Forum
overriding password config in subdirectories
emmel
9 June 2014, 12:21
I tried to have a public subdirectory in a password (basic HTTP auth) protected root directory. The documentation is not quite clear on that matter, but I think setting PasswordFile to none should do exactly that. However, I could not access the subdirectory without presenting credentials. Now this might be intended behaviour, but it is annoying. So Please either document that this won't work (and for what reasons) or look into the bug. Thanks.
Hiawatha version: Hiawatha v9.4, cache, IPv6, reverse proxy, SSL (1.3.4), Tomahawk, URL toolkit, XSLT
Operating System: Linux nihal 3.10.25+ #622 PREEMPT Fri Jan 3 18:41:00 GMT 2014 armv6l GNU/Linux
Hiawatha version: Hiawatha v9.4, cache, IPv6, reverse proxy, SSL (1.3.4), Tomahawk, URL toolkit, XSLT
Operating System: Linux nihal 3.10.25+ #622 PREEMPT Fri Jan 3 18:41:00 GMT 2014 armv6l GNU/Linux
emmel
11 June 2014, 13:14
Confirmed to persist in Hiawatha 9.6.
Please not that overriding the password file with another password file (using 'Basic' auth, other methods not tested) does work. However 'none' fails to deactivate authentication.
BTW, is there some mailing list that notifies me when a new version of Hiawatha is available?
Please not that overriding the password file with another password file (using 'Basic' auth, other methods not tested) does work. However 'none' fails to deactivate authentication.
BTW, is there some mailing list that notifies me when a new version of Hiawatha is available?
Hugo Leisink
11 June 2014, 19:28
It is indeed a bug. Will be fixed in the next release. You can fix it manually by editing src/serverconfig.c and place the host->passwordfile = pwd; at line 1163 after the } at the next line:
You can subscribe to the Hiawatha newsletter or follow me at Twitter [twitter.com].
if (pwd != NULL) {
if (register_tempdata(tempdata, pwd, tc_data) == -1) {
free(pwd);
if (grp != NULL) {
free(grp);
}
return false;
}
}
host->passwordfile = pwd;
You can subscribe to the Hiawatha newsletter or follow me at Twitter [twitter.com].
emmel
18 June 2014, 10:22
Thanks. Must have been a chore to track that one down.
Hugo Leisink
18 June 2014, 10:58
Not really. I know my code very well.
Mustafa Ramadhan
19 June 2014, 05:21
The llne 'host->passwordfile = pwd;' already exists at src/serverconfig.c in 9.6
Hugo Leisink
19 June 2014, 08:01
Correct, you don't have to add the line. Just move it a line lower.
Mustafa Ramadhan
21 June 2014, 09:44
So, it's mean change to:
if (pwd != NULL) {
if (register_tempdata(tempdata, pwd, tc_data) == -1) {
free(pwd);
if (grp != NULL) {
free(grp);
}
return false;
}
host->passwordfile = pwd;
}
Mustafa Ramadhan
21 June 2014, 09:51
Original code for 9.6:
And then modified to:
Right?
if (parse_credentialfiles(value, &(host->auth_method), &pwd, &grp) == 0) {
if (pwd != NULL) {
if (register_tempdata(tempdata, pwd, tc_data) == -1) {
free(pwd);
if (grp != NULL) {
free(grp);
}
return false;
}
host->passwordfile = pwd;
}
if (grp != NULL) {
if (register_tempdata(tempdata, grp, tc_data) == -1) {
free(grp);
return false;
}
host->groupfile = grp;
}
return true;
}
And then modified to:
if (parse_credentialfiles(value, &(host->auth_method), &pwd, &grp) == 0) {
if (pwd != NULL) {
if (register_tempdata(tempdata, pwd, tc_data) == -1) {
free(pwd);
if (grp != NULL) {
free(grp);
}
return false;
}
}
host->passwordfile = pwd;
if (grp != NULL) {
if (register_tempdata(tempdata, grp, tc_data) == -1) {
free(grp);
return false;
}
}
host->groupfile = grp;
return true;
}
Right?
Hugo Leisink
21 June 2014, 09:54
No, only the change I posted earlier. The group-part must be unchanged.
Mustafa Ramadhan
21 June 2014, 12:51
Thanks.
Hiawatha 9.6 for Kloxo-MR already update with this patch.
Hiawatha 9.6 for Kloxo-MR already update with this patch.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
