diff options
author | trasz <trasz@FreeBSD.org> | 2013-12-13 15:23:07 +0000 |
---|---|---|
committer | trasz <trasz@FreeBSD.org> | 2013-12-13 15:23:07 +0000 |
commit | 77844c8786da077ce333d27f0bc596d05bb8dc2e (patch) | |
tree | 49629f9940d65d30962991a4a9d852146640bedc /usr.sbin | |
parent | 61fa4c178c3fa3c86e76ef54f8ead432f9a970c3 (diff) | |
download | FreeBSD-src-77844c8786da077ce333d27f0bc596d05bb8dc2e.zip FreeBSD-src-77844c8786da077ce333d27f0bc596d05bb8dc2e.tar.gz |
MFC r259182:
Fix handling for empty auth-groups. Without it, ctld child process
would either exit on assertion, or, if assertions are not enabled,
fail to authenticate the target.
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/ctld/login.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/usr.sbin/ctld/login.c b/usr.sbin/ctld/login.c index 042cf2a..b528fc0 100644 --- a/usr.sbin/ctld/login.c +++ b/usr.sbin/ctld/login.c @@ -1007,6 +1007,14 @@ login(struct connection *conn) return; } + if (ag->ag_type == AG_TYPE_UNKNOWN) { + /* + * This can happen with empty auth-group. + */ + login_send_error(request, 0x02, 0x01); + log_errx(1, "auth-group type not set, denying access"); + } + log_debugx("CHAP authentication required"); auth_method = keys_find(request_keys, "AuthMethod"); |