use can_gen_tokencode() in auth-globalprotect.c

author Daniel Lenski <dlenski@gmail.com>

Tue, 15 Aug 2017 16:19:26 +0000 (09:19 -0700)

committer David Woodhouse <dwmw2@infradead.org>

Tue, 27 Feb 2018 15:27:03 +0000 (16:27 +0100)
author Daniel Lenski <dlenski@gmail.com>
Tue, 15 Aug 2017 16:19:26 +0000 (09:19 -0700)
committer David Woodhouse <dwmw2@infradead.org>
Tue, 27 Feb 2018 15:27:03 +0000 (16:27 +0100)
diff --git a/auth-globalprotect.c b/auth-globalprotect.c

index 324105928b0d8a2b3b34c247a02e52864d113e3f..998308b74d229426cd90739d5d2f7f15b3091bd6 100644 (file)
--- a/auth-globalprotect.c
+++ b/auth-globalprotect.c
@@ -65,10 +65,14 @@ static struct oc_auth_form *auth_form(struct openconnect_info *vpninfo,
                 goto nomem;
         opt2->name = strdup("passwd");
         opt2->label = auth_id ? strdup(_("Challenge: ")) : strdup(_("Password: "));
-       if (vpninfo->token_mode == OC_TOKEN_MODE_NONE)
-               opt2->type = OC_FORM_OPT_PASSWORD;
+
+       /* XX: Some VPNs use a password in the first form, followed by a
+        * a token in the second ("challenge") form. Others use only a
+        * token. How can we distinguish these? */
+       if (!can_gen_tokencode(vpninfo, form, opt2))
+               opt2->type = OC_FORM_OPT_TOKEN;
         else
-               opt2->type = OC_FORM_OPT_TOKEN; /* Don't we normally have to check can_gen_tokencode()? */
+               opt2->type = OC_FORM_OPT_PASSWORD;
  
         return form;
  }
author	Daniel Lenski <dlenski@gmail.com>
	Tue, 15 Aug 2017 16:19:26 +0000 (09:19 -0700)
committer	David Woodhouse <dwmw2@infradead.org>
	Tue, 27 Feb 2018 15:27:03 +0000 (16:27 +0100)