Signed-off-by: Daniel Lenski <dlenski at gmail.com>
---
auth-globalprotect.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/auth-globalprotect.c b/auth-globalprotect.c
index ca6748c..e5183c2 100644
--- a/auth-globalprotect.c
+++ b/auth-globalprotect.c
@@ -65,10 +65,14 @@ static struct oc_auth_form *auth_form(struct openconnect_info *vpninfo,
goto nomem;
opt2->name = strdup("passwd");
opt2->label = auth_id ? strdup(_("Challenge: ")) : strdup(_("Password: "));
- if (vpninfo->token_mode == OC_TOKEN_MODE_NONE)
+
+ /* XX: Some VPNs use a password in the first form, followed by a
+ * a token in the second ("challenge") form. Others use only a
+ * token. How can we distinguish these? */
+ if (!can_gen_tokencode(vpninfo, form, opt2))
+ opt2->type = OC_FORM_OPT_TOKEN;
+ else
opt2->type = OC_FORM_OPT_PASSWORD;
- else
- opt2->type = OC_FORM_OPT_TOKEN; /* Don't we normally have to check can_gen_tokencode()? */
return form;
}
--
2.7.4
