case sensitivity, "Match User" and "AllowUsers"
Corinna Vinschen
vinschen at redhat.com
Mon Mar 1 04:40:53 EST 2010
On Mar 1 04:33, Damien Miller wrote:
> On Sun, 28 Feb 2010, Corinna Vinschen wrote:
>
> > Yes, that's better. There are just a few glitches. The test for
> > pw == NULL should come first and the #if should be an #ifdef. And
> > I think it wouldn't hurt to have a comment which explains why this is
> > done. What about this?
>
> I prefer this - the test needs to be before the (pw == NULL) test
> so the usual processing for invalid users fires - I don't want
> to change the flow of the authentication code more than strictly
> necessary.
>
> Index: auth.c
> ===================================================================
> RCS file: /var/cvs/openssh/auth.c,v
> retrieving revision 1.136
> diff -u -r1.136 auth.c
> --- auth.c 11 Feb 2010 22:25:29 -0000 1.136
> +++ auth.c 28 Feb 2010 17:30:15 -0000
> @@ -535,6 +535,19 @@
> get_canonical_hostname(options.use_dns), get_remote_ipaddr());
>
> pw = getpwnam(user);
> +#ifdef HAVE_CYGWIN
> + /*
> + * Windows usernames are case-insensitive. To avoid later problems
> + * when trying to match the username, the user is only allowed to
> + * login if the username is given in the same case as stored in the
> + * user database.
> + */
> + if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
> + logit("Login name %.100s does not match stored username %.100s",
> + user, pw->pw_name);
> + pw = NULL;
> + }
> +#endif
> if (pw == NULL) {
> logit("Invalid user %.100s from %.100s",
> user, get_remote_ipaddr());
That's fine, thank you!
Corinna
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
More information about the openssh-unix-dev
mailing list