[PATCH] request otp password always as secondary_password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This fixes the openconnect --token-mode in conjunction with ocserv's OATH and password file.
Otherwise the openconnect client is not able to distinguish a normal password prompt from the OTP request.

Signed-off-by: Andrew Karpow <andy at ndyk.de>
---
 src/auth/plain.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/auth/plain.c b/src/auth/plain.c
index 55cd1a0..2c65d8a 100644
--- a/src/auth/plain.c
+++ b/src/auth/plain.c
@@ -367,7 +367,11 @@ static int plain_auth_msg(void *ctx, void *pool, passwd_msg_st *pst)
 
 	if (pctx->pass_msg)
 		pst->msg_str = talloc_strdup(pool, pctx->pass_msg);
-	pst->counter = 0; /* we support a single password */
+
+	if(pctx->cpass[0] == 0)
+		pst->counter = 1; /* request otp as password_secondary */
+	else
+		pst->counter = 0; /* we support a single password */
 
 	/* use the default prompt */
 	return 0;
-- 
2.8.3




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux