XWRT - webif access control adds multiple user.

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Go to system-access-control.sh.
2. Add one user ("XYZ")
3. Now try to change "access control" of various pages (i.e enable/disable)

What is the expected output? What do you see instead?
ISSUE - 1>. It asks for password again for that user.
        2>. It creates that user 2 times.

Script line number 38 shows that -

echo "/cgi-bin/webif/:${FORM_user_add}:${password}"
>>/tmp/.webif/file-httpd.conf
(FILE ATTACHED), if anything wrong, please attach your version.

MORE - 
If you open file /tmp/.webif/file-httpd.conf
It will show multiple entries of single user, so the WEB_UI .

3>. Remove and change password also doesn't work.

What version of the product are you using? On what operating system and web
browser?
I am on trunk, latest.

Please provide any additional info below.

Original issue reported on code.google.com by sahilmakkar1983@gmail.com on 29 Mar 2010 at 9:30

Attachments:

• system-access-control.sh

[GoogleCodeExporter]

I meant lines number 38 shows that, we are blindly adding user, without 
checking even
user exists or not.

Original comment by sahilmakkar1983@gmail.com on 29 Mar 2010 at 9:34

[GoogleCodeExporter]

Should be fixed as of r4886.

Original comment by kemen04@gmail.com on 30 Mar 2010 at 2:31

[GoogleCodeExporter]

Original comment by kemen04@gmail.com on 30 Mar 2010 at 2:31

• Changed state: Fixed

[GoogleCodeExporter]

This page I have seen already, 

1>. This page after doing "add user", brings "Accept Changes" and other 
permanent
save buttons in b/w UI (UI corruption).

2>. It doesn't have "page access" options display.

Original comment by sahilmakkar1983@gmail.com on 30 Mar 2010 at 7:13

[GoogleCodeExporter]

Original comment by kemen04@gmail.com on 30 Mar 2010 at 11:56

• Changed state: Accepted

[GoogleCodeExporter]

fixed in r4888.

Original comment by kemen04@gmail.com on 1 Apr 2010 at 12:22

[GoogleCodeExporter]

Original comment by kemen04@gmail.com on 1 Apr 2010 at 1:39

• Changed state: Fixed

[GoogleCodeExporter]

Even with this also, it doesn't work

Original comment by sahilmakkar1983@gmail.com on 1 Apr 2010 at 1:50

[GoogleCodeExporter]

I don't see what you are taking about, can you attach a screenshot of it?

Original comment by kemen04@gmail.com on 1 Apr 2010 at 2:47

• Changed state: Accepted

[GoogleCodeExporter]

I will do surely.

Original comment by sahilmakkar1983@gmail.com on 1 Apr 2010 at 2:58

[GoogleCodeExporter]

Any update on this?

Original comment by kemen04@gmail.com on 6 Apr 2010 at 3:29

[GoogleCodeExporter]

Oh sorry, totally missed it out. Will update today only.

Original comment by sahilmakkar1983@gmail.com on 6 Apr 2010 at 3:31

[GoogleCodeExporter]

See the attachments, its sequence as per names.

After step-1 itself option to change access of page should come, but it never 
comes.

step-2-4 are about adding more users.

If you do "Apply Changes" issue_5.jpg comes, but it never comes out.

Original comment by sahilmakkar1983@gmail.com on 6 Apr 2010 at 4:25

Attachments:

• issue_step1.jpg
• issue_2.jpg
• issue_3.jpg
• issue_4.jpg
• issue_5.jpg

[GoogleCodeExporter]

I will have to test this out some, I don't see the broken footer issue in 
screenshot
4, the issue in screenshot 5 is that we have to restart httpd, I will have to 
find a
way to work around it.

Original comment by kemen04@gmail.com on 6 Apr 2010 at 4:32

[GoogleCodeExporter]

I should note that I am testing with firefox on windows, so I will give opera a 
try.

Original comment by kemen04@gmail.com on 6 Apr 2010 at 4:33

[GoogleCodeExporter]

Even firefox on linux we have tested.

Original comment by sahilmakkar1983@gmail.com on 6 Apr 2010 at 4:36

[GoogleCodeExporter]

When this cookies problem will go, logout also doesn't work, right ??

Original comment by sahilmakkar1983@gmail.com on 6 Apr 2010 at 4:38

[GoogleCodeExporter]

Well it has to do that we are just using basic auth, so there is no logout 
mechinism,
cookie auth would be one way to fix this.

Original comment by kemen04@gmail.com on 6 Apr 2010 at 4:51

[GoogleCodeExporter]

When can we expect for this fix (system-accesscontrol)

Original comment by sahilmakkar1983@gmail.com on 8 Apr 2010 at 6:21

[GoogleCodeExporter]

Hopefully this weekend/early next week.

Original comment by kemen04@gmail.com on 8 Apr 2010 at 5:42

[GoogleCodeExporter]

Does "backup and restore" works ?

Original comment by sahilmakkar1983@gmail.com on 8 Apr 2010 at 7:19

[GoogleCodeExporter]

It should work, nothing has changed that would prevent it that I know of, 
although
its functionality is likely less useful now that we have sysupgrade for keeping 
configs.

Original comment by kemen04@gmail.com on 9 Apr 2010 at 1:17

[GoogleCodeExporter]

This bugfix made Apr 24 might help
https://dev.openwrt.org/changeset/21121

Timestamp:
04/24/10 13:07:41 (8 hours ago)
Author:
jow
Message:
[package] uhttpd:
ignore authentication realms that refer to user accounts with no password set 
yet (X-
Wrt compatibility)
fix off-by-one in CGI header parsing, fixes cgi programs that emit bad header 
lines 
(AsteriskGUI compatibility)
bump version
Location:
trunk/package/uhttpd
Files:
4 modified

Makefile (1 diff)
src/uhttpd-cgi.c (1 diff)
src/uhttpd-utils.c (1 diff)
src/uhttpd.c (1 diff)

Original comment by greatar...@gmail.com on 24 Apr 2010 at 7:10

[GoogleCodeExporter]

I was using busybox httpd, that we made to work with lot of hacks, I think this 
is
going to help us. We need to shift to uhttpd I think, I assume this also uses
httpd.conf :)

Original comment by sahilmakkar1983@gmail.com on 26 Apr 2010 at 12:46

[GoogleCodeExporter]

Do we really need lua and openssl with uhttpd ?? 

Original comment by sahilmakkar1983@gmail.com on 26 Apr 2010 at 2:06

[GoogleCodeExporter]

uhttpd uses cyassl for ssl, and lua is not needed unless you are using it for 
something.

Original comment by kemen04@gmail.com on 26 Apr 2010 at 3:33

[GoogleCodeExporter]

OK Will try that, lets see if it fixes the memory leak issue that I put in 
other thread.

Original comment by sahilmakkar1983@gmail.com on 26 Apr 2010 at 3:38