add -E / --exec-openconnect

in more advanced use cases, such as https://github.com/cernekee/ocproxy there's no need to elevate privileges in order to execute openconnect
dlenski · May 2, 2024 · feac68e · feac68e
1 parent 13d373a
commit feac68e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/gp-saml-gui.8 b/gp-saml-gui.8
@@ -16,6 +16,7 @@ gp-saml-gui \- login to a GlobalProtect VPN that uses SAML authentication
 .OP -x
 .OP -P
 .OP -S
+.OP -E
 .OP -u
 .OP --clientos {Windows,Linux,Mac}
 .OP -f EXTRA
@@ -82,6 +83,9 @@ Use PolicyKit (\fBpkexec\fR) to exec openconnect
 .B -S, --sudo-openconnect
 Use sudo to exec openconnect
 .IP
+.B -E, --exec-openconnect
+Execute openconnect directly (advanced users)
+.IP
 .B -f, --field
 Extra form field(s) to pass to include in the login query string
 (e.g. "-f magic-cookie-value=deadbeef01234567")

diff --git a/gp_saml_gui.py b/gp_saml_gui.py
@@ -275,6 +275,7 @@ def parse_args(args = None):
     x.add_argument('-x','--external', action='store_true', help='Launch external browser (for debugging)')
     x.add_argument('-P','--pkexec-openconnect', action='store_const', dest='exec', const='pkexec', help='Use PolicyKit to exec openconnect')
     x.add_argument('-S','--sudo-openconnect', action='store_const', dest='exec', const='sudo', help='Use sudo to exec openconnect')
+    x.add_argument('-E','--exec-openconnect', action='store_const', dest='exec', const='exec', help='Execute openconnect directly (advanced users)')
     g.add_argument('-u','--uri', action='store_true', help='Treat server as the complete URI of the SAML entry point, rather than GlobalProtect server')
     g.add_argument('--clientos', choices=set(pf2clientos.values()), default=default_clientos, help="clientos value to send (default is %(default)s)")
     p.add_argument('-f','--field', dest='extra', action='append', default=[],
@@ -450,10 +451,11 @@ def main(args = None):
             # redirect stdin from this file, before it is closed by the context manager
             # (it will remain accessible via the open file descriptor)
             dup2(tf.fileno(), 0)
+        cmd = ["openconnect"] + openconnect_args
         if args.exec == 'pkexec':
-            cmd = ["pkexec", "--user", "root", "openconnect"] + openconnect_args
+            cmd = ["pkexec", "--user", "root"] + cmd
         elif args.exec == 'sudo':
-            cmd = ["sudo", "openconnect"] + openconnect_args
+            cmd = ["sudo"] + cmd
         execvp(cmd[0], cmd)
 
     else: