From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: sshd: computer name's case must match?
Date: Wed, 13 Feb 2019 12:25:00 -0000 [thread overview]
Message-ID: <20190213122509.GL3718@calimero.vinschen.de> (raw)
In-Reply-To: <20190213103200.GK3718@calimero.vinschen.de>
[-- Attachment #1: Type: text/plain, Size: 2002 bytes --]
On Feb 13 11:32, Corinna Vinschen wrote:
> On Feb 12 16:07, Bill Stewart wrote:
> > Good day,
> >
> > I am testing sshd using the cygwin1.dll 3.x version (run as SYSTEM -
> > S4U logon - works great!).
> >
> > One thing I've noticed is that if I use ssh log onto a remote
> > domain-joined machine (e.g., connect with COMPUTER+localname), the
> > 'COMPUTER' prefix must be uppercase - if I specify
> > 'computer+LocalName', the user is unknown.
> >
> > This doesn't seem to be the case if I change the username's case -
> > 'COMPUTER+localname' also works.
> >
> > Is this by design or by accident?
>
> sshd checks usernames case-sensitive against their name stored in the
> user DB. The problem that you can use differently cased usernames
> here is that the Windows function for checking the name is case-
> insensitive, so it takes the username any way it comes in and
> sshd eventually checks against the wrongly cased name.
>
> I fixed that partially in Cygwin by making sure that the account name
> stored in the internal passwd/group info is stored case-correct:
> https://cygwin.com/git/?p=newlib-cygwin.git;a=commitdiff;h=9a3cc77b2afc
>
> So if you have a domain DOMAIN and a user xyz
>
> $ getent passwd DoMaIn+XyZ
>
> Prior to the above patch it returned
>
> DOMAIN+XyZ:...
>
> Now it will return
>
> DOMAIN+xyz:...
>
> The problem is this: If the account is from another domain than the
> local machine or the machine domain, the call to LookupAccountSid to fix
> the account name won't fix the account name.
>
> Apparently the account name is cached on the local machine in exactly
> the same spelling as has been used when asking for the account the first
> time. I still have to find a way to workaround that.
That should be fixed now as well. I uploaded new developer snaps to
https://cygwin.com/snapshots/ and will generate YA test release later
today.
Corinna
--
Corinna Vinschen
Cygwin Maintainer
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2019-02-13 12:25 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-12 23:07 Bill Stewart
2019-02-13 1:35 ` Andrey Repin
2019-02-13 10:32 ` Corinna Vinschen
2019-02-13 12:25 ` Corinna Vinschen [this message]
2019-02-13 15:53 ` Bill Stewart
2019-02-13 16:10 ` Corinna Vinschen
2019-02-13 16:24 ` Bill Stewart
2019-02-13 16:26 ` Corinna Vinschen
2019-02-13 17:43 ` Bill Stewart
2019-02-13 17:55 ` Corinna Vinschen
2019-02-13 18:13 ` Bill Stewart
2019-02-13 20:25 ` Corinna Vinschen
2019-02-13 20:55 ` Bill Stewart
2019-02-13 22:50 ` Andrey Repin
2019-02-14 13:14 ` Corinna Vinschen
2019-02-14 15:23 ` Bill Stewart
2019-02-14 16:20 ` Bill Stewart
2019-02-21 20:17 ` Bill Stewart
2019-02-22 9:39 ` Corinna Vinschen
2019-02-22 15:43 ` Bill Stewart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190213122509.GL3718@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).