* Do not overwrite global password variable in run_pw_helper().
* Print a helpful error message if executing a helper script for passwords failed.
* Print a helpful error message if the SSL-VPN appliance is requesting that the password be changed before login.
* Allow usage of the password#2 field (usually via a helper script that pops up a kdialog or similar asking for the next token code).
diff --git a/jvpn.pl b/jvpn.pl
index 1f42ef3..8a2f270 100755
--- a/jvpn.pl
+++ b/jvpn.pl
@@ -54,8 +54,10 @@ my $verifycert=$Config{"verifycert"};
my $mode=$Config{"mode"};
my $script=$Config{"script"};
my $cfgpass=$Config{"password"};
+my $cfgpass2=$Config{"password2"};
my $workdir=$Config{"workdir"};
my $password="";
+my $password2="";
my $hostchecker=$Config{"hostchecker"};
my $tncc_pid = 0;
@@ -86,6 +88,14 @@ if(defined $cfgpass){
}
else { $cfgpass="interactive"; }
+if(defined $cfgpass2){
+ if($cfgpass2 !~ /^(interactive|helper:|plaintext:)/) {
+ print "Configuration error: password is set incorrectly ($cfgpass2), check jvpn.ini\n";
+ exit 1;
+ }
+}
+else { $cfgpass2="none"; }
+
# set host checker mode
$hostchecker=0 if !defined($mode);
# set default url if needed
@@ -153,11 +163,30 @@ elsif ($cfgpass =~ /^helper:(.+)/) {
$password=run_pw_helper($1);
}
+if ($cfgpass2 eq "none") {
+ $password2="";
+}
+elsif ($cfgpass2 eq "interactive") {
+ print "Enter token code: ";
+ $password2=read_input("password");
+ print "\n";
+}
+elsif ($cfgpass2 =~ /^plaintext:(.+)/) {
+ print "Using user-defined password#2\n";
+ $password2=$1;
+ chomp($password2);
+}
+elsif ($cfgpass2 =~ /^helper:(.+)/) {
+ print "Using user-defined script to get the password#2\n";
+ $password2=run_pw_helper($1);
+}
+
my $response_body = '';
my $res = $ua->post("https://$dhost:$dport/dana-na/auth/$durl/login.cgi",
[ btnSubmit => 'Sign In',
password => $password,
+ 'password#2' => $password2,
realm => $realm,
tz => '60',
username => $username,
@@ -281,6 +310,12 @@ if ($res->is_success) {
$narsocket->close();
}
}
+
+ if ($response_body =~ /passwordChange/) {
+ print "The password for the account needs to be changed due to server-side policy, use the web interface to change it.\n";
+ exit 1;
+ }
+
# active sessions found
if ($response_body =~ /id="DSIDConfirmForm"/) {
$response_body =~ m/name="FormDataStr" value="([^"]+)"/;
@@ -689,12 +724,16 @@ sub parse_config_file {
sub run_pw_helper {
my $pw_script="";
+ my $pwd;
($pw_script) = @_;
if (-x $pw_script){
- $password=`$pw_script`;
- chomp $password;
+ $pwd=`$pw_script`;
+ chomp $pwd;
+ } else {
+ print "Could not find password helper script ($pw_script), check jvpn.ini.";
+ exit 1;
}
- return $password;
+ return $pwd;
}
sub tncc_start {
* Do not overwrite global password variable in run_pw_helper(). * Print a helpful error message if executing a helper script for passwords failed. * Print a helpful error message if the SSL-VPN appliance is requesting that the password be changed before login. * Allow usage of the password#2 field (usually via a helper script that pops up a kdialog or similar asking for the next token code). diff --git a/jvpn.pl b/jvpn.pl index 1f42ef3..8a2f270 100755 --- a/jvpn.pl +++ b/jvpn.pl @@ -54,8 +54,10 @@ my $verifycert=$Config{"verifycert"}; my $mode=$Config{"mode"}; my $script=$Config{"script"}; my $cfgpass=$Config{"password"}; +my $cfgpass2=$Config{"password2"}; my $workdir=$Config{"workdir"}; my $password=""; +my $password2=""; my $hostchecker=$Config{"hostchecker"}; my $tncc_pid = 0; @@ -86,6 +88,14 @@ if(defined $cfgpass){ } else { $cfgpass="interactive"; } +if(defined $cfgpass2){ + if($cfgpass2 !~ /^(interactive|helper:|plaintext:)/) { + print "Configuration error: password is set incorrectly ($cfgpass2), check jvpn.ini\n"; + exit 1; + } +} +else { $cfgpass2="none"; } + # set host checker mode $hostchecker=0 if !defined($mode); # set default url if needed @@ -153,11 +163,30 @@ elsif ($cfgpass =~ /^helper:(.+)/) { $password=run_pw_helper($1); } +if ($cfgpass2 eq "none") { + $password2=""; +} +elsif ($cfgpass2 eq "interactive") { + print "Enter token code: "; + $password2=read_input("password"); + print "\n"; +} +elsif ($cfgpass2 =~ /^plaintext:(.+)/) { + print "Using user-defined password#2\n"; + $password2=$1; + chomp($password2); +} +elsif ($cfgpass2 =~ /^helper:(.+)/) { + print "Using user-defined script to get the password#2\n"; + $password2=run_pw_helper($1); +} + my $response_body = ''; my $res = $ua->post("https://$dhost:$dport/dana-na/auth/$durl/login.cgi", [ btnSubmit => 'Sign In', password => $password, + 'password#2' => $password2, realm => $realm, tz => '60', username => $username, @@ -281,6 +310,12 @@ if ($res->is_success) { $narsocket->close(); } } + + if ($response_body =~ /passwordChange/) { + print "The password for the account needs to be changed due to server-side policy, use the web interface to change it.\n"; + exit 1; + } + # active sessions found if ($response_body =~ /id="DSIDConfirmForm"/) { $response_body =~ m/name="FormDataStr" value="([^"]+)"/; @@ -689,12 +724,16 @@ sub parse_config_file { sub run_pw_helper { my $pw_script=""; + my $pwd; ($pw_script) = @_; if (-x $pw_script){ - $password=`$pw_script`; - chomp $password; + $pwd=`$pw_script`; + chomp $pwd; + } else { + print "Could not find password helper script ($pw_script), check jvpn.ini."; + exit 1; } - return $password; + return $pwd; } sub tncc_start {