| John Rouillard wrote: |
| John Rouillard wrote: |
I think I kind of see what's happening here. In is_command_allowed you add the GetPwdFile to the list of
allowed command but only if is_admin_user is true. Since the user is guest at that point, I assume
is_admin_user returns false making is_command_allowed return false. Then the redirect is attempted by this
code sequence:
if (!is_command_allowed(lbs, command)) {
/* redirect to login page for new command */
if (strieq(command, loc("New")) && !isparam("unm")) {
check_user_password(lbs, "", "", _cmdline);
return;
}
but to me that looks like it will execute only if the command contains the word new
(or it's translated equivalent if I understand loc() properly)?? Since the command string
GetPwdFile doesn't match no login screen is presented by check_user_password.
|
The attached patch (also included inline) seems to fix the problem. I am sure it can be done more cleanly but...
--- elogd.c~ 2009-12-02 05:53:44.000000000 -0500
+++ elogd.c 2010-05-16 21:58:14.000000000 -0400
@@ -26236,6 +26236,10 @@
check_user_password(lbs, "", "", _cmdline);
return;
}
+ if (strieq(command, loc("GetPwdFile")) && !isparam("unm")) {
+ check_user_password(lbs, "", "", _cmdline);
+ return;
+ }
strencode2(str2, command, sizeof(str3));
sprintf(str, loc("Error: Command \"<b>%s</b>\" not allowed"), str2);
-- rouilj |
Ok, now I got it! The problem was that you used "Guest menu commands = ..." and I did not. So the behavior is different with that option, which is why I could not reproduce your problem initially. Now I could reproduce it and the cleanest fix is this:
--- elogd.c (revision 2294)
+++ elogd.c (working copy)
@@ -15704,7 +15704,7 @@
fgets(pwd, sizeof(pwd), stdin);
while (pwd[strlen(pwd) - 1] == '\n' || pwd[strlen(pwd) - 1] == '\r')
pwd[strlen(pwd) - 1] = 0;
- } else if (status != 200 && status != 302) {
+ } else if (status != 200 && status != 302 && status != 404) {
xfree(buffer);
*strchr(str, '?') = 0;
which is just accept the 404 response and not abort the cloning process. |