]> www.infradead.org Git - users/dwmw2/openconnect.git/commitdiff
projects / users / dwmw2 / openconnect.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8a35033)
Add support for Google Authenticator 2fa on Juniper VPN
authorJanne Juntunen <janne.juntunen@hermanit.fi>
Tue, 29 Nov 2016 22:37:22 +0000 (22:37 +0000)
committerDavid Woodhouse <dwmw2@infradead.org>
Wed, 14 Dec 2016 20:17:43 +0000 (20:17 +0000)
We resently changed our Juniper VPN from SMS 2fa to use Google
Authenticator instead. Before it worked perfectly with "openconnect
--juniper" switch, but after the change all we got was:

Unknown form ID 'frmTotpToken'
and a dump of the form.

I spent some time debugging the issue, and managed to write a very
simple fix for it.

Signed-off-by: Janne Juntunen <janne.juntunen@hermanit.fi>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
auth-juniper.c patch | blob | history
www/changelog.xml patch | blob | history

diff --git a/auth-juniper.c b/auth-juniper.c
index d54d8039be7bb0c19a669a7a6f44bcbffe32d605..4b889d6b8f3baf51fc1b11cf0ef73c1375ae0ce4 100644 (file)
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -76,7 +76,8 @@ static int oncp_can_gen_tokencode(struct openconnect_info *vpninfo,
                return -EINVAL;
 
        if (strcmp(form->auth_id, "frmDefender") &&
-           strcmp(form->auth_id, "frmNextToken"))
+           strcmp(form->auth_id, "frmNextToken") &&
+           strcmp(form->auth_id, "ftmTotpToken"))
                return -EINVAL;
 
        return can_gen_tokencode(vpninfo, form, opt);
@@ -671,6 +672,12 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo)
                                break;
                        }
                        role_select = 1;
+               } else if (!strcmp(form_id, "frmTotpToken")) {
+                       form = parse_form_node(vpninfo, node, "totpactionEnter");
+                       if (!form) {
+                               ret = -EINVAL;
+                               break;
+                       }
                } else {
                        vpn_progress(vpninfo, PRG_ERR,
                                     _("Unknown form ID '%s'\n"),
diff --git a/www/changelog.xml b/www/changelog.xml
index f5df1fdcbe3c8bc4c983240e14524cf30e76d4a7..803df1072f273f5912abe034f486aa7308657d44 100644 (file)
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -16,6 +16,7 @@
    <li><b>OpenConnect HEAD</b>
      <ul>
        <li>Fix portability of shell scripts in test suite.</li>
+       <li>Add Google Authenticator TOTP support for Juniper.</li>
      </ul><br/>
   </li>
   <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz">OpenConnect v7.08</a></b>
Unnamed repository; edit this file 'description' to name the repository.