case sensitivity, "Match User" and "AllowUsers"

Corinna Vinschen vinschen at redhat.com
Fri Feb 19 21:03:00 EST 2010 

On Feb 19 02:41, Ben Lindstrom wrote:
> On Feb 18, 2010, at 2:51 PM, Corinna Vinschen wrote:
> > On Feb 18 12:30, Ben Lindstrom wrote:
> >> Think about this for a moment.. if I do  
> >> 
> >> pw = getpwnam("MoUrInG");
> >> 
> >> and I get back
> >> 
> >> pw->pw_name = "mouring"
> >> 
> >> Whose fault is it?  OpenSSH or the OS that it is running on? 
> > 
> > It's not Cygwin's fault.  
> 
> So you are saying that cygwin's getpw*() functions are written by
> Microsoft thus are closed source and not implemented via glibc?  If

They are implemented as open source but not via glibc.

> that is the case then you may have an argument.   If you are using
> getpw*() from glibc or an other cygwin maintained libraries then
> you've lost the argument since it is then cygwin's issue.
> 
> > Usernames on Windows *are* caseinsensitive.
> > The password entry contains the name in one format, but you can write
> > in in every case.  That's a property of the underlying system.
> 
> You do your community a disservice by propagating this misfeature.

I don't think so.  A system using caseinsensitive usernames is as valid
as a system using casesensitive usernames.  You might not like it, but
opinion doesn't change the fact.  Cygwin has no choice in the matter if
it wants to work smoothly on Windows.

Our passwd entries are usually generated from the Windows SAM or AD,
whatever is used in the environment.  Admins often use case in usernames
like, say, "Corinna", with uppercase c when entering the user in the
database.  Sometimes, in bigger companies, it's even an automatic
process generating usernames from the real user name.  That does not
mean the user can't login using any other case, like simple lowercase,
"corinna".  It's the same username using the same password, and both
meaning the same user SID (Windows equivalent to uid/gid).

Ok, so the username "foo", "Foo", and "FOO", all mean the same user on
Windows.  Why exactly then should it be wrong, if Cygwin returns the
same passwd entry with the same uid for the user?  After all, it *is*
the same user.  *Not* returning the passwd entry and claiming the user
doesn't exist would be wrong.

Last but not least, POSIX-1.2008 only says this:

  The getpwnam() function shall search the user database for an entry
  with a matching name.

Note the lack of a requirement that "matching" means "strcmp".


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat

More information about the openssh-unix-dev mailing list