Re: openconnect stoken support not working properly with our form

Wed, 15 Nov 2017 10:51:12 -0800 

On Mon, Nov 13, 2017 at 11:57 PM, Kevin Cernekee <[email protected]> wrote:
>
> You can delete "Step 1" since oncp_obtain_cookie() isn't annotated the
> same way as cstp_obtain_cookie().
>
<snipped>
>
> This can probably reuse |ret| (otherwise |ret| will be left
> uninitialized).  Be sure to test the case where the user hits Cancel
> on the PIN form, and the case where libstoken returns an error (like
> from a missing stokenrc file).
>
>> +        }
>> +#endif
>> +
>>         resp_buf = buf_alloc();
>>         if (buf_error(resp_buf))
>>                 return -ENOMEM;

Thanks,
I can't figure out how line wrap a diff from git for it to be happy
with gmail so trying the new patch as an attachment.  If the stokenrc
file doesn't exist it exits gracefully with
Can't open ~/.stokenrc file

I'm not sure what you mean by hits cancel on the pin form.  There is
no UI for that in the command line openconnect right?
If you're referring to the networkmanager ui, that was actually my
next step.  The patched openconnect doesn't work there and I can't
figure out why.  I have literally no clue what I'm doing looking at
the network-manager-openconnect repo.  It looks like it mostly uses
libopenconnect to interface, but it also appears to exec an
openconnect binary without the --token-* arguments.
That's where I'm hoping to learn more when I have a bit of time.

Andy

---
 auth-juniper.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/auth-juniper.c b/auth-juniper.c
index 4b889d6..d818cf3 100644
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -77,7 +77,8 @@ static int oncp_can_gen_tokencode(struct openconnect_info *vpninfo,
 
 	if (strcmp(form->auth_id, "frmDefender") &&
 	    strcmp(form->auth_id, "frmNextToken") &&
-	    strcmp(form->auth_id, "ftmTotpToken"))
+	    strcmp(form->auth_id, "ftmTotpToken") &&
+	    strcmp(form->auth_id, "frmLogin"))
 		return -EINVAL;
 
 	return can_gen_tokencode(vpninfo, form, opt);
@@ -570,6 +571,14 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo)
 	char *form_id = NULL;
 	int try_tncc = !!vpninfo->csd_wrapper;
 
+#ifdef HAVE_LIBSTOKEN
+        if (vpninfo->token_mode == OC_TOKEN_MODE_STOKEN) {
+                ret = prepare_stoken(vpninfo);
+                if (ret)
+                        goto out;
+        }
+#endif
+
 	resp_buf = buf_alloc();
 	if (buf_error(resp_buf))
 		return -ENOMEM;

_______________________________________________
openconnect-devel mailing list
[email protected]
http://lists.infradead.org/mailman/listinfo/openconnect-devel

Reply via email to