diff --git a/README b/README index f0ef7c3..b16db26 100644 --- a/README +++ b/README @@ -5,7 +5,7 @@ cookie (DSID), and then passes that cookie to a VPN client. Example usage with openconnect: -./juniper-vpn.py --host vpn.example.com --user joeuser --stdin DSID=%DSID% \ +./juniper-vpn.py --host vpn.example.com --username joeuser --stdin DSID=%DSID% \ openconnect --juniper %HOST% --cookie-on-stdin This will connect to vpn.example.com and prompt the user for a authentication @@ -32,6 +32,10 @@ juniper-vpn.py [-h HOST] [-u USERNAME] [-o OATH] [-c CONFIG] [-s STDIN] \ -u --username Username to authenticate with. This option is required. +-p --pass_prefix + Optional, used for passwords composed of fixed prefix and variable postfix. + This is fixed prefix part. + -o --oath OATH key to use for OTP generation if required for authentication. Key should be in hex format. diff --git a/juniper-vpn.py b/juniper-vpn.py index d01ded1..62d9f97 100755 --- a/juniper-vpn.py +++ b/juniper-vpn.py @@ -91,6 +91,7 @@ class juniper_vpn(object): self.last_action = None self.needs_2factor = False self.key = None + self.pass_postfix = None def find_cookie(self, name): for cookie in self.cj: @@ -156,7 +157,8 @@ class juniper_vpn(object): else: self.args.password = getpass.getpass('Password:') self.needs_2factor = False - + if self.args.pass_prefix: + self.pass_postfix = getpass.getpass("Secondary password postfix:") if self.needs_2factor: if self.args.oath: self.key = hotp(self.args.oath) @@ -169,6 +171,14 @@ class juniper_vpn(object): self.br.select_form(nr=0) self.br.form['username'] = self.args.username self.br.form['password'] = self.args.password + if self.args.pass_prefix: + if self.pass_postfix: + secondary_password = "".join([ self.args.pass_prefix, + self.pass_postfix]) + else: + print 'Secondary password postfix not provided' + sys.exit(1) + self.br.form['password#2'] = secondary_password # Untested, a list of availables realms is provided when this # is necessary. # self.br.form['realm'] = [realm] @@ -231,6 +241,8 @@ if __name__ == "__main__": help='VPN host name') parser.add_argument('-u', '--username', type=str, help='User name') + parser.add_argument('-p', '--pass_prefix', type=str, + help="Secondary password prefix") parser.add_argument('-o', '--oath', type=str, help='OATH key for two factor authentication (hex)') parser.add_argument('-c', '--config', type=str, @@ -253,7 +265,7 @@ if __name__ == "__main__": if args.config is not None: config = ConfigParser.RawConfigParser() config.read(args.config) - for arg in ['username', 'host', 'password', 'oath', 'action', 'stdin']: + for arg in ['username', 'host', 'password', 'pass_prefix', 'oath', 'action', 'stdin']: if args.__dict__[arg] is None: try: args.__dict__[arg] = config.get('vpn', arg) diff --git a/sample.cfg b/sample.cfg index 098a969..232ba48 100644 --- a/sample.cfg +++ b/sample.cfg @@ -6,6 +6,6 @@ password = nobodyknows oath = d41d8cd98f00b204e9800998ecf8427e stdin = DSID=%DSID% -action = openconnect --juniper %HOST% --cookie-on-stdin --script-tun - --script "tunproxy -D 8080" +action = openconnect --juniper %HOST% --pass_prefix=1234 --cookie-on-stdin --script-tun + --script "tunproxy -D 8080"