Add support for Google Authenticator 2fa on Juniper VPN

We resently changed our Juniper VPN from SMS 2fa to use Google
Authenticator instead. Before it worked perfectly with "openconnect
--juniper" switch, but after the change all we got was:

Unknown form ID 'frmTotpToken'
and a dump of the form.

I spent some time debugging the issue, and managed to write a very
simple fix for it.

Signed-off-by: Janne Juntunen <janne.juntunen@hermanit.fi>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

auth-juniper.c

@@ -76,7 +76,8 @@ static int oncp_can_gen_tokencode(struct openconnect_info *vpninfo,
 		return -EINVAL;
 
 	if (strcmp(form->auth_id, "frmDefender") &&
-	    strcmp(form->auth_id, "frmNextToken"))
+	    strcmp(form->auth_id, "frmNextToken") &&
+	    strcmp(form->auth_id, "ftmTotpToken"))
 		return -EINVAL;
 
 	return can_gen_tokencode(vpninfo, form, opt);
@@ -671,6 +672,12 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo)
 				break;
 			}
 			role_select = 1;
+		} else if (!strcmp(form_id, "frmTotpToken")) {
+			form = parse_form_node(vpninfo, node, "totpactionEnter");
+			if (!form) {
+				ret = -EINVAL;
+				break;
+			}
 		} else {
 			vpn_progress(vpninfo, PRG_ERR,
 				     _("Unknown form ID '%s'\n"),

www/changelog.xml

@@ -16,6 +16,7 @@
    <li><b>OpenConnect HEAD</b>
      <ul>
        <li>Fix portability of shell scripts in test suite.</li>
+       <li>Add Google Authenticator TOTP support for Juniper.</li>
      </ul><br/>
   </li>
   <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz">OpenConnect v7.08</a></b>