From 2ce5956a14f773736b4ba1c843ef4d86bbb5d639 Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Tue, 15 Aug 2017 09:19:26 -0700
Subject: [PATCH] use can_gen_tokencode() in auth-globalprotect.c

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---
 auth-globalprotect.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/auth-globalprotect.c b/auth-globalprotect.c
index 32410592..998308b7 100644
--- a/auth-globalprotect.c
+++ b/auth-globalprotect.c
@@ -65,10 +65,14 @@ static struct oc_auth_form *auth_form(struct openconnect_info *vpninfo,
 		goto nomem;
 	opt2->name = strdup("passwd");
 	opt2->label = auth_id ? strdup(_("Challenge: ")) : strdup(_("Password: "));
-	if (vpninfo->token_mode == OC_TOKEN_MODE_NONE)
-		opt2->type = OC_FORM_OPT_PASSWORD;
+
+	/* XX: Some VPNs use a password in the first form, followed by a
+	 * a token in the second ("challenge") form. Others use only a
+	 * token. How can we distinguish these? */
+	if (!can_gen_tokencode(vpninfo, form, opt2))
+		opt2->type = OC_FORM_OPT_TOKEN;
 	else
-		opt2->type = OC_FORM_OPT_TOKEN; /* Don't we normally have to check can_gen_tokencode()? */
+		opt2->type = OC_FORM_OPT_PASSWORD;
 
 	return form;
 }
-- 
2.49.0