Implement download

.vscode/settings.json

@@ -4,6 +4,7 @@
         "bincode",
         "chacha",
         "clientos",
+        "cstring",
         "datetime",
         "disconnectable",
         "distro",

Cargo.lock

@@ -126,6 +126,28 @@ version = "1.0.79"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca"
 
+[[package]]
+name = "async-stream"
+version = "0.3.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cd56dd203fef61ac097dd65721a419ddccb106b2d2b70ba60a6b529f03961a51"
+dependencies = [
+ "async-stream-impl",
+ "futures-core",
+ "pin-project-lite",
+]
+
+[[package]]
+name = "async-stream-impl"
+version = "0.3.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.48",
+]
+
 [[package]]
 name = "async-trait"
 version = "0.1.77"
@@ -903,6 +925,19 @@ dependencies = [
  "syn 1.0.109",
 ]
 
+[[package]]
+name = "downloader"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d05213e96f184578b5f70105d4d0a644a168e99e12d7bea0b200c15d67b5c182"
+dependencies = [
+ "futures",
+ "rand 0.8.5",
+ "reqwest",
+ "thiserror",
+ "tokio",
+]
+
 [[package]]
 name = "dtoa"
 version = "1.0.9"
@@ -1423,7 +1458,7 @@ dependencies = [
 
 [[package]]
 name = "gpapi"
-version = "2.0.0-beta8"
+version = "2.0.0"
 dependencies = [
  "anyhow",
  "base64 0.21.5",
@@ -1431,6 +1466,7 @@ dependencies = [
  "clap",
  "dotenvy_macro",
  "log",
+ "md5",
  "open",
  "redact-engine",
  "regex",
@@ -1438,6 +1474,7 @@ dependencies = [
  "roxmltree",
  "serde",
  "serde_json",
+ "serde_urlencoded",
  "specta",
  "specta-macros",
  "tauri",
@@ -1452,7 +1489,7 @@ dependencies = [
 
 [[package]]
 name = "gpauth"
-version = "2.0.0-beta8"
+version = "2.0.0"
 dependencies = [
  "anyhow",
  "clap",
@@ -1472,7 +1509,7 @@ dependencies = [
 
 [[package]]
 name = "gpclient"
-version = "2.0.0-beta8"
+version = "2.0.0"
 dependencies = [
  "anyhow",
  "clap",
@@ -1491,9 +1528,29 @@ dependencies = [
  "whoami",
 ]
 
+[[package]]
+name = "gpgui-helper"
+version = "2.0.0"
+dependencies = [
+ "anyhow",
+ "async-stream",
+ "base64 0.21.5",
+ "clap",
+ "compile-time",
+ "downloader",
+ "env_logger",
+ "futures-util",
+ "log",
+ "reqwest",
+ "tauri",
+ "tauri-build",
+ "tempfile",
+ "tokio",
+]
+
 [[package]]
 name = "gpservice"
-version = "2.0.0-beta8"
+version = "2.0.0"
 dependencies = [
  "anyhow",
  "axum",
@@ -2226,6 +2283,12 @@ version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0e7465ac9959cc2b1404e8e2367b43684a6d13790fe23056cc8c6c5a6b7bcb94"
 
+[[package]]
+name = "md5"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "490cc448043f947bae3cbee9c203358d62dbee0db12107a74be5c30ccfd09771"
+
 [[package]]
 name = "memchr"
 version = "2.7.1"
@@ -2478,7 +2541,7 @@ dependencies = [
 
 [[package]]
 name = "openconnect"
-version = "2.0.0-beta8"
+version = "2.0.0"
 dependencies = [
  "cc",
  "is_executable",

Cargo.toml

@@ -1,10 +1,10 @@
 [workspace]
 resolver = "2"
 
-members = ["crates/*", "apps/gpclient", "apps/gpservice", "apps/gpauth"]
+members = ["crates/*", "apps/gpclient", "apps/gpservice", "apps/gpauth", "apps/gpgui-helper/src-tauri"]
 
 [workspace.package]
-version = "2.0.0-beta8"
+version = "2.0.0"
 authors = ["Kevin Yue <k3vinyue@gmail.com>"]
 homepage = "https://github.com/yuezk/GlobalProtect-openconnect"
 edition = "2021"
@@ -34,15 +34,20 @@ axum = "0.7"
 futures = "0.3"
 futures-util = "0.3"
 tokio-tungstenite = "0.20.1"
-specta = "=2.0.0-rc.1"
-specta-macros = "=2.0.0-rc.1"
 uzers = "0.11"
 whoami = "1"
-tauri = { version = "1.5" }
 thiserror = "1"
 redact-engine = "0.1"
 dotenvy_macro = "0.15"
 compile-time = "0.2"
+serde_urlencoded = "0.7"
+md5="0.7"
+
+# Tauri dependencies
+tauri = { version = "1.5" }
+specta = "=2.0.0-rc.1"
+specta-macros = "=2.0.0-rc.1"
+rspc = { version = "1.0.0-rc.5", features = ["tauri"] }
 
 [profile.release]
 opt-level = 'z'   # Optimize for size

README.md

@@ -127,7 +127,7 @@ The project depends on `openconnect >= 8.20`, `webkit2gtk`, `libsecret`, `libaya
 
 ## About Trial
 
-The CLI version is always free, while the GUI version is paid. There two trial modes for the GUI version:
+The CLI version is always free, while the GUI version is paid. There are two trial modes for the GUI version:
 
 1. 10-day trial: You can use the GUI stable release for 10 days after the installation.
 2. 14-day trial: Each beta release has a fresh trial period (at most 14 days) after released.

apps/gpclient/src/connect.rs

@@ -7,7 +7,10 @@ use gpapi::{
   gateway::gateway_login,
   gp_params::{ClientOs, GpParams},
   portal::{prelogin, retrieve_config, PortalError, Prelogin},
-  process::auth_launcher::SamlAuthLauncher,
+  process::{
+    auth_launcher::SamlAuthLauncher,
+    users::{get_non_root_user, get_user_by_name},
+  },
   utils::shutdown_signal,
   GP_USER_AGENT,
 };
@@ -27,6 +30,13 @@ pub(crate) struct ConnectArgs {
   user: Option<String>,
   #[arg(long, short, help = "The VPNC script to use")]
   script: Option<String>,
+
+  #[arg(long, help = "Same as the '--csd-user' option in the openconnect command")]
+  csd_user: Option<String>,
+
+  #[arg(long, help = "Same as the '--csd-wrapper' option in the openconnect command")]
+  csd_wrapper: Option<String>,
+
   #[arg(long, default_value = GP_USER_AGENT, help = "The user agent to use")]
   user_agent: String,
   #[arg(long, default_value = "Linux")]
@@ -133,7 +143,7 @@ impl<'a> ConnectHandler<'a> {
     gp_params.set_is_gateway(true);
 
     let prelogin = prelogin(gateway, &gp_params).await?;
-    let cred = self.obtain_credential(&prelogin, &gateway).await?;
+    let cred = self.obtain_credential(&prelogin, gateway).await?;
 
     let cookie = gateway_login(gateway, &cred, &gp_params).await?;
 
@@ -141,9 +151,13 @@ impl<'a> ConnectHandler<'a> {
   }
 
   async fn connect_gateway(&self, gateway: &str, cookie: &str) -> anyhow::Result<()> {
+    let csd_uid = get_csd_uid(&self.args.csd_user)?;
+
     let vpn = Vpn::builder(gateway, cookie)
       .user_agent(self.args.user_agent.clone())
       .script(self.args.script.clone())
+      .csd_uid(csd_uid)
+      .csd_wrapper(self.args.csd_wrapper.clone())
       .build();
 
     let vpn = Arc::new(vpn);
@@ -211,3 +225,11 @@ fn write_pid_file() {
   fs::write(GP_CLIENT_LOCK_FILE, pid.to_string()).unwrap();
   info!("Wrote PID {} to {}", pid, GP_CLIENT_LOCK_FILE);
 }
+
+fn get_csd_uid(csd_user: &Option<String>) -> anyhow::Result<u32> {
+  if let Some(csd_user) = csd_user {
+    get_user_by_name(csd_user).map(|user| user.uid())
+  } else {
+    get_non_root_user().map_or_else(|_| Ok(0), |user| Ok(user.uid()))
+  }
+}

apps/gpgui-helper/.eslintrc.cjs

@@ -0,0 +1,36 @@
+module.exports = {
+  env: {
+    browser: true,
+    es2021: true,
+  },
+  extends: [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/recommended",
+    "plugin:react/recommended",
+    "plugin:react/jsx-runtime",
+    "plugin:react-hooks/recommended",
+    "prettier",
+  ],
+  overrides: [
+    {
+      env: {
+        node: true,
+      },
+      files: [".eslintrc.{js,cjs}"],
+      parserOptions: {
+        sourceType: "script",
+      },
+    },
+  ],
+  parser: "@typescript-eslint/parser",
+  parserOptions: {
+    ecmaVersion: "latest",
+    sourceType: "module",
+  },
+  plugins: ["@typescript-eslint", "react"],
+  rules: {
+    "react-hooks/rules-of-hooks": "error",
+    "react-hooks/exhaustive-deps": "error",
+    "@typescript-eslint/no-unused-vars": "warn",
+  },
+};

apps/gpgui-helper/.gitignore

@@ -0,0 +1,24 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?

apps/gpgui-helper/.prettierrc

@@ -0,0 +1,3 @@
+{
+    "printWidth": 100
+}

apps/gpgui-helper/README.md

@@ -0,0 +1,7 @@
+# Tauri + React + Typescript
+
+This template should help get you started developing with Tauri, React and Typescript in Vite.
+
+## Recommended IDE Setup
+
+- [VS Code](https://code.visualstudio.com/) + [Tauri](https://marketplace.visualstudio.com/items?itemName=tauri-apps.tauri-vscode) + [rust-analyzer](https://marketplace.visualstudio.com/items?itemName=rust-lang.rust-analyzer)

apps/gpgui-helper/index.html

@@ -0,0 +1,19 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>GlobalProtect</title>
+  </head>
+  <body>
+    <script>
+      /* workaround to webview font size auto scaling */
+      var htmlFontSize = getComputedStyle(document.documentElement).fontSize;
+      var ratio = parseInt(htmlFontSize, 10) / 16;
+      document.documentElement.style.fontSize = 16 / ratio + "px";
+    </script>
+    <div id="root" data-tauri-drag-region></div>
+    <script type="module" src="/src/pages/main.tsx"></script>
+  </body>
+</html>

apps/gpgui-helper/package.json

@@ -0,0 +1,36 @@
+{
+  "name": "gpgui",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc && vite build",
+    "preview": "vite preview",
+    "tauri": "tauri"
+  },
+  "dependencies": {
+    "@emotion/react": "^11.11.1",
+    "@emotion/styled": "^11.11.0",
+    "@mui/icons-material": "^5.14.18",
+    "@mui/material": "^5.14.18",
+    "@tauri-apps/api": "^1.5.0",
+    "react": "^18.2.0",
+    "react-dom": "^18.2.0"
+  },
+  "devDependencies": {
+    "@tauri-apps/cli": "^1.5.0",
+    "@types/node": "^20.8.10",
+    "@types/react": "^18.2.15",
+    "@types/react-dom": "^18.2.7",
+    "@typescript-eslint/eslint-plugin": "^6.12.0",
+    "@typescript-eslint/parser": "^6.12.0",
+    "@vitejs/plugin-react": "^4.0.3",
+    "eslint": "^8.54.0",
+    "eslint-config-prettier": "^9.0.0",
+    "eslint-plugin-react": "^7.33.2",
+    "eslint-plugin-react-hooks": "^4.6.0",
+    "prettier": "3.1.0",
+    "typescript": "^5.0.2",
+    "vite": "^4.4.4"
+  }
+}

apps/gpgui-helper/public/tauri.svg

@@ -0,0 +1,6 @@
+<svg width="206" height="231" viewBox="0 0 206 231" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M143.143 84C143.143 96.1503 133.293 106 121.143 106C108.992 106 99.1426 96.1503 99.1426 84C99.1426 71.8497 108.992 62 121.143 62C133.293 62 143.143 71.8497 143.143 84Z" fill="#FFC131"/>
+<ellipse cx="84.1426" cy="147" rx="22" ry="22" transform="rotate(180 84.1426 147)" fill="#24C8DB"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M166.738 154.548C157.86 160.286 148.023 164.269 137.757 166.341C139.858 160.282 141 153.774 141 147C141 144.543 140.85 142.121 140.558 139.743C144.975 138.204 149.215 136.139 153.183 133.575C162.73 127.404 170.292 118.608 174.961 108.244C179.63 97.8797 181.207 86.3876 179.502 75.1487C177.798 63.9098 172.884 53.4021 165.352 44.8883C157.82 36.3744 147.99 30.2165 137.042 27.1546C126.095 24.0926 114.496 24.2568 103.64 27.6274C92.7839 30.998 83.1319 37.4317 75.8437 46.1553C74.9102 47.2727 74.0206 48.4216 73.176 49.5993C61.9292 50.8488 51.0363 54.0318 40.9629 58.9556C44.2417 48.4586 49.5653 38.6591 56.679 30.1442C67.0505 17.7298 80.7861 8.57426 96.2354 3.77762C111.685 -1.01901 128.19 -1.25267 143.769 3.10474C159.348 7.46215 173.337 16.2252 184.056 28.3411C194.775 40.457 201.767 55.4101 204.193 71.404C206.619 87.3978 204.374 103.752 197.73 118.501C191.086 133.25 180.324 145.767 166.738 154.548ZM41.9631 74.275L62.5557 76.8042C63.0459 72.813 63.9401 68.9018 65.2138 65.1274C57.0465 67.0016 49.2088 70.087 41.9631 74.275Z" fill="#FFC131"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M38.4045 76.4519C47.3493 70.6709 57.2677 66.6712 67.6171 64.6132C65.2774 70.9669 64 77.8343 64 85.0001C64 87.1434 64.1143 89.26 64.3371 91.3442C60.0093 92.8732 55.8533 94.9092 51.9599 97.4256C42.4128 103.596 34.8505 112.392 30.1816 122.756C25.5126 133.12 23.9357 144.612 25.6403 155.851C27.3449 167.09 32.2584 177.598 39.7906 186.112C47.3227 194.626 57.153 200.784 68.1003 203.846C79.0476 206.907 90.6462 206.743 101.502 203.373C112.359 200.002 122.011 193.568 129.299 184.845C130.237 183.722 131.131 182.567 131.979 181.383C143.235 180.114 154.132 176.91 164.205 171.962C160.929 182.49 155.596 192.319 148.464 200.856C138.092 213.27 124.357 222.426 108.907 227.222C93.458 232.019 76.9524 232.253 61.3736 227.895C45.7948 223.538 31.8055 214.775 21.0867 202.659C10.3679 190.543 3.37557 175.59 0.949823 159.596C-1.47592 143.602 0.768139 127.248 7.41237 112.499C14.0566 97.7497 24.8183 85.2327 38.4045 76.4519ZM163.062 156.711L163.062 156.711C162.954 156.773 162.846 156.835 162.738 156.897C162.846 156.835 162.954 156.773 163.062 156.711Z" fill="#24C8DB"/>
+</svg>

apps/gpgui-helper/public/vite.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>

apps/gpgui-helper/src-tauri/.gitignore

@@ -0,0 +1,4 @@
+# Generated by Cargo
+# will have compiled files and executables
+/target/
+

apps/gpgui-helper/src-tauri/Cargo.toml

@@ -0,0 +1,24 @@
+[package]
+name = "gpgui-helper"
+authors.workspace = true
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+
+[build-dependencies]
+tauri-build = { version = "1.5", features = [] }
+
+[dependencies]
+tauri = { workspace = true, features = ["window-start-dragging"] }
+tokio.workspace = true
+anyhow.workspace = true
+log.workspace = true
+clap.workspace = true
+compile-time.workspace = true
+env_logger.workspace = true
+base64.workspace = true
+async-stream = "0.3"
+futures-util.workspace = true
+downloader = "0.2"
+tempfile.workspace = true
+reqwest = { workspace = true, features = ["stream"] }

apps/gpgui-helper/src-tauri/build.rs

@@ -0,0 +1,3 @@
+fn main() {
+  tauri_build::build()
+}

apps/gpgui-helper/src-tauri/icons/icon.svg

@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   version="1.1"
+   id="Layer_1"
+   x="0px"
+   y="0px"
+   viewBox="0 0 96 96"
+   style="enable-background:new 0 0 96 96;"
+   xml:space="preserve"
+   sodipodi:docname="com.yuezk.qt.gpclient.svg"
+   inkscape:version="0.92.4 5da689c313, 2019-01-14"><metadata
+   id="metadata14"><rdf:RDF><cc:Work
+       rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
+         rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title /></cc:Work></rdf:RDF></metadata><defs
+   id="defs12" /><sodipodi:namedview
+   pagecolor="#ffffff"
+   bordercolor="#666666"
+   borderopacity="1"
+   objecttolerance="10"
+   gridtolerance="10"
+   guidetolerance="10"
+   inkscape:pageopacity="0"
+   inkscape:pageshadow="2"
+   inkscape:window-width="1920"
+   inkscape:window-height="1006"
+   id="namedview10"
+   showgrid="false"
+   inkscape:zoom="6.9532168"
+   inkscape:cx="7.9545315"
+   inkscape:cy="59.062386"
+   inkscape:window-x="0"
+   inkscape:window-y="0"
+   inkscape:window-maximized="1"
+   inkscape:current-layer="g8499" />
+<style
+   type="text/css"
+   id="style2">
+	.st0{fill:#2980B9;}
+	.st1{fill:#3498DB;}
+	.st2{fill:#2ECC71;}
+	.st3{fill:#27AE60;}
+</style>
+
+<g
+   id="g8499"
+   transform="matrix(1.3407388,0,0,1.3407388,-16.409202,-16.355463)"><g
+     id="XMLID_1_">
+	<circle
+   r="32.5"
+   cy="48"
+   cx="48"
+   class="st0"
+   id="XMLID_3_"
+   style="fill:#2980b9" />
+	<path
+   d="m 48,15.5 v 65 C 65.9,80.5 80.5,65.7 80.5,48 80.5,30 65.9,15.5 48,15.5 Z"
+   class="st1"
+   id="XMLID_4_"
+   inkscape:connector-curvature="0"
+   style="fill:#3498db" />
+	<path
+   d="m 48,15.5 v 0.6 l 1.2,-0.3 c 0.3,-0.3 0.4,-0.3 0.6,-0.3 h -1.1 z m 7.3,0.9 c -0.1,0 0.4,0.9 1.1,1.8 0.8,1.5 1.1,2.1 1.3,2.1 0.3,-0.3 1.9,-1.2 3,-2.1 -1.7,-0.9 -3.5,-1.5 -5.4,-1.8 z m 10.3,6.2 c -0.1,0 -0.4,0 -0.9,0.6 l -0.8,0.9 0.6,0.6 c 0.3,0.6 0.8,0.9 1,1.2 0.5,0.6 0.6,0.6 0.1,1.5 -0.2,0.6 -0.3,0.9 -0.3,0.9 0.1,0.3 0.3,0.3 1.4,0.3 h 1.6 c 0.1,0 0.3,-0.6 0.4,-1.2 l 0.1,-0.9 -1.1,-0.9 c -1,-0.9 -1,-0.9 -1.4,-1.8 -0.3,-0.6 -0.6,-1.2 -0.7,-1.2 z m -3,2.4 c -0.2,0 -1.3,2.1 -1.3,2.4 0,0 0.3,0.6 0.7,0.9 0.4,0.3 0.7,0.6 0.7,0.6 0.1,0 1.2,-1.2 1.4,-1.5 C 64.2,27.1 64,26.8 63.5,26.2 63.1,25.5 62.7,25 62.6,25 Z m 9.5,1.1 0.2,0.3 c 0,0.3 -0.7,0.9 -1.4,1.5 -1.2,0.9 -1.4,1.2 -2,1.2 -0.6,0 -0.9,0.3 -1.8,0.9 -0.6,0.6 -1.2,0.9 -1.2,1.2 0,0 0.2,0.3 0.6,0.9 0.7,0.6 0.7,0.9 0.2,1.8 l -0.4,0.3 h -1.1 c -0.6,0 -1.5,0 -1.8,-0.3 -0.9,0 -0.8,0 -0.1,2.1 1,3 1.1,3.2 1.3,3.2 0.1,0 1.3,-1.2 2.8,-2.4 1.5,-1.2 2.7,-2.4 2.8,-2.4 l 0.6,0.3 c 0.4,0.3 0.5,0 1.3,-0.6 l 0.8,-0.6 0.8,0.6 c 1.9,1.2 2.2,1.5 2.3,2.4 0.2,1.5 0.3,1.8 0.5,1.8 0.1,0 1.3,-1.5 1.6,-1.8 0.1,-0.3 -0.1,-0.6 -1.1,-2.1 -0.7,-0.9 -1.1,-1.8 -1.1,-2.1 0,0 0.1,0 0.3,-0.3 0.2,0 0.4,0.3 1,0.9 -1.6,-2.3 -3.2,-4.7 -5.1,-6.8 z m 2.8,10.7 c -0.2,0 -0.9,0.9 -0.8,1.2 l 0.5,0.3 H 75 c 0.2,0 0.3,0 0.2,-0.3 C 75.1,37.4 75,36.8 74.9,36.8 Z M 72.3,38 h -2.4 l -2.4,0.3 -4.5,3.5 -4.4,3.8 v 3.5 c 0,2.1 0,3.8 0.1,3.8 0.1,0 0.7,0.9 1.5,1.5 0.8,0.9 1.5,1.5 1.8,1.8 0.4,0.3 0.5,0.3 4,0.6 l 3.4,0.3 1.6,0.9 c 0.8,0.6 1.5,1.2 1.6,1.2 0.1,0 -0.3,0.3 -0.6,0.6 l -0.6,0.6 1,1.2 c 0.5,0.6 1.3,1.5 1.7,1.8 l 0.6,0.9 v 1.7 0.9 c 3.7,-5 5.9,-11.5 6.1,-18.3 0.1,-2.7 -0.3,-5.3 -0.8,-8 l -0.6,-0.3 c -0.1,0 -0.5,0.3 -1,0.6 -0.5,0.3 -1,0.9 -1.1,0.9 -0.1,0 -0.8,-0.3 -1.8,-0.6 l -1.8,-0.6 v -0.9 c 0,-0.6 0,-0.9 -0.6,-1.5 z M 48,63.7 V 64 h 0.2 z"
+   class="st2"
+   id="XMLID_13_"
+   inkscape:connector-curvature="0"
+   style="fill:#2ecc71" />
+	<path
+   d="m 48,15.5 c -3.1,0 -6.2,0.5 -9,1.3 0.3,0.4 0.3,0.4 0.6,0.9 1.5,2.5 1.7,2.8 2.1,2.9 0.3,0 0.9,0.1 1.6,0.1 h 1.2 l 0.9,-2 0.8,-1.9 1.8,-0.6 z m -16.9,4.7 c -2.8,1.7 -5.4,3.9 -7.6,6.4 -3.8,4.3 -6.3,9.6 -7.4,15.4 0.5,0 0.9,-0.1 1.8,-0.1 2.8,0.1 2.5,0 3.4,1.4 0.5,0.8 0.6,0.8 1.4,0.8 1,0.1 0.9,0 0.5,-1.6 -0.2,-0.6 -0.3,-1.2 -0.3,-1.4 0,-0.2 0.5,-0.7 1.7,-1.6 1.9,-1.5 1.8,-1.3 1.5,-2.9 -0.1,-0.3 0.1,-0.6 0.6,-1.2 0.7,-0.7 0.7,-0.6 1.4,-0.6 h 0.7 l 0.1,-1.2 c 0.1,-0.7 0.1,-1.3 0.2,-1.3 0,0 1.9,-1.1 4.1,-2.3 2.2,-1.2 4.1,-2.2 4.2,-2.3 0.2,-0.2 -0.3,-0.8 -2.7,-3.8 -1.5,-1.9 -2.8,-3.6 -2.9,-3.7 z m -5.8,23 c -0.1,0 -0.1,0.3 -0.1,0.6 0,0.6 0,0.7 0.6,1 0.8,0.4 0.9,0.5 0.8,0.2 -0.1,-0.4 -1.2,-1.9 -1.3,-1.8 z m -3.4,2.1 -0.5,1.8 c 0.1,0.1 0.9,0.3 1.8,0.5 1,0.2 1.6,0.4 1.8,0.3 l 0.5,-1.3 z m -3.8,1 -1.1,0.6 c -0.6,0.3 -1.2,0.6 -1.4,0.6 h -0.1 c 0,1.4 0.1,2.8 0.3,4.2 l 0.6,0.4 1,-0.1 h 1 l 0.6,1.4 c 0.3,0.7 0.7,1.4 0.8,1.5 0.1,0.1 1,0.1 1.8,0.1 h 1.5 L 23,56.2 c 0,1.2 0,1.3 -0.6,2.2 -0.4,0.5 -0.6,1.2 -0.6,1.4 0,0.2 0.7,2.1 1.6,4.3 l 1.5,4 1.6,0.8 c 1.2,0.6 1.5,0.8 1.5,1 0,0.1 -0.4,2.1 -0.6,3.1 3,2.5 6.4,4.5 10.2,5.8 3.5,-3.6 6.8,-7.1 7.3,-7.6 l 0.7,-0.7 0.2,-1.9 c 0.2,-1.1 0.4,-2.1 0.4,-2.2 0,-0.1 0.5,-0.6 1,-1.2 0.5,-0.5 0.8,-1 0.8,-1.1 v -0.2 c -0.1,-0.1 -1.4,-1.1 -3,-2.2 l -3.1,-2.1 -1.1,-0.1 c -0.8,0 -1.2,0 -1.3,-0.2 C 39.4,59.2 39.2,58.5 39.1,57.7 39,56.9 38.9,56.2 38.8,56.1 38.8,56 38,56 37.1,56 36.2,56 35.4,55.9 35.3,55.8 35.2,55.7 35.2,55.1 35.1,54.3 35,53.6 34.9,53 34.8,52.9 34.7,52.8 33.7,52.7 32.5,52.6 30.5,52.5 30.1,52.5 29.1,52 l -1.2,-0.6 -1.6,0.7 -1.7,0.9 -1.8,-0.1 c -2,0 -1.9,0.2 -2.1,-1.6 C 20.6,50.7 20.6,50.1 20.5,50.1 20.4,50 20,50 19.6,49.9 L 18.9,49.7 19,49.2 c 0,-0.3 0,-1 0.1,-1.4 L 19.2,47 18.7,46.5 Z m 9.1,1.1 C 27.1,47.5 27.1,47.8 27,48 l -0.1,0.5 2.9,1.2 c 2.9,1.1 3.4,1.2 3.9,0.7 0.2,-0.2 0.1,-0.2 -0.3,-0.4 -0.3,-0.1 -1.7,-0.9 -3.2,-1.6 -1.7,-0.7 -2.9,-1.1 -3,-1 z"
+   class="st3"
+   id="XMLID_20_"
+   inkscape:connector-curvature="0"
+   style="fill:#27ae60" />
+</g><g
+     transform="matrix(1.458069,0,0,1.458069,-22.631538,-19.615144)"
+     id="g7664"><path
+       inkscape:connector-curvature="0"
+       id="XMLID_6_"
+       class="st3"
+       d="m 38.8,56.1 c 0,1.2 1,2.2 2.2,2.2 h 15.2 c 1.2,0 2.2,-1 2.2,-2.2 V 45.3 c 0,-1.2 -1,-2.2 -2.2,-2.2 H 40.9 c -1.2,0 -2.2,1 -2.2,2.2 v 10.8 z"
+       style="fill:#f1aa27;fill-opacity:1" /><path
+       style="fill:#e6e6e6"
+       inkscape:connector-curvature="0"
+       id="XMLID_7_"
+       class="st4"
+       d="m 55.5,43.1 h -3.3 v -3.7 c 0,-2.1 -1.7,-3.8 -3.8,-3.8 -2.1,0 -3.8,1.7 -3.8,3.8 v 3.8 h -3.1 v -3.8 c 0,-3.9 3.2,-7 7,-7 3.9,0 7,3.2 7,7 z" /><path
+       style="fill:#e6e6e6;fill-opacity:1"
+       inkscape:connector-curvature="0"
+       id="XMLID_8_"
+       class="st5"
+       d="m 50.35,48.2 c 0,-1 -0.8,-1.8 -1.8,-1.8 -1,0 -1.8,0.8 -1.8,1.8 0,0.7 0.4,1.3 1,1.6 l -1,5.2 h 3.6 l -1,-5.2 c 0.6,-0.3 1,-0.9 1,-1.6 z" /></g></g></svg>

apps/gpgui-helper/src-tauri/src/app.rs

@@ -0,0 +1,115 @@
+use std::{io::Write, time::Duration};
+
+use futures_util::StreamExt;
+use log::info;
+use tauri::{window::MenuHandle, Manager, Window};
+use tempfile::NamedTempFile;
+
+pub struct App {
+  api_key: Vec<u8>,
+}
+
+impl App {
+  pub fn new(api_key: Vec<u8>) -> Self {
+    Self { api_key }
+  }
+
+  pub fn run(&self) -> anyhow::Result<()> {
+    tauri::Builder::default()
+      .setup(|app| {
+        let win = app.get_window("main").unwrap();
+        hide_menu(win.menu_handle());
+
+        tauri::async_runtime::spawn(async move {
+          let win_clone = win.clone();
+          download_gui(win.clone()).await;
+
+          win.listen("app://download", move |_event| {
+            tokio::spawn(download_gui(win_clone.clone()));
+          });
+        });
+
+        Ok(())
+      })
+      .run(tauri::generate_context!())?;
+
+    Ok(())
+  }
+}
+
+// Fix the bug that the menu bar is visible on Ubuntu 18.04
+fn hide_menu(menu_handle: MenuHandle) {
+  tokio::spawn(async move {
+    loop {
+      let menu_visible = menu_handle.is_visible().unwrap_or(false);
+
+      if !menu_visible {
+        break;
+      }
+
+      if menu_visible {
+        let _ = menu_handle.hide();
+        tokio::time::sleep(Duration::from_millis(10)).await;
+      }
+    }
+  });
+}
+
+async fn download_gui(win: Window) {
+  let url = "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/v2.0.0/globalprotect-openconnect_2.0.0_x86_64.bin.tar.gz";
+  // let url = "https://free.nchc.org.tw/opensuse/distribution/leap/15.5/iso/openSUSE-Leap-15.5-DVD-x86_64-Build491.1-Media.iso";
+
+  let win_clone = win.clone();
+
+  match download(url, move |p| {
+    let _ = win.emit_all("app://download-progress", p);
+  })
+  .await
+  {
+    Err(err) => {
+      info!("download error: {}", err);
+      let _ = win_clone.emit_all("app://download-error", ());
+    }
+    Ok(file) => {
+      let path = file.into_temp_path();
+      info!("download completed: {:?}", path);
+      // Close window after 300ms
+      tokio::time::sleep(Duration::from_millis(300 * 1000)).await;
+      info!("file: {:?}", path);
+      let _ = win_clone.close();
+    }
+  }
+}
+
+async fn download<T>(url: &str, on_progress: T) -> anyhow::Result<NamedTempFile>
+where
+  T: Fn(Option<f64>) + Send + 'static,
+{
+  let res = reqwest::get(url).await?.error_for_status()?;
+  let content_length = res.content_length().unwrap_or(0);
+
+  info!("content_length: {}", content_length);
+
+  let mut current_length = 0;
+  let mut stream = res.bytes_stream();
+
+  let mut file = NamedTempFile::new()?;
+
+  while let Some(item) = stream.next().await {
+    let chunk = item?;
+    let chunk_size = chunk.len() as u64;
+
+    file.write_all(&chunk)?;
+
+    current_length += chunk_size;
+    let progress = current_length as f64 / content_length as f64 * 100.0;
+
+    if content_length > 0 {
+      on_progress(Some(progress));
+    } else {
+      on_progress(None);
+    }
+  }
+
+  Ok(file)
+}

apps/gpgui-helper/src-tauri/src/cli.rs

@@ -0,0 +1,50 @@
+use base64::prelude::*;
+use clap::Parser;
+use log::{info, LevelFilter};
+
+use crate::app::App;
+
+const VERSION: &str = concat!(env!("CARGO_PKG_VERSION"), " (", compile_time::date_str!(), ")");
+const GP_API_KEY: &[u8; 32] = &[0; 32];
+
+#[derive(Parser)]
+#[command(version = VERSION)]
+struct Cli {}
+
+impl Cli {
+  fn run(&self) -> anyhow::Result<()> {
+    #[cfg(debug_assertions)]
+    let api_key = GP_API_KEY.to_vec();
+    #[cfg(not(debug_assertions))]
+    let api_key = self.read_api_key()?;
+
+    let app = App::new(api_key);
+
+    app.run()
+  }
+
+  fn read_api_key(&self) -> anyhow::Result<Vec<u8>> {
+    let mut api_key = String::new();
+    std::io::stdin().read_line(&mut api_key)?;
+
+    let api_key = BASE64_STANDARD.decode(api_key.trim())?;
+
+    Ok(api_key)
+  }
+}
+
+fn init_logger() {
+  env_logger::builder().filter_level(LevelFilter::Info).init();
+}
+
+pub fn run() {
+  let cli = Cli::parse();
+
+  init_logger();
+  info!("gpgui-helper started: {}", VERSION);
+
+  if let Err(e) = cli.run() {
+    eprintln!("{}", e);
+    std::process::exit(1);
+  }
+}

apps/gpgui-helper/src-tauri/src/lib.rs

@@ -0,0 +1,3 @@
+pub(crate) mod app;
+
+pub mod cli;

apps/gpgui-helper/src-tauri/src/main.rs

@@ -0,0 +1,9 @@
+// Prevents additional console window on Windows in release, DO NOT REMOVE!!
+#![cfg_attr(not(debug_assertions), windows_subsystem = "windows")]
+
+use gpgui_helper::cli;
+
+#[tokio::main]
+async fn main() {
+  cli::run()
+}

apps/gpgui-helper/src-tauri/tauri.conf.json

@@ -0,0 +1,48 @@
+{
+  "$schema": "../node_modules/@tauri-apps/cli/schema.json",
+  "build": {
+    "beforeDevCommand": "pnpm dev",
+    "beforeBuildCommand": "echo 'Skipping Vite build command...'",
+    "devPath": "http://localhost:1420",
+    "distDir": "../dist",
+    "withGlobalTauri": false
+  },
+  "package": {
+    "productName": "gpgui-helper"
+  },
+  "tauri": {
+    "allowlist": {
+      "all": false,
+      "window": {
+        "all": false,
+        "startDragging": true
+      }
+    },
+    "bundle": {
+      "active": true,
+      "targets": "deb",
+      "identifier": "com.yuezk.gpgui-helper",
+      "icon": [
+        "icons/32x32.png",
+        "icons/128x128.png",
+        "icons/128x128@2x.png",
+        "icons/icon.icns",
+        "icons/icon.ico"
+      ]
+    },
+    "security": {
+      "csp": null
+    },
+    "windows": [
+      {
+        "title": "GlobalProtect GUI Helper",
+        "center": true,
+        "resizable": true,
+        "width": 500,
+        "height": 100,
+        "label": "main",
+        "decorations": false
+      }
+    ]
+  }
+}

apps/gpgui-helper/src/assets/icon.svg

@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   version="1.1"
+   id="Layer_1"
+   x="0px"
+   y="0px"
+   viewBox="0 0 96 96"
+   style="enable-background:new 0 0 96 96;"
+   xml:space="preserve"
+   sodipodi:docname="com.yuezk.qt.gpclient.svg"
+   inkscape:version="0.92.4 5da689c313, 2019-01-14"><metadata
+   id="metadata14"><rdf:RDF><cc:Work
+       rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
+         rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title /></cc:Work></rdf:RDF></metadata><defs
+   id="defs12" /><sodipodi:namedview
+   pagecolor="#ffffff"
+   bordercolor="#666666"
+   borderopacity="1"
+   objecttolerance="10"
+   gridtolerance="10"
+   guidetolerance="10"
+   inkscape:pageopacity="0"
+   inkscape:pageshadow="2"
+   inkscape:window-width="1920"
+   inkscape:window-height="1006"
+   id="namedview10"
+   showgrid="false"
+   inkscape:zoom="6.9532168"
+   inkscape:cx="7.9545315"
+   inkscape:cy="59.062386"
+   inkscape:window-x="0"
+   inkscape:window-y="0"
+   inkscape:window-maximized="1"
+   inkscape:current-layer="g8499" />
+<style
+   type="text/css"
+   id="style2">
+	.st0{fill:#2980B9;}
+	.st1{fill:#3498DB;}
+	.st2{fill:#2ECC71;}
+	.st3{fill:#27AE60;}
+</style>
+
+<g
+   id="g8499"
+   transform="matrix(1.3407388,0,0,1.3407388,-16.409202,-16.355463)"><g
+     id="XMLID_1_">
+	<circle
+   r="32.5"
+   cy="48"
+   cx="48"
+   class="st0"
+   id="XMLID_3_"
+   style="fill:#2980b9" />
+	<path
+   d="m 48,15.5 v 65 C 65.9,80.5 80.5,65.7 80.5,48 80.5,30 65.9,15.5 48,15.5 Z"
+   class="st1"
+   id="XMLID_4_"
+   inkscape:connector-curvature="0"
+   style="fill:#3498db" />
+	<path
+   d="m 48,15.5 v 0.6 l 1.2,-0.3 c 0.3,-0.3 0.4,-0.3 0.6,-0.3 h -1.1 z m 7.3,0.9 c -0.1,0 0.4,0.9 1.1,1.8 0.8,1.5 1.1,2.1 1.3,2.1 0.3,-0.3 1.9,-1.2 3,-2.1 -1.7,-0.9 -3.5,-1.5 -5.4,-1.8 z m 10.3,6.2 c -0.1,0 -0.4,0 -0.9,0.6 l -0.8,0.9 0.6,0.6 c 0.3,0.6 0.8,0.9 1,1.2 0.5,0.6 0.6,0.6 0.1,1.5 -0.2,0.6 -0.3,0.9 -0.3,0.9 0.1,0.3 0.3,0.3 1.4,0.3 h 1.6 c 0.1,0 0.3,-0.6 0.4,-1.2 l 0.1,-0.9 -1.1,-0.9 c -1,-0.9 -1,-0.9 -1.4,-1.8 -0.3,-0.6 -0.6,-1.2 -0.7,-1.2 z m -3,2.4 c -0.2,0 -1.3,2.1 -1.3,2.4 0,0 0.3,0.6 0.7,0.9 0.4,0.3 0.7,0.6 0.7,0.6 0.1,0 1.2,-1.2 1.4,-1.5 C 64.2,27.1 64,26.8 63.5,26.2 63.1,25.5 62.7,25 62.6,25 Z m 9.5,1.1 0.2,0.3 c 0,0.3 -0.7,0.9 -1.4,1.5 -1.2,0.9 -1.4,1.2 -2,1.2 -0.6,0 -0.9,0.3 -1.8,0.9 -0.6,0.6 -1.2,0.9 -1.2,1.2 0,0 0.2,0.3 0.6,0.9 0.7,0.6 0.7,0.9 0.2,1.8 l -0.4,0.3 h -1.1 c -0.6,0 -1.5,0 -1.8,-0.3 -0.9,0 -0.8,0 -0.1,2.1 1,3 1.1,3.2 1.3,3.2 0.1,0 1.3,-1.2 2.8,-2.4 1.5,-1.2 2.7,-2.4 2.8,-2.4 l 0.6,0.3 c 0.4,0.3 0.5,0 1.3,-0.6 l 0.8,-0.6 0.8,0.6 c 1.9,1.2 2.2,1.5 2.3,2.4 0.2,1.5 0.3,1.8 0.5,1.8 0.1,0 1.3,-1.5 1.6,-1.8 0.1,-0.3 -0.1,-0.6 -1.1,-2.1 -0.7,-0.9 -1.1,-1.8 -1.1,-2.1 0,0 0.1,0 0.3,-0.3 0.2,0 0.4,0.3 1,0.9 -1.6,-2.3 -3.2,-4.7 -5.1,-6.8 z m 2.8,10.7 c -0.2,0 -0.9,0.9 -0.8,1.2 l 0.5,0.3 H 75 c 0.2,0 0.3,0 0.2,-0.3 C 75.1,37.4 75,36.8 74.9,36.8 Z M 72.3,38 h -2.4 l -2.4,0.3 -4.5,3.5 -4.4,3.8 v 3.5 c 0,2.1 0,3.8 0.1,3.8 0.1,0 0.7,0.9 1.5,1.5 0.8,0.9 1.5,1.5 1.8,1.8 0.4,0.3 0.5,0.3 4,0.6 l 3.4,0.3 1.6,0.9 c 0.8,0.6 1.5,1.2 1.6,1.2 0.1,0 -0.3,0.3 -0.6,0.6 l -0.6,0.6 1,1.2 c 0.5,0.6 1.3,1.5 1.7,1.8 l 0.6,0.9 v 1.7 0.9 c 3.7,-5 5.9,-11.5 6.1,-18.3 0.1,-2.7 -0.3,-5.3 -0.8,-8 l -0.6,-0.3 c -0.1,0 -0.5,0.3 -1,0.6 -0.5,0.3 -1,0.9 -1.1,0.9 -0.1,0 -0.8,-0.3 -1.8,-0.6 l -1.8,-0.6 v -0.9 c 0,-0.6 0,-0.9 -0.6,-1.5 z M 48,63.7 V 64 h 0.2 z"
+   class="st2"
+   id="XMLID_13_"
+   inkscape:connector-curvature="0"
+   style="fill:#2ecc71" />
+	<path
+   d="m 48,15.5 c -3.1,0 -6.2,0.5 -9,1.3 0.3,0.4 0.3,0.4 0.6,0.9 1.5,2.5 1.7,2.8 2.1,2.9 0.3,0 0.9,0.1 1.6,0.1 h 1.2 l 0.9,-2 0.8,-1.9 1.8,-0.6 z m -16.9,4.7 c -2.8,1.7 -5.4,3.9 -7.6,6.4 -3.8,4.3 -6.3,9.6 -7.4,15.4 0.5,0 0.9,-0.1 1.8,-0.1 2.8,0.1 2.5,0 3.4,1.4 0.5,0.8 0.6,0.8 1.4,0.8 1,0.1 0.9,0 0.5,-1.6 -0.2,-0.6 -0.3,-1.2 -0.3,-1.4 0,-0.2 0.5,-0.7 1.7,-1.6 1.9,-1.5 1.8,-1.3 1.5,-2.9 -0.1,-0.3 0.1,-0.6 0.6,-1.2 0.7,-0.7 0.7,-0.6 1.4,-0.6 h 0.7 l 0.1,-1.2 c 0.1,-0.7 0.1,-1.3 0.2,-1.3 0,0 1.9,-1.1 4.1,-2.3 2.2,-1.2 4.1,-2.2 4.2,-2.3 0.2,-0.2 -0.3,-0.8 -2.7,-3.8 -1.5,-1.9 -2.8,-3.6 -2.9,-3.7 z m -5.8,23 c -0.1,0 -0.1,0.3 -0.1,0.6 0,0.6 0,0.7 0.6,1 0.8,0.4 0.9,0.5 0.8,0.2 -0.1,-0.4 -1.2,-1.9 -1.3,-1.8 z m -3.4,2.1 -0.5,1.8 c 0.1,0.1 0.9,0.3 1.8,0.5 1,0.2 1.6,0.4 1.8,0.3 l 0.5,-1.3 z m -3.8,1 -1.1,0.6 c -0.6,0.3 -1.2,0.6 -1.4,0.6 h -0.1 c 0,1.4 0.1,2.8 0.3,4.2 l 0.6,0.4 1,-0.1 h 1 l 0.6,1.4 c 0.3,0.7 0.7,1.4 0.8,1.5 0.1,0.1 1,0.1 1.8,0.1 h 1.5 L 23,56.2 c 0,1.2 0,1.3 -0.6,2.2 -0.4,0.5 -0.6,1.2 -0.6,1.4 0,0.2 0.7,2.1 1.6,4.3 l 1.5,4 1.6,0.8 c 1.2,0.6 1.5,0.8 1.5,1 0,0.1 -0.4,2.1 -0.6,3.1 3,2.5 6.4,4.5 10.2,5.8 3.5,-3.6 6.8,-7.1 7.3,-7.6 l 0.7,-0.7 0.2,-1.9 c 0.2,-1.1 0.4,-2.1 0.4,-2.2 0,-0.1 0.5,-0.6 1,-1.2 0.5,-0.5 0.8,-1 0.8,-1.1 v -0.2 c -0.1,-0.1 -1.4,-1.1 -3,-2.2 l -3.1,-2.1 -1.1,-0.1 c -0.8,0 -1.2,0 -1.3,-0.2 C 39.4,59.2 39.2,58.5 39.1,57.7 39,56.9 38.9,56.2 38.8,56.1 38.8,56 38,56 37.1,56 36.2,56 35.4,55.9 35.3,55.8 35.2,55.7 35.2,55.1 35.1,54.3 35,53.6 34.9,53 34.8,52.9 34.7,52.8 33.7,52.7 32.5,52.6 30.5,52.5 30.1,52.5 29.1,52 l -1.2,-0.6 -1.6,0.7 -1.7,0.9 -1.8,-0.1 c -2,0 -1.9,0.2 -2.1,-1.6 C 20.6,50.7 20.6,50.1 20.5,50.1 20.4,50 20,50 19.6,49.9 L 18.9,49.7 19,49.2 c 0,-0.3 0,-1 0.1,-1.4 L 19.2,47 18.7,46.5 Z m 9.1,1.1 C 27.1,47.5 27.1,47.8 27,48 l -0.1,0.5 2.9,1.2 c 2.9,1.1 3.4,1.2 3.9,0.7 0.2,-0.2 0.1,-0.2 -0.3,-0.4 -0.3,-0.1 -1.7,-0.9 -3.2,-1.6 -1.7,-0.7 -2.9,-1.1 -3,-1 z"
+   class="st3"
+   id="XMLID_20_"
+   inkscape:connector-curvature="0"
+   style="fill:#27ae60" />
+</g><g
+     transform="matrix(1.458069,0,0,1.458069,-22.631538,-19.615144)"
+     id="g7664"><path
+       inkscape:connector-curvature="0"
+       id="XMLID_6_"
+       class="st3"
+       d="m 38.8,56.1 c 0,1.2 1,2.2 2.2,2.2 h 15.2 c 1.2,0 2.2,-1 2.2,-2.2 V 45.3 c 0,-1.2 -1,-2.2 -2.2,-2.2 H 40.9 c -1.2,0 -2.2,1 -2.2,2.2 v 10.8 z"
+       style="fill:#f1aa27;fill-opacity:1" /><path
+       style="fill:#e6e6e6"
+       inkscape:connector-curvature="0"
+       id="XMLID_7_"
+       class="st4"
+       d="m 55.5,43.1 h -3.3 v -3.7 c 0,-2.1 -1.7,-3.8 -3.8,-3.8 -2.1,0 -3.8,1.7 -3.8,3.8 v 3.8 h -3.1 v -3.8 c 0,-3.9 3.2,-7 7,-7 3.9,0 7,3.2 7,7 z" /><path
+       style="fill:#e6e6e6;fill-opacity:1"
+       inkscape:connector-curvature="0"
+       id="XMLID_8_"
+       class="st5"
+       d="m 50.35,48.2 c 0,-1 -0.8,-1.8 -1.8,-1.8 -1,0 -1.8,0.8 -1.8,1.8 0,0.7 0.4,1.3 1,1.6 l -1,5.2 h 3.6 l -1,-5.2 c 0.6,-0.3 1,-0.9 1,-1.6 z" /></g></g></svg>

apps/gpgui-helper/src/components/App/App.tsx

@@ -0,0 +1,136 @@
+import {
+  Box,
+  Button,
+  CssBaseline,
+  LinearProgress,
+  Typography,
+} from "@mui/material";
+import { appWindow } from "@tauri-apps/api/window";
+
+import "./styles.css";
+
+import logo from "../../assets/icon.svg";
+import { useEffect, useState } from 'react';
+
+export default function App() {
+  const [error, setError] = useState(false);
+
+  useEffect(() => {
+    const unlisten = appWindow.listen("app://download-error", () => {
+      setError(true);
+    });
+
+    return () => {
+      unlisten.then((unlisten) => unlisten());
+    }
+  }, []);
+
+  useEffect(() => {
+    const unlisten = appWindow.listen("app://download", () => {
+      setError(false);
+    });
+
+    return () => {
+      unlisten.then((unlisten) => unlisten());
+    }
+  }, []);
+
+  return (
+    <>
+      <CssBaseline />
+      <Box
+        sx={{ position: "absolute", inset: 0 }}
+        display="flex"
+        alignItems="center"
+        px={2}
+        data-tauri-drag-region
+      >
+        <Box display="flex" alignItems="center" flex="1" data-tauri-drag-region>
+          <Box
+            component="img"
+            src={logo}
+            alt="logo"
+            sx={{ width: "4rem", height: "4rem" }}
+            data-tauri-drag-region
+          />
+          <Box flex={1} ml={2}>
+            {error ? <DownloadFailed /> : <DownloadIndicator />}
+          </Box>
+        </Box>
+      </Box>
+    </>
+  );
+}
+
+function DownloadIndicator() {
+  const [progress, setProgress] = useState<number | null>(null);
+
+  useEffect(() => {
+    const unlisten = appWindow.listen("app://download-progress", (event) => {
+      setProgress(event.payload as number);
+    });
+
+    return () => {
+      unlisten.then((unlisten) => unlisten());
+    }
+  }, []);
+
+  return (
+    <>
+      <Typography variant="h1" fontSize="1rem" data-tauri-drag-region>
+        Updating the GUI components...
+      </Typography>
+      <Box mt={1}>
+        <LinearProgressWithLabel value={progress} />
+      </Box>
+    </>
+  );
+}
+
+function DownloadFailed() {
+  return (
+    <>
+      <Typography variant="h1" fontSize="1rem" data-tauri-drag-region>
+        Failed to update the GUI components.
+      </Typography>
+      <Box mt={1} data-tauri-drag-region>
+        <Button
+          variant="contained"
+          color="primary"
+          size="small"
+          onClick={() => appWindow.emit("app://download")}
+          sx={{
+            textTransform: "none",
+          }}
+        >
+          Retry
+        </Button>
+      </Box>
+    </>
+  );
+}
+
+function LinearProgressWithLabel(props: { value: number | null }) {
+  const { value } = props;
+
+  return (
+    <Box sx={{ display: "flex", alignItems: "center" }}>
+      <Box flex="1">
+        <LinearProgress
+          variant={value === null ? "indeterminate" : "determinate"}
+          value={value ?? 0}
+          sx={{
+            py: 1.2,
+            '.MuiLinearProgress-bar': {
+              transition: "none"
+            }
+          }} />
+      </Box>
+      {value !== null && (
+        <Box sx={{ minWidth: 35, textAlign: "right", ml: 1 }}>
+          <Typography variant="body2" color="text.secondary">{`${Math.round(value)}%`}</Typography>
+        </Box>
+      )}
+    </Box>
+  );
+}

apps/gpgui-helper/src/components/App/styles.css

@@ -0,0 +1,10 @@
+html,
+body,
+#root {
+  height: 100%;
+  margin: 0;
+  padding: 0;
+  -webkit-user-select: none;
+  user-select: none;
+  cursor: default;
+}

apps/gpgui-helper/src/pages/main.tsx

@@ -0,0 +1,6 @@
+import { createRoot } from "react-dom/client"
+import App from "../components/App/App";
+
+const rootApp = createRoot(document.getElementById('root') as HTMLElement);
+
+rootApp.render(<App />);

apps/gpgui-helper/src/vite-env.d.ts

@@ -0,0 +1 @@
+/// <reference types="vite/client" />

apps/gpgui-helper/tsconfig.json

@@ -0,0 +1,25 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "useDefineForClassFields": true,
+    "lib": ["ES2020", "DOM", "DOM.Iterable"],
+    "module": "ESNext",
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "noEmit": true,
+    "jsx": "react-jsx",
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noFallthroughCasesInSwitch": true
+  },
+  "include": ["src"],
+  "references": [{ "path": "./tsconfig.node.json" }]
+}

apps/gpgui-helper/tsconfig.node.json

@@ -0,0 +1,10 @@
+{
+  "compilerOptions": {
+    "composite": true,
+    "skipLibCheck": true,
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "allowSyntheticDefaultImports": true
+  },
+  "include": ["vite.config.ts"]
+}

apps/gpgui-helper/vite.config.ts

@@ -0,0 +1,30 @@
+import react from "@vitejs/plugin-react";
+import { resolve } from "path";
+import { defineConfig } from "vite";
+
+// https://vitejs.dev/config/
+export default defineConfig(async () => {
+  return {
+    plugins: [react()],
+
+    // Vite options tailored for Tauri development and only applied in `tauri dev` or `tauri build`
+    //
+    // 1. prevent vite from obscuring rust errors
+    clearScreen: false,
+    // 2. tauri expects a fixed port, fail if that port is not available
+    server: {
+      port: 1420,
+      strictPort: true,
+    },
+    // 3. to make use of `TAURI_DEBUG` and other env variables
+    // https://tauri.app/v1/api/config#buildconfig.beforedevcommand
+    envPrefix: ["VITE_", "TAURI_"],
+    build: {
+      rollupOptions: {
+        input: {
+          main: resolve(__dirname, "index.html"),
+        },
+      },
+    },
+  };
+});

apps/gpservice/src/handlers.rs

@@ -1,6 +1,7 @@
 use std::{borrow::Cow, ops::ControlFlow, sync::Arc};
 
 use axum::{
+  body::Bytes,
   extract::{
     ws::{self, CloseFrame, Message, WebSocket},
     State, WebSocketUpgrade,
@@ -25,6 +26,13 @@ pub(crate) async fn auth_data(State(ctx): State<Arc<WsServerContext>>, body: Str
   ctx.send_event(WsEvent::AuthData(body)).await;
 }
 
+pub(crate) struct UpdateGuiPayload {
+  pub(crate) file: String,
+  pub(crate) checksum: String,
+}
+
+pub async fn update_gui(State(ctx): State<Arc<WsServerContext>>, body: Bytes) -> impl IntoResponse {}
+
 pub(crate) async fn ws_handler(ws: WebSocketUpgrade, State(ctx): State<Arc<WsServerContext>>) -> impl IntoResponse {
   ws.on_upgrade(move |socket| handle_socket(socket, ctx))
 }

apps/gpservice/src/routes.rs

@@ -12,6 +12,7 @@ pub(crate) fn routes(ctx: Arc<WsServerContext>) -> Router {
     .route("/health", get(handlers::health))
     .route("/active-gui", post(handlers::active_gui))
     .route("/auth-data", post(handlers::auth_data))
+    .route("/update-gui", post(handlers::update_gui))
     .route("/ws", get(handlers::ws_handler))
     .with_state(ctx)
 }

apps/gpservice/src/vpn_task.rs

@@ -32,11 +32,13 @@ impl VpnTaskContext {
     }
 
     let info = req.info().clone();
-    let vpn_handle = self.vpn_handle.clone();
+    let vpn_handle = Arc::clone(&self.vpn_handle);
     let args = req.args();
     let vpn = Vpn::builder(req.gateway().server(), args.cookie())
       .user_agent(args.user_agent())
       .script(args.vpnc_script())
+      .csd_uid(args.csd_uid())
+      .csd_wrapper(args.csd_wrapper())
       .os(args.openconnect_os())
       .build();
 
@@ -73,7 +75,9 @@ impl VpnTaskContext {
 
   pub async fn disconnect(&self) {
     if let Some(disconnect_rx) = self.disconnect_rx.write().await.take() {
+      info!("Disconnecting VPN...");
       if let Some(vpn) = self.vpn_handle.read().await.as_ref() {
+        info!("VPN is connected, start disconnecting...");
         self.vpn_state_tx.send(VpnState::Disconnecting).ok();
         vpn.disconnect()
       }

crates/gpapi/Cargo.toml

@@ -25,6 +25,8 @@ url.workspace = true
 regex.workspace = true
 dotenvy_macro.workspace = true
 uzers.workspace = true
+serde_urlencoded.workspace = true
+md5.workspace = true
 
 tauri = { workspace = true, optional = true }
 clap = { workspace = true, optional = true }

crates/gpapi/src/gateway/hip.rs

@@ -0,0 +1,178 @@
+use std::collections::HashMap;
+
+use log::{info, warn};
+use reqwest::Client;
+use roxmltree::Document;
+
+use crate::{gp_params::GpParams, process::hip_launcher::HipLauncher, utils::normalize_server};
+
+struct HipReporter<'a> {
+  server: String,
+  cookie: &'a str,
+  md5: &'a str,
+  csd_wrapper: &'a str,
+  gp_params: &'a GpParams,
+  client: Client,
+}
+
+impl HipReporter<'_> {
+  async fn report(&self) -> anyhow::Result<()> {
+    let client_ip = self.retrieve_client_ip().await?;
+
+    let hip_needed = match self.check_hip(&client_ip).await {
+      Ok(hip_needed) => hip_needed,
+      Err(err) => {
+        warn!("Failed to check HIP: {}", err);
+        return Ok(());
+      }
+    };
+
+    if !hip_needed {
+      info!("HIP report not needed");
+      return Ok(());
+    }
+
+    info!("HIP report needed, generating report...");
+    let report = self.generate_report(&client_ip).await?;
+
+    if let Err(err) = self.submit_hip(&client_ip, &report).await {
+      warn!("Failed to submit HIP report: {}", err);
+    }
+
+    Ok(())
+  }
+
+  async fn retrieve_client_ip(&self) -> anyhow::Result<String> {
+    let config_url = format!("{}/ssl-vpn/getconfig.esp", self.server);
+    let mut params: HashMap<&str, &str> = HashMap::new();
+
+    params.insert("client-type", "1");
+    params.insert("protocol-version", "p1");
+    params.insert("internal", "no");
+    params.insert("ipv6-support", "yes");
+    params.insert("clientos", self.gp_params.client_os());
+    params.insert("hmac-algo", "sha1,md5,sha256");
+    params.insert("enc-algo", "aes-128-cbc,aes-256-cbc");
+
+    if let Some(os_version) = self.gp_params.os_version() {
+      params.insert("os-version", os_version);
+    }
+    if let Some(client_version) = self.gp_params.client_version() {
+      params.insert("app-version", client_version);
+    }
+
+    let params = merge_cookie_params(self.cookie, &params)?;
+
+    let res = self.client.post(&config_url).form(&params).send().await?;
+    let res_xml = res.error_for_status()?.text().await?;
+    let doc = Document::parse(&res_xml)?;
+
+    // Get <ip-address>
+    let ip = doc
+      .descendants()
+      .find(|n| n.has_tag_name("ip-address"))
+      .and_then(|n| n.text())
+      .ok_or_else(|| anyhow::anyhow!("ip-address not found"))?;
+
+    Ok(ip.to_string())
+  }
+
+  async fn check_hip(&self, client_ip: &str) -> anyhow::Result<bool> {
+    let url = format!("{}/ssl-vpn/hipreportcheck.esp", self.server);
+    let mut params = HashMap::new();
+
+    params.insert("client-role", "global-protect-full");
+    params.insert("client-ip", client_ip);
+    params.insert("md5", self.md5);
+
+    let params = merge_cookie_params(self.cookie, &params)?;
+    let res = self.client.post(&url).form(&params).send().await?;
+    let res_xml = res.error_for_status()?.text().await?;
+
+    is_hip_needed(&res_xml)
+  }
+
+  async fn generate_report(&self, client_ip: &str) -> anyhow::Result<String> {
+    let launcher = HipLauncher::new(self.csd_wrapper)
+      .cookie(self.cookie)
+      .md5(self.md5)
+      .client_ip(client_ip)
+      .client_os(self.gp_params.client_os())
+      .client_version(self.gp_params.client_version());
+
+    launcher.launch().await
+  }
+
+  async fn submit_hip(&self, client_ip: &str, report: &str) -> anyhow::Result<()> {
+    let url = format!("{}/ssl-vpn/hipreport.esp", self.server);
+
+    let mut params = HashMap::new();
+    params.insert("client-role", "global-protect-full");
+    params.insert("client-ip", client_ip);
+    params.insert("report", report);
+
+    let params = merge_cookie_params(self.cookie, &params)?;
+    let res = self.client.post(&url).form(&params).send().await?;
+    let res_xml = res.error_for_status()?.text().await?;
+
+    info!("HIP check response: {}", res_xml);
+
+    Ok(())
+  }
+}
+
+fn is_hip_needed(res_xml: &str) -> anyhow::Result<bool> {
+  let doc = Document::parse(res_xml)?;
+
+  let hip_needed = doc
+    .descendants()
+    .find(|n| n.has_tag_name("hip-report-needed"))
+    .and_then(|n| n.text())
+    .ok_or_else(|| anyhow::anyhow!("hip-report-needed not found"))?;
+
+  Ok(hip_needed == "yes")
+}
+
+fn merge_cookie_params(cookie: &str, params: &HashMap<&str, &str>) -> anyhow::Result<HashMap<String, String>> {
+  let cookie_params = serde_urlencoded::from_str::<HashMap<String, String>>(cookie)?;
+  let params = params
+    .iter()
+    .map(|(k, v)| (k.to_string(), v.to_string()))
+    .chain(cookie_params)
+    .collect::<HashMap<String, String>>();
+
+  Ok(params)
+}
+
+// Compute md5 for fields except authcookie,preferred-ip,preferred-ipv6
+fn build_csd_token(cookie: &str) -> anyhow::Result<String> {
+  let mut cookie_params = serde_urlencoded::from_str::<Vec<(String, String)>>(cookie)?;
+  cookie_params.retain(|(k, _)| k != "authcookie" && k != "preferred-ip" && k != "preferred-ipv6");
+
+  let token = serde_urlencoded::to_string(cookie_params)?;
+  let md5 = format!("{:x}", md5::compute(token));
+
+  Ok(md5)
+}
+
+pub async fn hip_report(gateway: &str, cookie: &str, csd_wrapper: &str, gp_params: &GpParams) -> anyhow::Result<()> {
+  let client = Client::builder()
+    .danger_accept_invalid_certs(gp_params.ignore_tls_errors())
+    .user_agent(gp_params.user_agent())
+    .build()?;
+
+  let md5 = build_csd_token(cookie)?;
+
+  info!("Submit HIP report md5: {}", md5);
+
+  let reporter = HipReporter {
+    server: normalize_server(gateway)?,
+    cookie,
+    md5: &md5,
+    csd_wrapper,
+    gp_params,
+    client,
+  };
+
+  reporter.report().await
+}

crates/gpapi/src/gateway/mod.rs

@@ -1,5 +1,6 @@
 mod login;
 mod parse_gateways;
+pub mod hip;
 
 pub use login::*;
 pub(crate) use parse_gateways::*;

crates/gpapi/src/gp_params.rs

@@ -83,6 +83,18 @@ impl GpParams {
     self.prefer_default_browser
   }
 
+  pub fn client_os(&self) -> &str {
+    self.client_os.as_str()
+  }
+
+  pub fn os_version(&self) -> Option<&str> {
+    self.os_version.as_deref()
+  }
+
+  pub fn client_version(&self) -> Option<&str> {
+    self.client_version.as_deref()
+  }
+
   pub(crate) fn to_params(&self) -> HashMap<&str, &str> {
     let mut params: HashMap<&str, &str> = HashMap::new();
     let client_os = self.client_os.as_str();

crates/gpapi/src/portal/prelogin.rs

@@ -150,8 +150,10 @@ fn parse_res_xml(res_xml: String, is_gateway: bool) -> anyhow::Result<Prelogin>
     bail!("Prelogin failed: {}", msg)
   }
 
-  let region = xml::get_child_text(&doc, "region")
-    .ok_or_else(|| anyhow::anyhow!("Prelogin response does not contain region element"))?;
+  let region = xml::get_child_text(&doc, "region").unwrap_or_else(|| {
+    info!("Prelogin response does not contain region element");
+    String::from("Unknown")
+  });
 
   let saml_method = xml::get_child_text(&doc, "saml-auth-method");
   let saml_request = xml::get_child_text(&doc, "saml-request");

crates/gpapi/src/process/auth_launcher.rs

@@ -1,5 +1,6 @@
 use std::process::Stdio;
 
+use anyhow::bail;
 use tokio::process::Command;
 
 use crate::{auth::SamlAuthResult, credential::Credential, GP_AUTH_BINARY};
@@ -129,12 +130,13 @@ impl<'a> SamlAuthLauncher<'a> {
       .wait_with_output()
       .await?;
 
-    let auth_result = serde_json::from_slice::<SamlAuthResult>(&output.stdout)
-      .map_err(|_| anyhow::anyhow!("Failed to parse auth data"))?;
+    let Ok(auth_result) = serde_json::from_slice::<SamlAuthResult>(&output.stdout) else {
+      bail!("Failed to parse auth data")
+    };
 
     match auth_result {
       SamlAuthResult::Success(auth_data) => Credential::try_from(auth_data),
-      SamlAuthResult::Failure(msg) => Err(anyhow::anyhow!(msg)),
+      SamlAuthResult::Failure(msg) => bail!(msg),
     }
   }
 }

crates/gpapi/src/process/command_traits.rs

@@ -1,7 +1,8 @@
-use anyhow::bail;
-use std::{env, ffi::OsStr};
+use std::ffi::OsStr;
 use tokio::process::Command;
-use uzers::{os::unix::UserExt, User};
+use uzers::os::unix::UserExt;
+
+use super::users::get_non_root_user;
 
 pub trait CommandExt {
   fn new_pkexec<S: AsRef<OsStr>>(program: S) -> Command;
@@ -34,29 +35,3 @@ impl CommandExt for Command {
     Ok(self)
   }
 }
-
-fn get_non_root_user() -> anyhow::Result<User> {
-  let current_user = whoami::username();
-
-  let user = if current_user == "root" {
-    get_real_user()?
-  } else {
-    uzers::get_user_by_name(&current_user).ok_or_else(|| anyhow::anyhow!("User ({}) not found", current_user))?
-  };
-
-  if user.uid() == 0 {
-    bail!("Non-root user not found")
-  }
-
-  Ok(user)
-}
-
-fn get_real_user() -> anyhow::Result<User> {
-  // Read the UID from SUDO_UID or PKEXEC_UID environment variable if available.
-  let uid = match env::var("SUDO_UID") {
-    Ok(uid) => uid.parse::<u32>()?,
-    _ => env::var("PKEXEC_UID")?.parse::<u32>()?,
-  };
-
-  uzers::get_user_by_uid(uid).ok_or_else(|| anyhow::anyhow!("User not found"))
-}

crates/gpapi/src/process/hip_launcher.rs

@@ -0,0 +1,94 @@
+use std::process::Stdio;
+
+use anyhow::bail;
+use tokio::process::Command;
+
+pub struct HipLauncher<'a> {
+  program: &'a str,
+  cookie: Option<&'a str>,
+  client_ip: Option<&'a str>,
+  md5: Option<&'a str>,
+  client_os: Option<&'a str>,
+  client_version: Option<&'a str>,
+}
+
+impl<'a> HipLauncher<'a> {
+  pub fn new(program: &'a str) -> Self {
+    Self {
+      program,
+      cookie: None,
+      client_ip: None,
+      md5: None,
+      client_os: None,
+      client_version: None,
+    }
+  }
+
+  pub fn cookie(mut self, cookie: &'a str) -> Self {
+    self.cookie = Some(cookie);
+    self
+  }
+
+  pub fn client_ip(mut self, client_ip: &'a str) -> Self {
+    self.client_ip = Some(client_ip);
+    self
+  }
+
+  pub fn md5(mut self, md5: &'a str) -> Self {
+    self.md5 = Some(md5);
+    self
+  }
+
+  pub fn client_os(mut self, client_os: &'a str) -> Self {
+    self.client_os = Some(client_os);
+    self
+  }
+
+  pub fn client_version(mut self, client_version: Option<&'a str>) -> Self {
+    self.client_version = client_version;
+    self
+  }
+
+  pub async fn launch(&self) -> anyhow::Result<String> {
+    let mut cmd = Command::new(self.program);
+
+    if let Some(cookie) = self.cookie {
+      cmd.arg("--cookie").arg(cookie);
+    }
+
+    if let Some(client_ip) = self.client_ip {
+      cmd.arg("--client-ip").arg(client_ip);
+    }
+
+    if let Some(md5) = self.md5 {
+      cmd.arg("--md5").arg(md5);
+    }
+
+    if let Some(client_os) = self.client_os {
+      cmd.arg("--client-os").arg(client_os);
+    }
+
+    if let Some(client_version) = self.client_version {
+      cmd.env("APP_VERSION", client_version);
+    }
+
+    let output = cmd
+      .kill_on_drop(true)
+      .stdout(Stdio::piped())
+      .spawn()?
+      .wait_with_output()
+      .await?;
+
+    if let Some(exit_status) = output.status.code() {
+      if exit_status != 0 {
+        bail!("HIP report generation failed with exit code {}", exit_status);
+      }
+
+      let report = String::from_utf8(output.stdout)?;
+
+      Ok(report)
+    } else {
+      bail!("HIP report generation failed");
+    }
+  }
+}

crates/gpapi/src/process/mod.rs

@@ -4,4 +4,6 @@ pub mod auth_launcher;
 #[cfg(feature = "browser-auth")]
 pub mod browser_authenticator;
 pub mod gui_launcher;
+pub mod hip_launcher;
 pub mod service_launcher;
+pub mod users;

crates/gpapi/src/process/users.rs

@@ -0,0 +1,39 @@
+use std::env;
+
+use anyhow::bail;
+use uzers::User;
+
+pub fn get_user_by_name(username: &str) -> anyhow::Result<User> {
+  uzers::get_user_by_name(username).ok_or_else(|| anyhow::anyhow!("User ({}) not found", username))
+}
+
+pub fn get_non_root_user() -> anyhow::Result<User> {
+  let current_user = whoami::username();
+
+  let user = if current_user == "root" {
+    get_real_user()?
+  } else {
+    get_user_by_name(&current_user)?
+  };
+
+  if user.uid() == 0 {
+    bail!("Non-root user not found")
+  }
+
+  Ok(user)
+}
+
+pub fn get_current_user() -> anyhow::Result<User> {
+  let current_user = whoami::username();
+  get_user_by_name(&current_user)
+}
+
+fn get_real_user() -> anyhow::Result<User> {
+  // Read the UID from SUDO_UID or PKEXEC_UID environment variable if available.
+  let uid = match env::var("SUDO_UID") {
+    Ok(uid) => uid.parse::<u32>()?,
+    _ => env::var("PKEXEC_UID")?.parse::<u32>()?,
+  };
+
+  uzers::get_user_by_uid(uid).ok_or_else(|| anyhow::anyhow!("User not found"))
+}

crates/gpapi/src/service/request.rs

@@ -32,6 +32,8 @@ pub struct ConnectArgs {
   cookie: String,
   vpnc_script: Option<String>,
   user_agent: Option<String>,
+  csd_uid: u32,
+  csd_wrapper: Option<String>,
   os: Option<ClientOs>,
 }
 
@@ -42,6 +44,8 @@ impl ConnectArgs {
       vpnc_script: None,
       user_agent: None,
       os: None,
+      csd_uid: 0,
+      csd_wrapper: None,
     }
   }
 
@@ -60,6 +64,14 @@ impl ConnectArgs {
   pub fn openconnect_os(&self) -> Option<String> {
     self.os.as_ref().map(|os| os.to_openconnect_os().to_string())
   }
+
+  pub fn csd_uid(&self) -> u32 {
+    self.csd_uid
+  }
+
+  pub fn csd_wrapper(&self) -> Option<String> {
+    self.csd_wrapper.clone()
+  }
 }
 
 #[derive(Debug, Deserialize, Serialize, Type)]
@@ -81,6 +93,16 @@ impl ConnectRequest {
     self
   }
 
+  pub fn with_csd_uid(mut self, csd_uid: u32) -> Self {
+    self.args.csd_uid = csd_uid;
+    self
+  }
+
+  pub fn with_csd_wrapper<T: Into<Option<String>>>(mut self, csd_wrapper: T) -> Self {
+    self.args.csd_wrapper = csd_wrapper.into();
+    self
+  }
+
   pub fn with_user_agent<T: Into<Option<String>>>(mut self, user_agent: T) -> Self {
     self.args.user_agent = user_agent.into();
     self

crates/openconnect/src/ffi/mod.rs

@@ -15,6 +15,9 @@ pub(crate) struct ConnectOptions {
   pub os: *const c_char,
   pub certificate: *const c_char,
   pub servercert: *const c_char,
+
+  pub csd_uid: u32,
+  pub csd_wrapper: *const c_char,
 }
 
 #[link(name = "vpn")]

crates/openconnect/src/ffi/vpn.c

@@ -61,6 +61,8 @@ int vpn_connect(const vpn_options *options, vpn_connected_callback callback)
     INFO("User agent: %s", options->user_agent);
     INFO("VPNC script: %s", options->script);
     INFO("OS: %s", options->os);
+    INFO("CSD_USER: %d", options->csd_uid);
+    INFO("CSD_WRAPPER: %s", options->csd_wrapper);
 
     vpninfo = openconnect_vpninfo_new(options->user_agent, validate_peer_cert, NULL, NULL, print_progress, NULL);
 
@@ -91,6 +93,10 @@ int vpn_connect(const vpn_options *options, vpn_connected_callback callback)
         openconnect_set_system_trust(vpninfo, 0);
     }
 
+    if (options->csd_wrapper) {
+        openconnect_setup_csd(vpninfo, options->csd_uid, 1, options->csd_wrapper);
+    }
+
     g_cmd_pipe_fd = openconnect_setup_cmd_pipe(vpninfo);
     if (g_cmd_pipe_fd < 0)
     {
@@ -137,6 +143,9 @@ int vpn_connect(const vpn_options *options, vpn_connected_callback callback)
 void vpn_disconnect()
 {
     char cmd = OC_CMD_CANCEL;
+
+    INFO("Stopping VPN connection: %d", g_cmd_pipe_fd);
+
     if (write(g_cmd_pipe_fd, &cmd, 1) < 0)
     {
         ERROR("Failed to write to command pipe, VPN connection may not be stopped");

crates/openconnect/src/ffi/vpn.h

@@ -16,6 +16,9 @@ typedef struct vpn_options
     const char *os;
     const char *certificate;
     const char *servercert;
+
+    const uid_t csd_uid;
+    const char *csd_wrapper;
 } vpn_options;
 
 int vpn_connect(const vpn_options *options, vpn_connected_callback callback);

crates/openconnect/src/vpn.rs

@@ -18,6 +18,9 @@ pub struct Vpn {
   certificate: Option<CString>,
   servercert: Option<CString>,
 
+  csd_uid: u32,
+  csd_wrapper: Option<CString>,
+
   callback: OnConnectedCallback,
 }
 
@@ -56,6 +59,9 @@ impl Vpn {
       os: self.os.as_ptr(),
       certificate: Self::option_to_ptr(&self.certificate),
       servercert: Self::option_to_ptr(&self.servercert),
+
+      csd_uid: self.csd_uid,
+      csd_wrapper: Self::option_to_ptr(&self.csd_wrapper),
     }
   }
 
@@ -73,6 +79,9 @@ pub struct VpnBuilder {
   user_agent: Option<String>,
   script: Option<String>,
   os: Option<String>,
+
+  csd_uid: u32,
+  csd_wrapper: Option<String>,
 }
 
 impl VpnBuilder {
@@ -83,6 +92,8 @@ impl VpnBuilder {
       user_agent: None,
       script: None,
       os: None,
+      csd_uid: 0,
+      csd_wrapper: None,
     }
   }
 
@@ -101,6 +112,16 @@ impl VpnBuilder {
     self
   }
 
+  pub fn csd_uid(mut self, csd_uid: u32) -> Self {
+    self.csd_uid = csd_uid;
+    self
+  }
+
+  pub fn csd_wrapper<T: Into<Option<String>>>(mut self, csd_wrapper: T) -> Self {
+    self.csd_wrapper = csd_wrapper.into();
+    self
+  }
+
   pub fn build(self) -> Vpn {
     let user_agent = self.user_agent.unwrap_or_default();
     let script = self.script.or_else(find_default_vpnc_script).unwrap_or_default();
@@ -114,6 +135,10 @@ impl VpnBuilder {
       os: Self::to_cstring(&os),
       certificate: None,
       servercert: None,
+
+      csd_uid: self.csd_uid,
+      csd_wrapper: self.csd_wrapper.as_deref().map(Self::to_cstring),
+
       callback: Default::default(),
     }
   }