From d3d0d25da5c1ea686fecf2f541cd8c1454c788e8 Mon Sep 17 00:00:00 2001
From: trasz <trasz@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Fri, 13 Dec 2013 21:27:16 +0000
Subject: [PATCH] MFC r259182:

Fix handling for empty auth-groups.  Without it, ctld child process
would either exit on assertion, or, if assertions are not enabled,
fail to authenticate the target.

Approved by:	re (gjb)
Sponsored by:	The FreeBSD Foundation


git-svn-id: svn://svn.freebsd.org/base/releng/10.0@259333 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 usr.sbin/ctld/login.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/usr.sbin/ctld/login.c b/usr.sbin/ctld/login.c
index 042cf2ac..b528fc0f 100644
--- a/usr.sbin/ctld/login.c
+++ b/usr.sbin/ctld/login.c
@@ -1007,6 +1007,14 @@ login(struct connection *conn)
 		return;
 	}
 
+	if (ag->ag_type == AG_TYPE_UNKNOWN) {
+		/*
+		 * This can happen with empty auth-group.
+		 */
+		login_send_error(request, 0x02, 0x01);
+		log_errx(1, "auth-group type not set, denying access");
+	}
+
 	log_debugx("CHAP authentication required");
 
 	auth_method = keys_find(request_keys, "AuthMethod");
-- 
2.42.0