On Tue, Apr 22, 2008 at 1:30 AM, Sylvain Beucler <[EMAIL PROTECTED]> wrote: > Hi, > > Apparently everything's fine :) > I merged your branch in the main repository. >
Great. > I modified your fix for the authorized_keys==0 issue, by using cleaner > DB functions that I had introduced a while ago (the original DB access > functions can give ambiguous results in some cases, like NULL). > In what cases did it happen, though? Initialy, in the disk image, user > 'admin' is member of 'siteadmin' (so he's entitled for a user account) > and has no registered SSH key, so this should trigger the > authorized_keys bug you reported, but AFAICS ~admin/.ssh/ did not > contain a 'authorized_keys' file. > The problem was that the variable $authroized_keys was 0 (I guess because NULL was interpreted as 0, but I am not sure), which is different than '', so the check inside UserAddSSHKeys failed and a 0 was added to authorized_keys file. If I am not wrong, checking for ($authorized_keys) instead of ($authorized_keys ne '') solves the problem with 0 and ''. > Something else: think that it'd be better to get rid of hg-ssh and > reimplement it with a couple lines of Perl straight in > sv_membersh. hg-ssh is not properly part of Mercurial anyway. > It is distributed with Mercurial (inside the examples directory in Debian and in contrib inside Mercurial sources). There is also a restricted shell written in C, but I think is more limited than the one in python. I've just seen that there are the 'hg-admin-tools' which provide more access configuration for the ssh restricted shell, it is based on hg-ssh (more python). The 'hg-admin-tools' are new and not part of Mercurial. The problem is that hg-ssh uses the mercurial api, and I will not be able to do that in perl, so right now I don't really see how to solve this. I will try to look at it more deeply. Aleix
