From: David Sommerseth <davids@redhat.com>
Date: Wed, 11 Nov 2015 13:01:39 +0000 (+0100)
Subject: Avoid partial authentication state when using --disabled in CCD configs
X-Git-Tag: v2.4_alpha1~189
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c2d790ad8f10029e95aecb0d39377ef06ea8b2a;p=thirdparty%2Fopenvpn.git

Avoid partial authentication state when using --disabled in CCD configs

If an openvpn server is configured with --client-config-dir and a client
configuration file contains 'disabled', it is supposed to tell the client
it is not authorized to use the service.

This patch will ensure that the internal state in this scenario is a
complete CAS_FAILED state, and not CAS_PARTIAL if other authorization
steps passed.

Trac: #521
Tested-by: Eric Crist <ecrist@secure-computing.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1447246899-22769-1-git-send-email-openvpn@sf.lists.topphemmelig.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10486
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index e153be737..a2ab16ecb 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -1860,6 +1860,7 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi
 	{
 	  msg (D_MULTI_ERRORS, "MULTI: client has been rejected due to 'disable' directive");
 	  cc_succeeded = false;
+	  cc_succeeded_count = 0;
 	}
 
       if (cc_succeeded)