Merge branch 'master' of github.com:ZoneMinder/zoneminder

This commit is contained in:
Isaac Connor 2019-12-02 13:42:07 -05:00
commit 16698b8a82
1 changed files with 28 additions and 32 deletions

View File

@ -249,16 +249,11 @@ class MonitorsController extends AppController {
// where C=on|off|status
public function alarm() {
$id = $this->request->params['named']['id'];
$cmd = strtolower($this->request->params['named']['command']);
if ( !$this->Monitor->exists($id) ) {
throw new NotFoundException(__('Invalid monitor'));
}
if ( $cmd != 'on' && $cmd != 'off' && $cmd != 'status' ) {
throw new BadRequestException(__('Invalid command'));
}
$zm_path_bin = Configure::read('ZM_PATH_BIN');
$mToken = $this->request->query('token') ? $this->request->query('token') : null;
$cmd = strtolower($this->request->params['named']['command']);
switch ($cmd) {
case 'on':
$q = '-a';
@ -272,42 +267,43 @@ class MonitorsController extends AppController {
$verbose = ''; // zmu has a bug - gives incorrect verbose output in this case
$q = '-s';
break;
default :
throw new BadRequestException(__('Invalid command'));
}
// form auth key based on auth credentials
$this->loadModel('Config');
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_AUTH'));
$config = $this->Config->find('first', $options);
$zmOptAuth = $config['Config']['Value'];
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_RELAY'));
$config = $this->Config->find('first', $options);
$zmAuthRelay = $config['Config']['Value'];
$auth = '';
if ( $zmOptAuth ) {
if ($mToken) {
if ( ZM_OPT_USE_AUTH ) {
global $user;
$mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token');;
if ( $mToken ) {
$auth = ' -T '.$mToken;
}
elseif ( $zmAuthRelay == 'hashed' ) {
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_HASH_SECRET'));
$config = $this->Config->find('first', $options);
$zmAuthHashSecret = $config['Config']['Value'];
} else if ( ZM_AUTH_RELAY == 'hashed' ) {
$auth = ' -A '.generateAuthHash(ZM_AUTH_HASH_IPS);
} else if ( ZM_AUTH_RELAY == 'plain' ) {
# Plain requires the plain text password which must either be in request or stored in session
$password = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass');;
if ( !$password )
$password = $this->request->query('password') ? $this->request->query('password') : $this->request->data('password');
$time = localtime();
$ak = $zmAuthHashSecret.$this->Session->Read('username').$this->Session->Read('passwordHash').$time[2].$time[3].$time[4].$time[5];
$ak = md5($ak);
$auth = ' -A '.$ak;
} else if ( $zmAuthRelay == 'plain' ) {
$auth = ' -U ' .$this->Session->Read('username').' -P '.$this->Session->Read('password');
} else if ( $zmAuthRelay == 'none' ) {
$auth = ' -U ' .$this->Session->Read('username');
if ( ! $password ) {
# during auth the session will have been populated with the plaintext password
$stateful = $this->request->query('stateful') ? $this->request->query('stateful') : $this->request->data('stateful');
if ( $stateful ) {
$password = $_SESSION['password'];
}
} else if ( $_COOKIE['ZMSESSID'] ) {
$password = $_SESSION['password'];
}
$auth = ' -U ' .$user['Username'].' -P '.$password;
} else if ( ZM_AUTH_RELAY == 'none' ) {
$auth = ' -U ' .$user['Username'];
}
}
$shellcmd = escapeshellcmd("$zm_path_bin/zmu $verbose -m$id $q $auth");
$shellcmd = escapeshellcmd(ZM_PATH_BIN."/zmu $verbose -m$id $q $auth");
$status = exec ($shellcmd);
$this->set(array(