[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Re: The read-permissions file -- unexpected behavio
From: |
Richard Levitte - VMS Whacker |
Subject: |
Re: [Monotone-devel] Re: The read-permissions file -- unexpected behavior |
Date: |
Thu, 05 Jan 2006 22:30:51 +0100 (CET) |
In message <address@hidden> on Thu, 5 Jan 2006 12:34:33 -0800, Jonathan Ho
<address@hidden> said:
jonathanho15> On Thursday, January 5, 2006 4:18, Lapo Luchini wrote:
jonathanho15> > Timothy Brownawell <tbrownaw <at> gmail.com> writes:
jonathanho15> > > Is com.example.foo a branch that really exists in
jonathanho15> > > the server's database? If not, then permission will
jonathanho15> > > be granted because there's nothing to read, and so
jonathanho15> > > nothing to deny permission for.
jonathanho15> >
jonathanho15> > Doesn't this "disclose" a tiny bit of information by
jonathanho15> > itself? (the very fact that a branch does exist or not)
jonathanho15> >
jonathanho15> I agree here. Shouldn't monotone try to authenticate the
jonathanho15> user first, and if it fails, deny the user access no
jonathanho15> matter what (s)he tried to pull from the server
jonathanho15> (considering, of course, the server's configuration)?
Oh, please, try things out before complaining!
: address@hidden:~
: ; monotone genkey address@hidden
monotone: generating key-pair 'address@hidden'
enter passphrase for key ID address@hidden:
confirm passphrase for key ID address@hidden:
monotone: storing key-pair 'address@hidden' in /home/levitte/.monotone/keys/
: address@hidden:~
: ; monotone --db=foo.db db init
: address@hidden:~
: ; monotone --db=foo.db pull venge.net 'net.venge.monotone*' -k address@hidden
monotone: setting default server to venge.net
monotone: setting default branch include pattern to 'net.venge.monotone*'
monotone: setting default branch exclude pattern to ''
monotone: connecting to venge.net
monotone: first time connecting to server venge.net
monotone: I'll assume it's really them, but you might want to double-check
monotone: their key's fingerprint: 70a0f283898a18815a83df37c902e5f1492e9aa2
monotone: warning: saving public key for address@hidden to database
monotone: finding items to synchronize:
enter passphrase for key ID address@hidden:
monotone: read from fd 6 (peer venge.net) failed, disconnecting
monotone: bytes in | bytes out | certs in | revs in | revs written
monotone: 0 | 346 | 0 | 0 | 0
I knew that address@hidden would probably not be accepted, and see?
There was a failure.
And just to check what the effect is on the server, I tried that too:
[repository.lp.se]
address@hidden:/orgs/lp/free/monotone# /usr/bin/monotone
--pid-file=/var/run/monotone/pid --db=/orgs/lp/free/monotone/repository.db
--rcfile=/orgs/lp/free/monotone/repository.lua
--keydir=/orgs/lp/free/monotone/.keys serve `cat
/orgs/lp/free/monotone/collections.dat | sed -e's|$|\*|'`
monotone: beginning service on all interfaces : 5253
monotone: accepted new client connection from 130.237.234.196 : 59043
monotone: warning: remote public key hash
'2806be97fc2851754eea0b75ea178ab6d9a31696' is unknown
monotone: failed to process '4' packet
monotone: fd 6 (peer 130.237.234.196:59043) processing finished, disconnecting
[my laptop]
: address@hidden:~
: ; monotone --db=foo.db pull repository.lp.se 'net.venge.monotone*' -k
address@hidden
monotone: connecting to repository.lp.se
monotone: finding items to synchronize:
enter passphrase for key ID address@hidden:
monotone: read from fd 6 (peer repository.lp.se) failed, disconnecting
monotone: bytes in | bytes out | certs in | revs in | revs written
monotone: 0 | 346 | 0 | 0 | 0
As you can see, monotone does authenticate before it does anything
else.
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte address@hidden
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis