Bump version 2.1.3

Rename PreloginCredential
Add message for the '--as-gateway' option
2025-05-20 07:26:58 -04:00 · 2024-04-06 20:07:57 +08:00 · 2024-04-06 19:40:08 +08:00 · 2024-04-06 19:26:42 +08:00 · 2024-04-06 19:14:31 +08:00 · 2024-04-06 19:07:09 +08:00
44 changed files with 998 additions and 440 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -8,5 +8,5 @@ end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
-[Makefile]
+[{Makefile,Makefile.in}]
 indent_style = tab
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -9,8 +9,10 @@ on:
    branches:
      - main
      - dev
      - hotfix/*
      - feature/*
      - release/*
    tags:
      - latest
      - v*.*.*
 jobs:
  # Include arm64 if ref is a tag
@@ -23,9 +25,9 @@ jobs:
        id: set-matrix
        run: |
          if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
-            echo "matrix=[\"ubuntu-latest\", \"arm64\"]" >> $GITHUB_OUTPUT
+            echo 'matrix=[{"runner": "ubuntu-latest", "arch": "amd64"}, {"runner": "arm64", "arch": "arm64"]' >> $GITHUB_OUTPUT
          else
-            echo "matrix=[\"ubuntu-latest\"]" >> $GITHUB_OUTPUT
+            echo 'matrix=[{"runner": "ubuntu-latest", "arch": "amd64"}]' >> $GITHUB_OUTPUT
          fi
  tarball:
@@ -42,10 +44,15 @@ jobs:
      with:
        token: ${{ secrets.GH_PAT }}
        repository: yuezk/GlobalProtect-openconnect
        ref: ${{ github.ref }}
        path: source/gp
    - name: Create tarball
      run: |
        cd source/gp
        # Generate the SNAPSHOT file for non-tagged commits
        if [[ "${{ github.ref }}" != "refs/tags/"* ]]; then
          touch SNAPSHOT
        fi
        make tarball
    - name: Upload tarball
      uses: actions/upload-artifact@v3
@@ -55,140 +62,47 @@ jobs:
        path: |
          source/gp/.build/tarball/*.tar.gz
-  build-deb:
+  build-gp:
    needs:
    - setup-matrix
    - tarball
    strategy:
      matrix:
        os: ${{fromJson(needs.setup-matrix.outputs.matrix)}}
-    runs-on: ${{ matrix.os }}
+        package: [deb, rpm, pkg, binary]
    runs-on: ${{ matrix.os.runner }}
    name: build-gp (${{ matrix.package }}, ${{ matrix.os.arch }})
    steps:
    - name: Prepare workspace
-      run: rm -rf build-deb && mkdir build-deb
+      run: |
        rm -rf build-gp-${{ matrix.package }}
        mkdir -p build-gp-${{ matrix.package }}
    - name: Download tarball
      uses: actions/download-artifact@v3
      with:
        name: artifact-source
-        path: build-deb
+        path: build-gp-${{ matrix.package }}
    - name: Docker Login
      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
-    - name: Build DEB package in Docker
+    - name: Build ${{ matrix.package }} package in Docker
      run: |
-        docker run --rm -v $(pwd)/build-deb:/deb yuezk/gpdev:deb-builder
+        docker run --rm \
-    - name: Install DEB package in Docker
+          -v $(pwd)/build-gp-${{ matrix.package }}:/${{ matrix.package }} \
          yuezk/gpdev:${{ matrix.package }}-builder
    - name: Install ${{ matrix.package }} package in Docker
      run: |
-        docker run --rm -v $(pwd)/build-deb:/deb yuezk/gpdev:deb-builder \
+        docker run --rm \
-          bash -c "sudo dpkg -i /deb/*.deb; gpclient --version; gpservice --version; gpauth --version; gpgui-helper --version;"
+          -e GPGUI_INSTALLED=0 \
-    - name: Upload DEB package
+          -v $(pwd)/build-gp-${{ matrix.package }}:/${{ matrix.package }} \
          yuezk/gpdev:${{ matrix.package }}-builder \
          bash install.sh
    - name: Upload ${{ matrix.package }} package
      uses: actions/upload-artifact@v3
      with:
-        name: artifact-deb-${{ matrix.os }}
+        name: artifact-gp-${{ matrix.package }}-${{ matrix.os.arch }}
        if-no-files-found: error
        path: |
-          build-deb/*.deb
+          build-gp-${{ matrix.package }}/artifacts/*
  build-rpm:
    needs:
    - setup-matrix
    - tarball
    strategy:
      matrix:
        os: ${{fromJson(needs.setup-matrix.outputs.matrix)}}
    runs-on: ${{ matrix.os }}
    steps:
    - name: Prepare workspace
      run: rm -rf build-rpm && mkdir build-rpm
    - name: Download tarball
      uses: actions/download-artifact@v3
      with:
        name: artifact-source
        path: build-rpm
    - name: Docker Login
      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
    - name: Build RPM package in Docker
      run: |
        docker run --rm -v $(pwd)/build-rpm:/rpm yuezk/gpdev:rpm-builder
    - name: Install RPM package in Docker
      run: |
        docker run --rm -v $(pwd)/build-rpm:/rpm yuezk/gpdev:rpm-builder \
          bash -c "sudo rpm -i /rpm/*.$(uname -m).rpm; gpclient --version; gpservice --version; gpauth --version; gpgui-helper --version;"
    - name: Upload RPM package
      uses: actions/upload-artifact@v3
      with:
        name: artifact-rpm-${{ matrix.os }}
        if-no-files-found: error
        path: |
          build-rpm/*.rpm
  build-pkgbuild:
    needs:
    - setup-matrix
    - tarball
    strategy:
      matrix:
        os: ${{fromJson(needs.setup-matrix.outputs.matrix)}}
    runs-on: ${{ matrix.os }}
    steps:
    - name: Prepare workspace
      run: rm -rf build-pkgbuild && mkdir build-pkgbuild
    - name: Download tarball
      uses: actions/download-artifact@v3
      with:
        name: artifact-source
        path: build-pkgbuild
    - name: Docker Login
      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
    - name: Build PKGBUILD package in Docker
      run: |
        docker run --rm -v $(pwd)/build-pkgbuild:/pkgbuild yuezk/gpdev:pkgbuild
    - name: Install PKGBUILD package in Docker
      run: |
        docker run --rm -v $(pwd)/build-pkgbuild:/pkgbuild yuezk/gpdev:pkgbuild \
          bash -c "sudo pacman -U --noconfirm /pkgbuild/*.pkg.tar.zst; gpclient --version; gpservice --version; gpauth --version; gpgui-helper --version;"
    - name: Upload PKGBUILD package
      uses: actions/upload-artifact@v3
      with:
        name: artifact-pkgbuild-${{ matrix.os }}
        if-no-files-found: error
        path: |
          build-pkgbuild/*.pkg.tar.zst
  build-binary:
    needs:
    - setup-matrix
    - tarball
    strategy:
      matrix:
        os: ${{fromJson(needs.setup-matrix.outputs.matrix)}}
    runs-on: ${{ matrix.os }}
    steps:
    - name: Prepare workspace
      run: rm -rf build-binary && mkdir build-binary
    - name: Download tarball
      uses: actions/download-artifact@v3
      with:
        name: artifact-source
        path: build-binary
    - name: Docker Login
      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
    - name: Build binary in Docker
      run: |
        docker run --rm -v $(pwd)/build-binary:/binary yuezk/gpdev:binary-builder
    - name: Install binary in Docker
      run: |
        cd build-binary
        tar -xJf ./*.bin.tar.xz
        docker run --rm -v $(pwd):/binary yuezk/gpdev:binary-builder \
          bash -c "cd /binary/globalprotect-openconnect*/ && sudo make install && gpclient --version && gpservice --version && gpauth --version && gpgui-helper --version;"
    - name: Upload binary
      uses: actions/upload-artifact@v3
      with:
        name: artifact-binary-${{ matrix.os }}
        if-no-files-found: error
        path: |
          build-binary/*.bin.tar.xz
          build-binary/*.bin.tar.xz.sha256
  build-gpgui:
    needs:
@@ -196,7 +110,8 @@ jobs:
    strategy:
      matrix:
        os: ${{fromJson(needs.setup-matrix.outputs.matrix)}}
-    runs-on: ${{ matrix.os }}
+    runs-on: ${{ matrix.os.runner }}
    name: build-gpgui (${{ matrix.os.arch }})
    steps:
    - uses: pnpm/action-setup@v2
      with:
@@ -208,12 +123,14 @@ jobs:
      with:
        token: ${{ secrets.GH_PAT }}
        repository: yuezk/GlobalProtect-openconnect
        ref: ${{ github.ref }}
        path: gpgui-source/gp
-    - name: Checkout gpgui
+    - name: Checkout gpgui@${{ github.ref_name }}
      uses: actions/checkout@v3
      with:
        token: ${{ secrets.GH_PAT }}
        repository: yuezk/gpgui
        ref: ${{ github.ref_name }}
        path: gpgui-source/gpgui
    - name: Tarball
      run: |
@@ -233,34 +150,39 @@ jobs:
    - name: Upload gpgui
      uses: actions/upload-artifact@v3
      with:
-        name: artifact-gpgui-${{ matrix.os }}
+        name: artifact-gpgui-${{ matrix.os.arch }}
        if-no-files-found: error
        path: |
          gpgui-source/*.bin.tar.xz
          gpgui-source/*.bin.tar.xz.sha256
  gh-release:
-    if: startsWith(github.ref, 'refs/tags/')
+    if: ${{ github.ref == 'refs/heads/dev' || startsWith(github.ref, 'refs/tags/') }}
    runs-on: ubuntu-latest
    needs:
-      - build-deb
+      - tarball
-      - build-rpm
+      - build-gp
      - build-pkgbuild
      - build-binary
      - build-gpgui
    steps:
    - name: Prepare workspace
-      run: rm -rf build-artifact && mkdir build-artifact
+      run: rm -rf gh-release && mkdir gh-release
    - name: Download all artifacts
      uses: actions/download-artifact@v3
      with:
-        path: build-artifact
+        path: gh-release
    - name: Create GH release
-      uses: softprops/action-gh-release@v1
+      env:
-      with:
+        GH_TOKEN: ${{ secrets.GH_PAT }}
-        token: ${{ secrets.GH_PAT }}
+        RELEASE_TAG: ${{ github.ref == 'refs/heads/dev' && 'snapshot' || github.ref_name }}
-        prerelease: ${{ contains(github.ref, 'latest') }}
+        REPO: ${{ github.repository }}
-        fail_on_unmatched_files: true
+        NOTES: ${{ github.ref == 'refs/heads/dev' && '**!!! DO NOT USE THIS RELEASE IN PRODUCTION !!!**' || format('Release {0}', github.ref_name) }}
-        files: |
+      run: |
-          build-artifact/artifact-*/*
+        gh -R "$REPO" release delete $RELEASE_TAG --yes --cleanup-tag || true
        gh -R "$REPO" release create $RELEASE_TAG \
          --title "$RELEASE_TAG" \
          --notes "$NOTES" \
          --target ${{ github.ref }} \
          ${{ github.ref == 'refs/heads/dev' && '--prerelease' || '' }} \
          gh-release/artifact-source/* \
          gh-release/artifact-gpgui-*/*
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -0,0 +1,89 @@
 name: Publish Packages
 on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag to publish'
        required: true
      revision:
        description: 'Package revision'
        required: true
        default: "1"
      ppa:
        description: 'Publish to PPA'
        type: boolean
        required: true
        default: true
      obs:
        description: 'Publish to OBS'
        type: boolean
        required: true
        default: true
      aur:
        description: 'Publish to AUR'
        type: boolean
        required: true
        default: true
 jobs:
  check:
    runs-on: ubuntu-latest
    steps:
    - name: Check tag exists
      uses: mukunku/tag-exists-action@v1.6.0
      id: check-tag
      with:
        tag: ${{ inputs.tag }}
    - name: Exit if tag does not exist
      run: |
        if [[ "${{ steps.check-tag.outputs.exists }}" == "false" ]]; then
          echo "Tag ${{ inputs.tag }} does not exist"
          exit 1
        fi
  publish-ppa:
    needs: check
    if: ${{ inputs.ppa }}
    runs-on: ubuntu-latest
    steps:
    - uses: pnpm/action-setup@v2
      with:
        version: 8
    - name: Prepare workspace
      run: rm -rf publish-ppa && mkdir publish-ppa
    - name: Download ${{ inputs.tag }} source code
      uses: robinraju/release-downloader@v1.9
      with:
        token: ${{ secrets.GH_PAT }}
        tag: ${{ inputs.tag }}
        fileName: globalprotect-openconnect-*.tar.gz
        tarBall: false
        zipBall: false
        out-file-path: publish-ppa
    - name: Make the offline tarball
      run: |
        cd publish-ppa
        tar -xf globalprotect-openconnect-*.tar.gz
        cd globalprotect-openconnect-*/
        make tarball OFFLINE=1
        # Prepare the debian directory with custom files
        mkdir -p .build/debian
        sed 's/@RUST@/rust-all(>=1.70)/g' packaging/deb/control.in > .build/debian/control
        sed 's/@OFFLINE@/1/g' packaging/deb/rules.in > .build/debian/rules
        cp packaging/deb/postrm .build/debian/postrm
    - name: Publish to PPA
      uses: yuezk/publish-ppa-package@dev
      with:
        repository: "yuezk/globalprotect-openconnect"
        gpg_private_key: ${{ secrets.PPA_GPG_PRIVATE_KEY }}
        gpg_passphrase: ${{ secrets.PPA_GPG_PASSPHRASE }}
        tarball: publish-ppa/globalprotect-openconnect-*/.build/tarball/*.tar.gz
        debian_dir: publish-ppa/globalprotect-openconnect-*/.build/debian
        deb_email: "k3vinyue@gmail.com"
        deb_fullname: "Kevin Yue"
        extra_ppa: "liushuyu-011/rust-bpo-1.75"
        revision: ${{ inputs.revision }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,153 @@
 name: Release Packages
 on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag to release'
        required: true
      arch:
        type: choice
        description: 'Architecture to build'
        required: true
        default: all
        options:
          - all
          - x86_64
          - arm64
      release-deb:
        type: boolean
        description: 'Build DEB package'
        required: true
        default: true
      release-rpm:
        type: boolean
        description: 'Build RPM package'
        required: true
        default: true
      release-pkg:
        type: boolean
        description: 'Build PKG package'
        required: true
        default: true
      release-binary:
        type: boolean
        description: 'Build binary package'
        required: true
        default: true
      gh-release:
        type: boolean
        description: 'Update GitHub release'
        required: true
        default: true
 jobs:
  check:
    runs-on: ubuntu-latest
    steps:
    - name: Check tag exists
      uses: mukunku/tag-exists-action@v1.6.0
      id: check-tag
      with:
        tag: ${{ inputs.tag }}
    - name: Exit if tag does not exist
      run: |
        if [[ "${{ steps.check-tag.outputs.exists }}" == "false" ]]; then
          echo "Tag ${{ inputs.tag }} does not exist"
          exit 1
        fi
  setup-matrix:
    needs:
    - check
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.set-matrix.outputs.result }}
    steps:
    - name: Set up matrix
      id: set-matrix
      uses: actions/github-script@v7
      with:
        result-encoding: string
        script: |
          const inputs = ${{ toJson(inputs) }}
          const { arch } = inputs
          const osMap = {
            "all": ["ubuntu-latest", "arm64"],
            "x86_64": ["ubuntu-latest"],
            "arm64": ["arm64"]
          }
          const package = Object.entries(inputs)
            .filter(([key, value]) => key.startsWith('release-') && value)
            .map(([key, value]) => key.replace('release-', ''))
          return JSON.stringify({
            os: osMap[arch],
            package,
          })
  build:
    needs:
    - setup-matrix
    strategy:
      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
    runs-on: ${{ matrix.os }}
    steps:
    - name: Prepare workspace
      run: rm -rf build-${{ matrix.package }} && mkdir -p build-${{ matrix.package }}
    - name: Download ${{ inputs.tag }} source code
      uses: robinraju/release-downloader@v1.9
      with:
        token: ${{ secrets.GH_PAT }}
        tag: ${{ inputs.tag }}
        fileName: globalprotect-openconnect-*.tar.gz
        tarBall: false
        zipBall: false
        out-file-path: build-${{ matrix.package }}
    - name: Docker Login
      run: echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
    - name: Build ${{ matrix.package }} package in Docker
      run: |
        docker run --rm \
          -v $(pwd)/build-${{ matrix.package }}:/${{ matrix.package }} \
          -e INCLUDE_GUI=1 \
          yuezk/gpdev:${{ matrix.package }}-builder
    - name: Install ${{ matrix.package }} package in Docker
      run: |
        docker run --rm \
          -v $(pwd)/build-${{ matrix.package }}:/${{ matrix.package }} \
          yuezk/gpdev:${{ matrix.package }}-builder \
          bash install.sh
    - name: Upload ${{ matrix.package }} package
      uses: actions/upload-artifact@v3
      with:
        name: artifact-${{ matrix.os }}-${{ matrix.package }}
        if-no-files-found: error
        path: |
          build-${{ matrix.package }}/artifacts/*
  gh-release:
    needs:
    - build
    runs-on: ubuntu-latest
    if: ${{ inputs.gh-release }}
    steps:
    - name: Prepare workspace
      run: rm -rf gh-release && mkdir gh-release
    - name: Download artifact
      uses: actions/download-artifact@v3
      with:
        path: gh-release
    - name: Update release
      uses: softprops/action-gh-release@v1
      with:
        token: ${{ secrets.GH_PAT }}
        prerelease: ${{ contains(github.ref, 'snapshot') }}
        fail_on_unmatched_files: true
        tag_name: ${{ inputs.tag }}
        files: |
          gh-release/artifact-*/*
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@
 .cargo
 .build
 SNAPSHOT
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -562,6 +562,13 @@ dependencies = [
 "memchr",
 ]
 [[package]]
 name = "common"
 version = "2.1.3"
 dependencies = [
 "is_executable",
 ]
 [[package]]
 name = "compile-time"
 version = "0.2.0"
@@ -1423,7 +1430,7 @@ dependencies = [
 [[package]]
 name = "gpapi"
-version = "2.1.0"
+version = "2.1.3"
 dependencies = [
 "anyhow",
 "base64 0.21.5",
@@ -1455,13 +1462,14 @@ dependencies = [
 [[package]]
 name = "gpauth"
-version = "2.1.0"
+version = "2.1.3"
 dependencies = [
 "anyhow",
 "clap",
 "compile-time",
 "env_logger",
 "gpapi",
 "html-escape",
 "log",
 "regex",
 "serde_json",
@@ -1475,10 +1483,11 @@ dependencies = [
 [[package]]
 name = "gpclient"
-version = "2.1.0"
+version = "2.1.3"
 dependencies = [
 "anyhow",
 "clap",
 "common",
 "compile-time",
 "directories",
 "env_logger",
@@ -1496,7 +1505,7 @@ dependencies = [
 [[package]]
 name = "gpgui-helper"
-version = "2.1.0"
+version = "2.1.3"
 dependencies = [
 "anyhow",
 "clap",
@@ -1514,7 +1523,7 @@ dependencies = [
 [[package]]
 name = "gpservice"
-version = "2.1.0"
+version = "2.1.3"
 dependencies = [
 "anyhow",
 "axum",
@@ -1590,9 +1599,9 @@ dependencies = [
 [[package]]
 name = "h2"
-version = "0.3.24"
+version = "0.3.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9"
+checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8"
 dependencies = [
 "bytes",
 "fnv",
@@ -1609,9 +1618,9 @@ dependencies = [
 [[package]]
 name = "h2"
-version = "0.4.2"
+version = "0.4.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "31d030e59af851932b72ceebadf4a2b5986dba4c3b99dd2493f8273a0f151943"
+checksum = "816ec7294445779408f36fe57bc5b7fc1cf59664059096c65f905c1c61f58069"
 dependencies = [
 "bytes",
 "fnv",
@@ -1665,6 +1674,15 @@ version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 [[package]]
 name = "html-escape"
 version = "0.2.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6d1ad449764d627e22bfd7cd5e8868264fc9236e07c752972b4080cd351cb476"
 dependencies = [
 "utf8-width",
 ]
 [[package]]
 name = "html5ever"
 version = "0.26.0"
@@ -1769,7 +1787,7 @@ dependencies = [
 "futures-channel",
 "futures-core",
 "futures-util",
- "h2 0.3.24",
+ "h2 0.3.26",
 "http 0.2.11",
 "http-body 0.4.6",
 "httparse",
@@ -1792,7 +1810,7 @@ dependencies = [
 "bytes",
 "futures-channel",
 "futures-util",
- "h2 0.4.2",
+ "h2 0.4.4",
 "http 1.0.0",
 "http-body 1.0.0",
 "httparse",
@@ -2300,9 +2318,9 @@ dependencies = [
 [[package]]
 name = "mio"
-version = "0.8.10"
+version = "0.8.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09"
+checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c"
 dependencies = [
 "libc",
 "log",
@@ -2519,10 +2537,10 @@ dependencies = [
 [[package]]
 name = "openconnect"
-version = "2.1.0"
+version = "2.1.3"
 dependencies = [
 "cc",
- "is_executable",
+ "common",
 "log",
 ]
@@ -3149,7 +3167,7 @@ dependencies = [
 "encoding_rs",
 "futures-core",
 "futures-util",
- "h2 0.3.24",
+ "h2 0.3.26",
 "http 0.2.11",
 "http-body 0.4.6",
 "hyper 0.14.28",
@@ -4147,9 +4165,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 [[package]]
 name = "tokio"
-version = "1.35.1"
+version = "1.36.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104"
+checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931"
 dependencies = [
 "backtrace",
 "bytes",
@@ -4476,6 +4494,12 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
 [[package]]
 name = "utf8-width"
 version = "0.1.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "86bd8d4e895da8537e5315b8254664e6b769c4ff3db18321b297a1e7004392e3"
 [[package]]
 name = "utf8parse"
 version = "0.2.1"
@@ -4582,6 +4606,12 @@ version = "0.11.0+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 [[package]]
 name = "wasite"
 version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b"
 [[package]]
 name = "wasm-bindgen"
 version = "0.2.89"
@@ -4758,11 +4788,12 @@ dependencies = [
 [[package]]
 name = "whoami"
-version = "1.4.1"
+version = "1.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22fc3756b8a9133049b26c7f61ab35416c130e8c09b660f5b3958b446f52cc50"
+checksum = "a44ab49fad634e88f55bf8f9bb3abd2f27d7204172a112c7c9987e01c1c94ea9"
 dependencies = [
- "wasm-bindgen",
+ "redox_syscall",
 "wasite",
 "web-sys",
 ]
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -5,7 +5,7 @@ members = ["crates/*", "apps/gpclient", "apps/gpservice", "apps/gpauth", "apps/g
 [workspace.package]
 rust-version = "1.70"
-version = "2.1.0"
+version = "2.1.3"
 authors = ["Kevin Yue <k3vinyue@gmail.com>"]
 homepage = "https://github.com/yuezk/GlobalProtect-openconnect"
 edition = "2021"
--- a/53
+++ b/53
@@ -1,5 +1,8 @@
 .SHELLFLAGS += -e
 OFFLINE ?= 0
 BUILD_FE ?= 1
 INCLUDE_GUI ?= 0
 CARGO ?= cargo
 VERSION = $(shell $(CARGO) metadata --no-deps --format-version 1 | jq -r '.packages[0].version')
@@ -12,6 +15,13 @@ PUBLISH ?= 0
 export DEBEMAIL = k3vinyue@gmail.com
 export DEBFULLNAME = Kevin Yue
 export SNAPSHOT = $(shell test -f SNAPSHOT && echo "true" || echo "false")
 ifeq ($(SNAPSHOT), true)
 	RELEASE_TAG = snapshot
 else
 	RELEASE_TAG = v$(VERSION)
 endif
 CARGO_BUILD_ARGS = --release
@@ -33,6 +43,7 @@ clean-tarball:
 # Create a tarball, include the cargo dependencies if OFFLINE is set to 1
 tarball: clean-tarball
 	if [ $(BUILD_FE) -eq 1 ]; then \
 		echo "Building frontend..."; \
 		cd apps/gpgui-helper && pnpm install && pnpm build; \
 	fi
@@ -48,9 +59,23 @@ tarball: clean-tarball
 		tar -cJf vendor.tar.xz .vendor; \
 	fi
 	@echo "Creating tarball..."
 	tar --exclude .vendor --exclude target --transform 's,^,${PKG}/,' -czf .build/tarball/${PKG}.tar.gz * .cargo
-build: build-fe build-rs
+download-gui:
 	rm -rf .build/gpgui
 	if [ $(INCLUDE_GUI) -eq 1 ]; then \
 		echo "Downloading GlobalProtect GUI..."; \
 		mkdir -p .build/gpgui; \
 		curl -sSL https://github.com/yuezk/GlobalProtect-openconnect/releases/download/$(RELEASE_TAG)/gpgui_$(shell uname -m).bin.tar.xz \
 			-o .build/gpgui/gpgui_$(shell uname -m).bin.tar.xz; \
 		tar -xJf .build/gpgui/*.tar.xz -C .build/gpgui; \
 	else \
 		echo "Skipping GlobalProtect GUI download (INCLUDE_GUI=0)"; \
 	fi
 build: download-gui build-fe build-rs
 # Install and build the frontend
 # If OFFLINE is set to 1, skip it
@@ -88,6 +113,10 @@ install:
 	install -Dm755 target/release/gpservice $(DESTDIR)/usr/bin/gpservice
 	install -Dm755 target/release/gpgui-helper $(DESTDIR)/usr/bin/gpgui-helper
 	if [ -f .build/gpgui/gpgui_*/gpgui ]; then \
 		install -Dm755 .build/gpgui/gpgui_*/gpgui $(DESTDIR)/usr/bin/gpgui; \
 	fi
 	install -Dm644 packaging/files/usr/share/applications/gpgui.desktop $(DESTDIR)/usr/share/applications/gpgui.desktop
 	install -Dm644 packaging/files/usr/share/icons/hicolor/scalable/apps/gpgui.svg $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
 	install -Dm644 packaging/files/usr/share/icons/hicolor/32x32/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
@@ -123,7 +152,8 @@ init-debian: clean-debian tarball
 	cd .build/deb/${PKG} && debmake
 	cp -f packaging/deb/control.in .build/deb/$(PKG)/debian/control
-	cp -f packaging/deb/rules .build/deb/$(PKG)/debian/rules
+	cp -f packaging/deb/rules.in .build/deb/$(PKG)/debian/rules
 	cp -f packaging/deb/postrm .build/deb/$(PKG)/debian/postrm
 	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/deb/$(PKG)/debian/rules
@@ -144,21 +174,20 @@ check-ppa:
 # Usage: make ppa SERIES=focal OFFLINE=1 PUBLISH=1
 ppa: check-ppa init-debian
-	cd .build/deb/${PKG}
+	sed -i "s/@RUST@/rust-all(>=1.70)/g" .build/deb/$(PKG)/debian/control
 	sed -i "s/@RUST@/rust-all(>=1.70)/g" debian/control
 	$(eval SERIES_VER = $(shell distro-info --series $(SERIES) -r | cut -d' ' -f1))
 	@echo "Building for $(SERIES) $(SERIES_VER)"
-	dch --create --distribution $(SERIES) --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION)ppa$(PPA_REVISION)~ubuntu$(SERIES_VER) "Bugfix and improvements."
+	rm -rf .build/deb/$(PKG)/debian/changelog
 	cd .build/deb/$(PKG) && dch --create --distribution $(SERIES) --package $(PKG_NAME) --newversion $(VERSION)-$(REVISION)ppa$(PPA_REVISION)~ubuntu$(SERIES_VER) "Bugfix and improvements."
-	echo "y" | debuild -e PATH -S -sa -k"$(GPG_KEY_ID)" -p"gpg --batch --passphrase $(GPG_KEY_PASS) --pinentry-mode loopback"
+	cd .build/deb/$(PKG) && echo "y" | debuild -e PATH -S -sa -k"$(GPG_KEY_ID)" -p"gpg --batch --passphrase $(GPG_KEY_PASS) --pinentry-mode loopback"
 	if [ $(PUBLISH) -eq 1 ]; then \
-		dput ppa:yuezk/globalprotect-openconnect ../*.changes; \
+		cd .build/deb/$(PKG) && dput ppa:yuezk/globalprotect-openconnect ../*.changes; \
-	else
+	else \
-		echo "Skipping ppa publish (PUBLISH=0)"
+		echo "Skipping ppa publish (PUBLISH=0)"; \
 	fi
 clean-rpm:
@@ -174,7 +203,7 @@ init-rpm: clean-rpm
 	sed -i "s/@VERSION@/$(VERSION)/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@REVISION@/$(REVISION)/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@OFFLINE@/$(OFFLINE)/g" .build/rpm/globalprotect-openconnect.spec
-	sed -i "s/@DATE@/$(shell date "+%a %b %d %Y")/g" .build/rpm/globalprotect-openconnect.spec
+	sed -i "s/@DATE@/$(shell LC_ALL=en.US date "+%a %b %d %Y")/g" .build/rpm/globalprotect-openconnect.spec
 	sed -i "s/@VERSION@/$(VERSION)/g" .build/rpm/globalprotect-openconnect.changes
 	sed -i "s/@DATE@/$(shell LC_ALL=en.US date -u "+%a %b %e %T %Z %Y")/g" .build/rpm/globalprotect-openconnect.changes
@@ -222,7 +251,7 @@ binary: clean-binary tarball
 	mkdir -p .build/binary/$(PKG_NAME)_$(VERSION)/artifacts
-	make -C .build/binary/${PKG} build OFFLINE=$(OFFLINE) BUILD_FE=0
+	make -C .build/binary/${PKG} build OFFLINE=$(OFFLINE) BUILD_FE=0 INCLUDE_GUI=$(INCLUDE_GUI)
 	make -C .build/binary/${PKG} install DESTDIR=$(PWD)/.build/binary/$(PKG_NAME)_$(VERSION)/artifacts
 	cp packaging/binary/Makefile.in .build/binary/$(PKG_NAME)_$(VERSION)/Makefile
--- a/README.md
+++ b/README.md
@@ -53,15 +53,6 @@ The GUI version is also available after you installed it. You can launch it from
 ## Installation
 > [!Note]
 >
 > This instruction is for the 2.x version. The 1.x version is still available on the [1.x](https://github.com/yuezk/GlobalProtect-openconnect/tree/1.x) branch, you can build it from the source code by following the instructions in the `README.md` file.
 > [!Warning]
 >
 > The client requires `openconnect >= 8.20, pkexec, and gnome-keyring`, please make sure you have them installed.
 > Installing the client from PPA will automatically install the required version of `openconnect`.
 ### Debian/Ubuntu based distributions
 #### Install from PPA
@@ -103,7 +94,7 @@ Download the latest package from [releases](https://github.com/yuezk/GlobalProte
 sudo pacman -U globalprotect-openconnect-*.pkg.tar.zst
 ```
-### Fedora/OpenSUSE/CentOS/RHEL
+### Fedora 38 and later / Fedora Rawhide
 #### Install from COPR
@@ -114,20 +105,47 @@ sudo dnf copr enable yuezk/globalprotect-openconnect
 sudo dnf install globalprotect-openconnect
 ```
-#### Install from OBS (OpenSUSE Build Service)
+### openSUSE Leap 15.6 / openSUSE Tumbleweed
 #### Install from OBS (openSUSE Build Service)
 The package is also available on [OBS](https://build.opensuse.org/package/show/home:yuezk/globalprotect-openconnect) for various RPM-based distributions. You can follow the instructions [on this page](https://software.opensuse.org//download.html?project=home%3Ayuezk&package=globalprotect-openconnect) to install it.
 ### Other RPM-based distributions
 #### Install from RPM package
 Download the latest RPM package from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
 ```bash
 sudo rpm -i globalprotect-openconnect-*.rpm
 ```
 ### Other distributions
 - Install `openconnect >= 8.20`, `webkit2gtk`, `libsecret`, `libayatana-appindicator` or `libappindicator-gtk3`.
- Download `globalprotect-openconnect.tar.gz` from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
+- Download `globalprotect-openconnect_${version}_${arch}.bin.tar.xz` from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page.
- Extract the tarball and run `make build` to build the client.
+- Extract the tarball with `tar -xJf globalprotect-openconnect_${version}_${arch}.bin.tar.xz`.
- Run `make install` to install the client.
+- Run `sudo make install` to install the client.
 ## Build from source
 You can also build the client from source, steps are as follows:
 ### Prerequisites
 - [Install Rust](https://www.rust-lang.org/tools/install)
 - Install Tauri dependencies: https://tauri.app/v1/guides/getting-started/prerequisites/#setting-up-linux
 - Install `perl`
 - Install `openconnect >= 8.20` and `libopenconnect-dev` (or `openconnect-devel` on RPM-based distributions)
 - Install `pkexec`, `gnome-keyring` (or `pam_kwallet` on KDE)
 ### Build
 1. Download the source code tarball from [releases](https://github.com/yuezk/GlobalProtect-openconnect/releases) page. Choose `globalprotect-openconnect-${version}.tar.gz`.
 2. Extract the tarball with `tar -xzf globalprotect-openconnect-${version}.tar.gz`.
 3. Enter the source directory and run `make build BUILD_FE=0` to build the client.
 3. Run `sudo make install` to install the client. (Note, `DESTDIR` is not supported)
 ## FAQ
--- a/apps/gpauth/Cargo.toml
+++ b/apps/gpauth/Cargo.toml
@@ -18,6 +18,7 @@ serde_json.workspace = true
 tokio.workspace = true
 tokio-util.workspace = true
 tempfile.workspace = true
 html-escape = "0.2.13"
 webkit2gtk = "0.18.2"
 tauri = { workspace = true, features = ["http-all"] }
 compile-time.workspace = true
--- a/apps/gpauth/src/auth_window.rs
+++ b/apps/gpauth/src/auth_window.rs
@@ -7,6 +7,7 @@ use std::{
 use anyhow::bail;
 use gpapi::{
  auth::SamlAuthData,
  error::AuthDataParseError,
  gp_params::GpParams,
  portal::{prelogin, Prelogin},
  utils::{redact::redact_uri, window::WindowExt},
@@ -184,6 +185,10 @@ impl<'a> AuthWindow<'a> {
          }
          info!("Loaded uri: {}", redact_uri(&uri));
          if uri.starts_with("globalprotectcallback:") {
            return;
          }
          read_auth_data(&main_resource, auth_result_tx_clone.clone());
        }
      });
@@ -202,7 +207,9 @@ impl<'a> AuthWindow<'a> {
      wv.connect_load_failed(move |_wv, _event, uri, err| {
        let redacted_uri = redact_uri(uri);
        if !uri.starts_with("globalprotectcallback:") {
          warn!("Failed to load uri: {} with error: {}", redacted_uri, err);
        }
        // NOTE: Don't send error here, since load_changed event will be triggered after this
        // send_auth_result(&auth_result_tx, Err(AuthDataError::Invalid));
        // true to stop other handlers from being invoked for the event. false to propagate the event further.
@@ -339,7 +346,7 @@ fn read_auth_data_from_headers(response: &URIResponse) -> AuthResult {
 fn read_auth_data_from_body<F>(main_resource: &WebResource, callback: F)
 where
-  F: FnOnce(AuthResult) + Send + 'static,
+  F: FnOnce(Result<SamlAuthData, AuthDataParseError>) + Send + 'static,
 {
  main_resource.data(Cancellable::NONE, |data| match data {
    Ok(data) => {
@@ -348,53 +355,44 @@ where
    }
    Err(err) => {
      info!("Failed to read response body: {}", err);
-      callback(Err(AuthDataError::Invalid))
+      callback(Err(AuthDataParseError::Invalid))
    }
  });
 }
-fn read_auth_data_from_html(html: &str) -> AuthResult {
+fn read_auth_data_from_html(html: &str) -> Result<SamlAuthData, AuthDataParseError> {
  if html.contains("Temporarily Unavailable") {
    info!("Found 'Temporarily Unavailable' in HTML, auth failed");
-    return Err(AuthDataError::Invalid);
+    return Err(AuthDataParseError::Invalid);
  }
-  match parse_xml_tag(html, "saml-auth-status") {
+  match SamlAuthData::from_html(html) {
-    Some(saml_status) if saml_status == "1" => {
+    Ok(auth_data) => Ok(auth_data),
-      let username = parse_xml_tag(html, "saml-username");
+    Err(err) => {
-      let prelogin_cookie = parse_xml_tag(html, "prelogin-cookie");
+      if let Some(gpcallback) = extract_gpcallback(html) {
-      let portal_userauthcookie = parse_xml_tag(html, "portal-userauthcookie");
+        info!("Found gpcallback from html...");
-
+        SamlAuthData::from_gpcallback(&gpcallback)
-      if SamlAuthData::check(&username, &prelogin_cookie, &portal_userauthcookie) {
+      } else {
-        return Ok(SamlAuthData::new(
+        Err(err)
          username.unwrap(),
          prelogin_cookie,
          portal_userauthcookie,
        ));
      }
      info!("Found invalid auth data in HTML");
      Err(AuthDataError::Invalid)
    }
    Some(status) => {
      info!("Found invalid SAML status {} in HTML", status);
      Err(AuthDataError::Invalid)
    }
    None => {
      info!("No auth data found in HTML");
      Err(AuthDataError::NotFound)
    }
  }
 }
 fn extract_gpcallback(html: &str) -> Option<String> {
  let re = Regex::new(r#"globalprotectcallback:[^"]+"#).unwrap();
  re.captures(html)
    .and_then(|captures| captures.get(0))
    .map(|m| html_escape::decode_html_entities(m.as_str()).to_string())
 }
 fn read_auth_data(main_resource: &WebResource, auth_result_tx: mpsc::UnboundedSender<AuthResult>) {
-  if main_resource.response().is_none() {
+  let Some(response) = main_resource.response() else {
    info!("No response found in main resource");
    send_auth_result(&auth_result_tx, Err(AuthDataError::Invalid));
    return;
-  }
+  };
  let response = main_resource.response().unwrap();
  info!("Trying to read auth data from response headers...");
  match read_auth_data_from_headers(&response) {
@@ -407,22 +405,27 @@ fn read_auth_data(main_resource: &WebResource, auth_result_tx: mpsc::UnboundedSe
      read_auth_data_from_body(main_resource, move |auth_result| {
        // Since we have already found invalid auth data in headers, which means this could be the `/SAML20/SP/ACS` endpoint
        // any error result from body should be considered as invalid, and trigger a retry
-        let auth_result = auth_result.map_err(|_| AuthDataError::Invalid);
+        let auth_result = auth_result.map_err(|err| {
          info!("Failed to read auth data from body: {}", err);
          AuthDataError::Invalid
        });
        send_auth_result(&auth_result_tx, auth_result);
      });
    }
    Err(AuthDataError::NotFound) => {
      info!("No auth data found in headers, trying to read from body...");
-      let url = main_resource.uri().unwrap_or("".into());
+
-      let is_acs_endpoint = url.contains("/SAML20/SP/ACS");
+      let is_acs_endpoint = main_resource.uri().map_or(false, |uri| uri.contains("/SAML20/SP/ACS"));
      read_auth_data_from_body(main_resource, move |auth_result| {
        // If the endpoint is `/SAML20/SP/ACS` and no auth data found in body, it should be considered as invalid
        let auth_result = auth_result.map_err(|err| {
-          if matches!(err, AuthDataError::NotFound) && is_acs_endpoint {
+          info!("Failed to read auth data from body: {}", err);
-            AuthDataError::Invalid
+
          if !is_acs_endpoint && matches!(err, AuthDataParseError::NotFound) {
            AuthDataError::NotFound
          } else {
-            err
+            AuthDataError::Invalid
          }
        });
@@ -437,13 +440,6 @@ fn read_auth_data(main_resource: &WebResource, auth_result_tx: mpsc::UnboundedSe
  }
 }
 fn parse_xml_tag(html: &str, tag: &str) -> Option<String> {
  let re = Regex::new(&format!("<{}>(.*)</{}>", tag, tag)).unwrap();
  re.captures(html)
    .and_then(|captures| captures.get(1))
    .map(|m| m.as_str().to_string())
 }
 pub(crate) async fn clear_webview_cookies(window: &Window) -> anyhow::Result<()> {
  let (tx, rx) = oneshot::channel::<Result<(), String>>();
@@ -489,3 +485,42 @@ pub(crate) async fn clear_webview_cookies(window: &Window) -> anyhow::Result<()>
  rx.await?.map_err(|err| anyhow::anyhow!(err))
 }
 #[cfg(test)]
 mod tests {
  use super::*;
  #[test]
  fn extract_gpcallback_some() {
    let html = r#"
      <meta http-equiv="refresh" content="0; URL=globalprotectcallback:PGh0bWw+PCEtLSA8c">
      <meta http-equiv="refresh" content="0; URL=globalprotectcallback:PGh0bWw+PCEtLSA8c">
    "#;
    assert_eq!(
      extract_gpcallback(html).as_deref(),
      Some("globalprotectcallback:PGh0bWw+PCEtLSA8c")
    );
  }
  #[test]
  fn extract_gpcallback_cas() {
    let html = r#"
      <meta http-equiv="refresh" content="0; URL=globalprotectcallback:cas-as=1&amp;un=xyz@email.com&amp;token=very_long_string">
    "#;
    assert_eq!(
      extract_gpcallback(html).as_deref(),
      Some("globalprotectcallback:cas-as=1&un=xyz@email.com&token=very_long_string")
    );
  }
  #[test]
  fn extract_gpcallback_none() {
    let html = r#"
      <meta http-equiv="refresh" content="0; URL=PGh0bWw+PCEtLSA8c">
    "#;
    assert_eq!(extract_gpcallback(html), None);
  }
 }
--- a/apps/gpauth/tauri.conf.json
+++ b/apps/gpauth/tauri.conf.json
@@ -22,8 +22,8 @@
        "all": true,
        "request": true,
        "scope": [
-          "http://**",
+          "http://*",
-          "https://**"
+          "https://*"
        ]
      }
    },
--- a/apps/gpclient/Cargo.toml
+++ b/apps/gpclient/Cargo.toml
@@ -6,6 +6,7 @@ edition.workspace = true
 license.workspace = true
 [dependencies]
 common = { path = "../../crates/common" }
 gpapi = { path = "../../crates/gpapi", features = ["clap"] }
 openconnect = { path = "../../crates/openconnect" }
 anyhow.workspace = true
--- a/apps/gpclient/src/connect.rs
+++ b/apps/gpclient/src/connect.rs
@@ -1,12 +1,14 @@
 use std::{fs, sync::Arc};
 use clap::Args;
 use common::vpn_utils::find_csd_wrapper;
 use gpapi::{
  clap::args::Os,
  credential::{Credential, PasswordCredential},
  error::PortalError,
  gateway::gateway_login,
  gp_params::{ClientOs, GpParams},
-  portal::{prelogin, retrieve_config, PortalError, Prelogin},
+  portal::{prelogin, retrieve_config, Prelogin},
  process::{
    auth_launcher::SamlAuthLauncher,
    users::{get_non_root_user, get_user_by_name},
@@ -30,6 +32,14 @@ pub(crate) struct ConnectArgs {
  user: Option<String>,
  #[arg(long, short, help = "The VPNC script to use")]
  script: Option<String>,
  #[arg(long, help = "Treat the server as a gateway, instead of a portal")]
  as_gateway: bool,
  #[arg(
    long,
    help = "Use the default CSD wrapper to generate the HIP report and send it to the server"
  )]
  hip: bool,
  #[arg(long, help = "Same as the '--csd-user' option in the openconnect command")]
  csd_user: Option<String>,
@@ -87,6 +97,12 @@ impl<'a> ConnectHandler<'a> {
  pub(crate) async fn handle(&self) -> anyhow::Result<()> {
    let server = self.args.server.as_str();
    let as_gateway = self.args.as_gateway;
    if as_gateway {
      info!("Treating the server as a gateway");
      return self.connect_gateway_with_prelogin(server).await;
    }
    let Err(err) = self.connect_portal_with_prelogin(server).await else {
      return Ok(());
@@ -95,11 +111,16 @@ impl<'a> ConnectHandler<'a> {
    info!("Failed to connect portal with prelogin: {}", err);
    if err.root_cause().downcast_ref::<PortalError>().is_some() {
      info!("Trying the gateway authentication workflow...");
-      return self.connect_gateway_with_prelogin(server).await;
+      self.connect_gateway_with_prelogin(server).await?;
    }
      eprintln!("\nNOTE: the server may be a gateway, not a portal.");
      eprintln!("NOTE: try to use the `--as-gateway` option if you were authenticated twice.");
      Ok(())
    } else {
      Err(err)
    }
  }
  async fn connect_portal_with_prelogin(&self, portal: &str) -> anyhow::Result<()> {
    let gp_params = self.build_gp_params();
@@ -112,16 +133,19 @@ impl<'a> ConnectHandler<'a> {
    let selected_gateway = match &self.args.gateway {
      Some(gateway) => portal_config
        .find_gateway(gateway)
-        .ok_or_else(|| anyhow::anyhow!("Cannot find gateway {}", gateway))?,
+        .ok_or_else(|| anyhow::anyhow!("Cannot find gateway specified: {}", gateway))?,
      None => {
        portal_config.sort_gateways(prelogin.region());
        let gateways = portal_config.gateways();
        if gateways.len() > 1 {
-          Select::new("Which gateway do you want to connect to?", gateways)
+          let gateway = Select::new("Which gateway do you want to connect to?", gateways)
            .with_vim_mode(true)
-            .prompt()?
+            .prompt()?;
          info!("Connecting to the selected gateway: {}", gateway);
          gateway
        } else {
          info!("Connecting to the only available gateway: {}", gateways[0]);
          gateways[0]
        }
      }
@@ -142,6 +166,8 @@ impl<'a> ConnectHandler<'a> {
  }
  async fn connect_gateway_with_prelogin(&self, gateway: &str) -> anyhow::Result<()> {
    info!("Performing the gateway authentication...");
    let mut gp_params = self.build_gp_params();
    gp_params.set_is_gateway(true);
@@ -154,16 +180,23 @@ impl<'a> ConnectHandler<'a> {
  }
  async fn connect_gateway(&self, gateway: &str, cookie: &str) -> anyhow::Result<()> {
    let csd_uid = get_csd_uid(&self.args.csd_user)?;
    let mtu = self.args.mtu.unwrap_or(0);
    let csd_uid = get_csd_uid(&self.args.csd_user)?;
    let csd_wrapper = if self.args.csd_wrapper.is_some() {
      self.args.csd_wrapper.clone()
    } else if self.args.hip {
      find_csd_wrapper()
    } else {
      None
    };
    let vpn = Vpn::builder(gateway, cookie)
      .user_agent(self.args.user_agent.clone())
      .script(self.args.script.clone())
      .user_agent(self.args.user_agent.clone())
      .csd_uid(csd_uid)
-      .csd_wrapper(self.args.csd_wrapper.clone())
+      .csd_wrapper(csd_wrapper)
      .mtu(mtu)
-      .build();
+      .build()?;
    let vpn = Arc::new(vpn);
    let vpn_clone = vpn.clone();
--- a/apps/gpclient/src/launch_gui.rs
+++ b/apps/gpclient/src/launch_gui.rs
@@ -82,7 +82,7 @@ async fn feed_auth_data(auth_data: &str) -> anyhow::Result<()> {
  reqwest::Client::default()
    .post(format!("{}/auth-data", service_endpoint))
-    .json(&auth_data)
+    .body(auth_data.to_string())
    .send()
    .await?
    .error_for_status()?;
--- a/apps/gpgui-helper/package.json
+++ b/apps/gpgui-helper/package.json
@@ -18,7 +18,7 @@
    "react-dom": "^18.2.0"
  },
  "devDependencies": {
-    "@tauri-apps/cli": "^1.5.0",
+    "@tauri-apps/cli": "^1.5.6",
    "@types/node": "^20.8.10",
    "@types/react": "^18.2.15",
    "@types/react-dom": "^18.2.7",
@@ -31,6 +31,6 @@
    "eslint-plugin-react-hooks": "^4.6.0",
    "prettier": "3.1.0",
    "typescript": "^5.0.2",
-    "vite": "^4.4.4"
+    "vite": "^4.5.3"
  }
 }
--- a/apps/gpgui-helper/pnpm-lock.yaml
+++ b/apps/gpgui-helper/pnpm-lock.yaml
@@ -29,8 +29,8 @@ dependencies:
 devDependencies:
  '@tauri-apps/cli':
-    specifier: ^1.5.0
+    specifier: ^1.5.6
-    version: 1.5.0
+    version: 1.5.6
  '@types/node':
    specifier: ^20.8.10
    version: 20.8.10
@@ -48,7 +48,7 @@ devDependencies:
    version: 6.12.0(eslint@8.54.0)(typescript@5.0.2)
  '@vitejs/plugin-react':
    specifier: ^4.0.3
-    version: 4.0.3(vite@4.4.4)
+    version: 4.0.3(vite@4.5.3)
  eslint:
    specifier: ^8.54.0
    version: 8.54.0
@@ -68,8 +68,8 @@ devDependencies:
    specifier: ^5.0.2
    version: 5.0.2
  vite:
-    specifier: ^4.4.4
+    specifier: ^4.5.3
-    version: 4.4.4(@types/node@20.8.10)
+    version: 4.5.3(@types/node@20.8.10)
 packages:
@@ -940,8 +940,8 @@ packages:
    engines: {node: '>= 14.6.0', npm: '>= 6.6.0', yarn: '>= 1.19.1'}
    dev: false
-  /@tauri-apps/cli-darwin-arm64@1.5.0:
+  /@tauri-apps/cli-darwin-arm64@1.5.6:
-    resolution: {integrity: sha512-wvEfcSBjlh1G8uBiylMNFgBtAyk4mXfvDFcGyigf/2ui7Wve6fcAFDJdTVwiHOZ4Wxnw6BD3lIkVMQdDpE+nFg==}
+    resolution: {integrity: sha512-NNvG3XLtciCMsBahbDNUEvq184VZmOveTGOuy0So2R33b/6FDkuWaSgWZsR1mISpOuP034htQYW0VITCLelfqg==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [darwin]
@@ -949,8 +949,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-darwin-x64@1.5.0:
+  /@tauri-apps/cli-darwin-x64@1.5.6:
-    resolution: {integrity: sha512-pWzLMAMslx3dkLyq1f4PpuEhgUs8mPISM5nQoHfgYYchJk6Ip1YtWupo56h5QjqyRNPUsSYT8DVGIw0Oi8auXQ==}
+    resolution: {integrity: sha512-nkiqmtUQw3N1j4WoVjv81q6zWuZFhBLya/RNGUL94oafORloOZoSY0uTZJAoeieb3Y1YK0rCHSDl02MyV2Fi4A==}
    engines: {node: '>= 10'}
    cpu: [x64]
    os: [darwin]
@@ -958,8 +958,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-linux-arm-gnueabihf@1.5.0:
+  /@tauri-apps/cli-linux-arm-gnueabihf@1.5.6:
-    resolution: {integrity: sha512-hP3nAd0TjxblIAgriXhdX33sKXwbkY3CKsWBVB3O+5DOGy7XzKosIt0KaqiV8BHI2pbHMVOwTZuvjdK8pPLULQ==}
+    resolution: {integrity: sha512-z6SPx+axZexmWXTIVPNs4Tg7FtvdJl9EKxYN6JPjOmDZcqA13iyqWBQal2DA/GMZ1Xqo3vyJf6EoEaKaliymPQ==}
    engines: {node: '>= 10'}
    cpu: [arm]
    os: [linux]
@@ -967,8 +967,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-linux-arm64-gnu@1.5.0:
+  /@tauri-apps/cli-linux-arm64-gnu@1.5.6:
-    resolution: {integrity: sha512-/AwGSjUplzeiGWbKP8rAW4gQx5umWiaQJ0ifx6NakA/sIrhRXPYTobwzg4ixw31ALQNXaEosJCkmvXyHUvoUYw==}
+    resolution: {integrity: sha512-QuQjMQmpsCbzBrmtQiG4uhnfAbdFx3nzm+9LtqjuZlurc12+Mj5MTgqQ3AOwQedH3f7C+KlvbqD2AdXpwTg7VA==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [linux]
@@ -976,8 +976,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-linux-arm64-musl@1.5.0:
+  /@tauri-apps/cli-linux-arm64-musl@1.5.6:
-    resolution: {integrity: sha512-OFzKMkg3bmBjr/BYQ1kx4QOHL+JSkzX+Cw8RcG7CKnq8QoJyg8N0K0UTskgsVwlCN4l7bxeuSLvEveg4SBA2AQ==}
+    resolution: {integrity: sha512-8j5dH3odweFeom7bRGlfzDApWVOT4jIq8/214Wl+JeiNVehouIBo9lZGeghZBH3XKFRwEvU23i7sRVjuh2s8mg==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [linux]
@@ -985,8 +985,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-linux-x64-gnu@1.5.0:
+  /@tauri-apps/cli-linux-x64-gnu@1.5.6:
-    resolution: {integrity: sha512-V2stfUH3Qrc3cIXAd+cKbJruS1oJqqGd40GTVcKOKlRk9Ef9H3WNUQ5PyWKj1t1rk8AxjcBO/vK+Unkuy1WSCw==}
+    resolution: {integrity: sha512-gbFHYHfdEGW0ffk8SigDsoXks6USpilF6wR0nqB/JbWzbzFR/sBuLVNQlJl1RKNakyJHu+lsFxGy0fcTdoX8xA==}
    engines: {node: '>= 10'}
    cpu: [x64]
    os: [linux]
@@ -994,8 +994,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-linux-x64-musl@1.5.0:
+  /@tauri-apps/cli-linux-x64-musl@1.5.6:
-    resolution: {integrity: sha512-qpcGeesuksxzE7lC3RCnikTY9DCRMnAYwhWa9i8MA7pKDX1IXaEvAaXrse44XCZUohxLLgn2k2o6Pb+65dDijQ==}
+    resolution: {integrity: sha512-9v688ogoLkeFYQNgqiSErfhTreLUd8B3prIBSYUt+x4+5Kcw91zWvIh+VSxL1n3KCGGsM7cuXhkGPaxwlEh1ug==}
    engines: {node: '>= 10'}
    cpu: [x64]
    os: [linux]
@@ -1003,8 +1003,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-win32-arm64-msvc@1.5.0:
+  /@tauri-apps/cli-win32-arm64-msvc@1.5.6:
-    resolution: {integrity: sha512-Glt/AEWwbFmFnQuoPRbB6vMzCIT9jYSpD59zRP8ljhRSzwDHE59q5nXOrheLKICwMmaXqtAuCIq9ndDBKghwoQ==}
+    resolution: {integrity: sha512-DRNDXFNZb6y5IZrw+lhTTA9l4wbzO4TNRBAlHAiXUrH+pRFZ/ZJtv5WEuAj9ocVSahVw2NaK5Yaold4NPAxHog==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [win32]
@@ -1012,8 +1012,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-win32-ia32-msvc@1.5.0:
+  /@tauri-apps/cli-win32-ia32-msvc@1.5.6:
-    resolution: {integrity: sha512-k+R2VI8eZJfRjaRS8LwbkjMBKFaKcWtA/byaFnGDDUnb3VM/WFW++3KjC5Ne2wXpxFW9RVaFiBNIpmRcExI0Qw==}
+    resolution: {integrity: sha512-oUYKNR/IZjF4fsOzRpw0xesl2lOjhsQEyWlgbpT25T83EU113Xgck9UjtI7xemNI/OPCv1tPiaM1e7/ABdg5iA==}
    engines: {node: '>= 10'}
    cpu: [ia32]
    os: [win32]
@@ -1021,8 +1021,8 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli-win32-x64-msvc@1.5.0:
+  /@tauri-apps/cli-win32-x64-msvc@1.5.6:
-    resolution: {integrity: sha512-jEwq9UuUldVyDJ/dsYoHFuZfNZIkxbeDYSMELfZXsRvWWEA8xRYeTkH38S++KU1eBl5dTK0LbxhztEB2HjRT1g==}
+    resolution: {integrity: sha512-RmEf1os9C8//uq2hbjXi7Vgz9ne7798ZxqemAZdUwo1pv3oLVZSz1/IvZmUHPdy2e6zSeySqWu1D0Y3QRNN+dg==}
    engines: {node: '>= 10'}
    cpu: [x64]
    os: [win32]
@@ -1030,21 +1030,21 @@ packages:
    dev: true
    optional: true
-  /@tauri-apps/cli@1.5.0:
+  /@tauri-apps/cli@1.5.6:
-    resolution: {integrity: sha512-usY7Ncfkxl2f/ufjWDtp+eJsodlj8ipMKExIt160KR+tx0GtQgLtxRnrKxe1o7wu18Pkqd5JIuWMaOmT3YZeYA==}
+    resolution: {integrity: sha512-k4Y19oVCnt7WZb2TnDzLqfs7o98Jq0tUoVMv+JQSzuRDJqaVu2xMBZ8dYplEn+EccdR5SOMyzaLBJWu38TVK1A==}
    engines: {node: '>= 10'}
    hasBin: true
    optionalDependencies:
-      '@tauri-apps/cli-darwin-arm64': 1.5.0
+      '@tauri-apps/cli-darwin-arm64': 1.5.6
-      '@tauri-apps/cli-darwin-x64': 1.5.0
+      '@tauri-apps/cli-darwin-x64': 1.5.6
-      '@tauri-apps/cli-linux-arm-gnueabihf': 1.5.0
+      '@tauri-apps/cli-linux-arm-gnueabihf': 1.5.6
-      '@tauri-apps/cli-linux-arm64-gnu': 1.5.0
+      '@tauri-apps/cli-linux-arm64-gnu': 1.5.6
-      '@tauri-apps/cli-linux-arm64-musl': 1.5.0
+      '@tauri-apps/cli-linux-arm64-musl': 1.5.6
-      '@tauri-apps/cli-linux-x64-gnu': 1.5.0
+      '@tauri-apps/cli-linux-x64-gnu': 1.5.6
-      '@tauri-apps/cli-linux-x64-musl': 1.5.0
+      '@tauri-apps/cli-linux-x64-musl': 1.5.6
-      '@tauri-apps/cli-win32-arm64-msvc': 1.5.0
+      '@tauri-apps/cli-win32-arm64-msvc': 1.5.6
-      '@tauri-apps/cli-win32-ia32-msvc': 1.5.0
+      '@tauri-apps/cli-win32-ia32-msvc': 1.5.6
-      '@tauri-apps/cli-win32-x64-msvc': 1.5.0
+      '@tauri-apps/cli-win32-x64-msvc': 1.5.6
    dev: true
  /@types/json-schema@7.0.14:
@@ -1229,7 +1229,7 @@ packages:
    resolution: {integrity: sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==}
    dev: true
-  /@vitejs/plugin-react@4.0.3(vite@4.4.4):
+  /@vitejs/plugin-react@4.0.3(vite@4.5.3):
    resolution: {integrity: sha512-pwXDog5nwwvSIzwrvYYmA2Ljcd/ZNlcsSG2Q9CNDBwnsd55UGAyr2doXtB5j+2uymRCnCfExlznzzSFbBRcoCg==}
    engines: {node: ^14.18.0 || >=16.0.0}
    peerDependencies:
@@ -1239,7 +1239,7 @@ packages:
      '@babel/plugin-transform-react-jsx-self': 7.22.5(@babel/core@7.23.2)
      '@babel/plugin-transform-react-jsx-source': 7.22.5(@babel/core@7.23.2)
      react-refresh: 0.14.0
-      vite: 4.4.4(@types/node@20.8.10)
+      vite: 4.5.3(@types/node@20.8.10)
    transitivePeerDependencies:
      - supports-color
    dev: true
@@ -2979,8 +2979,8 @@ packages:
      punycode: 2.3.1
    dev: true
-  /vite@4.4.4(@types/node@20.8.10):
+  /vite@4.5.3(@types/node@20.8.10):
-    resolution: {integrity: sha512-4mvsTxjkveWrKDJI70QmelfVqTm+ihFAb6+xf4sjEU2TmUCTlVX87tmg/QooPEMQb/lM9qGHT99ebqPziEd3wg==}
+    resolution: {integrity: sha512-kQL23kMeX92v3ph7IauVkXkikdDRsYMGTVl5KY2E9OY4ONLvkHf04MDTbnfo6NKxZiDLWzVpP5oTa8hQD8U3dg==}
    engines: {node: ^14.18.0 || >=16.0.0}
    hasBin: true
    peerDependencies:
--- a/apps/gpgui-helper/src-tauri/src/updater.rs
+++ b/apps/gpgui-helper/src-tauri/src/updater.rs
@@ -9,6 +9,12 @@ use tauri::{Manager, Window};
 use crate::downloader::{ChecksumFetcher, FileDownloader};
 #[cfg(not(debug_assertions))]
 const SNAPSHOT: &str = match option_env!("SNAPSHOT") {
    Some(val) => val,
    None => "false"
 };
 pub struct ProgressNotifier {
  win: Window,
 }
@@ -81,9 +87,13 @@ impl GuiUpdater {
    info!("Update GUI, version: {}", self.version);
    #[cfg(debug_assertions)]
-    let release_tag = "latest";
+    let release_tag = "snapshot";
    #[cfg(not(debug_assertions))]
-    let release_tag = format!("v{}", self.version);
+    let release_tag = if SNAPSHOT == "true" {
      String::from("snapshot")
    } else {
      format!("v{}", self.version)
    };
    #[cfg(target_arch = "x86_64")]
    let arch = "x86_64";
@@ -91,8 +101,8 @@ impl GuiUpdater {
    let arch = "aarch64";
    let file_url = format!(
-      "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/{}/gpgui_{}_{}.bin.tar.xz",
+      "https://github.com/yuezk/GlobalProtect-openconnect/releases/download/{}/gpgui_{}.bin.tar.xz",
-      release_tag, self.version, arch
+      release_tag, arch
    );
    let checksum_url = format!("{}.sha256", file_url);
--- a/apps/gpservice/src/vpn_task.rs
+++ b/apps/gpservice/src/vpn_task.rs
@@ -4,7 +4,7 @@ use gpapi::service::{
  request::{ConnectRequest, WsRequest},
  vpn_state::VpnState,
 };
-use log::info;
+use log::{info, warn};
 use openconnect::Vpn;
 use tokio::sync::{mpsc, oneshot, watch, RwLock};
 use tokio_util::sync::CancellationToken;
@@ -31,22 +31,29 @@ impl VpnTaskContext {
      return;
    }
    let vpn_state_tx = self.vpn_state_tx.clone();
    let info = req.info().clone();
    let vpn_handle = Arc::clone(&self.vpn_handle);
    let args = req.args();
-    let vpn = Vpn::builder(req.gateway().server(), args.cookie())
+    let vpn = match Vpn::builder(req.gateway().server(), args.cookie())
      .user_agent(args.user_agent())
      .script(args.vpnc_script())
      .user_agent(args.user_agent())
      .csd_uid(args.csd_uid())
      .csd_wrapper(args.csd_wrapper())
      .mtu(args.mtu())
      .os(args.openconnect_os())
-      .build();
+      .build()
    {
      Ok(vpn) => vpn,
      Err(err) => {
        warn!("Failed to create VPN: {}", err);
        vpn_state_tx.send(VpnState::Disconnected).ok();
        return;
      }
    };
    // Save the VPN handle
    vpn_handle.write().await.replace(vpn);
    let vpn_state_tx = self.vpn_state_tx.clone();
    let connect_info = Box::new(info.clone());
    vpn_state_tx.send(VpnState::Connecting(connect_info)).ok();
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,22 @@
 # Changelog
 ## 2.1.3 - 2024-04-06
 - Support CAS authentication (fix [#339](https://github.com/yuezk/GlobalProtect-openconnect/issues/339))
 - CLI: Add `--as-gateway` option to connect as gateway directly (fix [#318](https://github.com/yuezk/GlobalProtect-openconnect/issues/318))
 - GUI: Add an option to use symbolic tray icon (fix [#341](https://github.com/yuezk/GlobalProtect-openconnect/issues/341))
 ## 2.1.2 - 2024-03-29
 - Treat portal as gateway when the gateway login is failed (fix #338)
 ## 2.1.1 - 2024-03-25
 - Add the `--hip` option to enable HIP report
 - Fix not working in OpenSuse 15.5 (fix #336, #322)
 - Treat portal as gateway when the gateway login is failed (fix #338)
 - Improve the error message (fix #327)
 ## 2.1.0 - 2024-02-27
 - Update distribution channel for `gpgui` to complaint with the GPL-3 license.
--- a/crates/common/Cargo.toml
+++ b/crates/common/Cargo.toml
@@ -0,0 +1,11 @@
 [package]
 name = "common"
 rust-version.workspace = true
 version.workspace = true
 authors.workspace = true
 homepage.workspace = true
 edition.workspace = true
 license.workspace = true
 [dependencies]
 is_executable.workspace = true
--- a/crates/common/src/lib.rs
+++ b/crates/common/src/lib.rs
@@ -0,0 +1 @@
 pub mod vpn_utils;
--- a/crates/common/src/vpn_utils.rs
+++ b/crates/common/src/vpn_utils.rs
@@ -0,0 +1,41 @@
 use is_executable::IsExecutable;
 use std::path::Path;
 pub use is_executable::is_executable;
 const VPNC_SCRIPT_LOCATIONS: [&str; 6] = [
  "/usr/local/share/vpnc-scripts/vpnc-script",
  "/usr/local/sbin/vpnc-script",
  "/usr/share/vpnc-scripts/vpnc-script",
  "/usr/sbin/vpnc-script",
  "/etc/vpnc/vpnc-script",
  "/etc/openconnect/vpnc-script",
 ];
 const CSD_WRAPPER_LOCATIONS: [&str; 3] = [
  #[cfg(target_arch = "x86_64")]
  "/usr/lib/x86_64-linux-gnu/openconnect/hipreport.sh",
  #[cfg(target_arch = "aarch64")]
  "/usr/lib/aarch64-linux-gnu/openconnect/hipreport.sh",
  "/usr/lib/openconnect/hipreport.sh",
  "/usr/libexec/openconnect/hipreport.sh",
 ];
 fn find_executable(locations: &[&str]) -> Option<String> {
  for location in locations.iter() {
    let path = Path::new(location);
    if path.is_executable() {
      return Some(location.to_string());
    }
  }
  None
 }
 pub fn find_vpnc_script() -> Option<String> {
  find_executable(&VPNC_SCRIPT_LOCATIONS)
 }
 pub fn find_csd_wrapper() -> Option<String> {
  find_executable(&CSD_WRAPPER_LOCATIONS)
 }
--- a/crates/gpapi/src/auth.rs
+++ b/crates/gpapi/src/auth.rs
@@ -1,13 +1,17 @@
-use anyhow::bail;
+use log::{info, warn};
 use regex::Regex;
 use serde::{Deserialize, Serialize};
 use crate::{error::AuthDataParseError, utils::base64::decode_to_string};
 #[derive(Debug, Serialize, Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct SamlAuthData {
  #[serde(alias = "un")]
  username: String,
  prelogin_cookie: Option<String>,
  portal_userauthcookie: Option<String>,
  token: Option<String>,
 }
 #[derive(Debug, Serialize, Deserialize)]
@@ -32,10 +36,11 @@ impl SamlAuthData {
      username,
      prelogin_cookie,
      portal_userauthcookie,
      token: None,
    }
  }
-  pub fn parse_html(html: &str) -> anyhow::Result<SamlAuthData> {
+  pub fn from_html(html: &str) -> anyhow::Result<SamlAuthData, AuthDataParseError> {
    match parse_xml_tag(html, "saml-auth-status") {
      Some(saml_status) if saml_status == "1" => {
        let username = parse_xml_tag(html, "saml-username");
@@ -43,21 +48,42 @@ impl SamlAuthData {
        let portal_userauthcookie = parse_xml_tag(html, "portal-userauthcookie");
        if SamlAuthData::check(&username, &prelogin_cookie, &portal_userauthcookie) {
-          return Ok(SamlAuthData::new(
+          Ok(SamlAuthData::new(
            username.unwrap(),
            prelogin_cookie,
            portal_userauthcookie,
-          ));
+          ))
        } else {
          Err(AuthDataParseError::Invalid)
        }
      }
      Some(_) => Err(AuthDataParseError::Invalid),
      None => Err(AuthDataParseError::NotFound),
    }
  }
-        bail!("Found invalid auth data in HTML");
+  pub fn from_gpcallback(data: &str) -> anyhow::Result<SamlAuthData, AuthDataParseError> {
-      }
+    let auth_data = data.trim_start_matches("globalprotectcallback:");
-      Some(status) => {
+
-        bail!("Found invalid SAML status {} in HTML", status);
+    if auth_data.starts_with("cas-as") {
-      }
+      info!("Got CAS auth data from globalprotectcallback");
-      None => {
+
-        bail!("No auth data found in HTML");
+      let auth_data: SamlAuthData = serde_urlencoded::from_str(auth_data).map_err(|e| {
-      }
+        warn!("Failed to parse token auth data: {}", e);
        AuthDataParseError::Invalid
      })?;
      Ok(auth_data)
    } else {
      info!("Parsing SAML auth data...");
      let auth_data = decode_to_string(auth_data).map_err(|e| {
        warn!("Failed to decode SAML auth data: {}", e);
        AuthDataParseError::Invalid
      })?;
      let auth_data = Self::from_html(&auth_data)?;
      Ok(auth_data)
    }
  }
@@ -69,6 +95,10 @@ impl SamlAuthData {
    self.prelogin_cookie.as_deref()
  }
  pub fn token(&self) -> Option<&str> {
    self.token.as_deref()
  }
  pub fn check(
    username: &Option<String>,
    prelogin_cookie: &Option<String>,
@@ -78,7 +108,16 @@ impl SamlAuthData {
    let prelogin_cookie_valid = prelogin_cookie.as_ref().is_some_and(|val| val.len() > 5);
    let portal_userauthcookie_valid = portal_userauthcookie.as_ref().is_some_and(|val| val.len() > 5);
-    username_valid && (prelogin_cookie_valid || portal_userauthcookie_valid)
+    let is_valid = username_valid && (prelogin_cookie_valid || portal_userauthcookie_valid);
    if !is_valid {
      warn!(
        "Invalid SAML auth data: username: {:?}, prelogin-cookie: {:?}, portal-userauthcookie: {:?}",
        username, prelogin_cookie, portal_userauthcookie
      );
    }
    is_valid
  }
 }
@@ -88,3 +127,28 @@ pub fn parse_xml_tag(html: &str, tag: &str) -> Option<String> {
    .and_then(|captures| captures.get(1))
    .map(|m| m.as_str().to_string())
 }
 #[cfg(test)]
 mod tests {
  use super::*;
  #[test]
  fn auth_data_from_gpcallback_cas() {
    let auth_data = "globalprotectcallback:cas-as=1&un=xyz@email.com&token=very_long_string";
    let auth_data = SamlAuthData::from_gpcallback(auth_data).unwrap();
    assert_eq!(auth_data.username(), "xyz@email.com");
    assert_eq!(auth_data.token(), Some("very_long_string"));
  }
  #[test]
  fn auth_data_from_gpcallback_non_cas() {
    let auth_data = "PGh0bWw+PCEtLSA8c2FtbC1hdXRoLXN0YXR1cz4xPC9zYW1sLWF1dGgtc3RhdHVzPjxwcmVsb2dpbi1jb29raWU+cHJlbG9naW4tY29va2llPC9wcmVsb2dpbi1jb29raWU+PHNhbWwtdXNlcm5hbWU+eHl6QGVtYWlsLmNvbTwvc2FtbC11c2VybmFtZT48c2FtbC1zbG8+bm88L3NhbWwtc2xvPjxzYW1sLVNlc3Npb25Ob3RPbk9yQWZ0ZXI+PC9zYW1sLVNlc3Npb25Ob3RPbk9yQWZ0ZXI+IC0tPjwvaHRtbD4=";
    let auth_data = SamlAuthData::from_gpcallback(auth_data).unwrap();
    assert_eq!(auth_data.username(), "xyz@email.com");
    assert_eq!(auth_data.prelogin_cookie(), Some("prelogin-cookie"));
  }
 }
--- a/crates/gpapi/src/credential.rs
+++ b/crates/gpapi/src/credential.rs
@@ -3,7 +3,7 @@ use std::collections::HashMap;
 use serde::{Deserialize, Serialize};
 use specta::Type;
-use crate::{auth::SamlAuthData, utils::base64::decode_to_string};
+use crate::auth::SamlAuthData;
 #[derive(Debug, Serialize, Deserialize, Type, Clone)]
 #[serde(rename_all = "camelCase")]
@@ -37,16 +37,18 @@ impl From<&CachedCredential> for PasswordCredential {
 #[derive(Debug, Serialize, Deserialize, Type, Clone)]
 #[serde(rename_all = "camelCase")]
-pub struct PreloginCookieCredential {
+pub struct PreloginCredential {
  username: String,
-  prelogin_cookie: String,
+  prelogin_cookie: Option<String>,
  token: Option<String>,
 }
-impl PreloginCookieCredential {
+impl PreloginCredential {
-  pub fn new(username: &str, prelogin_cookie: &str) -> Self {
+  pub fn new(username: &str, prelogin_cookie: Option<&str>, token: Option<&str>) -> Self {
    Self {
      username: username.to_string(),
-      prelogin_cookie: prelogin_cookie.to_string(),
+      prelogin_cookie: prelogin_cookie.map(|s| s.to_string()),
      token: token.map(|s| s.to_string()),
    }
  }
@@ -54,22 +56,22 @@ impl PreloginCookieCredential {
    &self.username
  }
-  pub fn prelogin_cookie(&self) -> &str {
+  pub fn prelogin_cookie(&self) -> Option<&str> {
-    &self.prelogin_cookie
+    self.prelogin_cookie.as_deref()
  }
  pub fn token(&self) -> Option<&str> {
    self.token.as_deref()
  }
 }
-impl TryFrom<SamlAuthData> for PreloginCookieCredential {
+impl From<SamlAuthData> for PreloginCredential {
-  type Error = anyhow::Error;
+  fn from(value: SamlAuthData) -> Self {
  fn try_from(value: SamlAuthData) -> Result<Self, Self::Error> {
    let username = value.username().to_string();
-    let prelogin_cookie = value
+    let prelogin_cookie = value.prelogin_cookie();
-      .prelogin_cookie()
+    let token = value.token();
      .ok_or_else(|| anyhow::anyhow!("Missing prelogin cookie"))?
      .to_string();
-    Ok(Self::new(&username, &prelogin_cookie))
+    Self::new(&username, prelogin_cookie, token)
  }
 }
@@ -154,32 +156,28 @@ impl From<PasswordCredential> for CachedCredential {
    )
  }
 }
 #[derive(Debug, Serialize, Deserialize, Type, Clone)]
 #[serde(tag = "type", rename_all = "camelCase")]
 pub enum Credential {
  Password(PasswordCredential),
-  PreloginCookie(PreloginCookieCredential),
+  Prelogin(PreloginCredential),
  AuthCookie(AuthCookieCredential),
  CachedCredential(CachedCredential),
 }
 impl Credential {
-  /// Create a credential from a globalprotectcallback:<base64 encoded string>
+  /// Create a credential from a globalprotectcallback:<base64 encoded string>,
-  pub fn parse_gpcallback(auth_data: &str) -> anyhow::Result<Self> {
+  /// or globalprotectcallback:cas-as=1&un=user@xyz.com&token=very_long_string
-    // Remove the surrounding quotes
+  pub fn from_gpcallback(auth_data: &str) -> anyhow::Result<Self> {
-    let auth_data = auth_data.trim_matches('"');
+    let auth_data = SamlAuthData::from_gpcallback(auth_data)?;
    let auth_data = auth_data.trim_start_matches("globalprotectcallback:");
    let auth_data = decode_to_string(auth_data)?;
    let auth_data = SamlAuthData::parse_html(&auth_data)?;
-    Self::try_from(auth_data)
+    Ok(Self::from(auth_data))
  }
  pub fn username(&self) -> &str {
    match self {
      Credential::Password(cred) => cred.username(),
-      Credential::PreloginCookie(cred) => cred.username(),
+      Credential::Prelogin(cred) => cred.username(),
      Credential::AuthCookie(cred) => cred.username(),
      Credential::CachedCredential(cred) => cred.username(),
    }
@@ -189,20 +187,22 @@ impl Credential {
    let mut params = HashMap::new();
    params.insert("user", self.username());
-    let (passwd, prelogin_cookie, portal_userauthcookie, portal_prelogonuserauthcookie) = match self {
+    let (passwd, prelogin_cookie, portal_userauthcookie, portal_prelogonuserauthcookie, token) = match self {
-      Credential::Password(cred) => (Some(cred.password()), None, None, None),
+      Credential::Password(cred) => (Some(cred.password()), None, None, None, None),
-      Credential::PreloginCookie(cred) => (None, Some(cred.prelogin_cookie()), None, None),
+      Credential::Prelogin(cred) => (None, cred.prelogin_cookie(), None, None, cred.token()),
      Credential::AuthCookie(cred) => (
        None,
        None,
        Some(cred.user_auth_cookie()),
        Some(cred.prelogon_user_auth_cookie()),
        None,
      ),
      Credential::CachedCredential(cred) => (
        cred.password(),
        None,
        Some(cred.auth_cookie.user_auth_cookie()),
        Some(cred.auth_cookie.prelogon_user_auth_cookie()),
        None,
      ),
    };
@@ -214,17 +214,19 @@ impl Credential {
      portal_prelogonuserauthcookie.unwrap_or_default(),
    );
    if let Some(token) = token {
      params.insert("token", token);
    }
    params
  }
 }
-impl TryFrom<SamlAuthData> for Credential {
+impl From<SamlAuthData> for Credential {
-  type Error = anyhow::Error;
+  fn from(value: SamlAuthData) -> Self {
    let cred = PreloginCredential::from(value);
-  fn try_from(value: SamlAuthData) -> Result<Self, Self::Error> {
+    Self::Prelogin(cred)
    let prelogin_cookie = PreloginCookieCredential::try_from(value)?;
    Ok(Self::PreloginCookie(prelogin_cookie))
  }
 }
--- a/crates/gpapi/src/error.rs
+++ b/crates/gpapi/src/error.rs
@@ -0,0 +1,19 @@
 use thiserror::Error;
 #[derive(Error, Debug)]
 pub enum PortalError {
  #[error("Portal prelogin error: {0}")]
  PreloginError(String),
  #[error("Portal config error: {0}")]
  ConfigError(String),
  #[error("Network error: {0}")]
  NetworkError(String),
 }
 #[derive(Error, Debug)]
 pub enum AuthDataParseError {
  #[error("No auth data found")]
  NotFound,
  #[error("Invalid auth data")]
  Invalid,
 }
--- a/crates/gpapi/src/gateway/login.rs
+++ b/crates/gpapi/src/gateway/login.rs
@@ -1,13 +1,14 @@
 use anyhow::bail;
-use log::info;
+use log::{info, warn};
 use reqwest::Client;
 use roxmltree::Document;
 use urlencoding::encode;
 use crate::{
  credential::Credential,
  error::PortalError,
  gp_params::GpParams,
-  utils::{normalize_server, remove_url_scheme},
+  utils::{normalize_server, parse_gp_error, remove_url_scheme},
 };
 pub async fn gateway_login(gateway: &str, cred: &Credential, gp_params: &GpParams) -> anyhow::Result<String> {
@@ -28,11 +29,24 @@ pub async fn gateway_login(gateway: &str, cred: &Credential, gp_params: &GpParam
  info!("Gateway login, user_agent: {}", gp_params.user_agent());
-  let res = client.post(&login_url).form(&params).send().await?;
+  let res = client
    .post(&login_url)
    .form(&params)
    .send()
    .await
    .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
  let status = res.status();
  if status.is_client_error() || status.is_server_error() {
-    bail!("Gateway login error: {}", status)
+    let (reason, res) = parse_gp_error(res).await;
    warn!(
      "Gateway login error: reason={}, status={}, response={}",
      reason, status, res
    );
    bail!("Gateway login error, reason: {}", reason);
  }
  let res_xml = res.text().await?;
--- a/crates/gpapi/src/gp_params.rs
+++ b/crates/gpapi/src/gp_params.rs
@@ -51,7 +51,6 @@ pub struct GpParams {
  client_version: Option<String>,
  computer: String,
  ignore_tls_errors: bool,
  prefer_default_browser: bool,
 }
 impl GpParams {
@@ -79,10 +78,6 @@ impl GpParams {
    self.ignore_tls_errors
  }
  pub fn prefer_default_browser(&self) -> bool {
    self.prefer_default_browser
  }
  pub fn client_os(&self) -> &str {
    self.client_os.as_str()
  }
@@ -131,7 +126,6 @@ pub struct GpParamsBuilder {
  client_version: Option<String>,
  computer: String,
  ignore_tls_errors: bool,
  prefer_default_browser: bool,
 }
 impl GpParamsBuilder {
@@ -144,7 +138,6 @@ impl GpParamsBuilder {
      client_version: Default::default(),
      computer: whoami::hostname(),
      ignore_tls_errors: false,
      prefer_default_browser: false,
    }
  }
@@ -183,11 +176,6 @@ impl GpParamsBuilder {
    self
  }
  pub fn prefer_default_browser(&mut self, prefer_default_browser: bool) -> &mut Self {
    self.prefer_default_browser = prefer_default_browser;
    self
  }
  pub fn build(&self) -> GpParams {
    GpParams {
      is_gateway: self.is_gateway,
@@ -197,7 +185,6 @@ impl GpParamsBuilder {
      client_version: self.client_version.clone(),
      computer: self.computer.clone(),
      ignore_tls_errors: self.ignore_tls_errors,
      prefer_default_browser: self.prefer_default_browser,
    }
  }
 }
--- a/crates/gpapi/src/lib.rs
+++ b/crates/gpapi/src/lib.rs
@@ -1,5 +1,6 @@
 pub mod auth;
 pub mod credential;
 pub mod error;
 pub mod gateway;
 pub mod gp_params;
 pub mod portal;
--- a/crates/gpapi/src/portal/config.rs
+++ b/crates/gpapi/src/portal/config.rs
@@ -1,5 +1,5 @@
 use anyhow::bail;
-use log::info;
+use log::{info, warn};
 use reqwest::{Client, StatusCode};
 use roxmltree::Document;
 use serde::Serialize;
@@ -7,10 +7,10 @@ use specta::Type;
 use crate::{
  credential::{AuthCookieCredential, Credential},
  error::PortalError,
  gateway::{parse_gateways, Gateway},
  gp_params::GpParams,
-  portal::PortalError,
+  utils::{normalize_server, parse_gp_error, remove_url_scheme, xml},
  utils::{normalize_server, remove_url_scheme, xml},
 };
 #[derive(Debug, Serialize, Type)]
@@ -102,7 +102,12 @@ pub async fn retrieve_config(portal: &str, cred: &Credential, gp_params: &GpPara
  info!("Portal config, user_agent: {}", gp_params.user_agent());
-  let res = client.post(&url).form(&params).send().await?;
+  let res = client
    .post(&url)
    .form(&params)
    .send()
    .await
    .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
  let status = res.status();
  if status == StatusCode::NOT_FOUND {
@@ -110,7 +115,14 @@ pub async fn retrieve_config(portal: &str, cred: &Credential, gp_params: &GpPara
  }
  if status.is_client_error() || status.is_server_error() {
-    bail!("Portal config error: {}", status)
+    let (reason, res) = parse_gp_error(res).await;
    warn!(
      "Portal config error: reason={}, status={}, response={}",
      reason, status, res
    );
    bail!("Portal config error, reason: {}", reason);
  }
  let res_xml = res.text().await.map_err(|e| PortalError::ConfigError(e.to_string()))?;
--- a/crates/gpapi/src/portal/mod.rs
+++ b/crates/gpapi/src/portal/mod.rs
@@ -3,13 +3,3 @@ mod prelogin;
 pub use config::*;
 pub use prelogin::*;
 use thiserror::Error;
 #[derive(Error, Debug)]
 pub enum PortalError {
  #[error("Portal prelogin error: {0}")]
  PreloginError(String),
  #[error("Portal config error: {0}")]
  ConfigError(String),
 }
--- a/crates/gpapi/src/portal/prelogin.rs
+++ b/crates/gpapi/src/portal/prelogin.rs
@@ -1,14 +1,14 @@
-use anyhow::bail;
+use anyhow::{anyhow, bail};
-use log::info;
+use log::{info, warn};
 use reqwest::{Client, StatusCode};
 use roxmltree::Document;
 use serde::Serialize;
 use specta::Type;
 use crate::{
  error::PortalError,
  gp_params::GpParams,
-  portal::PortalError,
+  utils::{base64, normalize_server, parse_gp_error, xml},
  utils::{base64, normalize_server, xml},
 };
 const REQUIRED_PARAMS: [&str; 8] = [
@@ -107,25 +107,35 @@ pub async fn prelogin(portal: &str, gp_params: &GpParams) -> anyhow::Result<Prel
  let mut params = gp_params.to_params();
  params.insert("tmp", "tmp");
  if gp_params.prefer_default_browser() {
  params.insert("default-browser", "1");
-  }
+  params.insert("cas-support", "yes");
  params.retain(|k, _| REQUIRED_PARAMS.iter().any(|required_param| required_param == k));
  info!("Prelogin with params: {:?}", params);
  let client = Client::builder()
    .danger_accept_invalid_certs(gp_params.ignore_tls_errors())
    .user_agent(user_agent)
    .build()?;
-  let res = client.post(&prelogin_url).form(&params).send().await?;
+  let res = client
-  let status = res.status();
+    .post(&prelogin_url)
    .form(&params)
    .send()
    .await
    .map_err(|e| anyhow::anyhow!(PortalError::NetworkError(e.to_string())))?;
  let status = res.status();
  if status == StatusCode::NOT_FOUND {
    bail!(PortalError::PreloginError("Prelogin endpoint not found".to_string()))
  }
  if status.is_client_error() || status.is_server_error() {
    let (reason, res) = parse_gp_error(res).await;
    warn!("Prelogin error: reason={}, status={}, response={}", reason, status, res);
    bail!("Prelogin error: {}", status)
  }
@@ -187,8 +197,8 @@ fn parse_res_xml(res_xml: String, is_gateway: bool) -> anyhow::Result<Prelogin>
      label_password: label_password.unwrap(),
    };
-    return Ok(Prelogin::Standard(standard_prelogin));
+    Ok(Prelogin::Standard(standard_prelogin))
  } else {
    Err(anyhow!("Invalid prelogin response"))
  }
  bail!("Invalid prelogin response");
 }
--- a/crates/gpapi/src/process/auth_launcher.rs
+++ b/crates/gpapi/src/process/auth_launcher.rs
@@ -135,7 +135,7 @@ impl<'a> SamlAuthLauncher<'a> {
    };
    match auth_result {
-      SamlAuthResult::Success(auth_data) => Credential::try_from(auth_data),
+      SamlAuthResult::Success(auth_data) => Ok(Credential::from(auth_data)),
      SamlAuthResult::Failure(msg) => bail!(msg),
    }
  }
--- a/crates/gpapi/src/utils/mod.rs
+++ b/crates/gpapi/src/utils/mod.rs
@@ -1,4 +1,4 @@
-use reqwest::Url;
+use reqwest::{Response, Url};
 pub(crate) mod xml;
@@ -41,3 +41,18 @@ pub fn normalize_server(server: &str) -> anyhow::Result<String> {
 pub fn remove_url_scheme(s: &str) -> String {
  s.replace("http://", "").replace("https://", "")
 }
 pub(crate) async fn parse_gp_error(res: Response) -> (String, String) {
  let reason = res
    .headers()
    .get("x-private-pan-globalprotect")
    .map_or_else(|| "<none>", |v| v.to_str().unwrap_or("<invalid header>"))
    .to_string();
  let res = res.text().await.map_or_else(
    |_| "<failed to read response>".to_string(),
    |v| if v.is_empty() { "<empty>".to_string() } else { v },
  );
  (reason, res)
 }
--- a/crates/openconnect/Cargo.toml
+++ b/crates/openconnect/Cargo.toml
@@ -6,8 +6,8 @@ license.workspace = true
 links = "openconnect"
 [dependencies]
 common = { path = "../common" }
 log.workspace = true
 is_executable.workspace = true
 [build-dependencies]
 cc = "1"
--- a/crates/openconnect/src/lib.rs
+++ b/crates/openconnect/src/lib.rs
@@ -1,5 +1,4 @@
 mod ffi;
 mod vpn;
 mod vpnc_script;
 pub use vpn::*;
--- a/crates/openconnect/src/vpn.rs
+++ b/crates/openconnect/src/vpn.rs
@@ -1,11 +1,13 @@
 use std::{
  ffi::{c_char, CString},
  fmt,
  sync::{Arc, RwLock},
 };
 use common::vpn_utils::{find_vpnc_script, is_executable};
 use log::info;
-use crate::{ffi, vpnc_script::find_default_vpnc_script};
+use crate::ffi;
 type OnConnectedCallback = Arc<RwLock<Option<Box<dyn FnOnce() + 'static + Send + Sync>>>>;
@@ -77,11 +79,31 @@ impl Vpn {
  }
 }
 #[derive(Debug)]
 pub struct VpnError<'a> {
  message: &'a str,
 }
 impl<'a> VpnError<'a> {
  fn new(message: &'a str) -> Self {
    Self { message }
  }
 }
 impl fmt::Display for VpnError<'_> {
  fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
    write!(f, "{}", self.message)
  }
 }
 impl std::error::Error for VpnError<'_> {}
 pub struct VpnBuilder {
  server: String,
  cookie: String,
  user_agent: Option<String>,
  script: Option<String>,
  user_agent: Option<String>,
  os: Option<String>,
  csd_uid: u32,
@@ -95,22 +117,25 @@ impl VpnBuilder {
    Self {
      server: server.to_string(),
      cookie: cookie.to_string(),
      user_agent: None,
      script: None,
      user_agent: None,
      os: None,
      csd_uid: 0,
      csd_wrapper: None,
      mtu: 0,
    }
  }
-  pub fn user_agent<T: Into<Option<String>>>(mut self, user_agent: T) -> Self {
+  pub fn script<T: Into<Option<String>>>(mut self, script: T) -> Self {
-    self.user_agent = user_agent.into();
+    self.script = script.into();
    self
  }
-  pub fn script<T: Into<Option<String>>>(mut self, script: T) -> Self {
+  pub fn user_agent<T: Into<Option<String>>>(mut self, user_agent: T) -> Self {
-    self.script = script.into();
+    self.user_agent = user_agent.into();
    self
  }
@@ -134,12 +159,27 @@ impl VpnBuilder {
    self
  }
-  pub fn build(self) -> Vpn {
+  pub fn build(self) -> Result<Vpn, VpnError<'static>> {
    let script = match self.script {
      Some(script) => {
        if !is_executable(&script) {
          return Err(VpnError::new("vpnc script is not executable"));
        }
        script
      }
      None => find_vpnc_script().ok_or_else(|| VpnError::new("Failed to find vpnc-script"))?,
    };
    if let Some(csd_wrapper) = &self.csd_wrapper {
      if !is_executable(csd_wrapper) {
        return Err(VpnError::new("CSD wrapper is not executable"));
      }
    }
    let user_agent = self.user_agent.unwrap_or_default();
    let script = self.script.or_else(find_default_vpnc_script).unwrap_or_default();
    let os = self.os.unwrap_or("linux".to_string());
-    Vpn {
+    Ok(Vpn {
      server: Self::to_cstring(&self.server),
      cookie: Self::to_cstring(&self.cookie),
      user_agent: Self::to_cstring(&user_agent),
@@ -154,7 +194,7 @@ impl VpnBuilder {
      mtu: self.mtu,
      callback: Default::default(),
-    }
+    })
  }
  fn to_cstring(value: &str) -> CString {
--- a/crates/openconnect/src/vpnc_script.rs
+++ b/crates/openconnect/src/vpnc_script.rs
@@ -1,23 +0,0 @@
 use is_executable::IsExecutable;
 use std::path::Path;
 const VPNC_SCRIPT_LOCATIONS: [&str; 5] = [
  "/usr/local/share/vpnc-scripts/vpnc-script",
  "/usr/local/sbin/vpnc-script",
  "/usr/share/vpnc-scripts/vpnc-script",
  "/usr/sbin/vpnc-script",
  "/etc/vpnc/vpnc-script",
 ];
 pub(crate) fn find_default_vpnc_script() -> Option<String> {
  for location in VPNC_SCRIPT_LOCATIONS.iter() {
    let path = Path::new(location);
    if path.is_executable() {
      return Some(location.to_string());
    }
  }
  log::warn!("vpnc-script not found");
  None
 }
--- a/packaging/binary/Makefile.in
+++ b/packaging/binary/Makefile.in
@@ -6,6 +6,10 @@ install:
 	install -Dm755 artifacts/usr/bin/gpauth $(DESTDIR)/usr/bin/gpauth
 	install -Dm755 artifacts/usr/bin/gpgui-helper $(DESTDIR)/usr/bin/gpgui-helper
 	if [ -f artifacts/usr/bin/gpgui ]; then \
 		install -Dm755 artifacts/usr/bin/gpgui $(DESTDIR)/usr/bin/gpgui; \
 	fi
 	install -Dm644 artifacts/usr/share/applications/gpgui.desktop $(DESTDIR)/usr/share/applications/gpgui.desktop
 	install -Dm644 artifacts/usr/share/icons/hicolor/scalable/apps/gpgui.svg $(DESTDIR)/usr/share/icons/hicolor/scalable/apps/gpgui.svg
 	install -Dm644 artifacts/usr/share/icons/hicolor/32x32/apps/gpgui.png $(DESTDIR)/usr/share/icons/hicolor/32x32/apps/gpgui.png
--- a/packaging/deb/control.in
+++ b/packaging/deb/control.in
@@ -3,7 +3,16 @@ Section: net
 Priority: optional
 Maintainer: Kevin Yue <k3vinyue@gmail.com>
 Standards-Version: 4.1.4
-Build-Depends: debhelper (>= 9), pkg-config, jq (>= 1), make (>= 4), openconnect (>= 8.20), libxml2, libsecret-1-0, libayatana-appindicator3-1, libwebkit2gtk-4.0-37, libgtk-3-0, gnome-keyring, @RUST@
+Build-Depends: debhelper (>= 9),
  pkg-config,
  jq (>= 1),
  make (>= 4),
  libxml2,
  libsecret-1-0,
  libayatana-appindicator3-1,
  gnome-keyring,
  libwebkit2gtk-4.0-dev,
  libopenconnect-dev (>= 8.20),@RUST@
 Homepage: https://github.com/yuezk/GlobalProtect-openconnect
 Package: globalprotect-openconnect
--- a/packaging/deb/postrm
+++ b/packaging/deb/postrm
@@ -0,0 +1,14 @@
 #!/bin/sh
 set -e
 case "$1" in
    purge|remove|upgrade)
        # Remove the gpgui binary downloaded at runtime
        rm -f /usr/bin/gpgui
    ;;
    *)
    ;;
 esac
 exit 0
--- a/packaging/deb/rules
+++ b/packaging/deb/rules
@@ -1,6 +0,0 @@
 #!/usr/bin/make -f
 export OFFLINE = @OFFLINE@ BUILD_FE=0
 %:
 	dh $@
--- a/packaging/deb/rules.in
+++ b/packaging/deb/rules.in
@@ -0,0 +1,7 @@
 #!/usr/bin/make -f
 export OFFLINE = @OFFLINE@
 export BUILD_FE = 0
 %:
 	dh $@ --no-parallel
--- a/packaging/rpm/globalprotect-openconnect.spec.in
+++ b/packaging/rpm/globalprotect-openconnect.spec.in
@@ -15,9 +15,9 @@ BuildRequires:  jq
 BuildRequires:  pkg-config
 BuildRequires:  openconnect-devel
 BuildRequires:  openssl-devel
 BuildRequires:  curl
 BuildRequires:  wget
 BuildRequires:  file
 BuildRequires:  perl
 BuildRequires:  (webkit2gtk4.0-devel or webkit2gtk3-soup2-devel)
 BuildRequires:  (libappindicator-gtk3-devel or libappindicator3-1)
@@ -34,6 +34,9 @@ A GUI for GlobalProtect VPN, based on OpenConnect, supports the SSO authenticati
 %prep
 %setup
 %postun
 rm -f %{_bindir}/gpgui
 %build
 # The injected RUSTFLAGS could fail the build
 unset RUSTFLAGS
@@ -44,10 +47,7 @@ make build OFFLINE=@OFFLINE@ BUILD_FE=0
 %files
 %defattr(-,root,root)
-%{_bindir}/gpclient
+%{_bindir}/*
 %{_bindir}/gpservice
 %{_bindir}/gpauth
 %{_bindir}/gpgui-helper
 %{_datadir}/applications/gpgui.desktop
 %{_datadir}/icons/hicolor/32x32/apps/gpgui.png
 %{_datadir}/icons/hicolor/128x128/apps/gpgui.png
Author	SHA1	Message	Date
Kevin Yue	0188752c0a	Bump version 2.1.3	2024-04-06 20:07:57 +08:00
Kevin Yue	a884c41813	Rename PreloginCredential	2024-04-06 19:40:08 +08:00
Kevin Yue	879b977321	Add message for the '--as-gateway' option	2024-04-06 19:26:42 +08:00
Kevin Yue	e9cb253be1	Update dependencies	2024-04-06 19:14:31 +08:00
Kevin Yue	07eacae385	Add '--as-gateway' option (#318 )	2024-04-06 19:07:09 +08:00
Kevin Yue	8446874290	Decode extracted gpcallback	2024-04-05 18:01:09 +08:00
Kevin Yue	c347f97b95	Update vite	2024-04-04 18:34:58 +08:00
Kevin Yue	29cfa9e24b	Polish authentication	2024-04-04 18:31:48 +08:00
Kevin Yue	1b1ce882a5	Update CI	2024-04-03 21:17:24 +08:00
Kevin Yue	e9f2dbf9ea	Support CAS authentication	2024-04-03 06:40:40 -04:00
Kevin Yue	7c6ae315e1	Fix CI	2024-04-02 21:46:30 +08:00
Kevin Yue	cec0d22dc8	Support CAS authentication	2024-04-02 20:06:00 +08:00
Kevin Yue	b2ca82e105	Update changelog	2024-03-29 07:55:10 -04:00
Kevin Yue	5ba6b1d5fc	Merge branch 'hotfix/handle_network_error' into release/2.1.2	2024-03-29 07:52:17 -04:00
Kevin Yue	a96e77c758	Bump version 2.1.2	2024-03-29 07:48:02 -04:00
Kevin Yue	79e0f0c7c1	Handle portal endpoint network error	2024-03-29 01:57:53 -04:00
Kevin Yue	187ca778f2	Release 2.1.1	2024-03-25 21:42:16 +08:00
Kevin Yue	2d1aa3ba8c	Handle the gateway endpoint error Related: #338	2024-03-25 21:03:54 +08:00
Kevin Yue	08bd4efefa	Improve the error message Related #327	2024-03-23 20:05:54 +08:00
Kevin Yue	558485f5a9	Add the --hip option	2024-03-17 18:41:42 +08:00
Kevin Yue	cff2ff9dbe	Update dependencies	2024-03-16 21:24:41 +08:00
Kevin Yue	d5d92cfbee	Ensure vpnc_script and csd_wrapper executable	2024-03-16 21:06:49 +08:00
Kevin Yue	a00f6a8cba	Add vpnc_script location, fix #336	2024-03-16 12:05:09 +08:00
Kevin Yue	59dee3d767	Update packaging script	2024-03-11 07:55:49 -04:00
Kevin Yue	e94661b213	Fix build-depends	2024-03-10 08:32:35 -04:00
Kevin Yue	9dea81bdff	Update CI	2024-03-10 16:31:18 +08:00
Kevin Yue	6ff552c1ec	Update packaging	2024-03-05 08:12:26 -05:00
Kevin Yue	c1b1ea1a67	Update install instructions	2024-02-27 21:05:52 +08:00