include clientos in output command-lines and environment variables
This commit is contained in:
Daniel Lenski
parent
6bbbe47904
commit
66438abc7c
18
README.md
18
README.md
@ -32,16 +32,19 @@ $ pip install requests
|
|||||||
How to use
|
How to use
|
||||||
==========
|
==========
|
||||||
|
|
||||||
Specify the GlobalProtect server URL (portal or gateway) and optional arguments.
|
Specify the GlobalProtect server URL (portal or gateway) and optional
|
||||||
|
arguments, such as `--clientos=Windows` (because many GlobalProtect
|
||||||
|
servers don't require SAML login, but apparently omit it in their configuration
|
||||||
|
for OSes other than Windows).
|
||||||
|
|
||||||
This script will pop up a [GTK WebKit2 WebView](https://webkitgtk.org/) window.
|
This script will pop up a [GTK WebKit2 WebView](https://webkitgtk.org/) window.
|
||||||
After you succesfully complete the SAML login via web forms, the script will output
|
After you succesfully complete the SAML login via web forms, the script will output
|
||||||
`HOST`, `USER`, and `COOKIE` variables in a form that can be used by
|
`HOST`, `USER`, `COOKIE`, and `OS` variables in a form that can be used by
|
||||||
[OpenConnect](http://www.infradead.org/openconnect/juniper.html)
|
[OpenConnect](http://www.infradead.org/openconnect/juniper.html)
|
||||||
(similar to the output of `openconnect --authenticate`):
|
(similar to the output of `openconnect --authenticate`):
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ eval $( gp-saml-gui.py -v vpn.company.com )
|
$ eval $( gp-saml-gui.py --clientos=Windows vpn.company.com )
|
||||||
Got SAML POST content, opening browser...
|
Got SAML POST content, opening browser...
|
||||||
Finished loading about:blank...
|
Finished loading about:blank...
|
||||||
Finished loading https://company.okta.com/app/panw_globalprotect/deadbeefFOOBARba1234/sso/saml...
|
Finished loading https://company.okta.com/app/panw_globalprotect/deadbeefFOOBARba1234/sso/saml...
|
||||||
@ -52,14 +55,15 @@ Got SAML relevant headers, done: {'prelogin-cookie': 'blahblahblah', 'saml-usern
|
|||||||
SAML response converted to OpenConnect command line invocation:
|
SAML response converted to OpenConnect command line invocation:
|
||||||
|
|
||||||
echo 'blahblahblah' |
|
echo 'blahblahblah' |
|
||||||
openconnect --protocol=gp --user='foo12345@corp.company.com' --usergroup=prelogin-cookie:gateway --passwd-on-stdin vpn.company.com
|
openconnect --protocol=gp --user='foo12345@corp.company.com' --os=win --usergroup=prelogin-cookie:gateway --passwd-on-stdin vpn.company.com
|
||||||
|
|
||||||
$ echo $HOST; echo $USER; echo $COOKIE
|
$ echo $HOST; echo $USER; echo $COOKIE; echo $OS
|
||||||
https://vpn.company.com/gateway:prelogin-cookie
|
https://vpn.company.com/gateway:prelogin-cookie
|
||||||
foo12345@corp.company.com
|
foo12345@corp.company.com
|
||||||
blahblahblah'
|
blahblahblah
|
||||||
|
win
|
||||||
|
|
||||||
$ echo "$COOKIE" | openconnect --protocol=gp -u "$USER" --passwd-on-stdin "$HOST"
|
$ echo "$COOKIE" | openconnect --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST"
|
||||||
```
|
```
|
||||||
|
|
||||||
TODO
|
TODO
|
||||||
|
|||||||
@ -122,8 +122,9 @@ class SAMLLoginView:
|
|||||||
Gtk.main_quit()
|
Gtk.main_quit()
|
||||||
|
|
||||||
def parse_args(args = None):
|
def parse_args(args = None):
|
||||||
clientos_map = dict(linux='Linux', darwin='Mac', win32='Windows', cygwin='Windows')
|
pf2clientos = dict(linux='Linux', darwin='Mac', win32='Windows', cygwin='Windows')
|
||||||
default_clientos = clientos_map.get(platform, 'Windows')
|
clientos2ocos = dict(Linux='linux-64', Mac='mac-intel', Windows='win')
|
||||||
|
default_clientos = pf2clientos.get(platform, 'Windows')
|
||||||
|
|
||||||
p = argparse.ArgumentParser()
|
p = argparse.ArgumentParser()
|
||||||
p.add_argument('server', help='GlobalProtect server (portal or gateway)')
|
p.add_argument('server', help='GlobalProtect server (portal or gateway)')
|
||||||
@ -145,10 +146,11 @@ def parse_args(args = None):
|
|||||||
g.add_argument('-v','--verbose', default=0, action='count')
|
g.add_argument('-v','--verbose', default=0, action='count')
|
||||||
g.add_argument('-x','--external', action='store_true', help='Launch external browser (for debugging)')
|
g.add_argument('-x','--external', action='store_true', help='Launch external browser (for debugging)')
|
||||||
g.add_argument('-u','--uri', action='store_true', help='Treat server as the complete URI of the SAML entry point, rather than GlobalProtect server')
|
g.add_argument('-u','--uri', action='store_true', help='Treat server as the complete URI of the SAML entry point, rather than GlobalProtect server')
|
||||||
g.add_argument('--clientos', choices=set(clientos_map.values()), default=default_clientos, help="clientos value to send (default is %(default)s)")
|
g.add_argument('--clientos', choices=set(pf2clientos.values()), default=default_clientos, help="clientos value to send (default is %(default)s)")
|
||||||
p.add_argument('extra', nargs='*', help='Extra form field(s) to pass to include in the login query string (e.g. "magic-cookie-value=deadbeef01234567")')
|
p.add_argument('extra', nargs='*', help='Extra form field(s) to pass to include in the login query string (e.g. "magic-cookie-value=deadbeef01234567")')
|
||||||
args = p.parse_args(args = None)
|
args = p.parse_args(args = None)
|
||||||
|
|
||||||
|
args.ocos = clientos2ocos[args.clientos]
|
||||||
args.extra = dict(x.split('=', 1) for x in args.extra)
|
args.extra = dict(x.split('=', 1) for x in args.extra)
|
||||||
|
|
||||||
if args.cookies:
|
if args.cookies:
|
||||||
@ -261,14 +263,14 @@ if __name__ == "__main__":
|
|||||||
'''that's associated with the {} interface. You should probably try both.\n'''.format(args.interface, ifh),
|
'''that's associated with the {} interface. You should probably try both.\n'''.format(args.interface, ifh),
|
||||||
file=stderr)
|
file=stderr)
|
||||||
print('''\nSAML response converted to OpenConnect command line invocation:\n''', file=stderr)
|
print('''\nSAML response converted to OpenConnect command line invocation:\n''', file=stderr)
|
||||||
print(''' echo {} |\n openconnect --protocol=gp --user={} --usergroup={}:{} --passwd-on-stdin {}'''.format(
|
print(''' echo {} |\n openconnect --protocol=gp --user={} --os={} --usergroup={}:{} --passwd-on-stdin {}'''.format(
|
||||||
quote(cv), quote(un), quote(ifh), quote(cn), quote(server)), file=stderr)
|
quote(cv), quote(un), quote(args.ocos), quote(ifh), quote(cn), quote(server)), file=stderr)
|
||||||
|
|
||||||
print('''\nSAML response converted to test-globalprotect-login.py invocation:\n''', file=stderr)
|
print('''\nSAML response converted to test-globalprotect-login.py invocation:\n''', file=stderr)
|
||||||
print(''' test-globalprotect-login.py --user={} -p '' \\\n https://{}/{} {}={}\n'''.format(
|
print(''' test-globalprotect-login.py --user={} --clientos={} -p '' \\\n https://{}/{} {}={}\n'''.format(
|
||||||
quote(un), quote(server), quote(if2auth[ifh]), quote(cn), quote(cv)), file=stderr)
|
quote(un), quote(args.clientos), quote(server), quote(if2auth[ifh]), quote(cn), quote(cv)), file=stderr)
|
||||||
varvals = {
|
varvals = {
|
||||||
'HOST': quote('https://%s/%s:%s' % (server, if2auth[ifh], cn)),
|
'HOST': quote('https://%s/%s:%s' % (server, if2auth[args.interface], cn)),
|
||||||
'USER': quote(un), 'COOKIE': quote(cv),
|
'USER': quote(un), 'COOKIE': quote(cv), 'OS': quote(args.ocos),
|
||||||
}
|
}
|
||||||
print('\n'.join('%s=%s' % pair for pair in varvals.items()))
|
print('\n'.join('%s=%s' % pair for pair in varvals.items()))
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user