I have made modifications to my patch, which could be beneficial for
others. It enables you to pass parameters to openconnect when using
the UI. To use this, as an example add the following line to the file
/etc/nm-openconnect/openconnect.ini:
ARGS="--no-xmlpost --force-dpd=5 --no-dtls"
Then attempt to connect using the UI.
diff -ur NetworkManager-openconnect-1.2.10.orig/src/nm-openconnect-service.c
NetworkManager-openconnect-1.2.10/src/nm-openconnect-service.c
--- NetworkManager-openconnect-1.2.10.orig/src/nm-openconnect-service.c
2023-05-10 12:10:35.000000000 +0200
+++ NetworkManager-openconnect-1.2.10/src/nm-openconnect-service.c
2023-06-27 15:32:23.743747314 +0200
@@ -41,6 +41,7 @@
#include <pwd.h>
#include <grp.h>
#include <locale.h>
+#include <glib.h>
#include "nm-utils/nm-shared-utils.h"
#include "nm-utils/nm-vpn-plugin-macros.h"
@@ -581,6 +582,95 @@
g_ptr_array_add (openconnect_argv, (gpointer) "--verbose");
}
+ // Allow for arguments to be added via a system file
+ const char* allowedArgs[] = {
+ "-d",
+ "--deflate",
+ "-D",
+ "--no-deflate",
+ "--compression=",
+ "--force-dpd=",
+ "--external-browser=",
+ "-i",
+ "--interface=",
+ "-l",
+ "--syslog",
+ "--timestamp",
+ "--passtos",
+ "--base-mtu=",
+ "-P",
+ "--proxy=",
+ "--proxy-auth=",
+ "--no-proxy",
+ "--libproxy",
+ "-Q",
+ "--queue-len=",
+ "-v",
+ "--verbose",
+ "--disable-ipv6",
+ "--dtls-ciphers=",
+ "--dtls12-ciphers=",
+ "--dump-http-traffic",
+ "--pfs",
+ "--no-dtls",
+ "--no-http-keepalive",
+ "--no-passwd",
+ "--no-external-auth",
+ "--allow-insecure-crypto",
+ "--non-inter",
+ "--protocol=",
+ "--useragent=",
+ "--version-string=",
+ "--no-xmlpost",
+ "--local-hostname="
+ };
+ char systemCommand[MAX_ARGS_LENGTH];
+ FILE *file = fopen("/etc/nm-openconnect/openconnect.ini", "r");
+ if (file != NULL) {
+ char args[MAX_ARGS_LENGTH];
+ while (fgets(args, sizeof(args), file)) {
+ // Skip lines starting with '#'
+ if (args[0] == '#') {
+ continue;
+ }
+ if (strncmp(args, "ARGS=", 5) == 0) {
+ memmove(args, args + 5, strlen(args) - 5 + 1);
+ char *quoteStart = strchr(args, '\"');
+ if (quoteStart != NULL) {
+ char *quoteEnd = strchr(quoteStart + 1, '\"');
+ if (quoteEnd != NULL) {
+ memmove(quoteStart, quoteStart + 1, quoteEnd - quoteStart);
+ quoteEnd[-1] = '\0';
+ }
+ }
+ char *token;
+ char *delimiter = " ";
+ token = strtok(args, delimiter);
+ while (token != NULL) {
+ // Check if the argument is in the allowedArgs list
+ int i;
+ int allowed = 0;
+ for (i = 0; i < sizeof(allowedArgs) / sizeof(allowedArgs[0]); i++) {
+ if (strncmp(token, allowedArgs[i], strlen(allowedArgs[i])) == 0) {
+ allowed = 1;
+ break;
+ }
+ }
+ if (allowed) {
+ printf("Adding argument: %s\n", token);
+ // Add the argument to the desired data structure (e.g.,
g_ptr_array_add)
+ g_ptr_array_add (openconnect_argv, token);
+ } else {
+ printf("Skipping disallowed argument: %s\n", token);
+ }
+ token = strtok(NULL, delimiter);
+ }
+ break; // Exit the loop after processing the valid argument line
+ }
+ }
+ fclose(file);
+ }
+ //
g_ptr_array_add (openconnect_argv, NULL);
if (!g_spawn_async_with_pipes (NULL, (char **) openconnect_argv->pdata, NULL,
diff -ur NetworkManager-openconnect-1.2.10.orig/src/nm-openconnect-service.h
NetworkManager-openconnect-1.2.10/src/nm-openconnect-service.h
--- NetworkManager-openconnect-1.2.10.orig/src/nm-openconnect-service.h
2019-08-06 13:34:19.000000000 +0200
+++ NetworkManager-openconnect-1.2.10/src/nm-openconnect-service.h
2023-06-27 15:31:37.948464134 +0200
@@ -31,6 +31,7 @@
#define NM_IS_OPENCONNECT_PLUGIN(obj)
(G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_OPENCONNECT_PLUGIN))
#define NM_IS_OPENCONNECT_PLUGIN_CLASS(klass)
(G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_OPENCONNECT_PLUGIN))
#define NM_OPENCONNECT_PLUGIN_GET_CLASS(obj)
(G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_OPENCONNECT_PLUGIN,
NMOpenconnectPluginClass))
+#define MAX_ARGS_LENGTH 1024
typedef struct {
NMVpnServicePlugin parent;
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
