Commit f836b973 authored by Kevin Cernekee's avatar Kevin Cernekee Committed by David Woodhouse

auth: stoken: Fix handling of "Next TOKENCODE" prompt

This needs to allow for input elements named "answer" instead of
"password", and it needs to check form->message instead of the label
attribute for the "Next TOKENCODE" prompt.
Signed-off-by: default avatarKevin Cernekee <cernekee@gmail.com>
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 8e1fda4f
......@@ -43,7 +43,8 @@
static int xmlpost_append_form_opts(struct openconnect_info *vpninfo,
struct oc_auth_form *form, char *body, int bodylen);
static int can_gen_tokencode(struct openconnect_info *vpninfo, struct oc_form_opt *opt);
static int can_gen_tokencode(struct openconnect_info *vpninfo,
struct oc_auth_form *form, struct oc_form_opt *opt);
static int do_gen_tokencode(struct openconnect_info *vpninfo, struct oc_auth_form *form);
static int append_opt(char *body, int bodylen, char *opt, char *name)
......@@ -235,7 +236,7 @@ static int parse_form(struct openconnect_info *vpninfo, struct oc_auth_form *for
} else if (!strcmp(input_type, "text"))
opt->type = OC_FORM_OPT_TEXT;
else if (!strcmp(input_type, "password")) {
if (vpninfo->use_stoken && !can_gen_tokencode(vpninfo, opt))
if (vpninfo->use_stoken && !can_gen_tokencode(vpninfo, form, opt))
opt->type = OC_FORM_OPT_STOKEN;
else
opt->type = OC_FORM_OPT_PASSWORD;
......@@ -980,16 +981,19 @@ int prepare_stoken(struct openconnect_info *vpninfo)
* < 0, if unable to generate a tokencode
* = 0, on success
*/
static int can_gen_tokencode(struct openconnect_info *vpninfo, struct oc_form_opt *opt)
static int can_gen_tokencode(struct openconnect_info *vpninfo, struct oc_auth_form *form,
struct oc_form_opt *opt)
{
#ifdef LIBSTOKEN_HDR
if (strcmp(opt->name, "password") || vpninfo->stoken_bypassed)
if ((strcmp(opt->name, "password") && strcmp(opt->name, "answer")) ||
vpninfo->stoken_bypassed)
return -EINVAL;
if (vpninfo->stoken_tries == 0) {
vpn_progress(vpninfo, PRG_DEBUG,
_("OK to generate INITIAL tokencode\n"));
vpninfo->stoken_time = 0;
} else if (vpninfo->stoken_tries == 1 && strcasestr(opt->label, "next")) {
} else if (vpninfo->stoken_tries == 1 && form->message &&
strcasestr(form->message, "next tokencode")) {
vpn_progress(vpninfo, PRG_DEBUG,
_("OK to generate NEXT tokencode\n"));
vpninfo->stoken_time += 60;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment