User Access - permition problem

jkocourek · Post by **jkocourek** » Thu Mar 17, 2005 3:46 pm

If I create user with permision Restricted Camera Ids: 1,2
that user can see that cameras in list, but didn't get any pictures from the cameras.
If I set restricted camera ids to empty string that user see all cameras and all pictures
I have tried to change the other user options, but no sucess

Thank you for help. Sorry for my english

Post by **cordel** » Thu Mar 17, 2005 10:29 pm

Did you set for that user Stream = view?

jkocourek · Post by **jkocourek** » Fri Mar 18, 2005 7:11 am

Yes, but no pictures.....

Post by **cordel** » Fri Mar 18, 2005 7:34 am

Any errors in the logs?

jkocourek · Post by **jkocourek** » Fri Mar 18, 2005 7:42 am

No errors

Thits looks like system bug in zmc/zms ...

Post by **cordel** » Fri Mar 18, 2005 7:51 am

If you set up the restrictions for one of the users...
and check the propertys for the picture what does it say?
Alsoo what distro and version of zm?
Where are you located. I may be able to call and try to walk you though it on the tele. since on my phone I can pretty much call any where for free I'd don't see why I don't use it

Or if you have a public IP maybe set up an account and put restrictions on it including one cam and PM me the details. I'll be willing to do what ever I can.

jkocourek · Post by **jkocourek** » Fri Mar 18, 2005 8:17 am

Distributions Fedora core 2 and ZoneMinder 1.20.1.

Post by **cordel** » Fri Mar 18, 2005 9:09 am

Phil,
I have not yet seen this. Every thing is working on their system but soon as you restrict cameras for a user.
no picture, no status, and no zms process starts for that user.
remove the restriction and all works fine

No obvious errors in the logs

system:
Fedora Core 2
Apache/2.0.51
php unknown
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 3
model name : Intel Celeron CPU 2.40GHz
stepping : 3
cpu MHz : 2398.841
cache size : 256 KB
ZM-1.20.1
Cheers,
Cordel

Post by **zoneminder** » Fri Mar 18, 2005 4:48 pm

I have not been able to reproduce this on my system here. Do you have a screenshot or anything to illustrate which bits are missing and which are there. Does it affect all streaming and stills feeds?

Phil

Post by **cordel** » Fri Mar 18, 2005 8:27 pm

Only affects the users that has restricted cameras id's. All other users work. The URL for the streams are correct. The zms process does not start like the client didn't authinticate properly.
But if I bring up a camera in IE Everything is as expected from a nonrestricted user.
A resricked user does not and the URL in cambozola is http://<IP_ADDRES>//cgi-bin/zms
The display says Server returned HTTP responce code 500.
Where as the unrestricked user has a URL in cambozola http://<IP_ADDRES>/cgi-bin/zms
It's throwing an extra forward slash in. I tried to do more testing but with no one there now and no SSH login. I'm at a stand still. I changed the path config for zms and removed the leading forward slash but need to restart apache.
The wierd thing is that using firefox returns the following url which looks correct.
http://<IP_ADDRESS>/cgi-bin/zms?mode=jpeg&monitor=1&scale=100&maxfps=5&auth=63c92830986822ad5c2f61112f5789b4
If I enter the url into a browser I get:

Code: Select all

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.0.51 (Fedora) Server at <IP_ADDRESS> Port 80

So there must be a clue in the logs.
The config.log from zm:
ftp://download.computerntelecom.com/pub/config.log

Post by **cordel** » Sun Mar 20, 2005 5:10 am

Well I was just going to top the thread but.... I just installed a fresh FC2, Updated it, and since I now have a build machine decided to build FC2 packages to hopefully help resolve this weird issue..

Instead I have duplicated it

PHP Version 4.3.10
Linux FC2builder 2.6.10-1.770_FC2 #1 Sat Feb 26 21:40:22 EST 2005 i686
Apache Version Apache/2.0.51 (Fedora)
Your MySQL server version: 3.23.58

Apache error log

Code: Select all

[Sat Mar 19 20:21:20 2005] [error] [client 192.168.10.10] Premature end of script headers: zms, referer: http://192.168.10.35/zm/index.php?view=watchfeed&mode=&mid=1&scale=100
[client 192.168.10.10] PHP Notice:  import_request_variables(): No prefix specified - possible security hazard in /usr/lib/zm/html/zm.php on line 21, referer: http://192.168.10.35/zm/index.php?view=watchstatus&mid=1

Error, insufficient privileges for requested action
[client 192.168.10.10] PHP Notice:  import_request_variables(): No prefix specified - possible security hazard in /usr/lib/zm/html/zm.php on line 21, referer: http://192.168.10.35/zm/index.php?view=watchstatus&mid=1&last_status=

[root@FC2builder root]# ls -l /usr/lib |grep zm
drwxr-xr-x 7 apache apache 4096 Mar 19 17:26 zm
[root@FC2builder root]# ls -l /usr/lib/zm
total 20
drwxr-xr-x 2 apache apache 4096 Mar 19 17:26 bin
drwxr-xr-x 2 apache apache 4096 Mar 19 17:26 cgi-bin
drwxr-xr-x 3 apache apache 4096 Mar 19 17:26 html
drwxr-xr-x 2 apache apache 4096 Mar 19 17:26 init
drwxr-xr-x 2 apache apache 4096 Mar 19 17:26 upgrade
As you can see I even tried to change ownership to apache. I figured it wasn't here.

- Messages log - error_reporting( E_ALL );

Code: Select all

Mar 19 20:35:44 FC2builder zms[4975]: ERR [Error, insufficient privileges for requested action]
Mar 19 20:35:49 FC2builder zmu[4978]: ERR [AA:1]
Mar 19 20:35:54 FC2builder zmu[4981]: ERR [AA:1]
Mar 19 20:36:00 FC2builder zmu[4983]: ERR [AA:1]
Mar 19 20:36:06 FC2builder zmu[4985]: ERR [AA:1]

Debug

PHP Variables

Code: Select all

Variable	Value
_REQUEST["view"]	watch
_REQUEST["mid"]	1
_REQUEST["bandwidth"]	medium
_REQUEST["ZMSESSID"]	40b4266f87b3d39b48cc23221bf60c39
_GET["view"]	watch
_GET["mid"]	1
_COOKIE["bandwidth"]	medium
_COOKIE["ZMSESSID"]	40b4266f87b3d39b48cc23221bf60c39
_SERVER["HTTP_HOST"]	192.168.10.35
_SERVER["HTTP_USER_AGENT"]	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050302 Firefox/1.0.1 Fedora/1.0.1-1.3.2
_SERVER["HTTP_ACCEPT"]	text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
_SERVER["HTTP_ACCEPT_LANGUAGE"]	en-us,en;q=0.5
_SERVER["HTTP_ACCEPT_ENCODING"]	gzip,deflate
_SERVER["HTTP_ACCEPT_CHARSET"]	ISO-8859-1,utf-8;q=0.7,*;q=0.7
_SERVER["HTTP_KEEP_ALIVE"]	300
_SERVER["HTTP_CONNECTION"]	keep-alive
_SERVER["HTTP_REFERER"]	http://192.168.10.35/zm/index.php
_SERVER["HTTP_COOKIE"]	bandwidth=medium; ZMSESSID=40b4266f87b3d39b48cc23221bf60c39
_SERVER["PATH"]	/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
_SERVER["SERVER_SIGNATURE"]	<address>Apache/2.0.51 (Fedora) Server at 192.168.10.35 Port 80</address>
_SERVER["SERVER_SOFTWARE"]	Apache/2.0.51 (Fedora)
_SERVER["SERVER_NAME"]	192.168.10.35
_SERVER["SERVER_ADDR"]	192.168.10.35
_SERVER["SERVER_PORT"]	80
_SERVER["REMOTE_ADDR"]	192.168.10.10
_SERVER["DOCUMENT_ROOT"]	/var/www/html
_SERVER["SERVER_ADMIN"]	root@localhost
_SERVER["SCRIPT_FILENAME"]	/usr/lib/zm/html/index.php
_SERVER["REMOTE_PORT"]	34266
_SERVER["GATEWAY_INTERFACE"]	CGI/1.1
_SERVER["SERVER_PROTOCOL"]	HTTP/1.1
_SERVER["REQUEST_METHOD"]	GET
_SERVER["QUERY_STRING"]	view=watch&mid=1
_SERVER["REQUEST_URI"]	/zm/index.php?view=watch&mid=1
_SERVER["SCRIPT_NAME"]	/zm/index.php
_SERVER["PHP_SELF"]	/zm/index.php
_SERVER["PATH_TRANSLATED"]	/usr/lib/zm/html/index.php
_SERVER["argv"]	

Array
(
    [0] => view=watch&mid=1
)

_SERVER["argc"]	1
_ENV["SELINUX_INIT"]	YES
_ENV["CONSOLE"]	/dev/pts/0
_ENV["TERM"]	linux
_ENV["INIT_VERSION"]	sysvinit-2.85
_ENV["PATH"]	/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
_ENV["RUNLEVEL"]	5
_ENV["runlevel"]	5
_ENV["PWD"]	/
_ENV["LANG"]	en_US.UTF-8
_ENV["PREVLEVEL"]	N
_ENV["previous"]	N
_ENV["SHLVL"]	2
_ENV["_"]	/sbin/initlog

http://cordel.no-ip.info:10000/info.php