Extend OTP support to also allow using FTM push #728
Conversation
fvanderveen
force-pushed
the
otp/add-ftm-push-support
branch
from
1bc3312 to
9458ee5
Compare
|
Looks good to me. |
|
Maybe the help output and the man page should be updated? |
@mrbaseman @DimitriPapadopoulos I didn't really add any options. Though this comment made me think it might be useful to add an opt-out option for this. So I added a commit that adds I tried figuring out if I could somehow add this to the config file as well; but I couldn't find a nice way to do so. If either of you think it's necessary to be possible through the config file as well; some help on what direction would be nice. |
|
the config file is loaded here in load_config in config.c and merged with the command line options at a later stage |
fvanderveen
force-pushed
the
otp/add-ftm-push-support
branch
from
7d5be42 to
604fe2e
Compare
|
@mrbaseman thanks; I think I got everything now. Please have a look again :). |
fvanderveen
force-pushed
the
otp/add-ftm-push-support
branch
from
604fe2e to
7cc78a2
Compare
|
I rebased this due to a merge conflict in Did a small smoke test for FTM push, as well as checking if One thing I noticed, while testing after the rebase, is that our fortinet server returned a http/405 when sending both |
|
Looks good to me. Thank you for taking the extra time to re-check after the last rebase. Would you agree to squashing these commits into a single commit? Otherwise it might be worth intercepting communication between FortiClient and the Fortinet appliance to make sure there are no other parameters like Finally we still have this issue with Travis CI. I really don't know how to fix it without looking into the repository settings. Perhaps this branch has inherited incorrect ties to Travis CI from before #732. |
|
@DimitriPapadopoulos looked at what the windows forti vpn client does; and even though it receives a I don't want to assume that this is always going to be the case. It could be something simple as the client recognizing As I don't have access to configure this server, I cannot really test what the multi-portal functionality would do with ftmpush. (I'd like to err on the side of caution here; and just send it along. It doesn't seem to break anything here.) I'm fine with squashing these commits, don't think there is anything too useful to keep in the separate commit messages that isn't also mentioned in this PR. |
|
Great. Just squash the commits then, I think we're ready to integrate them. Thank you so much for your patience. |
If the server claims it's supported (from the initial login response); send the request for a push notification. If an OTP is specified using `--otp=` or through the configuration file, the given OTP will be used, no matter what the server initially responded with. Use `--no-ftm-push` to disable this altogether.
fvanderveen
force-pushed
the
otp/add-ftm-push-support
branch
from
7cc78a2 to
2f16d96
Compare
|
@DimitriPapadopoulos ah, I thought it would be an option in github when merging the branch; maybe I'm spoiled by this option existing in gitlab :). I've squashed the commits, and added some description into the commit message, just in case that helps someone in the future. |
|
@DimitriPapadopoulos Squashing the commits during merge is also possible here. Unfortunately Github is now waiting for Status to be reported back, I think from Travis ci |
|
Oh sure, it's an option in GitHub too. But I think we cannot both rebase and squash - and sometimes you need both by the time you merge. Yes, Travis CI still doesn't work on this PR. Perhaps we can test this commit locally and then ask @adrienverge to merge. |
I believe the "Squash and merge" button actually squashes and rebases (so it's awkwardly named).
Sure, just ping me when needed. |
|
@adrienverge The |
|
Sure! |
In our organization, the fortinet server is configured to be able to send a push notification to the FortiToken app. I figured I could give it a shot to add this feature to this client :).
Checking the requests the official client sends for this, I found it sends
ftmpush=1instead of thecode=<OTP>&code2=data in thelogincheckpost.I've done my best to keep the code around this as clean as I could, but my C++ isn't that strong.
The code does what I want it to do though; it sends me a push notification if I don't pre-configure the OTP, and uses the given OTP if I run
openfortivpnwith the--otp=<OTP>option.