case sensitivity, "Match User" and "AllowUsers"
Damien Miller
djm at mindrot.org
Mon Mar 1 04:33:05 EST 2010
On Sun, 28 Feb 2010, Corinna Vinschen wrote:
> Yes, that's better. There are just a few glitches. The test for
> pw == NULL should come first and the #if should be an #ifdef. And
> I think it wouldn't hurt to have a comment which explains why this is
> done. What about this?
I prefer this - the test needs to be before the (pw == NULL) test
so the usual processing for invalid users fires - I don't want
to change the flow of the authentication code more than strictly
necessary.
Index: auth.c
===================================================================
RCS file: /var/cvs/openssh/auth.c,v
retrieving revision 1.136
diff -u -r1.136 auth.c
--- auth.c 11 Feb 2010 22:25:29 -0000 1.136
+++ auth.c 28 Feb 2010 17:30:15 -0000
@@ -535,6 +535,19 @@
get_canonical_hostname(options.use_dns), get_remote_ipaddr());
pw = getpwnam(user);
+#ifdef HAVE_CYGWIN
+ /*
+ * Windows usernames are case-insensitive. To avoid later problems
+ * when trying to match the username, the user is only allowed to
+ * login if the username is given in the same case as stored in the
+ * user database.
+ */
+ if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
+ logit("Login name %.100s does not match stored username %.100s",
+ user, pw->pw_name);
+ pw = NULL;
+ }
+#endif
if (pw == NULL) {
logit("Invalid user %.100s from %.100s",
user, get_remote_ipaddr());
More information about the openssh-unix-dev
mailing list