[PATCH] Fix stoken support for Juniper VPN
Andy Wang
dopey at moonteeth.com
Wed Dec 20 19:05:26 PST 2017
Any thoughts on this? Something I should do different?
Thanks,
Andy
On Wed, Nov 22, 2017 at 8:33 PM, Andy Wang <dopey at moonteeth.com> wrote:
> Allow using stoken code for frmLogin form type.
> Ensure stoken seed is properly prepared using block copied from Cisco
> VPN support in auth.c
>
> Signed-off-by: Andy Wang <dopey at moonteeth.com>
> ---
> auth-juniper.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/auth-juniper.c b/auth-juniper.c
> index 4b889d6..d818cf3 100644
> --- a/auth-juniper.c
> +++ b/auth-juniper.c
> @@ -77,7 +77,8 @@ static int oncp_can_gen_tokencode(struct openconnect_info *vpninfo,
>
> if (strcmp(form->auth_id, "frmDefender") &&
> strcmp(form->auth_id, "frmNextToken") &&
> - strcmp(form->auth_id, "ftmTotpToken"))
> + strcmp(form->auth_id, "ftmTotpToken") &&
> + strcmp(form->auth_id, "frmLogin"))
> return -EINVAL;
>
> return can_gen_tokencode(vpninfo, form, opt);
> @@ -570,6 +571,14 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo)
> char *form_id = NULL;
> int try_tncc = !!vpninfo->csd_wrapper;
>
> +#ifdef HAVE_LIBSTOKEN
> + if (vpninfo->token_mode == OC_TOKEN_MODE_STOKEN) {
> + ret = prepare_stoken(vpninfo);
> + if (ret)
> + goto out;
> + }
> +#endif
> +
> resp_buf = buf_alloc();
> if (buf_error(resp_buf))
> return -ENOMEM;
> --
> 2.14.3
>
More information about the openconnect-devel
mailing list