- (djm) [auth.c] On Cygwin, refuse usernames that have differences in

case from that matched in the system password database. On this platform, passwords are stored case-insensitively, but sshd requires exact case matching for Match blocks in sshd_config(5). Based on a patch from vinschen AT redhat.com.
2010-03-01 04:36:54 +11:00 · 2010-03-01 04:36:54 +11:00 · acc9b29486
parent d05951fcee
commit acc9b29486
2 changed files with 20 additions and 0 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+20100228
+ - (djm) [auth.c] On Cygwin, refuse usernames that have differences in
+   case from that matched in the system password database. On this
+   platform, passwords are stored case-insensitively, but sshd requires
+   exact case matching for Match blocks in sshd_config(5). Based on
+   a patch from vinschen AT redhat.com.
+
 20100227
 - (djm) [ssh-pkcs11-helper.c ] Ensure RNG is initialised and seeded
 - (djm) [openbsd-compat/bsd-cygwin_util.c] Reduce the set of environment
--- a/auth.c
+++ b/auth.c
@ -535,6 +535,19 @@ getpwnamallow(const char *user)
 	    get_canonical_hostname(options.use_dns), get_remote_ipaddr());

 	pw = getpwnam(user);
+#ifdef HAVE_CYGWIN
+	/*
+	 * Windows usernames are case-insensitive.  To avoid later problems
+	 * when trying to match the username, the user is only allowed to
+	 * login if the username is given in the same case as stored in the
+	 * user database.
+	 */
+	if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
+		logit("Login name %.100s does not match stored username %.100s",
+		    user, pw->pw_name);
+		pw = NULL;
+	}
+#endif
 	if (pw == NULL) {
 		logit("Invalid user %.100s from %.100s",
 		    user, get_remote_ipaddr());