mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-05-05 04:06:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

ssh/tailssh: case insensitive unix user matching

Browse Source
This commit is contained in:
Adriano Sela Aviles 2026-03-12 13:20:25 -07:00
parent 54606a0a89
commit d0d40fb668
No known key found for this signature in database
GPG Key ID: 28128631BCCBB1BB
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ssh/tailssh/tailssh.go
View File

@ -1197,6 +1197,14 @@ func mapLocalUser(ruleSSHUsers map[string]string, reqSSHUser string) (localUser
if !ok {
v = ruleSSHUsers["*"]
}
// We check whether the lowercased system user (i.e. unix user)
// matches any of the listed ssh users. This is done because the
// all users in ssh.[].users are normalized to lowercase, but the
// user email addresse username may originally be mixed case (e.g.
// "Bob@example.com"). This is especially true for SCIM users.
if _, ok := ruleSSHUsers[strings.ToLower(reqSSHUser)]; ok {
v = reqSSHUser // use the potentially-mixed case user.
}
if v == "=" {
return reqSSHUser
}