Posts tagged ‘subversion’

How to configure Subversion to use Cyrus-SASL2 to authenticate to a MySQL database?

Ok, so I want to have Subversion authentication work from a MySQL database. I am going to try to use Cyrus SASL for this.

I already have instructions for installing the necessary parts:

  1. Install FreeBSD.
    How do I install FreeBSD?

  2. Update FreeBSD and download the ports tree.
    What are the first commands I run after installing FreeBSD

  3. Then install Subversion, however, one difference you need to make to the install instructions for subversion. You need to install with SASL2 support. When you run make install it is an option.
  4. How to install subversion 1.6.6 on FreeBSD 7.2

Ok, now that you have everything is installed, you are were I am and ready to try to get this configured.

Configuring Subversion to use SASL to Authenticate to a MySQL database

  1. Create a simple MySQL database. The following is a simple database creation script that creates a database with one table and two rows.

    CREATE DATABASE UserDB;
    USE UserDB;
    CREATE TABLE `users` ('username' varchar(255), 'password' varchar(255) )
    INSERT INTO users VALUES ('user1','pw1');
    INSERT INTO users VALUES ('user2@MyReal.com','pw2');
    INSERT INTO users VALUES ('user3@myemailaddress.com','pw3');
    

    Note: I use these accounts to show what works and what does not work because the idea of “realms” is confusing.

    You may be asking why I don’t have three rows, one for each item: User, Password, Realm.

    Well, if you really are creating a new database to handle SVN Users then that is how you should do it and here is it is.

    CREATE DATABASE UserDB;
    USE UserDB;
    CREATE TABLE `users` ('username' varchar(255), 'password' varchar(255) , 'realm' varchar(255))
    INSERT INTO users VALUES ('user1','pw1','realm');
    INSERT INTO users VALUES ('user2@MyReal.com','pw2','realm');
    INSERT INTO users VALUES ('user3@myemailaddress.com','pw3','realm');
    

    However, because I am assuming that you want to authenticate to users that are in an already existing database, realm won’t really exist. However, you may have usernames that are in email format, or not in email format an that makes a difference because Subversion splits the username at an @ symbol and the username is only what is before the @ symbol. See the troubleshooting realms section below.

  2. Edit the following file:
    /home/svn/repos/MyApp/conf/svnserve.conf

    # ee /home/svn/repos/MyApp/conf/svnserve.conf

    The following are the lines that should NOT be commented out.

    [general]
    anon-access = none
    auth-access = write
    realm = MyDomain.com

    [sasl]
    use-sasl = true

  3. Create and edit the following file:
    /usr/local/lib/sas2/svn.conf

    # ee /usr/local/lib/sas2/svn.conf

    The following are the lines that should NOT be commented out.

    [general]
    pwcheck_method: auxprop
    mech_list: plain
    auxprop_plugin: sql
    sql_hostnames: localhost
    sql_engine: mysql
    sql_user: root
    sql_passwd: pw
    sql_database: UserDB
    sql_select: SELECT password FROM users WHERE username='%u'

    Note: For debugging add log_level: 7 to this file and then watch the /var/log/debug file.

You should now be able to connect with a client such as TortoiseSVN and connect

Troubleshooting Realms

I found some issues with realms that were really confusing.

Change your /usr/local/lib/sas2/svn.conf file to look like this:

[general]
log_level: 7
pwcheck_method: auxprop
mech_list: plain
auxprop_plugin: sql
sql_hostnames: localhost
sql_engine: mysql
sql_user: root
sql_passwd: pw
sql_database: UserDB
sql_select: SELECT password FROM users WHERE username='%u' or username='%u@%r'

I added two changes:

  1. Turned on logging.

  2. Changes the sql statement to look for username='username' or username='username@realm'

I had to do this because if the user was using an email address, such as john@domain.tld, then it actually makes %u only equal John and seems to drop the @domain.tld and replace it with the name of the realm. However, if your username is John@domain.tld and your realm is domain.tld (so realm and domain are the same), then the code above works. If you domain and realm are not the same, I haven't been able to get this to work.

Go ahead and run this command:

# tail -f -n 30 /var/log/debug

And then try to authenticate using a client, such as TortoiseSVN. Test all three users. You will see the SQL Queries that are run. It should work to authenticate as user1 or User2, but it cannot authenticate user3 because it just doesn't work due to the way it handles realms. If you have users that don't have email address in your realm, then you need them to have username that are not email addresses.

Final Question
If the password is stored as an md5, sha1, sha256 hash in the database, how do I make this work?


Copyright ® Rhyous.com - Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.

How to install subversion 1.6.6 on FreeBSD 7.2

How to install Subversion 1.6.6 on FreeBSD 7.2.
The basic overivew.

  1. Install FreeBSD.
    How do I install FreeBSD?

  2. Update FreeBSD and download the ports tree.
    What are the first commands I run after installing FreeBSD

  3. Then install Subversion.

I have previous documents about installing each of the steps above installing Subversion. This document will only cover Subversion.

Installing Subversion on FreeBSD from ports

  1. Go to /usr/ports/devel/subversion and run make install.

    ServerName#
    ServerName#
    cd /usr/ports/devel/subversion
    make install

    NOTE: If you get a failure due to apr already being installed but not being built correctly, then uninstall apr and reinstall it with the default settings. Then go back and try to install subversion again.

    ServerName#
    ServerName#
    ServerName#
    cd /usr/ports/devel/apr
    make deinstall
    make BATCH=yes install

  2. Configure Subversion to start at bootup.

    #
    #
    echo # Subversion >> /etc/rc.conf
    echo 'svnserve_enable="YES"' >> /etc/rc.conf

  3. Create an svn user using the adduser command line wizard. This command will walk you through creating an svn user. Make sure to use the nologin shell and a random password so the user cannot login.

    # # adduser
    Username: svn
    Full name: svn
    Uid (Leave empty for default):
    Login group [svn]:
    Login group is svn. Invite svn into other groups? []:
    Login class [default]:
    Shell (sh csh tcsh nologin) [sh]: nologin
    Home directory [/home/svn]:
    Home directory permissions (Leave empty for default):
    Use password-based authentication? [yes]:
    Use an empty password? (yes/no) [no]:
    Use a random password? (yes/no) [no]: yes
    Lock out the account after creation? [no]:
    Username : svn
    Password :
    Full Name : svn
    Uid : 1002
    Class :
    Groups : svn
    Home : /home/svn
    Home Mode :
    Shell : /usr/sbin/nologin
    Locked : no
    OK? (yes/no): yes
    adduser: INFO: Successfully added (svn) to the user database.
    adduser: INFO: Password for (svn) is: /2CZct48a
    Add another user? (yes/no): no
    Goodbye!

  4. Make a repos directory in the svn user's home directory.

    # mkdir /home/svn/repos

  5. Create a repository.

    #
    #
    #
    #
    cd /home/svn
    mkdir repos
    cd repos
    svnadmin create MyApp

    This will create a MyApp folder and populate it with the files needed to start a repository.

    This is default subversion repository folder structure:

    /home/svn/repos/MyApp/README.txt
    /home/svn/repos/MyApp/format
    /home/svn/repos/MyApp/conf
    /home/svn/repos/MyApp/confauthz
    /home/svn/repos/MyApp/conf/passwd
    /home/svn/repos/MyApp/confsvnserve.conf
    /home/svn/repos/MyApp/db
    /home/svn/repos/MyApp/db/current
    /home/svn/repos/MyApp/db/format
    /home/svn/repos/MyApp/db/fs-type
    /home/svn/repos/MyApp/db/fsfs.conf
    /home/svn/repos/MyApp/db/min-unpacked-rev
    /home/svn/repos/MyApp/db/rep-cache.db
    /home/svn/repos/MyApp/db/revprops
    /home/svn/repos/MyApp/db/revs
    /home/svn/repos/MyApp/db/transactions
    /home/svn/repos/MyApp/db/txn-current
    /home/svn/repos/MyApp/db/txn-current-lock
    /home/svn/repos/MyApp/db/txn-protorevs
    /home/svn/repos/MyApp/db/uuid
    /home/svn/repos/MyApp/db/write-lock
    /home/svn/repos/MyApp/db/revprops/
    /home/svn/repos/MyApp/db/revprops/0
    /home/svn/repos/MyApp/db/revprops/0/0
    /home/svn/repos/MyApp/db/revs/
    /home/svn/repos/MyApp/db/revs/0
    /home/svn/repos/MyApp/db/revs/0/0
    /home/svn/repos/MyApp/db/transactions/
    /home/svn/repos/MyApp/db/txn-protorevs/
    /home/svn/repos/MyApp/hooks/
    /home/svn/repos/MyApp/hooks/post-commit.tmpl
    /home/svn/repos/MyApp/hooks/post-lock.tmpl
    /home/svn/repos/MyApp/hooks/post-revprop-change.tmpl
    /home/svn/repos/MyApp/hooks/post-unlock.tmpl
    /home/svn/repos/MyApp/hooks/pre-commit.tmpl
    /home/svn/repos/MyApp/hooks/pre-lock.tmpl
    /home/svn/repos/MyApp/hooks/pre-revprop-change.tmpl
    /home/svn/repos/MyApp/hooks/pre-unlock.tmpl
    /home/svn/repos/MyApp/hooks/start-commit.tmpl
    /home/svn/repos/MyApp/locks/
    /home/svn/repos/MyApp/locks/db-logs.lock
    /home/svn/repos/MyApp/locks/db.lock
  6. To configure a Repository and add users, edit the following file:
    /home/svn/repos/MyApp/conf/svnserve.conf

    # ee /home/svn/repos/MyApp/conf/svnserve.conf

    Uncomment lines below or just create a new svnserve.conf file with these lines:

    [general]
    anon-access = read
    auth-access = write
    password-db = /home/svn/userdb

    Now edit the following file:
    /home/svn/repos/MyApp/passwd

    # ee /home/svn/repos/MyApp/passwd

    Add users. For example, to add a user allen1 with a password of P@sswd! and another user jared with a password of My$ecre+1, the file would look like this:

    [users]
    allen1 = P@sswd!
    jared = My$ecre+1
  7. Now start the svn server.

    # /usr/local/etc/rc.d/svnserve start

  8. Now you should be able to connect to your repository with an svn client. TortoiseSVN is a popular windows tool that you can use to connect to your repository.

    Use the following to connect:

    svn://allen1:P@sswd!@ServerName/MyApp

Now i have to figure out a bunch more steps...
How to populate an SVN repository?
How to configure Subversion to use Cyrus-SASL2 to authenticate to a MySQL database?
How to configure Subversion to use Cyrus-SASL2 to authenticate to a MySQL database where the password is stored in a hash? So you can have SVN share Bugzilla users?
How to get Tortoise SVN to connect to an SVN repository?
How to install WebSVN as a web interface to the SVN repository?


Copyright ® Rhyous.com - Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.