From a7eb7b2e6ef8f430c99fad5786055d2b9d2ab823 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 1 Jul 2013 12:23:01 +0200
Subject: [PATCH] disallow mixing multiple username/password authentication
 methods

---
 src/config.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/config.c b/src/config.c
index 38f01c5c..1ec8d70b 100644
--- a/src/config.c
+++ b/src/config.c
@@ -121,7 +121,12 @@ unsigned j;
 	READ_MULTI_LINE("auth", auth, auth_size, 1);
 	for (j=0;j<auth_size;j++) {
 		if (strcasecmp(auth[j], "pam") == 0) {
+			if (config->auth_types & AUTH_TYPE_USERNAME_PASS != 0) {
+				fprintf(stderr, "You cannot mix multiple username/password authentication methods\n");
+				exit(1);
+			}
 #ifdef HAVE_PAM
+			config->auth_types |= AUTH_TYPE_USERNAME_PASS;
 			config->auth_types |= AUTH_TYPE_PAM;
 #else
 			fprintf(stderr, "PAM support is disabled\n");
@@ -129,6 +134,12 @@ unsigned j;
 #endif
 		} else if (strncasecmp(auth[j], "plain[", 6) == 0) {
 			char* p;
+
+			if (config->auth_types & AUTH_TYPE_USERNAME_PASS != 0) {
+				fprintf(stderr, "You cannot mix multiple username/password authentication methods\n");
+				exit(1);
+			}
+
 			config->plain_passwd = strdup(auth[j]+6);
 			p = strchr(config->plain_passwd, ']');
 			if (p == NULL) {
@@ -136,6 +147,7 @@ unsigned j;
 				exit(1);
 			}
 			*p = 0;
+			config->auth_types |= AUTH_TYPE_USERNAME_PASS;
 			config->auth_types |= AUTH_TYPE_PLAIN;
 		} else if (strcasecmp(auth[j], "certificate") == 0) {
 			config->auth_types |= AUTH_TYPE_CERTIFICATE;