Use lowercase usernames

All the brokers we currently support (msentraid and google) use case-insensitive usernames. Currently, logging in with a username which differs in upper- or lowercase from the username in the broker results in an authentication failure. We want to fix that. The easiest way to do that is to convert all usernames to lowercase before storing them in our database or passing them to the broker, and also convert the Name argument of GetPassdByName to lowercase before querying the database. If we (or anyone else) ever wants to add a broker for a provider which does *not* use case-insensitive usernames, we will have to revisit this and decide whether we want to support that.
ubuntu · Jan 13, 2025 · 7ed5992 · 7ed5992
1 parent 973ae5d
commit 7ed5992
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/internal/users/cache/getusers.go b/internal/users/cache/getusers.go
@@ -3,6 +3,7 @@ package cache
 import (
 	"encoding/json"
 	"fmt"
+	"strings"
 	"time"
 
 	"go.etcd.io/bbolt"
@@ -42,6 +43,8 @@ func (c *Cache) UserByID(uid uint32) (UserDB, error) {
 
 // UserByName returns a user matching this name or an error if the database is corrupted or no entry was found.
 func (c *Cache) UserByName(name string) (UserDB, error) {
+	// authd uses lowercase usernames
+	name = strings.ToLower(name)
 	u, err := getUser(c, userByNameBucketName, name)
 	return u.UserDB, err
 }

diff --git a/pam/internal/adapter/userselection.go b/pam/internal/adapter/userselection.go
@@ -3,6 +3,7 @@ package adapter
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"github.com/charmbracelet/bubbles/cursor"
 	"github.com/charmbracelet/bubbles/textinput"
@@ -148,7 +149,8 @@ func (m userSelectionModel) Username() string {
 	if m.clientType == InteractiveTerminal && !m.selected {
 		return ""
 	}
-	return m.Model.Value()
+	// authd uses lowercase usernames
+	return strings.ToLower(m.Model.Value())
 }
 
 // Focus sets the focus state on the model. We also mark as the user is not