In case of previously-failed authentication attempts we are more careful now not to request credential prompt for machine authentication

This commit is contained in:
Simon Rozman 2016-08-29 09:25:38 +02:00
parent 1d46db348a
commit ceece01b99

View File

@ -132,18 +132,20 @@ void eap::peer_ttls::get_identity(
// If we got here, we have all credentials we need. But, wait! // If we got here, we have all credentials we need. But, wait!
if (cfg_method->m_auth_failed) { if ((dwFlags & EAP_FLAG_MACHINE_AUTH) == 0) {
// Outer TLS: Credentials failed on last connection attempt. if (cfg_method->m_auth_failed) {
log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank); // Outer: Credentials failed on last connection attempt.
*pfInvokeUI = TRUE; log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank);
return; *pfInvokeUI = TRUE;
} return;
}
if (cfg_method->m_inner->m_auth_failed) { if (cfg_method->m_inner->m_auth_failed) {
// Inner: Credentials failed on last connection attempt. // Inner: Credentials failed on last connection attempt.
log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data::blank); log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data::blank);
*pfInvokeUI = TRUE; *pfInvokeUI = TRUE;
return; return;
}
} }
// Build our identity. ;) // Build our identity. ;)