Merge branch 'master' into fix_out_of_files_in_encoding

This commit is contained in:
Isaac Connor 2021-05-18 17:16:35 -04:00
commit 574adf0d1d
7 changed files with 97 additions and 26 deletions

View File

@ -20,6 +20,7 @@
#include "zm_logger.h"
#include "zm_utils.h"
#include <cassert>
#include <cstring>
namespace zm {
@ -141,8 +142,10 @@ std::string Authenticator::computeDigestResponse(const std::string &method, cons
#if HAVE_DECL_MD5
MD5((unsigned char*)ha1Data.c_str(), ha1Data.length(), md5buf);
#elif HAVE_DECL_GNUTLS_FINGERPRINT
gnutls_datum_t md5dataha1 = { (unsigned char*)ha1Data.c_str(), (unsigned int)ha1Data.length() };
gnutls_fingerprint( GNUTLS_DIG_MD5, &md5dataha1, md5buf, &md5len );
gnutls_datum_t md5dataha1 = {(unsigned char *) ha1Data.c_str(), (unsigned int) ha1Data.length()};
size_t md5_len_tmp = md5len;
gnutls_fingerprint(GNUTLS_DIG_MD5, &md5dataha1, md5buf, &md5_len_tmp);
assert(md5_len_tmp == md5len);
#endif
for ( unsigned int j = 0; j < md5len; j++ ) {
sprintf(&md5HexBuf[2*j], "%02x", md5buf[j] );
@ -156,8 +159,10 @@ std::string Authenticator::computeDigestResponse(const std::string &method, cons
#if HAVE_DECL_MD5
MD5((unsigned char*)ha2Data.c_str(), ha2Data.length(), md5buf );
#elif HAVE_DECL_GNUTLS_FINGERPRINT
gnutls_datum_t md5dataha2 = { (unsigned char*)ha2Data.c_str(), (unsigned int)ha2Data.length() };
gnutls_fingerprint( GNUTLS_DIG_MD5, &md5dataha2, md5buf, &md5len );
gnutls_datum_t md5dataha2 = {(unsigned char *) ha2Data.c_str(), (unsigned int) ha2Data.length()};
md5_len_tmp = md5len;
gnutls_fingerprint(GNUTLS_DIG_MD5, &md5dataha2, md5buf, &md5_len_tmp);
assert(md5_len_tmp == md5len);
#endif
for ( unsigned int j = 0; j < md5len; j++ ) {
sprintf( &md5HexBuf[2*j], "%02x", md5buf[j] );
@ -177,8 +182,10 @@ std::string Authenticator::computeDigestResponse(const std::string &method, cons
#if HAVE_DECL_MD5
MD5((unsigned char*)digestData.c_str(), digestData.length(), md5buf);
#elif HAVE_DECL_GNUTLS_FINGERPRINT
gnutls_datum_t md5datadigest = { (unsigned char*)digestData.c_str(), (unsigned int)digestData.length() };
gnutls_fingerprint( GNUTLS_DIG_MD5, &md5datadigest, md5buf, &md5len );
gnutls_datum_t md5datadigest = {(unsigned char *) digestData.c_str(), (unsigned int) digestData.length()};
md5_len_tmp = md5len;
gnutls_fingerprint(GNUTLS_DIG_MD5, &md5datadigest, md5buf, &md5_len_tmp);
assert(md5_len_tmp == md5len);
#endif
for ( unsigned int j = 0; j < md5len; j++ ) {
sprintf( &md5HexBuf[2*j], "%02x", md5buf[j] );

View File

@ -22,6 +22,7 @@
#include "zm_crypt.h"
#include "zm_logger.h"
#include "zm_utils.h"
#include <cassert>
#include <cstring>
#if HAVE_GNUTLS_GNUTLS_H
@ -262,8 +263,10 @@ User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
#if HAVE_DECL_MD5
MD5((unsigned char *)auth_key, strlen(auth_key), md5sum);
#elif HAVE_DECL_GNUTLS_FINGERPRINT
gnutls_datum_t md5data = { (unsigned char *)auth_key, (unsigned int)strlen(auth_key) };
gnutls_fingerprint(GNUTLS_DIG_MD5, &md5data, md5sum, &md5len);
gnutls_datum_t md5data = {(unsigned char *) auth_key, (unsigned int) strlen(auth_key)};
size_t md5_len_tmp = md5len;
gnutls_fingerprint(GNUTLS_DIG_MD5, &md5data, md5sum, &md5_len_tmp);
assert(md5_len_tmp == md5len);
#endif
unsigned char *md5sum_ptr = md5sum;
char *auth_md5_ptr = auth_md5;

View File

@ -266,7 +266,7 @@ class MonitorsController extends AppController {
if ( $mToken ) {
$auth = ' -T '.$mToken;
} else if ( ZM_AUTH_RELAY == 'hashed' ) {
$auth = ' -A '.generateAuthHash(ZM_AUTH_HASH_IPS);
$auth = ' -A '.calculateAuthHash(ZM_AUTH_HASH_IPS?$_SERVER['REMOTE_ADDR']:'');
} else if ( ZM_AUTH_RELAY == 'plain' ) {
# Plain requires the plain text password which must either be in request or stored in session
$password = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass');;
@ -290,12 +290,19 @@ class MonitorsController extends AppController {
}
$shellcmd = escapeshellcmd(ZM_PATH_BIN."/zmu $verbose -m$id $q $auth");
$status = exec ($shellcmd);
$this->set(array(
'status' => $status,
'_serialize' => array('status'),
));
$status = exec($shellcmd, $output, $rc);
if ($status) {
$this->set(array(
'status'=>$rc,
'error'=>$output,
'_serialize' => array('status','error'),
));
} else {
$this->set(array(
'status' => 'Ok',
'_serialize' => array('status'),
));
}
}
// Check if a daemon is running for the monitor id

View File

@ -0,0 +1,49 @@
<?php
App::uses('AppModel', 'Model');
/**
* Event_Summary Model
*
*/
class Event_Summary extends AppModel {
/**
* Use table
*
* @var mixed False or table name
*/
public $useTable = 'Event_Summaries';
/**
* Primary key field
*
* @var string
*/
public $primaryKey = 'MonitorId';
/**
* Display field
*
* @var string
*/
public $displayField = 'MonitorId';
public $recursive = -1;
/**
* Validation rules
*
* @var array
*/
public $validate = array(
'MonitorId' => array(
'numeric' => array(
'rule' => array('numeric'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
);
}

View File

@ -134,6 +134,11 @@ class Monitor extends AppModel {
'className' => 'Monitor_Status',
'foreignKey' => 'MonitorId',
'joinTable' => 'Monitor_Status',
),
'Event_Summary' => array(
'className' => 'Event_Summary',
'foreignKey' => 'MonitorId',
'joinTable' => 'Event_Summaries',
)
);

View File

@ -208,6 +208,14 @@ function getAuthUser($auth) {
return null;
} // end getAuthUser($auth)
function calculateAuthHash($remoteAddr) {
global $user;
$local_time = localtime();
$authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$remoteAddr.$local_time[2].$local_time[3].$local_time[4].$local_time[5];
#ZM\Debug("Generated using hour:".$local_time[2] . ' mday:' . $local_time[3] . ' month:'.$local_time[4] . ' year: ' . $local_time[5] );
return md5($authKey);
}
function generateAuthHash($useRemoteAddr, $force=false) {
global $user;
if (ZM_OPT_USE_AUTH and (ZM_AUTH_RELAY == 'hashed') and isset($user['Username']) and isset($user['Password']) and isset($_SESSION)) {
@ -218,16 +226,8 @@ function generateAuthHash($useRemoteAddr, $force=false) {
# Appending the remoteAddr prevents us from using an auth hash generated for a different ip
if ($force or ( !isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) or ( $_SESSION['AuthHashGeneratedAt'] < $mintime )) {
$auth = calculateAuthHash($useRemoteAddr?$_SESSION['remoteAddr']:'');
# Don't both regenerating Auth Hash if an hour hasn't gone by yet
$local_time = localtime();
$authKey = '';
if ($useRemoteAddr) {
$authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$_SESSION['remoteAddr'].$local_time[2].$local_time[3].$local_time[4].$local_time[5];
} else {
$authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$local_time[2].$local_time[3].$local_time[4].$local_time[5];
}
#ZM\Debug("Generated using hour:".$local_time[2] . ' mday:' . $local_time[3] . ' month:'.$local_time[4] . ' year: ' . $local_time[5] );
$auth = md5($authKey);
$_SESSION['AuthHash'.$_SESSION['remoteAddr']] = $auth;
$_SESSION['AuthHashGeneratedAt'] = $time;
# Because we don't write out the session, it shouldn't actually get written out to disk. However if it does, the GeneratedAt should protect us.

View File

@ -45,6 +45,7 @@ rtspStreamNames[\''.validJsStr($row['RTSPStreamName']).'\'] = true;
function validateForm( form ) {
var errors = new Array();
var warnings = new Array();
if ( form.elements['newMonitor[Name]'].value.search( /[^\w\-\.\(\)\:\/ ]/ ) >= 0 )
errors[errors.length] = "<?php echo translate('BadNameChars') ?>";
@ -74,7 +75,7 @@ function validateForm( form ) {
} else if ( form.elements['newMonitor[Type]'].value == 'Ffmpeg' ) {
if ( !form.elements['newMonitor[Path]'].value ) {
errors[errors.length] = "<?php echo translate('BadPath') ?>";
} else if ( form.elements['newMonitor[Path]'].value.match( /[\!\*'\(\)\$ ,#\[\]]/) ) {
} else if (form.elements['newMonitor[Path]'].value.match(/[\!\*'\(\)\$ ,#\[\]]/)) {
warnings[warnings.length] = "<?php echo translate('BadPathNotEncoded') ?>";
}
@ -162,7 +163,6 @@ function validateForm( form ) {
return false;
}
var warnings = new Array();
if ( (form.elements['newMonitor[Function]'].value != 'Monitor') && (form.elements['newMonitor[Function]'].value != 'None') ) {
if ( (form.elements['newMonitor[SaveJPEGs]'].value == '0') && (form.elements['newMonitor[VideoWriter]'].value == '0') ) {
warnings[warnings.length] = "<?php echo translate('BadNoSaveJPEGsOrVideoWriter'); ?>";