When evaluating authentication plugins, stop further evaluation
once the first failure is detected.
implementation notes: refactoring from a switch-case to an
if-else block allows the break statement to break out of the
outer for loop without additional control variables. Also,
moving the pr->n setting to within the loop keeps the value
correct if one does break out early.
v2: add check for auth plugin before breaking loop
Signed-off-by: Peter Nelson <petiep...@gmail.com>
---
src/openvpn/plugin.c | 28 +++++++++++++---------------
1 file changed, 13 insertions(+), 15 deletions(-)
diff --git a/src/openvpn/plugin.c b/src/openvpn/plugin.c
index d5704e07..02b17378 100644
--- a/src/openvpn/plugin.c
+++ b/src/openvpn/plugin.c
@@ -818,26 +818,24 @@ plugin_call_ssl(const struct plugin_list *pl,
certdepth,
current_cert
);
- switch (status)
+ if (pr)
{
- case OPENVPN_PLUGIN_FUNC_SUCCESS:
- break;
-
- case OPENVPN_PLUGIN_FUNC_DEFERRED:
- deferred = true;
- break;
-
- default:
- error = true;
+ pr->n = i + 1;
+ }
+ if (status == OPENVPN_PLUGIN_FUNC_DEFERRED)
+ {
+ deferred = true;
+ }
+ else if (status != OPENVPN_PLUGIN_FUNC_SUCCESS)
+ {
+ error = true;
+ if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
+ {
break;
+ }
}
}
- if (pr)
- {
- pr->n = i;
- }
-
gc_free(&gc);
if (error)
--
2.17.1
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
