From 7a94b0c1570e9b0ad60bb8eadfb3d80e75b5b3e7 Mon Sep 17 00:00:00 2001
From: Fearghal O Floinn <fofloinn@gmail.com>
Date: Wed, 8 Sep 2021 12:24:49 +0100
Subject: [PATCH 1/2] Converts group and subgroup to lowercase for comparison.

Fixes #679
---
 authority/provisioner/sign_ssh_options.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/authority/provisioner/sign_ssh_options.go b/authority/provisioner/sign_ssh_options.go
index a872513e..4a0cf526 100644
--- a/authority/provisioner/sign_ssh_options.go
+++ b/authority/provisioner/sign_ssh_options.go
@@ -5,6 +5,7 @@ import (
 	"encoding/binary"
 	"encoding/json"
 	"math/big"
+	"strings"
 	"time"
 
 	"github.com/pkg/errors"
@@ -453,12 +454,20 @@ func containsAllMembers(group, subgroup []string) bool {
 	if lsg > lg || (lg > 0 && lsg == 0) {
 		return false
 	}
+	groupLower := []string{}
+	subgroupLower := []string{}
+	for _, s := range group {
+		groupLower = append(groupLower, strings.ToLower(s))
+	}
+	for _, s := range subgroup {
+		subgroupLower = append(subgroupLower, strings.ToLower(s))
+	}
 	visit := make(map[string]struct{}, lg)
 	for i := 0; i < lg; i++ {
-		visit[group[i]] = struct{}{}
+		visit[groupLower[i]] = struct{}{}
 	}
 	for i := 0; i < lsg; i++ {
-		if _, ok := visit[subgroup[i]]; !ok {
+		if _, ok := visit[subgroupLower[i]]; !ok {
 			return false
 		}
 	}

From 141c51917156f648cfe79e937ca9a7eb0724cd65 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Wed, 8 Sep 2021 16:00:33 -0700
Subject: [PATCH 2/2] Simplify check of principals in a case insensitive way

Fixes #679
---
 authority/provisioner/sign_ssh_options.go | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/authority/provisioner/sign_ssh_options.go b/authority/provisioner/sign_ssh_options.go
index 4a0cf526..158470d1 100644
--- a/authority/provisioner/sign_ssh_options.go
+++ b/authority/provisioner/sign_ssh_options.go
@@ -454,20 +454,12 @@ func containsAllMembers(group, subgroup []string) bool {
 	if lsg > lg || (lg > 0 && lsg == 0) {
 		return false
 	}
-	groupLower := []string{}
-	subgroupLower := []string{}
-	for _, s := range group {
-		groupLower = append(groupLower, strings.ToLower(s))
-	}
-	for _, s := range subgroup {
-		subgroupLower = append(subgroupLower, strings.ToLower(s))
-	}
 	visit := make(map[string]struct{}, lg)
 	for i := 0; i < lg; i++ {
-		visit[groupLower[i]] = struct{}{}
+		visit[strings.ToLower(group[i])] = struct{}{}
 	}
 	for i := 0; i < lsg; i++ {
-		if _, ok := visit[subgroupLower[i]]; !ok {
+		if _, ok := visit[strings.ToLower(subgroup[i])]; !ok {
 			return false
 		}
 	}