windows viewer and 1.21.4

Support and queries relating to all previous versions of ZoneMinder
jameswilson
Posts: 5111
Joined: Wed Jun 08, 2005 8:07 pm
Location: Midlands UK

windows viewer and 1.21.4

Post by jameswilson »

Phil or anyone wo knows
I have just upgraded my home server to 1.21.4 and my viewer stopped working with it.
But if i change ZM_AUTH_Relay to plain all is ok.
Now obviously this is fine and dandy but does that mean that zm itself will use plain authentication when accessing things?

If so i need to modify the viewer the request a hash every so often
So am i right (please tell me im not LOL)
how would i go about requesting a hash pass and how often do i need to do this to keep the viwer going for days on end?

James

BTW WHAT AN UPGRADE
the timeline thing is amazing and i now have more options than i understand!
James Wilson

Disclaimer: The above is pure theory and may work on a good day with the wind behind it. etc etc.
http://www.securitywarehouse.co.uk
User avatar
zoneminder
Site Admin
Posts: 5215
Joined: Wed Jul 09, 2003 2:07 pm
Location: Bristol, UK
Contact:

Post by zoneminder »

Does it work if you use hashed authentication but turn off the include IP option? What method did the viewer use before?

Phil
jameswilson
Posts: 5111
Joined: Wed Jun 08, 2005 8:07 pm
Location: Midlands UK

Post by jameswilson »

the viewer uses zms to get images and adds the current user name and password to the end of the url
ie user=stream&pass=stream
On the old one if i had hashed authetication on i could still request images with plain but all window urls would show hashed auth not plain

James
James Wilson

Disclaimer: The above is pure theory and may work on a good day with the wind behind it. etc etc.
http://www.securitywarehouse.co.uk
User avatar
zoneminder
Site Admin
Posts: 5215
Joined: Wed Jul 09, 2003 2:07 pm
Location: Bristol, UK
Contact:

Post by zoneminder »

Hmm, how did you generate the hashes?

Phil
jameswilson
Posts: 5111
Joined: Wed Jun 08, 2005 8:07 pm
Location: Midlands UK

Post by jameswilson »

i didnt i thought about it ie generating a hash at login and at regular intervals and sending that instead but decided the benifit was to small for the effort involved.
The reson i found this was i upgraded my server at home and could no longer see my cams in my viewer so i changed auth to plain, restarted then i could. But now i assume that zm will use plain auth internally as well? What i was wondering is can i keep using hashed auth internally on zm but use plain or hashed to access zms?
James Wilson

Disclaimer: The above is pure theory and may work on a good day with the wind behind it. etc etc.
http://www.securitywarehouse.co.uk
User avatar
zoneminder
Site Admin
Posts: 5215
Joined: Wed Jul 09, 2003 2:07 pm
Location: Bristol, UK
Contact:

Post by zoneminder »

I'm a bit confused now :?

Can you give an example of a url that used to work and now doesn't? If it has hashes in it, those hashes should only be valid for a short period of time so if they kept working then something would have been wrong.

Phil
User avatar
cordel
Posts: 5210
Joined: Fri Mar 05, 2004 4:47 pm
Location: /USA/Washington/Seattle

Post by cordel »

I'm pretty sure he loged in like so:
http://192.168.10.20/cgi-bin/zm/zms?mod ... zmuserpass

Regards,
Cordel
User avatar
zoneminder
Site Admin
Posts: 5215
Joined: Wed Jul 09, 2003 2:07 pm
Location: Bristol, UK
Contact:

Post by zoneminder »

Ah, I get it now I think. So basically even if hashed authentication was selected it would let you use plaintext? Yes, I suspect I may have blatted that in zms. I did the same in zmu and then restored it but I hadn't considered that anyone might use zms like that. I'll put it back in 1.21.5 which won't be too long. In the meantime I can post a patch if you like. Actually I'll do it anyway.

Code: Select all

--- zms.cpp	20 Oct 2005 15:42:40 -0000	1.37
+++ zms.cpp	23 Nov 2005 13:50:14 -0000
@@ -116,14 +116,14 @@
 				ttl = atoi(value);
 			else if ( config.opt_use_auth )
 			{
-				if ( strcmp( config.auth_relay, "hashed" ) == 0 )
+				//if ( strcmp( config.auth_relay, "hashed" ) == 0 )
 				{
 					if ( !strcmp( name, "auth" ) )
 					{
 						strncpy( auth, value, sizeof(auth) );
 					}
 				}
-				else if ( strcmp( config.auth_relay, "plain" ) == 0 )
+				//else if ( strcmp( config.auth_relay, "plain" ) == 0 )
 				{
 					if ( !strcmp( name, "user" ) )
 					{
Phil
jameswilson
Posts: 5111
Joined: Wed Jun 08, 2005 8:07 pm
Location: Midlands UK

Post by jameswilson »

thanks Phil.
Ill wait for 1.21.5 as im still just on rpms i need to sit down an dlearn how to do all this patching and compliling ec.

BTW will 1.21.5 have the alarm status thing on it too?
James Wilson

Disclaimer: The above is pure theory and may work on a good day with the wind behind it. etc etc.
http://www.securitywarehouse.co.uk
User avatar
zoneminder
Site Admin
Posts: 5215
Joined: Wed Jul 09, 2003 2:07 pm
Location: Bristol, UK
Contact:

Post by zoneminder »

Yes. If you want anything else in there as well don't forget to ask!

Phil
jameswilson
Posts: 5111
Joined: Wed Jun 08, 2005 8:07 pm
Location: Midlands UK

Post by jameswilson »

will do
Just a thought is it possible to query the bd through html commands, im just thinking that i will have a load of querires about playback not working when i replease that ug, beacuse people would need to allow mysql to accept external ip conns and create the relevant user and permissions hosts etc.
James Wilson

Disclaimer: The above is pure theory and may work on a good day with the wind behind it. etc etc.
http://www.securitywarehouse.co.uk
User avatar
cordel
Posts: 5210
Joined: Fri Mar 05, 2004 4:47 pm
Location: /USA/Washington/Seattle

Post by cordel »

how hard would it be to have as an option? I know that the options window is getting a bit busy so maybe for more spacific things like this could just be placed in zm.conf. Since most users will want it say hashed through all modules any one else could overide small things like this as it's more administative there no need to have it accessable in the web page.

Just a thought ;)

Cordel
jameswilson
Posts: 5111
Joined: Wed Jun 08, 2005 8:07 pm
Location: Midlands UK

Post by jameswilson »

Corey,
Im thinking of having a tabbed option page now as its getting a bit out of control (your ganna need a 21" monitor soon)
Problem is i cant handle hased auth from my app at the mo. It wouldnt be too hard to add (i dont think) as all id need to do is request a hash from the zm box and stire it and pass that instead. Id also need to update the hash at whatever freq as i beleive it times out.
So its not even availabel as an option at the mo and the only security risk is if the used pass has a high level access to zm and its packet sniffed as its not displayed anywhere in the app, just processed internally
James Wilson

Disclaimer: The above is pure theory and may work on a good day with the wind behind it. etc etc.
http://www.securitywarehouse.co.uk
jameswilson
Posts: 5111
Joined: Wed Jun 08, 2005 8:07 pm
Location: Midlands UK

Post by jameswilson »

So are you using this viewer corey?
James Wilson

Disclaimer: The above is pure theory and may work on a good day with the wind behind it. etc etc.
http://www.securitywarehouse.co.uk
User avatar
cordel
Posts: 5210
Joined: Fri Mar 05, 2004 4:47 pm
Location: /USA/Washington/Seattle

Post by cordel »

I haven't really got anything to run it on :? All my windooze machines disapeared :lol: They all sucome to a higher power (well and a few got fried in a recent storm).
I want too. I'll have to load it on my laptop. It could use being powered on any way :D
Locked