@@ -818,26 +818,24 @@ plugin_call_ssl(const struct plugin_list *pl,
certdepth,
current_cert
);
- switch (status)
+ if (pr)
{
- case OPENVPN_PLUGIN_FUNC_SUCCESS:
- break;
-
- case OPENVPN_PLUGIN_FUNC_DEFERRED:
- deferred = true;
- break;
-
- default:
- error = true;
+ pr->n = i + 1;
+ }
+ if (status == OPENVPN_PLUGIN_FUNC_DEFERRED)
+ {
+ deferred = true;
+ }
+ else if (status != OPENVPN_PLUGIN_FUNC_SUCCESS)
+ {
+ error = true;
+ if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)
+ {
break;
+ }
}
}
- if (pr)
- {
- pr->n = i;
- }
-
gc_free(&gc);
if (error)
When evaluating authentication plugins, stop further evaluation once the first failure is detected. implementation notes: refactoring from a switch-case to an if-else block allows the break statement to break out of the outer for loop without additional control variables. Also, moving the pr->n setting to within the loop keeps the value correct if one does break out early. v2: add check for auth plugin before breaking loop Signed-off-by: Peter Nelson <petiepooo@gmail.com> --- src/openvpn/plugin.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-)