The credentials are marked "invalid" at transition from handshake to application data phase only to prevent initial handshake problems from popping-up credential prompt when credentials have nothing to do with the connection failure.

This commit is contained in:
2016-08-25 13:08:11 +02:00
parent 2857b2edd2
commit 6077063599
3 changed files with 11 additions and 3 deletions

View File

@@ -549,7 +549,7 @@ namespace eap
phase_handshake_cont, ///< Handshake continue
phase_application_data, ///< Exchange application data
phase_shutdown, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
} m_phase, m_phase_prev; ///< What phase is our communication at?
#endif
// The following members are required to avoid memory leakage in get_result()

View File

@@ -134,6 +134,7 @@ eap::method_tls::method_tls(_In_ module &module, _In_ config_connection &cfg, _I
m_seq_num_server(0),
#else
m_phase(phase_unknown),
m_phase_prev(phase_unknown),
#endif
m_blob_cfg(NULL),
#ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
@@ -185,6 +186,7 @@ eap::method_tls::method_tls(_Inout_ method_tls &&other) :
m_sc_queue (std::move(other.m_sc_queue )),
m_sc_ctx (std::move(other.m_sc_ctx )),
m_phase (std::move(other.m_phase )),
m_phase_prev (std::move(other.m_phase_prev )),
#endif
method (std::move(other ))
{
@@ -252,6 +254,7 @@ eap::method_tls& eap::method_tls::operator=(_Inout_ method_tls &&other)
m_sc_queue = std::move(other.m_sc_queue );
m_sc_ctx = std::move(other.m_sc_ctx );
m_phase = std::move(other.m_phase );
m_phase_prev = std::move(other.m_phase_prev );
#endif
}
@@ -585,6 +588,7 @@ void eap::method_tls::process_request_packet(
} else
m_sc_queue.insert(m_sc_queue.end(), m_packet_req.m_data.begin(), m_packet_req.m_data.end());
m_phase_prev = m_phase;
switch (m_phase) {
case phase_handshake_init:
case phase_handshake_cont:
@@ -741,7 +745,8 @@ void eap::method_tls::get_result(
#endif
// Mark credentials as failed, so GUI can re-prompt user.
cfg_method->m_auth_failed = true;
// But be careful: do so only if this happened after transition from handshake to application data phase.
cfg_method->m_auth_failed = m_phase_prev < phase_application_data && m_phase >= phase_application_data;
// Do not report failure to EAPHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt.
// EAPHost is well aware of the failed condition.