Re: openconnect stoken support not working properly with our form

2017-11-13 Thread Andy Wang 
On Sun, Nov 12, 2017 at 11:16 AM, Kevin Cernekee  wrote:
> I worked on the original stoken integration, but have only ever used
> it with Cisco VPNs.  It looks like the Juniper logic was updated in
> this commit:
>
> commit 1ff34cb9689fbaf57decac537df1e32e799bb9c7
> Author: Janne Juntunen 
> Date:   Tue Nov 29 22:37:22 2016 +
>
> Add support for Google Authenticator 2fa on Juniper VPN
>
> We resently changed our Juniper VPN from SMS 2fa to use Google
> Authenticator instead. Before it worked perfectly with "openconnect
> --juniper" switch, but after the change all we got was:
>
> Unknown form ID 'frmTotpToken'
> and a dump of the form.
>
> I spent some time debugging the issue, and managed to write a very
> simple fix for it.
>
> Signed-off-by: Janne Juntunen 
> Signed-off-by: David Woodhouse 
>
> Maybe the Google Authenticator form (OC_TOKEN_MODE_TOTP) needs to be
> handled differently from the RSA SecurID form (OC_TOKEN_MODE_STOKEN).

I had done some more digging and adding:

+   strcmp(form->auth_id, "ftmTotpToken") &&
+   strcmp(form->auth_id, "frmLogin"))

gets me part of the way there.  The problem is both the 2FA and actual password
forms use the same frmLogin form type and type="password" form field.

I initially thought that was the only problem so I hacked http.c to set a
vpninfo->token_successful (and then skipped generating a token
if that was already successful).

That still didn't solve my problem and I used --dump-http-traffic and see that
the stoken code being sent is completely different than what
the stoken command actually generates.  I had no idea why that would
have been the case.

That's where I was last at when I put this aside to get real work done :)

Andy

___
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel

Re: openconnect do not read password from .txt file.

2017-11-13 Thread Geert Stappers 
On Mon, Nov 13, 2017 at 05:29:07AM +0500, Ashraz Rashid wrote:
> Dear openconnect team,
> 
> 
> 
> I have an issue for openconnect it do not connect with
> ???passwd-on-stdin. Basically I want to connect with bash command and
> reading password from .txt file. Here my command that I am using
> 
>  type Pass.txt | openconnect.exe -v --passwd-on-stdin  --user=Username --os=win https://server.com
> 
 
Using twice Pass.txt feels not good

Use either

  type Pass.txt | openconnect.exe -v --passwd-on-stdin --user=Username --os=win 
https://server.com
 
or
 
  openconnect.exe -v --passwd-on-stdin https://server.com
 
> 
> also tried
> 
> 
> openconnect -v --printcookie --dump-http-traffic  --no-xmlpost 
> --passwd-on-stdin  

That feels also strange, the
> End of Result :
> 
 
> 
> 
> Please help me to find out where I am in mistake..
> 

Check also the Pass.txt for strange characters.


Hope this helps



Groeten
Geert Stappers
-- 
Leven en laten leven

___
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel