It seems, auth.tcl does not even see much of the Config
array -- because it is looking in Config() instead of
config::Config().
Correcting it exposes flat out errors suggesting, the
code has bit-rotted... Whatever I do, I can not seem to
login with neither Basic nor Digest mode.
Only the /debug thing works, but is a pain to memorize...
Does multi-user authentication work for anyone? I'm
using Tcl-8.4.11 (with Trf and Tls, if that matters).
Thanks!
Logged In: YES
user_id=1358943
I encountered the same problem and just spent 2 days of
manual tracing and debugging. I'm not a Tcl-expert and
certainly not a tclhttpd-expert, but I found working
solutions for the next problems:
1. Config-parameters (see indicated problem above)
Config-parameters specified in the used resource-file (e.g.
"AuthUserFile" and "AuthGroupFile") are loaded into the
variable config::Config() while the global variable Config()
is used for configuring tclhttpd. I don't know if it is
conceptually wrong but copying config::Config() to the
global Config() variable seems to work for me.
> File: ./tclhttpd3.5.1/lib/config.tcl
> Location: proc config::init {config aname}
> After:
array set Config [interp eval $i {array get Config}]
interp delete $i
> Ad:
# Copy all loaded config-parameters from the local Config array
# to the global Config array through the upvar variable
TheirConfig
array set TheirConfig [array get Config]
2. Group/user authorization
Users are only authorized when they are specified (in the
".htaccess" file) as required user AND are a member of one
of the specified required groups. Users should be authorized
when they are EITHER specified as required user OR a member
of one of the specified required groups.
> File: ./tclhttpd3.5.1/lib/auth.tcl
> Location: proc AuthUserOp {sock file op user}
> Replace:
if {[info exists info(htaccessp,require,$op,group)]} {
if {![AuthGroupCheck $sock $file \ $info(htaccessp,require,$op,group) $user]} {
return 0 ;# Not in a required group
}
}
if {[info exists info(htaccessp,require,$op,user)]} {
if {![AuthUserCheck $sock $file \ $info(htaccessp,require,$op,user) $user]} {
return 0 ;# Not the required user
}
}
return 1
> By:
# User is authorized if EITHER member of a group
# OR specified individually
if {[info exists info(htaccessp,require,$op,group)]} {
if {[AuthGroupCheck $sock $file \ $info(htaccessp,require,$op,group) $user]} {
return 1 ;# Member of required group
}
}
if {[info exists info(htaccessp,require,$op,user)]} {
if {[AuthUserCheck $sock $file \ $info(htaccessp,require,$op,user) $user]} {
return 1 ;# Individually required user
}
}
return 0
Looking forward to your feedback.
Logged In: YES
user_id=173641
> array set Config [interp eval $i {array get Config}]
We are in the same intepreter, just different namespace.
This should work and be much more efficient:
namespace import ::config::Config
> Looking forward to your feedback
I'm afraid, we are stuck here as the software seems
abandoned... Unless someone picks it up, there is little
point in discussions :-(
Unless you have a ready patch for review :-)
Logged In: YES
user_id=1388959
I have followed along the same path. It seems pretty amazing
that these bugs could have remained for so long.
I have three comments,
1 - Yes, the global Config isn't getting updated with values
from the tclhttpd.rc for any fields that don't have command
line options. In particular for Auth, AuthUserFile,
AuthGroupFile.
As you guys figured out the global Config array isn't
updated from the config::Config array other than by using
the values as defaults in the cmdline::getoptions routine. I
think using the same name for variables in different
namespaces is a bad idea and leads to just this sort of
confusion. Even a filename, httpd.tcl, is reused in the bin
and lib directory!
Anyway my fix was to add these lines after the Config array
is set from the cmdline::getoptions (line 195 in 3.5.2, line
196 in cvs)
set Config(Auth) [cget Auth]
set Config(AuthUserFile) [cget AuthUserFile]
set Config(AuthGroupFile) [cget AuthGroupFile]
2 - When it does read the Auth correctly it then fails to
use the password. Line 77 of auth.tcl (in 3.5.1) is
set val [crypt $password $salt]
and should be
set val [crypt $val $salt]
Of course this doesn't matter when you have set up the
password file.
3 - I don't see the problem elnarte sees. My understanding
is that I should be able say
<Limit GET POST>
require group group1
require group group2
require valid-user
</Limit>
and then simply add new ids to the passwd and group files.
This works in 3.5.1