Loading...

Details

Type: Bug
Resolution: Answered
Priority: Medium
Fix Version/s: N/A
Affects Version/s: 3.5.3, 4.4.1
Component/s: Indexing
Labels:

Symptom Severity:
Severity 3 - Minor
UIS:
19
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Summary

If FishEye/Crucible is configure with Native Subversion Client and the Subversion server is using NTLM authentication, FishEye/Crucible does not cache the credential of the user in the repository setting.

Actual Results

FishEye/Crucible keeps on getting the password from the repository setting till it hit the maximum count ("SVN is requesting password too often"). When it hits the maximum count getting the password, FishEye/Crucible will not get the password from the repository setting anymore causing the request to have authentication error:

2014-08-29 06:56:03,097 DEBUG [SvnExecution1 subversion ] fisheye SvnTask$1-run - Executing svn cat -r 1 http://subversion/trunk/test.xml@1
2014-08-29 06:56:03,128 DEBUG [SvnExecution1 subversion ] fisheye SvnPasswordSupplier-prompt - prompting for realm: <http://subversion:80> Subversionserver with username: klfoong, maySave = true
2014-08-29 06:56:03,128 DEBUG [SvnExecution1 subversion ] fisheye SvnPasswordSupplier-getPassword - Getting password
2014-08-29 06:56:03,431 DEBUG [SvnExecution1 subversion ] fisheye SvnTask$1-run - Executing svn proplist -r 1 http://subversion/trunk/test2.xml@1
2014-08-29 06:56:03,447 DEBUG [SvnExecution1 subversion ] fisheye SvnPasswordSupplier-prompt - prompting for realm: <http://subversion:80> Subversionserver with username: klfoong, maySave = true
2014-08-29 06:56:03,462 WARN  [SvnExecution1 subversion ] fisheye SvnPasswordSupplier-prompt - SVN is requesting password too often for realm '<http://subversion:80> Subversionserver' and user 'klfoong'
2014-08-29 06:56:03,462 DEBUG [InitPing2 subversion ] fisheye Timer-output - <- Processing diff paths for 1  time 2928 millis mem_usage = 196793096 heapsize = 439681024 freemem = 242887928
2014-08-29 06:56:03,462 DEBUG [InitPing2 subversion ] fisheye BaseRevisionCache-withDbWriteLock - Rolling back for priority 40
2014-08-29 06:56:03,462 ERROR [InitPing2 subversion ] fisheye BaseRepositoryScanner-handleSlurpException - Problem processing revisions from repo fa due to class com.cenqua.fisheye.rep.RepositoryClientException - org.apache.subversion.javahl.ClientException: Authorization failed
svn: Unable to connect to a repository at URL 'http://subversion/trunk/test2.xml'
svn: OPTIONS of 'http://subversion/trunk/test2.xml': authorization failed: Could not authenticate to server: ignored NTLM challenge, rejected Basic challenge (http://subversion)
com.cenqua.fisheye.rep.RepositoryClientException: org.apache.subversion.javahl.ClientException: Authorization failed
svn: Unable to connect to a repository at URL 'http://subversion/trunk/test2.xml'
svn: OPTIONS of 'http://subversion/trunk/test2.xml': authorization failed: Could not authenticate to server: ignored NTLM challenge, rejected Basic challenge (http://subversion)
	at com.cenqua.fisheye.svn.SvnThrottledClient.executeNoThrottle(SvnThrottledClient.java:186)
	at com.cenqua.fisheye.svn.SvnThrottledClient.execute(SvnThrottledClient.java:155)
Caused by: org.apache.subversion.javahl.ClientException: Authorization failed
svn: Unable to connect to a repository at URL 'http://subversion/trunk/test2.xml'
svn: OPTIONS of 'http://subversion/trunk/test2.xml': authorization failed: Could not authenticate to server: ignored NTLM challenge, rejected Basic challenge (http://subversion)
	at org.apache.subversion.javahl.SVNClient.properties(Native Method)

From the above example error, FishEye/Crucible is started by the user "klfoong" and using the credential for the user "klfoong" in the repository setting to have NTLM authentication with Subversion server.

However, due to the credential is not cached, FishEye/Crucible keep on getting password from the repository setting till it hit the limit and stop getting password from the repository setting which will have authentication error during the request.

Expected Results

FishEye/Crucible should save the user "klfoong" credential in the cache if Native Subversion Client is used.

Solution

Atlassian Update – 19 Dec 2022

See this KB article: https://confluence.atlassian.com/fishkb/fisheye-and-ntlm-1189783826.html

Workaround (deprecated)

As a workaround, we will need to login to the machine hosting FishEye/Crucible as user "klfoong" and perform a simple command like "svn info http://subversion" so that the credential will be cached in "C:/Users/klfoong/AppData/Roaming/Subversion".

However, if there are hundred repositories in FishEye/Crucible with different Subversion domain, we need to run the same "svn info" command for all those repositories with different Subversion domain. (This is how Native Subversion Client save the credential. It save it based on host name.) In this case, the following Python script can help:

#!/usr/bin/python

import os
import sys
import getopt
import subprocess
import xml.etree.ElementTree

def main(argv):
    opts, args = getopt.getopt(argv,"hc:")
    for opt, arg in opts:
        if opt == "-c":
            config = arg

    print 'Using "' + config + '"'
    print 'Processing repositories:'

    root = xml.etree.ElementTree.parse(config).getroot()
    for repository in root.iter('repository'):
        svn = repository.find('svn')
        if svn is not None:
            auth = svn.find('auth')
            url = svn.get('url')
            if auth is not None:
                username = auth.get('username')
                password = auth.get('password')
                devnull = open(os.devnull, 'w')
                info = subprocess.call('svn info ' + url + '@HEAD --non-interactive --username ' + username + ' --password ' + password, shell=True, stdout=devnull, stderr=devnull)
                if info == 0:
                    print '[DONE]', url
                else:
                    print '[FAIL]', url
            else:
                print '[SKIP]', url, '(no auth)'


if __name__ == "__main__":
    main(sys.argv[1:])

This Python script will parse config.xml and execute svn info command against each SVN repository that has credentials defined. This should generate the files in svn.simple directory automatically, so it won't be needed to run that command manually anymore, for each repository.
To run this Python script:

python PATH_TO_PYTHON_SCRIPT -c PATH_TO_CONFIG_XML

To make it worse, if the user "klfoong" password in Active Directory needs to be changed periodically, we will need to run the "svn info" command for all those repositories again.

Please refer to this documentation for more details

Attachments

Issue Links

relates to

FE-4879 Problems authenticating against NTLM challenge with VisualSVN server

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(9 mentioned in)

Native Subversion Client setting will not save the authentication in cache causing authentication error