https://bugzilla.mindrot.org/show_bug.cgi?id=937
Patric Stout <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Patric Stout <[email protected]> 2011-09-10 18:24:11 EST --- Yesterday I found out about this problem too, and I am amused to see this bug was original created 7 years ago. That said, a solution is relative easy. The comment in auth.h suggests that the authctxt->user field should be the username as the client sends it. And looking at the code it is also how it is used. For example in the public key challenge, where the client assumes the name he sends is the one used by the server. In auth2-pubkey.c we also find authctxt->user in this place. So that leaves us to wonder why this field is not really what the client send, but in case of [:style] (or [/role] in the Debian SELinux patch) a modified version. Attached a simple patch to solve the issue, which also makes the comment in auth.h valid again. I am not an OpenSSH expert, and I cannot validate if in all cases this will work as intended, but for regular (non-style loginnames) this cannot do any harm, so it can only work for the better. As a side-effect of this change, a validation of username-change triggered, which had to be avoided by another simple modification. With this patch applied, you can login to a server with your public-key with username:style as your loginname. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching the reporter of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
