jvpn
jvpn copied to clipboard
samm-git
add support for password#2 field
* Do not overwrite global password variable in run_pw_helper().
* Print a helpful error message if executing a helper script for passwords failed.
* Print a helpful error message if the SSL-VPN appliance is requesting that the password be changed before login.
* Allow usage of the password#2 field (usually via a helper script that pops up a kdialog or similar asking for the next token code).
diff --git a/jvpn.pl b/jvpn.pl
index 1f42ef3..8a2f270 100755
--- a/jvpn.pl
+++ b/jvpn.pl
@@ -54,8 +54,10 @@ my $verifycert=$Config{"verifycert"};
my $mode=$Config{"mode"};
my $script=$Config{"script"};
my $cfgpass=$Config{"password"};
+my $cfgpass2=$Config{"password2"};
my $workdir=$Config{"workdir"};
my $password="";
+my $password2="";
my $hostchecker=$Config{"hostchecker"};
my $tncc_pid = 0;
@@ -86,6 +88,14 @@ if(defined $cfgpass){
}
else { $cfgpass="interactive"; }
+if(defined $cfgpass2){
+ if($cfgpass2 !~ /^(interactive|helper:|plaintext:)/) {
+ print "Configuration error: password is set incorrectly ($cfgpass2), check jvpn.ini\n";
+ exit 1;
+ }
+}
+else { $cfgpass2="none"; }
+
# set host checker mode
$hostchecker=0 if !defined($mode);
# set default url if needed
@@ -153,11 +163,30 @@ elsif ($cfgpass =~ /^helper:(.+)/) {
$password=run_pw_helper($1);
}
+if ($cfgpass2 eq "none") {
+ $password2="";
+}
+elsif ($cfgpass2 eq "interactive") {
+ print "Enter token code: ";
+ $password2=read_input("password");
+ print "\n";
+}
+elsif ($cfgpass2 =~ /^plaintext:(.+)/) {
+ print "Using user-defined password#2\n";
+ $password2=$1;
+ chomp($password2);
+}
+elsif ($cfgpass2 =~ /^helper:(.+)/) {
+ print "Using user-defined script to get the password#2\n";
+ $password2=run_pw_helper($1);
+}
+
my $response_body = '';
my $res = $ua->post("https://$dhost:$dport/dana-na/auth/$durl/login.cgi",
[ btnSubmit => 'Sign In',
password => $password,
+ 'password#2' => $password2,
realm => $realm,
tz => '60',
username => $username,
@@ -281,6 +310,12 @@ if ($res->is_success) {
$narsocket->close();
}
}
+
+ if ($response_body =~ /passwordChange/) {
+ print "The password for the account needs to be changed due to server-side policy, use the web interface to change it.\n";
+ exit 1;
+ }
+
# active sessions found
if ($response_body =~ /id="DSIDConfirmForm"/) {
$response_body =~ m/name="FormDataStr" value="([^"]+)"/;
@@ -689,12 +724,16 @@ sub parse_config_file {
sub run_pw_helper {
my $pw_script="";
+ my $pwd;
($pw_script) = @_;
if (-x $pw_script){
- $password=`$pw_script`;
- chomp $password;
+ $pwd=`$pw_script`;
+ chomp $pwd;
+ } else {
+ print "Could not find password helper script ($pw_script), check jvpn.ini.";
+ exit 1;
}
- return $password;
+ return $pwd;
}
sub tncc_start {
