diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-03-25 22:34:52 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-03-26 10:20:41 +1100 |
commit | 4f0019a9afdb4a94d83b75e82dbbbe0cbe826c56 (patch) | |
tree | 161463c07080f2d8b7637caf0cd79f961cec822e | |
parent | d6e5def308610f194c0ec3ef97a34a3e9630e190 (diff) |
upstream: Fix authentication failures when "AuthenticationMethods
any" in a Match block overrides a more restrictive global default.
Spotted by jmc@, ok markus@
OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
-rw-r--r-- | auth2.c | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.154 2019/01/19 21:41:18 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.155 2019/03/25 22:34:52 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -577,6 +577,14 @@ auth2_setup_methods_lists(Authctxt *authctxt) { u_int i; + /* First, normalise away the "any" pseudo-method */ + if (options.num_auth_methods == 1 && + strcmp(options.auth_methods[0], "any") == 0) { + free(options.auth_methods[0]); + options.auth_methods[0] = NULL; + options.num_auth_methods = 0; + } + if (options.num_auth_methods == 0) return 0; debug3("%s: checking methods", __func__); |