Re: Error trying to get CVS write access via web-form

Re: Error trying to get CVS write access via web-form

[Ranjit Mathew]

Hi,

   I finally figured out by looking at the source
of the ps_form.cgi script that my signature
was not matching any of the regexes given
there simply because I'd given "Ranjit Mathew
<rmathew@hotmail.com>" as my comment,
which was not of the form "user@domain"
expected by the applicable regex!

I think this regex should either be corrected or
the page should explain that the comment can
only be of this form.

Thanks,
Ranjit.

Ranjit Mathew writes:
>  I am trying to get CVS write access to GCC via the
>form:
>
>
>http://sources.redhat.com/cgi-bin/pdw/ps_form.cgi
>
>However, it just does not work for me and always
>says "Your identity.pub entry is incorrectly formatted.".

_________________________________________________________________
Get head-hunted by 10,000 recruiters.  http://go.msnserver.com/IN/46246.asp 
Post your CV on naukri.com today.

Re: Error trying to get CVS write access via web-form

[Christopher Faylor]

On Fri, Apr 02, 2004 at 06:07:13PM +0530, Ranjit Mathew wrote:
>I finally figured out by looking at the source of the ps_form.cgi
>script that my signature was not matching any of the regexes given
>there simply because I'd given "Ranjit Mathew <rmathew@hotmail.com>" as
>my comment, which was not of the form "user@domain" expected by the
>applicable regex!

Calm down, please.

>I think this regex should either be corrected or the page should
>explain that the comment can only be of this form.

You have the source, right?  Does anything suggest itself to you?

cgf

Re: Error trying to get CVS write access via web-form

[Frank Ch. Eigler]

cgf wrote:

> [...]
> >I think this regex should either be corrected or the page should
> >explain that the comment can only be of this form.
> 
> You have the source, right?  Does anything suggest itself to you?

Would committing this patch bother anyone?


Index: ps_form.cgi
===================================================================
RCS file: /cvs/sourceware/cgi-bin/pdw/ps_form.cgi,v
retrieving revision 1.41
diff -u -r1.41 ps_form.cgi
--- ps_form.cgi	30 Sep 2003 15:27:04 -0000	1.41
+++ ps_form.cgi	2 Apr 2004 16:16:21 -0000
@@ -87,7 +87,7 @@
 &start_html;
 
 if ($ssh_key !~ /^\s*\d{3,}\s+\d+\s+\d{100,}(\s+[^\n]*)?$/
-    && $ssh_key !~ /^ssh-[rd]s[as]\s+\S+\s+\S+\@\S+$/o
+    && $ssh_key !~ /^ssh-[rd]s[as]\s+\S+(\s+[^\n]*)?$/o
     && $ssh_key !~ /gnats only/o)
 {
     print "Your identity.pub entry is incorrectly formatted.  Please press Back on your browser and copy the contents of your identity.pub file into the form.  If you believe you have gotten this message erroneously, please submit a complete bug report to <a href=\"mailto:overseers\@sources.redhat.com\">overseers\@sources.redhat.com</a>.<p>";


- FChE

Re: Error trying to get CVS write access via web-form

[Christopher Faylor]

On Fri, Apr 02, 2004 at 11:17:40AM -0500, Frank Ch. Eigler wrote:
>cgf wrote:
>> [...]
>> >I think this regex should either be corrected or the page should
>> >explain that the comment can only be of this form.
>> 
>> You have the source, right?  Does anything suggest itself to you?
>
>Would committing this patch bother anyone?

Doesn't the comment part have to include something with an '@' in it?

Doesn't your change essentially make the validity check "See if there
is something following a space at the end of the line.  If there is
then that's good, otherwise, that's good too."

Of course, that's what the previous line does, too, so I guess it's in
good company.

cgf

>Index: ps_form.cgi
>===================================================================
>RCS file: /cvs/sourceware/cgi-bin/pdw/ps_form.cgi,v
>retrieving revision 1.41
>diff -u -r1.41 ps_form.cgi
>--- ps_form.cgi	30 Sep 2003 15:27:04 -0000	1.41
>+++ ps_form.cgi	2 Apr 2004 16:16:21 -0000
>@@ -87,7 +87,7 @@
> &start_html;
> 
> if ($ssh_key !~ /^\s*\d{3,}\s+\d+\s+\d{100,}(\s+[^\n]*)?$/
>-    && $ssh_key !~ /^ssh-[rd]s[as]\s+\S+\s+\S+\@\S+$/o
>+    && $ssh_key !~ /^ssh-[rd]s[as]\s+\S+(\s+[^\n]*)?$/o
>     && $ssh_key !~ /gnats only/o)
> {
>     print "Your identity.pub entry is incorrectly formatted.  Please press Back on your browser and copy the contents of your identity.pub file into the form.  If you believe you have gotten this message erroneously, please submit a complete bug report to <a href=\"mailto:overseers\@sources.redhat.com\">overseers\@sources.redhat.com</a>.<p>";
>
>
>- FChE

Re: Error trying to get CVS write access via web-form

[Frank Ch. Eigler]

[-- Attachment #1: Type: text/plain, Size: 272 bytes --]

Hi -

> Doesn't the comment part have to include something with an '@' in it?

No.  This is not a pgp userid style thing - it's freeform.

> [...]
> Of course, that's what the previous line does, too, so I guess it's in
> good company.

Indeed.  I'll commit then.

- FChE

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Error trying to get CVS write access via web-form

[Christopher Faylor]

On Fri, Apr 02, 2004 at 11:45:11AM -0500, Frank Ch. Eigler wrote:
>Hi -
>
>> Doesn't the comment part have to include something with an '@' in it?
>
>No.  This is not a pgp userid style thing - it's freeform.
>
>> [...]
>> Of course, that's what the previous line does, too, so I guess it's in
>> good company.
>
>Indeed.  I'll commit then.

Actually, I think that, at the very least, both should be checking for
white space after the host key.

Although, hmm, maybe it's time to retire the acceptance of "Protocol 1"
keys entirely.

cgf

Re: Error trying to get CVS write access via web-form

[Frank Ch. Eigler]

[-- Attachment #1: Type: text/plain, Size: 462 bytes --]

Hi -


cgf wrote:

> Actually, I think that, at the very least, both should be checking for
> white space after the host key. [...]

Unless there is at least a theoretical problem that justifies
constraints, I'd prefer not to bother enforce them.  The way these
keys are currently used (possibly prefixed with cvs-only verbiage,
but otherwise copied verbatim), I can't see any harm in having
space at the end-of-line or not.  sshd accepts it both ways.


- FChE

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Error trying to get CVS write access via web-form

[Christopher Faylor]

On Fri, Apr 02, 2004 at 12:08:38PM -0500, Frank Ch. Eigler wrote:
>Hi -
>
>
>cgf wrote:
>
>> Actually, I think that, at the very least, both should be checking for
>> white space after the host key. [...]
>
>Unless there is at least a theoretical problem that justifies
>constraints,

The theoretical problem is when people paste in broken lines or partial
lines from their .pub files and the software doesn't complain.

I don't see any reason to duplicate a no-op in the checking in any
event.

cgf

Re: Error trying to get CVS write access via web-form

[Frank Ch. Eigler]

[-- Attachment #1: Type: text/plain, Size: 377 bytes --]

Hi -

> >Unless there is at least a theoretical problem that justifies
> >constraints,
> 
> The theoretical problem is when people paste in broken lines or partial
> lines from their .pub files and the software doesn't complain. [...]

I see.
How about changing the pubkey field to a file-upload form element?
That way accidental truncation is unlikely.


- FChE

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Error trying to get CVS write access via web-form

[Christopher Faylor]

On Fri, Apr 02, 2004 at 12:29:29PM -0500, Frank Ch. Eigler wrote:
>Hi -
>
>> >Unless there is at least a theoretical problem that justifies
>> >constraints,
>> 
>> The theoretical problem is when people paste in broken lines or partial
>> lines from their .pub files and the software doesn't complain. [...]
>
>I see.
>How about changing the pubkey field to a file-upload form element?
>That way accidental truncation is unlikely.

Sure.

cgf

Re: Error trying to get CVS write access via web-form

[Christopher Faylor]

On Fri, Apr 02, 2004 at 12:40:03PM -0500, Christopher Faylor wrote:
>On Fri, Apr 02, 2004 at 12:29:29PM -0500, Frank Ch. Eigler wrote:
>>>>Unless there is at least a theoretical problem that justifies
>>>>constraints,
>>>
>>>The theoretical problem is when people paste in broken lines or partial
>>>lines from their .pub files and the software doesn't complain.  [...]
>>
>>I see.  How about changing the pubkey field to a file-upload form
>>element?  That way accidental truncation is unlikely.
>
>Sure.

But, actually, it would still need sanity checking regardless, I guess.

Is there a way to get ssh to tell us if the key looks right?  That's
probably the best way to verify keys.

Maybe "ssh-keygen -l" would do it...

cgf

Re: Error trying to get CVS write access via web-form

[Frank Ch. Eigler]

[-- Attachment #1: Type: text/plain, Size: 344 bytes --]

Hi -

> [...]
> Is there a way to get ssh to tell us if the key looks right?  That's
> probably the best way to verify keys. [...]

Or an even tougher-love approach would be to force new account holders
to log in using the putative key within some time limit after initial
account activation, to prove they hold a matching private key.

- FChE

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Error trying to get CVS write access via web-form

[Christopher Faylor]

On Fri, Apr 02, 2004 at 01:15:30PM -0500, Frank Ch. Eigler wrote:
>>[...]
>>Is there a way to get ssh to tell us if the key looks right?  That's
>>probably the best way to verify keys.  [...]
>
>Or an even tougher-love approach would be to force new account holders
>to log in using the putative key within some time limit after initial
>account activation, to prove they hold a matching private key.

Yeah, a secondary verification step might be nice.

"ssh-keygen -l" does seem to do the job.  The only challenge is the
necessity of creating a temp file.  I hate that.  I tried using the
standard work around of passing the key file in a pipe and using
/proc/self/fd/0 but ssh-keygen is way too clever to allow that.

Anyway, now it's back to real work for me.  I'll look at this more
tonight.

cgf

Error trying to get CVS write access via web-form

[Ranjit Mathew]

[-- Attachment #1: Type: text/plain, Size: 1177 bytes --]

Hi,

    I am trying to get CVS write access to GCC via the
form:

  http://sources.redhat.com/cgi-bin/pdw/ps_form.cgi

However, it just does not work for me and always
says "Your identity.pub entry is incorrectly formatted.".

I've tried both RSA as well as DSA keys, on Windows
as well as on Linux, 512 as well as 1024 bits, remote form
v/s local HTML copy with 10000 columns in the textarea
for the key, *but it just does not work* for me!

Help!

(Key generated with OpenSSH 3.7.1p2 using
OpenSSL 0.9.7d, both compiled using GCC 3.3.3
using glibc 2.2.5 on a box with the 2.4.25 Linux
kernel.)

If you can please admit me manually, here's the
information:

Name:                       Ranjit Mathew
Preferred Login:          rmathew
Email:                        rmathew@hotmail.com
Project:                     GCC
Recommended by:      Tom Tromey <tromey@redhat.com>
Public Key:                 (DSA, 1024-bits, attached gzipped)

Thanks in advance for your help and please
do CC your reply to me.

Ranjit.

_________________________________________________________________
Apply for a Citibank Suvidha Account.  http://go.msnserver.com/IN/45533.asp 
Get FREE organiser. 

[-- Attachment #2: id_dsa.pub.gz --]
[-- Type: application/x-gzip, Size: 540 bytes --]