Discussion:
[PATCH] Fix stoken support for Juniper VPN
Andy Wang
2018-09-07 15:49:29 UTC
Permalink
Ensure stoken seed is properly prepared using block copied from Cisco
VPN support in auth.c

Signed-off-by: Andy Wang <***@moonteeth.com>
---
auth-juniper.c | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/auth-juniper.c b/auth-juniper.c
index 30ceb3ae..bc560823 100644
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -576,6 +576,14 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo)
char *form_id = NULL;
int try_tncc = !!vpninfo->csd_wrapper;

+#ifdef HAVE_LIBSTOKEN
+ if (vpninfo->token_mode == OC_TOKEN_MODE_STOKEN) {
+ ret = prepare_stoken(vpninfo);
+ if (ret)
+ goto out;
+ }
+#endif
+
resp_buf = buf_alloc();
if (buf_error(resp_buf))
return -ENOMEM;
--
2.17.1
Andy Wang
2018-09-07 15:52:28 UTC
Permalink
Per the discussion I had on a much older attempt to patch this with
Daniel Lenski, I pulled out the not-so-great attempt to fix the form
field for the token support and just patched the prepare_stoken chunk
that's required for the token to work.

Thanks,
Andy
Post by Andy Wang
Ensure stoken seed is properly prepared using block copied from Cisco
VPN support in auth.c
---
auth-juniper.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/auth-juniper.c b/auth-juniper.c
index 30ceb3ae..bc560823 100644
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -576,6 +576,14 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo)
char *form_id = NULL;
int try_tncc = !!vpninfo->csd_wrapper;
+#ifdef HAVE_LIBSTOKEN
+ if (vpninfo->token_mode == OC_TOKEN_MODE_STOKEN) {
+ ret = prepare_stoken(vpninfo);
+ if (ret)
+ goto out;
+ }
+#endif
+
resp_buf = buf_alloc();
if (buf_error(resp_buf))
return -ENOMEM;
--
2.17.1
Andy Wang
2018-11-04 21:45:48 UTC
Permalink
David,
This is the stoken patch that you asked about on my other thread.

Thanks,
Andy
Post by Andy Wang
Ensure stoken seed is properly prepared using block copied from Cisco
VPN support in auth.c
---
auth-juniper.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/auth-juniper.c b/auth-juniper.c
index 30ceb3ae..bc560823 100644
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -576,6 +576,14 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo)
char *form_id = NULL;
int try_tncc = !!vpninfo->csd_wrapper;
+#ifdef HAVE_LIBSTOKEN
+ if (vpninfo->token_mode == OC_TOKEN_MODE_STOKEN) {
+ ret = prepare_stoken(vpninfo);
+ if (ret)
+ goto out;
+ }
+#endif
+
resp_buf = buf_alloc();
if (buf_error(resp_buf))
return -ENOMEM;
--
2.17.1
David Woodhouse
2018-11-05 09:20:02 UTC
Permalink
Post by Andy Wang
David,
This is the stoken patch that you asked about on my other thread.
Thanks. Rather than adding a third copy of the same code, I've shifted
it to the generic function. Please could you test git HEAD.

Loading...