webapp: Ensure that ssh keys generated for different directories on a server are always different.

3 files changed, 41 insertions, 1 deletions

diff --git a/Assistant/Ssh.hs b/Assistant/Ssh.hs
index 87347571e..38ec347cb 100644
--- a/Assistant/Ssh.hs
+++ b/Assistant/Ssh.hs
@@ -16,6 +16,7 @@ import Git.Remote
 import Data.Text (Text)
 import qualified Data.Text as T
 import Data.Char
+import Network.URI
 
 data SshData = SshData
 	{ sshHostName :: Text
@@ -216,10 +217,16 @@ setSshConfig sshdata config = do
 
 {- This hostname is specific to a given repository on the ssh host,
  - so it is based on the real hostname, the username, and the directory.
+ -
+ - The mangled hostname has the form "git-annex-realhostname-username_dir".
+ - The only use of "-" is to separate the parts shown; this is necessary
+ - to allow unMangleSshHostName to work. Any unusual characters in the
+ - username or directory are url encoded, except using "." rather than "%"
+ - (the latter has special meaning to ssh).
  -}
 mangleSshHostName :: SshData -> String
 mangleSshHostName sshdata = "git-annex-" ++ T.unpack (sshHostName sshdata)
-	++ "-" ++ filter safe extra
+	++ "-" ++ escape extra
   where
 	extra = intercalate "_" $ map T.unpack $ catMaybes
 		[ sshUserName sshdata
@@ -229,6 +236,7 @@ mangleSshHostName sshdata = "git-annex-" ++ T.unpack (sshHostName sshdata)
 		| isAlphaNum c = True
 		| c == '_' = True
 		| otherwise = False
+	escape s = replace "%" "." $ escapeURIString safe s
 
 {- Extracts the real hostname from a mangled ssh hostname. -}
 unMangleSshHostName :: String -> String
diff --git a/debian/changelog b/debian/changelog
index 85a356122..b465fac5e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ git-annex (4.20130622) UNRELEASED; urgency=low
   * fsck: Ensures that direct mode is used for files when it's enabled.
   * webapp: Fix bug when setting up a remote ssh repo repeatedly on the same
     server.
+  * webapp: Ensure that ssh keys generated for different directories
+    on a server are always different.
 
  -- Joey Hess <joeyh@debian.org>  Fri, 21 Jun 2013 13:16:17 -0400
 
diff --git a/doc/bugs/Use_a_git_repository_on_the_server_don__39__t_work.mdwn b/doc/bugs/Use_a_git_repository_on_the_server_don__39__t_work.mdwn
index 0e950f360..a2fa6a9e5 100644
--- a/doc/bugs/Use_a_git_repository_on_the_server_don__39__t_work.mdwn
+++ b/doc/bugs/Use_a_git_repository_on_the_server_don__39__t_work.mdwn
@@ -12,3 +12,33 @@ Linux 64bit
 Please provide any additional information below.
 git and git-annex are available on the Remote Server
 
+> While this bug report was about a server that did not get git-annex-shell
+> installed in PATH (something trivially fixed by `apt-get install
+> git-annex`), the comments below would like to turn this into a bug report about 
+> the error message "unknown UUID; cannot modify". All right then..
+> --[[Joey]]
+> 
+> This can occur if a ssh key is locked down to use directory A, and a
+> new repo is added in directory B which uses the same ssh key. Things will
+> then fail when git-annex-shell rejects the attept to use directory B, and
+> this results in the webapp displaying an internal server error of
+> "unknown UUID; cannot modify" since NoUUID is retreived for the repo.
+> 
+> In fact, I already dealt with this
+> once in 79561774450c8abf7c2cb42b08575a3ca27010dc; it used to not use 
+> the directory name at all as part of the mangled hostname. Most of the 
+> "me too" responses" predate that fix.
+> 
+> Now, this can only happen
+> if the mangled hostname for directory A and B is the same. One way this can
+> happen is if the directories are "annex" and "~/annex". In other words,
+> I suspect that users are entering "annex" once, and "~/annex" another
+> time, when setting up what they intend to be the same repo. Perhaps the
+> first time something else fails (like the original problem of
+> git-annex-shell not being in path), or they want to set it up again,
+> and the next time the subtly different directory is entered.
+> 
+> To fix this,
+> `mangleSshHostName` would need to be changed to generate different mangled
+> hostnames in all cases. Currently, it skips non-alpha-numeric
+> characters in the directory. [[done]] --[[Joey]]