Hi OpenSSH developers
In the source file *scp.c* there is a function called *okname(char
*cp0)* that validates the entered username by using the scp command as
follows:
*
*[ Fragment scp.c start ]
...
int okname(char *cp0)
{
int c;
char *cp;
cp = cp0;
do {
c = (int)*cp;
if (c & 0200)
goto bad;
if (!isalpha(c) && !isdigit(c)) {
switch (c) {
case '\'':
case '"':
case '`':
case ' ':
* case '#':*
goto bad;
default:
break;
}
}
} while (*++cp);
return (1);
bad: fprintf(stderr, "%s: invalid user name\n", cp0);
return (0);
}
...
[ Fragment scp.c end ]
Thereby, usernames that contain the hash sign (#) are rejected. Is there
a good reason why this logic was introduced?
If there is no reason, so is it possible to remove the mentioned
case-statement?
I thank you in advance for your help and remain with best wishes
Reza Hedayat
On 06/03/12 18:57, Reza Hedayat wrote:> Hi OpenSSH developers > > In the source file *scp.c* there is a function called *okname(char > *cp0)* that validates the entered username by using the scp command as > follows: > > ( Fragment scp.c skipped) > > Thereby, usernames that contain the hash sign (#) are rejected. Is > there a good reason why this logic was introduced? > If there is no reason, so is it possible to remove the mentioned > case-statement? > > I thank you in advance for your help and remain with best wishes > Reza HedayatIt's trying to avoiod shell special characters (quotes, backticks, spaces...). The # introduces a comment in the shell (would need escaping), so that's surely the reason it's forbidden. You could replace it if you were sure the username is never used unquoted. Having a # in the user name is very rare, though.