Avoid partial authentication state when using --disabled in CCD configs

If an openvpn server is configured with --client-config-dir and a client
configuration file contains 'disabled', it is supposed to tell the client
it is not authorized to use the service.

This patch will ensure that the internal state in this scenario is a
complete CAS_FAILED state, and not CAS_PARTIAL if other authorization
steps passed.

Trac: #521
Tested-by: Eric Crist <ecrist@secure-computing.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1447246899-22769-1-git-send-email-openvpn@sf.lists.topphemmelig.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10486
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index e153be737824f5439c6b9740c0d7b91f9b5af4c5..a2ab16ecbb7d5d55b7d200194482e03bcc2cc5b3 100644 (file)
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -1860,6 +1860,7 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi
        {
          msg (D_MULTI_ERRORS, "MULTI: client has been rejected due to 'disable' directive");
          cc_succeeded = false;
+         cc_succeeded_count = 0;
        }
 
       if (cc_succeeded)