Page 1 of 2
windows viewer and 1.21.4
Posted: Tue Nov 22, 2005 7:21 pm
by jameswilson
Phil or anyone wo knows
I have just upgraded my home server to 1.21.4 and my viewer stopped working with it.
But if i change ZM_AUTH_Relay to plain all is ok.
Now obviously this is fine and dandy but does that mean that zm itself will use plain authentication when accessing things?
If so i need to modify the viewer the request a hash every so often
So am i right (please tell me im not LOL)
how would i go about requesting a hash pass and how often do i need to do this to keep the viwer going for days on end?
James
BTW WHAT AN UPGRADE
the timeline thing is amazing and i now have more options than i understand!
Posted: Wed Nov 23, 2005 10:24 am
by zoneminder
Does it work if you use hashed authentication but turn off the include IP option? What method did the viewer use before?
Phil
Posted: Wed Nov 23, 2005 11:46 am
by jameswilson
the viewer uses zms to get images and adds the current user name and password to the end of the url
ie user=stream&pass=stream
On the old one if i had hashed authetication on i could still request images with plain but all window urls would show hashed auth not plain
James
Posted: Wed Nov 23, 2005 1:01 pm
by zoneminder
Hmm, how did you generate the hashes?
Phil
Posted: Wed Nov 23, 2005 1:15 pm
by jameswilson
i didnt i thought about it ie generating a hash at login and at regular intervals and sending that instead but decided the benifit was to small for the effort involved.
The reson i found this was i upgraded my server at home and could no longer see my cams in my viewer so i changed auth to plain, restarted then i could. But now i assume that zm will use plain auth internally as well? What i was wondering is can i keep using hashed auth internally on zm but use plain or hashed to access zms?
Posted: Wed Nov 23, 2005 1:42 pm
by zoneminder
I'm a bit confused now
Can you give an example of a url that used to work and now doesn't? If it has hashes in it, those hashes should only be valid for a short period of time so if they kept working then something would have been wrong.
Phil
Posted: Wed Nov 23, 2005 1:49 pm
by cordel
Posted: Wed Nov 23, 2005 1:58 pm
by zoneminder
Ah, I get it now I think. So basically even if hashed authentication was selected it would let you use plaintext? Yes, I suspect I may have blatted that in zms. I did the same in zmu and then restored it but I hadn't considered that anyone might use zms like that. I'll put it back in 1.21.5 which won't be too long. In the meantime I can post a patch if you like. Actually I'll do it anyway.
Code: Select all
--- zms.cpp 20 Oct 2005 15:42:40 -0000 1.37
+++ zms.cpp 23 Nov 2005 13:50:14 -0000
@@ -116,14 +116,14 @@
ttl = atoi(value);
else if ( config.opt_use_auth )
{
- if ( strcmp( config.auth_relay, "hashed" ) == 0 )
+ //if ( strcmp( config.auth_relay, "hashed" ) == 0 )
{
if ( !strcmp( name, "auth" ) )
{
strncpy( auth, value, sizeof(auth) );
}
}
- else if ( strcmp( config.auth_relay, "plain" ) == 0 )
+ //else if ( strcmp( config.auth_relay, "plain" ) == 0 )
{
if ( !strcmp( name, "user" ) )
{
Phil
Posted: Wed Nov 23, 2005 2:04 pm
by jameswilson
thanks Phil.
Ill wait for 1.21.5 as im still just on rpms i need to sit down an dlearn how to do all this patching and compliling ec.
BTW will 1.21.5 have the alarm status thing on it too?
Posted: Wed Nov 23, 2005 2:15 pm
by zoneminder
Yes. If you want anything else in there as well don't forget to ask!
Phil
Posted: Wed Nov 23, 2005 2:20 pm
by jameswilson
will do
Just a thought is it possible to query the bd through html commands, im just thinking that i will have a load of querires about playback not working when i replease that ug, beacuse people would need to allow mysql to accept external ip conns and create the relevant user and permissions hosts etc.
Posted: Wed Nov 23, 2005 2:25 pm
by cordel
how hard would it be to have as an option? I know that the options window is getting a bit busy so maybe for more spacific things like this could just be placed in zm.conf. Since most users will want it say hashed through all modules any one else could overide small things like this as it's more administative there no need to have it accessable in the web page.
Just a thought
Cordel
Posted: Wed Nov 23, 2005 2:28 pm
by jameswilson
Corey,
Im thinking of having a tabbed option page now as its getting a bit out of control (your ganna need a 21" monitor soon)
Problem is i cant handle hased auth from my app at the mo. It wouldnt be too hard to add (i dont think) as all id need to do is request a hash from the zm box and stire it and pass that instead. Id also need to update the hash at whatever freq as i beleive it times out.
So its not even availabel as an option at the mo and the only security risk is if the used pass has a high level access to zm and its packet sniffed as its not displayed anywhere in the app, just processed internally
Posted: Wed Nov 23, 2005 2:30 pm
by jameswilson
So are you using this viewer corey?
Posted: Wed Nov 23, 2005 3:03 pm
by cordel
I haven't really got anything to run it on
All my windooze machines disapeared
They all sucome to a higher power (well and a few got fried in a recent storm).
I want too. I'll have to load it on my laptop. It could use being powered on any way
