yixuaning / x-wrt

Automatically exported from code.google.com/p/x-wrt
0 stars 0 forks source link

XWRT - webif access control adds multiple user. #165

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Go to system-access-control.sh.
2. Add one user ("XYZ")
3. Now try to change "access control" of various pages (i.e enable/disable)

What is the expected output? What do you see instead?
ISSUE - 1>. It asks for password again for that user.
        2>. It creates that user 2 times.

Script line number 38 shows that -

echo "/cgi-bin/webif/:${FORM_user_add}:${password}"
>>/tmp/.webif/file-httpd.conf
(FILE ATTACHED), if anything wrong, please attach your version.

MORE - 
If you open file /tmp/.webif/file-httpd.conf
It will show multiple entries of single user, so the WEB_UI .

3>. Remove and change password also doesn't work.

What version of the product are you using? On what operating system and web
browser?
I am on trunk, latest.

Please provide any additional info below.

Original issue reported on code.google.com by sahilmakkar1983@gmail.com on 29 Mar 2010 at 9:30

Attachments:

GoogleCodeExporter commented 9 years ago
I meant lines number 38 shows that, we are blindly adding user, without 
checking even
user exists or not.

Original comment by sahilmakkar1983@gmail.com on 29 Mar 2010 at 9:34

GoogleCodeExporter commented 9 years ago
Should be fixed as of r4886.

Original comment by kemen04@gmail.com on 30 Mar 2010 at 2:31

GoogleCodeExporter commented 9 years ago

Original comment by kemen04@gmail.com on 30 Mar 2010 at 2:31

GoogleCodeExporter commented 9 years ago
This page I have seen already, 

1>. This page after doing "add user", brings "Accept Changes" and other 
permanent
save buttons in b/w UI (UI corruption).

2>. It doesn't have "page access" options display.

Original comment by sahilmakkar1983@gmail.com on 30 Mar 2010 at 7:13

GoogleCodeExporter commented 9 years ago

Original comment by kemen04@gmail.com on 30 Mar 2010 at 11:56

GoogleCodeExporter commented 9 years ago
fixed in r4888.

Original comment by kemen04@gmail.com on 1 Apr 2010 at 12:22

GoogleCodeExporter commented 9 years ago

Original comment by kemen04@gmail.com on 1 Apr 2010 at 1:39

GoogleCodeExporter commented 9 years ago
Even with this also, it doesn't work

Original comment by sahilmakkar1983@gmail.com on 1 Apr 2010 at 1:50

GoogleCodeExporter commented 9 years ago
I don't see what you are taking about, can you attach a screenshot of it?

Original comment by kemen04@gmail.com on 1 Apr 2010 at 2:47

GoogleCodeExporter commented 9 years ago
I will do surely.

Original comment by sahilmakkar1983@gmail.com on 1 Apr 2010 at 2:58

GoogleCodeExporter commented 9 years ago
Any update on this?

Original comment by kemen04@gmail.com on 6 Apr 2010 at 3:29

GoogleCodeExporter commented 9 years ago
Oh sorry, totally missed it out. Will update today only.

Original comment by sahilmakkar1983@gmail.com on 6 Apr 2010 at 3:31

GoogleCodeExporter commented 9 years ago
See the attachments, its sequence as per names.

After step-1 itself option to change access of page should come, but it never 
comes.

step-2-4 are about adding more users.

If you do "Apply Changes" issue_5.jpg comes, but it never comes out.

Original comment by sahilmakkar1983@gmail.com on 6 Apr 2010 at 4:25

Attachments:

GoogleCodeExporter commented 9 years ago
I will have to test this out some, I don't see the broken footer issue in 
screenshot
4, the issue in screenshot 5 is that we have to restart httpd, I will have to 
find a
way to work around it.

Original comment by kemen04@gmail.com on 6 Apr 2010 at 4:32

GoogleCodeExporter commented 9 years ago
I should note that I am testing with firefox on windows, so I will give opera a 
try.

Original comment by kemen04@gmail.com on 6 Apr 2010 at 4:33

GoogleCodeExporter commented 9 years ago
Even firefox on linux we have tested.

Original comment by sahilmakkar1983@gmail.com on 6 Apr 2010 at 4:36

GoogleCodeExporter commented 9 years ago
When this cookies problem will go, logout also doesn't work, right ??

Original comment by sahilmakkar1983@gmail.com on 6 Apr 2010 at 4:38

GoogleCodeExporter commented 9 years ago
Well it has to do that we are just using basic auth, so there is no logout 
mechinism,
cookie auth would be one way to fix this.

Original comment by kemen04@gmail.com on 6 Apr 2010 at 4:51

GoogleCodeExporter commented 9 years ago
When can we expect for this fix (system-accesscontrol)

Original comment by sahilmakkar1983@gmail.com on 8 Apr 2010 at 6:21

GoogleCodeExporter commented 9 years ago
Hopefully this weekend/early next week.

Original comment by kemen04@gmail.com on 8 Apr 2010 at 5:42

GoogleCodeExporter commented 9 years ago
Does "backup and restore" works ?

Original comment by sahilmakkar1983@gmail.com on 8 Apr 2010 at 7:19

GoogleCodeExporter commented 9 years ago
It should work, nothing has changed that would prevent it that I know of, 
although
its functionality is likely less useful now that we have sysupgrade for keeping 
configs.

Original comment by kemen04@gmail.com on 9 Apr 2010 at 1:17

GoogleCodeExporter commented 9 years ago
This bugfix made Apr 24 might help
https://dev.openwrt.org/changeset/21121

Timestamp:
04/24/10 13:07:41 (8 hours ago)
Author:
jow
Message:
[package] uhttpd:
ignore authentication realms that refer to user accounts with no password set 
yet (X-
Wrt compatibility)
fix off-by-one in CGI header parsing, fixes cgi programs that emit bad header 
lines 
(AsteriskGUI compatibility)
bump version
Location:
trunk/package/uhttpd
Files:
4 modified

Makefile (1 diff)
src/uhttpd-cgi.c (1 diff)
src/uhttpd-utils.c (1 diff)
src/uhttpd.c (1 diff)

Original comment by greatar...@gmail.com on 24 Apr 2010 at 7:10

GoogleCodeExporter commented 9 years ago
I was using busybox httpd, that we made to work with lot of hacks, I think this 
is
going to help us. We need to shift to uhttpd I think, I assume this also uses
httpd.conf :)

Original comment by sahilmakkar1983@gmail.com on 26 Apr 2010 at 12:46

GoogleCodeExporter commented 9 years ago
Do we really need lua and openssl with uhttpd ?? 

Original comment by sahilmakkar1983@gmail.com on 26 Apr 2010 at 2:06

GoogleCodeExporter commented 9 years ago
uhttpd uses cyassl for ssl, and lua is not needed unless you are using it for 
something.

Original comment by kemen04@gmail.com on 26 Apr 2010 at 3:33

GoogleCodeExporter commented 9 years ago
OK Will try that, lets see if it fixes the memory leak issue that I put in 
other thread.

Original comment by sahilmakkar1983@gmail.com on 26 Apr 2010 at 3:38