From 1ff34cb9689fbaf57decac537df1e32e799bb9c7 Mon Sep 17 00:00:00 2001
From: Janne Juntunen <janne.juntunen@hermanit.fi>
Date: Tue, 29 Nov 2016 22:37:22 +0000
Subject: [PATCH] Add support for Google Authenticator 2fa on Juniper VPN

We resently changed our Juniper VPN from SMS 2fa to use Google
Authenticator instead. Before it worked perfectly with "openconnect
--juniper" switch, but after the change all we got was:

Unknown form ID 'frmTotpToken'
and a dump of the form.

I spent some time debugging the issue, and managed to write a very
simple fix for it.

Signed-off-by: Janne Juntunen <janne.juntunen@hermanit.fi>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---
 auth-juniper.c    | 9 ++++++++-
 www/changelog.xml | 1 +
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/auth-juniper.c b/auth-juniper.c
index d54d8039..4b889d6b 100644
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -76,7 +76,8 @@ static int oncp_can_gen_tokencode(struct openconnect_info *vpninfo,
 		return -EINVAL;
 
 	if (strcmp(form->auth_id, "frmDefender") &&
-	    strcmp(form->auth_id, "frmNextToken"))
+	    strcmp(form->auth_id, "frmNextToken") &&
+	    strcmp(form->auth_id, "ftmTotpToken"))
 		return -EINVAL;
 
 	return can_gen_tokencode(vpninfo, form, opt);
@@ -671,6 +672,12 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo)
 				break;
 			}
 			role_select = 1;
+		} else if (!strcmp(form_id, "frmTotpToken")) {
+			form = parse_form_node(vpninfo, node, "totpactionEnter");
+			if (!form) {
+				ret = -EINVAL;
+				break;
+			}
 		} else {
 			vpn_progress(vpninfo, PRG_ERR,
 				     _("Unknown form ID '%s'\n"),
diff --git a/www/changelog.xml b/www/changelog.xml
index f5df1fdc..803df107 100644
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -16,6 +16,7 @@
    <li><b>OpenConnect HEAD</b>
      <ul>
        <li>Fix portability of shell scripts in test suite.</li>
+       <li>Add Google Authenticator TOTP support for Juniper.</li>
      </ul><br/>
   </li>
   <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz">OpenConnect v7.08</a></b>