More support for AnyConnect 2FA
Hi,
I'm connecting to an AnyConnect VPN which has 2FA wired up. The inbuilt logic, as of today's git master, doesn't detect the challenge form, which looks like this:
<auth id="challenge">
<title>Login</title>
<message id="2" param1="Enter Your Microsoft verification code" param2="">%s</message>
<form>
<input type="password" name="answer" label="Response:"></input>
<input type="submit" name="Continue" label="continue"></input>
</form>
</auth>
I was able to get this working nicely with the following patch, but I'm not sure if this is the optimal approach?
diff --git a/auth.c b/auth.c
index 83c186d..e476775 100644
--- a/auth.c
+++ b/auth.c
@@ -893,7 +893,8 @@ static int cstp_can_gen_tokencode(struct openconnect_info *vpninfo,
}
#endif
/* Otherwise it's an OATH token of some kind. */
- if (strcmp(opt->name, "secondary_password"))
+ if (strcmp(opt->name, "secondary_password") &&
+ (!form->auth_id || strcmp(form->auth_id, "challenge")))
return -EINVAL;
return can_gen_tokencode(vpninfo, form, opt);