1 files changed, 12 insertions, 10 deletions

diff --git a/database/sqlite/edb-sqlite.c b/database/sqlite/edb-sqlite.c
index 8e3f25c..607911a 100644
--- a/database/sqlite/edb-sqlite.c
+++ b/database/sqlite/edb-sqlite.c
@@ -286,10 +286,11 @@ eDBauthMethodResult * eDBauth_GetAuthMethod(eurephiaCTX *ctx,
 
         dbr = sqlite_query(ctx,
                            "SELECT uicid, authplugin, authusername, activated, deactivated, "
-                           "       bl1.blid, bl2.blid"
+                           "       bl1.blid, bl2.blid, plgenabled"
                            "  FROM openvpn_usercerts uc"
                            "  JOIN openvpn_users ou USING (uid)"
-                           "  LEFT JOIN openvpn_blacklist bl1 ON( ou.username = bl1.username) "
+                           "  LEFT JOIN eurephia_plugins ep ON (uc.authplugin == ep.plgid)"
+                           "  LEFT JOIN openvpn_blacklist bl1 ON(ou.username = bl1.username) "
                            "  LEFT JOIN (SELECT blid, certid "
                            "               FROM openvpn_certificates "
                            "               JOIN openvpn_blacklist USING(digest)) bl2 "
@@ -320,6 +321,7 @@ eDBauthMethodResult * eDBauth_GetAuthMethod(eurephiaCTX *ctx,
         if (sqlite_get_numtuples(dbr) == 1) {
                 char *auplgid = sqlite_get_value(dbr, 0, 1);
                 char *auuname = sqlite_get_value(dbr, 0, 2);
+                char *auplgenab = sqlite_get_value(dbr, 0, 7);
 
                 if( sqlite_get_value(dbr, 0, 5) != NULL ) {
                         eurephia_log(ctx, LOG_WARNING, 0, "User account is BLACKLISTED (%s)",
@@ -339,19 +341,19 @@ eDBauthMethodResult * eDBauth_GetAuthMethod(eurephiaCTX *ctx,
                         eurephia_log(ctx, LOG_WARNING, 0, "User account is deactivated (%s)",
                                      username);
                         ret->method = eAM_INACTIVE;
-                } else if (auplgid == NULL) {
-                        /* If no authentication plug-in is defined, use internal eurephia auth */
-                        ret->method = eAM_INTERNDB;
-                        ret->username = strdup_nullsafe(username);
-                        ret->authplugid = 0;
-                } else {
-                        /* If an authentication plug-in is defined.  Use a different auth name
-                         * if configured as well.
+                } else if ((auplgid != NULL) && (auplgenab != NULL) && (auplgenab[0] == 't')) {
+                        /* If an authentication plug-in is defined and enabled.  Use a
+                         * different auth name if configured as well.
                          */
                         ret->method = eAM_PLUGIN;
                         ret->username = strdup_nullsafe((auuname != NULL ? auuname : username));
                         ret->authplugid = atoi_nullsafe(auplgid);
                         ret->uicid = atoi_nullsafe(sqlite_get_value(dbr, 0, 0));
+                } else {
+                        /* If no authentication plug-in is defined, use internal eurephia auth */
+                        ret->method = eAM_INTERNDB;
+                        ret->username = strdup_nullsafe(username);
+                        ret->authplugid = 0;
                 }
         }