ZoneMinder Forums

ZoneMinder Forums
https://forums.zoneminder.com/

zms[5287]: ERR [Unable to authenticate user]

https://forums.zoneminder.com/viewtopic.php?t=4044

Page 4 of 4

Posted: Tue Jan 25, 2005 10:10 am
by cordel
FYI-
FedoraCore3 (all standard packages from the cd with updates)
ZM 1.20.0-2 rpm
PHP Version 4.3.10
_REQUEST["ZMSESSID"] c2584bdb5a4415eba109a49aaf39c791
_REQUEST["testing"] 1
_REQUEST["sid"] 47cb8a039ffca1b03d99f00248d2a5ad
_COOKIE["ZMSESSID"] c2584bdb5a4415eba109a49aaf39c791
_COOKIE["testing"] 1
_COOKIE["sid"] 47cb8a039ffca1b03d99f00248d2a5ad
_SERVER["HTTP_HOST"] localhost
_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0
_SERVER["HTTP_ACCEPT"] text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
_SERVER["HTTP_ACCEPT_LANGUAGE"] en-us,en;q=0.5
_SERVER["HTTP_ACCEPT_ENCODING"] gzip,deflate
_SERVER["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,*;q=0.7
_SERVER["HTTP_KEEP_ALIVE"] 300
_SERVER["HTTP_CONNECTION"] keep-alive
_SERVER["HTTP_COOKIE"] ZMSESSID=c2584bdb5a4415eba109a49aaf39c791; testing=1; sid=47cb8a039ffca1b03d99f00248d2a5ad
_SERVER["PATH"] /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
_SERVER["SERVER_SIGNATURE"] <address>Apache/2.0.52 (Fedora) Server at localhost Port 80</address>
_SERVER["SERVER_SOFTWARE"] Apache/2.0.52 (Fedora)


With Oskins patch...
If I select to use passwords (authenticate) and hashed ( weither the hashed secret has a value or not) every thing works.
But If I don't chose hashed for method no video.
If I chose not to authenticate I get no video.

Posted: Tue Jan 25, 2005 3:15 pm
by rdmelin
Is there a different version of php between 10.0 and 10.1?
10.0 uses php 4.3.4, 10.1 uses 4.3.8. I checked /etc/php.ini and made sure that all settings are the same on both systems.
Do you know if the userLogin function gets caled at all, and what it is passed if it is?
How would I go about checking this?

Final solution?

Posted: Wed Jan 26, 2005 9:39 am
by tek
So if i am reading everything right, patching the source with oskins patches fixes things as long as your doing hashed authentication. correct?
Anything else does not work in some fashion?
Acceptable for how i need to deploy it, just have to start all over again and save only my config with the few changes i have already done i guess.

Posted: Wed Jan 26, 2005 11:11 am
by oskin
The patch corrects such parts of a code which work equally for hashed and for plain.

Serg.

Help Applying Patch

Posted: Wed Jan 26, 2005 6:15 pm
by skydiver
For us newbies out here:
Could you step through all the steps neccessary to apply the patch without having to drop the database and do a complete new install?

If not possible or if it is preferable, for clean install what would I need to remove to have a clean system for a new re-installation?

Through out the thread, I saw several code snippets, could you repost the final, official patch again, I am confused as to what needed to be patched and which was the final patch.

Thanks,
Skydiver

Posted: Wed Jan 26, 2005 8:23 pm
by oskin
Could you step through all the steps neccessary to apply the patch without having to drop the database and do a complete new install?
I always check operation zm " as new install " and " as upgrade from previous version ". If all works correctly I do rpm package and with his help I update zm on production computer. In all cases the patch eliminated a problem. I.e. anything to clean or delete it is not necessary, enough to apply a patch and to execute "make install".
If not possible or if it is preferable, for clean install what would I need to remove to have a clean system for a new re-installation?
If you need to get "clean system" IMHO it is necessary to delete all installed files (make uninstall?) and database zm (mysqladmin drop zm).
Through out the thread, I saw several code snippets, could you repost the final, official patch again, I am confused as to what needed to be patched and which was the final patch.
http://www.zoneminder.com/forums/viewto ... =6284#6284 "Posted: Sun Jan 23, 2005 7:12 pm"

RE: Help Applying patch

Posted: Wed Jan 26, 2005 11:20 pm
by skydiver
OK, so a clean re-install.
  • [morgans@video ~/downloads> rm -Rf zm-1.20.0
    [morgans@video ~/downloads> tar zxvf zm-1.20.0.tar.gz
Then I created a patch file containing the following:

Code: Select all

--- zm-1.20.0/src/zm_user.cpp.orig      2005-01-23 22:56:32.981747061 +0300
+++ zm-1.20.0/src/zm_user.cpp   2005-01-23 23:47:33.140934710 +0300
@@ -106,7 +106,7 @@
 User *zmLoadUser( const char *username, const char *password )
 {
        char sql[BUFSIZ] = "";
-       snprintf( sql, sizeof(sql), "select Username, Password, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", username, password );
+       snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", username, password );

        if ( mysql_query( &dbconn, sql ) )
        {
@@ -151,7 +151,7 @@
        }

        char sql[BUFSIZ] = "";
-       snprintf( sql, sizeof(sql), "select Username, Password, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Enabled = 1" );
+       snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Enabled = 1" );

        if ( mysql_query( &dbconn, sql ) )
        {
@@ -202,7 +202,7 @@

                        MD5( (unsigned char *)auth_key, strlen(auth_key), md5sum );
                        auth_md5[0] = '\0';
-                       for ( int j = 0; j < strlen((const char *)md5sum); j++ )
+                       for ( int j = 0; j < MD5_DIGEST_LENGTH; j++ )
                        {
                                sprintf( auth_md5+strlen(auth_md5), "%02x", md5sum[j] );
                        }
I saved this to ~/downloads/zm-1.20.0/zm_user_patch and applied the patch:
  • [morgans@video ~/downloads> cd to ~/downloads/zm-1.20.0
    [morgans@video ~/downloads/zm-1.20.0> patch -p1 <zm_user_patch
    patching file src/zm_user.cpp
    Hunk #1 FAILED at 106.
    Hunk #2 FAILED at 151.
    Hunk #3 FAILED at 202.
    3 out of 3 hunks FAILED -- saving rejects to file src/zm_user.cpp.rej
[/list][/list]
Contents of src/zm_user.cpp.rej:

Code: Select all

[morgans@video ~/downloads/zm-1.20.0> cat src/zm_user.cpp.rej
***************
*** 106,112 ****
  User *zmLoadUser( const char *username, const char *password )
  {
         char sql[BUFSIZ] = "";
-        snprintf( sql, sizeof(sql), "select Username, Password, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", username, password );

         if ( mysql_query( &dbconn, sql ) )
         {
--- 106,112 ----
  User *zmLoadUser( const char *username, const char *password )
  {
         char sql[BUFSIZ] = "";
+        snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", username, password );

         if ( mysql_query( &dbconn, sql ) )
         {
***************
*** 151,157 ****
         }

         char sql[BUFSIZ] = "";
-        snprintf( sql, sizeof(sql), "select Username, Password, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Enabled = 1" );

         if ( mysql_query( &dbconn, sql ) )
         {
--- 151,157 ----
         }

         char sql[BUFSIZ] = "";
+        snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Enabled = 1" );

         if ( mysql_query( &dbconn, sql ) )
         {
***************
*** 202,208 ****

                         MD5( (unsigned char *)auth_key, strlen(auth_key), md5sum );
                         auth_md5[0] = '\0';
-                        for ( int j = 0; j < strlen((const char *)md5sum); j++ )
                         {
                                 sprintf( auth_md5+strlen(auth_md5), "%02x", md5sum[j] );
                         }
--- 202,208 ----

                         MD5( (unsigned char *)auth_key, strlen(auth_key), md5sum );
                         auth_md5[0] = '\0';
+                        for ( int j = 0; j < MD5_DIGEST_LENGTH; j++ )
                         {
                                 sprintf( auth_md5+strlen(auth_md5), "%02x", md5sum[j] );
                         }
What next please?

Thanks

Skydiver

Posted: Thu Jan 27, 2005 12:05 am
by oskin
Oops! I have understood in what a problem. At the publication of a patch here all Tab characters were replaced on 8xSpace. :( Try to download a file with a patch: http://oskin.ru/zm/zm-1.20.0-authfix.patch

Posted: Thu Jan 27, 2005 2:40 am
by cordel
For the most part every thing works as long as you set authentication on.
I think that ZMS process is also trying to authenticate even if authentication is checked or not. Resulting in no video streaming since ZMS is still trying to authenticate when the option is not set.

Posted: Thu Jan 27, 2005 9:00 am
by oskin
Yes, it so. I have checked up it and have found an error in zms.cpp:

Code: Select all

--- zm-1.20.0/src/zms.cpp.orig  2005-01-27 11:20:04.876854026 +0300
+++ zm-1.20.0/src/zms.cpp       2005-01-27 11:21:19.813798099 +0300
@@ -141,12 +141,15 @@
        {
                user = zmLoadAuthUser( auth );
        }
-       if ( !user )
+       if ( (bool)config.Item( ZM_OPT_USE_AUTH ) )
        {
-               Error(( "Unable to authenticate user" ));
-               return( -1 );
+               if ( !user )
+               {
+                       Error(( "Unable to authenticate user" ));
+                       return( -1 );
+               }
+               ValidateAccess( user, id );
        }
-       ValidateAccess( user, id );

        setbuf( stdout, 0 );
        if ( nph )
WARNING!!! Don't use this patch by copy&paste. Download full patch from http://oskin.ru/zm/zm-1.20.0-authfix.patch
Or use rpm packages:
ftp://oskin.ru/pub/linux/RedHat/MyRPMS/ ... C3.src.rpm
ftp://oskin.ru/pub/linux/RedHat/MyRPMS/ ... 3.i386.rpm
ftp://oskin.ru/pub/linux/RedHat/MyRPMS/ ... 3.i386.rpm

Posted: Thu Jan 27, 2005 9:32 am
by zoneminder
I think this is already fixed in 1.20.1. That's probably a better version to be moving on with from now.

Phil

1.20.1?

Posted: Thu Jan 27, 2005 12:14 pm
by tek
I notice its not on the download site yet. How long before it is?
prefer to not do the patch if it is going to happen soon.
TIA
Tnt

Posted: Thu Jan 27, 2005 12:35 pm
by zoneminder
I'm not making it freely available yet in case there's something not fixed in there. Also I've not updated the docs. You should be able to guess the url for it though if you want to download it.

Phil
All times are UTC
Page 4 of 4

Powered by phpBB® Forum Software © phpBB Limited