How does user authentification work? [Problems with allow_push, allow_read ...]
Denise Patzker
Denise.Patzker at tu-dresden.de
Fri Dec 16 14:48:43 UTC 2011
Hi list ,
I serve mercurial projects with hgweb .
I want to restrict the settings for the diffrent projects on my server.
But when I do this with allow_push = user1, user2 . I get the following :
#:~/hg2$ hg -v --debug --traceback push
using https://foo/hg/hg2
sending between command
http authorization required
realm: Mercurial Access
user: test
password:
http auth: user test, password ******
pushing to https://foo/hg/hg2
sending capabilities command
http auth: user test, password ******
capabilities: stream changegroupsubset unbundlehash batch
httpheader=1024 lookup pushkey known unbundle=HG10GZ,HG10BZ,HG10UN
branchmap getbundle
sending heads command
http auth: user test, password ******
searching for changes
common changesets up to e2f441ab287d
sending branchmap command
http auth: user test, password ******
1 changesets found
list of changesets:
18dbe8d7ede46eccb2458bcd8b57cb876f7ae1a9
sending unbundle command
sending 328 bytes
http auth: user test, password ******
Traceback (most recent call last):
File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 46, in
_runcatch
return _dispatch(ui, args)
File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 454,
in _dispatch
return runcommand(lui, repo, cmd, fullargs, ui, options, d)
File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 324,
in runcommand
ret = _runcommand(ui, options, cmd, d)
File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 505,
in _runcommand
return checkargs()
File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 459,
in checkargs
return cmdfunc()
File "/usr/lib/pymodules/python2.6/mercurial/dispatch.py", line 453,
in <lambda>
d = lambda: util.checksignature(func)(ui, *args, **cmdoptions)
File "/usr/lib/pymodules/python2.6/mercurial/util.py", line 386, in check
return func(*args, **kwargs)
File "/usr/lib/pymodules/python2.6/mercurial/commands.py", line 2356,
in push
r = repo.push(other, opts.get('force'), revs=revs)
File "/usr/lib/pymodules/python2.6/mercurial/localrepo.py", line 1452,
in push
return self.push_unbundle(remote, force, revs)
File "/usr/lib/pymodules/python2.6/mercurial/localrepo.py", line 1590,
in push_unbundle
return remote.unbundle(cg, remote_heads, 'push')
File "/usr/lib/pymodules/python2.6/mercurial/httprepo.py", line 228,
in unbundle
heads=' '.join(map(hex, heads)))
File "/usr/lib/pymodules/python2.6/mercurial/httprepo.py", line 128,
in do_read
fp = self.do_cmd(cmd, **args)
File "/usr/lib/pymodules/python2.6/mercurial/httprepo.py", line 83, in
do_cmd
raise util.Abort(_('authorization failed'))
Abort: authorization failed
abort: authorization failed
In the server access_log I found this:
foo - - [16/Dec/2011:15:29:48 +0100] "GET
/hg/hg2?pairs=0000000000000000000000000000000000000000-0000000000000000000000000000000000000000&cmd=between
HTTP/1.1" 406 -
foo - test [16/Dec/2011:15:29:54 +0100] "GET
/hg/hg2?pairs=0000000000000000000000000000000000000000-0000000000000000000000000000000000000000&cmd=between
HTTP/1.1" 200 1
foo - - [16/Dec/2011:15:29:54 +0100] "GET /hg/hg2?cmd=capabilities
HTTP/1.1" 406 -
foo - test [16/Dec/2011:15:29:54 +0100] "GET /hg/hg2?cmd=capabilities
HTTP/1.1" 200 130
foo - - [16/Dec/2011:15:29:54 +0100] "GET /hg/hg2?cmd=heads HTTP/1.1" 406 -
foo - test [16/Dec/2011:15:29:54 +0100] "GET /hg/hg2?cmd=heads HTTP/1.1"
200 41
foo - - [16/Dec/2011:15:29:54 +0100] "GET /hg/hg2?cmd=branchmap
HTTP/1.1" 406 -
foo - test [16/Dec/2011:15:29:54 +0100] "GET /hg/hg2?cmd=branchmap
HTTP/1.1" 200 48
foo - - [16/Dec/2011:15:29:54 +0100] "POST
/hg/hg2?cmd=unbundle&heads=e2f441ab287de214bce69f75bcf1bae4844d75de
HTTP/1.1" 406 -
foo - test [16/Dec/2011:15:29:54 +0100] "POST
/hg/hg2?cmd=unbundle&heads=e2f441ab287de214bce69f75bcf1bae4844d75de
HTTP/1.1" 401 22
Same problems when I try allow_read. Every user is denied. But without
restrictions everything works fine.
I think the problem migth be, that mercurial didn't know the users. They
have no home on the server. The user managment is done with NSS.
So my question is how does it authenticate the users? I could't find an
answer in the archives, the wiki or with google.
I'm really thankful for every hint ! I'm trying to solve this since
countless days...
--
Denise Patzker
Auszubildende
Technische Universitaet Dresden
Zentrum für Informationsdienste und Hochleistungsrechnen (ZIH)
01062 Dresden
E-Mail: denise.patzker at tu-dresden.de
More information about the Mercurial
mailing list