In case of previously-failed authentication attempts we are more careful now not to request credential prompt for machine authentication

2016-08-29 09:25:38 +02:00 · 2016-08-29 09:25:38 +02:00 · ceece01b99
commit ceece01b99
parent 1d46db348a
1 changed files with 13 additions and 11 deletions
--- a/lib/TTLS/src/Module.cpp
+++ b/lib/TTLS/src/Module.cpp
@ -132,8 +132,9 @@ void eap::peer_ttls::get_identity(

    // If we got here, we have all credentials we need. But, wait!

+    if ((dwFlags & EAP_FLAG_MACHINE_AUTH) == 0) {
        if (cfg_method->m_auth_failed) {
-        // Outer TLS: Credentials failed on last connection attempt.
+            // Outer: Credentials failed on last connection attempt.
            log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank);
            *pfInvokeUI = TRUE;
            return;
@ -145,6 +146,7 @@ void eap::peer_ttls::get_identity(
            *pfInvokeUI = TRUE;
            return;
        }
+    }

    // Build our identity. ;)
    wstring identity(std::move(cfg_method->get_public_identity(cred_out)));