[PATCH] Juniper: support password and 2FA fields in the same form

[Daniel Lenski]

On Wed, Jun 24, 2020 at 2:27 PM Ash Holland <ash at sorrel.sh> wrote:
>  auth-juniper.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
>
> diff --git a/auth-juniper.c b/auth-juniper.c
> index 19d439784..f4d9733fa 100644
> --- a/auth-juniper.c
> +++ b/auth-juniper.c
> @@ -74,6 +74,18 @@ static int oncp_can_gen_tokencode(struct openconnect_info *vpninfo,
>             vpninfo->token_bypassed)
>                 return -EINVAL;
>
> +       if (!strcmp(form->auth_id, "frmLogin")) {
> +               // The first "password" input in frmLogin is likely to be a password, not 2FA token
> +               struct oc_form_opt **p = &form->opts;
> +               while (*p) {
> +                       if ((*p)->type == OC_FORM_OPT_PASSWORD) {
> +                               return can_gen_tokencode(vpninfo, form, opt);
> +                       }
> +                       p = &(*p)->next;
> +               }

1) It appears to me that you haven't actually implemented the
skip-this-field-if-it-is-the-first-password-input behavior.
2) Why `**p`? Everything here could be simplified by using `struct
oc_form_opt *p = form->opts`.

> I've tested this against the VPN I mentioned in [1], and it seems to
> work well

Hrm… are you sure? It appears the code that you sent should cause the
2FA token to fill the *first* password. I don't understand how this
would work, and actually prompt you for the first password rather than
auto-fill the token code, from the CLI.

Dan