You are here: Home » Topic » Admin Interface results in 401

Admin Interface results in 401

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #2540
    Anonymous
    Inactive

    Hi guys,

    I installed mt-daapd on Debian using apt-get. I configured /etc/mt-daapd.conf properly (I guess) and set the admin_pw to 0000. Although I can access all my mp3s using iTunes, I am not able to access to administration pages. The browser asks me for the account data, I enter no user name and the 0000-password, and then I get the 401. I tried to change the ownership of all mt-daapd-web-pages to the mt-daapd-user, but that wasn’t helping.

    Any idea?

    Thanks in advance,
    Rob

    #17390
    fizze
    Participant

    There is some sort of bug in some debian packages, that have to do with SELinux or at least security enhancements. This has been discussed here before, but IIRC there was no solution posted. 😕

    #17391
    Anonymous
    Inactive

    I see. Well, I’ll try to figure out how to create smart playlist manually and where to put them afterwards. Not that big a deal I guess.

    Thanks nevertheless!

    #17392
    stretch
    Participant

    Try using the Java Firefly client found in the 3rd party add-ons section to build playlists within Firefly’s db.

    #17393
    chris
    Guest

    I’m experiencing something similar, stable Debian, all updates.

    Here are the relevant sections from my mt-daap.conf and the mt-daap log (at level 9):

    (conf):
    # admin_pw (required)
    #
    # This is the password to the administrative pages

    admin_pw = coachz

    (log):
    2008-07-08 12:53:35 (b54bbbb0): Decoded admin:coachz
    2008-07-08 12:53:35 (b54bbbb0): Decoded user=admin, pw=coachz
    2008-07-08 12:53:35 (b54bbbb0): Added *WWW-Authenticate=Basic realm=”webserver”*
    2008-07-08 12:53:35 (b54bbbb0): Thread 7: Entering ws_returnerror (401: Unauthorized)

    Does anyone know what deb package this is related too? Maybe something I should try from “unstable”?

    #17394
    DavesNotHereMan
    Participant

    Any idea why this is happening or what to do about it?

    I just got bit by the same thing – updating mt-daapd and the rest of my SLUG running Debian Etch cost me the ability to administer the thing via the web.

    #17395
    mplak
    Guest

    @robertcraven wrote:

    The browser asks me for the account data, I enter no user name and the 0000-password, and then I get the 401.

    I ran into the same problem: can’t get onto the admin pages, 401 error.
    I debugged it and found a potential problem, which does not seem to be debian specific. [ Update: Looks like a debian specific problem after all, the security backport in webserver.c wasn’t compatible with the ws_decodepassword in r1376). ]

    The problematic code was introduced in webserver.c by change 1679, which is a security fix. This fix was included in the debian package (0.2.4+r1376-1.1+etch1) on 9th Jun 2008.

    My fix was to rebuild the package (mt-daapd-0.2.4+r1376) from source, and change webserver.c on line 969 from:

    if((auth) && (ws_decodepassword(auth,&username, &password))) {

    to

    if((auth) && (0==ws_decodepassword(auth,&username, &password))) {

    [ Update: this change is needed for debian patches applied to r1376 only.]

    I’ve sent the details to Ron.

    You can look for an older binary debian package, 0.2.4+r1376-1, that does not include this security fix, as a temporary workaround.
    [ Update: mt-daapd_0.2.4+r1376-1.1+etch2_amd64.deb contains this fix ].

Viewing 7 posts - 1 through 7 (of 7 total)
  • The forum ‘Setup Issues’ is closed to new topics and replies.