Serving HG repositories on Windows 2012 R2 Server.

Anders Ishoey (INT) Anders.Ishoey at teledyne-reson.com
Wed Sep 30 08:32:48 CDT 2015 

Hi Matt,
In summary: 
I'm migrating to from SVN (on XP) to HG (on Windows server 2012 R2) for many reasons including to get the domain authentication to take care of security.
However it fails writing and it fails limiting read access.

I think the main problem is that the cgi script doesnt have write access to the repository.
Is it relevant to expand the test.cgi to check user write access (too)?
What could cause no write access?
What could be wrong which makes the CGI script allow me read access when i'm not in the users list (and no * either)? (secondary for now) I'm baffled that my domain password ends up as open text in an environment variable when the script is running.

Generally I used the guide https://www.mercurial-scm.org/wiki/HgWebInIisOnWindows for the setup, but there were problems with many steps on IIS8.5:
-Using Python 2.7.10
-Not able to install the handler in web.config, whoever, the web site responded well after setting up IIS.
+ Test.cgi works
+downloaded and installed 3.5.1 for python 27 in "site packages"
+ configured rewrite rules
- basicAuthentication enabled with defaultlogondomain=mydomain. anonymousAuthentication disabled. Set up in IIS, not in web.config.
- basicAuthentication not unlocked. Assume it is not needed.
+ allow_push : various combinations ([*],[my domain account], [someone else's account] .
+ Mydomainaccount, the application pool identity IIS APPPOOL \HG and SYSTEM all have full rights in the repository folders and files.. 

I have setup 
*run in "impersonate user=true/false." No difference in response 
*I put the user name in The .hg\hgrc  in the repository and hgweb.config  (web.users =nn and web.allow_push= nn.) 
  I found no other user-files on the server containing "users".

Current situation is this:

This works:
a) The CGI script can now run without failing at import CGI (random function problem) Good.
b) I can browse the repositories from the client.
A typical directory looks like this in the browser: 
[up] 			drwxr-xr-x
dir. version10/ 		drwxr-xr-x
file build_svn.bat 	1056 	-rw-r--r--
c) I can clone and pull.

d) Mercurial > hgweb.cgi > borland becomes https://slasvn02/borland, i.e. Rewrite Rules work.

This doesn't work:
1) When I set the web.users =notmyaccount  I can clone and pull from my client. That leaves me with no read access control. 
Output:
http authorization required
realm: reson
pulling from https://slasvn02/TestRepo
searching for changes
no changes found
[command completed successfully Wed Sep 30 08:05:45 2015]

2) When I set the web.users = * and web.allow_push = * I still get an error when I try to push. 
Output:
realm: reson
searching for changes
'https://slasvn02/TestRepo' does not appear to be an hg repository:
---%<--- (text/html)
<body bgcolor="#f0f0f8"><font color="#f0f0f8" size="-5"> -->
<body bgcolor="#f0f0f8"><font color="#f0f0f8" size="-5"> --> -->
</font> </font> </font> </script> </object> </blockquote> </pre>
</table> </table> </table> </table> </table> </font> </font> </font><body bgcolor="#f0f0f8">
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="heading">
<tr bgcolor="#6622aa">
<td valign=bottom> <br>
<font color="#ffffff" face="helvetica, arial"> <br><big><big><strong><type 'exceptions.TypeError'></strong></big></big></font></td
><td align=right valign=bottom
><font color="#ffffff" face="helvetica, arial">Python 2.7.10: c:\Python27\python.exe<br>Wed Sep 30 07:56:23 2015</font></td></tr></table>
    
<p>A problem occurred in a Python script.  Here is the sequence of
function calls leading up to the error, in the order they occurred.</p>
<table width="100%" cellspacing=0 cellpadding=0 border=0>
<tr><td bgcolor="#d8bbff"><big> </big><a href="file://C:\Users\Public\hgweb\hgweb.cgi">C:\User
---%<---

[command returned code 255 Wed Sep 30 07:56:22 2015]

The shortened list of environment variables (output from the CGI script) is

Python 2.7.10 (default, May 23 2015, 09:44:00) [MSC v.1500 64 bit (AMD64)]
ALLUSERSPROFILE	C:\ProgramData
APPDATA	C:\Users\hg\AppData\Roaming
APP_POOL_ID	hg
AUTH_PASSWORD	******************
AUTH_TYPE	Basic
AUTH_USER	air
COMMONPROGRAMFILES	C:\Program Files\Common Files
COMMONPROGRAMFILES(X86)	C:\Program Files (x86)\Common Files
COMMONPROGRAMW6432	C:\Program Files\Common Files
COMPUTERNAME	SLASVN02
COMSPEC	C:\Windows\system32\cmd.exe
CONTENT_LENGTH	0
CONTENT_TYPE	
FP_NO_HOST_CHECK	NO
GATEWAY_INTERFACE	CGI/1.1
HTTPS	on
HTTPS_KEYSIZE	XXXXXX
HTTPS_SECRETKEYSIZE	XXXXXX
HTTPS_SERVER_ISSUER	**************************
HTTPS_SERVER_SUBJECT	CN=SLASVN02.****************
HTTP_ACCEPT	text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING	gzip, deflate
HTTP_ACCEPT_LANGUAGE	en-US,en;q=0.5
HTTP_AUTHORIZATION	Basic *****************************
HTTP_CONNECTION	keep-alive
HTTP_CONTENT_LENGTH	0
HTTP_HOST	slasvn02
HTTP_USER_AGENT	Mozilla/5.0 (Windows NT 6.1; rv:40.0) Gecko/20100101 Firefox/40.0
HTTP_X_ORIGINAL_URL	/?env=1
INSTANCE_ID	1
LOCALAPPDATA	C:\Users\hg\AppData\Local
LOCAL_ADDR	xx.xx.xx.xx
LOGON_USER	air
NUMBER_OF_PROCESSORS	1
OS	Windows_NT
PATH	c:\python27; C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Subversion\bin\;C:\Program Files\Microsoft\Web Platform Installer\;
PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PATH_INFO	/hgweb.cgi/
PATH_TRANSLATED	C:\Users\Public\hgweb\hgweb.cgi\
PROCESSOR_ARCHITECTURE	AMD64
PROCESSOR_IDENTIFIER	Intel64 Family 6 Model 62 Stepping 4, GenuineIntel
PROCESSOR_LEVEL	6
PROCESSOR_REVISION	3e04
PROGRAMDATA	C:\ProgramData
PROGRAMFILES	C:\Program Files
PROGRAMFILES(X86)	C:\Program Files (x86)
PROGRAMW6432	C:\Program Files
PSMODULEPATH	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC	C:\Users\Public
PYTHONPATH	c:\Python27\Lib\site-packages\mercurial; 
QUERY_STRING	
REMOTE_ADDR	xx.xx.xx.xx
REMOTE_HOST	xx.xx.xx.xx
REMOTE_USER	air
REQUEST_METHOD	GET
SCRIPT_NAME	/hgweb.cgi
SERVER_NAME	slasvn02
SERVER_PORT	443
SERVER_PORT_SECURE	1
SERVER_PROTOCOL	HTTP/1.1
SERVER_SOFTWARE	Microsoft-IIS/8.5
SYSTEMDRIVE	C:
SYSTEMROOT	C:\Windows
TEMP	C:\Users\hg\AppData\Local\Temp
TMP	C:\Users\hg\AppData\Local\Temp
UNMAPPED_REMOTE_USER	air
USERDOMAIN	IIS APPPOOL
USERNAME	hg
USERPROFILE	C:\Users\hg
WINDIR	C:\Windows

/Anders

More information about the Mercurial-devel mailing list