From cc48b0808a303a1de030b8dc52c97171569bff63 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 16 Nov 2015 17:22:12 +0100
Subject: [PATCH] A failure to apply iroutes is propagated and login is denied

---
 src/main-misc.c | 12 +++++++++---
 src/route-add.c |  8 ++++----
 src/route-add.h |  2 +-
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/main-misc.c b/src/main-misc.c
index c66ccb74..3ffc474a 100644
--- a/src/main-misc.c
+++ b/src/main-misc.c
@@ -101,8 +101,6 @@ int handle_script_exit(main_server_st *s, struct proc_st *proc, int code)
 	int ret;
 
 	if (code == 0) {
-		proc->status = PS_AUTH_COMPLETED;
-
 		ret = send_cookie_auth_reply(s, proc, AUTH__REP__OK);
 		if (ret < 0) {
 			mslog(s, proc, LOG_ERR,
@@ -111,7 +109,15 @@ int handle_script_exit(main_server_st *s, struct proc_st *proc, int code)
 			goto fail;
 		}
 
-		apply_iroutes(s, proc);
+		ret = apply_iroutes(s, proc);
+		if (ret < 0) {
+			mslog(s, proc, LOG_ERR,
+			      "could not apply routes for user; denying access.");
+			ret = ERR_BAD_COMMAND;
+			goto fail;
+		}
+
+		proc->status = PS_AUTH_COMPLETED;
 	} else {
 		mslog(s, proc, LOG_INFO,
 		      "failed authentication attempt for user '%s'",
diff --git a/src/route-add.c b/src/route-add.c
index 7d6eb9ed..564c5e3c 100644
--- a/src/route-add.c
+++ b/src/route-add.c
@@ -123,13 +123,13 @@ int route_del(struct main_server_st* s, proc_st *proc, const char* route, const
 /* Executes the commands required to apply all the configured routes 
  * for this client locally.
  */
-void apply_iroutes(struct main_server_st* s, struct proc_st *proc)
+int apply_iroutes(struct main_server_st* s, struct proc_st *proc)
 {
 unsigned i, j;
 int ret;
 
 	if (proc->config.iroutes_size == 0)
-		return;
+		return 0;
 
 	for (i=0;i<proc->config.iroutes_size;i++) {
 		ret = route_add(s, proc, proc->config.iroutes[i], proc->tun_lease.name);
@@ -138,12 +138,12 @@ int ret;
 	}
 	proc->applied_iroutes = 1;
 	
-	return;
+	return 0;
 fail:
 	for (j=0;j<i;j++)
 		route_del(s, proc, proc->config.iroutes[j], proc->tun_lease.name);
 	
-	return;
+	return -1;
 }
 
 /* Executes the commands required to removed all the configured routes 
diff --git a/src/route-add.h b/src/route-add.h
index 75ab022b..036367d1 100644
--- a/src/route-add.h
+++ b/src/route-add.h
@@ -24,7 +24,7 @@
 #include <vpn.h>
 #include <main.h>
 
-void apply_iroutes(struct main_server_st* s, struct proc_st *proc);
+int apply_iroutes(struct main_server_st* s, struct proc_st *proc);
 void remove_iroutes(struct main_server_st* s, struct proc_st *proc);
 
 #endif