mirror of
https://github.com/yuezk/GlobalProtect-openconnect.git
synced 2025-04-02 18:31:50 -04:00
8a65099ca7
* migrate to cmake * move the 3rd party libs * organize 3rdparty * update the 3rd party version * refine the CMakeLists.txt * update install command * update install command * update install command * update install command * update dependency * update the dependency * update the dependency * remove CPM.cmake * remove QtCreator project file * update cmake file * improve cmake file * add cmakew * use wget * remove echo * update the doc * remove the screenshot * update the doc * update the install steps * check the openconnect version * update the doc * update install scripts * fix install scripts * improve message * improve message * improve install scripts * improve the version check * improve the version check * improve install script * add version * organize includes * add version bump * update CI * update CI * add the release flag * update message
182 lines
6.1 KiB
C++
182 lines
6.1 KiB
C++
#include <QtNetwork/QNetworkReply>
|
|
#include <plog/Log.h>
|
|
|
|
#include "gatewayauthenticator.h"
|
|
#include "gphelper.h"
|
|
#include "loginparams.h"
|
|
#include "preloginresponse.h"
|
|
|
|
using namespace gpclient::helper;
|
|
|
|
GatewayAuthenticator::GatewayAuthenticator(const QString& gateway, const GatewayAuthenticatorParams params)
|
|
: QObject()
|
|
, gateway(gateway)
|
|
, params(params)
|
|
, preloginUrl("https://" + gateway + "/ssl-vpn/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100")
|
|
, loginUrl("https://" + gateway + "/ssl-vpn/login.esp")
|
|
{
|
|
if (!params.clientos().isEmpty()) {
|
|
preloginUrl = preloginUrl + "&clientos=" + params.clientos();
|
|
}
|
|
}
|
|
|
|
GatewayAuthenticator::~GatewayAuthenticator()
|
|
{
|
|
delete normalLoginWindow;
|
|
}
|
|
|
|
void GatewayAuthenticator::authenticate()
|
|
{
|
|
PLOGI << "Start gateway authentication...";
|
|
|
|
LoginParams loginParams { params.clientos() };
|
|
loginParams.setUser(params.username());
|
|
loginParams.setPassword(params.password());
|
|
loginParams.setUserAuthCookie(params.userAuthCookie());
|
|
|
|
login(loginParams);
|
|
}
|
|
|
|
void GatewayAuthenticator::login(const LoginParams &loginParams)
|
|
{
|
|
PLOGI << "Trying to login the gateway at " << loginUrl << " with " << loginParams.toUtf8();
|
|
|
|
QNetworkReply *reply = createRequest(loginUrl, loginParams.toUtf8());
|
|
connect(reply, &QNetworkReply::finished, this, &GatewayAuthenticator::onLoginFinished);
|
|
}
|
|
|
|
void GatewayAuthenticator::onLoginFinished()
|
|
{
|
|
QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
|
|
QByteArray response;
|
|
|
|
if (reply->error() || (response = reply->readAll()).contains("Authentication failure")) {
|
|
PLOGE << QString("Failed to login the gateway at %1, %2").arg(loginUrl).arg(reply->errorString());
|
|
|
|
if (normalLoginWindow) {
|
|
normalLoginWindow->setProcessing(false);
|
|
openMessageBox("Gateway login failed.", "Please check your credentials and try again.");
|
|
} else {
|
|
doAuth();
|
|
}
|
|
return;
|
|
}
|
|
|
|
if (normalLoginWindow) {
|
|
normalLoginWindow->close();
|
|
}
|
|
|
|
const QUrlQuery params = gpclient::helper::parseGatewayResponse(response);
|
|
emit success(params.toString());
|
|
}
|
|
|
|
void GatewayAuthenticator::doAuth()
|
|
{
|
|
PLOGI << "Perform the gateway prelogin at " << preloginUrl;
|
|
|
|
QNetworkReply *reply = createRequest(preloginUrl);
|
|
connect(reply, &QNetworkReply::finished, this, &GatewayAuthenticator::onPreloginFinished);
|
|
}
|
|
|
|
void GatewayAuthenticator::onPreloginFinished()
|
|
{
|
|
QNetworkReply *reply = qobject_cast<QNetworkReply*>(sender());
|
|
|
|
if (reply->error()) {
|
|
PLOGE << QString("Failed to prelogin the gateway at %1, %2").arg(preloginUrl).arg(reply->errorString());
|
|
|
|
emit fail("Error occurred on the gateway prelogin interface.");
|
|
return;
|
|
}
|
|
|
|
PLOGI << "Gateway prelogin succeeded.";
|
|
|
|
PreloginResponse response = PreloginResponse::parse(reply->readAll());
|
|
|
|
if (response.hasSamlAuthFields()) {
|
|
samlAuth(response.samlMethod(), response.samlRequest(), reply->url().toString());
|
|
} else if (response.hasNormalAuthFields()) {
|
|
normalAuth(response.labelUsername(), response.labelPassword(), response.authMessage());
|
|
} else {
|
|
PLOGE << QString("Unknown prelogin response for %1, got %2").arg(preloginUrl).arg(QString::fromUtf8(response.rawResponse()));
|
|
emit fail("Unknown response for gateway prelogin interface.");
|
|
}
|
|
|
|
delete reply;
|
|
}
|
|
|
|
void GatewayAuthenticator::normalAuth(QString labelUsername, QString labelPassword, QString authMessage)
|
|
{
|
|
PLOGI << QString("Trying to perform the normal login with %1 / %2 credentials").arg(labelUsername).arg(labelPassword);
|
|
|
|
normalLoginWindow = new NormalLoginWindow;
|
|
normalLoginWindow->setPortalAddress(gateway);
|
|
normalLoginWindow->setAuthMessage(authMessage);
|
|
normalLoginWindow->setUsernameLabel(labelUsername);
|
|
normalLoginWindow->setPasswordLabel(labelPassword);
|
|
|
|
// Do login
|
|
connect(normalLoginWindow, &NormalLoginWindow::performLogin, this, &GatewayAuthenticator::onPerformNormalLogin);
|
|
connect(normalLoginWindow, &NormalLoginWindow::rejected, this, &GatewayAuthenticator::onLoginWindowRejected);
|
|
connect(normalLoginWindow, &NormalLoginWindow::finished, this, &GatewayAuthenticator::onLoginWindowFinished);
|
|
|
|
normalLoginWindow->show();
|
|
}
|
|
|
|
void GatewayAuthenticator::onPerformNormalLogin(const QString &username, const QString &password)
|
|
{
|
|
PLOGI << "Start to perform normal login...";
|
|
|
|
normalLoginWindow->setProcessing(true);
|
|
LoginParams loginParams { params.clientos() };
|
|
loginParams.setUser(username);
|
|
loginParams.setPassword(password);
|
|
|
|
login(loginParams);
|
|
}
|
|
|
|
void GatewayAuthenticator::onLoginWindowRejected()
|
|
{
|
|
emit fail();
|
|
}
|
|
|
|
void GatewayAuthenticator::onLoginWindowFinished()
|
|
{
|
|
delete normalLoginWindow;
|
|
normalLoginWindow = nullptr;
|
|
}
|
|
|
|
void GatewayAuthenticator::samlAuth(QString samlMethod, QString samlRequest, QString preloginUrl)
|
|
{
|
|
PLOGI << "Trying to perform SAML login with saml-method " << samlMethod;
|
|
|
|
SAMLLoginWindow *loginWindow = new SAMLLoginWindow;
|
|
|
|
connect(loginWindow, &SAMLLoginWindow::success, this, &GatewayAuthenticator::onSAMLLoginSuccess);
|
|
connect(loginWindow, &SAMLLoginWindow::fail, this, &GatewayAuthenticator::onSAMLLoginFail);
|
|
connect(loginWindow, &SAMLLoginWindow::rejected, this, &GatewayAuthenticator::onLoginWindowRejected);
|
|
|
|
loginWindow->login(samlMethod, samlRequest, preloginUrl);
|
|
}
|
|
|
|
void GatewayAuthenticator::onSAMLLoginSuccess(const QMap<QString, QString> &samlResult)
|
|
{
|
|
if (samlResult.contains("preloginCookie")) {
|
|
PLOGI << "SAML login succeeded, got the prelogin-cookie " << samlResult.value("preloginCookie");
|
|
} else {
|
|
PLOGI << "SAML login succeeded, got the portal-userauthcookie " << samlResult.value("userAuthCookie");
|
|
}
|
|
|
|
LoginParams loginParams { params.clientos() };
|
|
loginParams.setUser(samlResult.value("username"));
|
|
loginParams.setPreloginCookie(samlResult.value("preloginCookie"));
|
|
loginParams.setUserAuthCookie(samlResult.value("userAuthCookie"));
|
|
|
|
login(loginParams);
|
|
}
|
|
|
|
void GatewayAuthenticator::onSAMLLoginFail(const QString msg)
|
|
{
|
|
emit fail(msg);
|
|
}
|