Re: pre-lock.bat Failed in Repo browser
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-03-15 00:19, Daniel Becroft wrote: In addition to this, locks are for a working-copy, not necessarily for a user. It's possible for the same user to steal the lock that they already hold in another working copy, and your script will let them. Yes, that's an additional twist there alright. Citing from The Book: Regarding Lock Tokens A lock token isn't an authentication token, so much as an authorization token. The token isn't a protected secret. In fact, a lock's unique token is discoverable by anyone who runs svn info URL. A lock token is special only when it lives inside a working copy. It's proof that the lock was created in that particular working copy, and not somewhere else by some other client. Merely authenticating as the lock owner isn't enough to prevent accidents. For example, suppose you lock a file using a computer at your office, but leave work for the day before you finish your changes to that file. It should not be possible to accidentally commit changes to that same file from your home computer later that evening simply because you've authenticated as the lock's owner. In other words, the lock token prevents one piece of Subversion-related software from undermining the work of another. (In our example, if you really need to change the file from an alternative working copy, you would need to break the lock and relock the file.) http://svnbook.red-bean.com/nightly/en/svn.advanced.locking.html - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1/F+EACgkQcEKlWnqVgz17YgCdEe7K2CrLvnorKtBoyJo3xedr pWgAnROM4E9SSBEi1xQcHMTzEuPa9s6c =W9Nh -END PGP SIGNATURE-
RE: pre-lock.bat Failed in Repo browser
This script works fine in all scenarios except Anyone can Steal Lock when Unlock. Unable to Break lock through check for modifications Option Unable to break lock through Repo browser BUT Only any user can Steal Lock when he tried to Get Lock and Check the below mentioned Option of Steal Lock. Please advice. Muchas gracias! -Original Message- From: Michael Diers [mailto:mdi...@elego.de] Sent: Wednesday, March 09, 2011 4:47 PM To: Waseem Bokhari Cc: users@subversion.apache.org Subject: Re: pre-lock.bat Failed in Repo browser -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-03-08 09:46, Waseem Bokhari wrote: We are working in Windows Environment. Visual SVN on Server Side as administration Tool and Tortoise SVN of Client. We are using HTTPS as well. Repository URL looks as :- https://ServerMachine.Domain.com:8443/svn/MyRepository Thanks in advance Muchas gracias! Waseem Bokhari -Original Message- From: Michael Diers [mailto:mdi...@elego.de] Sent: Tuesday, March 08, 2011 2:39 PM To: Waseem Bokhari Cc: users@subversion.apache.org Subject: Re: pre-lock.bat Failed in Repo browser On 2011-03-08 06:51, Waseem Bokhari wrote: Hi Experts! Below is the pre-lock.bat Script Only User who lock the file can unlock the file. Other users are forbidden to Unlock file. [...] *Issue/Problem!!* This scenario failed in Repo Browser. Any one can Unlock File/Folder through Repo Browser. [...] Waseem, indeed, anyone can _unlock_ the file because the pre-lock hook script is never triggered for an unlock operation. (The unlock operation is called Break lock in TortoiseSVN's Repository Browser.) You'd need to provide a pre-unlock hook script to handle this. - --- snip snip --- @echo off set trc=C:\tmp\waseem\trace.txt echo === BEGIN pre-unlock %trc% :: Set all parameters set repository=%1 set repopath=%2 set user=%3 :: Set path to svnlook set svnlook=%VISUALSVN_SERVER%bin\svnlook.exe echo repository = %repository% %trc% echo repopath = %repopath% %trc% echo user = %user% %trc% echo svnlook = %svnlook% %trc% echo --- %trc% :: Check that the lock exists and has an owner. echo 1 %trc% %svnlook% lock %repository% %repopath% %trc% 21 echo 2 %trc% %svnlook% lock %repository% %repopath% | findstr /C:Owner: %user% nul 21 :: If the person locking matches the lock's owner, allow unlocking. set rc=%ERRORLEVEL% echo 3 %trc% if %rc% EQU 0 ^ echo Info: %repopath% OK to unlock by %user%. %trc% echo 4 %trc% if %rc% EQU 0 exit 0 :: Otherwise, print notice to stderr and return failure. echo 5 %trc% echo Error: %repopath% is locked by another user. %trc% echo 6 %trc% echo Error: %repopath% is locked by another user. 12 exit 1 - --- snip snip --- - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk13aL8ACgkQcEKlWnqVgz075gCgoDJbvDrNmFzcJgZDmUWn5x8O AFAAoLIJ0o/9+iITNVjJXP+pLmSTmcFk =K0Ae -END PGP SIGNATURE- DISCLAIMER: This e-mail and any file transmitted with it are confidential and intended solely for the use of the addressee. If you are not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email or its attachments is strictly prohibited. If you have received this email in error, please immediately notify us by return email and destroy this email message and its attachments. This communication may contain forward-looking statements relating to the development of NetSol Technologies' products and services and future operations. The words believe, expect, anticipate, intend, variations of such words, and similar expressions, identify forward looking statements, but their absence does not mean that the statement is not forward-looking. Views and opinions contained herein are those of the author of this email and do not necessarily represent those of NetSol Technologies. Statements contained herein are not guarantees of future performance and are subject to certain risks, uncertainties and assumptions that are difficult to predict. The company will not undertake to update any statements contained herein. WARNING: The recipient should check this email and any attachment for the presence of viruses. Although the company has taken reasonable precautions to ensure no viruses are present in this email, the company does not accept responsibility for any loss or damage arising from the use of this email or attachment. Note: Please consider the environment before printing this e-mail.
Re: pre-lock.bat Failed in Repo browser
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-03-09 02:23, Daniel Shahaf wrote: Michael Diers wrote on Tue, Mar 08, 2011 at 09:39:11 +: [...] Wild guess: are you perhaps using the file:// access method when browsing the repository? Hook scripts are run by the Subversion server process. Using the file:// access method effectively disables them. [...] Are you sure? Last I checked, normal clients didn't do authn/authz over file://, but did run hooks normally. Daniel, I stand corrected. When using the file:// access method the hook scripts are run, albeit in the client's context. This may or may not cause different behaviour to the normal way of running them in the server's context. - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEUEARECAAYFAk13X6wACgkQcEKlWnqVgz2GcwCfX9M3uXKgzwtwnlnDvcgGEis2 c2cAl3ZMSp57dizS7mBDa0fLMDjmBtk= =TSuv -END PGP SIGNATURE-
Re: pre-lock.bat Failed in Repo browser
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-03-09 14:54, Waseem Bokhari wrote: What is :--- set trc=C:\tmp\waseem\trace.txt That's for debug tracing. You can set trc=nul or even leave out all the lines to do with %trc% in the batch code I posted. - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk13xZgACgkQcEKlWnqVgz03SQCgoyjMipQpi3y9ca3+Q/75rprz RkYAoLmt0zYw/qMZIR7iD1sODlYqA2kB =M31V -END PGP SIGNATURE-
Re: pre-lock.bat Failed in Repo browser
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-03-08 06:51, Waseem Bokhari wrote: Hi Experts! Below is the pre-lock.bat Script Only User who lock the file can unlock the file. Other users are forbidden to Unlock file. [...] *Issue/Problem!!* This scenario failed in Repo Browser. Any one can Unlock File/Folder through Repo Browser. Please advice me accordingly. Waseem, that's too little information to give advice. Tell us about your repository and client setup. Wild guess: are you perhaps using the file:// access method when browsing the repository? Hook scripts are run by the Subversion server process. Using the file:// access method effectively disables them. http://tortoisesvn.net/docs/release/TortoiseSVN_en/tsvn-repository.html#tsvn-repository-create http://tortoisesvn.net/docs/release/TortoiseSVN_en/tsvn-repository-hooks.html - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk11+T8ACgkQcEKlWnqVgz3cWgCgrGAuUSuFjKjf0U/+fM2/kZoR gucAnRgp1IFwcqHsvgtkyCH+789pG18z =GSif -END PGP SIGNATURE-
RE: pre-lock.bat Failed in Repo browser
We are working in Windows Environment. Visual SVN on Server Side as administration Tool and Tortoise SVN of Client. We are using HTTPS as well. Repository URL looks as :- https://ServerMachine.Domain.com:8443/svn/MyRepository Thanks in advance Muchas gracias! Waseem Bokhari -Original Message- From: Michael Diers [mailto:mdi...@elego.de] Sent: Tuesday, March 08, 2011 2:39 PM To: Waseem Bokhari Cc: users@subversion.apache.org Subject: Re: pre-lock.bat Failed in Repo browser -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-03-08 06:51, Waseem Bokhari wrote: Hi Experts! Below is the pre-lock.bat Script Only User who lock the file can unlock the file. Other users are forbidden to Unlock file. [...] *Issue/Problem!!* This scenario failed in Repo Browser. Any one can Unlock File/Folder through Repo Browser. Please advice me accordingly. Waseem, that's too little information to give advice. Tell us about your repository and client setup. Wild guess: are you perhaps using the file:// access method when browsing the repository? Hook scripts are run by the Subversion server process. Using the file:// access method effectively disables them. http://tortoisesvn.net/docs/release/TortoiseSVN_en/tsvn-repository.html#tsvn-repository-create http://tortoisesvn.net/docs/release/TortoiseSVN_en/tsvn-repository-hooks.html - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk11+T8ACgkQcEKlWnqVgz3cWgCgrGAuUSuFjKjf0U/+fM2/kZoR gucAnRgp1IFwcqHsvgtkyCH+789pG18z =GSif -END PGP SIGNATURE- DISCLAIMER: This e-mail and any file transmitted with it are confidential and intended solely for the use of the addressee. If you are not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email or its attachments is strictly prohibited. If you have received this email in error, please immediately notify us by return email and destroy this email message and its attachments. This communication may contain forward-looking statements relating to the development of NetSol Technologies' products and services and future operations. The words believe, expect, anticipate, intend, variations of such words, and similar expressions, identify forward looking statements, but their absence does not mean that the statement is not forward-looking. Views and opinions contained herein are those of the author of this email and do not necessarily represent those of NetSol Technologies. Statements contained herein are not guarantees of future performance and are subject to certain risks, uncertainties and assumptions that are difficult to predict. The company will not undertake to update any statements contained herein. WARNING: The recipient should check this email and any attachment for the presence of viruses. Although the company has taken reasonable precautions to ensure no viruses are present in this email, the company does not accept responsibility for any loss or damage arising from the use of this email or attachment. Note: Please consider the environment before printing this e-mail.
RE: pre-lock.bat Failed in Repo browser
I don't think %VISUALSVN_SERVER% is set in your lock script. Subversion explicitly clears most environment variables before calling hook scripts. Most likely your script can't find svnlook.exe Bert From: Waseem Bokhari [mailto:waseem.bokh...@netsoltech.com] Sent: dinsdag 8 maart 2011 7:52 To: users@subversion.apache.org Subject: pre-lock.bat Failed in Repo browser Hi Experts! Below is the pre-lock.bat Script Only User who lock the file can unlock the file. Other users are forbidden to Unlock file. @echo off :: Set all parameters set repository=%1 set repopath=%2 set user=%3 :: Set path to svnlook set svnlook=%VISUALSVN_SERVER%bin\svnlook.exe :: First check that the lock exists already. :: In that case svnlook prints the lock description. %svnlook% lock %repository% %repopath% | findstr /B /L UUID Token: NUL 21 :: If the lock does not exist, allow locking if ERRORLEVEL 1 exit 0 :: Now check the lock's owner %svnlook% lock %repository% %repopath% | findstr /C:Owner: %user% NUL 21 :: If the person locking matches the lock's owner, allow locking if %ERRORLEVEL% EQU 0 exit 0 :: Otherwise, return failure echo Error: %repopath% is locked already. 2 exit 1 Issue/Problem!! This scenario failed in Repo Browser. Any one can Unlock File/Folder through Repo Browser. Please advice me accordingly. Thanks DISCLAIMER: This e-mail and any file transmitted with it are confidential and intended solely for the use of the addressee. If you are not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email or its attachments is strictly prohibited. If you have received this email in error, please immediately notify us by return email and destroy this email message and its attachments. This communication may contain forward-looking statements relating to the development of NetSol Technologies' products and services and future operations. The words believe, expect, anticipate, intend, variations of such words, and similar expressions, identify forward looking statements, but their absence does not mean that the statement is not forward-looking. Views and opinions contained herein are those of the author of this email and do not necessarily represent those of NetSol Technologies. Statements contained herein are not guarantees of future performance and are subject to certain risks, uncertainties and assumptions that are difficult to predict. The company will not undertake to update any statements contained herein. WARNING: The recipient should check this email and any attachment for the presence of viruses. Although the company has taken reasonable precautions to ensure no viruses are present in this email, the company does not accept responsibility for any loss or damage arising from the use of this email or attachment. Note: Please consider the environment before printing this e-mail.
RE: pre-lock.bat Failed in Repo browser
I don't think %VISUALSVN_SERVER% is set in your lock script. What is meant by this? How can I found svnlook.exe ?? Can you please re-edit this script for me. Thanks in advance From: Bert Huijben [mailto:b...@qqmail.nl] Sent: Tuesday, March 08, 2011 7:04 PM To: 'Waseem Bokhari'; users@subversion.apache.org Subject: RE: pre-lock.bat Failed in Repo browser I don't think %VISUALSVN_SERVER% is set in your lock script. Subversion explicitly clears most environment variables before calling hook scripts. Most likely your script can't find svnlook.exe Bert From: Waseem Bokhari [mailto:waseem.bokh...@netsoltech.com] Sent: dinsdag 8 maart 2011 7:52 To: users@subversion.apache.org Subject: pre-lock.bat Failed in Repo browser Hi Experts! Below is the pre-lock.bat Script Only User who lock the file can unlock the file. Other users are forbidden to Unlock file. @echo off :: Set all parameters set repository=%1 set repopath=%2 set user=%3 :: Set path to svnlook set svnlook=%VISUALSVN_SERVER%bin\svnlook.exe :: First check that the lock exists already. :: In that case svnlook prints the lock description. %svnlook% lock %repository% %repopath% | findstr /B /L UUID Token: NUL 21 :: If the lock does not exist, allow locking if ERRORLEVEL 1 exit 0 :: Now check the lock's owner %svnlook% lock %repository% %repopath% | findstr /C:Owner: %user% NUL 21 :: If the person locking matches the lock's owner, allow locking if %ERRORLEVEL% EQU 0 exit 0 :: Otherwise, return failure echo Error: %repopath% is locked already. 2 exit 1 Issue/Problem!! This scenario failed in Repo Browser. Any one can Unlock File/Folder through Repo Browser. Please advice me accordingly. Thanks DISCLAIMER: This e-mail and any file transmitted with it are confidential and intended solely for the use of the addressee. If you are not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email or its attachments is strictly prohibited. If you have received this email in error, please immediately notify us by return email and destroy this email message and its attachments. This communication may contain forward-looking statements relating to the development of NetSol Technologies' products and services and future operations. The words believe, expect, anticipate, intend, variations of such words, and similar expressions, identify forward looking statements, but their absence does not mean that the statement is not forward-looking. Views and opinions contained herein are those of the author of this email and do not necessarily represent those of NetSol Technologies. Statements contained herein are not guarantees of future performance and are subject to certain risks, uncertainties and assumptions that are difficult to predict. The company will not undertake to update any statements contained herein. WARNING: The recipient should check this email and any attachment for the presence of viruses. Although the company has taken reasonable precautions to ensure no viruses are present in this email, the company does not accept responsibility for any loss or damage arising from the use of this email or attachment. Note: Please consider the environment before printing this e-mail. DISCLAIMER: This e-mail and any file transmitted with it are confidential and intended solely for the use of the addressee. If you are not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email or its attachments is strictly prohibited. If you have received this email in error, please immediately notify us by return email and destroy this email message and its attachments. This communication may contain forward-looking statements relating to the development of NetSol Technologies' products and services and future operations. The words believe, expect, anticipate, intend, variations of such words, and similar expressions, identify forward looking statements, but their absence does not mean that the statement is not forward-looking. Views and opinions contained herein are those of the author of this email and do not necessarily represent those of NetSol Technologies. Statements contained herein are not guarantees of future performance and are subject to certain risks, uncertainties and assumptions that are difficult to predict. The company will not undertake to update any statements contained herein. WARNING: The recipient should check this email and any attachment for the presence of viruses. Although the company has taken reasonable precautions to ensure no viruses are present in this email, the company does not accept responsibility for any loss or damage arising from the use of this email or attachment. Note: Please consider the environment before printing this e-mail.
Re: pre-lock.bat Failed in Repo browser
On 3/8/2011 6:24 AM, Waseem Bokhari wrote: I don't think %VISUALSVN_SERVER% is set in your lock script. What is meant by this? How can I found svnlook.exe?? Can you please re-edit this script for me. Thanks in advance What he means is that %VISUALSVN_SERVER% will not have a value when running from a hook script. From a Command Prompt window, type: echo %VISUALSVN_SERVER% Then substitute the returned value into your script. If you run this echo command in the hook script during a commit operation, it will not print anything. -- David Chapman dcchap...@acm.org Chapman Consulting -- San Jose, CA
RE: pre-lock.bat Failed in Repo browser
From: Waseem Bokhari [mailto:waseem.bokh...@netsoltech.com] Sent: 08 March 2011 14:24 To: 'Bert Huijben'; users@subversion.apache.org Subject: RE: pre-lock.bat Failed in Repo browser I don't think %VISUALSVN_SERVER% is set in your lock script. What is meant by this? The hook scripts are deliberately run with as few environment variables set as possible (same as with cron on Unix) to mitigate security risks. So if you knnow exactly where svnlook.exe is on your server machine, you should set this explicitly: VISUALSVN_SERVER=C:\Program FIles\Virtual SVN or whatever, right at the start. How can I found svnlook.exe ?? Can you please re-edit this script for me. Thanks in advance From: Bert Huijben [mailto:b...@qqmail.nl] Sent: Tuesday, March 08, 2011 7:04 PM To: 'Waseem Bokhari'; users@subversion.apache.org Subject: RE: pre-lock.bat Failed in Repo browser I don't think %VISUALSVN_SERVER% is set in your lock script. Subversion explicitly clears most environment variables before calling hook scripts. Most likely your script can't find svnlook.exe Bert From: Waseem Bokhari [mailto:waseem.bokh...@netsoltech.com] Sent: dinsdag 8 maart 2011 7:52 To: users@subversion.apache.org Subject: pre-lock.bat Failed in Repo browser Hi Experts! Below is the pre-lock.bat Script Only User who lock the file can unlock the file. Other users are forbidden to Unlock file. @echo off :: Set all parameters set repository=%1 set repopath=%2 set user=%3 :: Set path to svnlook set svnlook=%VISUALSVN_SERVER%bin\svnlook.exe :: First check that the lock exists already. :: In that case svnlook prints the lock description. %svnlook% lock %repository% %repopath% | findstr /B /L UUID Token: NUL 21 :: If the lock does not exist, allow locking if ERRORLEVEL 1 exit 0 :: Now check the lock's owner %svnlook% lock %repository% %repopath% | findstr /C:Owner: %user% NUL 21 :: If the person locking matches the lock's owner, allow locking if %ERRORLEVEL% EQU 0 exit 0 :: Otherwise, return failure echo Error: %repopath% is locked already. 2 exit 1 Issue/Problem!! This scenario failed in Repo Browser. Any one can Unlock File/Folder through Repo Browser. Please advice me accordingly. Thanks DISCLAIMER: This e-mail and any file transmitted with it are confidential and intended solely for the use of the addressee. If you are not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email or its attachments is strictly prohibited. If you have received this email in error, please immediately notify us by return email and destroy this email message and its attachments. This communication may contain forward-looking statements relating to the development of NetSol Technologies' products and services and future operations. The words believe, expect, anticipate, intend, variations of such words, and similar expressions, identify forward looking statements, but their absence does not mean that the statement is not forward-looking. Views and opinions contained herein are those of the author of this email and do not necessarily represent those of NetSol Technologies. Statements contained herein are not guarantees of future performance and are subject to certain risks, uncertainties and assumptions that are difficult to predict. The company will not undertake to update any statements contained herein. WARNING: The recipient should check this email and any attachment for the presence of viruses. Although the company has taken reasonable precautions to ensure no viruses are present in this email, the company does not accept responsibility for any loss or damage arising from the use of this email or attachment. Note: Please consider the environment before printing this e-mail. DISCLAIMER: This e-mail and any file transmitted with it are confidential and intended solely for the use of the addressee. If you are not the intended recipient, you are hereby advised that any dissemination, distribution or copy of this email or its attachments is strictly prohibited. If you have received this email in error, please immediately notify us by return email and destroy this email message and its
Re: pre-lock.bat Failed in Repo browser
Michael Diers wrote on Tue, Mar 08, 2011 at 09:39:11 +: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-03-08 06:51, Waseem Bokhari wrote: Hi Experts! Below is the pre-lock.bat Script Only User who lock the file can unlock the file. Other users are forbidden to Unlock file. [...] *Issue/Problem!!* This scenario failed in Repo Browser. Any one can Unlock File/Folder through Repo Browser. Please advice me accordingly. Waseem, that's too little information to give advice. Tell us about your repository and client setup. Wild guess: are you perhaps using the file:// access method when browsing the repository? Hook scripts are run by the Subversion server process. Using the file:// access method effectively disables them. Are you sure? Last I checked, normal clients didn't do authn/authz over file://, but did run hooks normally. http://tortoisesvn.net/docs/release/TortoiseSVN_en/tsvn-repository.html#tsvn-repository-create http://tortoisesvn.net/docs/release/TortoiseSVN_en/tsvn-repository-hooks.html - -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk11+T8ACgkQcEKlWnqVgz3cWgCgrGAuUSuFjKjf0U/+fM2/kZoR gucAnRgp1IFwcqHsvgtkyCH+789pG18z =GSif -END PGP SIGNATURE-
