- (djm) [auth.c] On Cygwin, refuse usernames that have differences in

case from that matched in the system password database. On this platform, passwords are stored case-insensitively, but sshd requires exact case matching for Match blocks in sshd_config(5). Based on a patch from vinschen AT redhat.com.
author: Damien Miller <djm@mindrot.org> 2010-03-01 04:36:54 +1100
committer: Damien Miller <djm@mindrot.org> 2010-03-01 04:36:54 +1100
commit: acc9b29486dfd649dfda474e5c1a03b317449f1c (patch)
tree: 9bca707dfff60fb0fc1e2a4ba0e81f2910957407 /auth.c
parent: d05951fceee3fe19fc0bea29006a6409419b609f (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/auth.c b/auth.c
index 3005f815e..ab9c69fb8 100644
--- a/auth.c
+++ b/auth.c
@@ -535,6 +535,19 @@ getpwnamallow(const char *user)
            get_canonical_hostname(options.use_dns), get_remote_ipaddr());
        pw = getpwnam(user);
+#ifdef HAVE_CYGWIN
+        /*
+         * Windows usernames are case-insensitive.  To avoid later problems
+         * when trying to match the username, the user is only allowed to
+         * login if the username is given in the same case as stored in the
+         * user database.
+         */
+        if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
+                logit("Login name %.100s does not match stored username %.100s",
+                    user, pw->pw_name);
+                pw = NULL;
+        }
+#endif
        if (pw == NULL) {
                logit("Invalid user %.100s from %.100s",
                    user, get_remote_ipaddr());
author	Damien Miller <djm@mindrot.org>	2010-03-01 04:36:54 +1100
committer	Damien Miller <djm@mindrot.org>	2010-03-01 04:36:54 +1100
commit	acc9b29486dfd649dfda474e5c1a03b317449f1c (patch)
tree	9bca707dfff60fb0fc1e2a4ba0e81f2910957407 /auth.c
parent	d05951fceee3fe19fc0bea29006a6409419b609f (diff)

diff --git a/auth.c b/auth.c index 3005f815e..ab9c69fb8 100644 --- a/auth.c +++ b/auth.c
@@ -535,6 +535,19 @@ getpwnamallow(const char *user)
535	get_canonical_hostname(options.use_dns), get_remote_ipaddr());	535	get_canonical_hostname(options.use_dns), get_remote_ipaddr());
536		536
537	pw = getpwnam(user);	537	pw = getpwnam(user);
		538	#ifdef HAVE_CYGWIN
		539	/*
		540	* Windows usernames are case-insensitive. To avoid later problems
		541	* when trying to match the username, the user is only allowed to
		542	* login if the username is given in the same case as stored in the
		543	* user database.
		544	*/
		545	if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
		546	logit("Login name %.100s does not match stored username %.100s",
		547	user, pw->pw_name);
		548	pw = NULL;
		549	}
		550	#endif
538	if (pw == NULL) {	551	if (pw == NULL) {
539	logit("Invalid user %.100s from %.100s",	552	logit("Invalid user %.100s from %.100s",
540	user, get_remote_ipaddr());	553	user, get_remote_ipaddr());