Improve support for two-factor auth + active session handling

jvpn.ini

@@ -46,6 +46,12 @@ mode=ncsvc
 # format
 password=interactive
 
+# Two-Factor support:
+# To use a VPN that requires username and password and some sort of pin, set:
+# token=interactive
+# To disable, set it to 0.
+token=0
+
 # enable host checker support. This will require JRE to run tncc.jar process.
 # It is recommended to enable only if your VPN server require this
 hostchecker=0

jvpn.pl

@@ -54,8 +54,10 @@
 my $mode=$Config{"mode"};
 my $script=$Config{"script"};
 my $cfgpass=$Config{"password"};
+my $cfgtoken=$Config{"token"};
 my $workdir=$Config{"workdir"};
 my $password="";
+my $password2="";
 my $hostchecker=$Config{"hostchecker"};
 my $tncc_pid = 0;
 
@@ -108,10 +110,40 @@
 	exit 1;
 }
 
+
+if (!defined($username) || $username eq "" || $username eq "interactive") {
+        print "Enter username: ";
+        $username=read_input();
+        print "\n";
+}
+
+if ($cfgpass eq "interactive") {
+        print "Enter Password: ";
+        $password=read_input("password");
+        print "\n";
+}
+elsif ($cfgpass =~ /^plaintext:(.+)/) {
+        print "Using user-defined password\n";
+        $password=$1;
+        chomp($password);
+}
+elsif ($cfgpass =~ /^helper:(.+)/) {
+        print "Using user-defined script to get the password\n";
+        $password=run_pw_helper($1);
+}
+
+if ($cfgtoken eq "interactive") {
+        print "Enter PIN+Tokencode: ";
+        $password2=read_input("password");
+        print "\n";
+}
+
+
 my $ua = LWP::UserAgent->new;
 # on RHEL6 ssl_opts is not exists
 if(defined &LWP::UserAgent::ssl_opts) {
     $ua->ssl_opts('verify_hostname' => $verifycert);
+    $ua->ssl_opts('SSL_verify_mode' => $verifycert);
 }
 $ua->cookie_jar({});
 push @{ $ua->requests_redirectable }, 'POST';
@@ -132,36 +164,26 @@
     $ua->add_handler("response_done", sub { shift->dump; return });
 }
 
-if (!defined($username) || $username eq "" || $username eq "interactive") {
-	print "Enter username: ";
-	$username=read_input();
-	print "\n";
-}
-
-if ($cfgpass eq "interactive") {
-	print "Enter PIN+password: ";
-	$password=read_input("password");
-	print "\n";
-}
-elsif ($cfgpass =~ /^plaintext:(.+)/) {
-	print "Using user-defined password\n";
-	$password=$1;
-	chomp($password);
-}
-elsif ($cfgpass =~ /^helper:(.+)/) {
-	print "Using user-defined script to get the password\n";
-	$password=run_pw_helper($1);
-}
-
 my $response_body = '';
-
-my $res = $ua->post("https://$dhost:$dport/dana-na/auth/$durl/login.cgi",
-	[ btnSubmit   => 'Sign In',
-	password  => $password,
-	realm => $realm,
-	tz   => '60',
-	username  => $username,
-	]);
+my $res;
+if ($cfgtoken eq "interactive") {
+	$res = $ua->post("https://$dhost:$dport/dana-na/auth/$durl/login.cgi",
+		[ btnSubmit   => 'Sign In',
+		password  => $password,
+	        "password#2" => $password2,
+		realm => $realm,
+		tz   => '60',
+		username  => $username,
+		]);
+} else {
+	$res = $ua->post("https://$dhost:$dport/dana-na/auth/$durl/login.cgi",
+		[ btnSubmit   => 'Sign In',
+		password  => $password,
+		realm => $realm,
+		tz   => '60',
+		username  => $username,
+		]);
+}
 
 $response_body=$res->decoded_content;
 my $dsid="";
@@ -283,11 +305,13 @@
 	}
 	# active sessions found
 	if ($response_body =~ /id="DSIDConfirmForm"/) {
-		$response_body =~ m/name="FormDataStr" value="([^"]+)"/;
+		my $formDataStr = $1 if ($response_body =~ m/FormDataStr" value="([^"]+)/);
+                my $postfixSid = $1 if ($response_body =~ m/postfixSID" value="([^"]+)"/);
 		print "Active sessions found, reconnecting...\n";
 		$res = $ua->post("https://$dhost:$dport/dana-na/auth/$durl/login.cgi",
-			[ btnContinue   => 'Continue the session',
-			FormDataStr  => $1,
+			[ btnContinue   => 'Close Selected Sessions and Log in',
+			FormDataStr  => $formDataStr,
+                        PostfixSID   => $postfixSid,
 			]);
 		$response_body=$res->decoded_content;
 	}