Serving HG repositories on Windows 2012 R2 Server.

Anders Ishoey (INT) Anders.Ishoey at teledyne-reson.com
Mon Sep 28 09:28:17 CDT 2015


Hi Donald,

I'm aware that the random function is not the (real) problem.

I am also aware of
https://stackoverflow.com/questions/12639930/python-cgi-in-iis-issue-with-urandom-function
I should have written that too.

My problem is that I assume that I can't use "impersonate user".
I assume that each user needs to run under his own account in order ensure that he doesn't access repositories he shouldn't access. 
At least that is how I understand how to control repository access.

So, I think I'm can slightly rephrase my original problem:
 
Q1) Is there something in the web server that strips off rights when I run CGI via https compared to when I run from the python command line. 


Anders

-----Original Message-----
From: Donald Stufft [mailto:donald at stufft.io] 
Sent: 2015-09-28 16:09
To: Mercurial-devel; Augie Fackler; Anders Ishoey (INT)
Subject: Re: Serving HG repositories on Windows 2012 R2 Server.

A quick google suggests this might be relevant: https://stackoverflow.com/questions/12639930/python-cgi-in-iis-issue-with-urandom-function

You’re getting a “Access Denied” error when attempting to access the secure random source on Windows (CryptGenRandom). That’s the fundamental problem here. Your modification simply masks the error and forces Python to fallback to an unsafe seeding mechanism for MT.

On September 28, 2015 at 10:05:02 AM, Augie Fackler (lists at durin42.com) wrote:
> (+mailing list. Please reply-all.)
>  
> On Mon, Sep 28, 2015 at 9:59 AM, Anders Ishoey (INT)
> wrote:
> > Hi Augie,
> >
> > Here it is
> > HTTP Error 502.2 - Bad Gateway
> > The specified CGI application misbehaved by not returning a complete set of HTTP headers.  
> The headers it did return are "Traceback (most recent call last): File 
> "C:\Users\Public\hgweb\hgweb.cgi",
> line 8, in import cgitb; cgitb.enable(display=1) File 
> "c:\Python27\lib\cgitb.py", line 30, in import tempfile File 
> "c:\Python27\lib\tempfile.py", line 35, in from random import Random 
> as _Random File "c:\Python27\lib\random.py", line 885, in _inst = 
> Random() File "c:\Python27\lib\random.py", line 97, in __init__ 
> self.seed(x) File "c:\Python27\lib\random.py", line 113, in seed a = 
> long(_hexlify(_urandom(2500)),
> 16) WindowsError: [Error 5] Access is denied ".
> >
> > /Anders Ishøy-Rasmussen
> > Systems Architect
> > Teledyne-Reson
> >
> >
> > -----Original Message-----
> > From: Augie Fackler [mailto:lists at durin42.com]
> > Sent: 2015-09-28 15:52
> > To: Anders Ishoey (INT); Donald Stufft; mercurial
> > Subject: Re: Serving HG repositories on Windows 2012 R2 Server.
> >
> > (+mailing list, please keep the list cc'ed)
> >
> > On Mon, Sep 28, 2015 at 2:01 AM, Anders Ishoey (INT)
> wrote:
> >> Hi Augie,
> >>
> >> This removes a python error when loading CGI in case the random function complaints.  
> >> However, the random function is probably only a symptom of an 
> >> unhealthy installation/execution
> environment.
> >
> > Yeah, that's what it sounds like. What was the exception you were seeing, if not NotImplementedError?  
> >
> >> In this situation the failure is obvious. In other cases the code 
> >> may fail within an
> exception handler, and the result may a wrong error message or simply wrong results.  
> >>
> >> IF you want do the modification it is here:
> >>
> >> Modify c:\Python27\lib\random.py
> >> change except NotImplementedError:
> >> to except :
> >>
> >> Do NOT change indentation.
> >>
> >> /Anders Ishøy-Rasmussen
> >> Systems Architect
> >> Teledyne-Reson
> >>
> >> -----Original Message-----
> >> From: Augie Fackler [mailto:lists at durin42.com]
> >> Sent: 2015-09-25 18:50
> >> To: Donald Stufft; Anders Ishoey (INT)
> >> Cc: mercurial
> >> Subject: Re: Serving HG repositories on Windows 2012 R2 Server.
> >>
> >> (+ original poster since gmane helpfully dropped them)
> >>
> >> On Fri, Sep 25, 2015 at 11:41 AM, Donald Stufft wrote:
> >>> Anders Ishoey (INT teledyne-reson.com> writes:
> >>>> Python 2.7 (had to modify random.py. line 114 to make it work)
> >>>
> >>> Can you post what modifications you had to make it work? I'm curious.
> >>>
> >>> _______________________________________________
> >>> Mercurial mailing list
> >>> Mercurial at selenic.com
> >>> https://selenic.com/mailman/listinfo/mercurial
>  

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA




More information about the Mercurial-devel mailing list