openconnect-sso icon indicating copy to clipboard operation
openconnect-sso copied to clipboard

Published 20 hours ago verified publisher icon vlaci

Extra arguments are not parsed correctly

Open waldner opened this issue 2 years ago • 7 comments

When using extra arguments to openconnect (ie those after --), depending on the syntax used an error might be produced, or the results might be unexpected.

❯ openconnect-sso --version
openconnect-sso 0.8.1

For example:

openconnect-sso --log-level=DEBUG --server https://example.com --authgroup foo --user [email protected] -- --script /path/to/my-connection-script

(note the missing = in the --script argument, which is legal syntax) the following openconnect invocation is produced:

[debug    ] Starting OpenConnect           [openconnect_sso.app] command_line=['sudo', 'openconnect', '--useragent', 'AnyConnect Linux_64 4.7.00136', '--version-string', '4.7.00136', '--cookie-on-stdin', '--servercert', 'XXXXXXXXXXXXXXXXXXXXXXXXXXX', '/path/to/my-connection-script', 'https://example.com/']

which openconnect rejects with Too many arguments on command line.

On the other hand, if using the following syntax (also legal):

openconnect-sso --log-level=DEBUG --server https://example.com --authgroup foo --user [email protected] -- --script=/path/to/my-connection-script

(ie with --script=...)

The resulting openconnect invocation is

[debug    ] Starting OpenConnect           [openconnect_sso.app] command_line=['sudo', 'openconnect', '--useragent', 'AnyConnect Linux_64 4.7.00136', '--version-string', '4.7.00136', '--cookie-on-stdin', '--servercert', 'XXXXXXXXXXXXXXXXXXXXXXXXXXX', 'https://example.com/']

which is valid openconnect syntax, but now the extra option is not passed at all, and indeed the custom script is not executed.

waldner avatar Jul 25 '23 11:07 waldner

The problem seems to be in the way that argparse.REMAINDER is handled in python 3.11, I'm looking for more information.

waldner avatar Jul 25 '23 13:07 waldner

No, in fact the problem is that the fix (https://github.com/vlaci/openconnect-sso/blame/master/openconnect_sso/cli.py#L125) is not in Pypi yet. So, released version 0.8.1 is broken because of this line:

setattr(namespace, self.dest, values[1:])

waldner avatar Jul 25 '23 13:07 waldner

If you could check if the latest git master is working, I'll release it

vlaci avatar Jul 30 '23 16:07 vlaci

I'll check it out as soon as I have a moment, thanks.

waldner avatar Jul 31 '23 10:07 waldner

Yes master is working (note I only tested this specific thing).

waldner avatar Jul 31 '23 12:07 waldner

@vlaci released?

TechupBusiness avatar Oct 04 '23 14:10 TechupBusiness

No, in fact the problem is that the fix (https://github.com/vlaci/openconnect-sso/blame/master/openconnect_sso/cli.py#L125) is not in Pypi yet. So, released version 0.8.1 is broken because of this line:

setattr(namespace, self.dest, values[1:])

I confirm that by manually chaning setattr(namespace, self.dest, values[1:]) to setattr(namespace, self.dest, values) fixes the problem. A temporary solution is to insert a dummy argument such as -V:

openconnect-sso --user [email protected] --server example.io -- -V --script='vpn-slice example.io'

zabealbe avatar Nov 14 '23 22:11 zabealbe