Skip to content

Commit feac68e

Browse files
mildsunrisedlenski
mildsunrise
authored and
dlenski
committed
add -E / --exec-openconnect
in more advanced use cases, such as https://github.com/cernekee/ocproxy there's no need to elevate privileges in order to execute openconnect
1 parent 13d373a commit feac68e

File tree

2 files changed

+8
-2
lines changed

2 files changed

+8
-2
lines changed

gp-saml-gui.8

+4
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ gp-saml-gui \- login to a GlobalProtect VPN that uses SAML authentication
1616
.OP -x
1717
.OP -P
1818
.OP -S
19+
.OP -E
1920
.OP -u
2021
.OP --clientos {Windows,Linux,Mac}
2122
.OP -f EXTRA
@@ -82,6 +83,9 @@ Use PolicyKit (\fBpkexec\fR) to exec openconnect
8283
.B -S, --sudo-openconnect
8384
Use sudo to exec openconnect
8485
.IP
86+
.B -E, --exec-openconnect
87+
Execute openconnect directly (advanced users)
88+
.IP
8589
.B -f, --field
8690
Extra form field(s) to pass to include in the login query string
8791
(e.g. "-f magic-cookie-value=deadbeef01234567")

gp_saml_gui.py

+4-2
Original file line numberDiff line numberDiff line change
@@ -275,6 +275,7 @@ def parse_args(args = None):
275275
x.add_argument('-x','--external', action='store_true', help='Launch external browser (for debugging)')
276276
x.add_argument('-P','--pkexec-openconnect', action='store_const', dest='exec', const='pkexec', help='Use PolicyKit to exec openconnect')
277277
x.add_argument('-S','--sudo-openconnect', action='store_const', dest='exec', const='sudo', help='Use sudo to exec openconnect')
278+
x.add_argument('-E','--exec-openconnect', action='store_const', dest='exec', const='exec', help='Execute openconnect directly (advanced users)')
278279
g.add_argument('-u','--uri', action='store_true', help='Treat server as the complete URI of the SAML entry point, rather than GlobalProtect server')
279280
g.add_argument('--clientos', choices=set(pf2clientos.values()), default=default_clientos, help="clientos value to send (default is %(default)s)")
280281
p.add_argument('-f','--field', dest='extra', action='append', default=[],
@@ -450,10 +451,11 @@ def main(args = None):
450451
# redirect stdin from this file, before it is closed by the context manager
451452
# (it will remain accessible via the open file descriptor)
452453
dup2(tf.fileno(), 0)
454+
cmd = ["openconnect"] + openconnect_args
453455
if args.exec == 'pkexec':
454-
cmd = ["pkexec", "--user", "root", "openconnect"] + openconnect_args
456+
cmd = ["pkexec", "--user", "root"] + cmd
455457
elif args.exec == 'sudo':
456-
cmd = ["sudo", "openconnect"] + openconnect_args
458+
cmd = ["sudo"] + cmd
457459
execvp(cmd[0], cmd)
458460

459461
else:

0 commit comments

Comments
 (0)