upstream: Fix authentication failures when "AuthenticationMethods

any" in a Match block overrides a more restrictive global default. Spotted by jmc@, ok markus@ OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
2019-03-25 22:34:52 +00:00 · 2019-03-25 22:34:52 +00:00 · 4f0019a9af
parent d6e5def308
commit 4f0019a9af
1 changed files with 9 additions and 1 deletions
--- a/auth2.c
+++ b/auth2.c
@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.154 2019/01/19 21:41:18 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.155 2019/03/25 22:34:52 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@ -577,6 +577,14 @@ auth2_setup_methods_lists(Authctxt *authctxt)
 {
 	u_int i;

+	/* First, normalise away the "any" pseudo-method */
+	if (options.num_auth_methods == 1 &&
+	    strcmp(options.auth_methods[0], "any") == 0) {
+		free(options.auth_methods[0]);
+		options.auth_methods[0] = NULL;
+		options.num_auth_methods = 0;
+	}
+
 	if (options.num_auth_methods == 0)
 		return 0;
 	debug3("%s: checking methods", __func__);