-    ${SingleApplication_INCLUDE_DIR}
-)
-
-target_link_libraries(gpservice
-    ${SingleApplication_LIBRARY}
-    Qt5::Core
-    Qt5::Network
-    Qt5::DBus
-    QtSignals
-)
-
-target_compile_definitions(gpservice PUBLIC QAPPLICATION_CLASS=QCoreApplication)
-
-install(TARGETS gpservice DESTINATION bin)
-install(FILES "dbus/com.yuezk.qt.GPService.conf" DESTINATION share/dbus-1/system.d )
-install(FILES "${CMAKE_CURRENT_BINARY_DIR}/dbus/com.yuezk.qt.GPService.service" DESTINATION share/dbus-1/system-services)
-
-if("$ENV{DEBIAN_PACKAGE}")
-    # Install the systemd unit files to /lib/systemd/system for debian package
-    install(FILES "${CMAKE_CURRENT_BINARY_DIR}/systemd/gpservice.service" DESTINATION /lib/systemd/system)
-else()
-    install(FILES "${CMAKE_CURRENT_BINARY_DIR}/systemd/gpservice.service" DESTINATION lib/systemd/system)
-endif()

GPService/dbus/com.yuezk.qt.GPService.conf

@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE busconfig PUBLIC
-"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
-"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-        <policy user="root">
-                <allow own="com.yuezk.qt.GPService"/>
-        </policy>
-
-        <policy context="default">
-                <allow send_destination="com.yuezk.qt.GPService"
-                        send_interface="com.yuezk.qt.GPService"
-                        />
-                <allow send_destination="com.yuezk.qt.GPService"
-                        send_interface="org.freedesktop.DBus.Introspectable"
-                        />
-        </policy>
-</busconfig>

GPService/dbus/com.yuezk.qt.GPService.service.in

@@ -1,5 +0,0 @@
-[D-BUS Service]
-Name=com.yuezk.qt.GPService
-Exec=@CMAKE_INSTALL_PREFIX@/bin/gpservice
-User=root
-SystemdService=gpservice.service

GPService/gpservice.cpp

@@ -1,209 +0,0 @@
-#include <QtCore/QFileInfo>
-#include <QtCore/QDateTime>
-#include <QtCore/QVariant>
-#include <QtCore/QRegularExpression>
-#include <QtCore/QRegularExpressionMatch>
-#include <QtDBus/QtDBus>
-
-#include "gpservice.h"
-#include "gpserviceadaptor.h"
-
-GPService::GPService(QObject *parent)
-    : QObject(parent)
-    , openconnect(new QProcess)
-{
-    // Register the DBus service
-    new GPServiceAdaptor(this);
-    QDBusConnection dbus = QDBusConnection::systemBus();
-    dbus.registerObject("/", this);
-    dbus.registerService("com.yuezk.qt.GPService");
-
-    // Setup the openconnect process
-    QObject::connect(openconnect, &QProcess::started, this, &GPService::onProcessStarted);
-    QObject::connect(openconnect, &QProcess::errorOccurred, this, &GPService::onProcessError);
-    QObject::connect(openconnect, &QProcess::readyReadStandardOutput, this, &GPService::onProcessStdout);
-    QObject::connect(openconnect, &QProcess::readyReadStandardError, this, &GPService::onProcessStderr);
-    QObject::connect(openconnect, QOverload<int, QProcess::ExitStatus>::of(&QProcess::finished), this, &GPService::onProcessFinished);
-}
-
-GPService::~GPService()
-{
-    delete openconnect;
-}
-
-QString GPService::findBinary()
-{
-    for (int i = 0; i < binaryPaths->length(); i++) {
-        if (QFileInfo::exists(binaryPaths[i])) {
-            return binaryPaths[i];
-        }
-    }
-    return nullptr;
-}
-
-/* Port from https://github.com/qt/qtbase/blob/11d1dcc6e263c5059f34b44d531c9ccdf7c0b1d6/src/corelib/io/qprocess.cpp#L2115 */
-QStringList GPService::splitCommand(QString command)
-{
-    QStringList args;
-    QString tmp;
-    int quoteCount = 0;
-    bool inQuote = false;
-
-    // handle quoting. tokens can be surrounded by double quotes
-    // "hello world". three consecutive double quotes represent
-    // the quote character itself.
-    for (int i = 0; i < command.size(); ++i) {
-        if (command.at(i) == QLatin1Char('"')) {
-            ++quoteCount;
-            if (quoteCount == 3) {
-                // third consecutive quote
-                quoteCount = 0;
-                tmp += command.at(i);
-            }
-            continue;
-        }
-        if (quoteCount) {
-            if (quoteCount == 1)
-                inQuote = !inQuote;
-            quoteCount = 0;
-        }
-        if (!inQuote && command.at(i).isSpace()) {
-            if (!tmp.isEmpty()) {
-                args += tmp;
-                tmp.clear();
-            }
-        } else {
-            tmp += command.at(i);
-        }
-    }
-    if (!tmp.isEmpty())
-        args += tmp;
-
-    return args;
-}
-
-void GPService::quit()
-{
-    if (openconnect->state() == QProcess::NotRunning) {
-        exit(0);
-    } else {
-        aboutToQuit = true;
-        openconnect->terminate();
-    }
-}
-
-void GPService::connect(QString server, QString username, QString passwd, QString extraArgs)
-{
-    if (vpnStatus != GPService::VpnNotConnected) {
-        log("VPN status is: " + QVariant::fromValue(vpnStatus).toString());
-        return;
-    }
-
-    QString bin = findBinary();
-    if (bin == nullptr) {
-        log("Could not find openconnect binary, make sure openconnect is installed, exiting.");
-        emit error("The OpenConect CLI was not found, make sure it has been installed!");
-        return;
-    }
-
-    if (!isValidVersion(bin)) {
-        return;
-    }
-
-    QStringList args;
-    args << QCoreApplication::arguments().mid(1)
-         << "--protocol=gp"
-         << splitCommand(extraArgs)
-         << "-u" << username
-         << "--cookie-on-stdin"
-         << server;
-
-    log("Start process with arugments: " + args.join(" "));
-
-    openconnect->start(bin, args);
-    openconnect->write((passwd + "\n").toUtf8());
-}
-
-bool GPService::isValidVersion(QString &bin) {
-    QProcess p;
-    p.start(bin, QStringList("--version"));
-    p.waitForFinished();
-    QString output = p.readAllStandardError() + p.readAllStandardOutput();
-
-    QRegularExpression re("v(\\d+).*?(\\s|\\n)");
-    QRegularExpressionMatch match = re.match(output);
-
-    if (match.hasMatch()) {
-        log("Output of `openconnect --version`: " + output);
-
-        QString fullVersion = match.captured(0);
-        QString majorVersion = match.captured(1);
-
-        if (majorVersion.toInt() < 8) {
-            emit error("The OpenConnect version must greater than v8.0.0, got " + fullVersion);
-            return false;
-        }
-    } else {
-        log("Failed to parse the OpenConnect version from " + output);
-    }
-
-    return true;
-}
-
-void GPService::disconnect()
-{
-    if (openconnect->state() != QProcess::NotRunning) {
-        vpnStatus = GPService::VpnDisconnecting;
-        openconnect->terminate();
-    }
-}
-
-int GPService::status()
-{
-    return vpnStatus;
-}
-
-void GPService::onProcessStarted()
-{
-    log("Openconnect started successfully, PID=" + QString::number(openconnect->processId()));
-    vpnStatus = GPService::VpnConnecting;
-}
-
-void GPService::onProcessError(QProcess::ProcessError error)
-{
-    log("Error occurred: " + QVariant::fromValue(error).toString());
-    vpnStatus = GPService::VpnNotConnected;
-    emit disconnected();
-}
-
-void GPService::onProcessStdout()
-{
-    QString output = openconnect->readAllStandardOutput();
-
-    log(output);
-    if (output.indexOf("Connected as") >= 0 || output.indexOf("Configured as") >= 0) {
-        vpnStatus = GPService::VpnConnected;
-        emit connected();
-    }
-}
-
-void GPService::onProcessStderr()
-{
-    log(openconnect->readAllStandardError());
-}
-
-void GPService::onProcessFinished(int exitCode, QProcess::ExitStatus exitStatus)
-{
-    log("Openconnect process exited with code " + QString::number(exitCode) + " and exit status " + QVariant::fromValue(exitStatus).toString());
-    vpnStatus = GPService::VpnNotConnected;
-    emit disconnected();
-
-    if (aboutToQuit) {
-        exit(0);
-    };
-}
-
-void GPService::log(QString msg)
-{
-    emit logAvailable(msg);
-}

GPService/gpservice.h

@@ -1,62 +0,0 @@
-#ifndef GLOBALPROTECTSERVICE_H
-#define GLOBALPROTECTSERVICE_H
-
-#include <QtCore/QObject>
-#include <QtCore/QProcess>
-
-static const QString binaryPaths[] {
-    "/usr/local/bin/openconnect",
-    "/usr/local/sbin/openconnect",
-    "/usr/bin/openconnect",
-    "/usr/sbin/openconnect",
-    "/opt/bin/openconnect",
-    "/opt/sbin/openconnect"
-};
-
-class GPService : public QObject
-{
-    Q_OBJECT
-    Q_CLASSINFO("D-Bus Interface", "com.yuezk.qt.GPService")
-public:
-    explicit GPService(QObject *parent = nullptr);
-    ~GPService();
-
-    void quit();
-
-    enum VpnStatus {
-        VpnNotConnected,
-        VpnConnecting,
-        VpnConnected,
-        VpnDisconnecting,
-    };
-
-signals:
-    void connected();
-    void disconnected();
-    void error(QString errorMessage);
-    void logAvailable(QString log);
-
-public slots:
-    void connect(QString server, QString username, QString passwd, QString extraArgs);
-    void disconnect();
-    int status();
-
-private slots:
-    void onProcessStarted();
-    void onProcessError(QProcess::ProcessError error);
-    void onProcessStdout();
-    void onProcessStderr();
-    void onProcessFinished(int exitCode, QProcess::ExitStatus exitStatus);
-
-private:
-    QProcess *openconnect;
-    bool aboutToQuit = false;
-    int vpnStatus = GPService::VpnNotConnected;
-
-    void log(QString msg);
-    bool isValidVersion(QString &bin);
-    static QString findBinary();
-    static QStringList splitCommand(QString command);
-};
-
-#endif // GLOBALPROTECTSERVICE_H

GPService/main.cpp

@@ -1,27 +0,0 @@
-#include <QtDBus/QtDBus>
-
-#include "gpservice.h"
-#include "singleapplication.h"
-#include "sigwatch.h"
-
-int main(int argc, char *argv[])
-{
-    SingleApplication app(argc, argv);
-
-    if (!QDBusConnection::systemBus().isConnected()) {
-        qWarning("Cannot connect to the D-Bus session bus.\n"
-                 "Please check your system settings and try again.\n");
-        return 1;
-    }
-
-    GPService service;
-
-    UnixSignalWatcher sigwatch;
-    sigwatch.watchForSignal(SIGINT);
-    sigwatch.watchForSignal(SIGTERM);
-    sigwatch.watchForSignal(SIGQUIT);
-    sigwatch.watchForSignal(SIGHUP);
-    QObject::connect(&sigwatch, &UnixSignalWatcher::unixSignal, &service, &GPService::quit);
-
-    return app.exec();
-}

GPService/systemd/gpservice.service.in

@@ -1,11 +0,0 @@
-[Unit]
-Description=GlobalProtect openconnect DBus service
-
-[Service]
-Environment="LANG=en_US.utf8"
-Type=dbus
-BusName=com.yuezk.qt.GPService
-ExecStart=@CMAKE_INSTALL_PREFIX@/bin/gpservice
-
-[Install]
-WantedBy=multi-user.target

Makefile

@@ -0,0 +1,295 @@
+.SHELLFLAGS += -e
+
+OFFLINE ?= 0
+BUILD_FE ?= 1
+INCLUDE_GUI ?= 0
+CARGO ?= cargo
+RUST_VERSION = 1.80
+
+VERSION = $(shell $(CARGO) metadata --no-deps --format-version 1 | jq -r '.packages[0].version')
+REVISION ?= 1
+PPA_REVISION ?= 1
+PKG_NAME = globalprotect-openconnect
+PKG = $(PKG_NAME)-$(VERSION)
+SERIES ?= $(shell lsb_release -cs)
+PUBLISH ?= 0
+
+# Indicates whether to build the GUI components
+BUILD_GUI ?= 1
+
+export DEBEMAIL = k3vinyue@gmail.com
+export DEBFULLNAME = Kevin Yue
+export SNAPSHOT = $(shell test -f SNAPSHOT && echo "true" || echo "false")
+
+ifeq ($(SNAPSHOT), true)
+	RELEASE_TAG = snapshot
+else
+	RELEASE_TAG = v$(VERSION)
+endif
+
+CARGO_BUILD_ARGS = --release
+
+ifeq ($(OFFLINE), 1)
+	CARGO_BUILD_ARGS += --frozen
+endif
+
+default: build
+
+version:
+	@echo $(VERSION)
+
+clean-tarball:
+	rm -rf .build/tarball
+	rm -rf .vendor
+	rm -rf vendor.tar.xz
+	rm -rf .cargo
+
+# Create a tarball, include the cargo dependencies if OFFLINE is set to 1
+tarball: clean-tarball
+	if [ $(BUILD_GUI) -eq 1 ] && [ $(BUILD_FE) -eq 1 ]; then \
+		echo "Building frontend..."; \
+		cd apps/gpgui-helper && pnpm install && pnpm build; \
+	fi
+
+	# Remove node_modules to reduce the tarball size
+	rm -rf apps/gpgui-helper/node_modules
+
+	mkdir -p .cargo
+	mkdir -p .build/tarball
+
+	# If OFFLINE is set to 1, vendor all cargo dependencies
+	if [ $(OFFLINE) -eq 1 ]; then \
+		$(CARGO) vendor .vendor > .cargo/config.toml; \
+		tar -cJf vendor.tar.xz .vendor; \
+	fi
+
+	@echo "Creating tarball..."
+	tar --exclude .vendor --exclude target --transform 's,^,${PKG}/,' -czf .build/tarball/${PKG}.tar.gz * .cargo
+
+download-gui:
+	rm -rf .build/gpgui
+
+	if [ $(INCLUDE_GUI) -eq 1 ]; then \
+		echo "Downloading GlobalProtect GUI..."; \
+		mkdir -p .build/gpgui; \
+		curl -sSL https://github.com/yuezk/GlobalProtect-openconnect/releases/download/$(RELEASE_TAG)/gpgui_$(shell uname -m).bin.tar.xz \
+			-o .build/gpgui/gpgui_$(shell uname -m).bin.tar.xz; \
+		tar -xJf .build/gpgui/*.tar.xz -C .build/gpgui; \
+	else \
+		echo "Skipping GlobalProtect GUI download (INCLUDE_GUI=0)"; \
+	fi
+
+build: download-gui build-fe build-rs
+
+# Install and build the frontend
+# If OFFLINE is set to 1, skip it
+build-fe:
+	if [ $(BUILD_GUI) -eq 0 ] || [ $(OFFLINE) -eq 1 ] || [ $(BUILD_FE) -eq 0 ]; then \
+		echo "Skipping frontend build (BUILD_GUI=0 or OFFLINE=1 or BUILD_FE=0)"; \
+	else \
+		cd apps/gpgui-helper && pnpm install && pnpm build; \
+	fi
+
+	if [ $(BUILD_GUI) -eq 1 ] && [ ! -d apps/gpgui-helper/dist ]; then \
+		echo "Error: frontend build failed"; \
+		exit 1; \
+	fi
+
+build-rs:
+	if [ $(OFFLINE) -eq 1 ]; then \
+		tar -xJf vendor.tar.xz; \
+	fi
+
+	# Only build the GUI components if BUILD_GUI is set to 1
+	if [ $(BUILD_GUI) -eq 1 ]; then \
+		$(CARGO) build $(CARGO_BUILD_ARGS) -p gpclient -p gpservice -p gpauth; \
+		$(CARGO) build $(CARGO_BUILD_ARGS) -p gpgui-helper --features "tauri/custom-protocol"; \
+	else \
+		$(CARGO) build $(CARGO_BUILD_ARGS) -p gpclient -p gpservice -p gpauth --no-default-features; \
+	fi
+
+clean:
+	$(CARGO) clean
+	rm -rf .build
+	rm -rf .vendor
+	rm -rf apps/gpgui-helper/node_modules
+
+install:
+	@echo "Installing $(PKG_NAME)..."
+
+	install -Dm755 target/release/gpclient $(DESTDIR)/usr/bin/gpclient
+	install -Dm755 target/release/gpauth $(DESTDIR)/usr/bin/gpauth
+	install -Dm755 target/release/gpservice $(DESTDIR)/usr/bin/gpservice
+
+	# Install the GUI components if BUILD_GUI is set to 1
+	if [ $(BUILD_GUI) -eq 1 ]; then \
+		install -Dm755 target/release/gpgui-helper $(DESTDIR)/usr/bin/gpgui-helper; \
+	fi
+
+	if [ -f .build/gpgui/gpgui_*/gpgui ]; then \
+		install -Dm755 .build/gpgui/gpgui_*/gpgui $(DESTDIR)/usr/bin/gpgui; \
+	fi
+
+	# Install the disconnect hooks
+	install -Dm755 packaging/files/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down
+	install -Dm755 packaging/files/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook
+
+	install -Dm644 packaging/files/usr/share/applications/gpgui.desktop $(DESTDIR)/usr/share/applications/gpgui.desktop
+	install -Dm644 packaging/files/usr/share/icons/hicolor/scalable/apps/gpgui.svg $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
+	install -Dm644 packaging/files/usr/share/icons/hicolor/32x32/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
+	install -Dm644 packaging/files/usr/share/icons/hicolor/128x128/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/128x128/apps/gpgui.png
+	install -Dm644 packaging/files/usr/share/icons/hicolor/256x256@2/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
+	install -Dm644 packaging/files/usr/share/polkit-1/actions/com.yuezk.gpgui.policy $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
+
+uninstall:
+	@echo "Uninstalling $(PKG_NAME)..."
+
+	rm -f $(DESTDIR)/usr/bin/gpclient
+	rm -f $(DESTDIR)/usr/bin/gpauth
+	rm -f $(DESTDIR)/usr/bin/gpservice
+	rm -f $(DESTDIR)/usr/bin/gpgui-helper
+	rm -f $(DESTDIR)/usr/bin/gpgui
+
+	rm -f $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down
+	rm -f $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook
+
+	rm -f $(DESTDIR)/usr/share/applications/gpgui.desktop
+	rm -f $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
+	rm -f $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
+	rm -f $(DESTDIR)/usr/share/icons/hicolor/128x128/apps/gpgui.png
+	rm -f $(DESTDIR)/usr/share/icons/hicolor/256x256@2/apps/gpgui.png
+	rm -f $(DESTDIR)/usr/share/polkit-1/actions/com.yuezk.gpgui.policy
+
+clean-debian:
+	rm -rf .build/deb
+
+# Generate the debian package structure, without the changelog
+init-debian: clean-debian tarball
+	mkdir -p .build/deb
+	cp .build/tarball/${PKG}.tar.gz .build/deb
+
+	tar -xzf .build/deb/${PKG}.tar.gz -C .build/deb
+	cd .build/deb/${PKG} && debmake
+
+	cp -f packaging/deb/control.in .build/deb/$(PKG)/debian/control
+	cp -f packaging/deb/rules.in .build/deb/$(PKG)/debian/rules
+	cp -f packaging/deb/postrm .build/deb/$(PKG)/debian/postrm
+	cp -f packaging/deb/compat .build/deb/$(PKG)/debian/compat
+
+	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/deb/$(PKG)/debian/rules
+	sed -i "s/@BUILD_GUI@/$(BUILD_GUI)/g" .build/deb/$(PKG)/debian/rules
+	sed -i "s/@RUST_VERSION@/$(RUST_VERSION)/g" .build/deb/$(PKG)/debian/rules
+
+	# Remove the GUI dependencies if BUILD_GUI is set to 0
+	if [ $(BUILD_GUI) -eq 0 ]; then \
+		sed -i "/libxml2/d" .build/deb/$(PKG)/debian/control; \
+		sed -i "/libsecret-1-0/d" .build/deb/$(PKG)/debian/control; \
+		sed -i "/libayatana-appindicator3-1/d" .build/deb/$(PKG)/debian/control; \
+		sed -i "/gnome-keyring/d" .build/deb/$(PKG)/debian/control; \
+		sed -i "/libwebkit2gtk-4.1-dev/d" .build/deb/$(PKG)/debian/control; \
+	fi
+
+	rm -f .build/deb/$(PKG)/debian/changelog
+
+deb: init-debian
+	# Remove the rust build dependency from the control file
+	sed -i "s/@RUST@//g" .build/deb/$(PKG)/debian/control
+
+	cd .build/deb/$(PKG) && dch --create --distribution unstable --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION) "Bugfix and improvements."
+
+	cd .build/deb/$(PKG) && debuild --preserve-env -e PATH -us -uc -b
+
+check-ppa:
+	if [ $(OFFLINE) -eq 0 ]; then \
+		echo "Error: ppa build requires offline mode (OFFLINE=1)"; \
+	fi
+
+# Usage: make ppa SERIES=focal OFFLINE=1 PUBLISH=1
+ppa: check-ppa init-debian
+	sed -i "s/@RUST@/cargo-1.80/g" .build/deb/$(PKG)/debian/control
+
+	$(eval SERIES_VER = $(shell distro-info --series $(SERIES) -r | cut -d' ' -f1))
+	@echo "Building for $(SERIES) $(SERIES_VER)"
+
+	rm -rf .build/deb/$(PKG)/debian/changelog
+	cd .build/deb/$(PKG) && dch --create --distribution $(SERIES) --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION)ppa$(PPA_REVISION)~ubuntu$(SERIES_VER) "Bugfix and improvements."
+
+	cd .build/deb/$(PKG) && echo "y" | debuild -e PATH -S -sa -k"$(GPG_KEY_ID)" -p"gpg --batch --passphrase $(GPG_KEY_PASS) --pinentry-mode loopback"
+
+	if [ $(PUBLISH) -eq 1 ]; then \
+		cd .build/deb/$(PKG) && dput ppa:yuezk/globalprotect-openconnect ../*.changes; \
+	else \
+		echo "Skipping ppa publish (PUBLISH=0)"; \
+	fi
+
+clean-rpm:
+	rm -rf .build/rpm
+
+# Generate RPM sepc file
+init-rpm: clean-rpm
+	mkdir -p .build/rpm
+
+	cp packaging/rpm/globalprotect-openconnect.spec.in .build/rpm/globalprotect-openconnect.spec
+	cp packaging/rpm/globalprotect-openconnect.changes.in .build/rpm/globalprotect-openconnect.changes
+
+	sed -i "s/@VERSION@/$(VERSION)/g" .build/rpm/globalprotect-openconnect.spec
+	sed -i "s/@REVISION@/$(REVISION)/g" .build/rpm/globalprotect-openconnect.spec
+	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/rpm/globalprotect-openconnect.spec
+	sed -i "s/@DATE@/$(shell LC_ALL=en.US date "+%a %b %d %Y")/g" .build/rpm/globalprotect-openconnect.spec
+
+	sed -i "s/@VERSION@/$(VERSION)/g" .build/rpm/globalprotect-openconnect.changes
+	sed -i "s/@DATE@/$(shell LC_ALL=en.US date -u "+%a %b %e %T %Z %Y")/g" .build/rpm/globalprotect-openconnect.changes
+
+rpm: init-rpm tarball
+	rm -rf $(HOME)/rpmbuild
+	rpmdev-setuptree
+
+	cp .build/tarball/${PKG}.tar.gz $(HOME)/rpmbuild/SOURCES/${PKG_NAME}.tar.gz
+	rpmbuild -ba .build/rpm/globalprotect-openconnect.spec
+
+	# Copy RPM package from build directory
+	cp $(HOME)/rpmbuild/RPMS/$(shell uname -m)/$(PKG_NAME)*.rpm .build/rpm
+
+	# Copy the SRPM only for x86_64.
+	if [ "$(shell uname -m)" = "x86_64" ]; then \
+		cp $(HOME)/rpmbuild/SRPMS/$(PKG_NAME)*.rpm .build/rpm; \
+	fi
+
+clean-pkgbuild:
+	rm -rf .build/pkgbuild
+
+init-pkgbuild: clean-pkgbuild tarball
+	mkdir -p .build/pkgbuild
+
+	cp .build/tarball/${PKG}.tar.gz .build/pkgbuild
+	cp packaging/pkgbuild/PKGBUILD.in .build/pkgbuild/PKGBUILD
+
+	sed -i "s/@PKG_NAME@/$(PKG_NAME)/g" .build/pkgbuild/PKGBUILD
+	sed -i "s/@VERSION@/$(VERSION)/g" .build/pkgbuild/PKGBUILD
+	sed -i "s/@REVISION@/$(REVISION)/g" .build/pkgbuild/PKGBUILD
+	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/pkgbuild/PKGBUILD
+
+pkgbuild: init-pkgbuild
+	cd .build/pkgbuild && makepkg -s --noconfirm
+
+clean-binary:
+	rm -rf .build/binary
+
+binary: clean-binary tarball
+	mkdir -p .build/binary
+
+	cp .build/tarball/${PKG}.tar.gz .build/binary
+	tar -xzf .build/binary/${PKG}.tar.gz -C .build/binary
+
+	mkdir -p .build/binary/$(PKG_NAME)_$(VERSION)/artifacts
+
+	make -C .build/binary/${PKG} build OFFLINE=$(OFFLINE) BUILD_FE=0 INCLUDE_GUI=$(INCLUDE_GUI)
+	make -C .build/binary/${PKG} install DESTDIR=$(PWD)/.build/binary/$(PKG_NAME)_$(VERSION)/artifacts
+
+	cp packaging/binary/Makefile.in .build/binary/$(PKG_NAME)_$(VERSION)/Makefile
+
+	# Create a tarball for the binary package
+	tar -cJf .build/binary/$(PKG_NAME)_$(VERSION)_$(shell uname -m).bin.tar.xz -C .build/binary $(PKG_NAME)_$(VERSION)
+
+	# Generate sha256sum
+	cd .build/binary && sha256sum $(PKG_NAME)_$(VERSION)_$(shell uname -m).bin.tar.xz | cut -d' ' -f1 > $(PKG_NAME)_$(VERSION)_$(shell uname -m).bin.tar.xz.sha256

README.md

@@ -1,199 +1,206 @@
 # GlobalProtect-openconnect
-A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Qt5, supports SAML auth mode, inspired by [gp-saml-gui](https://github.com/dlenski/gp-saml-gui).
+
+A GUI for GlobalProtect VPN, based on OpenConnect, supports the SSO authentication method. Inspired by [gp-saml-gui](https://github.com/dlenski/gp-saml-gui).
 
 <p align="center">
-  <img src="https://user-images.githubusercontent.com/3297602/133869036-5c02b0d9-c2d9-4f87-8c81-e44f68cfd6ac.png">
+  <img width="300" src="https://github.com/yuezk/GlobalProtect-openconnect/assets/3297602/9242df9c-217d-42ab-8c21-8f9f69cd4eb5">
 </p>
 
-<a href="https://paypal.me/zongkun" target="_blank"><img src="https://cdn.jsdelivr.net/gh/everdrone/coolbadge@5ea5937cabca5ecbfc45d6b30592bd81f219bc8d/badges/Paypal/Coffee/Blue/Small.png" alt="Buy me a coffee via Paypal" style="height: 32px; width: 268px;" ></a>
-<a href="https://ko-fi.com/M4M75PYKZ" target="_blank"><img src="https://ko-fi.com/img/githubbutton_sm.svg" alt="Support me on Ko-fi" style="height: 32px; width: 238px;"></a>
-<a href="https://www.buymeacoffee.com/yuezk" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 32px; width: 114px;" ></a>
-
-
 ## Features
 
-- Similar user experience as the official client in macOS.
-- Supports both SAML and non-SAML authentication modes.
-- Supports automatically selecting the preferred gateway from the multiple gateways.
-- Supports switching gateway from the system tray menu manually.
+- [x] Better Linux support
+- [x] Support both CLI and GUI
+- [x] Support both SSO and non-SSO authentication
+- [x] Support the FIDO2 authentication (e.g., YubiKey)
+- [x] Support authentication using default browser
+- [x] Support client certificate authentication
+- [x] Support multiple portals
+- [x] Support gateway selection
+- [x] Support connect gateway directly
+- [x] Support auto-connect on startup
+- [x] Support system tray icon
 
+## Usage
 
-## Install
+### CLI
 
-|OS|Stable version | Development version|
-|---|--------------|--------------------|
-|Linux Mint, Ubuntu 18.04 or later|[ppa:yuezk/globalprotect-openconnect](https://launchpad.net/~yuezk/+archive/ubuntu/globalprotect-openconnect)|[ppa:yuezk/globalprotect-openconnect-snapshot](https://launchpad.net/~yuezk/+archive/ubuntu/globalprotect-openconnect-snapshot)|
-|Arch, Manjaro|[globalprotect-openconnect](https://archlinux.org/packages/community/x86_64/globalprotect-openconnect/)|[AUR: globalprotect-openconnect-git](https://aur.archlinux.org/packages/globalprotect-openconnect-git/)|
-|Fedora|[copr: yuezk/globalprotect-openconnect](https://copr.fedorainfracloud.org/coprs/yuezk/globalprotect-openconnect/)|[copr: yuezk/globalprotect-openconnect](https://copr.fedorainfracloud.org/coprs/yuezk/globalprotect-openconnect/)|
-|openSUSE, CentOS 8|[OBS: globalprotect-openconnect](https://build.opensuse.org/package/show/home:yuezk/globalprotect-openconnect)|[OBS: globalprotect-openconnect-snapshot](https://build.opensuse.org/package/show/home:yuezk/globalprotect-openconnect-snapshot)|
+The CLI version is always free and open source in this repo. It has almost the same features as the GUI version.
 
-Add the repository in the above table and install it with your favorite package manager tool.
+```
+Usage: gpclient [OPTIONS] <COMMAND>
 
-[![Arch package](https://repology.org/badge/version-for-repo/arch/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
-[![AUR package](https://repology.org/badge/version-for-repo/aur/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
-[![Manjaro Stable package](https://repology.org/badge/version-for-repo/manjaro_stable/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
-[![Manjaro Testing package](https://repology.org/badge/version-for-repo/manjaro_testing/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
-[![Manjaro Unstable package](https://repology.org/badge/version-for-repo/manjaro_unstable/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
-[![nixpkgs unstable package](https://repology.org/badge/version-for-repo/nix_unstable/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
-[![Parabola package](https://repology.org/badge/version-for-repo/parabola/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+Commands:
+  connect     Connect to a portal server
+  disconnect  Disconnect from the server
+  launch-gui  Launch the GUI
+  help        Print this message or the help of the given subcommand(s)
 
-### Linux Mint, Ubuntu 18.04 or later
+Options:
+      --fix-openssl        Get around the OpenSSL `unsafe legacy renegotiation` error
+      --ignore-tls-errors  Ignore the TLS errors
+  -h, --help               Print help
+  -V, --version            Print version
 
-```sh
-sudo add-apt-repository ppa:yuezk/globalprotect-openconnect
-sudo apt-get update
-sudo apt install globalprotect-openconnect
+See 'gpclient help <command>' for more information on a specific command.
 ```
 
+To use the external browser for authentication with the CLI version, you need to use the following command:
+
+```bash
+sudo -E gpclient connect --browser default <portal>
+```
+
+Or you can try the following command if the above command does not work:
+
+```bash
+gpauth <portal> --browser default 2>/dev/null | sudo gpclient connect <portal> --cookie-on-stdin
+```
+
+You can specify the browser with the `--browser <browser>` option, e.g., `--browser firefox`, `--browser chrome`, etc.
+
+### GUI
+
+The GUI version is also available after you installed it. You can launch it from the application menu or run `gpclient launch-gui` in the terminal.
+
+> [!Note]
+>
+> The GUI version is partially open source. Its background service is open sourced in this repo as [gpservice](./apps/gpservice/). The GUI part is a wrapper of the background service, which is not open sourced.
+
+## Installation
+
+### Debian/Ubuntu based distributions
+
+#### Install from PPA (Ubuntu > 18.04)
+
+```
+sudo add-apt-repository ppa:yuezk/globalprotect-openconnect
+sudo apt-get install globalprotect-openconnect
+```
+
+> [!Note]
+>
 > For Linux Mint, you might need to import the GPG key with: `sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7937C393082992E5D6E4A60453FC26B43838D761` if you encountered an error `gpg: keyserver receive failed: General error`.
 
+#### **Ubuntu 18.04**
+
+The latest package is not available in the PPA, but you still needs to add the `ppa:yuezk/globalprotect-openconnect` repo beforehand to use the required `openconnect` package. Then you can follow the [Install from deb package](#install-from-deb-package) section to install the latest package.
+
+#### Install from deb package
+
+Download the latest deb package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page. Then install it with `apt`:
+
+```bash
+sudo apt install --fix-broken globalprotect-openconnect_*.deb
+```
+
 ### Arch Linux / Manjaro
 
-```sh
-sudo pacman -S globalprotect-openconnect
-```
+#### Install from AUR
 
-### AUR snapshot version
+Install from AUR: [globalprotect-openconnect-git](https://aur.archlinux.org/packages/globalprotect-openconnect-git/)
 
-```sh
+```bash
 yay -S globalprotect-openconnect-git
 ```
 
-### Fedora
+#### Install from package
 
-```sh
+Download the latest package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page. Then install it with `pacman`:
+
+```bash
+sudo pacman -U globalprotect-openconnect-*.pkg.tar.zst
+```
+
+### Fedora 38 and later / Fedora Rawhide
+
+#### Install from COPR
+
+The package is available on [COPR](https://copr.fedorainfracloud.org/coprs/yuezk/globalprotect-openconnect/) for various RPM-based distributions. You can install it with the following commands:
+
+```bash
 sudo dnf copr enable yuezk/globalprotect-openconnect
 sudo dnf install globalprotect-openconnect
 ```
 
-### openSUSE
+### openSUSE Leap 15.6 / openSUSE Tumbleweed
 
-- openSUSE Tumbleweed
-  ```sh
-  sudo zypper ar https://download.opensuse.org/repositories/home:/yuezk/openSUSE_Tumbleweed/home:yuezk.repo
-  sudo zypper ref
-  sudo zypper install globalprotect-openconnect
-  ```
+#### Install from OBS (openSUSE Build Service)
 
-- openSUSE Leap
+The package is also available on [OBS](https://build.opensuse.org/package/show/home:yuezk/globalprotect-openconnect) for various RPM-based distributions. You can follow the instructions [on this page](https://software.opensuse.org//download.html?project=home%3Ayuezk&package=globalprotect-openconnect) to install it.
 
-  ```sh
-  sudo zypper ar https://download.opensuse.org/repositories/home:/yuezk/openSUSE_Leap_15.2/home:yuezk.repo
-  sudo zypper ref
-  sudo zypper install globalprotect-openconnect
-  ```
-### CentOS 8
+### Other RPM-based distributions
 
-1. Add the repository: `https://download.opensuse.org/repositories/home:/yuezk/CentOS_8/home:yuezk.repo`
-1. Install `globalprotect-openconnect`
+#### Install from RPM package
 
+Download the latest RPM package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
 
-## Build & Install from source code
-
-Clone this repo with:
-
-```sh
-git clone https://github.com/yuezk/GlobalProtect-openconnect.git
-cd GlobalProtect-openconnect
+```bash
+sudo rpm -i globalprotect-openconnect-*.rpm
 ```
 
-### Ubuntu/Mint
+### Gentoo
 
-> **⚠️ REQUIRED for Ubuntu 18.04 ⚠️**
-> 
-> Add this [dwmw2/openconnect](https://launchpad.net/~dwmw2/+archive/ubuntu/openconnect) PPA first to install the latest openconnect.
-> 
-> ```sh
-> sudo add-apt-repository ppa:dwmw2/openconnect
-> sudo apt update
-> ```
+It is available via `guru` and `lamdness` overlays.
 
-Build and install with:
-
-```sh
-./scripts/install-ubuntu.sh
-```
-### openSUSE
-
-Build and install with:
-
-```sh
-./scripts/install-opensuse.sh
+```bash
+sudo eselect repository enable guru
+sudo emerge -r guru sync
+sudo emerge -av net-vpn/globalprotect-openconnect
 ```
 
-### Fedora
+### Other distributions
 
-Build and install with:
+- Install `openconnect >= 8.20`, `webkit2gtk`, `libsecret`, `libayatana-appindicator` or `libappindicator-gtk3`.
+- Download `globalprotect-openconnect_${version}_${arch}.bin.tar.xz` from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
+- Extract the tarball with `tar -xJf globalprotect-openconnect_${version}_${arch}.bin.tar.xz`.
+- Run `sudo make install` to install the client.
 
-```sh
-./scripts/install-fedora.sh
-```
+## Build from source
 
-### Other Linux
+You can also build the client from source, steps are as follows:
 
-Install the Qt5 dependencies and OpenConnect:
+### Prerequisites
 
-- QtCore
-- QtWebEngine
-- QtWebSockets
-- QtDBus
-- openconnect v8.x
+- [Install Rust 1.80 or later](https://www.rust-lang.org/tools/install)
+- Install Tauri dependencies: https://tauri.app/start/prerequisites/
+- Install `perl` and `jq`
+- Install `openconnect >= 8.20` and `libopenconnect-dev` (or `openconnect-devel` on RPM-based distributions)
+- Install `pkexec`, `gnome-keyring` (or `pam_kwallet` on KDE)
+- Install `nodejs` and `pnpm` (optional only if you downloaded the source tarball from the release page and run with the `BUILD_FE=0` flag, see below)
 
-...then build and install with:
+### Build
 
-```sh
-./scripts/install.sh
-```
+1. Download the source code tarball from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page. Choose `globalprotect-openconnect-${version}.tar.gz`.
+2. Extract the tarball with `tar -xzf globalprotect-openconnect-${version}.tar.gz`.
+3. Enter the source directory and run `make build BUILD_FE=0` to build the client.
+3. Run `sudo make install` to install the client. (Note, `DESTDIR` is not supported)
 
+## FAQ
 
-### NixOS
-  In `configuration.nix`:
+1. How to deal with error `Secure Storage not ready`
 
-  ```
-  services.globalprotect = {
-    enable = true;
-    # if you need a Host Integrity Protection report
-    csdWrapper = "${pkgs.openconnect}/libexec/openconnect/hipreport.sh";
-  };
+   Try upgrade the client to `2.2.0` or later, which will use a file-based storage as a fallback.
 
-  environment.systemPackages = [ globalprotect-openconnect ];
-  ```
+   You need to install the `gnome-keyring` package, and restart the system (See [#321](https://github.com/yuezk/GlobalProtect-openconnect/issues/321), [#316](https://github.com/yuezk/GlobalProtect-openconnect/issues/316)).
 
-## Run
+2. How to deal with error `(gpauth:18869): Gtk-WARNING **: 10:33:37.566: cannot open display:`
 
-Once the software is installed, you can run `gpclient` to start the UI.
+   If you encounter this error when using the CLI version, try to run the command with `sudo -E` (See [#316](https://github.com/yuezk/GlobalProtect-openconnect/issues/316)).
 
-## Passing the Custom Parameters to `OpenConnect` CLI
+## About Trial
 
-Custom parameters can be appended to the `OpenConnect` CLI with the following settings.
+The CLI version is always free, while the GUI version is paid. There are two trial modes for the GUI version:
 
-> Tokens with spaces can be surrounded by double quotes; three consecutive double quotes represent the quote character itself.
+1. 10-day trial: You can use the GUI stable release for 10 days after the installation.
+2. 14-day trial: Each beta release has a fresh trial period (at most 14 days) after released.
 
-<p align="center">
-  <img src="https://user-images.githubusercontent.com/3297602/130319209-744be02b-d657-4f49-a76d-d2c81b5c46d5.png" />
-<p>
+## License
 
-## Display the system tray icon on Gnome 40
-
-Install the [AppIndicator and KStatusNotifierItem Support](https://extensions.gnome.org/extension/615/appindicator-support/) extension and you will see the system try icon (Restart the system after the installation).
-
-<p align="center">
-  <img src="https://user-images.githubusercontent.com/3297602/130831022-b93492fd-46dd-4a8e-94a4-13b5747120b7.png" />
-<p>
-
-  
-
-## Future plan
-
-- [x] Improve the release process
-- [ ] Process bugs and feature requests
-- [ ] Support for bypassing the `gpclient` parameters
-- [ ] Support the CLI mode
-  
-  
-## Troubleshooting
-
-The application logs can be found at: `~/.cache/GlobalProtect-openconnect/gpclient.log`
-
-## [License](./LICENSE)
-GPLv3
+- crate [gpapi](./crates/gpapi): [MIT](./crates/gpapi/LICENSE)
+- crate [openconnect](./crates/openconnect): [GPL-3.0](./crates/openconnect/LICENSE)
+- crate [common](./crates/common): [GPL-3.0](./crates/common/LICENSE)
+- crate [auth](./crates/auth): [GPL-3.0](./crates/auth/LICENSE)
+- app [gpservice](./apps/gpservice): [GPL-3.0](./apps/gpservice/LICENSE)
+- app [gpclient](./apps/gpclient): [GPL-3.0](./apps/gpclient/LICENSE)
+- app [gpauth](./apps/gpauth): [GPL-3.0](./apps/gpauth/LICENSE)
+- app [gpgui-helper](./apps/gpgui-helper): [GPL-3.0](./apps/gpgui-helper/LICENSE)

VERSION

@@ -1 +0,0 @@
-1.4.2

apps/gpauth/Cargo.toml

@@ -0,0 +1,35 @@
+[package]
+name = "gpauth"
+rust-version.workspace = true
+authors.workspace = true
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+
+[build-dependencies]
+tauri-build = { version = "2", features = [], optional = true }
+
+[dependencies]
+gpapi = { path = "../../crates/gpapi", features = ["clap"] }
+
+auth = { path = "../../crates/auth", features = ["browser-auth"] }
+
+# Shared dependencies
+anyhow.workspace = true
+clap.workspace = true
+env_logger.workspace = true
+log.workspace = true
+serde_json.workspace = true
+tokio.workspace = true
+tempfile.workspace = true
+compile-time.workspace = true
+
+# Pin the version of home because the latest version requires Rust 1.81
+home = "=0.5.9"
+
+# webview auth dependencies
+tauri = { workspace = true, optional = true }
+
+[features]
+default = ["webview-auth"]
+webview-auth = ["auth/webview-auth", "dep:tauri", "dep:tauri-build"]

apps/gpauth/LICENSE

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

apps/gpauth/build.rs

@@ -0,0 +1,4 @@
+fn main() {
+  #[cfg(feature = "webview-auth")]
+  tauri_build::build()
+}

apps/gpauth/index.html

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>GlobalProtect Login</title>
+</head>
+<body>
+  <p>Redirecting to GlobalProtect Login...</p>
+</body>
+</html>

apps/gpauth/src/cli.rs

@@ -0,0 +1,185 @@
+use auth::{auth_prelogin, BrowserAuthenticator};
+use clap::Parser;
+use gpapi::{
+  auth::{SamlAuthData, SamlAuthResult},
+  clap::{args::Os, handle_error, Args, InfoLevelVerbosity},
+  gp_params::{ClientOs, GpParams},
+  utils::{normalize_server, openssl},
+  GP_USER_AGENT,
+};
+use log::info;
+use serde_json::json;
+use tempfile::NamedTempFile;
+
+const VERSION: &str = concat!(env!("CARGO_PKG_VERSION"), " (", compile_time::date_str!(), ")");
+
+#[derive(Parser)]
+#[command(
+  version = VERSION,
+  author,
+  about = "The authentication component for the GlobalProtect VPN client, supports the SSO authentication method.",
+  help_template = "\
+{before-help}{name} {version}
+{author}
+
+{about}
+
+{usage-heading} {usage}
+
+{all-args}{after-help}
+
+See 'gpauth -h' for more information.
+"
+)]
+struct Cli {
+  #[arg(help = "The portal server to authenticate")]
+  server: String,
+
+  #[arg(long, help = "Treating the server as a gateway")]
+  gateway: bool,
+
+  #[arg(long, help = "The SAML authentication request")]
+  saml_request: Option<String>,
+
+  #[arg(long, default_value = GP_USER_AGENT, help = "The user agent to use")]
+  user_agent: String,
+
+  #[arg(long, default_value = "Linux")]
+  os: Os,
+
+  #[arg(long)]
+  os_version: Option<String>,
+
+  #[arg(long, help = "Get around the OpenSSL `unsafe legacy renegotiation` error")]
+  fix_openssl: bool,
+
+  #[arg(long, help = "Ignore TLS errors")]
+  ignore_tls_errors: bool,
+
+  #[cfg(feature = "webview-auth")]
+  #[arg(long, help = "Use the default browser for authentication")]
+  default_browser: bool,
+
+  #[arg(
+    long,
+    help = "The browser to use for authentication, e.g., `default`, `firefox`, `chrome`, `chromium`, or the path to the browser executable"
+  )]
+  browser: Option<String>,
+
+  #[cfg(feature = "webview-auth")]
+  #[arg(long, help = "The HiDPI mode, useful for high-resolution screens")]
+  hidpi: bool,
+
+  #[cfg(feature = "webview-auth")]
+  #[arg(long, help = "Clean the cache of the embedded browser")]
+  pub clean: bool,
+
+  #[command(flatten)]
+  verbose: InfoLevelVerbosity,
+}
+
+impl Args for Cli {
+  fn fix_openssl(&self) -> bool {
+    self.fix_openssl
+  }
+
+  fn ignore_tls_errors(&self) -> bool {
+    self.ignore_tls_errors
+  }
+}
+
+impl Cli {
+  fn prepare_env(&self) -> anyhow::Result<Option<NamedTempFile>> {
+    #[cfg(feature = "webview-auth")]
+    gpapi::utils::env_utils::patch_gui_runtime_env(self.hidpi);
+
+    if self.fix_openssl {
+      info!("Fixing OpenSSL environment");
+      let file = openssl::fix_openssl_env()?;
+
+      return Ok(Some(file));
+    }
+
+    Ok(None)
+  }
+
+  async fn run(&self) -> anyhow::Result<()> {
+    if self.ignore_tls_errors {
+      info!("TLS errors will be ignored");
+    }
+
+    let openssl_conf = self.prepare_env()?;
+
+    let server = normalize_server(&self.server)?;
+    let gp_params = self.build_gp_params();
+
+    let auth_request = match self.saml_request.as_deref() {
+      Some(auth_request) => auth_request.to_string(),
+      None => auth_prelogin(&server, &gp_params).await?,
+    };
+
+    #[cfg(feature = "webview-auth")]
+    let browser = self
+      .browser
+      .as_deref()
+      .or_else(|| self.default_browser.then(|| "default"));
+
+    #[cfg(not(feature = "webview-auth"))]
+    let browser = self.browser.as_deref().or(Some("default"));
+
+    if let Some(browser) = browser {
+      let authenticator = BrowserAuthenticator::new(&auth_request, browser);
+      let auth_result = authenticator.authenticate().await;
+
+      print_auth_result(auth_result);
+
+      // explicitly drop openssl_conf to avoid the unused variable warning
+      drop(openssl_conf);
+      return Ok(());
+    }
+
+    #[cfg(feature = "webview-auth")]
+    crate::webview_auth::authenticate(server, gp_params, auth_request, self.clean, openssl_conf).await?;
+
+    Ok(())
+  }
+
+  fn build_gp_params(&self) -> GpParams {
+    let gp_params = GpParams::builder()
+      .user_agent(&self.user_agent)
+      .client_os(ClientOs::from(&self.os))
+      .os_version(self.os_version.clone())
+      .ignore_tls_errors(self.ignore_tls_errors)
+      .is_gateway(self.gateway)
+      .build();
+
+    gp_params
+  }
+}
+
+fn init_logger(cli: &Cli) {
+  env_logger::builder()
+    .filter_level(cli.verbose.log_level_filter())
+    .init();
+}
+
+pub async fn run() {
+  let cli = Cli::parse();
+
+  init_logger(&cli);
+  info!("gpauth started: {}", VERSION);
+
+  if let Err(err) = cli.run().await {
+    handle_error(err, &cli);
+    std::process::exit(1);
+  }
+}
+
+pub fn print_auth_result(auth_result: anyhow::Result<SamlAuthData>) {
+  let auth_result = match auth_result {
+    Ok(auth_data) => SamlAuthResult::Success(auth_data),
+    Err(err) => SamlAuthResult::Failure(format!("{}", err)),
+  };
+
+  println!("{}", json!(auth_result));
+}

apps/gpauth/src/main.rs

@@ -0,0 +1,11 @@
+#![cfg_attr(not(debug_assertions), windows_subsystem = "windows")]
+
+mod cli;
+
+#[cfg(feature = "webview-auth")]
+mod webview_auth;
+
+#[tokio::main]
+async fn main() {
+  cli::run().await;
+}

apps/gpauth/src/webview_auth.rs

@@ -0,0 +1,46 @@
+use auth::WebviewAuthenticator;
+use gpapi::gp_params::GpParams;
+use log::info;
+use tauri::RunEvent;
+use tempfile::NamedTempFile;
+
+use crate::cli::print_auth_result;
+
+pub async fn authenticate(
+  server: String,
+  gp_params: GpParams,
+  auth_request: String,
+  clean: bool,
+  mut openssl_conf: Option<NamedTempFile>,
+) -> anyhow::Result<()> {
+  tauri::Builder::default()
+    .setup(move |app| {
+      let app_handle = app.handle().clone();
+
+      tauri::async_runtime::spawn(async move {
+        let authenticator = WebviewAuthenticator::new(&server, &gp_params)
+          .with_auth_request(&auth_request)
+          .with_clean(clean);
+
+        let auth_result = authenticator.authenticate(&app_handle).await;
+        print_auth_result(auth_result);
+
+        // Ensure the app exits after the authentication process
+        app_handle.exit(0);
+      });
+
+      Ok(())
+    })
+    .build(tauri::generate_context!())?
+    .run(move |_app_handle, event| {
+      if let RunEvent::Exit = event {
+        if let Some(file) = openssl_conf.take() {
+          if let Err(err) = file.close() {
+            info!("Error closing OpenSSL config file: {}", err);
+          }
+        }
+      }
+    });
+
+  Ok(())
+}

apps/gpauth/tauri.conf.json

@@ -0,0 +1,16 @@
+{
+  "$schema": "https://cdn.jsdelivr.net/gh/tauri-apps/tauri@tauri-v2.1.1/crates/tauri-cli/config.schema.json",
+  "build": {
+    "frontendDist": ["index.html"],
+    "beforeDevCommand": "",
+    "beforeBuildCommand": ""
+  },
+  "identifier": "com.yuezk.gpauth",
+  "productName": "gpauth",
+  "app": {
+    "withGlobalTauri": false,
+    "security": {
+      "csp": null
+    }
+  }
+}

apps/gpclient/Cargo.toml

@@ -0,0 +1,30 @@
+[package]
+name = "gpclient"
+rust-version.workspace = true
+authors.workspace = true
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+
+[dependencies]
+common = { path = "../../crates/common" }
+gpapi = { path = "../../crates/gpapi", features = ["clap"] }
+openconnect = { path = "../../crates/openconnect" }
+
+anyhow.workspace = true
+clap.workspace = true
+env_logger.workspace = true
+inquire = "0.7"
+log.workspace = true
+tokio = { workspace = true, features = ["rt-multi-thread"] }
+sysinfo.workspace = true
+serde_json.workspace = true
+whoami.workspace = true
+tempfile.workspace = true
+reqwest.workspace = true
+directories.workspace = true
+compile-time.workspace = true
+
+[features]
+default = ["webview-auth"]
+webview-auth = ["gpapi/webview-auth"]

apps/gpclient/LICENSE

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.