case sensitivity, "Match User" and "AllowUsers"

Corinna Vinschen vinschen at redhat.com
Fri Feb 19 02:59:21 EST 2010 

On Feb  5 18:38, Hu, Eric wrote:
> >From the below code (lines 191-203 of auth.c in allowed_user, called from getpwnamallow), the logic for "AllowUsers" calls match_user with the passwd struct's name (line 194).  This should fail if the wrong case combination is given, should it not?
> 
> 	/* Return false if AllowUsers isn't empty and user isn't listed there */
> 	if (options.num_allow_users > 0) {
> 		for (i = 0; i < options.num_allow_users; i++)
> 			if (match_user(pw->pw_name, hostname, ipaddr,
> 			    options.allow_users[i]))
> 				break;
> 		/* i < options.num_allow_users iff we break for loop */
> 		if (i >= options.num_allow_users) {
> 			logit("User %.100s from %.100s not allowed because "
> 			    "not listed in AllowUsers", pw->pw_name, hostname);
> 			return 0;
> 		}
> 	}
> 
> The only thing consistent with what I originally saw and the above is if getpwnam (where pw in the above code comes from) returns the all-lowercase version of the name in the passwd struct.  I think the problem might be in auth2.c.  Lines 234-236 are shown below.
> 
> 		/* setup auth context */
> 		authctxt->pw = PRIVSEP(getpwnamallow(user));
> 		authctxt->user = xstrdup(user);
> 
> >From this, it is possible for authctxt->user to hold a different string than authctxt->pw->pw_name.  Perhaps the patch is simply changing line 236 to the following?
> 
> 		authctxt->user = xstrdup(authctxt->pw->pw_name);

This sounds like a good idea.  Alternatively:

Index: auth2.c
===================================================================
RCS file: /cvs/openssh/auth2.c,v
retrieving revision 1.151
diff -u -p -r1.151 auth2.c
--- auth2.c	22 Jun 2009 06:11:07 -0000	1.151
+++ auth2.c	18 Feb 2010 15:58:02 -0000
@@ -234,7 +234,8 @@ input_userauth_request(int type, u_int32
 		/* setup auth context */
 		authctxt->pw = PRIVSEP(getpwnamallow(user));
 		authctxt->user = xstrdup(user);
-		if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
+		if (authctxt->pw && strcmp(service, "ssh-connection")==0
+		    && !strcmp (user, authctxt->pw->pw_name)) {
 			authctxt->valid = 1;
 			debug2("input_userauth_request: setting up authctxt for %s", user);
 		} else {

This would disallow any login using the username in a case which
differs from the case used in /etc/passwd.  And it wouldn't hurt
any casesensitive system either.

Damien, would that be ok?


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat

More information about the openssh-unix-dev mailing list