How does user authentification work? [Problems with allow_push, allow_read ...]

Denise Patzker Denise.Patzker at tu-dresden.de
Fri Dec 16 08:48:43 CST 2011 

Hi list ,

I serve mercurial projects with hgweb .
I want to restrict the settings for the diffrent projects on my server. 
But when I do this with allow_push = user1, user2  .  I get the following :

#:~/hg2$ hg -v --debug --traceback  push
using https://foo/hg/hg2
sending between command
http authorization required
realm: Mercurial Access
user: test
password:
http auth: user test, password ******
pushing to https://foo/hg/hg2
sending capabilities command
http auth: user test, password ******
capabilities: stream changegroupsubset unbundlehash batch 
httpheader=1024 lookup pushkey known unbundle=HG10GZ,HG10BZ,HG10UN 
branchmap getbundle
sending heads command
http auth: user test, password ******
searching for changes
common changesets up to e2f441ab287d
sending branchmap command
http auth: user test, password ******
1 changesets found
list of changesets:
18dbe8d7ede46eccb2458bcd8b57cb876f7ae1a9
sending unbundle command
sending 328 bytes
http auth: user test, password ******
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 46, in 
_runcatch
    return _dispatch(ui, args)
  File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 454, 
in _dispatch
    return runcommand(lui, repo, cmd, fullargs, ui, options, d)
  File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 324, 
in runcommand
    ret = _runcommand(ui, options, cmd, d)
  File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 505, 
in _runcommand
    return checkargs()
  File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 459, 
in checkargs
    return cmdfunc()
  File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 453, 
in <lambda>
    d = lambda: util.checksignature(func)(ui, *args, **cmdoptions)
  File "/usr/lib/pymodules/python2.6/mercurial/util.py", line 386, in check
    return func(*args, **kwargs)
  File "/usr/lib/pymodules/python2.6/mercurial/commands.py", line 2356, 
in push
    r = repo.push(other, opts.get('force'), revs=revs)
  File "/usr/lib/pymodules/python2.6/mercurial/localrepo.py", line 1452, 
in push
    return self.push_unbundle(remote, force, revs)
  File "/usr/lib/pymodules/python2.6/mercurial/localrepo.py", line 1590, 
in push_unbundle
    return remote.unbundle(cg, remote_heads, 'push')
  File "/usr/lib/pymodules/python2.6/mercurial/httprepo.py", line 228, 
in unbundle
    heads=' '.join(map(hex, heads)))
  File "/usr/lib/pymodules/python2.6/mercurial/httprepo.py", line 128, 
in do_read
    fp = self.do_cmd(cmd, **args)
  File "/usr/lib/pymodules/python2.6/mercurial/httprepo.py", line 83, in 
do_cmd
    raise util.Abort(_('authorization failed'))
Abort: authorization failed
abort: authorization failed


In the server access_log I found this:
foo - - [16/Dec/2011:15:29:48 +0100] "GET 
/hg/hg2?pairs=0000000000000000000000000000000000000000-0000000000000000000000000000000000000000&cmd=between 
HTTP/1.1" 406 -
foo - test [16/Dec/2011:15:29:54 +0100] "GET 
/hg/hg2?pairs=0000000000000000000000000000000000000000-0000000000000000000000000000000000000000&cmd=between 
HTTP/1.1" 200 1
foo - - [16/Dec/2011:15:29:54 +0100] "GET /hg/hg2?cmd=capabilities 
HTTP/1.1" 406 -
foo - test [16/Dec/2011:15:29:54 +0100] "GET /hg/hg2?cmd=capabilities 
HTTP/1.1" 200 130
foo - - [16/Dec/2011:15:29:54 +0100] "GET /hg/hg2?cmd=heads HTTP/1.1" 406 -
foo - test [16/Dec/2011:15:29:54 +0100] "GET /hg/hg2?cmd=heads HTTP/1.1" 
200 41
foo - - [16/Dec/2011:15:29:54 +0100] "GET /hg/hg2?cmd=branchmap 
HTTP/1.1" 406 -
foo - test [16/Dec/2011:15:29:54 +0100] "GET /hg/hg2?cmd=branchmap 
HTTP/1.1" 200 48
foo - - [16/Dec/2011:15:29:54 +0100] "POST 
/hg/hg2?cmd=unbundle&heads=e2f441ab287de214bce69f75bcf1bae4844d75de 
HTTP/1.1" 406 -
foo - test [16/Dec/2011:15:29:54 +0100] "POST 
/hg/hg2?cmd=unbundle&heads=e2f441ab287de214bce69f75bcf1bae4844d75de 
HTTP/1.1" 401 22

Same problems when I try allow_read. Every user is denied. But without 
restrictions everything works fine.

I think the problem migth be, that mercurial didn't know the users. They 
have no home on the server. The user managment is done with NSS.
So my question is how does it authenticate the users?  I could't find an 
answer in the archives, the wiki or with google.

I'm really thankful for every hint ! I'm trying to solve this since 
countless days...

-- 
Denise Patzker
Auszubildende

Technische Universitaet Dresden
Zentrum für Informationsdienste und Hochleistungsrechnen (ZIH)
01062 Dresden
E-Mail: denise.patzker at tu-dresden.de

More information about the Mercurial mailing list