upstream: Fix authentication failures when "AuthenticationMethods

any" in a Match block overrides a more restrictive global default. Spotted by jmc@, ok markus@ OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
author: djm@openbsd.org <djm@openbsd.org> 2019-03-25 22:34:52 +0000
committer: Damien Miller <djm@mindrot.org> 2019-03-26 10:20:41 +1100
commit: 4f0019a9afdb4a94d83b75e82dbbbe0cbe826c56 (patch)
tree: 161463c07080f2d8b7637caf0cd79f961cec822e
parent: d6e5def308610f194c0ec3ef97a34a3e9630e190 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/auth2.c b/auth2.c
index e43350c3..16ae1a36 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.154 2019/01/19 21:41:18 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.155 2019/03/25 22:34:52 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -577,6 +577,14 @@ auth2_setup_methods_lists(Authctxt *authctxt)
 {
 	u_int i;
 
+	/* First, normalise away the "any" pseudo-method */
+	if (options.num_auth_methods == 1 &&
+	    strcmp(options.auth_methods[0], "any") == 0) {
+		free(options.auth_methods[0]);
+		options.auth_methods[0] = NULL;
+		options.num_auth_methods = 0;
+	}
+
 	if (options.num_auth_methods == 0)
 		return 0;
 	debug3("%s: checking methods", __func__);
author	djm@openbsd.org <djm@openbsd.org>	2019-03-25 22:34:52 +0000
committer	Damien Miller <djm@mindrot.org>	2019-03-26 10:20:41 +1100
commit	4f0019a9afdb4a94d83b75e82dbbbe0cbe826c56 (patch)
tree	161463c07080f2d8b7637caf0cd79f961cec822e
parent	d6e5def308610f194c0ec3ef97a34a3e9630e190 (diff)