From f6ee0fa9b043a832b114a3e0fa957631bbbec66a Mon Sep 17 00:00:00 2001
From: Mohammed Al Sahaf <msaa1990@gmail.com>
Date: Sun, 7 Nov 2021 12:05:50 +0300
Subject: [PATCH] consider result of `ServerConfigCallback` when setting
 NoClientAuth

only disable client auth when it's explicitly disabled or the auth callkbacks on both `*Server` and `ServerConfig` are nil
---
 server.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server.go b/server.go
index be4355e..0d254d7 100644
--- a/server.go
+++ b/server.go
@@ -126,9 +126,9 @@ func (srv *Server) config(ctx Context) *gossh.ServerConfig {
 	for _, signer := range srv.HostSigners {
 		config.AddHostKey(signer)
 	}
-	if srv.PasswordHandler == nil && srv.PublicKeyHandler == nil && srv.KeyboardInteractiveHandler == nil {
-		config.NoClientAuth = true
-	}
+	// set NoClientAuth to true if: (it is set to true) or ((all auth callbacks on the ServerConfig are nil) and (all auth callbacks on the *Server are nil))
+	// effectively, either it's set explicitly as true, or there's no auth config anywhere.
+	config.NoClientAuth = config.NoClientAuth || ((config.PasswordCallback == nil && config.PublicKeyCallback == nil && config.KeyboardInteractiveCallback == nil) && (srv.PasswordHandler == nil && srv.PublicKeyHandler == nil && srv.KeyboardInteractiveHandler == nil))
 	if srv.Version != "" {
 		config.ServerVersion = "SSH-2.0-" + srv.Version
 	}