From deb12f5613a1351eb78b09f61593eae64005b2d3 Mon Sep 17 00:00:00 2001 From: Peter Keresztes Schmidt Date: Tue, 18 May 2021 00:18:26 +0200 Subject: [PATCH 1/5] Restore GnuTLS support after VLA removal 298415fff3ceac53d3d972700b584c08672f91eb made variables constexpr which led to build failures with GnuTLS. --- src/zm_rtsp_auth.cpp | 19 +++++++++++++------ src/zm_user.cpp | 7 +++++-- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/src/zm_rtsp_auth.cpp b/src/zm_rtsp_auth.cpp index 1a7ea629b..ae05e1e7d 100644 --- a/src/zm_rtsp_auth.cpp +++ b/src/zm_rtsp_auth.cpp @@ -20,6 +20,7 @@ #include "zm_logger.h" #include "zm_utils.h" +#include #include namespace zm { @@ -141,8 +142,10 @@ std::string Authenticator::computeDigestResponse(const std::string &method, cons #if HAVE_DECL_MD5 MD5((unsigned char*)ha1Data.c_str(), ha1Data.length(), md5buf); #elif HAVE_DECL_GNUTLS_FINGERPRINT - gnutls_datum_t md5dataha1 = { (unsigned char*)ha1Data.c_str(), (unsigned int)ha1Data.length() }; - gnutls_fingerprint( GNUTLS_DIG_MD5, &md5dataha1, md5buf, &md5len ); + gnutls_datum_t md5dataha1 = {(unsigned char *) ha1Data.c_str(), (unsigned int) ha1Data.length()}; + size_t md5_len_tmp = md5len; + gnutls_fingerprint(GNUTLS_DIG_MD5, &md5dataha1, md5buf, &md5_len_tmp); + assert(md5_len_tmp == md5len); #endif for ( unsigned int j = 0; j < md5len; j++ ) { sprintf(&md5HexBuf[2*j], "%02x", md5buf[j] ); @@ -156,8 +159,10 @@ std::string Authenticator::computeDigestResponse(const std::string &method, cons #if HAVE_DECL_MD5 MD5((unsigned char*)ha2Data.c_str(), ha2Data.length(), md5buf ); #elif HAVE_DECL_GNUTLS_FINGERPRINT - gnutls_datum_t md5dataha2 = { (unsigned char*)ha2Data.c_str(), (unsigned int)ha2Data.length() }; - gnutls_fingerprint( GNUTLS_DIG_MD5, &md5dataha2, md5buf, &md5len ); + gnutls_datum_t md5dataha2 = {(unsigned char *) ha2Data.c_str(), (unsigned int) ha2Data.length()}; + md5_len_tmp = md5len; + gnutls_fingerprint(GNUTLS_DIG_MD5, &md5dataha2, md5buf, &md5_len_tmp); + assert(md5_len_tmp == md5len); #endif for ( unsigned int j = 0; j < md5len; j++ ) { sprintf( &md5HexBuf[2*j], "%02x", md5buf[j] ); @@ -177,8 +182,10 @@ std::string Authenticator::computeDigestResponse(const std::string &method, cons #if HAVE_DECL_MD5 MD5((unsigned char*)digestData.c_str(), digestData.length(), md5buf); #elif HAVE_DECL_GNUTLS_FINGERPRINT - gnutls_datum_t md5datadigest = { (unsigned char*)digestData.c_str(), (unsigned int)digestData.length() }; - gnutls_fingerprint( GNUTLS_DIG_MD5, &md5datadigest, md5buf, &md5len ); + gnutls_datum_t md5datadigest = {(unsigned char *) digestData.c_str(), (unsigned int) digestData.length()}; + md5_len_tmp = md5len; + gnutls_fingerprint(GNUTLS_DIG_MD5, &md5datadigest, md5buf, &md5_len_tmp); + assert(md5_len_tmp == md5len); #endif for ( unsigned int j = 0; j < md5len; j++ ) { sprintf( &md5HexBuf[2*j], "%02x", md5buf[j] ); diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 95f61da4e..a17db9e0f 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -22,6 +22,7 @@ #include "zm_crypt.h" #include "zm_logger.h" #include "zm_utils.h" +#include #include #if HAVE_GNUTLS_GNUTLS_H @@ -262,8 +263,10 @@ User *zmLoadAuthUser(const char *auth, bool use_remote_addr) { #if HAVE_DECL_MD5 MD5((unsigned char *)auth_key, strlen(auth_key), md5sum); #elif HAVE_DECL_GNUTLS_FINGERPRINT - gnutls_datum_t md5data = { (unsigned char *)auth_key, (unsigned int)strlen(auth_key) }; - gnutls_fingerprint(GNUTLS_DIG_MD5, &md5data, md5sum, &md5len); + gnutls_datum_t md5data = {(unsigned char *) auth_key, (unsigned int) strlen(auth_key)}; + size_t md5_len_tmp = md5len; + gnutls_fingerprint(GNUTLS_DIG_MD5, &md5data, md5sum, &md5_len_tmp); + assert(md5_len_tmp == md5len); #endif unsigned char *md5sum_ptr = md5sum; char *auth_md5_ptr = auth_md5; From c1260028afd85c686dc079331bac0769c3a203b9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 18 May 2021 10:10:19 -0400 Subject: [PATCH 2/5] fix warnings not being displayed --- web/skins/classic/views/js/monitor.js.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/skins/classic/views/js/monitor.js.php b/web/skins/classic/views/js/monitor.js.php index 6b0ac3b87..3a1493909 100644 --- a/web/skins/classic/views/js/monitor.js.php +++ b/web/skins/classic/views/js/monitor.js.php @@ -45,6 +45,7 @@ rtspStreamNames[\''.validJsStr($row['RTSPStreamName']).'\'] = true; function validateForm( form ) { var errors = new Array(); + var warnings = new Array(); if ( form.elements['newMonitor[Name]'].value.search( /[^\w\-\.\(\)\:\/ ]/ ) >= 0 ) errors[errors.length] = ""; @@ -74,7 +75,7 @@ function validateForm( form ) { } else if ( form.elements['newMonitor[Type]'].value == 'Ffmpeg' ) { if ( !form.elements['newMonitor[Path]'].value ) { errors[errors.length] = ""; - } else if ( form.elements['newMonitor[Path]'].value.match( /[\!\*'\(\)\$ ,#\[\]]/) ) { + } else if (form.elements['newMonitor[Path]'].value.match(/[\!\*'\(\)\$ ,#\[\]]/)) { warnings[warnings.length] = ""; } @@ -162,7 +163,6 @@ function validateForm( form ) { return false; } - var warnings = new Array(); if ( (form.elements['newMonitor[Function]'].value != 'Monitor') && (form.elements['newMonitor[Function]'].value != 'None') ) { if ( (form.elements['newMonitor[SaveJPEGs]'].value == '0') && (form.elements['newMonitor[VideoWriter]'].value == '0') ) { warnings[warnings.length] = ""; From fffe72a3fa6c187f029a2223d45b065ab1b0e56a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 18 May 2021 10:51:29 -0400 Subject: [PATCH 3/5] Split calculateAuthHash out from generateAuthHash. API is sessionless, so we just want provide a means of getting the auth hash without caching or do anything else fancy with it. --- web/includes/auth.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index 224f88abf..7e85e4ba2 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -208,6 +208,14 @@ function getAuthUser($auth) { return null; } // end getAuthUser($auth) +function calculateAuthHash($remoteAddr) { + global $user; + $local_time = localtime(); + $authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$remoteAddr.$local_time[2].$local_time[3].$local_time[4].$local_time[5]; + #ZM\Debug("Generated using hour:".$local_time[2] . ' mday:' . $local_time[3] . ' month:'.$local_time[4] . ' year: ' . $local_time[5] ); + return md5($authKey); +} + function generateAuthHash($useRemoteAddr, $force=false) { global $user; if (ZM_OPT_USE_AUTH and (ZM_AUTH_RELAY == 'hashed') and isset($user['Username']) and isset($user['Password']) and isset($_SESSION)) { @@ -218,16 +226,8 @@ function generateAuthHash($useRemoteAddr, $force=false) { # Appending the remoteAddr prevents us from using an auth hash generated for a different ip if ($force or ( !isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) or ( $_SESSION['AuthHashGeneratedAt'] < $mintime )) { + $auth = calculateAuthHash($useRemoteAddr?$_SESSION['remoteAddr']:''); # Don't both regenerating Auth Hash if an hour hasn't gone by yet - $local_time = localtime(); - $authKey = ''; - if ($useRemoteAddr) { - $authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$_SESSION['remoteAddr'].$local_time[2].$local_time[3].$local_time[4].$local_time[5]; - } else { - $authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$local_time[2].$local_time[3].$local_time[4].$local_time[5]; - } - #ZM\Debug("Generated using hour:".$local_time[2] . ' mday:' . $local_time[3] . ' month:'.$local_time[4] . ' year: ' . $local_time[5] ); - $auth = md5($authKey); $_SESSION['AuthHash'.$_SESSION['remoteAddr']] = $auth; $_SESSION['AuthHashGeneratedAt'] = $time; # Because we don't write out the session, it shouldn't actually get written out to disk. However if it does, the GeneratedAt should protect us. From 8c7e00418700afe6f299c02d6bdb5b6df91d624f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 18 May 2021 10:52:07 -0400 Subject: [PATCH 4/5] Use calculateAuthHash instead of generateAuthHash because we are sessionless and improve output on success and failure. Fixes #2329 --- web/api/app/Controller/MonitorsController.php | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/web/api/app/Controller/MonitorsController.php b/web/api/app/Controller/MonitorsController.php index 4ecca6236..eb4eecf1f 100644 --- a/web/api/app/Controller/MonitorsController.php +++ b/web/api/app/Controller/MonitorsController.php @@ -266,7 +266,7 @@ class MonitorsController extends AppController { if ( $mToken ) { $auth = ' -T '.$mToken; } else if ( ZM_AUTH_RELAY == 'hashed' ) { - $auth = ' -A '.generateAuthHash(ZM_AUTH_HASH_IPS); + $auth = ' -A '.calculateAuthHash(ZM_AUTH_HASH_IPS?$_SERVER['REMOTE_ADDR']:''); } else if ( ZM_AUTH_RELAY == 'plain' ) { # Plain requires the plain text password which must either be in request or stored in session $password = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass');; @@ -290,12 +290,19 @@ class MonitorsController extends AppController { } $shellcmd = escapeshellcmd(ZM_PATH_BIN."/zmu $verbose -m$id $q $auth"); - $status = exec ($shellcmd); - - $this->set(array( - 'status' => $status, - '_serialize' => array('status'), - )); + $status = exec($shellcmd, $output, $rc); + if ($status) { + $this->set(array( + 'status'=>$rc, + 'error'=>$output, + '_serialize' => array('status','error'), + )); + } else { + $this->set(array( + 'status' => 'Ok', + '_serialize' => array('status'), + )); + } } // Check if a daemon is running for the monitor id From 63501843460247ae0c0759e700a005c452b4f732 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 18 May 2021 11:12:37 -0400 Subject: [PATCH 5/5] Add Event_Summary model so that it is included in monitor listing --- web/api/app/Model/Event_Summary.php | 49 +++++++++++++++++++++++++++++ web/api/app/Model/Monitor.php | 5 +++ 2 files changed, 54 insertions(+) create mode 100644 web/api/app/Model/Event_Summary.php diff --git a/web/api/app/Model/Event_Summary.php b/web/api/app/Model/Event_Summary.php new file mode 100644 index 000000000..b9395ab1b --- /dev/null +++ b/web/api/app/Model/Event_Summary.php @@ -0,0 +1,49 @@ + array( + 'numeric' => array( + 'rule' => array('numeric'), + //'message' => 'Your custom message here', + //'allowEmpty' => false, + //'required' => false, + //'last' => false, // Stop validation after this rule + //'on' => 'create', // Limit validation to 'create' or 'update' operations + ), + ), + ); +} diff --git a/web/api/app/Model/Monitor.php b/web/api/app/Model/Monitor.php index 1a80fed41..cc4ef1375 100644 --- a/web/api/app/Model/Monitor.php +++ b/web/api/app/Model/Monitor.php @@ -134,6 +134,11 @@ class Monitor extends AppModel { 'className' => 'Monitor_Status', 'foreignKey' => 'MonitorId', 'joinTable' => 'Monitor_Status', + ), + 'Event_Summary' => array( + 'className' => 'Event_Summary', + 'foreignKey' => 'MonitorId', + 'joinTable' => 'Event_Summaries', ) );