case sensitivity, "Match User" and "AllowUsers"

Hu, Eric eric.hu at harman.com
Sat Feb 6 11:38:25 EST 2010 

>From the below code (lines 191-203 of auth.c in allowed_user, called from getpwnamallow), the logic for "AllowUsers" calls match_user with the passwd struct's name (line 194).  This should fail if the wrong case combination is given, should it not?

	/* Return false if AllowUsers isn't empty and user isn't listed there */
	if (options.num_allow_users > 0) {
		for (i = 0; i < options.num_allow_users; i++)
			if (match_user(pw->pw_name, hostname, ipaddr,
			    options.allow_users[i]))
				break;
		/* i < options.num_allow_users iff we break for loop */
		if (i >= options.num_allow_users) {
			logit("User %.100s from %.100s not allowed because "
			    "not listed in AllowUsers", pw->pw_name, hostname);
			return 0;
		}
	}

The only thing consistent with what I originally saw and the above is if getpwnam (where pw in the above code comes from) returns the all-lowercase version of the name in the passwd struct.  I think the problem might be in auth2.c.  Lines 234-236 are shown below.

		/* setup auth context */
		authctxt->pw = PRIVSEP(getpwnamallow(user));
		authctxt->user = xstrdup(user);

>From this, it is possible for authctxt->user to hold a different string than authctxt->pw->pw_name.  Perhaps the patch is simply changing line 236 to the following?

		authctxt->user = xstrdup(authctxt->pw->pw_name);

I'm not familiar enough with the code to track down what happens to the lines under "Match User" in the configuration file.

-----Original Message-----
From: openssh-unix-dev-bounces+eric.hu=harman.com at mindrot.org [mailto:openssh-unix-dev-bounces+eric.hu=harman.com at mindrot.org] On Behalf Of Corinna Vinschen
Sent: Tuesday, February 02, 2010 3:39 AM
To: openssh-unix-dev at mindrot.org
Subject: Re: case sensitivity, "Match User" and "AllowUsers"

On Feb  2 11:53, Corinna Vinschen wrote:
> On Feb  2 11:25, Damien Miller wrote:
> > [+Corinna Vinschen]
> 
> Thanks, but not necessary, I'm subscribed to this list anyway.
> 
> > It looks like Windows is matching users case-insensitively. OpenSSH
> > always performs case-sensitive matching (following Unix). If this is
> > the case, then perhaps we should tolower() all usernames on Windows?
> 
> That might be a good idea.  I was surprised to read what Eric wrote, but
> it turned out that this is just a result of how getpwnam is implemented
> in Cygwin.  Given Windows' underlying case-insensitivity in terms of
> user and group names, the getpwnam function checks the user name using
> strcasecmp.  The returned struct passwd contain the name in the original
> case, though, and that in turn is used in match_user() to check the user
> name.
> 
> The most simple patch would be
> 
> Index: match.c
> ===================================================================
> RCS file: /cvs/openssh/match.c,v
> retrieving revision 1.26
> diff -u -p -r1.26 match.c
> --- match.c	10 Jun 2008 23:34:46 -0000	1.26
> +++ match.c	2 Feb 2010 10:40:26 -0000
> @@ -98,7 +98,7 @@ match_pattern(const char *s, const char 
>  			return 0;
>  
>  		/* Check if the next character of the string is acceptable. */
> -		if (*pattern != '?' && *pattern != *s)
> +		if (*pattern != '?' && tolower (*pattern) != tolower (*s))
>  			return 0;
>  
>  		/* Move to the next character, both in string and in pattern. */
> 
> Wouldn't that be acceptable for Unix as well, given that the username is
> supposed not to contain capital letters anyway?  This function is also
> used to compare hostnames, and hostnames are usually case-insensitive as
> well, so this would be the right thing to do to allow arbitrary host
> strings.  Is there any advantage to do the pattern matching case-sensitive?
> 
> Alternatively, wouldn't it make sense to add a parameter to
> match_pattern and match_pattern_list to control case-sensitivity when
> calling these functions?

Of course, using tolower has an obvious disadvantage.  It doesn't work
for multibyte codesets, like UTF-8.  Usernames are stored in UTF-16 in
Windows and consequentially they can contain any character from the
entire Unicode range.  So, after all, it might be more feasible to
convert the string and the pattern to wide char, call towlower on the
string, and convert back to multibyte, before calling match_pattern.


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

More information about the openssh-unix-dev mailing list