Re: [Savannah-hackers-public] mercurial ssh access issues

[Aleix Conchillo Flaqué]

On Tue, Apr 22, 2008 at 1:30 AM, Sylvain Beucler <address@hidden> wrote:
> Hi,
>
>  Apparently everything's fine :)
>  I merged your branch in the main repository.
>

Great.

>  I modified your fix for the authorized_keys==0 issue, by using cleaner
>  DB functions that I had introduced a while ago (the original DB access
>  functions can give ambiguous results in some cases, like NULL).
>  In what cases did it happen, though? Initialy, in the disk image, user
>  'admin' is member of 'siteadmin' (so he's entitled for a user account)
>  and has no registered SSH key, so this should trigger the
>  authorized_keys bug you reported, but AFAICS ~admin/.ssh/ did not
>  contain a 'authorized_keys' file.
>

The problem was that the variable $authroized_keys was 0 (I guess
because NULL was interpreted as 0, but I am not sure), which is
different than '', so the check inside UserAddSSHKeys failed and a 0
was added to authorized_keys file.

If I am not wrong, checking for ($authorized_keys) instead of
($authorized_keys ne '') solves the problem with 0 and ''.

>  Something else: think that it'd be better to get rid of hg-ssh and
>  reimplement it with a couple lines of Perl straight in
>  sv_membersh. hg-ssh is not properly part of Mercurial anyway.
>

It is distributed with Mercurial (inside the examples directory in
Debian and in contrib inside Mercurial sources). There is also a
restricted shell written in C, but I think is more limited than the
one in python. I've just seen that there are the 'hg-admin-tools'
which provide more access configuration for the ssh restricted shell,
it is based on hg-ssh (more python). The 'hg-admin-tools' are new and
not part of Mercurial.

The problem is that hg-ssh uses the mercurial api, and I will not be
able to do that in perl, so right now I don't really see how to solve
this.

I will try to look at it more deeply.

Aleix