From: Daniel Lenski <dlenski@gmail.com>
Date: Tue, 15 Aug 2017 16:19:26 +0000 (-0700)
Subject: use can_gen_tokencode() in auth-globalprotect.c
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=f83484c3b51a35b2434870d51bf302ba13ed19b3;p=users%2Fdwmw2%2Fopenconnect.git

use can_gen_tokencode() in auth-globalprotect.c

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---

diff --git a/auth-globalprotect.c b/auth-globalprotect.c
index 32410592..998308b7 100644
--- a/auth-globalprotect.c
+++ b/auth-globalprotect.c
@@ -65,10 +65,14 @@ static struct oc_auth_form *auth_form(struct openconnect_info *vpninfo,
 		goto nomem;
 	opt2->name = strdup("passwd");
 	opt2->label = auth_id ? strdup(_("Challenge: ")) : strdup(_("Password: "));
-	if (vpninfo->token_mode == OC_TOKEN_MODE_NONE)
-		opt2->type = OC_FORM_OPT_PASSWORD;
+
+	/* XX: Some VPNs use a password in the first form, followed by a
+	 * a token in the second ("challenge") form. Others use only a
+	 * token. How can we distinguish these? */
+	if (!can_gen_tokencode(vpninfo, form, opt2))
+		opt2->type = OC_FORM_OPT_TOKEN;
 	else
-		opt2->type = OC_FORM_OPT_TOKEN; /* Don't we normally have to check can_gen_tokencode()? */
+		opt2->type = OC_FORM_OPT_PASSWORD;
 
 	return form;
 }