collective/nu-vpn-proxy
17
0
Fork 0
Code

fix too-hurried ambiguity warnings, fix b64 encoding for SAML REDIRECT too

Browse Source
This commit is contained in:
Daniel Lenski 2020-03-22 22:46:53 -07:00
parent 2cf05074cc
commit 6bbbe47904
2 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
gp-saml-gui.py
View File

@ -253,22 +253,20 @@ if __name__ == "__main__":
if args.verbose: if args.verbose:
# Warn about ambiguities # Warn about ambiguities
if server != args.server and not args.uri: if server != args.server and not args.uri:
print('''IMPORTANT: During the SAML auth, you were redirected from {} to {}. This probably''' print('''IMPORTANT: During the SAML auth, you were redirected from {} to {1}. This probably '''
'''means you should specify {} as the server for final connection, but we're not 100%''' '''means you should specify {1} as the server for final connection, but we're not 100% '''
'''sure about this. You should probably try both.\n'''.format(args.server, server), file=stderr) '''sure about this. You should probably try both.\n'''.format(args.server, server), file=stderr)
if ifh != args.interface and not args.uri: if ifh != args.interface and not args.uri:
print('''IMPORTANT: We started with SAML auth to the {} interface, but received a cookie ''' print('''IMPORTANT: We started with SAML auth to the {} interface, but received a cookie '''
'''that's associated with the {} interface. You should probably try both.\n'''.format(args.interface, ifh), '''that's associated with the {} interface. You should probably try both.\n'''.format(args.interface, ifh),
file=stderr) file=stderr)
print('''\nSAML response converted to OpenConnect command line invocation:\n''', file=stderr) print('''\nSAML response converted to OpenConnect command line invocation:\n''', file=stderr)
print(''' echo {} |\n openconnect --protocol=gp --user={} --usergroup={}:{} --passwd-on-stdin {}'''.format( print(''' echo {} |\n openconnect --protocol=gp --user={} --usergroup={}:{} --passwd-on-stdin {}'''.format(
quote(cv), quote(un), quote(ifh), quote(cn), quote(server)), file=stderr) quote(cv), quote(un), quote(ifh), quote(cn), quote(server)), file=stderr)
print('''\nSAML response converted to test-globalprotect-login.py invocation:\n''', file=stderr) print('''\nSAML response converted to test-globalprotect-login.py invocation:\n''', file=stderr)
print(''' test-globalprotect-login.py --user={} -p '' \\\n https://{}{} {}={}\n'''.format( print(''' test-globalprotect-login.py --user={} -p '' \\\n https://{}/{} {}={}\n'''.format(
quote(un), quote(server), quote(if2auth[ifh]), quote(cn), quote(cv)), file=stderr) quote(un), quote(server), quote(if2auth[ifh]), quote(cn), quote(cv)), file=stderr)
varvals = { varvals = {
'HOST': quote('https://%s/%s:%s' % (server, if2auth[ifh], cn)), 'HOST': quote('https://%s/%s:%s' % (server, if2auth[ifh], cn)),
'USER': quote(un), 'COOKIE': quote(cv), 'USER': quote(un), 'COOKIE': quote(cv),

4
test-globalprotect-login.py
View File

@ -114,10 +114,10 @@ Extracted connection cookie from <jnlp>. Use this to connect:
elif xml is not None and xml.tag == 'prelogin-response' and None not in (xml.find('saml-auth-method'), xml.find('saml-request')): elif xml is not None and xml.tag == 'prelogin-response' and None not in (xml.find('saml-auth-method'), xml.find('saml-request')):
import webbrowser import webbrowser
sam = xml.find('saml-auth-method').text sam = xml.find('saml-auth-method').text
sr = xml.find('saml-request').text sr = a2b_base64(xml.find('saml-request').text)
if sam == 'POST': if sam == 'POST':
with NamedTemporaryFile(delete=False, suffix='.html') as tf: with NamedTemporaryFile(delete=False, suffix='.html') as tf:
tf.write(a2b_base64(sr)) tf.write(sr)
if args.browse: if args.browse:
print("Got SAML POST, browsing to %s" % tf.name) print("Got SAML POST, browsing to %s" % tf.name)
webbrowser.open('file://' + tf.name) webbrowser.open('file://' + tf.name)