For the past few days, I've been updating to the latest SVN code, and I'm
seeing that when I try to login to luci, I get a failed username/password.
I can ssh to the router (pubkey authentication), but changing the root
password doesn't affect my ability to login to the web interface.
I have strace installed on the router and have pulled logs of a version
earlier this week - here's what strace showed on the relevant thread
(password obscured):
--- snip ---
9612 read(0, "username=root&password=MYPASSWORD"..., 33) = 33
9612 open("/etc/shadow", O_RDONLY) = 12
9612 ioctl(12, TIOCNXCL, 0x7fd02608) = -1 ENOTTY (Inappropriate ioctl
for device)
9612 read(12, "root:x:0:0:99999:7:::\ndaemon:*:0"..., 4096) = 116
9612 close(12) = 0
9612 getuid() = 0
9612 getgid() = 0
9612 open("/usr/lib/lua/luci/view/sysauth.htm", O_RDONLY) = 12
9612 read(12, "<%#\nLuCI - Lua Configuration Int"..., 1024) = 1024
9612 read(12, "na", 2) = 2
9612 read(12, "me=\"username\" value=\"<%=duser%>\""..., 412) = 412
9612 read(12, "\" v", 3) = 3
9612 read(12, "alue=\"<%:", 9) = 9
9612 read(12, "res", 3) = 3
9612 read(12, "et%>\" class=\"cbi-button cbi-bu", 30) = 30
9612 read(12, "tton-reset\" />\n\t</div>\n</form>\n<", 32) = 32
9612 read(12, "%+footer%>\n", 52) = 11
9612 read(12, "", 106) = 0
9612 close(12) = 0
9612 getuid() = 0
9612 getgid() = 0
9612 open("/usr/lib/lua/luci/view/header.htm", O_RDONLY) = 12
9612 read(12, "<%#\nLuCI - Lua Configuration Int"..., 1024) = 581
9612 read(12, "", 445) = 0
9612 close(12) = 0
9612 brk(0xc8e000) = 0xc8e000
9612 sysinfo({uptime=9003, loads=[192, 960, 2976] totalram=63471616,
freeram=24322048, sharedram=0, bufferram=3465216} totalswap=0,
freeswap=0, procs=56}) = 0
9612 uname({sysname="Linux", nodename="fruitbat", release="3.3.6",
version="#1 Sat May 19 13:48:15 MDT 2012", machine="mips"}) = 0
9612 brk(0xc92000) = 0xc92000
9612 stat64(0xc3da18, 0x7fd023f8) = 0
9612 open("/usr/lib/lua/luci/i18n/sysauth.en.lmo", O_RDONLY) = 12
9612 lseek(12, -4, SEEK_END) = 164
9612 read(12, "\0\0\0t", 4) = 4
9612 lseek(12, 116, SEEK_SET) = 116
9612 read(12, "[W\32\346", 4) = 4
9612 read(12, "g\254\22\322", 4) = 4
9612 read(12, "\0\0\0@", 4) = 4
9612 read(12, "\0\0\0003", 4) = 4
9612 read(12, "\212\342\265I", 4) = 4
9612 read(12, "s\1\365\217", 4) = 4
9612 read(12, "\0\0\0\30", 4) = 4
9612 read(12, "\0\0\0(", 4) = 4
9612 read(12, "]0\243\23", 4) = 4
9612 read(12, "=\311T[", 4) = 4
9612 read(12, "\0\0\0\0", 4) = 4
9612 read(12, "\0\0\0\26", 4) = 4
9612 lseek(12, 0, SEEK_SET) = 0
9612 old_mmap(NULL, 116, PROT_READ, MAP_PRIVATE, 12, 0) = 0x77006000
9612 getuid() = 0
9612 getgid() = 0
9612 open("/usr/lib/lua/luci/view/footer.htm", O_RDONLY) = 13
9612 read(13, "<%#\nLuCI - Lua Configuration Int"..., 1024) = 462
9612 read(13, "", 564) = 0
9612 close(13) = 0
9612 getuid() = 0
9612 getgid() = 0
9612 open("/usr/lib/lua/luci/view/themes/openwrt.org/footer.htm",
O_RDONLY) = 13
9612 read(13, "<%#\nLuCI - Lua Configuration Int"..., 1024) = 592
9612 read(13, "", 434) = 0
9612 close(13) = 0
9612 brk(0xc93000) = 0xc93000
9612 write(1, "Status: 200 OK\r\nVary: Accept\r\nCo"..., 2924) = 2924
--- snip ---
PID 9612 is the forked thread that seems to be handling the
authentication. I attached strace to the running uhttpd thread to get
this info.
I can see that it's opening the shadow file, but can't see where it's
actually validating the password.
The PPID has a similar line that includes the user ID (root) and password
string, but it seems that this forked thread pops up almost immediately
afterwards.
opkg shows a number of luci-related updates available along the lines of:
luci - 0.9+svn8682-1 - trunk+svn8682-1
And if I upgrade to trunk+svn8682-1 (which I have to force because luci-
admin-full has some conflicting files), then I can login, but most of the
administration option pages have various and sundry errors on them that
prevent it from being used for administration - I can watch live traffic
and historical data, but I wasn't able to perform administration on
anything that I tried (LAN/WAN interfaces primarily).
Where do I go from here - or is there other info that would be more
useful to track this down?
--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
