Fix handling for empty auth-groups. Without it, ctld child process

would either exit on assertion, or, if assertions are not enabled, fail to authenticate the target. MFC after: 2 days Sponsored by: The FreeBSD Foundation
svn path=/head/; revision=259182
2013-12-10 17:27:11 +00:00 · 2013-12-10 17:27:11 +00:00 · b30f0d901a · 2020-12-20 02:59:44 +00:00
commit b30f0d901a
parent ca5b58f5b1
1 changed files with 8 additions and 0 deletions
--- a/usr.sbin/ctld/login.c
+++ b/usr.sbin/ctld/login.c
@ -1007,6 +1007,14 @@ login(struct connection *conn)
 		return;
 	}

+	if (ag->ag_type == AG_TYPE_UNKNOWN) {
+		/*
+		 * This can happen with empty auth-group.
+		 */
+		login_send_error(request, 0x02, 0x01);
+		log_errx(1, "auth-group type not set, denying access");
+	}
+
 	log_debugx("CHAP authentication required");

 	auth_method = keys_find(request_keys, "AuthMethod");