windows viewer and 1.21.4

jameswilson · Post by **jameswilson** » Tue Nov 22, 2005 7:21 pm

Phil or anyone wo knows
I have just upgraded my home server to 1.21.4 and my viewer stopped working with it.
But if i change ZM_AUTH_Relay to plain all is ok.
Now obviously this is fine and dandy but does that mean that zm itself will use plain authentication when accessing things?

If so i need to modify the viewer the request a hash every so often
So am i right (please tell me im not LOL)
how would i go about requesting a hash pass and how often do i need to do this to keep the viwer going for days on end?

James

BTW WHAT AN UPGRADE
the timeline thing is amazing and i now have more options than i understand!

Post by **zoneminder** » Wed Nov 23, 2005 10:24 am

Does it work if you use hashed authentication but turn off the include IP option? What method did the viewer use before?

Phil

jameswilson · Post by **jameswilson** » Wed Nov 23, 2005 11:46 am

the viewer uses zms to get images and adds the current user name and password to the end of the url
ie user=stream&pass=stream
On the old one if i had hashed authetication on i could still request images with plain but all window urls would show hashed auth not plain

James

Post by **zoneminder** » Wed Nov 23, 2005 1:01 pm

Hmm, how did you generate the hashes?

Phil

jameswilson · Post by **jameswilson** » Wed Nov 23, 2005 1:15 pm

i didnt i thought about it ie generating a hash at login and at regular intervals and sending that instead but decided the benifit was to small for the effort involved.
The reson i found this was i upgraded my server at home and could no longer see my cams in my viewer so i changed auth to plain, restarted then i could. But now i assume that zm will use plain auth internally as well? What i was wondering is can i keep using hashed auth internally on zm but use plain or hashed to access zms?

Post by **zoneminder** » Wed Nov 23, 2005 1:42 pm

I'm a bit confused now

Can you give an example of a url that used to work and now doesn't? If it has hashes in it, those hashes should only be valid for a short period of time so if they kept working then something would have been wrong.

Phil

Post by **cordel** » Wed Nov 23, 2005 1:49 pm

I'm pretty sure he loged in like so:
http://192.168.10.20/cgi-bin/zm/zms?mod ... zmuserpass

Regards,
Cordel

Post by **zoneminder** » Wed Nov 23, 2005 1:58 pm

Ah, I get it now I think. So basically even if hashed authentication was selected it would let you use plaintext? Yes, I suspect I may have blatted that in zms. I did the same in zmu and then restored it but I hadn't considered that anyone might use zms like that. I'll put it back in 1.21.5 which won't be too long. In the meantime I can post a patch if you like. Actually I'll do it anyway.

Code: Select all

--- zms.cpp	20 Oct 2005 15:42:40 -0000	1.37
+++ zms.cpp	23 Nov 2005 13:50:14 -0000
@@ -116,14 +116,14 @@
 				ttl = atoi(value);
 			else if ( config.opt_use_auth )
 			{
-				if ( strcmp( config.auth_relay, "hashed" ) == 0 )
+				//if ( strcmp( config.auth_relay, "hashed" ) == 0 )
 				{
 					if ( !strcmp( name, "auth" ) )
 					{
 						strncpy( auth, value, sizeof(auth) );
 					}
 				}
-				else if ( strcmp( config.auth_relay, "plain" ) == 0 )
+				//else if ( strcmp( config.auth_relay, "plain" ) == 0 )
 				{
 					if ( !strcmp( name, "user" ) )
 					{

Phil

jameswilson · Post by **jameswilson** » Wed Nov 23, 2005 2:04 pm

thanks Phil.
Ill wait for 1.21.5 as im still just on rpms i need to sit down an dlearn how to do all this patching and compliling ec.

BTW will 1.21.5 have the alarm status thing on it too?

Post by **zoneminder** » Wed Nov 23, 2005 2:15 pm

Yes. If you want anything else in there as well don't forget to ask!

Phil

jameswilson · Post by **jameswilson** » Wed Nov 23, 2005 2:20 pm

will do
Just a thought is it possible to query the bd through html commands, im just thinking that i will have a load of querires about playback not working when i replease that ug, beacuse people would need to allow mysql to accept external ip conns and create the relevant user and permissions hosts etc.

Post by **cordel** » Wed Nov 23, 2005 2:25 pm

how hard would it be to have as an option? I know that the options window is getting a bit busy so maybe for more spacific things like this could just be placed in zm.conf. Since most users will want it say hashed through all modules any one else could overide small things like this as it's more administative there no need to have it accessable in the web page.

Just a thought

Cordel

jameswilson · Post by **jameswilson** » Wed Nov 23, 2005 2:28 pm

Corey,
Im thinking of having a tabbed option page now as its getting a bit out of control (your ganna need a 21" monitor soon)
Problem is i cant handle hased auth from my app at the mo. It wouldnt be too hard to add (i dont think) as all id need to do is request a hash from the zm box and stire it and pass that instead. Id also need to update the hash at whatever freq as i beleive it times out.
So its not even availabel as an option at the mo and the only security risk is if the used pass has a high level access to zm and its packet sniffed as its not displayed anywhere in the app, just processed internally

jameswilson · Post by **jameswilson** » Wed Nov 23, 2005 2:30 pm

So are you using this viewer corey?

Post by **cordel** » Wed Nov 23, 2005 3:03 pm

I haven't really got anything to run it on

All my windooze machines disapeared

They all sucome to a higher power (well and a few got fried in a recent storm).
I want too. I'll have to load it on my laptop. It could use being powered on any way