Adds support for two factor authentication with password composed of fixed prefix and variable postfix

README

@@ -5,7 +5,7 @@ cookie (DSID), and then passes that cookie to a VPN client.
 
 Example usage with openconnect:
 
-./juniper-vpn.py --host vpn.example.com --user joeuser --stdin DSID=%DSID% \
+./juniper-vpn.py --host vpn.example.com --username joeuser --stdin DSID=%DSID% \
 	openconnect --juniper %HOST% --cookie-on-stdin
 
 This will connect to vpn.example.com and prompt the user for a authentication
@@ -32,6 +32,10 @@ juniper-vpn.py [-h HOST] [-u USERNAME] [-o OATH] [-c CONFIG] [-s STDIN] \
 -u --username
 	Username to authenticate with. This option is required.
 
+-p --pass_prefix
+    Optional, used for passwords composed of fixed prefix and variable postfix.
+    This is fixed prefix part.
+
 -o --oath
 	OATH key to use for OTP generation if required for authentication.
 	Key should be in hex format.

juniper-vpn.py

@@ -91,6 +91,7 @@ class juniper_vpn(object):
         self.last_action = None
         self.needs_2factor = False
         self.key = None
+        self.pass_postfix = None
 
     def find_cookie(self, name):
         for cookie in self.cj:
@@ -156,7 +157,8 @@ class juniper_vpn(object):
             else:
                 self.args.password = getpass.getpass('Password:')
                 self.needs_2factor = False
-
+        if self.args.pass_prefix:
+            self.pass_postfix = getpass.getpass("Secondary password postfix:")
         if self.needs_2factor:
             if self.args.oath:
                 self.key = hotp(self.args.oath)
@@ -169,6 +171,14 @@ class juniper_vpn(object):
         self.br.select_form(nr=0)
         self.br.form['username'] = self.args.username
         self.br.form['password'] = self.args.password
+        if self.args.pass_prefix:
+            if self.pass_postfix:
+                secondary_password = "".join([  self.args.pass_prefix,
+                                                self.pass_postfix])
+            else:
+                print 'Secondary password postfix not provided'
+                sys.exit(1)
+            self.br.form['password#2'] = secondary_password
         # Untested, a list of availables realms is provided when this
         # is necessary.
         # self.br.form['realm'] = [realm]
@@ -231,6 +241,8 @@ if __name__ == "__main__":
                         help='VPN host name')
     parser.add_argument('-u', '--username', type=str,
                         help='User name')
+    parser.add_argument('-p', '--pass_prefix', type=str,
+                        help="Secondary password prefix")
     parser.add_argument('-o', '--oath', type=str,
                         help='OATH key for two factor authentication (hex)')
     parser.add_argument('-c', '--config', type=str,
@@ -253,7 +265,7 @@ if __name__ == "__main__":
     if args.config is not None:
         config = ConfigParser.RawConfigParser()
         config.read(args.config)
-        for arg in ['username', 'host', 'password', 'oath', 'action', 'stdin']:
+        for arg in ['username', 'host', 'password', 'pass_prefix', 'oath', 'action', 'stdin']:
             if args.__dict__[arg] is None:
                 try:
                     args.__dict__[arg] = config.get('vpn', arg)

sample.cfg

@@ -6,6 +6,6 @@ password = nobodyknows
 oath = d41d8cd98f00b204e9800998ecf8427e
 
 stdin = DSID=%DSID%
-action = openconnect --juniper %HOST% --cookie-on-stdin --script-tun
-	--script "tunproxy -D 8080"
+action = openconnect --juniper %HOST% --pass_prefix=1234 --cookie-on-stdin --script-tun
+       --script "tunproxy -D 8080"