case sensitivity, "Match User" and "AllowUsers"

Ben Lindstrom mouring at
Fri Feb 19 05:30:35 EST 2010

On Feb 18, 2010, at 11:36 AM, Hu, Eric wrote:

> Based on what I've seen, this is an OpenSSH issue.  My original post explains why.  If the config file says "AllowUsers user," why should any user that is successfully logged in based on this not execute all statements associated with "Match User user?"  The user name used for one is not being used for the other.
> Just because we're only seeing it on Cygwin (at least thus far) doesn't mean it's a Cygwin issue.  If the problem is indeed use of mixed user names (as I've stated before, I personally don't know the code well enough to know for sure), I'd say it's an OpenSSH problem.  If there's some spec detailing exactly what getpwnam (and other various underlying calls OpenSSH is relying on) is supposed to do that Cygwin is violating, then maybe it's a Cygwin issue.  Even in this case though, it still looks to me like OpenSSH could be made more robust by not relying on such assumptions.

Think about this for a moment.. if I do  

pw = getpwnam("MoUrInG");

and I get back

pw->pw_name = "mouring"

Whose fault is it?  OpenSSH or the OS that it is running on? 

This is what this boils down to is getpwnam() on cygwin must not be returning pw->pw_name = (const char *login).  

This being stated..  Do we have any other examples of UNIX, UNIX-like, or UNIX-emulation setups that fail to honor this very simple case?

Sadly, the POSIX description seems to leave this as a gray area like a of POSIX stuff does.  However, it feels pretty clear what the correct behavior should be.

- Ben

More information about the openssh-unix-dev mailing list