From acc9b29486dfd649dfda474e5c1a03b317449f1c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 1 Mar 2010 04:36:54 +1100 Subject: - (djm) [auth.c] On Cygwin, refuse usernames that have differences in case from that matched in the system password database. On this platform, passwords are stored case-insensitively, but sshd requires exact case matching for Match blocks in sshd_config(5). Based on a patch from vinschen AT redhat.com. --- ChangeLog | 7 +++++++ auth.c | 13 +++++++++++++ 2 files changed, 20 insertions(+) diff --git a/ChangeLog b/ChangeLog index 760fff73..06f51986 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20100228 + - (djm) [auth.c] On Cygwin, refuse usernames that have differences in + case from that matched in the system password database. On this + platform, passwords are stored case-insensitively, but sshd requires + exact case matching for Match blocks in sshd_config(5). Based on + a patch from vinschen AT redhat.com. + 20100227 - (djm) [ssh-pkcs11-helper.c ] Ensure RNG is initialised and seeded - (djm) [openbsd-compat/bsd-cygwin_util.c] Reduce the set of environment diff --git a/auth.c b/auth.c index 3005f815..ab9c69fb 100644 --- a/auth.c +++ b/auth.c @@ -535,6 +535,19 @@ getpwnamallow(const char *user) get_canonical_hostname(options.use_dns), get_remote_ipaddr()); pw = getpwnam(user); +#ifdef HAVE_CYGWIN + /* + * Windows usernames are case-insensitive. To avoid later problems + * when trying to match the username, the user is only allowed to + * login if the username is given in the same case as stored in the + * user database. + */ + if (pw != NULL && strcmp(user, pw->pw_name) != 0) { + logit("Login name %.100s does not match stored username %.100s", + user, pw->pw_name); + pw = NULL; + } +#endif if (pw == NULL) { logit("Invalid user %.100s from %.100s", user, get_remote_ipaddr()); -- cgit v1.2.3