Use uzers crate

.github/workflows/build.yaml

@@ -6,8 +6,8 @@ on:
       - "*.md"
       - .vscode
       - .devcontainer
-    branches:
+    # branches:
-      - main
+      # - main
     # tags:
     #   - v*.*.*
 jobs:

.vscode/settings.json

@@ -10,6 +10,7 @@
         "dotenv",
         "dotenvy",
         "getconfig",
+        "globalprotect",
         "gpapi",
         "gpauth",
         "gpclient",
@@ -42,6 +43,7 @@
         "urlencoding",
         "userauthcookie",
         "utsbuf",
+        "uzers",
         "Vite",
         "vpnc",
         "vpninfo",

Cargo.lock

@@ -1423,7 +1423,7 @@ dependencies = [
 
 [[package]]
 name = "gpapi"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta2"
 dependencies = [
  "anyhow",
  "base64 0.21.5",
@@ -1444,13 +1444,13 @@ dependencies = [
  "tokio",
  "url",
  "urlencoding",
- "users",
+ "uzers",
  "whoami",
 ]
 
 [[package]]
 name = "gpauth"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta2"
 dependencies = [
  "anyhow",
  "clap",
@@ -1470,7 +1470,7 @@ dependencies = [
 
 [[package]]
 name = "gpclient"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta2"
 dependencies = [
  "anyhow",
  "clap",
@@ -1491,7 +1491,7 @@ dependencies = [
 
 [[package]]
 name = "gpservice"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta2"
 dependencies = [
  "anyhow",
  "axum",
@@ -2446,7 +2446,7 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
 
 [[package]]
 name = "openconnect"
-version = "2.0.0-beta.1"
+version = "2.0.0-beta2"
 dependencies = [
  "cc",
  "is_executable",
@@ -4378,16 +4378,6 @@ version = "2.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
 
-[[package]]
-name = "users"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "24cc0f6d6f267b73e5a2cadf007ba8f9bc39c6a6f9666f8cf25ea809a153b032"
-dependencies = [
- "libc",
- "log",
-]
-
 [[package]]
 name = "utf-8"
 version = "0.7.6"
@@ -4409,6 +4399,16 @@ dependencies = [
  "getrandom 0.2.11",
 ]
 
+[[package]]
+name = "uzers"
+version = "0.11.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76d283dc7e8c901e79e32d077866eaf599156cbf427fffa8289aecc52c5c3f63"
+dependencies = [
+ "libc",
+ "log",
+]
+
 [[package]]
 name = "valuable"
 version = "0.1.0"

Cargo.toml

@@ -4,7 +4,7 @@ resolver = "2"
 members = ["crates/*", "apps/gpclient", "apps/gpservice", "apps/gpauth"]
 
 [workspace.package]
-version = "2.0.0-beta.1"
+version = "2.0.0-beta2"
 authors = ["Kevin Yue <k3vinyue@gmail.com>"]
 homepage = "https://github.com/yuezk/GlobalProtect-openconnect"
 edition = "2021"
@@ -36,7 +36,7 @@ futures-util = "0.3"
 tokio-tungstenite = "0.20.1"
 specta = "=2.0.0-rc.1"
 specta-macros = "=2.0.0-rc.1"
-users = "0.11"
+uzers = "0.11"
 whoami = "1"
 tauri = { version = "1.5" }
 thiserror = "1"

README.md

@@ -1,194 +1,113 @@
 # GlobalProtect-openconnect
-A GlobalProtect VPN client (GUI) for Linux based on Openconnect and built with Qt5, supports SAML auth mode, inspired by [gp-saml-gui](https://github.com/dlenski/gp-saml-gui).
+
+A GUI for GlobalProtect VPN, based on OpenConnect, supports the SSO authentication method. Inspired by [gp-saml-gui](https://github.com/dlenski/gp-saml-gui).
 
 <p align="center">
-  <img src="https://user-images.githubusercontent.com/3297602/133869036-5c02b0d9-c2d9-4f87-8c81-e44f68cfd6ac.png">
+  <img width="300" src="https://github.com/yuezk/GlobalProtect-openconnect/assets/3297602/9242df9c-217d-42ab-8c21-8f9f69cd4eb5">
 </p>
 
-<a href="https://paypal.me/zongkun" target="_blank"><img src="https://cdn.jsdelivr.net/gh/everdrone/coolbadge@5ea5937cabca5ecbfc45d6b30592bd81f219bc8d/badges/Paypal/Coffee/Blue/Small.png" alt="Buy me a coffee via Paypal" style="height: 32px; width: 268px;" ></a>
-<a href="https://ko-fi.com/M4M75PYKZ" target="_blank"><img src="https://ko-fi.com/img/githubbutton_sm.svg" alt="Support me on Ko-fi" style="height: 32px; width: 238px;"></a>
-<a href="https://www.buymeacoffee.com/yuezk" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 32px; width: 114px;" ></a>
-
-
 ## Features
 
-- Similar user experience as the official client in macOS.
+- [x] Better Linux support
-- Supports both SAML and non-SAML authentication modes.
+- [x] Support both CLI and GUI
-- Supports automatically selecting the preferred gateway from the multiple gateways.
+- [x] Support both SSO and non-SSO authentication
-- Supports switching gateway from the system tray menu manually.
+- [x] Support multiple portals
+- [x] Support gateway selection
+- [x] Support auto-connect on startup
+- [x] Support system tray icon
 
+## Usage
 
-## Install
+### CLI
 
-|OS|Stable version | Development version|
+The CLI version is always free and open source in this repo. It has almost the same features as the GUI version.
-|---|--------------|--------------------|
-|Linux Mint, Ubuntu 18.04 or later|[ppa:yuezk/globalprotect-openconnect](https://launchpad.net/~yuezk/+archive/ubuntu/globalprotect-openconnect)|[ppa:yuezk/globalprotect-openconnect-snapshot](https://launchpad.net/~yuezk/+archive/ubuntu/globalprotect-openconnect-snapshot)|
-|Arch, Manjaro|[globalprotect-openconnect](https://archlinux.org/packages/extra/x86_64/globalprotect-openconnect/)|[AUR: globalprotect-openconnect-git](https://aur.archlinux.org/packages/globalprotect-openconnect-git/)|
-|Fedora|[copr: yuezk/globalprotect-openconnect](https://copr.fedorainfracloud.org/coprs/yuezk/globalprotect-openconnect/)|[copr: yuezk/globalprotect-openconnect](https://copr.fedorainfracloud.org/coprs/yuezk/globalprotect-openconnect/)|
-|openSUSE, CentOS 8|[OBS: globalprotect-openconnect](https://build.opensuse.org/package/show/home:yuezk/globalprotect-openconnect)|[OBS: globalprotect-openconnect-snapshot](https://build.opensuse.org/package/show/home:yuezk/globalprotect-openconnect-snapshot)|
 
-Add the repository in the above table and install it with your favorite package manager tool.
+```
+Usage: gpclient [OPTIONS] <COMMAND>
 
-[![Arch package](https://repology.org/badge/version-for-repo/arch/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+Commands:
-[![AUR package](https://repology.org/badge/version-for-repo/aur/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+  connect     Connect to a portal server
-[![Manjaro Stable package](https://repology.org/badge/version-for-repo/manjaro_stable/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+  disconnect  Disconnect from the server
-[![Manjaro Testing package](https://repology.org/badge/version-for-repo/manjaro_testing/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+  launch-gui  Launch the GUI
-[![Manjaro Unstable package](https://repology.org/badge/version-for-repo/manjaro_unstable/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
+  help        Print this message or the help of the given subcommand(s)
-[![nixpkgs unstable package](https://repology.org/badge/version-for-repo/nix_unstable/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
-[![Parabola package](https://repology.org/badge/version-for-repo/parabola/globalprotect-openconnect.svg)](https://repology.org/project/globalprotect-openconnect/versions)
 
-### Linux Mint, Ubuntu 18.04 or later
+Options:
+      --fix-openssl  Get around the OpenSSL `unsafe legacy renegotiation` error
+  -h, --help         Print help
+  -V, --version      Print version
+```
 
-```sh
+See `gpclient -h` for help.
+
+### GUI
+
+The GUI version is also available after you installed it. You can launch it from the application menu or run `gpclient launch-gui` in the terminal.
+
+> [!Note]
+>
+> The GUI version is partially open source. Its background service is open sourced in this repo as [gpservice](./apps/gpservice/). The GUI part is a wrapper of the background service, which is not open sourced.
+
+## Installation
+
+### Debian/Ubuntu based distributions
+
+#### Install from PPA
+
+```
 sudo add-apt-repository ppa:yuezk/globalprotect-openconnect
 sudo apt-get update
 sudo apt-get install globalprotect-openconnect
 ```
 
-> For Linux Mint, you might need to import the GPG key with: `sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7937C393082992E5D6E4A60453FC26B43838D761` if you encountered an error `gpg: keyserver receive failed: General error`.
+#### Install from deb package
+
+Download the latest deb package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page. Then install it with `dpkg`:
+
+```bash
+sudo dpkg -i globalprotect-openconnect_*.deb
+```
 
 ### Arch Linux / Manjaro
 
-```sh
+#### Install from AUR
-sudo pacman -S globalprotect-openconnect
+
+Install from AUR: [globalprotect-openconnect-git](https://aur.archlinux.org/packages/globalprotect-openconnect-git/)
+
+#### Install from package
+
+Download the latest package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page. Then install it with `pacman`:
+
+```bash
+sudo pacman -U globalprotect-openconnect-*.pkg.tar.zst
 ```
 
-### AUR snapshot version
+### Fedora/OpenSUSE/CentOS/RHEL
+
+#### Install from COPR
+
+The package is available on [COPR](https://copr.fedorainfracloud.org/coprs/yuezk/globalprotect-openconnect/) for various RPM-based distributions. You can install it with the following commands:
 
-```sh
-yay -S globalprotect-openconnect-git
 ```
-
-### Fedora
-
-```sh
 sudo dnf copr enable yuezk/globalprotect-openconnect
 sudo dnf install globalprotect-openconnect
 ```
 
-### openSUSE
+#### Install from OBS
 
-- openSUSE Tumbleweed
+The package is also available on [OBS](https://build.opensuse.org/package/show/home:yuezk/globalprotect-openconnect) for various RPM-based distributions. You can follow the instructions [on this page](https://software.opensuse.org//download.html?project=home%3Ayuezk&package=globalprotect-openconnect) to install it.
-  ```sh
-  sudo zypper ar https://download.opensuse.org/repositories/home:/yuezk/openSUSE_Tumbleweed/home:yuezk.repo
-  sudo zypper ref
-  sudo zypper install globalprotect-openconnect
-  ```
 
-- openSUSE Leap
+#### Install from RPM package
 
-  ```sh
+Download the latest RPM package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
-  sudo zypper ar https://download.opensuse.org/repositories/home:/yuezk/15.4/home:yuezk.repo
 
-  sudo zypper ref
+### Other distributions
-  sudo zypper install globalprotect-openconnect
-  ```
-### CentOS 8
 
-1. Add the repository: `https://download.opensuse.org/repositories/home:/yuezk/CentOS_8/home:yuezk.repo`
+The project depends on `openconnect`, `webkit2gtk`, `libsecret`, `libayatana-appindicator` or `libappindicator-gtk3`. You can install them first and then download the latest binary release (i.e., `*.bin.tar.gz`) from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
-1. Install `globalprotect-openconnect`
 
+### Install the Old Version (v1.4.9)
 
-## Build & Install from source code
+The 1.x version is still available on the [1.x](https://github.com/yuezk/GlobalProtect-openconnect/tree/1.x) branch, you can build it from the source code by following the instructions in the `README.md` file.
-
-Clone this repo with:
-
-```sh
-git clone https://github.com/yuezk/GlobalProtect-openconnect.git
-cd GlobalProtect-openconnect
-```
-
-### MX Linux
-The following instructions are for **MX-21.2.1_x64 KDE**.
-
-```sh
-sudo apt install qttools5-dev libsecret-1-dev libqt5keychain1
-./scripts/install-debian.sh
-```
-
-### Ubuntu/Mint
-
-> **⚠️ REQUIRED for Ubuntu 18.04 ⚠️**
->
-> Add this [dwmw2/openconnect](https://launchpad.net/~dwmw2/+archive/ubuntu/openconnect) PPA first to install the latest openconnect.
->
-> ```sh
-> sudo add-apt-repository ppa:dwmw2/openconnect
-> sudo apt-get update
-> ```
-
-Build and install with:
-
-```sh
-./scripts/install-ubuntu.sh
-```
-### openSUSE
-
-Build and install with:
-
-```sh
-./scripts/install-opensuse.sh
-```
-
-### Fedora
-
-Build and install with:
-
-```sh
-./scripts/install-fedora.sh
-```
-
-### Other Linux
-
-Install the Qt5 dependencies and OpenConnect:
-
-- QtCore
-- QtWebEngine
-- QtWebSockets
-- QtDBus
-- openconnect v8.x
-- qtkeychain
-
-...then build and install with:
-
-```sh
-./scripts/install.sh
-```
-
-
-### NixOS
-  In `configuration.nix`:
-
-  ```
-  services.globalprotect = {
-    enable = true;
-    # if you need a Host Integrity Protection report
-    csdWrapper = "${pkgs.openconnect}/libexec/openconnect/hipreport.sh";
-  };
-
-  environment.systemPackages = [ globalprotect-openconnect ];
-  ```
-
-## Run
-
-Once the software is installed, you can run `gpclient` to start the UI.
-
-## Passing the Custom Parameters to `OpenConnect` CLI
-
-See [Configuration](https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration)
-
-## Display the system tray icon on Gnome 40
-
-Install the [AppIndicator and KStatusNotifierItem Support](https://extensions.gnome.org/extension/615/appindicator-support/) extension and you will see the system try icon (Restart the system after the installation).
-
-<p align="center">
-  <img src="https://user-images.githubusercontent.com/3297602/130831022-b93492fd-46dd-4a8e-94a4-13b5747120b7.png" />
-<p>
-
-
-## Troubleshooting
-
-Run `gpclient` in the Terminal and collect the logs.
 
 ## [License](./LICENSE)
+
 GPLv3

apps/gpauth/src/auth_window.rs

@@ -18,8 +18,8 @@ use tokio_util::sync::CancellationToken;
 use webkit2gtk::{
   gio::Cancellable,
   glib::{GString, TimeSpan},
-  LoadEvent, URIResponse, URIResponseExt, WebContextExt, WebResource, WebResourceExt, WebView,
+  LoadEvent, SettingsExt, URIResponse, URIResponseExt, WebContextExt, WebResource, WebResourceExt,
-  WebViewExt, WebsiteDataManagerExtManual, WebsiteDataTypes,
+  WebView, WebViewExt, WebsiteDataManagerExtManual, WebsiteDataTypes,
 };
 
 enum AuthDataError {
@@ -76,7 +76,7 @@ impl<'a> AuthWindow<'a> {
 
     let window = Window::builder(&self.app_handle, "auth_window", WindowUrl::default())
       .title("GlobalProtect Login")
-      .user_agent(self.user_agent)
+      // .user_agent(self.user_agent)
       .focused(true)
       .visible(false)
       .center()
@@ -128,6 +128,11 @@ impl<'a> AuthWindow<'a> {
     window.with_webview(move |wv| {
       let wv = wv.inner();
 
+      if let Some(settings) = wv.settings() {
+        let ua = settings.user_agent().unwrap_or("".into());
+        info!("Auth window user agent: {}", ua);
+      }
+
       // Load the initial SAML request
       load_saml_request(&wv, &saml_request);
 

crates/gpapi/Cargo.toml

@@ -24,7 +24,7 @@ redact-engine.workspace = true
 url.workspace = true
 regex.workspace = true
 dotenvy_macro.workspace = true
-users.workspace = true
+uzers.workspace = true
 
 tauri = { workspace = true, optional = true }
 

crates/gpapi/src/process/command_traits.rs

@@ -1,7 +1,7 @@
 use anyhow::bail;
 use std::{env, ffi::OsStr};
 use tokio::process::Command;
-use users::{os::unix::UserExt, User};
+use uzers::{os::unix::UserExt, User};
 
 pub trait CommandExt {
   fn new_pkexec<S: AsRef<OsStr>>(program: S) -> Command;
@@ -42,7 +42,7 @@ fn get_non_root_user() -> anyhow::Result<User> {
   let user = if current_user == "root" {
     get_real_user()?
   } else {
-    users::get_user_by_name(&current_user)
+    uzers::get_user_by_name(&current_user)
       .ok_or_else(|| anyhow::anyhow!("User ({}) not found", current_user))?
   };
 
@@ -60,5 +60,5 @@ fn get_real_user() -> anyhow::Result<User> {
     _ => env::var("PKEXEC_UID")?.parse::<u32>()?,
   };
 
-  users::get_user_by_uid(uid).ok_or_else(|| anyhow::anyhow!("User not found"))
+  uzers::get_user_by_uid(uid).ok_or_else(|| anyhow::anyhow!("User not found"))
 }