feat: add HIP report generation functionality and related dependencies

Author: yuezk

Cargo.lock

@@ -19,7 +19,9 @@ license = "GPL-3.0"
 
 [workspace.dependencies]
 anyhow = "1.0"
+askama = "0.14"
 base64 = "0.22"
+chrono = "0.4"
 clap = { version = "4", features = ["derive"] }
 clap-verbosity-flag = "3"
 ctrlc = "3.4"
@@ -32,7 +34,7 @@ regex = "1"
 reqwest = { version = "0.12", features = ["native-tls", "json"] }
 openssl = "0.10"
 pem = "3"
-roxmltree = "0.21"
+xmltree = "0.12"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 # Use 0.36 as newer versions requires Rust 1.88+
@@ -54,6 +56,9 @@ serde_urlencoded = "0.7"
 md5 = "0.8"
 sha256 = "1"
 which = "8"
+uuid = "1"
+netdev = "0.39"
+machine-uid = "0.5"
 
 # Tauri dependencies
 tauri = { version = "2" }

Cargo.toml

@@ -136,6 +136,9 @@ install:
 		install -Dm755 .build/gpgui/gpgui_*/gpgui $(DESTDIR)/usr/bin/gpgui; \
 	fi
 
+	# Install the HIP report script
+	install -Dm755 packaging/files/usr/libexec/gpclient/hipreport.sh $(DESTDIR)/usr/libexec/gpclient/hipreport.sh
+
 	# Install the disconnect hooks
 	install -Dm755 packaging/files/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down
 	install -Dm755 packaging/files/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook
@@ -156,6 +159,8 @@ uninstall:
 	rm -f $(DESTDIR)/usr/bin/gpgui-helper
 	rm -f $(DESTDIR)/usr/bin/gpgui
 
+	rm -f $(DESTDIR)/usr/libexec/gpclient/hipreport.sh
+
 	rm -f $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/pre-down.d/gpclient.down
 	rm -f $(DESTDIR)/usr/lib/NetworkManager/dispatcher.d/gpclient-nm-hook
 

Makefile

@@ -12,18 +12,23 @@ gpapi = { path = "../../crates/gpapi", features = ["clap"] }
 openconnect = { path = "../../crates/openconnect" }
 
 anyhow.workspace = true
+askama.workspace = true
+chrono.workspace = true
 clap.workspace = true
 env_logger.workspace = true
 inquire = "0.9"
 log.workspace = true
 tokio = { workspace = true, features = ["rt-multi-thread"] }
 sysinfo.workspace = true
 serde_json.workspace = true
+serde_urlencoded.workspace = true
 whoami.workspace = true
 tempfile.workspace = true
 reqwest.workspace = true
 directories.workspace = true
 compile-time.workspace = true
+netdev.workspace = true
+xmltree.workspace = true
 
 [features]
 default = ["webview-auth"]

apps/gpclient/Cargo.toml

@@ -3,7 +3,7 @@ use std::{env::temp_dir, fs::File, str::FromStr};
 use anyhow::bail;
 use clap::{Parser, Subcommand};
 use gpapi::{
-  clap::{handle_error, Args, InfoLevelVerbosity},
+  clap::{Args, InfoLevelVerbosity, handle_error},
   utils::openssl,
 };
 use log::info;
@@ -12,10 +12,11 @@ use tempfile::NamedTempFile;
 use tokio::fs;
 
 use crate::{
+  GP_CLIENT_LOCK_FILE,
   connect::{ConnectArgs, ConnectHandler},
   disconnect::{DisconnectArgs, DisconnectHandler},
+  hip::{HipArgs, HipHandler},
   launch_gui::{LaunchGuiArgs, LaunchGuiHandler},
-  GP_CLIENT_LOCK_FILE,
 };
 
 const VERSION: &str = concat!(env!("CARGO_PKG_VERSION"), " (", compile_time::date_str!(), ")");
@@ -34,6 +35,8 @@ enum CliCommand {
   Disconnect(DisconnectArgs),
   #[command(about = "Launch the GUI")]
   LaunchGui(LaunchGuiArgs),
+  #[command(about = "Generate HIP report")]
+  Hip(HipArgs),
 }
 
 #[derive(Parser)]
@@ -132,6 +135,7 @@ impl Cli {
       CliCommand::Connect(args) => ConnectHandler::new(args, &shared_args).handle().await,
       CliCommand::Disconnect(args) => DisconnectHandler::new(args).handle().await,
       CliCommand::LaunchGui(args) => LaunchGuiHandler::new(args).handle().await,
+      CliCommand::Hip(args) => HipHandler::new(args).handle().await,
     }
   }
 }

apps/gpclient/src/cli.rs

@@ -1,8 +1,8 @@
-use std::{cell::RefCell, fs, sync::Arc};
+use std::{borrow::Cow, cell::RefCell, fs, sync::Arc};
 
 use anyhow::bail;
 use clap::Args;
-use common::constants::GP_USER_AGENT;
+use common::constants::{GP_CLIENT_VERSION, GP_USER_AGENT};
 use gpapi::{
   auth::SamlAuthResult,
   clap::{ToVerboseArg, args::Os},
@@ -15,7 +15,7 @@ use gpapi::{
     auth_launcher::SamlAuthLauncher,
     users::{get_non_root_user, get_user_by_name},
   },
-  utils::{request::RequestIdentityError, shutdown_signal},
+  utils::{host_utils, request::RequestIdentityError, shutdown_signal},
 };
 use inquire::{Password, PasswordDisplayMode, Select, Text};
 use log::{info, warn};
@@ -86,8 +86,11 @@ pub(crate) struct ConnectArgs {
   #[arg(long, help = "Do not ask for IPv6 connectivity")]
   disable_ipv6: bool,
 
-  #[arg(long, default_value = GP_USER_AGENT, help = "The user agent to use")]
-  user_agent: String,
+  #[arg(
+    long,
+    help = "The user agent to use, if not specified, it will be generated based on the OS and client version"
+  )]
+  user_agent: Option<String>,
 
   #[arg(long, value_enum, default_value_t = ConnectArgs::default_os())]
   os: Os,
@@ -130,18 +133,29 @@ pub(crate) struct ConnectArgs {
 
 impl ConnectArgs {
   fn default_os() -> Os {
-    if cfg!(target_os = "macos") { Os::Mac } else { Os::Linux }
+    #[cfg(target_os = "macos")]
+    {
+      Os::Mac
+    }
+    #[cfg(target_os = "windows")]
+    {
+      Os::Windows
+    }
+    #[cfg(not(any(target_os = "macos", target_os = "windows")))]
+    {
+      Os::Linux
+    }
   }
 
-  fn os_version(&self) -> String {
+  fn os_version(&self) -> &str {
     if let Some(os_version) = self.os_version.as_deref() {
-      return os_version.to_string();
+      return os_version;
     }
 
     match self.os {
-      Os::Linux => format!("Linux {}", whoami::distro()),
-      Os::Windows => String::from("Microsoft Windows 11 Pro , 64-bit"),
-      Os::Mac => String::from("Apple Mac OS X 13.4.0"),
+      Os::Linux => host_utils::get_linux_os_string(),
+      Os::Windows => host_utils::get_windows_os_string(),
+      Os::Mac => host_utils::get_macos_os_string(),
     }
   }
 }
@@ -163,11 +177,25 @@ impl<'a> ConnectHandler<'a> {
     }
   }
 
+  fn user_agent(&self) -> Cow<'_, str> {
+    if let Some(user_agent) = self.args.user_agent.as_deref() {
+      Cow::Borrowed(user_agent)
+    } else {
+      let client_version = self.args.client_version.as_deref().unwrap_or(GP_CLIENT_VERSION);
+      Cow::Owned(format!(
+        "{}/{} ({})",
+        GP_USER_AGENT,
+        client_version,
+        self.args.os_version()
+      ))
+    }
+  }
+
   fn build_gp_params(&self) -> GpParams {
     GpParams::builder()
-      .user_agent(&self.args.user_agent)
+      .user_agent(&self.user_agent())
       .client_os(ClientOs::from(&self.args.os))
-      .os_version(self.args.os_version())
+      .os_version(self.args.os_version().to_owned())
       .ignore_tls_errors(self.shared_args.ignore_tls_errors)
       .certificate(self.args.certificate.clone())
       .sslkey(self.args.sslkey.clone())
@@ -331,14 +359,16 @@ impl<'a> ConnectHandler<'a> {
       (false, None)
     };
 
-    let os = ClientOs::from(&self.args.os).to_openconnect_os().to_string();
+    let os = ClientOs::from(&self.args.os).to_openconnect_os().to_owned();
+    let os_version = self.args.os_version().to_owned();
     let client_version = client_version.map(|s| s.to_owned());
     let vpn = Vpn::builder(gateway, cookie)
       .script(self.args.script.clone())
       .interface(self.args.interface.clone())
       .script_tun(self.args.script_tun)
-      .user_agent(self.args.user_agent.clone())
+      .user_agent(self.user_agent().into_owned())
       .os(Some(os))
+      .os_version(Some(os_version))
       .client_version(client_version)
       .certificate(self.args.certificate.clone())
       .sslkey(self.args.sslkey.clone())
@@ -394,10 +424,11 @@ impl<'a> ConnectHandler<'a> {
 
         let os_version = self.args.os_version();
         let verbose = self.shared_args.verbose.to_verbose_arg();
+        let user_agent = self.user_agent();
         let auth_launcher = SamlAuthLauncher::new(&self.args.server)
           .gateway(is_gateway)
           .saml_request(prelogin.saml_request())
-          .user_agent(&self.args.user_agent)
+          .user_agent(&user_agent)
           .os(self.args.os.as_str())
           .os_version(Some(&os_version))
           .fix_openssl(self.shared_args.fix_openssl)