MFC r259182:

Fix handling for empty auth-groups. Without it, ctld child process would either exit on assertion, or, if assertions are not enabled, fail to authenticate the target. Sponsored by: The FreeBSD Foundation
2013-12-13 15:23:07 +00:00 · 2013-12-13 15:23:07 +00:00 · 77844c8786
commit 77844c8786
parent 61fa4c178c
1 changed files with 8 additions and 0 deletions
--- a/usr.sbin/ctld/login.c
+++ b/usr.sbin/ctld/login.c
@ -1007,6 +1007,14 @@ login(struct connection *conn)
 		return;
 	}

+	if (ag->ag_type == AG_TYPE_UNKNOWN) {
+		/*
+		 * This can happen with empty auth-group.
+		 */
+		login_send_error(request, 0x02, 0x01);
+		log_errx(1, "auth-group type not set, denying access");
+	}
+
 	log_debugx("CHAP authentication required");

 	auth_method = keys_find(request_keys, "AuthMethod");