Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"
This reverts commit acc9b29486
.
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
This commit is contained in:
parent
4c55b67483
commit
f02afa350a
13
auth.c
13
auth.c
|
@ -583,19 +583,6 @@ getpwnamallow(struct ssh *ssh, const char *user)
|
||||||
|
|
||||||
#if defined(_AIX) && defined(HAVE_SETAUTHDB)
|
#if defined(_AIX) && defined(HAVE_SETAUTHDB)
|
||||||
aix_restoreauthdb();
|
aix_restoreauthdb();
|
||||||
#endif
|
|
||||||
#ifdef HAVE_CYGWIN
|
|
||||||
/*
|
|
||||||
* Windows usernames are case-insensitive. To avoid later problems
|
|
||||||
* when trying to match the username, the user is only allowed to
|
|
||||||
* login if the username is given in the same case as stored in the
|
|
||||||
* user database.
|
|
||||||
*/
|
|
||||||
if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
|
|
||||||
logit("Login name %.100s does not match stored username %.100s",
|
|
||||||
user, pw->pw_name);
|
|
||||||
pw = NULL;
|
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
if (pw == NULL) {
|
if (pw == NULL) {
|
||||||
logit("Invalid user %.100s from %.100s port %d",
|
logit("Invalid user %.100s from %.100s port %d",
|
||||||
|
|
|
@ -103,7 +103,11 @@ ga_match_pattern_list(const char *group_pattern)
|
||||||
int i, found = 0;
|
int i, found = 0;
|
||||||
|
|
||||||
for (i = 0; i < ngroups; i++) {
|
for (i = 0; i < ngroups; i++) {
|
||||||
|
#ifndef HAVE_CYGWIN
|
||||||
switch (match_pattern_list(groups_byname[i], group_pattern, 0)) {
|
switch (match_pattern_list(groups_byname[i], group_pattern, 0)) {
|
||||||
|
#else
|
||||||
|
switch (match_pattern_list(groups_byname[i], group_pattern, 1)) {
|
||||||
|
#endif
|
||||||
case -1:
|
case -1:
|
||||||
return 0; /* Negated match wins */
|
return 0; /* Negated match wins */
|
||||||
case 0:
|
case 0:
|
||||||
|
|
4
match.c
4
match.c
|
@ -111,6 +111,8 @@ match_pattern(const char *s, const char *pattern)
|
||||||
/* NOTREACHED */
|
/* NOTREACHED */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef HAVE_CYGWIN /* Cygwin version in openbsd-compat/bsd-cygwin_util.c */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Tries to match the string against the
|
* Tries to match the string against the
|
||||||
* comma-separated sequence of subpatterns (each possibly preceded by ! to
|
* comma-separated sequence of subpatterns (each possibly preceded by ! to
|
||||||
|
@ -170,6 +172,8 @@ match_pattern_list(const char *string, const char *pattern, int dolower)
|
||||||
return got_positive;
|
return got_positive;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Tries to match the host name (which must be in all lowercase) against the
|
* Tries to match the host name (which must be in all lowercase) against the
|
||||||
* comma-separated sequence of subpatterns (each possibly preceded by ! to
|
* comma-separated sequence of subpatterns (each possibly preceded by ! to
|
||||||
|
|
|
@ -37,6 +37,8 @@
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
|
#include <wchar.h>
|
||||||
|
#include <wctype.h>
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
|
||||||
|
@ -117,4 +119,148 @@ free_windows_environment(char **p)
|
||||||
free(p);
|
free(p);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Returns true if the given string matches the pattern (which may contain ?
|
||||||
|
* and * as wildcards), and zero if it does not match.
|
||||||
|
*
|
||||||
|
* The Cygwin version of this function must be case-insensitive and take
|
||||||
|
* Unicode characters into account.
|
||||||
|
*/
|
||||||
|
|
||||||
|
static int
|
||||||
|
__match_pattern (const wchar_t *s, const wchar_t *pattern, int caseinsensitive)
|
||||||
|
{
|
||||||
|
for (;;) {
|
||||||
|
/* If at end of pattern, accept if also at end of string. */
|
||||||
|
if (!*pattern)
|
||||||
|
return !*s;
|
||||||
|
|
||||||
|
if (*pattern == '*') {
|
||||||
|
/* Skip the asterisk. */
|
||||||
|
pattern++;
|
||||||
|
|
||||||
|
/* If at end of pattern, accept immediately. */
|
||||||
|
if (!*pattern)
|
||||||
|
return 1;
|
||||||
|
|
||||||
|
/* If next character in pattern is known, optimize. */
|
||||||
|
if (*pattern != '?' && *pattern != '*') {
|
||||||
|
/*
|
||||||
|
* Look instances of the next character in
|
||||||
|
* pattern, and try to match starting from
|
||||||
|
* those.
|
||||||
|
*/
|
||||||
|
for (; *s; s++)
|
||||||
|
if (*s == *pattern &&
|
||||||
|
__match_pattern(s + 1, pattern + 1,
|
||||||
|
caseinsensitive))
|
||||||
|
return 1;
|
||||||
|
/* Failed. */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
* Move ahead one character at a time and try to
|
||||||
|
* match at each position.
|
||||||
|
*/
|
||||||
|
for (; *s; s++)
|
||||||
|
if (__match_pattern(s, pattern, caseinsensitive))
|
||||||
|
return 1;
|
||||||
|
/* Failed. */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
* There must be at least one more character in the string.
|
||||||
|
* If we are at the end, fail.
|
||||||
|
*/
|
||||||
|
if (!*s)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
/* Check if the next character of the string is acceptable. */
|
||||||
|
if (*pattern != '?' && (*pattern != *s &&
|
||||||
|
(!caseinsensitive || towlower(*pattern) != towlower(*s))))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
/* Move to the next character, both in string and in pattern. */
|
||||||
|
s++;
|
||||||
|
pattern++;
|
||||||
|
}
|
||||||
|
/* NOTREACHED */
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
_match_pattern(const char *s, const char *pattern, int caseinsensitive)
|
||||||
|
{
|
||||||
|
wchar_t *ws;
|
||||||
|
wchar_t *wpattern;
|
||||||
|
size_t len;
|
||||||
|
|
||||||
|
if ((len = mbstowcs(NULL, s, 0)) < 0)
|
||||||
|
return 0;
|
||||||
|
ws = (wchar_t *) alloca((len + 1) * sizeof (wchar_t));
|
||||||
|
mbstowcs(ws, s, len + 1);
|
||||||
|
if ((len = mbstowcs(NULL, pattern, 0)) < 0)
|
||||||
|
return 0;
|
||||||
|
wpattern = (wchar_t *) alloca((len + 1) * sizeof (wchar_t));
|
||||||
|
mbstowcs(wpattern, pattern, len + 1);
|
||||||
|
return __match_pattern (ws, wpattern, caseinsensitive);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Tries to match the string against the
|
||||||
|
* comma-separated sequence of subpatterns (each possibly preceded by ! to
|
||||||
|
* indicate negation). Returns -1 if negation matches, 1 if there is
|
||||||
|
* a positive match, 0 if there is no match at all.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
match_pattern_list(const char *string, const char *pattern, int caseinsensitive)
|
||||||
|
{
|
||||||
|
char sub[1024];
|
||||||
|
int negated;
|
||||||
|
int got_positive;
|
||||||
|
u_int i, subi, len = strlen(pattern);
|
||||||
|
|
||||||
|
got_positive = 0;
|
||||||
|
for (i = 0; i < len;) {
|
||||||
|
/* Check if the subpattern is negated. */
|
||||||
|
if (pattern[i] == '!') {
|
||||||
|
negated = 1;
|
||||||
|
i++;
|
||||||
|
} else
|
||||||
|
negated = 0;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Extract the subpattern up to a comma or end. Convert the
|
||||||
|
* subpattern to lowercase.
|
||||||
|
*/
|
||||||
|
for (subi = 0;
|
||||||
|
i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
|
||||||
|
subi++, i++)
|
||||||
|
sub[subi] = pattern[i];
|
||||||
|
/* If subpattern too long, return failure (no match). */
|
||||||
|
if (subi >= sizeof(sub) - 1)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
/* If the subpattern was terminated by a comma, then skip it. */
|
||||||
|
if (i < len && pattern[i] == ',')
|
||||||
|
i++;
|
||||||
|
|
||||||
|
/* Null-terminate the subpattern. */
|
||||||
|
sub[subi] = '\0';
|
||||||
|
|
||||||
|
/* Try to match the subpattern against the string. */
|
||||||
|
if (_match_pattern(string, sub, caseinsensitive)) {
|
||||||
|
if (negated)
|
||||||
|
return -1; /* Negative */
|
||||||
|
else
|
||||||
|
got_positive = 1; /* Positive */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Return success if got a positive match. If there was a negative
|
||||||
|
* match, we have already returned -1 and never get here.
|
||||||
|
*/
|
||||||
|
return got_positive;
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* HAVE_CYGWIN */
|
#endif /* HAVE_CYGWIN */
|
||||||
|
|
|
@ -1049,7 +1049,11 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
|
||||||
}
|
}
|
||||||
if (ci->user == NULL)
|
if (ci->user == NULL)
|
||||||
match_test_missing_fatal("User", "user");
|
match_test_missing_fatal("User", "user");
|
||||||
|
#ifndef HAVE_CYGWIN
|
||||||
if (match_pattern_list(ci->user, arg, 0) != 1)
|
if (match_pattern_list(ci->user, arg, 0) != 1)
|
||||||
|
#else
|
||||||
|
if (match_pattern_list(ci->user, arg, 1) != 1)
|
||||||
|
#endif
|
||||||
result = 0;
|
result = 0;
|
||||||
else
|
else
|
||||||
debug("user %.100s matched 'User %.100s' at "
|
debug("user %.100s matched 'User %.100s' at "
|
||||||
|
|
Loading…
Reference in New Issue