Serving HG repositories on Windows 2012 R2 Server.
Anders Ishoey (INT)
Anders.Ishoey at teledyne-reson.com
Wed Sep 30 08:32:48 CDT 2015
Hi Matt,
In summary:
I'm migrating to from SVN (on XP) to HG (on Windows server 2012 R2) for many reasons including to get the domain authentication to take care of security.
However it fails writing and it fails limiting read access.
I think the main problem is that the cgi script doesnt have write access to the repository.
Is it relevant to expand the test.cgi to check user write access (too)?
What could cause no write access?
What could be wrong which makes the CGI script allow me read access when i'm not in the users list (and no * either)? (secondary for now) I'm baffled that my domain password ends up as open text in an environment variable when the script is running.
Generally I used the guide https://www.mercurial-scm.org/wiki/HgWebInIisOnWindows for the setup, but there were problems with many steps on IIS8.5:
-Using Python 2.7.10
-Not able to install the handler in web.config, whoever, the web site responded well after setting up IIS.
+ Test.cgi works
+downloaded and installed 3.5.1 for python 27 in "site packages"
+ configured rewrite rules
- basicAuthentication enabled with defaultlogondomain=mydomain. anonymousAuthentication disabled. Set up in IIS, not in web.config.
- basicAuthentication not unlocked. Assume it is not needed.
+ allow_push : various combinations ([*],[my domain account], [someone else's account] .
+ Mydomainaccount, the application pool identity IIS APPPOOL \HG and SYSTEM all have full rights in the repository folders and files..
I have setup
*run in "impersonate user=true/false." No difference in response
*I put the user name in The .hg\hgrc in the repository and hgweb.config (web.users =nn and web.allow_push= nn.)
I found no other user-files on the server containing "users".
Current situation is this:
This works:
a) The CGI script can now run without failing at import CGI (random function problem) Good.
b) I can browse the repositories from the client.
A typical directory looks like this in the browser:
[up] drwxr-xr-x
dir. version10/ drwxr-xr-x
file build_svn.bat 1056 -rw-r--r--
c) I can clone and pull.
d) Mercurial > hgweb.cgi > borland becomes https://slasvn02/borland, i.e. Rewrite Rules work.
This doesn't work:
1) When I set the web.users =notmyaccount I can clone and pull from my client. That leaves me with no read access control.
Output:
http authorization required
realm: reson
pulling from https://slasvn02/TestRepo
searching for changes
no changes found
[command completed successfully Wed Sep 30 08:05:45 2015]
2) When I set the web.users = * and web.allow_push = * I still get an error when I try to push.
Output:
realm: reson
searching for changes
'https://slasvn02/TestRepo' does not appear to be an hg repository:
---%<--- (text/html)
<body bgcolor="#f0f0f8"><font color="#f0f0f8" size="-5"> -->
<body bgcolor="#f0f0f8"><font color="#f0f0f8" size="-5"> --> -->
</font> </font> </font> </script> </object> </blockquote> </pre>
</table> </table> </table> </table> </table> </font> </font> </font><body bgcolor="#f0f0f8">
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="heading">
<tr bgcolor="#6622aa">
<td valign=bottom> <br>
<font color="#ffffff" face="helvetica, arial"> <br><big><big><strong><type 'exceptions.TypeError'></strong></big></big></font></td
><td align=right valign=bottom
><font color="#ffffff" face="helvetica, arial">Python 2.7.10: c:\Python27\python.exe<br>Wed Sep 30 07:56:23 2015</font></td></tr></table>
<p>A problem occurred in a Python script. Here is the sequence of
function calls leading up to the error, in the order they occurred.</p>
<table width="100%" cellspacing=0 cellpadding=0 border=0>
<tr><td bgcolor="#d8bbff"><big> </big><a href="file://C:\Users\Public\hgweb\hgweb.cgi">C:\User
---%<---
[command returned code 255 Wed Sep 30 07:56:22 2015]
The shortened list of environment variables (output from the CGI script) is
Python 2.7.10 (default, May 23 2015, 09:44:00) [MSC v.1500 64 bit (AMD64)]
ALLUSERSPROFILE C:\ProgramData
APPDATA C:\Users\hg\AppData\Roaming
APP_POOL_ID hg
AUTH_PASSWORD ******************
AUTH_TYPE Basic
AUTH_USER air
COMMONPROGRAMFILES C:\Program Files\Common Files
COMMONPROGRAMFILES(X86) C:\Program Files (x86)\Common Files
COMMONPROGRAMW6432 C:\Program Files\Common Files
COMPUTERNAME SLASVN02
COMSPEC C:\Windows\system32\cmd.exe
CONTENT_LENGTH 0
CONTENT_TYPE
FP_NO_HOST_CHECK NO
GATEWAY_INTERFACE CGI/1.1
HTTPS on
HTTPS_KEYSIZE XXXXXX
HTTPS_SECRETKEYSIZE XXXXXX
HTTPS_SERVER_ISSUER **************************
HTTPS_SERVER_SUBJECT CN=SLASVN02.****************
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING gzip, deflate
HTTP_ACCEPT_LANGUAGE en-US,en;q=0.5
HTTP_AUTHORIZATION Basic *****************************
HTTP_CONNECTION keep-alive
HTTP_CONTENT_LENGTH 0
HTTP_HOST slasvn02
HTTP_USER_AGENT Mozilla/5.0 (Windows NT 6.1; rv:40.0) Gecko/20100101 Firefox/40.0
HTTP_X_ORIGINAL_URL /?env=1
INSTANCE_ID 1
LOCALAPPDATA C:\Users\hg\AppData\Local
LOCAL_ADDR xx.xx.xx.xx
LOGON_USER air
NUMBER_OF_PROCESSORS 1
OS Windows_NT
PATH c:\python27; C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Subversion\bin\;C:\Program Files\Microsoft\Web Platform Installer\;
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PATH_INFO /hgweb.cgi/
PATH_TRANSLATED C:\Users\Public\hgweb\hgweb.cgi\
PROCESSOR_ARCHITECTURE AMD64
PROCESSOR_IDENTIFIER Intel64 Family 6 Model 62 Stepping 4, GenuineIntel
PROCESSOR_LEVEL 6
PROCESSOR_REVISION 3e04
PROGRAMDATA C:\ProgramData
PROGRAMFILES C:\Program Files
PROGRAMFILES(X86) C:\Program Files (x86)
PROGRAMW6432 C:\Program Files
PSMODULEPATH C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC C:\Users\Public
PYTHONPATH c:\Python27\Lib\site-packages\mercurial;
QUERY_STRING
REMOTE_ADDR xx.xx.xx.xx
REMOTE_HOST xx.xx.xx.xx
REMOTE_USER air
REQUEST_METHOD GET
SCRIPT_NAME /hgweb.cgi
SERVER_NAME slasvn02
SERVER_PORT 443
SERVER_PORT_SECURE 1
SERVER_PROTOCOL HTTP/1.1
SERVER_SOFTWARE Microsoft-IIS/8.5
SYSTEMDRIVE C:
SYSTEMROOT C:\Windows
TEMP C:\Users\hg\AppData\Local\Temp
TMP C:\Users\hg\AppData\Local\Temp
UNMAPPED_REMOTE_USER air
USERDOMAIN IIS APPPOOL
USERNAME hg
USERPROFILE C:\Users\hg
WINDIR C:\Windows
/Anders
More information about the Mercurial-devel
mailing list