username check in scp
Christian Kurz
shorty at getuid.de
Fri Feb 9 07:24:00 EST 2001
Hi
a fellow debian developer pointed it out to me, that ssh itself does not
check the username that is provided for login into a remote host, but
that scp checks it. I could verify that the current openssh code from
cvs still has a check for the username in scp.c but not in ssh.c. So I
created the attached small patch to remove the username check from scp.
I hope ít's correct and that you apply it to the source. If it's wrong,
please point me to my mistake, so that I can learn from it. If you don't
want to apply it, then please tell me why. Thank you.
Ciao
Christian
--
When it is incorrect, it is, at least *authoritatively* incorrect.
-- Hitchiker's Guide To The Galaxy
-------------- next part --------------
--- scp.c.orig Thu Feb 8 21:20:50 2001
+++ scp.c Thu Feb 8 21:21:21 2001
@@ -207,7 +207,6 @@
char *colon(char *);
void lostconn(int);
void nospace(void);
-int okname(char *);
void run_err(const char *,...);
void verifydir(char *);
@@ -371,8 +370,6 @@
tuser = argv[argc - 1];
if (*tuser == '\0')
tuser = NULL;
- else if (!okname(tuser))
- exit(1);
} else {
thost = argv[argc - 1];
tuser = NULL;
@@ -395,8 +392,6 @@
suser = argv[i];
if (*suser == '\0')
suser = pwd->pw_name;
- else if (!okname(suser))
- continue;
sprintf(bp,
"%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'",
ssh_program, verbose_mode ? " -v" : "",
@@ -468,8 +463,6 @@
suser = argv[i];
if (*suser == '\0')
suser = pwd->pw_name;
- else if (!okname(suser))
- continue;
}
host = cleanhostname(host);
len = strlen(src) + CMDNEEDS + 20;
@@ -1017,28 +1010,6 @@
}
run_err("%s: %s", cp, strerror(errno));
exit(1);
-}
-
-int
-okname(cp0)
- char *cp0;
-{
- int c;
- char *cp;
-
- cp = cp0;
- do {
- c = *cp;
- if (c & 0200)
- goto bad;
- if (!isalpha(c) && !isdigit(c) &&
- c != '_' && c != '-' && c != '.' && c != '+')
- goto bad;
- } while (*++cp);
- return (1);
-
-bad: fprintf(stderr, "%s: invalid user name\n", cp0);
- return (0);
}
BUF *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 241 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010208/c4f07a36/attachment.bin
More information about the openssh-unix-dev
mailing list