Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve support for two-factor auth + active session handling #27

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions jvpn.ini
Original file line number Diff line number Diff line change
@@ -46,6 +46,12 @@ mode=ncsvc
# format
password=interactive

# Two-Factor support:
# To use a VPN that requires username and password and some sort of pin, set:
# token=interactive
# To disable, set it to 0.
token=0

# enable host checker support. This will require JRE to run tncc.jar process.
# It is recommended to enable only if your VPN server require this
hostchecker=0
88 changes: 56 additions & 32 deletions jvpn.pl
Original file line number Diff line number Diff line change
@@ -54,8 +54,10 @@
my $mode=$Config{"mode"};
my $script=$Config{"script"};
my $cfgpass=$Config{"password"};
my $cfgtoken=$Config{"token"};
my $workdir=$Config{"workdir"};
my $password="";
my $password2="";
my $hostchecker=$Config{"hostchecker"};
my $tncc_pid = 0;

@@ -108,10 +110,40 @@
exit 1;
}


if (!defined($username) || $username eq "" || $username eq "interactive") {
print "Enter username: ";
$username=read_input();
print "\n";
}

if ($cfgpass eq "interactive") {
print "Enter Password: ";
$password=read_input("password");
print "\n";
}
elsif ($cfgpass =~ /^plaintext:(.+)/) {
print "Using user-defined password\n";
$password=$1;
chomp($password);
}
elsif ($cfgpass =~ /^helper:(.+)/) {
print "Using user-defined script to get the password\n";
$password=run_pw_helper($1);
}

if ($cfgtoken eq "interactive") {
print "Enter PIN+Tokencode: ";
$password2=read_input("password");
print "\n";
}


my $ua = LWP::UserAgent->new;
# on RHEL6 ssl_opts is not exists
if(defined &LWP::UserAgent::ssl_opts) {
$ua->ssl_opts('verify_hostname' => $verifycert);
$ua->ssl_opts('SSL_verify_mode' => $verifycert);
}
$ua->cookie_jar({});
push @{ $ua->requests_redirectable }, 'POST';
@@ -132,36 +164,26 @@
$ua->add_handler("response_done", sub { shift->dump; return });
}

if (!defined($username) || $username eq "" || $username eq "interactive") {
print "Enter username: ";
$username=read_input();
print "\n";
}

if ($cfgpass eq "interactive") {
print "Enter PIN+password: ";
$password=read_input("password");
print "\n";
}
elsif ($cfgpass =~ /^plaintext:(.+)/) {
print "Using user-defined password\n";
$password=$1;
chomp($password);
}
elsif ($cfgpass =~ /^helper:(.+)/) {
print "Using user-defined script to get the password\n";
$password=run_pw_helper($1);
}

my $response_body = '';

my $res = $ua->post("https://$dhost:$dport/dana-na/auth/$durl/login.cgi",
[ btnSubmit => 'Sign In',
password => $password,
realm => $realm,
tz => '60',
username => $username,
]);
my $res;
if ($cfgtoken eq "interactive") {
$res = $ua->post("https://$dhost:$dport/dana-na/auth/$durl/login.cgi",
[ btnSubmit => 'Sign In',
password => $password,
"password#2" => $password2,
realm => $realm,
tz => '60',
username => $username,
]);
} else {
$res = $ua->post("https://$dhost:$dport/dana-na/auth/$durl/login.cgi",
[ btnSubmit => 'Sign In',
password => $password,
realm => $realm,
tz => '60',
username => $username,
]);
}

$response_body=$res->decoded_content;
my $dsid="";
@@ -283,11 +305,13 @@
}
# active sessions found
if ($response_body =~ /id="DSIDConfirmForm"/) {
$response_body =~ m/name="FormDataStr" value="([^"]+)"/;
my $formDataStr = $1 if ($response_body =~ m/FormDataStr" value="([^"]+)/);
my $postfixSid = $1 if ($response_body =~ m/postfixSID" value="([^"]+)"/);
print "Active sessions found, reconnecting...\n";
$res = $ua->post("https://$dhost:$dport/dana-na/auth/$durl/login.cgi",
[ btnContinue => 'Continue the session',
FormDataStr => $1,
[ btnContinue => 'Close Selected Sessions and Log in',
FormDataStr => $formDataStr,
PostfixSID => $postfixSid,
]);
$response_body=$res->decoded_content;
}