From: David Sommerseth <dav...@redhat.com>
If an openvpn server is configured with --client-config-dir and a client
configuration file contains 'disabled', it is supposed to tell the client
it is not authorized to use the service.
This patch will ensure that the internal state in this scenario is a
complete CAS_FAILED state, and not CAS_PARTIAL if other authorization
steps passed.
Trac: #521
Tested-by: Eric Crist <ecr...@secure-computing.net>
Signed-off-by: David Sommerseth <dav...@redhat.com>
---
src/openvpn/multi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 7c3aaac..e999450 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -1858,6 +1858,7 @@ multi_connection_established (struct multi_context *m,
struct multi_instance *mi
{
msg (D_MULTI_ERRORS, "MULTI: client has been rejected due to
'disable' directive");
cc_succeeded = false;
+ cc_succeeded_count = 0;
}
if (cc_succeeded)
--
1.8.3.1
