- (djm) [auth.c] On Cygwin, refuse usernames that have differences in

   case from that matched in the system password database. On this
   platform, passwords are stored case-insensitively, but sshd requires
   exact case matching for Match blocks in sshd_config(5). Based on
   a patch from vinschen AT redhat.com.

2 files changed, 20 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 760fff73..06f51986 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20100228
+ - (djm) [auth.c] On Cygwin, refuse usernames that have differences in
+   case from that matched in the system password database. On this
+   platform, passwords are stored case-insensitively, but sshd requires
+   exact case matching for Match blocks in sshd_config(5). Based on
+   a patch from vinschen AT redhat.com.
+
 20100227
  - (djm) [ssh-pkcs11-helper.c ] Ensure RNG is initialised and seeded
  - (djm) [openbsd-compat/bsd-cygwin_util.c] Reduce the set of environment
diff --git a/auth.c b/auth.c
index 3005f815..ab9c69fb 100644
--- a/auth.c
+++ b/auth.c
@@ -535,6 +535,19 @@ getpwnamallow(const char *user)
 	    get_canonical_hostname(options.use_dns), get_remote_ipaddr());
 
 	pw = getpwnam(user);
+#ifdef HAVE_CYGWIN
+	/*
+	 * Windows usernames are case-insensitive.  To avoid later problems
+	 * when trying to match the username, the user is only allowed to
+	 * login if the username is given in the same case as stored in the
+	 * user database.
+	 */
+	if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
+		logit("Login name %.100s does not match stored username %.100s",
+		    user, pw->pw_name);
+		pw = NULL;
+	}
+#endif
 	if (pw == NULL) {
 		logit("Invalid user %.100s from %.100s",
 		    user, get_remote_ipaddr());