Commit 51f8feb6 authored by James Laird-Wah's avatar James Laird-Wah

Recognise auth forms named "challenge" as token requests

This was found in the wild on an AnyConnect instance which is hooked up
to a Microsoft 2FA platform.
Signed-off-by: default avatarJames Laird-Wah <james-oc@laird-wah.net>
parent c74da956
......@@ -893,7 +893,8 @@ static int cstp_can_gen_tokencode(struct openconnect_info *vpninfo,
}
#endif
/* Otherwise it's an OATH token of some kind. */
if (strcmp(opt->name, "secondary_password"))
if (strcmp(opt->name, "secondary_password") &&
(!form->auth_id || strcmp(form->auth_id, "challenge")))
return -EINVAL;
return can_gen_tokencode(vpninfo, form, opt);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment