[osiris] Re: Debian upgrade to Etch; http interface stopped working
osiris at lemmin.gs
osiris at lemmin.gs
Thu Apr 5 01:22:14 EDT 2007
On Tue, Apr 03, 2007 at 11:43:20AM -0700, John wrote:
> Apparently, it is OK to use a blank/null password on
> the command terminal, but it is no longer OK to use it
> for http access. As soon as I changed the password to
> non-blank I can log in via the http server. Somewhere
> along the versions, this behavior has changed.
>
> It would have been nice for this "feature" to be
> documented somewhere, say, the change log for example.
> I just wasted a whole day trying to figure this one
> out.
This is actually a bug. To fix, apply the following patch:
diff -ruN osiris-4.2.3-orig/src/osirismd/md_http.c
--- osiris-4.2.3-orig/src/osirismd/md_http.c 2006-07-28 09:57:51.000000000 +1000
+++ osiris-4.2.3/src/osirismd/md_http.c 2007-03-01 17:11:46.000000000 +1100
@@ -422,8 +422,14 @@
}
/* now encrypt/hash the pass */
-
- sha1_buffer( pass, strlen( pass), buf, sizeof(buf) );
+ if( ( pass == NULL ) )
+ {
+ sha1_buffer( pass, 0, buf, sizeof(buf) );
+ }
+ else
+ {
+ sha1_buffer( pass, strlen( pass), buf, sizeof(buf) );
+ }
/* now authenticate against our user database. */
More information about the osiris
mailing list