Support specify csd-wrapper

crates/gpapi/src/process/command_traits.rs

@@ -1,7 +1,8 @@
-use anyhow::bail;
-use std::{env, ffi::OsStr};
+use std::ffi::OsStr;
 use tokio::process::Command;
-use uzers::{os::unix::UserExt, User};
+use uzers::os::unix::UserExt;
+
+use super::users::get_non_root_user;
 
 pub trait CommandExt {
   fn new_pkexec<S: AsRef<OsStr>>(program: S) -> Command;
@@ -34,29 +35,3 @@ impl CommandExt for Command {
     Ok(self)
   }
 }
-
-fn get_non_root_user() -> anyhow::Result<User> {
-  let current_user = whoami::username();
-
-  let user = if current_user == "root" {
-    get_real_user()?
-  } else {
-    uzers::get_user_by_name(&current_user).ok_or_else(|| anyhow::anyhow!("User ({}) not found", current_user))?
-  };
-
-  if user.uid() == 0 {
-    bail!("Non-root user not found")
-  }
-
-  Ok(user)
-}
-
-fn get_real_user() -> anyhow::Result<User> {
-  // Read the UID from SUDO_UID or PKEXEC_UID environment variable if available.
-  let uid = match env::var("SUDO_UID") {
-    Ok(uid) => uid.parse::<u32>()?,
-    _ => env::var("PKEXEC_UID")?.parse::<u32>()?,
-  };
-
-  uzers::get_user_by_uid(uid).ok_or_else(|| anyhow::anyhow!("User not found"))
-}

crates/gpapi/src/process/mod.rs

@@ -1,5 +1,6 @@
 pub(crate) mod command_traits;
 
+pub mod users;
 pub mod auth_launcher;
 #[cfg(feature = "browser-auth")]
 pub mod browser_authenticator;

crates/gpapi/src/process/users.rs

@@ -0,0 +1,34 @@
+use std::env;
+
+use anyhow::bail;
+use uzers::User;
+
+pub fn get_user_by_name(username: &str) -> anyhow::Result<User> {
+  uzers::get_user_by_name(username).ok_or_else(|| anyhow::anyhow!("User ({}) not found", username))
+}
+
+pub fn get_non_root_user() -> anyhow::Result<User> {
+  let current_user = whoami::username();
+
+  let user = if current_user == "root" {
+    get_real_user()?
+  } else {
+    get_user_by_name(&current_user)?
+  };
+
+  if user.uid() == 0 {
+    bail!("Non-root user not found")
+  }
+
+  Ok(user)
+}
+
+fn get_real_user() -> anyhow::Result<User> {
+  // Read the UID from SUDO_UID or PKEXEC_UID environment variable if available.
+  let uid = match env::var("SUDO_UID") {
+    Ok(uid) => uid.parse::<u32>()?,
+    _ => env::var("PKEXEC_UID")?.parse::<u32>()?,
+  };
+
+  uzers::get_user_by_uid(uid).ok_or_else(|| anyhow::anyhow!("User not found"))
+}

crates/openconnect/src/ffi/mod.rs

@@ -15,6 +15,9 @@ pub(crate) struct ConnectOptions {
   pub os: *const c_char,
   pub certificate: *const c_char,
   pub servercert: *const c_char,
+
+  pub csd_uid: u32,
+  pub csd_wrapper: *const c_char,
 }
 
 #[link(name = "vpn")]

crates/openconnect/src/ffi/vpn.c

@@ -61,6 +61,8 @@ int vpn_connect(const vpn_options *options, vpn_connected_callback callback)
     INFO("User agent: %s", options->user_agent);
     INFO("VPNC script: %s", options->script);
     INFO("OS: %s", options->os);
+    INFO("CSD_USER: %d", options->csd_uid);
+    INFO("CSD_WRAPPER: %s", options->csd_wrapper);
 
     vpninfo = openconnect_vpninfo_new(options->user_agent, validate_peer_cert, NULL, NULL, print_progress, NULL);
 
@@ -91,6 +93,10 @@ int vpn_connect(const vpn_options *options, vpn_connected_callback callback)
         openconnect_set_system_trust(vpninfo, 0);
     }
 
+    if (options->csd_wrapper) {
+        openconnect_setup_csd(vpninfo, options->csd_uid, 1, options->csd_wrapper);
+    }
+
     g_cmd_pipe_fd = openconnect_setup_cmd_pipe(vpninfo);
     if (g_cmd_pipe_fd < 0)
     {

crates/openconnect/src/ffi/vpn.h

@@ -16,6 +16,9 @@ typedef struct vpn_options
     const char *os;
     const char *certificate;
     const char *servercert;
+
+    const uid_t csd_uid;
+    const char *csd_wrapper;
 } vpn_options;
 
 int vpn_connect(const vpn_options *options, vpn_connected_callback callback);

crates/openconnect/src/vpn.rs

@@ -18,6 +18,9 @@ pub struct Vpn {
   certificate: Option<CString>,
   servercert: Option<CString>,
 
+  csd_uid: u32,
+  csd_wrapper: Option<CString>,
+
   callback: OnConnectedCallback,
 }
 
@@ -56,6 +59,9 @@ impl Vpn {
       os: self.os.as_ptr(),
       certificate: Self::option_to_ptr(&self.certificate),
       servercert: Self::option_to_ptr(&self.servercert),
+
+      csd_uid: self.csd_uid,
+      csd_wrapper: Self::option_to_ptr(&self.csd_wrapper),
     }
   }
 
@@ -73,6 +79,9 @@ pub struct VpnBuilder {
   user_agent: Option<String>,
   script: Option<String>,
   os: Option<String>,
+
+  csd_uid: u32,
+  csd_wrapper: Option<String>,
 }
 
 impl VpnBuilder {
@@ -83,6 +92,8 @@ impl VpnBuilder {
       user_agent: None,
       script: None,
       os: None,
+      csd_uid: 0,
+      csd_wrapper: None,
     }
   }
 
@@ -101,6 +112,16 @@ impl VpnBuilder {
     self
   }
 
+  pub fn csd_uid(mut self, csd_uid: u32) -> Self {
+    self.csd_uid = csd_uid;
+    self
+  }
+
+  pub fn csd_wrapper<T: Into<Option<String>>>(mut self, csd_wrapper: T) -> Self {
+    self.csd_wrapper = csd_wrapper.into();
+    self
+  }
+
   pub fn build(self) -> Vpn {
     let user_agent = self.user_agent.unwrap_or_default();
     let script = self.script.or_else(find_default_vpnc_script).unwrap_or_default();
@@ -114,6 +135,10 @@ impl VpnBuilder {
       os: Self::to_cstring(&os),
       certificate: None,
       servercert: None,
+
+      csd_uid: self.csd_uid,
+      csd_wrapper: self.csd_wrapper.as_deref().map(Self::to_cstring),
+
       callback: Default::default(),
     }
   }