From: David Sommerseth <davids@redhat.com>
Date: Wed, 11 Nov 2015 13:01:39 +0000 (+0100)
Subject: Avoid partial authentication state when using --disabled in CCD configs
X-Git-Tag: v2.3.9~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b0a6f808e20f1d6d6a0b60391f053bc8ab94772;p=thirdparty%2Fopenvpn.git

Avoid partial authentication state when using --disabled in CCD configs

If an openvpn server is configured with --client-config-dir and a client
configuration file contains 'disabled', it is supposed to tell the client
it is not authorized to use the service.

This patch will ensure that the internal state in this scenario is a
complete CAS_FAILED state, and not CAS_PARTIAL if other authorization
steps passed.

Trac: #521
Tested-by: Eric Crist <ecrist@secure-computing.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1447246899-22769-1-git-send-email-openvpn@sf.lists.topphemmelig.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10486
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 6c2d790ad8f10029e95aecb0d39377ef06ea8b2a)
---

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 374950ea0..4e5df1289 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -1780,6 +1780,7 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi
 	{
 	  msg (D_MULTI_ERRORS, "MULTI: client has been rejected due to 'disable' directive");
 	  cc_succeeded = false;
+	  cc_succeeded_count = 0;
 	}
 
       if (cc_succeeded)