zms[5287]: ERR [Unable to authenticate user]

Support and queries relating to all previous versions of ZoneMinder
User avatar
cordel
Posts: 5210
Joined: Fri Mar 05, 2004 4:47 pm
Location: /USA/Washington/Seattle

Post by cordel »

FYI-
FedoraCore3 (all standard packages from the cd with updates)
ZM 1.20.0-2 rpm
PHP Version 4.3.10
_REQUEST["ZMSESSID"] c2584bdb5a4415eba109a49aaf39c791
_REQUEST["testing"] 1
_REQUEST["sid"] 47cb8a039ffca1b03d99f00248d2a5ad
_COOKIE["ZMSESSID"] c2584bdb5a4415eba109a49aaf39c791
_COOKIE["testing"] 1
_COOKIE["sid"] 47cb8a039ffca1b03d99f00248d2a5ad
_SERVER["HTTP_HOST"] localhost
_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0
_SERVER["HTTP_ACCEPT"] text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
_SERVER["HTTP_ACCEPT_LANGUAGE"] en-us,en;q=0.5
_SERVER["HTTP_ACCEPT_ENCODING"] gzip,deflate
_SERVER["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,*;q=0.7
_SERVER["HTTP_KEEP_ALIVE"] 300
_SERVER["HTTP_CONNECTION"] keep-alive
_SERVER["HTTP_COOKIE"] ZMSESSID=c2584bdb5a4415eba109a49aaf39c791; testing=1; sid=47cb8a039ffca1b03d99f00248d2a5ad
_SERVER["PATH"] /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
_SERVER["SERVER_SIGNATURE"] <address>Apache/2.0.52 (Fedora) Server at localhost Port 80</address>
_SERVER["SERVER_SOFTWARE"] Apache/2.0.52 (Fedora)


With Oskins patch...
If I select to use passwords (authenticate) and hashed ( weither the hashed secret has a value or not) every thing works.
But If I don't chose hashed for method no video.
If I chose not to authenticate I get no video.
Last edited by cordel on Tue Jan 25, 2005 8:24 pm, edited 2 times in total.
User avatar
rdmelin
Posts: 863
Joined: Wed Oct 29, 2003 2:23 pm
Location: Ellensburg, WA USA

Post by rdmelin »

Is there a different version of php between 10.0 and 10.1?
10.0 uses php 4.3.4, 10.1 uses 4.3.8. I checked /etc/php.ini and made sure that all settings are the same on both systems.
Do you know if the userLogin function gets caled at all, and what it is passed if it is?
How would I go about checking this?
User avatar
tek
Posts: 16
Joined: Sat Jan 22, 2005 7:59 pm
Location: Hayward CA
Contact:

Final solution?

Post by tek »

So if i am reading everything right, patching the source with oskins patches fixes things as long as your doing hashed authentication. correct?
Anything else does not work in some fashion?
Acceptable for how i need to deploy it, just have to start all over again and save only my config with the few changes i have already done i guess.
oskin
Posts: 84
Joined: Tue May 25, 2004 7:03 pm
Location: Moscow, Russia

Post by oskin »

The patch corrects such parts of a code which work equally for hashed and for plain.

Serg.
skydiver
Posts: 86
Joined: Wed Jun 16, 2004 7:15 pm

Help Applying Patch

Post by skydiver »

For us newbies out here:
Could you step through all the steps neccessary to apply the patch without having to drop the database and do a complete new install?

If not possible or if it is preferable, for clean install what would I need to remove to have a clean system for a new re-installation?

Through out the thread, I saw several code snippets, could you repost the final, official patch again, I am confused as to what needed to be patched and which was the final patch.

Thanks,
Skydiver
oskin
Posts: 84
Joined: Tue May 25, 2004 7:03 pm
Location: Moscow, Russia

Post by oskin »

Could you step through all the steps neccessary to apply the patch without having to drop the database and do a complete new install?
I always check operation zm " as new install " and " as upgrade from previous version ". If all works correctly I do rpm package and with his help I update zm on production computer. In all cases the patch eliminated a problem. I.e. anything to clean or delete it is not necessary, enough to apply a patch and to execute "make install".
If not possible or if it is preferable, for clean install what would I need to remove to have a clean system for a new re-installation?
If you need to get "clean system" IMHO it is necessary to delete all installed files (make uninstall?) and database zm (mysqladmin drop zm).
Through out the thread, I saw several code snippets, could you repost the final, official patch again, I am confused as to what needed to be patched and which was the final patch.
http://www.zoneminder.com/forums/viewto ... =6284#6284 "Posted: Sun Jan 23, 2005 7:12 pm"
skydiver
Posts: 86
Joined: Wed Jun 16, 2004 7:15 pm

RE: Help Applying patch

Post by skydiver »

OK, so a clean re-install.
  • [morgans@video ~/downloads> rm -Rf zm-1.20.0
    [morgans@video ~/downloads> tar zxvf zm-1.20.0.tar.gz
Then I created a patch file containing the following:

Code: Select all

--- zm-1.20.0/src/zm_user.cpp.orig      2005-01-23 22:56:32.981747061 +0300
+++ zm-1.20.0/src/zm_user.cpp   2005-01-23 23:47:33.140934710 +0300
@@ -106,7 +106,7 @@
 User *zmLoadUser( const char *username, const char *password )
 {
        char sql[BUFSIZ] = "";
-       snprintf( sql, sizeof(sql), "select Username, Password, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", username, password );
+       snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", username, password );

        if ( mysql_query( &dbconn, sql ) )
        {
@@ -151,7 +151,7 @@
        }

        char sql[BUFSIZ] = "";
-       snprintf( sql, sizeof(sql), "select Username, Password, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Enabled = 1" );
+       snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Enabled = 1" );

        if ( mysql_query( &dbconn, sql ) )
        {
@@ -202,7 +202,7 @@

                        MD5( (unsigned char *)auth_key, strlen(auth_key), md5sum );
                        auth_md5[0] = '\0';
-                       for ( int j = 0; j < strlen((const char *)md5sum); j++ )
+                       for ( int j = 0; j < MD5_DIGEST_LENGTH; j++ )
                        {
                                sprintf( auth_md5+strlen(auth_md5), "%02x", md5sum[j] );
                        } 
I saved this to ~/downloads/zm-1.20.0/zm_user_patch and applied the patch:
  • [morgans@video ~/downloads> cd to ~/downloads/zm-1.20.0
    [morgans@video ~/downloads/zm-1.20.0> patch -p1 <zm_user_patch
    patching file src/zm_user.cpp
    Hunk #1 FAILED at 106.
    Hunk #2 FAILED at 151.
    Hunk #3 FAILED at 202.
    3 out of 3 hunks FAILED -- saving rejects to file src/zm_user.cpp.rej
[/list][/list]
Contents of src/zm_user.cpp.rej:

Code: Select all

[morgans@video ~/downloads/zm-1.20.0> cat src/zm_user.cpp.rej
***************
*** 106,112 ****
  User *zmLoadUser( const char *username, const char *password )
  {
         char sql[BUFSIZ] = "";
-        snprintf( sql, sizeof(sql), "select Username, Password, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", username, password );

         if ( mysql_query( &dbconn, sql ) )
         {
--- 106,112 ----
  User *zmLoadUser( const char *username, const char *password )
  {
         char sql[BUFSIZ] = "";
+        snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", username, password );

         if ( mysql_query( &dbconn, sql ) )
         {
***************
*** 151,157 ****
         }

         char sql[BUFSIZ] = "";
-        snprintf( sql, sizeof(sql), "select Username, Password, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Enabled = 1" );

         if ( mysql_query( &dbconn, sql ) )
         {
--- 151,157 ----
         }

         char sql[BUFSIZ] = "";
+        snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Enabled = 1" );

         if ( mysql_query( &dbconn, sql ) )
         {
***************
*** 202,208 ****

                         MD5( (unsigned char *)auth_key, strlen(auth_key), md5sum );
                         auth_md5[0] = '\0';
-                        for ( int j = 0; j < strlen((const char *)md5sum); j++ )
                         {
                                 sprintf( auth_md5+strlen(auth_md5), "%02x", md5sum[j] );
                         }
--- 202,208 ----

                         MD5( (unsigned char *)auth_key, strlen(auth_key), md5sum );
                         auth_md5[0] = '\0';
+                        for ( int j = 0; j < MD5_DIGEST_LENGTH; j++ )
                         {
                                 sprintf( auth_md5+strlen(auth_md5), "%02x", md5sum[j] );
                         }
What next please?

Thanks

Skydiver
oskin
Posts: 84
Joined: Tue May 25, 2004 7:03 pm
Location: Moscow, Russia

Post by oskin »

Oops! I have understood in what a problem. At the publication of a patch here all Tab characters were replaced on 8xSpace. :( Try to download a file with a patch: http://oskin.ru/zm/zm-1.20.0-authfix.patch
User avatar
cordel
Posts: 5210
Joined: Fri Mar 05, 2004 4:47 pm
Location: /USA/Washington/Seattle

Post by cordel »

For the most part every thing works as long as you set authentication on.
I think that ZMS process is also trying to authenticate even if authentication is checked or not. Resulting in no video streaming since ZMS is still trying to authenticate when the option is not set.
oskin
Posts: 84
Joined: Tue May 25, 2004 7:03 pm
Location: Moscow, Russia

Post by oskin »

Yes, it so. I have checked up it and have found an error in zms.cpp:

Code: Select all

--- zm-1.20.0/src/zms.cpp.orig  2005-01-27 11:20:04.876854026 +0300
+++ zm-1.20.0/src/zms.cpp       2005-01-27 11:21:19.813798099 +0300
@@ -141,12 +141,15 @@
        {
                user = zmLoadAuthUser( auth );
        }
-       if ( !user )
+       if ( (bool)config.Item( ZM_OPT_USE_AUTH ) )
        {
-               Error(( "Unable to authenticate user" ));
-               return( -1 );
+               if ( !user )
+               {
+                       Error(( "Unable to authenticate user" ));
+                       return( -1 );
+               }
+               ValidateAccess( user, id );
        }
-       ValidateAccess( user, id );

        setbuf( stdout, 0 );
        if ( nph )
WARNING!!! Don't use this patch by copy&paste. Download full patch from http://oskin.ru/zm/zm-1.20.0-authfix.patch
Or use rpm packages:
ftp://oskin.ru/pub/linux/RedHat/MyRPMS/ ... C3.src.rpm
ftp://oskin.ru/pub/linux/RedHat/MyRPMS/ ... 3.i386.rpm
ftp://oskin.ru/pub/linux/RedHat/MyRPMS/ ... 3.i386.rpm
User avatar
zoneminder
Site Admin
Posts: 5215
Joined: Wed Jul 09, 2003 2:07 pm
Location: Bristol, UK
Contact:

Post by zoneminder »

I think this is already fixed in 1.20.1. That's probably a better version to be moving on with from now.

Phil
User avatar
tek
Posts: 16
Joined: Sat Jan 22, 2005 7:59 pm
Location: Hayward CA
Contact:

1.20.1?

Post by tek »

I notice its not on the download site yet. How long before it is?
prefer to not do the patch if it is going to happen soon.
TIA
Tnt
User avatar
zoneminder
Site Admin
Posts: 5215
Joined: Wed Jul 09, 2003 2:07 pm
Location: Bristol, UK
Contact:

Post by zoneminder »

I'm not making it freely available yet in case there's something not fixed in there. Also I've not updated the docs. You should be able to guess the url for it though if you want to download it.

Phil
Locked