From feac68edca72849e89cbdb9a7af1390e3173f08d Mon Sep 17 00:00:00 2001
From: Alba Mendez <me@alba.sh>
Date: Tue, 16 Apr 2024 21:59:27 +0200
Subject: [PATCH] add -E / --exec-openconnect

in more advanced use cases, such as
https://github.com/cernekee/ocproxy
there's no need to elevate privileges in order
to execute openconnect
---
 gp-saml-gui.8  | 4 ++++
 gp_saml_gui.py | 6 ++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/gp-saml-gui.8 b/gp-saml-gui.8
index f4c4f98..8c8f2dc 100644
--- a/gp-saml-gui.8
+++ b/gp-saml-gui.8
@@ -16,6 +16,7 @@ gp-saml-gui \- login to a GlobalProtect VPN that uses SAML authentication
 .OP -x
 .OP -P
 .OP -S
+.OP -E
 .OP -u
 .OP --clientos {Windows,Linux,Mac}
 .OP -f EXTRA
@@ -82,6 +83,9 @@ Use PolicyKit (\fBpkexec\fR) to exec openconnect
 .B -S, --sudo-openconnect
 Use sudo to exec openconnect
 .IP
+.B -E, --exec-openconnect
+Execute openconnect directly (advanced users)
+.IP
 .B -f, --field
 Extra form field(s) to pass to include in the login query string
 (e.g. "-f magic-cookie-value=deadbeef01234567")
diff --git a/gp_saml_gui.py b/gp_saml_gui.py
index e1fd4b2..dad87cf 100755
--- a/gp_saml_gui.py
+++ b/gp_saml_gui.py
@@ -275,6 +275,7 @@ def parse_args(args = None):
     x.add_argument('-x','--external', action='store_true', help='Launch external browser (for debugging)')
     x.add_argument('-P','--pkexec-openconnect', action='store_const', dest='exec', const='pkexec', help='Use PolicyKit to exec openconnect')
     x.add_argument('-S','--sudo-openconnect', action='store_const', dest='exec', const='sudo', help='Use sudo to exec openconnect')
+    x.add_argument('-E','--exec-openconnect', action='store_const', dest='exec', const='exec', help='Execute openconnect directly (advanced users)')
     g.add_argument('-u','--uri', action='store_true', help='Treat server as the complete URI of the SAML entry point, rather than GlobalProtect server')
     g.add_argument('--clientos', choices=set(pf2clientos.values()), default=default_clientos, help="clientos value to send (default is %(default)s)")
     p.add_argument('-f','--field', dest='extra', action='append', default=[],
@@ -450,10 +451,11 @@ def main(args = None):
             # redirect stdin from this file, before it is closed by the context manager
             # (it will remain accessible via the open file descriptor)
             dup2(tf.fileno(), 0)
+        cmd = ["openconnect"] + openconnect_args
         if args.exec == 'pkexec':
-            cmd = ["pkexec", "--user", "root", "openconnect"] + openconnect_args
+            cmd = ["pkexec", "--user", "root"] + cmd
         elif args.exec == 'sudo':
-            cmd = ["sudo", "openconnect"] + openconnect_args
+            cmd = ["sudo"] + cmd
         execvp(cmd[0], cmd)
 
     else: