A failure to apply iroutes is propagated and login is denied

src/main-misc.c

@@ -101,8 +101,6 @@ int handle_script_exit(main_server_st *s, struct proc_st *proc, int code)
 	int ret;
 
 	if (code == 0) {
-		proc->status = PS_AUTH_COMPLETED;
-
 		ret = send_cookie_auth_reply(s, proc, AUTH__REP__OK);
 		if (ret < 0) {
 			mslog(s, proc, LOG_ERR,
@@ -111,7 +109,15 @@ int handle_script_exit(main_server_st *s, struct proc_st *proc, int code)
 			goto fail;
 		}
 
-		apply_iroutes(s, proc);
+		ret = apply_iroutes(s, proc);
+		if (ret < 0) {
+			mslog(s, proc, LOG_ERR,
+			      "could not apply routes for user; denying access.");
+			ret = ERR_BAD_COMMAND;
+			goto fail;
+		}
+
+		proc->status = PS_AUTH_COMPLETED;
 	} else {
 		mslog(s, proc, LOG_INFO,
 		      "failed authentication attempt for user '%s'",

src/route-add.c

@@ -123,13 +123,13 @@ int route_del(struct main_server_st* s, proc_st *proc, const char* route, const
 /* Executes the commands required to apply all the configured routes 
  * for this client locally.
  */
-void apply_iroutes(struct main_server_st* s, struct proc_st *proc)
+int apply_iroutes(struct main_server_st* s, struct proc_st *proc)
 {
 unsigned i, j;
 int ret;
 
 	if (proc->config.iroutes_size == 0)
-		return;
+		return 0;
 
 	for (i=0;i<proc->config.iroutes_size;i++) {
 		ret = route_add(s, proc, proc->config.iroutes[i], proc->tun_lease.name);
@@ -138,12 +138,12 @@ int ret;
 	}
 	proc->applied_iroutes = 1;
 	
-	return;
+	return 0;
 fail:
 	for (j=0;j<i;j++)
 		route_del(s, proc, proc->config.iroutes[j], proc->tun_lease.name);
 	
-	return;
+	return -1;
 }
 
 /* Executes the commands required to removed all the configured routes 

src/route-add.h

@@ -24,7 +24,7 @@
 #include <vpn.h>
 #include <main.h>
 
-void apply_iroutes(struct main_server_st* s, struct proc_st *proc);
+int apply_iroutes(struct main_server_st* s, struct proc_st *proc);
 void remove_iroutes(struct main_server_st* s, struct proc_st *proc);
 
 #endif