upstream: Fix authentication failures when "AuthenticationMethods

any" in a Match block overrides a more restrictive global default.

Spotted by jmc@, ok markus@

OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
This commit is contained in:
djm@openbsd.org 2019-03-25 22:34:52 +00:00 committed by Damien Miller
parent d6e5def308
commit 4f0019a9af
1 changed files with 9 additions and 1 deletions

10
auth2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2.c,v 1.154 2019/01/19 21:41:18 djm Exp $ */
/* $OpenBSD: auth2.c,v 1.155 2019/03/25 22:34:52 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -577,6 +577,14 @@ auth2_setup_methods_lists(Authctxt *authctxt)
{
u_int i;
/* First, normalise away the "any" pseudo-method */
if (options.num_auth_methods == 1 &&
strcmp(options.auth_methods[0], "any") == 0) {
free(options.auth_methods[0]);
options.auth_methods[0] = NULL;
options.num_auth_methods = 0;
}
if (options.num_auth_methods == 0)
return 0;
debug3("%s: checking methods", __func__);