Networkmanager-openconnect patch to support openconnect binary parameters v2
Grant Williamson
traxtopel at gmail.com
Fri Jul 14 02:03:29 PDT 2023
I have made modifications to my patch, which could be beneficial for
others. It enables you to pass parameters to openconnect when using
the UI. To use this, as an example add the following line to the file
/etc/nm-openconnect/openconnect.ini:
ARGS="--no-xmlpost --force-dpd=5 --no-dtls"
Then attempt to connect using the UI.
diff -ur NetworkManager-openconnect-1.2.10.orig/src/nm-openconnect-service.c
NetworkManager-openconnect-1.2.10/src/nm-openconnect-service.c
--- NetworkManager-openconnect-1.2.10.orig/src/nm-openconnect-service.c
2023-05-10 12:10:35.000000000 +0200
+++ NetworkManager-openconnect-1.2.10/src/nm-openconnect-service.c
2023-06-27 15:32:23.743747314 +0200
@@ -41,6 +41,7 @@
#include <pwd.h>
#include <grp.h>
#include <locale.h>
+#include <glib.h>
#include "nm-utils/nm-shared-utils.h"
#include "nm-utils/nm-vpn-plugin-macros.h"
@@ -581,6 +582,95 @@
g_ptr_array_add (openconnect_argv, (gpointer) "--verbose");
}
+ // Allow for arguments to be added via a system file
+ const char* allowedArgs[] = {
+ "-d",
+ "--deflate",
+ "-D",
+ "--no-deflate",
+ "--compression=",
+ "--force-dpd=",
+ "--external-browser=",
+ "-i",
+ "--interface=",
+ "-l",
+ "--syslog",
+ "--timestamp",
+ "--passtos",
+ "--base-mtu=",
+ "-P",
+ "--proxy=",
+ "--proxy-auth=",
+ "--no-proxy",
+ "--libproxy",
+ "-Q",
+ "--queue-len=",
+ "-v",
+ "--verbose",
+ "--disable-ipv6",
+ "--dtls-ciphers=",
+ "--dtls12-ciphers=",
+ "--dump-http-traffic",
+ "--pfs",
+ "--no-dtls",
+ "--no-http-keepalive",
+ "--no-passwd",
+ "--no-external-auth",
+ "--allow-insecure-crypto",
+ "--non-inter",
+ "--protocol=",
+ "--useragent=",
+ "--version-string=",
+ "--no-xmlpost",
+ "--local-hostname="
+ };
+ char systemCommand[MAX_ARGS_LENGTH];
+ FILE *file = fopen("/etc/nm-openconnect/openconnect.ini", "r");
+ if (file != NULL) {
+ char args[MAX_ARGS_LENGTH];
+ while (fgets(args, sizeof(args), file)) {
+ // Skip lines starting with '#'
+ if (args[0] == '#') {
+ continue;
+ }
+ if (strncmp(args, "ARGS=", 5) == 0) {
+ memmove(args, args + 5, strlen(args) - 5 + 1);
+ char *quoteStart = strchr(args, '\"');
+ if (quoteStart != NULL) {
+ char *quoteEnd = strchr(quoteStart + 1, '\"');
+ if (quoteEnd != NULL) {
+ memmove(quoteStart, quoteStart + 1, quoteEnd - quoteStart);
+ quoteEnd[-1] = '\0';
+ }
+ }
+ char *token;
+ char *delimiter = " ";
+ token = strtok(args, delimiter);
+ while (token != NULL) {
+ // Check if the argument is in the allowedArgs list
+ int i;
+ int allowed = 0;
+ for (i = 0; i < sizeof(allowedArgs) / sizeof(allowedArgs[0]); i++) {
+ if (strncmp(token, allowedArgs[i], strlen(allowedArgs[i])) == 0) {
+ allowed = 1;
+ break;
+ }
+ }
+ if (allowed) {
+ printf("Adding argument: %s\n", token);
+ // Add the argument to the desired data structure (e.g.,
g_ptr_array_add)
+ g_ptr_array_add (openconnect_argv, token);
+ } else {
+ printf("Skipping disallowed argument: %s\n", token);
+ }
+ token = strtok(NULL, delimiter);
+ }
+ break; // Exit the loop after processing the valid argument line
+ }
+ }
+ fclose(file);
+ }
+ //
g_ptr_array_add (openconnect_argv, NULL);
if (!g_spawn_async_with_pipes (NULL, (char **) openconnect_argv->pdata, NULL,
diff -ur NetworkManager-openconnect-1.2.10.orig/src/nm-openconnect-service.h
NetworkManager-openconnect-1.2.10/src/nm-openconnect-service.h
--- NetworkManager-openconnect-1.2.10.orig/src/nm-openconnect-service.h
2019-08-06 13:34:19.000000000 +0200
+++ NetworkManager-openconnect-1.2.10/src/nm-openconnect-service.h
2023-06-27 15:31:37.948464134 +0200
@@ -31,6 +31,7 @@
#define NM_IS_OPENCONNECT_PLUGIN(obj)
(G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_OPENCONNECT_PLUGIN))
#define NM_IS_OPENCONNECT_PLUGIN_CLASS(klass)
(G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_OPENCONNECT_PLUGIN))
#define NM_OPENCONNECT_PLUGIN_GET_CLASS(obj)
(G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_OPENCONNECT_PLUGIN,
NMOpenconnectPluginClass))
+#define MAX_ARGS_LENGTH 1024
typedef struct {
NMVpnServicePlugin parent;
More information about the openconnect-devel
mailing list