From f836b973b9e46eea5ff70a889283a8ad1ee4a480 Mon Sep 17 00:00:00 2001
From: Kevin Cernekee <cernekee@gmail.com>
Date: Sat, 16 Feb 2013 16:18:07 -0800
Subject: [PATCH] auth: stoken: Fix handling of "Next TOKENCODE" prompt

This needs to allow for input elements named "answer" instead of
"password", and it needs to check form->message instead of the label
attribute for the "Next TOKENCODE" prompt.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
 auth.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/auth.c b/auth.c
index 59587f13..da0c0294 100644
--- a/auth.c
+++ b/auth.c
@@ -43,7 +43,8 @@
 
 static int xmlpost_append_form_opts(struct openconnect_info *vpninfo,
 				    struct oc_auth_form *form, char *body, int bodylen);
-static int can_gen_tokencode(struct openconnect_info *vpninfo, struct oc_form_opt *opt);
+static int can_gen_tokencode(struct openconnect_info *vpninfo,
+			     struct oc_auth_form *form, struct oc_form_opt *opt);
 static int do_gen_tokencode(struct openconnect_info *vpninfo, struct oc_auth_form *form);
 
 static int append_opt(char *body, int bodylen, char *opt, char *name)
@@ -235,7 +236,7 @@ static int parse_form(struct openconnect_info *vpninfo, struct oc_auth_form *for
 		} else if (!strcmp(input_type, "text"))
 			opt->type = OC_FORM_OPT_TEXT;
 		else if (!strcmp(input_type, "password")) {
-			if (vpninfo->use_stoken && !can_gen_tokencode(vpninfo, opt))
+			if (vpninfo->use_stoken && !can_gen_tokencode(vpninfo, form, opt))
 				opt->type = OC_FORM_OPT_STOKEN;
 			else
 				opt->type = OC_FORM_OPT_PASSWORD;
@@ -980,16 +981,19 @@ int prepare_stoken(struct openconnect_info *vpninfo)
  *  < 0, if unable to generate a tokencode
  *  = 0, on success
  */
-static int can_gen_tokencode(struct openconnect_info *vpninfo, struct oc_form_opt *opt)
+static int can_gen_tokencode(struct openconnect_info *vpninfo, struct oc_auth_form *form,
+			     struct oc_form_opt *opt)
 {
 #ifdef LIBSTOKEN_HDR
-	if (strcmp(opt->name, "password") || vpninfo->stoken_bypassed)
+	if ((strcmp(opt->name, "password") && strcmp(opt->name, "answer")) ||
+	    vpninfo->stoken_bypassed)
 		return -EINVAL;
 	if (vpninfo->stoken_tries == 0) {
 		vpn_progress(vpninfo, PRG_DEBUG,
 			     _("OK to generate INITIAL tokencode\n"));
 		vpninfo->stoken_time = 0;
-	} else if (vpninfo->stoken_tries == 1 && strcasestr(opt->label, "next")) {
+	} else if (vpninfo->stoken_tries == 1 && form->message &&
+		   strcasestr(form->message, "next tokencode")) {
 		vpn_progress(vpninfo, PRG_DEBUG,
 			     _("OK to generate NEXT tokencode\n"));
 		vpninfo->stoken_time += 60;