From 6bbbe479043b1a5d5f75a7c6bbc88eada5ccd126 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Sun, 22 Mar 2020 22:46:53 -0700 Subject: [PATCH 1/1] fix too-hurried ambiguity warnings, fix b64 encoding for SAML REDIRECT too --- gp-saml-gui.py | 10 ++++------ test-globalprotect-login.py | 4 ++-- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/gp-saml-gui.py b/gp-saml-gui.py index a49a751..4029a09 100755 --- a/gp-saml-gui.py +++ b/gp-saml-gui.py @@ -253,22 +253,20 @@ if __name__ == "__main__": if args.verbose: # Warn about ambiguities if server != args.server and not args.uri: - print('''IMPORTANT: During the SAML auth, you were redirected from {} to {}. This probably''' - '''means you should specify {} as the server for final connection, but we're not 100%''' + print('''IMPORTANT: During the SAML auth, you were redirected from {} to {1}. This probably ''' + '''means you should specify {1} as the server for final connection, but we're not 100% ''' '''sure about this. You should probably try both.\n'''.format(args.server, server), file=stderr) if ifh != args.interface and not args.uri: - print('''IMPORTANT: We started with SAML auth to the {} interface, but received a cookie''' + print('''IMPORTANT: We started with SAML auth to the {} interface, but received a cookie ''' '''that's associated with the {} interface. You should probably try both.\n'''.format(args.interface, ifh), file=stderr) - print('''\nSAML response converted to OpenConnect command line invocation:\n''', file=stderr) print(''' echo {} |\n openconnect --protocol=gp --user={} --usergroup={}:{} --passwd-on-stdin {}'''.format( quote(cv), quote(un), quote(ifh), quote(cn), quote(server)), file=stderr) print('''\nSAML response converted to test-globalprotect-login.py invocation:\n''', file=stderr) - print(''' test-globalprotect-login.py --user={} -p '' \\\n https://{}{} {}={}\n'''.format( + print(''' test-globalprotect-login.py --user={} -p '' \\\n https://{}/{} {}={}\n'''.format( quote(un), quote(server), quote(if2auth[ifh]), quote(cn), quote(cv)), file=stderr) - varvals = { 'HOST': quote('https://%s/%s:%s' % (server, if2auth[ifh], cn)), 'USER': quote(un), 'COOKIE': quote(cv), diff --git a/test-globalprotect-login.py b/test-globalprotect-login.py index 81ae8b7..4c325b2 100755 --- a/test-globalprotect-login.py +++ b/test-globalprotect-login.py @@ -114,10 +114,10 @@ Extracted connection cookie from . Use this to connect: elif xml is not None and xml.tag == 'prelogin-response' and None not in (xml.find('saml-auth-method'), xml.find('saml-request')): import webbrowser sam = xml.find('saml-auth-method').text - sr = xml.find('saml-request').text + sr = a2b_base64(xml.find('saml-request').text) if sam == 'POST': with NamedTemporaryFile(delete=False, suffix='.html') as tf: - tf.write(a2b_base64(sr)) + tf.write(sr) if args.browse: print("Got SAML POST, browsing to %s" % tf.name) webbrowser.open('file://' + tf.name) -- 2.39.5