@robertcraven wrote:
The browser asks me for the account data, I enter no user name and the 0000-password, and then I get the 401.
I ran into the same problem: can’t get onto the admin pages, 401 error.
I debugged it and found a potential problem, which does not seem to be debian specific. [ Update: Looks like a debian specific problem after all, the security backport in webserver.c wasn’t compatible with the ws_decodepassword in r1376). ]
The problematic code was introduced in webserver.c by change 1679, which is a security fix. This fix was included in the debian package (0.2.4+r1376-1.1+etch1) on 9th Jun 2008.
My fix was to rebuild the package (mt-daapd-0.2.4+r1376) from source, and change webserver.c on line 969 from:
if((auth) && (ws_decodepassword(auth,&username, &password))) {
to
if((auth) && (0==ws_decodepassword(auth,&username, &password))) {
[ Update: this change is needed for debian patches applied to r1376 only.]
I’ve sent the details to Ron.
You can look for an older binary debian package, 0.2.4+r1376-1, that does not include this security fix, as a temporary workaround.
[ Update: mt-daapd_0.2.4+r1376-1.1+etch2_amd64.deb contains this fix ].