@@ -1564,6 +1564,17 @@ nc_server_ssh_auth(struct nc_session *session, struct nc_server_ssh_opts *opts,
15641564 }
15651565 }
15661566
1567+ if ((method != SSH_AUTH_METHOD_NONE ) && (method != SSH_AUTH_METHOD_PASSWORD ) &&
1568+ (method != SSH_AUTH_METHOD_PUBLICKEY ) && (method != SSH_AUTH_METHOD_INTERACTIVE )) {
1569+ ++ session -> opts .server .ssh_auth_attempts ;
1570+ VRB (session , "Authentication method \"%s\" not supported." , str_method );
1571+ ssh_message_reply_default (msg );
1572+ return 0 ;
1573+ }
1574+
1575+ /* CONFIG READ LOCK */
1576+ pthread_rwlock_rdlock (& server_opts .config_lock );
1577+
15671578 /* try authenticating, if local users are supported, then the configured user must authenticate via all of his
15681579 * configured auth methods, otherwise for system users just one is needed,
15691580 * 0 return indicates success, 1 fail (msg not yet replied to), -1 fail (msg was replied to) */
@@ -1573,15 +1584,14 @@ nc_server_ssh_auth(struct nc_session *session, struct nc_server_ssh_opts *opts,
15731584 ret = nc_server_ssh_auth_password (session , local_users_supported , auth_client , msg );
15741585 } else if (method == SSH_AUTH_METHOD_PUBLICKEY ) {
15751586 ret = nc_server_ssh_auth_pubkey (session , local_users_supported , auth_client , msg );
1576- } else if (method == SSH_AUTH_METHOD_INTERACTIVE ) {
1577- ret = nc_server_ssh_auth_kbdint (session , local_users_supported , auth_client , msg );
15781587 } else {
1579- ++ session -> opts .server .ssh_auth_attempts ;
1580- VRB (session , "Authentication method \"%s\" not supported." , str_method );
1581- ssh_message_reply_default (msg );
1582- return 0 ;
1588+ assert (method == SSH_AUTH_METHOD_INTERACTIVE );
1589+ ret = nc_server_ssh_auth_kbdint (session , local_users_supported , auth_client , msg );
15831590 }
15841591
1592+ /* CONFIG UNLOCK */
1593+ pthread_rwlock_unlock (& server_opts .config_lock );
1594+
15851595 if (!ret ) {
15861596 auth_state -> success_methods |= method ;
15871597 auth_state -> success_count ++ ;
0 commit comments