From 4f0019a9afdb4a94d83b75e82dbbbe0cbe826c56 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 25 Mar 2019 22:34:52 +0000
Subject: upstream: Fix authentication failures when "AuthenticationMethods

any" in a Match block overrides a more restrictive global default.

Spotted by jmc@, ok markus@

OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
---
 auth2.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/auth2.c b/auth2.c
index e43350c36..16ae1a363 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.154 2019/01/19 21:41:18 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.155 2019/03/25 22:34:52 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -577,6 +577,14 @@ auth2_setup_methods_lists(Authctxt *authctxt)
 {
 	u_int i;
 
+	/* First, normalise away the "any" pseudo-method */
+	if (options.num_auth_methods == 1 &&
+	    strcmp(options.auth_methods[0], "any") == 0) {
+		free(options.auth_methods[0]);
+		options.auth_methods[0] = NULL;
+		options.num_auth_methods = 0;
+	}
+
 	if (options.num_auth_methods == 0)
 		return 0;
 	debug3("%s: checking methods", __func__);
-- 
cgit v1.2.3